Opening up a black box: NSA Cybersecurity Directorate's media roundtable.
We were able to attend a media roundtable the National Security Agency's Cybersecurity Directorate held at Fort Meade yesterday. We have a quick overview here.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
We were able to attend a media roundtable the National Security Agency's Cybersecurity Directorate held at Fort Meade yesterday. We have a quick overview here.
ESET reports the discovery of "Attor," a modular espionage platform that has been deployed mostly against selected individuals in Russia, many of whom have shown an interest in using privacy-focused services. The malware has also been used against a smaller number of diplomatic and government targets in Eastern Europe, notably in Ukraine, Slovakia, Lithuania, and Turkey. Attor has been in use since 2013 at least, and ESET describes it as "professionally written." Its plugin architecture enables its controllers to customize Attor's functionality to specific targets. In general, the malware uses an unusual device-fingerprinting technique, automated data collection, and Tor-enabled exfiltration. ESET does not know what Attor's infection vectors have been, and the researchers think it probable that the malware has still-undiscovered plugins.
FireEye researchers catch FIN7 (also known as Carbanak) using new tools.
Morphisec finds Bitpaymer ransomware exploiting an Apple zero-day.
At the request of Chinese authorities, Apple has removed both a US news app and a mapping app from its Chinese service. The Telegraph notes that the optics aren't good for Cupertino, which some see as having joined the NBA in a kind of shadow extension of China's social credit program into the West. Verge says the app is Quartz's, blocked for "content not legal in China." (Quartz is both widely read and not typically seen as extreme.) The mapping app, HKmap.live, was allegedly used to target police and commit crimes where police weren't present: Apple had this latter information from the Hong Kong Cybersecurity and Technology Crime Bureau.
Today's issue includes events affecting China, European Union, Iran, Lithuania, Russia, Slovakia, Turkey, Ukraine, and United States.
The insider threat problem is a tough one to address.
"Employees feel very entitled to personal ownership. A large majority of our information security leaders that we surveyed, 72%, agree it's not just corporate data. It's my work and my ideas. Which, you know, that's a scary statistic because if people think that it's their work and their ideas, they're going to take it with them when they leave. And I don't think companies realize how impactful that can be until the data's gone. I talk to a lot of customers and potential customers, and just recently I was on the phone with a company that had an employee leave, start their own company, and that became a threat to the existing company or the initial company to the point where they had to buy out the company that was started with the employee's data - or with the employer's data. So I don't think companies really realize how impactful it is until it's probably too late."
—Jadee Hanson, CISO and VP of information technology at Code42, on the CyberWire Daily Podcast, 10.8.19.
As recent news out of Canada, the US, and the UK will attest, even capable, professional, and well-resourced intelligence and counterintelligence services have their insider threats, so it's not just you, small business. (But it is you, too.)
Monday is Columbus Day, a US Federal holiday, and we'll be taking the day off. We'll resume publication as usual on Tuesday. Enjoy the long weekend, if you're able to take it.
According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.
In today's Daily Podcast, out later this afternoon, we speak with our partners at Bristol University, as Awais Rashid makes the case for real-world experimentation. Our guest, Kumar Saurabh from LogicHub, argues for the importance of making breach forensics public.
Magecart Attack on Volusion Highlights Supply Chain Dangers (Dark Reading) Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
Imperva blames data breach on stolen AWS API key (ZDNet) Imperva said it accidentally exposed an internal server from where a hacker stole an AWS API key.
FIN7 Attackers Roll Out New Tools (Decipher) The FIN7 group has begun deploying new tools, including a module that specifically targets a remote administration tool for payment card systems.
Ransomware gang uses iTunes zero-day (ZDNet) BitPaymer ransomware spotted abusing iTunes for Windows bug to bypass antivirus detection.
Apple Software Update Zero-Day Used by BitPaymer Ransomware (BleepingComputer) Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows.
iTunes Zero-Day Exploited to Deliver BitPaymer (Dark Reading) The ransomware operators targeted an unquoted path vulnerability in iTunes for Windows to evade detection and install BitPaymer.
Microsoft NTLM vulnerabilities could lead to full domain compromise (Help Net Security) Researchers have discovered 2 vulnerabilities that may allow attackers to achieve full domain compromise of a network through NTLM relay attacks.
