The CyberWire Daily Briefing, 9.6.19

Special Section

News from the 10th Annual Billington CyberSecurity Summit

The 10th annual Billington CyberSecurity Summit concluded yesterday in Washington, DC. Here are a few highlights from yesterday's sessions.

Warfighting in the fifth domain. Major General Dennis Crall, US Marine Corps, presently serving as Deputy Principal Cyber Advisor and Senior Military Advisor for Cyber Policy in the Department of Defense, framed military cyber policy thusly: "This is all about outcomes." He offered three salient considerations for US military cyber policy:

"Lethality." This has three aspects: authorities (and these need to be not only the right ones to authorize sound operations, but they also need to be "deep enough" to enable forethought and anticipation), processes (which need to be repeatable, and to enable operators to use the authorities they've been given), and capabilities (a trained force with the tools necessary to accomplish a mission).
"Partnerships." Such partnerships are both domestic (where partners often have authorities the military lacks) and international (where allies cooperate to share information within a framework that affords a common level of protection).
"Reform." At bottom this is a way of keeping faith and trust by applying scarce resources in the most effective and affordable ways possible.

CISA's vision. It's clear that the 2020 US elections will be the first big test of the Department of Homeland Security's youngest agency. Christopher Krebs, Director of the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, discussed the vision he expressed for CISA at Auburn University earlier this summer. The agency has, he said, five principles of execution and two goals. The principles are:

Operate with the statutory authority to collaboratively lead critical infrastructure protection.
Be results-driven.
Remain risk-focused.
Work consistently with Constitutional rights and national values.
Execute and engage as one agency, in one fight, as one team.

CISA's goals are to "defend today" and "secure tomorrow." The agency's priorities include securing government networks (and this includes rendering appropriate support to state and local governments), securing elections, protecting soft targets and crowded places, and defending industrial control systems. "In 2020, we're going to lead," Krebs concluded, returning to the central challenge of election security. "We're not going to let the Russians or the Chinese in."

Three lessons the United Kingdom has drawn from recent cyber history. Ciaran Martin, CEO of the UK's National Cyber Security Centre, began his talk with an appreciation of the US-UK Special Relationship. He cautioned the audience that as they heard his lessons learned, they must bear in mind that the US and UK, while sharing much history and many values, remain in many respects very different countries. The lessons derive from the realities of the environment in which we live. We're defending open, digital societies. Prosperity is a social concern, and critical infrastructure presents a serious national risk. Cyber security is at base about defending a way of life. We face a formidable set of adversaries. Russia is a determined, aggressive, disruptive opponent. Our commercial environment today is one in which our businesses are under routine, continuous Chinese assault. North Korea and Iran are active and implacably hostile. Transnational cybercrime has become, cumulatively, a grave threat to the digital economy. And state actions have come to have serious collateral effects quite apart from the effects they're designed to have on their intended targets. Both WannaCry and NotPetya illustrate this. Operating in this world has led Martin to three conclusions. First, "Government matters." The Internet is a public good, but well-intentioned calls for public-private partnership have proven a recipe for inaction. Instead, governments should take responsibility for detection, resilience, and making technology safer. Second, we must "think carefully about our own footprints." Cyberspace may be an operations domain, but fundamentally it's a peaceful domain, and we must act with this in mind. Finally, governments need to look to the future, and that means looking for effective deterrence.

The event was widely covered by the media. Some of the stories filed on the Summit are linked below. We'll finish our own coverage of the event early next week. (In the meantime, a quick cautionary pro tip to consumers of news: "crypto" is not necessarily synonymous with "alt-coin," or "cryptocurrency." And that's no secret.)

Summary

By the CyberWire staff

More reports have emerged on China's extensive work to track and monitor its predominantly Muslim Uyghur minority. State security services, Reuters says, have compromised telecommunication network in several Asian countries with a view to keeping track of the activities of Uyghur travelers. The affected networks have been found in, at least, Turkey, Kazakhstan, India, Thailand and Malaysia.

Other notes on Chinese activity focus on what appears to be a systematic effort to turn leaked Equation Group tools to Beijing's operational advantage. A Check Point study of China's Buckeye group (also known as APT3 or UPS team) has followed up earlier work by Symantec and taken a look at Buckeye's Bemstour tool. Check Point concludes, with appropriate reservations about the inevitable uncertainty of such assessments, that Bemstour has adapted the Equation Group's EternalRomance exploit to its own purposes. As the researchers put it in their conclusion, "attack artifacts of a rival (i.e. Equation group) were used as the basis and inspiration for establishing in-house offensive capabilities."

