We're working to improve the quality, relevance and overall value of the CyberWire’s content, and so we’ve put together a short audience survey that should take five minutes or less to complete. This survey is (obviously, we needn't add, but will) completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire swag at the end.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
BlueKeep proof-of-concept exploit developed. EU's Moscow embassy hacked over two years. Russian info ops, GPS spoofing. Obnoxious ad plug-in.
Ars Technica and others report that Risk Sense has a BlueKeep proof-of-concept exploit.
The EU's mission to Moscow suffered a long-running "sophisticated cyber espionage event" that began in February 2017 and continued through its discovery in April, BuzzFeed reports. Russian organizations, probably intelligence services, are believed to be behind the attack, which netted the hackers an undisclosed haul of information. The EU did not disclose the incident, evidently not wishing to roil political waters on the eve of European elections.
Symantec's report on Russian influence operations in the 2016 US elections reveals Moscow's efforts to have been more extensive, more patient, and more balanced, ideologically, than previously assumed. A core group of main accounts (often bogus news services) was supported by a very large number of auxiliary accounts responsible for amplification. Messaging was designed to appeal to left and right roughly equally, with the most disaffected partisans most heavily targeted.
C4ISRNET suggests a possible motive for Russian GPS spoofing in the Black Sea: executive protection against drones. The incidents were highly correlated with President Putin's movements.
Lookout finds the advertising plug-in "BeiTaAd" in a lot of Google Play apps—about 230. This is more than just mildly irritating: BeiTaAd uses obfuscation normally seen in malware to obtrude itself into users' attention, yammering wildly across lockscreens, hooting video ads while the phone's supposed to be asleep, and so on. More than 440-million devices are believed to be infested. BeiTaAd can be hyperactive enough to render a phone effectively unusable, Threatpost comments.
Today's issue includes events affecting Australia, Canada, China, European Union, France, Israel, Russia, United Kingdom, United States, and and Vietnam.
Bring your own context.
Is it possible to devise a security system that can't be defeated by inventive human laziness, more or less well-intentioned, but still at bottom ergophobic? What about this blockchain thing we've heard about?
"Basically, the way you interact with the blockchain is you have a secret, which is known as a private key. If you're the holder of that private key, you can commit funds to the blockchain and you can take funds out. The private key is basically like a PIN number to your bank account. If anybody is able to get that private key, they can steal your funds. I was researching one day how exactly your private key is generated, and during my research, I found that people were using the private key of 1. The private key is supposed to be 78 digits long... But, you know, somebody decided, hey, let's use 77 digits, all of those being zero, and then the last digit is 1. So, effectively, they had the private key of 1. And if you go in and look at that address that's generated from a private key of 1, you'll see thousands of transactions committed to that key. So there've been lots of people interacting and colliding using this shared private key."
—Adrian Bednarek, senior security analyst at Independent Security Evaluators, hipping everyone to Ethercombing on Reserch Saturday's 6.1.19 edition.
What? Technically, seventy-seven zeroes followed by a one is seventy-eight digits, right? So what's the problem? Next time make it seventy-seven ones and a zero. What? That wouldn't do it either? There's no pleasing this blockchain thing...
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the ISC Stormcast podcast) discusses the implications of Google's throwing its weight behind MTA-STS, a protocol intended to make e-mail more secure. Our guest, Josh Stella from Fugue, talks about security and compliance in cloud infrastructure.
In case you missed it, Recorded Future's latest podcast, produced in partnership with the CyberWire, is also up. This episode, #110, deals with "Advocating OWASP, Securing Elections, and Standing Your Ground." The featured guest is Tanya Janca, senior cloud advocate at Microsoft,
And, of course, Hacking Humans is out. In this episode, "The best way to break in is to walk through the front door," Joe describes one of history’s great con artists, Victor Lustig, who sold the Eiffel Tower. Twice. Dave shares a story from a listener involving a UPS tracking number scam. The catch of the day involves am attempted romance scam on the XBOX platform. Dave interviews Sherri Davidoff, CEO of LMG Security and the hacker named “Alien” in Jeremy Smith’s Breaking and Entering. She has her own book coming out later this year, Data Breaches: Crisis and Opportunity.