New Malware Spies on Diplomats, High-Profile Government Targets (BleepingComputer) A new modular and malware designed to target diplomatic and government entities was spotted by ESET researchers while being utilized in attacks aimed at Russian-speaking individuals for at least 7 years.
ESET discovers Attor, a spy platform with curious GSM fingerprinting (WeLiveSecurity) ESET experts discover a previously unreported cyberespionage platform used in targeted attacks against privacy-concerned users in diplomatic missions and governmental institutions.
Pass the Hash attacks are symptomatic of much bigger security problems (SC Magazine) A newly published survey reveals that some 68 percent of IT security stakeholders don't know if they've experienced a Pass the Hash (PtH) attack. That isn't necessarily a cause for too much concern.
Bug in popular firewall exposed corporate networks to hackers (TechCrunch) Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password. The vulnerability allows an attacker to remotely gain “root” permissions …
Political Campaigns Know Where You’ve Been. They’re Tracking Your Phone. (Wall Street Journal) Voter targeting has grown more invasive with location data that apps can transmit from cellphones. The data allows political groups to track down voters based on places they’ve been, including rallies, churches and gun clubs.
D-Link routers have major security flaws - but there's no fix (TechRadar) It won’t ever be patched because these four routers are no longer supported
Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 (Wired) A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment.
Philips Brilliance Computed Tomography (CT) System (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Philips --------- Begin Update A Part 1 of 3 ---------- Equipment: Brilliance CT Scanners and MX8000 Dual EXP --------- End Update A Part 1 of 3 ----------
Interpeak IPnet TCP/IP Stack (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference
Interpeak IPnet TCP/IP Stack (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference
Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local Privilege Escalation Vulnerability (Update H) that was published June 14, 2018, on the ICS webpage on us-cert.gov.
Siemens SIMATIC WinCC and PCS7 (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2.
Siemens SIMATIC PCS7, WinCC, TIA Portal (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC (TIA Portal) Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2.
Siemens PROFINET Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition.
Siemens Industrial Real-Time (IRT) Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition.
Cybercriminals could potentially shut down hospital operating rooms: report (Tri-City News) In the absence of proper precautions, cybercriminals can shut down hospital operating rooms, expose highly personal health data and damage the ability of health professionals to provide service, . . .
City Of Carrollton Victimized By Cyber Attack (CBS DFW) The city said it's working with both state and federal officials to investigate and considers the hack a criminal act.
DCH Health System resumes normal operations following cyber attack (WVTM) All three DCH locations are now accepting all patients again after being crippled by a cyber attack.
Victorian hospitals slowly restoring systems after cyber attack (iTnews) Some systems still offline.
iTerm2 Patches Critical Vulnerability Active for 7 Years (BleepingComputer) The most popular terminal emulator for macOS, iTerm2, has been updated to fix a critical security issue that survived undisclosed for at least seven years.
Kevin Mandia’s 10 Scariest Statements At FireEye Cyber Defense Summit (CRN) FireEye CEO Kevin Mandia dishes on why deepfakes will erode public confidence, why researchers are struggling to find the initial victim of cyberattacks, and why cyber espionage is here to stay.
93 percent of Cybersecurity Professionals Concerned About Cyberattacks Shutting Down Operations (Tripwire) New research explores cybersecurity concerns in industrial control system environments
Axiomatics Federal, Inc. Reveals 2020 Security Trends for Federal Agen (PRWeb) Axiomatics Federal, Inc., the leader in fine-grained dynamic authorization for customers and partners of the federal government, today unveiled data security
VMware builds security unit around Carbon Black tech (Network World) VMware has wrapped up its $2.1 billion buy of cloud-native endpoint security vendor Carbon Black to provide more comprehensive integrated security.
Westcon signs security vendor Menlo (CRN Australia) Cloud-hosted isolation solution tackles web-and-mail-borne threats.
DLT Solutions and CrowdStrike Launch GovCybersecurityHub (PR Newswire) DLT Solutions, a premier government technology solutions aggregator, is launching the GovCybersecurityHub...
Twitter Puts Profit Ahead of User Privacy—Just Like Facebook Did Before (Wired) Twitter funneled two-factor authentication phone numbers into their ad targeting platform—but they weren't the only ones.