The job search service Monster.com has been affected by a data breach at an unnamed third-party, a recruiting firm that's a Monster customer. TechCrunch notes that Monster did not notify affected individuals of the breach because in their view the data, once sold, becomes the responsibility of that third-party, and Monster says it did notify the errant customer that they had a problem.

A researcher with CSIS Security Group describes "Joker" Android spyware. Computing reports that Joker has been found in twenty-four Play Store apps.

Have Your Users Made You an Easy Target for Spear Phishing?

Notes.

Today's issue includes events affecting Argentina, Australia, Austria, Belgium, Brazil, China, Cyprus, Denmark, Egypt, European Union, France, Germany, Ghana, Greece, Honduras, India, Indonesia, Ireland, Italy, Kazakhstan, Kuwait, Malaysia, Myanmar, NATO/OTAN, Netherlands, Norway, Poland, Portugal, Qatar, Russia, Saudi Arabia, Serbia, Singapore, Slovenia, Spain, Sudan, Sweden, Switzerland, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States and Vietnam

Bring your own context.

Remember Rowhammer? It's still out and about.

"So, basically, at a high level, what [Rowhammer] allows an attacker to do is if they have control over, you know, one portion of memory, say memory location A, but they don't have control over memory location B, they can, nevertheless, by making a bunch of changes to memory location A, effect changes in memory location B. And, of course, you can see that that's going to be quite dangerous if memory location B is going to be holding some cryptographic information.... Previous Rowhammer-based exploits just violated integrity. So, basically, they allowed the attacker to modify the key and thereby mess things up for some cryptographic computation that was being performed. And what the researchers have now shown is that they can use that information to actually now learn the key itself.... And gradually over time, they can learn certain bits of information about that portion of memory, which may contain a key. And then they can further use existing algorithms to then bootstrap from the little bit of information they can learn to eventually recover the entire key."

—Jonathan Katz, of George Mason University, on the CyberWire Daily Podcast, 9.4.19.

Exploitation can threaten cryptographic keys.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

On the Podcast

In today's podcast, up later this afternoon, we speak with our partners at Accenture Labs, as Malek Ben Salem discusses leveraging the blockchain for AI. Our guest is Doug Grindstaff from the CMMI Institute, who makes the case that CISOs need to think more like VCs.

Sponsored Events

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.

Selected Reading

Dateline

Analysis | The Cybersecurity 202: New NSA cyber lead says agency must share more info about digital threats (Washington Post) Ann Neuberger will lead the new NSA Cyber Directorate launching Oct. 1.

NSA Cyber Chief Wants to Share Digital Threats Early and Often (Nextgov.com) The agency has historically been slow to share threat intelligence but accelerating that process would help the government get ahead of cyber adversaries, according to Anne Neuberger.

NSA looks to ‘up its game’ in cyber defense (Fifth Domain) NSA's new cybersecurity directorate seeks to provide private sector with better unclassified intelligence.

OMB's CyberStat program is 'evolving' (FCW) Following an audit that found the Office of Management and Budget could be making better use of the cybersecurity reviews, Federal CISO Grant Schneider said agency is looking at revamping the program ahead of next fiscal year.

Top IT official names China as main cyber threat to US (TheHill) A top IT government official on Wednesday said China poses the biggest cyber threat to the U.S.

Pentagon, NSA Laying Groundwork for AI-Powered Cyber Defenses (Nextgov.com) Officials are developing a consistent framework for collecting cyber data, which could ultimately help train tools to monitor networks and detect suspicious behavior.

CISO Schneider: OMB Focused on ‘Maximum Support’ for Agency Cyber (MeriTalk) Grant Schneider, the Federal government’s chief information security officer, said the Office of Management and Budget (OMB) is aiming to provide “maximum support” to Federal agencies as they work to improve network security.

Here are the 2020 priorities for DHS’ cyber initiative (Fifth Domain) The Department of Homeland Security in the next three months will roll out a visualization agent allowing agencies to better apply data on their cybersecurity risks and vulnerabilities.

