Washington, DC: the latest from the 3rd Annual Billington International CyberSecurity Summit
Existential threats and ambivalence about innovation: a view from Singapore (The CyberWIre) A small highly connected nation walks a fine line between risk and reward in cyberspace.
The global threat landscape. (The CyberWire) Increasingly, it's about like-minded states being threatened by unlike-minded states.
Plans, exercises, and lessons learned. (The CyberWire) Practice makes perfect, just the way it does in any team sport.
How an alliance evolves in cyberspace: a perspective from NATO (The CyberWire) NATO has developed an approach to cyberspace that takes it seriously as an operational domain.
Almost open mic: quick takes on current concerns. (The CyberWire) A fast-moving panel of experts shared their thoughts on a range of cybersecurity topics.
Cyber Attacks, Threats, and Vulnerabilities
Iranians hacked thousands of US professors, Justice Dept. says (CNN) The Trump administration alleged that Iranian government-linked hackers broke into the accounts of roughly 8,000 professors to steal massive amounts of data and intellectual property.
Iran-linked Hackers Adopt New Data Exfiltration Methods (SecurityWeek) An Iran-linked cyber-espionage group has been using new malware and data exfiltration techniques in recent attacks.
Did hackers lead warplanes to Syrian hospital after targeting British surgeon's computer? (Graham Cluley) BBC Newsnight broadcast phone number of surgeons working in war-torn Aleppo… and then the hospital was bombed.
Cyber-Terrorism Set to Be Top Threat by 2020 (Infosecurity Magazine) State-sponsored terrorist groups, organized criminals, hacktivists and hackers will work together in various collaborations.
Terrorism in Cyberspace with Prof. Gabriel Weimann (SoundCloud) Prof. Gabriel Weimann, a leading expert on modern terror and mass media, discusses “Terrorism in Cyberspace.”
Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers (TrendLabs Security Intelligence Blog) Through our incident response-related monitoring, we observed intrusion attempts whose indicators we’ve been able to correlate to a previous cryptocurrency-mining campaign that used the JenkinsMiner malware. The difference: this campaign targets Linux servers.
Pop-up Ads and Over a Hundred Sites are Helping Distribute Botnets, Cryptocurrency Miners and Ransomware (TrendLabs Security Intelligence Blog) The Trend Micro Cyber Safety Solutions team has been tracking a potentially unwanted app (PUA) distribution campaign that installs PUA software downloaders.
Malware leverages web injects to empty users' cryptocurrency accounts (Help Net Security) Criminals trying to get their hands on victims' cryptocurrency stashes are trying out various approaches. The latest one includes equipping malware with Man-in-the-Browser capabilities so they can hijack online accounts and perform fraudulent transactions on the fly.
Thousands of servers found leaking 750MB worth of passwords and keys (Ars Technica) Leaky etcd servers could be a boon to data thieves and ransomware scammers.
The password to your IoT device is just a Google search away (Naked Security) Researchers at Ben-Gurion University were often able to find default passwords in under 30 minutes with a simple Google search.
How Siri leaks your private iPhone messages, and how to stop her (Naked Security) A Brazilian Mac magazine found how to bypass your iPhone lockscreen via Siri – so here’s how to stop her reading messages she shouldn’t.
Atlanta city government systems down due to ransomware attack [Updated] (Ars Technica) FBI called in as some city services are interrupted, employees told to turn off PCs.
Cyberattack hits Atlanta computers | 'Everyone who has done business' with city may be at risk (WXIA) In a story first reported by 11Alive, Mayor Keisha Lance Bottoms says, 'We don't know the extent of the attack."
GhostMiner Uses Fileless Techniques, Removes Other Miners, But Makes Only $200 (BleepingComputer) Security researchers from Minerva Labs have discovered a new strain of cryptocurrency-mining malware that uses PowerShell code to obtain fileless execution, and scans and stops the process of other miners that might be running on the same infected host.
New cross-platform backdoor 'Qrypter' RAT gaining prominence among hackers (SC Media UK) Security researchers have revealed how a Java-based remote access tool dubbed
Hackers leave ransom note after wiping out MongoDB in 13 seconds (HackRead) Hackers have been exploiting unprotected MongoDB based servers but in this incident, hackers left a ransom note after wiping out MongoDB in just 13 seconds.