U.S. Department of Defense Awards HackerOne Second ‘Hack the Army’ Bug Bounty Challenge (BusinessWire) Through partnership with the Defense Digital Service, the U.S. Department of Defense (DoD) and HackerOne, the number one hacker-powered pentesting and
Who Wants to Hack the Army Again? (Nextgov.com) Active U.S. military, federal civilians and individuals invited by HackerOne can participate in the service’s second bug bounty.
This is how much Zomato paid to hackers for fixes (Zee Business) Food delivery platform Zomato has paid more than $100,000 (over Rs 70 lakh) to 435 hackers till date for finding and fixing bugs on its platform. In fact, $12,350 (over Rs 8.7 lakh) in bounties were paid in the last 90 days alone, said HackerOne, hacker-powered bug bounty platform. With the help of HackerOne`s bug bounty programme since July 2017, Zomato has successfully resolved 775 vulnerabilities report, HackerOne told IANS on Thursday. "Zomato security team is tasked with protecting sensitive information for over 55 million unique monthly visitors," it added.
DigiCert Issues Verified Mark Certificate to CNN, Laying Crucial Foundation for BIMI Email Standard (DigiCert) DigiCert to support new standard requiring validated logos through the pilot phase, production LEHI, Utah (October 10, 2019) – DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and PKI solutions, today announced that it has issued the world’s first Verified Mark Certificate (VMC) for a domain that sends email at scale: CNN.com. With this …
Bricata Delivers Network Protection with Enhanced Customization Features (Bricata) Bricata Delivers Network Protection with Enhanced Customization Features Users can Tailor their Experience with New Metadata Filters, Dashboard Customization and Smart Alerts Grouping Columbia, MD – O
Okta Launches Okta SecurityInsights to Protect Global Workforces (AP NEWS) Press release content from Business Wire. The AP news staff was not involved in its creation.
Block Armour announces a Blockchain-Enabled Cybersecurity Solution for IoT Systems (NBC29) Targeted at Smart Cities, Autonomous Mobility, and other related use cases, IoT Armour offers Zero Trust security for critical infrastructure, connected devices and IoT networks.
TACLANE-Nano network encryptor certified by NSA (Military Embedded Systems) General Dynamics Mission Systems (GDMS) announced that the National Security Agency (NSA) has certified its new TACLANE-Nano (KG-175N) network encryptor to secure voice, video, and data information classified Top Secret/SCI and below traversing public and private IP networks.
Microsoft Partners with NIST To Improve Enterprise Security 'Hygiene' (Redmond Channel Partner) Microsoft will 'soon' kick off an effort to help organizations better patch their software, with help from the National Institute of Standards and Technology.
Nemty Ransomware Decryptor Released, Recover Files for Free (BleepingComputer) Victims of the Nemty Ransomware finally have something to be happy about as researchers have released a decryptor that allows them to recover files for free.
Stop Doing These 4 Things Online — Immediately (NerdWallet) Some of your routine online practices could be putting your personal information at risk. Cybersecurity experts recommend breaking these habits — now.
Test bed for 5G wireless security will accelerate cyber research in Virginia (VT News) The test bed, a powerful resource for researchers, companies, and government agencies exploring 5G technology, is a flagship project of the Commonwealth Cyber Initiative.
USD launches cybersecurity boot camp (KGTV) In an effort to help companies fill the thousands of open cybersecurity jobs currently available in San Diego, USD is starting a cyber security bootcamp that promises to get people job-ready in just 26 weeks.
School of Computing Recognized for Cyber Defense Education (UNF Spinnaker) UNF’s School of Computing has been designated a National Center of Academic Excellence in Cyber Defense Education by the National Security Administration and the Department of Homeland Security. This designation, which lasts through 2024, is awarded to programs that meet specific academic guidelines and are validated by experts in the cybersecurity field. It also makes...
Making intelligence actionable. (The CyberWire) NSA's Cybersecurity Directorate's missions aren't new, but the Directorate seems intent on accomplishing them with a more expansive set of customers in mind.
Expect more Iranian Cyber Attacks as Sanctions Continue to Bite (International Policy Digest) Expect more cyber activity by Iran in the coming months.
EU warning over 5G security risks from state-backed entities (Computing) EU report warns that non-EU firms bidding for 5G network contracts could be subject to interference when they have strong ties to government - but doesn't mention Huawei or ZTE.