Cox Previews CDM Program Office Priorities for FY2020 (MeriTalk) Kevin Cox, program manager for the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program, today detailed several priorities for the program office in FY2020 that begins next month. Those include focus on the Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm, the new dashboard ecosystem, enterprise mobility management, cloud security, and protection of high-value assets.

DOD: Contractors Will Need Cyber Certification Beginning Next Summer (Air Force Magazine) Bidders for USAF contracts, or any DOD business, will have to get certified as cybersecure before they can win the work starting next year, the newly minted chief information security officer for the assistant defense secretary for acquisition said.

A FedRAMP plan to strengthen cloud security (Federal Times) The Federal Risk and Authorization Management Program wants threat intelligence reports to make its audit process smarter.

The Army wants more coders alongside operators (Fifth Domain) The Army is embedding coders with its cyber operators to help solve problems in real time.

No, NASA Did Not Say It's Developing Its Own Cryptocurrency (Gizmodo) Let’s get one thing straight right now: “crypto” means “cryptography.” It does not mean “cryptocurrency.” Unless you’re a person who thinks the blockchain is the future, that is, which is how we ended up with the dumbest news cycle this side of a measles outbreak.

Cyber Attacks, Threats, and Vulnerabilities

‘We’re at War’: A Covert Social Media Campaign Boosts Military Rulers (New York Times) After protesters were killed in Sudan, an obscure Egyptian company ramped up a covert influence operation that spanned the Middle East and North Africa.

China hacked Asian telcos to spy on Uighur travelers: sources (Reuters) Hackers working for the Chinese government have broken into telecoms networks to...

UPSynergy: Chinese-American Spy vs. Spy Story (Check Point Research) Earlier this year, our colleagues at Symantec uncovered an interesting story about the use of Equation group exploitation tools by an alleged Chinese group named Buckeye (a.k.a APT3, or UPS team). One of the key findings in their publication was that variants of the Equation tools... Click to Read More

Hong Kong Protesters Are Using This ‘Mesh’ Messaging App—But Should They Trust It? (Forbes) Bridgefy has gained a significant following in Hong Kong. But is it secure and trustworthy?

A Chinese APT is now going after Pulse Secure and Fortinet VPN servers (ZDNet) Security researchers spot Chinese state-sponsored hackers going after high-end enterprise VPN servers.

Chinese APT group targets Fortinet and Pulse servers (SC Media) VPN servers in the firing line from state-sponsored hackers.

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report (Forbes) Cybersecurity researchers at Check Point claim China deliberately captured NSA cyberweapons to target U.S. allies.

Chinese cyber hackers have built a backdoor in US-China trade war, says report (Fox News) China is now trying to hack into U.S. networks to exploit the ongoing trade war, experts say.

Monster.com says a third party exposed user data but didn’t tell anyone (TechCrunch) An exposed web server storing résumés of job seekers — including from recruitment site Monster — has been found online. The server contained résumés and CVs for job applicants spanning 2014 and 2017, many of which included private information like phone numbers and home addresses, but also email ad…

Zero-day privilege escalation disclosed for Android (Ars Technica) Google has so far remained mum on the flaw, which affects fully patched devices.

Warning over new Android spyware, dubbed Joker, found in 24 malicious apps in Google's Play store (Computing) Joker malware can read SMS messages, contact lists and other information on victims' Android handsets

#privacy: “Joker” trojan signs users up for premium subscriptions (PrivSec Report) A new Android trojan dubbed “Joker” has been discovered with malware dropper and spyware capabilities in 24 Google Play Store apps. In a blog post, researcher Aleksejs Kuprins from CSIS Security Group described how he had observed the Joker on Google Play. It was detected in 24 apps with over 472,000 installs in total. It …

Analysis of Joker — A Spy & Premium Subscription Bot on GooglePlay (Medium) Over the past couple of weeks, we have been observing a new Trojan on GooglePlay. So far, we have detected it in 24 apps with over…

URGENT/11 - New ICS Threat Signatures by Nozomi Networks Labs (Nozomi Networks) A well-known RTOS (Real-Time Operating System), widely used in industrial sectors, is at risk from a series of 11 vulnerabilities dubbed URGENT/11. Nozomi Networks Labs conducted research on the vulnerable devices and has released threat signatures for URGENT/11 that identify threats in typical industrial networks without generating high numbers of false positive alerts.