Online Sandboxing: A Stash for Exfiltrated Data? (Dark Reading) SafeBreach researchers extend leaky sandbox research to show how services like VirusTotal and Hybrid Analysis could be used to steal data from air-gapped systems.
Security Patches, Mitigations, and Software Updates
Apple To Fix Glitch Allowing Siri To Read Hidden Messages Out Loud (Threatpost) Apple has confirmed a privacy bug in it iPhone that allows the Siri voice assistant to read out messages from locked screens – even if the messages are hidden.
Drupal Forewarns ‘Highly Critical’ Bug to be Patched Next Week (Threatpost) Drupal is giving developers ample time to prepare for an update that patches a “highly critical” flaw because exploits might be developed within hours or days of disclosure.
Google's Fix For the Gaffe Behind So Many Data Leaks (WIRED) Human error leads to countless leaky databases. But Google has some new protections in place to help cloud customers better help themselves.
Dropbox revamps vulnerability disclosure policy, with hopes that other companies follow suit (Cyberscoop) Dropbox updated its vulnerability disclosure policy Wednesday, not only looking to clarify its relationship with cybersecurity researchers, but also attempting to set a standard for the rest of the tech industry.…
Windows 10 (Infosecurity Magazine) Webroot's report shows large consumer adoption of Windows 10.
Cyber Trends
State of the web in 2017 (Menlo Security) In 2017, cyber criminals successfully exploited long-held measures of trust, such as site reputation or category, to avoid detection and increase the effectiveness of their attacks. Bottom-line: no website is totally safe.
Cofense Malware Review Covers Trends and Predictions on Malware, Delivery Methods and Trending Attacks (Cofense) Abuse of legitimate software, rapid exploitation of disclosed vulnerabilities and dynamic phishing techniques increase infection rates, according to the report
Cofense Malware Review 2018 (Cofense) Over the past year, three notable malware delivery trends emerged throughout the thousands of phishing campaigns analyzed by Cofense Intelligence.
Firewalls and the Cloud: A Survey of IT Security Professionals Responsible for Cloud Environments (Dimensional Research) Next Generation Firewalls (NGF) are a mainstay of IT security organizations, maintaining a perimeter to protect vital systems and data.
Top cybersecurity evasion and exfiltration techniques used by attackers (Help Net Security) SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders.
Legacy Cybersecurity Defenses Won’t Keep Pace with New Ransomware and Cryptojacking Threats (Webroot) Findings from the 2018 Webroot Threat Report Reveal the Increasing Sophistication of Phishing, Malware, and Cryptojacking
1 in 10 targeted attack groups use malware designed to disrupt (Help Net Security) Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded, according to Symantec.
Ransomware Out, Cryptojacking In (Infosecurity Magazine) 2017 saw a drop in ransom demand and ransomware families, while cryptojacking exploded.
Excessive alerts, outdated metrics, lead to over-taxed security operations centers (Help Net Security) A report from Dr. Chenxi Wang finds that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers.
Malicious apps in app stores decrease 37 percent (Help Net Security) Malicious mobile apps were on the decline in Q4 of 2017 largely due to a decrease in the inventory of AndroidAPKDescargar, the most prolific dealer of blacklisted apps, according to RiskIQ.
Marketplace
Top Security Execs at Google, Facebook, and Twitter Announce Departures (BleepingComputer) In the span of three days, news broke that high-ranking security at executives at three of the Internet's most important tech firms —Google, Facebook, and Twitter— announced plans to leave their respective companies.
Veterans: A Good Bet to Fill the Cybersecurity Skills Gap (Security Boulevard) Based upon data ESG collected in 2017 from a survey of 343 cybersecurity professionals and ISSA members, the cybersecurity skills crisis is causing a widening business problem.
Mozilla stops Facebook advertising, demands privacy changes (Naked Security) It’s probably not top of Mark Zuckerberg’s worry list this week but Mozilla, developer of browser Firefox, is officially unhappy with Facebook.
Advertisers begin a boycott as Facebook gets thumbs down (Times) Leading brands pulled their advertising from Facebook yesterday as a minister warned that the company could face fines of more than £1 billion if it failed to “play by the rules” with users’ data.
All the panic over Facebook is creating a huge buying opportunity, says this bull (MarketWatch) Facebook has had a fairly rough week over the data-leaking fiasco, but Wall Street doesn’t look ready to give up on it. Our call of the day explains why now is the time to buy.
