BadRabbit misdirection? Fancy Bear's wish list. US to indict Russians in DNC hack? GhostWriter, breaches, bother misconfigured AWS S3 buckets.

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: Ukraine hit by stealthier phishing attacks during BadRabbit strike (Reuters) Hackers tried to access confidential data in powerful but stealthy phishing attacks launched in parallel with an eyeball-grabbing ransomware strike called BadRabbit last week, the head of the Ukrainian state cyber police said on Thursday.

NotPetya was nastier than WannaCry ransomware, say experts (IT PRO) The malware tops the list of 2017's worst ransomware outbreaks

'Fancy Bear' Tried To Hack E-Mail Of Ukrainian Making Artillery-Guidance App (RadioFreeEurope/RadioLiberty) An officer who developed an artillery-guidance app used by the Ukrainian military in its fight against Moscow-backed separatists was among the members of Ukraine's political and military elite targeted by a hacking group with alleged links to Russian security services.

Russia hackers had targets worldwide, beyond US election (Fifth Domain) There is detailed forensic evidence pointing to the close alignment between the hackers and the Russian government, exposing an operation that stretched back years and tried to break into the inboxes of 4,700 Gmail users across the globe, according to a previously unpublished digital hit list obtained by The Associated Press.

Fancy Bear Pens the Worst Blog Posts Ever (ThreatConnect) ThreatConnect reviews continuing Fancy Bear activity targeting citizen journalism organization Bellingcat and identifies a new tactic leveraging Blogspot to mask their credential harvesting links.

Meet the french researcher the Shadow Brokers keep calling out (Cyberscoop) A 29-year-old French security researcher and entrepreneur, Matthieu Suiche is one of the foremost experts when it comes to the peculiar group.

Russian Federation Cybersecurity Report (Anomali) Whether the perpetrators or the victims, the Russian Federation is often linked to cyber activities in the news. The Russian Federation was recently hit with a ransomware attack called Bad Rabbit (research conducted by Luis Mendieta, Threat Analytics Team), which security professionals theorize was a retaliation for ransomware known as Petya. Evidence was also recently released indicating that the Russian government used private Russian company Kaspersky Labs’ technology to steal

Apple Warned About Evil Wi-Fi Attack That Installs Malware On iPhones (Forbes) Apple's security team is having a busy week thanks to Wi-Fi issues.

What We Can Learn From KRACK WiFi Loophole (PYMNTS.com) Only you can prevent forest fires. And, as the KRACK WiFi vulnerability perhaps demonstrated, only you can prevent hackers from worming their way into your networks and devices, as even established security measures that are presumed to be stable may not be as secure as we think. As much as consumers, organizations and retailers rely […]

GhostWriter AWS Issue Impacts Thousands of Amazon S3 Buckets (eSecurity Planet) Affected buckets are owned by major news sites, popular retailers and leading ad networks.

Skyhigh Discovers GhostWriter: MITM Exposure In Cloud Storage Services (Skyhigh) As the cloud increasingly becomes the de-facto source of computing and storage resources for websites and applications, we are seeing new types of exposure

Another AWS configuration error exposes Dow Jones customer data (TechGenix) At least 2.2 million Dow Jones & Co. clients had their information exposed because of an AWS configuration error — an error that may be far too common.

Malaysian Data Breach Could Affect Entire Population (Infosecurity Magazine) Over 46 million records found their way onto the dark web

50K Australians Exposed in Server Misconfig Snafu (Infosecurity Magazine) It is the country’s largest data breach since the Red Cross leaks.

Hackers Stole $150,000 from Cryptocurrency Wallets Using CryptoShuffler Trojan (HackRead) Popular cryptocurrency wallets are under threat currently as the notorious CryptoShuffler Trojan is stealing cryptocurrencies. According to the findings of

Russian Hacker Exploits GTA 5 PC Mod to Install Cryptocurrency Miner (HackRead) Gamers were delighted with the release of world’s second most popular video game Grand Theft Auto V (GTA 5) released by Rockstar North. It was in every way

Devilish ONI Attacks in Japan Use Wiper to Cover Tracks (Threatpost) The ONI ransomware attacks targeting organizations in Japan are also dropping wiper malware which is being used to delete logs and cover the attackers' tracks.