Facebook loses control of key used to sign Android app (Naked Security) What should be a private key used to vouch for the ‘Free Basics by Facebook’ app was used to sign unrelated apps.

Hackers Hit Twitter C.E.O. Jack Dorsey in a ‘SIM Swap.’ You’re at Risk, Too (New York Times) Hackers have been targeting regular people and celebrities with the attack. Last week, it was used to hijack the Twitter account of Twitter’s C.E.O.

Report: Data Breach Reveals Private Emails of International Manufacturing Firm (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team has found a data breach in the email platform used by a South Korean company, DKLOK. DKLOK is an ...

FUSD schools closed Thursday due to cybersecurity intrusion (Arizona Daily Sun) Flagstaff Unified School District has canceled classes at all of its schools Thursday, September 5 after officials discovered powerful malware in its servers Wednesday morning.

Ransomware demanded $5.3M from Massachusetts city in July attack (StateScoop) New Bedford, Mass., initially tried negotiating with the hackers behind the Ryuk virus, but ended up fixing its systems itself after a counteroffer was rejected.

Texas says half of agencies hit by ransomware have recovered (Washington Post) Texas authorities say they aren’t aware of any money paid to hackers who used ransomware to target more than 20 communities

Why Social Media is Increasingly Abused for Phishing Attacks (PhishLabs) For more than a decade the use of social media has grown, and along with it, so have the tactics used by threat actors to abuse each kind.

Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Rockwell Automation Equipment: Allen-Bradley PowerMonitor 1000 Vulnerabilities: Cross-site Scripting and Authentication Bypass 2.

Red Lion Controls Crimson (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Red Lion Controls Equipment: Crimson (Windows configuration software) Vulnerabilities: Use After Free, Improper Restriction of Operations within the Bounds of a Memory Buffer, Pointer Issues, Use of Hard-coded Cryptographic Key

Rockwell Automation Arena Simulation Software (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: Arena Simulation Software --------- Begin Update A Part 1 of 3 --------- Vulnerabilities: Use After Free, Information Exposure, Type Confusion, Insufficient UI Warning of Dangerous Operations --------- End Update A Part 1 of 3 ---------

BD Pyxis (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Session Fixation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the Active Directory (AD) credentials of a previously authenticated user to gain access to the device.

The transitive property of cloud security - the weakest link can be the one you didn’t know existed (Diginomica) Security concerns around cloud services adoption.

Over 600,000 China-made GPS trackers have '123456' as default password (CNET) The trackers, advertised for children and the elderly, are being used in the US, Europe and elsewhere. And they've got some serious security issues.

Security Patches, Mitigations, and Software Updates

Too bad, so sad, exploit devs: Google patches possibly several million dollars' worth of security flaws in Android (Register) Except one – a 'your phone is now my phone' bug reported months ago and still not fixed

Cyber Trends

Terrorism, espionage, and cyber: ASIO's omne trium perfectum (ZDNet) ASIO's outgoing Director-General of Security reflects on the 'security triptych' that is of upmost concern to Australia's national security.

New Global Kaseya Survey Examines State of IT Operations for SMB; Highlights Stagnant Maturity and Need for Proactive IT Management (Kaseya) Fifth annual survey of SMBs and midmarket enterprises shows no improvement in IT maturity levels in three years, while security remains top concern

2019 IT Operations Survey Report (Kaseya) Download a free copy of the 2019 IT Operations Benchmark Survey Report to get a deeper insight into the inner workings of IT departments in SMBs.

Netwrix survey: 98% of educational institutions are not hiring dedicated staff to improve cloud security (Netwrix) Even though cloud technologies are becoming more popular in the education sector, management is still reluctant to invest in cloud data security initiatives, study finds.

Both Liberals, Conservatives Say They Are Confident They Can Spot Fake News as the 2020 U.S. Presidential Election Draws Near (Business Insider) People are aware of fake news on social media and are confident in their ability to spot it, according to a new su...

McAfee CEO Chris Young Contemplates The Future Of Cyber Security (Forbes) Chris Young has been in the cyber security industry for a quarter of a century, having been an entrepreneur in the space, having run security businesses units within Intel, Cisco, and AOL, and now as the CEO of McAfee. In this interview, he describes how he stays current in a rapidly evolving field.