Buyers Biting On Anti-Phishing Security (Forbes) The anti-phishing threat management space has already seen a handful of deals this year, and more could be on the way as phishing, in which hackers try to steal information through email trickery, still pose a threat to businesses.
Dave Wajsgras: Under the radar, reimagining cyber (FCW) Raytheon may be better known for radar systems and weapons platforms, but the 2018 Industry Eagle Award winner has quietly transformed government's IT security landscape.
Swirlds Welcomes Patrick Harding as Senior Vice President of Products (PR Newswire) Swirlds, creators of the hashgraph distributed consensus platform, announced...
Products, Services, and Solutions
New infosec products of the week: March 23, 2018 (Help Net Security) The most important infosec releases of the week come from the following vendors: Gemalto, Trusted Knight, Dome9 Security, Minerva Labs, RedLock, QuintessenceLabs, SecureAuth and Core Security.
Anomali Announces Partnerships With State of Colorado and Multi-State ISAC, Creating a Comprehensive Network for Threat Sharing Across States (BusinessWire) Anomali, the leading provider of threat management and collaboration solutions, announced today that it has partnered with the Multi-State Information
Bricata adds threat hunting to traditional IPS/IDS [Review] (CSO Online) Bricata offers advanced IPS/IDS protection, but also goes a step farther, adding the ability to launch threat hunts based on events, or simply anomalies.
Total Economic Impact of AlienVault USM Threat Detection Platform Revealed (AlienVault) AlienVault®, the leading provider of Unified Security Management® (USM) and crowdsourced
LarkSpear Announces Completion of Engagement for the 2018 Winter Olympic Games and the US Sports ISAO (Lark Spear) LarkSpear, a Columbia, MD based Cybersecurity firm today announced that they have completed an engagement where they conducted significant cyber threat analysis for the 2018 Winter Olympic Games and the US Sports ISAO. The Sports ISAO acting as the cyber threat information...
Shivaami and Graphus Partner to Protect Indian Companies (Graphus) Shivaami, is a Premier Partner of Google Cloud and Microsoft Gold partner in India and Graphus is a cloud application security company.
Vivaldi browser puts DuckDuckGo as default search engine for private windows (HackRead) DuckDuckGo search engine and Vivaldi browser are joining hands together to collaborate and enable a new feature that will protect users privacy like none other.
Stay Out of Trouble When Traveling Abroad With These Apps (WIRED) Floods. Thieves. Hackers. Tackle any situation with these mobile assistants.
DPO-as-a-Service Options Pop Up as GDPR Deadline Looms (Infosecurity Magazine) Appointing a data protection officer is a mandatory requirement under the GDPR regardless of the size of the organization.
Technologies, Techniques, and Standards
NIST Helps Facilitate First-Ever Spectrum Sharing Between Military and Commercial Wireless Users (NIST) For the past three years, an important broker has had its eyes on a prime piece of property that it wants to allocate...
Hunting Cybercriminals with AWS Honey Tokens (Dark Reading) Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
Automatic Hunting for Malicious Files Crossing your Network (SANS Internet Storm Center) If classic security controls remain mandatory (antivirus, IDS, etc), it is always useful to increase your capacity to detect suspicious activities occurring in your networks.
Worried About Being on Facebook? Some Options Explained (SecurityWeek) A snowballing Facebook scandal over the hijacking of personal data from millions of its users has many wondering whether it's time to restrict access to their Facebook information or even leave the social network altogether.
How to Manage All of Facebook's Privacy and Security Settings (WIRED) Despite the repeated privacy lapses, Facebook offers a fairly robust set of tools to control who knows what about you.
Is Application Security Dead? (Dark Reading) The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
How DoD can integrate cyber into battle plans (Fifth Domain) The services are working to staff new cyber planning cells at the combatant commands to help integrate cyber into traditional military operations.
Academia
5 Universities Partner to Combat Cyber Security Threats (US News and World Report) Five Big Ten Academic Alliance institutions have partnered to help enhance the schools' cyber security.
Legislation, Policy, and Regulation
May’s EU allies prepare to expel Russian diplomats (Times) Russia’s spy networks across Europe were under threat last night as at least five EU countries prepared to follow Britain and expel diplomats in response to the Salisbury poisoning. The move came...