EU hints at Huawei risk in 5G security assessment (www.euractiv.com) The European Union hinted strongly it viewed Chinese tech group Huawei as a security risk to its roll-out of 5G networks in a report released Wednesday (9 October).
Fury as Apple pulls US news app Quartz from China 'over Hong Kong coverage' (The Telegraph) Apple has blocked a US news app from its Chinese service as the iPhone maker is accused of bowing to pressure from state censors over pro-democracy protests in Hong Kong.
California outlaws facial recognition in police bodycams (Naked Security) The bill was introduced by Phil Ting: one of 26 state lawmakers misidentified as suspects in an ACLU test of the technology.
Iowa Sec. of State assures voters that upcoming elections are safe and secure (KMEG) With the upcoming local and state elections, making sure your vote is safe and secure is a top priority for the State of Iowa. Iowa's Secretary of State Paul Pate has been working with state and national officials to make sure, come election day, voters can be confident in not only the election process but those counting votes as well. "I want to assure Iowa voters, and United States voters, that your elections are covered, we've got you," Secretary Pate told Siouxland News.
Report sent to Gov. Ned Lamont warns of lack of communication between feds and states about cyberthreats to utilities (Hartford Courant) A report released by Gov. Ned Lamont Thursday warned of a lack of communication between federal agencies and the states about potential cyberthreats to utilities.
Former BAE Systems contractor charged with 'damaging disclosure' of UK defence secrets (Register) 49-year-old to appear at the Old Bailey next month
Rudy Giuliani’s Ukraine fixers arrested over donations (Times) Two close associates of President Trump’s personal lawyer have been charged with funnelling foreign cash into a campaign backing his election. Lev Parnas and Igor Fruman, American citizens born in...
Iowa Judicial Branch shares findings of investigation into courthouse break-ins (KCCI) Iowa Judicial Branch releases new information regarding courthouse break-ins in Polk and Dallas counties.
For a complete running list of events, please visit the Event Tracker.
CyberForce (College Park, Maryland, USA, Nov 7, 2019) A gathering of government and industry to bridge the managerial, operational, and technical skills gap of today's cybersecurity workforce.
Insider Threat Program Development & Management Training (College Park, Maryland, USA, Dec 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus. This 2 day training course will ensure the ITP Manager / Senior Official, Insider Threat Analyst, FSO, and others who support the ITP (CSO, CIO, CISO, IT, Network Security, Human Resources, Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group. For a limited time the training is being offered at a discounted rate of $1,095. (Normally $1295).
driving.digital Conference 2019 (Nitra, Slovakia, Oct 14 - 15, 2019) An international program conference focused on cyber security in the automotive industry and mobility. Conference themes will address the topic of stability of digital solutions in the automotive and mobility sectors and highlight areas of risk and vulnerability throughout the life cycle of vehicles, from development, production and operation to end-of-life.
SecureWorld Twin Cities (Minneapolis, Minnesota, USA, Oct 16, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
7th Annual Cyber Resilience Summit (Arlington, Virginia, USA, Oct 16, 2019) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer. The Cyber Resilience Summit, hosted by CISQ, includes sessions on software engineering, supply chain risk management, and acquisition best practices. Policy makers present updates on the rollout of FITARA, MGT Act, and programs targeting security and supply chain risk management.
Cyber Hygiene: Why the Fundamentals Matter (Online, Software Engineering Institute at Carnegie Mellon University, Oct 16, 2019) In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical profession. Like the practice of washing hands to prevent infections, cyber hygiene addresses simple sets of actions that users can take to help reduce cybersecurity risks. Matt Butkovic, Randy Trzeciak, and Matt Trevors will discuss what some of those practices are, such as implementing password security protocols and determining which other practices an organization should implement. Finally, they discuss the special case of phishing—which is a form of attack that can bypass technical safeguards and exploit people’s weaknesses—and how changes in behavior, understanding, and technology might address this issue.
EXCHANGE 2-19 (New York, New York, USA, Oct 16 - 17, 2019) BitSight presents EXCHANGE 2019, The Intersection of Business and Cyber Risk, an event for security and risk professionals to navigate the demands of today's dynamic cyber risk landscape. During this two-day event, distinguished business, technology and government leaders will explore, collaborate and share best practices to achieve desired digital transformation while minimizing cyber risk.