Marketplace

Palo Alto Networks Acquires IoT Security Firm Zingbox for $75 Million (SecurityWeek) Palo Alto Networks acquires IoT security firm Zingbox for $75 million and announces financial results for FY 2019.

Palo Alto Networks Integrates IoT Security, Firewall With Zingbox Buy (CRN) Palo Alto Networks will become the only vendor capable of delivering IoT security as an integrated service through the firewall following its acquisition of Zingbox, said Chief Product Officer Lee Klarich.

BigID announces $50M Series C investment as privacy takes center stage (TechCrunch) It turns out GDPR was just the tip of the privacy iceberg. With California’s privacy law coming on line January 1st and dozens more in various stages of development, it’s clear that governments are taking privacy seriously, which means companies have to as well. New York-startup BigID, …

Palantir to Seek Funding on Private Market, Delay IPO (Bloomberg) Peter Thiel’s data company in talks with non-U.S. investors. IPO could be postposend until 2022 or 2023, sources say.

Vietnam's Viettel shuns Huawei 5G tech over cybersecurity (Nikkei Asian Review) Country's top three carriers choose alternatives to Chinese gear supplier

Here's a peek at how reporter Becky Peterson got inside the notorious and secretive NSO Group (Business Insider) Business Insider is taking you behind the scenes of our best stories with our new series "The Inside Story."

Foremost IAM Experts Join Semperis to Capture Global Demand for Identity-Driven Enterprise Protection (BusinessWire) Foremost IAM Experts Join Semperis to Capture Global Demand for Identity-Driven Enterprise Protection

Brunswick Taps Ex-US Cyber Command Chief Rogers (O'Dwyers PR) Mike Rogers, retired US Navy admiral who served as commander of the US Cyber Command and director of the National Security Agency, has joined Brunswick Group in its Washington office.

Products, Services, and Solutions

Speeding IT Visibility into OT: New Integrations with Fortinet (Nozomi Networks) Fortinet and Nozomi Networks achieved another partnership milestone with two new integrations that deliver full security visibility and management across IT and OT environments. Now with comprehensive integrations for FortiGate, FortiNAC, and FortiSIEM, we’re helping eliminate the gap between IT and OT. Read on to learn how the integrations provide full visibility across IT and OT, allowing customers to detect and respond to threats more effectively.

DigiCert Announces Post-Quantum Computing Test Kit (DigiCert) This PQC test kit is designed for technical users who want to try out the process of installing the hybrid RSA/PQC certificate (TLS or IoT). The kit will be useful for PKI architects and technical solution designers across a variety of industries

Proofpoint Expands Okta Partnership to Protect Users Most Targeted by Cyberattacks; Integrates People-Centric Intelligence with Okta’s Identity Cloud (Proofpoint US) Proofpoint, Inc., a leading cybersecurity and compliance company, today announced an expansion to its technology partnership with Okta, Inc, the leading independent provider of identity for the enterprise, to bolster how organizations protect their most at-risk users from sophisticated cyberattacks.

DivvyCloud Announces New Channel Partner Program to Meet Growing Demand for Automated Cloud Security and Compliance (BusinessWire) DivvyCloud Announces New Channel Partner Program to Meet Growing Demand for Automated Cloud Security and Compliance

SyncDog Announces Partnership with Symantec to Provide a Holistic Approach to Mobile Threat Defense (BusinessWire) SyncDog Announces Partnership with Symantec to Provide a Holistic Approach to Mobile Threat Defense

ThreatModeler Announces New U.S. Distribution Relationship with Promark (PR Newswire) ThreatModeler™, provider of the industry's #1 automated threat modeling platform, announced today it has...

Exabeam Expands International Availability of Cloud-based SIEM to Help Organizations Modernize Security Operations - Exabeam (Exabeam) With Exabeam SaaS Cloud, security teams across Canada, Europe, Asia-Pacific and South America can now easily migrate security[...]

DataBank Enhances Data Protection Services with Turn-key Disaster Recovery as a Service Offering (PR Newswire) DataBank, a leading provider of enterprise-class data center, connectivity and managed services, announces the...

Guardicore Partners with Mellanox to Deliver Agentless and High-Performance Micro-Segmentation in Data Centers (PR Newswire) Guardicore, a leader in internal data center and cloud security, today announced that it has...