Popular USB Audio Driver Ships With Root Certificate, Big Security No-No (BleepingComputer) The Savitech USB audio driver installation package will install a root CA certificate into the Windows trusted root certificate store, in an incident that's reminiscent of the Superfish and eDellRoot episodes from 2015 and 2016, respectively.

Social Engineer Spills Tricks of the Trade (Dark Reading) A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.

Are the Good Guys as Dangerous as the Bad Guys – an Almost Catastrophic Failure of the Transmission Grid (Control Global) A security group at a large utility with experience only scanning data center assets scanned a number of critical transmission substations. The scanning cut all communication between hundreds of relays and SCADA was unaware.

Someone at Twitter 'Inadvertently' Deactivated Donald Trump's Account for 11 Minutes (Motherboard) According to the social media company this was 'human error by a Twitter employee.'

Taking HTTPS Denial to an Absurd Level (Threatpost) Researcher Troy Hunt discovers as far as the internet has come in adopting HTTPS it still has a ways to go.

Cyber Trends

The Future of Cybersecurity Part II: The Need for Automation (CSO Online) CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership.

Three-Quarters of Americans Concerned About Identity Theft During Holiday Shopping Season (Generali) A vast majority of Americans say their willingness to do business with a retailer during this holiday shopping season would be impacted if the retailer experienced a data breach in the past, according to a consumer survey conducted by Generali Global Assistance (“GGA” or “the Company”), a leader ...

Marketplace

Fifteen-year-old Black Duck Software gets its exit, selling to Synopsys for $565 million (TechCrunch) Black Duck Software, a 15-year-old company whose products automate the process of securing and managing open-source software -- including detecting license..

Carbon Black plans to go public in 2018, say sources (Boston Business Journal) After buying a Boston-based startup for $100 million in 2016, the Waltham cybersecurity firm is finally getting ready to trade publicly.

Dragos unveils new global headquarters as part of the company's continued expansion (PRNewswire) Dragos opened the doors to its new global offices in Hanover MD this week.

Broadcom Trumpets Plans to Domicile to the US as Brocade Deal Lin (SDxCentral) Broadcom said it plans to move its official corporate headquarters from Singapore to the U.S. as its pending acquisition of Brocade lingers.

Products, Services, and Solutions

NinjaRMM Partners with Ivanti to Simplify and Automate Patching Processes for Managed Service Providers (Ivanti) Ivanti patch management technology integrated within the NinjaRMM platform

Netwrix Auditor 9.5 Enables Organizations to Identify, Assess and Reduce Risks to IT Infrastructure and Data (Netwrix) Upgraded Netwrix Auditor improves detection of threat actors and security gaps in hybrid environments.

Cygilant Launches New Vulnerability and Patch Management Subscription Service to Support and Equip Lean IT Teams to Effectively Stop Cyber Threats and Exploits (PRWeb) Cygilant’s industry-first ‘One Vendor’ approach to vulnerability and patch management aims to streamline workflows; speeding cyber threat response times and lowering cost of ownership

Forensiq Releases Next Generation Fraud Detection Algorithm (PRNewswire) Forensiq, a global leader in ad fraud detection and prevention, today...

Bromium Helps London’s Metropolitan Police Investigate and Convict Cyber Criminals, Increasing Protection for Citizens and BusinessesMetropolitan Police Cybercrime Unit, FALCON, to use Bromium to... (Business Insider) Bromium®, Inc., the pioneer and leader in virtualisation-based enterprise security that stops advanced malware attacks, today announced that the Metropolitan Police Cybercrime Unit (FALCON) has deployed Bromium to rapidly investigate and mitigate cybercrime impacting businesses and the public in London.

