If you find the CyberWire adds value to your day, why not share it with colleagues who might also benefit? Send them an invitation to subscribe. (After all, the price--free--is right.) And, as always, thanks for reading.
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
Magento proof-of-concept exploit. Emotet distributes ransomware. Typosquatting other crooks. Perils of Huawei. AI goes to jail.
Sucuri has a proof-of-concept exploit for an SQL-injection vulnerability in the core of the widely-used Magento e-commerce platform. As Ars Technica points out, the vulnerability is so potentially lucrative that criminals can be expected to exploit it in the wild as soon as they have the means to do so. About three-hundred-thousand e-commerce sites use Magneto.
Trend Micro has found that Emotet is being used to distribute a ransomware loader.
Digital Shadows outlines a criminal typosquatting campaign targeting other criminals on the dark web.
Huawei, bellwether of China's tech sector, continues to receive a mixed reception abroad. The EU has finessed security concerns about the company's participation in 5G networks, Australia and the US are unrepentant in their wish to keep Huawei out, and the UK has harshly criticized the company's failure to remediate security issues. The Register characterizes Huawei's efforts to address known router vulnerabilities as "half-arsed" (it's an industry term). WIRED expresses the current mood about risks surrounding the company's products as a feeling that it's not the backdoors, but the bugs that matter.
Correctional authorities in Finland have an idea for training artificial intelligence: have prisoners answer questions and use their answers to make the AI smarter. The country's Criminal Sanctions Agency has contracted with AI firm Vainu to provide the inmates' labor to the project. It's seen as a win-win-win: the jailers keep their charges busily on the road to rehabilitation, the prisoners get learning and self-improvement, and the machines get smarter. Or at least street-smarter.
Today's issue includes events affecting Australia, Canada, China, Estonia, European Union, Finland, Iran, Republic of Korea, Latvia, Lithuania, NATO/OTAN, Russia, Ukraine, United Kingdom, and United States.
The spelling of "Magento" has been corrected in the summary.
In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses news that law enforcement agencies are encrypting their radio communications. Our guest is Lorrie Cranor, director of CyLab at Carnegie Mellon University.