Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
CryptoAPI proof-of-concept exploit. CISA warns chemical industry. Soldiers' families harassed. Phishing in Turtle Bay. Fleeceware update. Burisma hack.
CRN offers a rundown of opinion to the effect that reaction to CVE-2020-0601 has been “overblown,” and to be sure the NSA-disclosed Windows crypto flaw is not apocalyptic, but it’s nonetheless one that should be patched without delay. ZDNet reports that two proof-of-concept exploits of the CryptoAPI (Crypt32.dll) bug have already appeared. (And they add that the vulnerability is now being called “Curveball.”)
As the US and Iran continue their confrontation, no significant attacks from either side have come to public attention. But the US Cybersecurity and Infrastructure Security Agency (CISA) has cautioned the chemical industry that it could be subject to cyberattack, and offers advice on hardening itself against the threat.
Families of deployed US paratroopers are being harassed in social media. The source is unclear, the Military Times reports.
According to Threatpost and BleepingComputer, Cofense researchers determined that the United Nations sustained a phishing campaign designed to deliver Emotet and the TrickBot Trojan. The campaign, which apparently was less than fully successful, used emails spoofing the Norwegian Mission to deliver a malicious Word document.
Sophos finds more fleeceware apps in Google’s Play Store. Fleeceware automatically charges subscription fees if the user neglects to cancel when a “trial period” expires. Users often find that breaking up is harder to do than they expected, and the subscriptions can be pricey.
Moscow delivers its usual informational counterbattery fire in the Burisma hacking case, with Sputnik pooh-poohing the whole episode as a self-serving conspiracy theory launched by Hillary Clinton. So sez Sputnik.
Today's issue includes events affecting Australia, China, European Union, Iran, Norway, Russia, Ukraine, United Kingdom, United Nations, and United States.
Bring your own context.
What's all this about bloatware, and why are people saying bad things about it?
"They have legitimate concerns that there are some privacy issues with these apps. First off - and security issues as well. They're not updatable. They don't get updates unless it's an update pushed out through the cellphone provider many times. The apps are not installed through the Google Play store, so they're not subject to the scrutiny that those apps go through. Now, you can argue about how good that scrutiny is. But these apps don't get any scrutiny. They're just installed by default. And they, a lot of times, will leak information about the user."
—Joe Carrigan of the Johns Hopkins University Information Security Institute, on the CyberWire Daily Podcast, 1.14.20.
And a quick note to our readers...
Monday is Martin Luther King Day, and we'll take a break from publication and podcasting while we observe the Federal holiday. We'll be back to our usual schedule on Tuesday.
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's CyberWire Daily Podcast, we speak with our partners at Cisco Talos, as Craig Williams describes how adversaries take advantage of politics. Our guest is Ron Hayman from AVANT Communications, discussing how companies might leverage Trusted Advisors to proactively prepare their security response.
And Hacking Humans is up. In this episode, "Life in the (second) age of pirates," Dave has an account from a man who was almost scammed by an impersonation of his own close friend. Joe has the story of a sophisticated phishing scheme involving Microsoft Office 365. The catch of the day goes all the way back to the age of pirates. Carole Theriault interviews Andrew Brandt from Sophos regarding their 2020 threat report.