Technologies, Techniques, and Standards

The Sometimes Forgotten Foundation for the OODA Loop - the Human (Security Week) Applying the OODA loop to cybersecurity will help accelerate the process of translating threat data into action

Design and Innovation

Researcher: ‘We Should Be Worried’ This Computer Thought a Turtle Was a Gun (Motherboard) The once-theoretical problem of "adversarial objects" just got real.

The Bots That Are Changing Politics (Motherboard) A taxonomy of politibots, a swelling force in global elections that cannot be ignored.

Security vs. convenience? IoT requires another level of thinking about risk (Ars Technica) Op-ed: Devices like Amazon Key put too much risk assessment on users; bad decisions follow.

Research and Development

China on path to eclipse US with AI, warns Alphabet (C4ISRNET) One of America's leading technologists says China is eroding the U.S. artificial intelligence edge.

Legislation, Policy, and Regulation

Chinese Hacking Efforts More Strategic, Less Noisy (BleepingComputer) Chinese hackers, once some of the most careless and noisy hackers around, have become very careful and much more strategic at choosing the targets they go after.

Army, Navy cyber teams say they’re ready to go ... a year early (Fifth Domain) Army Cyber Command and Fleet Cyber Command announced their cyber mission force teams have achieved full operational capability a year ahead of schedule.

Navy Cyber Mission Force Teams Achieve Full Operational Capability (U.S. DEPARTMENT OF DEFENSE) U.S. Fleet Cyber Command/U.S. 10th Fleet officials announced that all of the Navy’s Cyber Mission Force teams achieved full operational capability last month, almost a full year ahead of schedule.

Active Army cyber teams fully operational a year-plus ahead of schedule (DVIDS) U.S. Army Cyber Command (ARCYBER) announced today that all of the Army’s Cyber Mission Force teams achieved full operational capability (FOC) at the end of September, 2017, more than a year ahead of schedule.

Is legislation key to security in IoT? ((ISC)² Blog) (ISC)² Community weighs in on Cyber Shield Act of 2017 Senator Ed Markey (D-Mass) has long been concerned about securing new technology as it bleeds into our everyday lives. In 2015, Sen. Markey, a member of the Commerce, Science and Transportation Committee, released the report, Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk. Since then, smart cars have made frequent headlines, which has had the residual effect of bringing securing connecting cars to front of mind for the auto industry. We posed the question, “What do you think?” to members of the (ISC)² Community, and received...

Call to Arms on Cybersecurity for Industrial Control (EETimes) Made especially visible by May's worldwide WannaCry ransomware attacks, the security and cybersecurity of industrial control and automation systems have become a topic that can't safely be ignored.

Gangs, States and 'Geeks' Behind Canada Cyberattacks: Minister (Security Week) Cyberattacks on Canadian government computers by what a minister described Tuesday as gangsters, rogue states and "geeks in basements" are on the rise, but are also failing more, according to a report.

NY AG Proposes Stricter Data Security Laws Citing Equifax Breach (New York Law Journal) Attorney General Eric Schneiderman is proposing comprehensive legislation to tighten state data security laws and expand data protections for New York residents in the aftermath of the Equifax breach that compromised 8 million New Yorkers among 145.5 million Americans.

Information protection policy in Belarus hailed as effective (Belorussian Telegraph Agency) Alexander Shumilin remarked that the third state science and technology program on information protection for 2016-2020 is underway in Belarus.

Litigation, Investigation, and Law Enforcement

Bin Laden files back up US claims on Iran ties to al-Qaida (Sacramento Bee) CIA release of bin Laden files renews interest in Iran's support of network leading up to Sept. 11 terror attacks.

US Investigators Identify Russian State DNC Hackers (Infosecurity Magazine) US Investigators Identify Russian State DNC Hackers. Prosecutors said to be preparing charges

Under pressure, social media giants acknowledge meddling (Fifth Domain) Admissions and disclosures from Facebook, Twitter and Google over the last several months have given congressional investigators one of their first real wins in the Russia probes.