Cyxtera Federal Group Receives GSA IT Schedule 70 Contract (Cyxtera) Cyxtera provides data center colocation, enterprise application cloud computing provider, hybrid cloud, cybersecurity and analytics solutions.

101domain expands security offering to include nearly two dozen new SSL Certificate solutions to fit every business and budget (PR Newswire) Security isn't one size fits all. For this reason, 101domain has added nearly two dozen new SSL Certificates...

Machine Learning is Helping to Combat Cyberthreats (PR Newswire) Domain Name Server (DNS) tunneling remains a popular method used for cyberattacks because too many organizations...

Technologies, Techniques, and Standards

Voting Machine Makers Give U.S. Access in Fight Against Hackers (Bloomberg) ‘We know what makes up the systems’: Homeland official Manfra, Cyber Command chief Nakasone cites a ‘safe and secure’ 2018.

Why 5G requires new approaches to cybersecurity (Brookings) Ensuring the security of 5G networks is paramount, requiring action from both business and government.

DoD unveils new cybersecurity certification model for contractors (Federal News Network) A draft version of the Defense Department’s Cybersecurity Maturity Model Certification, an assessment designed to measure and monitor cybersecurity practices of its contractors, is open for public…

Law Firms Need to Prioritize Privilege to Protect Client Information (CyberArk) Law firms have access to sensitive client information and other confidential data, but they don't always secure that data as well as they should.

It's Not Healthy to Confuse Compliance with Security (Dark Reading) Healthcare organizations should be alarmed by the frequency and severity of cyberattacks. Don't assume you're safe from them just because you're compliant with regulations.

Design and Innovation

Facebook, Microsoft launch contest to detect deepfake videos (Reuters) Facebook Inc is teaming up with Microsoft Corp, the Partnership on AI coalition ...

Facebook debuts vaccine education pop-up windows (CNN) Facebook, which owns Instagram, is rolling out new educational pop-up windows on both platforms to combat the spread of misinformation about vaccines, particularly anti-vaccination content.

Influencers are fighting for attention as Instagram tests removing likes from its platform: 'There’s no audience applause at the end of a performance' (Business Insider) The removal of likes is designed to improve the lives of consumers, but influencers are starting to feel the impact of the change.

Google Wants to Help Tech Companies Know Less About You (Wired) By releasing its homegrown differential privacy tool, Google will make it easier for any company to boost its privacy bona fides.

Legislation, Policy and Regulation

Italy approves use of special powers over 5G supply deals (Yahoo) Italy's new government on Thursday approved its use of special powers in supply deals for fifth-generation (5G) telecom services by a number of domestic firms with providers including China's Huawei and ZTE Corporation. A government source told Reuters at the time the decision to strengthen

In Europe, U.S. defense secretary calls for greater effort to... (U.S.) U.S. Defense Secretary Mark Esper, in his first major speech, on Friday called f...

The United States Is Taking Action Against Cyber Foes (SIGNAL Magazine) The United States is waging active cyber operations against nations that conduct information operations against it.

NSA: Just say no to hacking back (FCW) The National Security Agency's chief counsel said organizations that suspect a cyberattack should call Homeland Security or the FBI instead.

Intelligence Community Security Demands Investment in People (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "Intelligence Community Security Demands Investment in People ".

The World’s First Ambassador to the Tech Industry (New YorkTimes) Denmark appointed him to approach Silicon Valley as if it were a global superpower. His challenges show how smaller countries struggle to influence giant corporations.

Do We Trust Governments to Effectively Regulate Privacy? [Ask Security Professionals] (Venafi) IT security professionals want regulation, but do not trust their officials to draft effective guidelines. Read what we found out on Venafi’s blog.

DOD issues draft of new contractor cyber standards (FedScoop) The Department of Defense has issued long-awaited cybersecurity standards in draft form for contractors who work with the Pentagon’s sensitive data. Version 0.4 of the Cybersecurity Maturity Model Certification (CMMC) is now live, giving contractors a glimpse into the sort of cybersecurity standards they will need to meet if they want to work on contracts that handle controlled …

Opinion | I’m a tech CEO, and I don’t think tech CEOs should be making policy (Washington Post) Tech executives are a deeply unrepresentative group living in an elite bubble.