Why wait for the elusive tipping point in cyber? (Institute for Defence Studies and Analyses) The UNGGE process is the least bad option to keep open channels and maintain continued focus on securing cyberspace.
How the U.S. Can Play Cyber-Offense (Foreign Affairs) In cyberwarfare, Washington should recognize that the best defense is a good offense.
Trump announces $60 billion tariff on Chinese high-tech and other goods (TechCrunch) Following months of investigations by the U.S. Trade Representative Robert Lighthizer, the Trump administration announced today at a White House briefing that the administration intends to place tariffs on about $60 billion of Chinese goods, with the bulk of them likely to be focused on the high-t…
Senators introduced revised version of election cyber bill (TheHill) Revised legislation still aims to bolster information sharing between feds, state officials, and provide grants for more secure digital election infrastructure.
Trump Chooses Bolton for 3rd Security Adviser as Shake-Up Continues (New York Times) President Trump named John R. Bolton, a hard-line former American ambassador to the United Nations, to replace Lt. Gen. H.R. McMaster.
Bolton may herald rightward shift in Trump's foreign policy (Military Times) John Bolton, President Donald Trump’s incoming national security adviser — and his third to date — is a divisive foreign policy figure who was an unabashed supporter of the Iraq war and advocates regime change in Iran.
Litigation, Investigation, and Law Enforcement
EXCLUSIVE: ‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer (The Daily Beast) Robert Mueller’s team has taken over the investigation of Guccifer 2.0, who communicated with (and was defended by) longtime Trump adviser Roger Stone.
Fresh Cambridge Analytica Revelations on Election Hacking, Facebook Faces FTC Investigation (Infosecurity Magazine) Fresh criticisms about Cambridge Analytica's actions have been made.
Cambridge Analytica’s Nix recalled by fake news probe (TechCrunch) Stock up on the popcorn — the currently suspended CEO of the firm at the center of a data handling and political ad-targeting storm currently embroiling Facebook, Cambridge Analytica, has been recalled by a UK parliamentary committee that’s running a probe into the impact of fake news b…
Why I Took Legal Action Against Cambridge Analytica (Motherboard) If I win, I can show the world a voter file with 5,000 data points the company compiled. I can show others where that information came from, how to request the information for yourself, and how to opt-out. If I win, everybody wins.
It's Too Late (Motherboard) After the Cambridge Analytica fiasco, Mark Zuckerberg says Facebook is taking steps to secure data given to third-party applications. But it's already been stolen and laundered.
Sheryl Sandberg says Facebook leadership should have spoken sooner, is open to regulation (TechCrunch) The days of silence from Facebook’s top executives after the company banned the political advisory service Cambridge Analytica from its platform were a mistake, according to Sheryl Sandberg. In a brief interview on CNBC, Sandberg said that the decision for her and company chief executive and …
Key Takeaways From Mark Zuckerberg’s Facebook Media Blitz (WIRED) Mark Zuckerberg made the rounds Wednesday, apologizing for Facebook's failure to protect your data. Here are the highlights.
Opinion | Let’s take a deep breath about Facebook’s ‘breach of trust’ (Washington Post) Yes, the social network needs to improve itself. But social media is all about exchanging information.
Opinion | Yes, we should be outraged about Facebook (Washington Post) We need to confront conflicts between the public interest and the ways that social media companies make their profits.
How Facebook Went From 'Ideal Way' to Reach Voters to Being 'Weaponized' (Washington Free Beacon) Imagine a political campaign using social media to learn your spending habits, look at your web browsing history, get your cell phone number.
Trump’s Russia probe lawyer John Dowd resigns (POLITICO) The departure comes amid a larger shakeup of the legal team handling the Mueller investigation.
San Diego City Attorney announces lawsuit against Experian over massive data breach (10News) Credit bureau Experian is being blamed for a data breach that exposed the personal information of millions of Californians.
NY High Court Hears Arguments on What Evidence Is Required to Establish ID Theft (New York Law Journal) The state's Court of Appeals on Thursday heard oral arguments in a pair of cases concerning what evidence is necessary to establish identity theft.
Crime Stoppers, Kaspersky Lab partner in joint cybersecurity social media campaign (CRN Australia) Aiming to educate the public on online crime.