DWS, Perkins Coie May Have Engaged CrowdStrike Instead Of FBI Without Consulting DNC Officers (The Daily Caller) Rep. Debbie Wasserman Schultz, the former head of the Democratic National Committee, did not tell the DNC's own officers about a breach on its servers for more than a month after learning about it, ac

Former Yahoo CEO, Equifax CEO to testify at Senate hearing (Reuters) Former Yahoo Chief Executive Marissa Mayer and the current and former CEOs of Equifax Inc (EFX.N) will testify before a U.S. Senate panel on Nov. 8 on two massive data breaches, the committee said Wednesday.

Malware Dev Who Used Spam Botnet to Pay for College Gets No Prison Time (BleepingComputer) A Pittsburgh judge sentenced a malware dev to two years probation and no prison time for his involvement with a spam botnet.

Police Arrest Suspect in #LeakTheAnalyst Mandiant Hacking Incident (BleepingComputer) Law enforcement authorities have arrested an individual believed to be behind Operation #LeakTheAnalyst that took place over the summer.

Internet cryptography plan, police exam letter found in accused Baton Rouge serial killer home (The Advocate) A Baton Rouge police officer found instructions for searching the web anonymously through a "state of the art cryptography tool" during a search of accused killer Kenneth Gleason's house, according

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, Dec 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, Dec 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government and private sector decision makers, buyers, and influencers in order to meet and do business and to advance resilience against cyber attack.

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, Dec 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive comprehensive guidance and best practices for establishing and managing an Insider Threat Program. Anyone concerned with employee threat identification and mitigation will gain valuable knowledge from attending meetings. This meeting will focus on human resources interaction with an insider threat program and behavioral indicators of insider threat.

cyberSecure (New York, New York, USA, Dec 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate leaders from multiple function areas who help shape policies, risk management strategy, compliance programs, and an organization’s cyber-incident response playbook. This two day event is designed to educate in-house counsel, compliance and privacy officers, risk managers, and CIO/CISOs about the current cybersecurity challenges affecting your business continuity.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, Nov 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, Nov 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems. The conference will also promote essential collaboration between decision makers and technology experts, in order to streamline solutions to resist cyber threats and attacks.

INsecurity (National Harbor, Maryland, USA, Nov 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

INsecurity (National Harbor, Maryland, USA, Nov 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

AutoMobility LA (Los Angeles, California, USA, Nov 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, Nov 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity building. The fifth conference, planned to be the biggest in magnitude, shall take place at New Delhi, India on 23-24 November 2017.

Aviation Cyber Security (London, England, UK, Nov 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, Security Operations Centres and much more as we further develop our collective insight in how we can mitigate risk and develop resilient end to end networks capable of delivering safety and value to all stakeholders.

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, Nov 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets on cyber security products and services. Currently, the cost to Mexico's overall economy imposed by cyber attacks is more than US$3 billion. The country is a manufacturing powerhouse and is increasingly implementing automated processes. It is also highly integrated with the global financial system.

Federal IT Security Conference (Columbia, Maryland, USA, Nov 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Sector (Toronto, Ontario, Canada, Nov 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Countermeasure (Ottawa, Ontario, Canada, Nov 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, Nov 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, Nov 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

Fourth Annual JLCW Conference (New York, New York, USA, Nov 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues.

Cyber Southwest (Tucson, Arizona, USA, Nov 9, 2017) CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona's developing leadership in cybersecurity. Cyber Southwest is an annual event, and a platform for training and education, for the region's core areas of Healthcare, Education, Government, Military, Intelligence, Law Enforcement, and Homeland Security.

SINET Showcase 2017 (Washington, DC, USA, Nov 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event showcases the SINET 16, the annual list of the most innovative young companies in the industry.