Litigation, Investigation, and Enforcement

WSJ News Exclusive | States to Launch Google, Facebook Antitrust Probes (Wall Street Journal) State attorneys general are formally launching separate antitrust probes into Facebook and Google starting next week, putting added pressure on tech giants already under federal scrutiny.

New York attorney general is investigating Facebook for possible antitrust violations (CNBC) Attorneys general of Colorado, Florida, Iowa, Nebraska, North Carolina, Ohio, Tennessee and the District of Columbia will join the probe.

Google accused of using secret web pages to leak users' personal data to advertising firms (Computing) The evidence in support of the claim was submitted to Ireland's Data Protection Commission by Brave's Johnny Ryan

How Google uses secret 'push pages' to share personal details with advertisers (Computing) Combined with tracking cookies supplied by Google, push pages enable organisations to identify individual web browsers, claims Brave's Johnny Ryan

Senator: Mark Zuckerberg should face “the possibility of a prison term” (Ars Technica) "He ought to be held personally accountable," Ron Wyden (D-OR) said.

Accused Capital One hacker pleads not guilty to all charges (CyberScoop) Paige Thompson has pleaded not guilty to charges in connection with a data breach at Capital One that impacted roughly 106 million people.

Author of record-setting IoT botnets pleads guilty (Naked Security) He kept working on new botnets (and swatting a co-conspirator-cum-competitor) while indicted and on supervised release.

Haverford student who tried to hack IRS for Trump tax returns pleads guilty, could get 2 years in jail, $200,000 fine (Philadelphia Inquirer) Andrew Harris, 23, was the second Haverford student to plead guilty in the attempted hack. They didn't get Trump's returns because a Louisiana private eye had already tried to set up a FAFSA account.

Riverdale, Conley residents among 7 named in federal indictment in Verizon identity fraud case (Clayton News) Two people from Clayton County have been indicted, along with five former Verizon store employees, on federal charges that they stole people's identities, opened Verizon accounts, then charged

The Doghouse: Crown Sterling (Schneier on Security) A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil."

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

RSA Conference 2020 (San Francisco, California, USA, February 24 - 28, 2020) Be part of a conversation that has the power to change the world. Join top cybersecurity leaders and a dedicated community of peers as we exchange the biggest, boldest ideas that will help propel the industry forward. Get access to expert-led sessions, thought-provoking keynotes, in-depth trainings and tutorials, groundbreaking innovation programs, state-of-the-art product demos and countless networking opportunities.

upcoming Events

Derbycon 2019 (Louisville, Kentucky, USA, September 4 - 8, 2019) DerbyCon isn’t just another security conference. We’ve taken the best elements from all the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, are a hobbyist, or are trying to break into INFOSEC, the idea of DerbyCon is to promote learning and strengthen the community. We are a community of peers learning from one another.

Global Security Exchange (GSX) (Chicago, Illinois, USA, September 8 - 12, 2019) Global Security Exchange (GSX) is the only event that brings together security professionals from all vertical markets throughout the world to network, learn, and re-invest in the industry. It’s home for all security practitioners and their partners.

Insider Threat Program Development & Management Training Course + Insider Threat Symposium & Expo (Laurel, Maryland, USA, September 9 - 10, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development-Management Training Course, in Laurel, MD, on Sept. 9, 2019. This 1 day training course will ensure the ITP Manager / Senior Official (Insider Threat Analyst, FSO, CSO, CISO, Etc.), and others who support the ITP (Human Resources, IT, Network Security, Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group. For a limited time the training is being offered at a highly discounted rate of $695 (Normally $1295). On Sept. 10, the Insider Threat Symposium & Expo will be held at the same location: the Johns Hopkins University Applied Physics Laboratory.

Insider Threat Symposium & Expo (Laurel, Mayland, USA, September 10, 2019) The National Insider Threat Special Interest Group's event is for anyone involved in Insider Threat Program (ITP) Management / Insider Threat Mitigation. Speakers will come from the White House, Missile Defense Agency, Naval Information Warfare Center, Nike, Transunion, Equifax, Dell Computers, Symantec Corporation and more. The ITS&E will focus on developing, managing or enhancing an ITP / Working Group, Employee Threat Identification & Mitigation, Employee User Activity Monitoring and much more.

Atlanta Cybersecurity Conference (Atlanta, Georgia, USA, September 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.