Join us as we step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. We're pleased to announce Career Notes, each episode of which features a look into one professional's journey, where it began, what influenced its course, and where it's going today.
More Signal. Less Noise.
Get real-time security intelligence at no cost.
We recently launched Recorded Future Express — a free browser extension for security teams. Use Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now.
Domestic influence campaigns in China, Russia, and Turkey. Zoom criticized for alignment with Beijing. More on Snake/Ekans.
Announcements
Announcing Career Notes, a new podcast from the CyberWire.
Summary
Twitter has identified a large number of state-run accounts pushing disinformation. The largest network was Chinese-controlled: 23,750 "core accounts" that were highly active in distributing Beijing's line to a Chinese-speaking audience, with special attention to Hong Kong. Many "amplifier accounts," about 150,000, repeated the core accounts' traffic. Despite the accounts' high level of activity, Twitter says they'd achieved little traction. Twitter also identified 1152 Russian accounts associated with the state-run media site Current Policy; these were engaged in distributing messages favoring the Russia United Party in an influence campaign directed at domestic audiences. Also interested in domestic influence were 7,340 accounts in Turkey whose line favored President Erdogan and the AK Party.
Zoom, having (as the Telegraph and others report) locked out account holders after they held online discussions commemorating the thirty-first anniversary of the Tiananmen Square massacre, is drawing criticism for aligning itself with Chinese policy. The Wall Street Journal notes that the activist group affected, San Francisco-based Humanitarian China, had its access quietly restored after the suspension was reported by Axios. Zoom has expressed its regrets and said it “will not allow requests from the Chinese government to impact anyone outside of mainland China” as it complies with Chinese law. But many critics remain unmollified, asking with Security Boulevard, "Is Zoom the next Huawei?"
Bloomberg Law reports that Honda is resuming production. But according to BleepingComputer another firm, European power company Enel Group, has disclosed that it's been hit by Snake (Ekans), the same ransomware that disrupted Honda.
Notes.
Today's issue includes events affecting Canada, China, Ethiopia, and the United States.
Feedback Friday: DevSecOps
By Rick Howard, CSO, Chief Analyst, and Senior Fellow, The CyberWire
Where are you on your DevSecOps journey? (If you take our survey, feel free to choose all that apply.)
- What is DevSecOps?
- I can spell DevSecOps correctly 3 out of 5 times.
- The organization has a DevOps team but we don’t have a DevSecOps team. And we don’t talk to those people.
- We have a DevOps team and we are thinking about building a DevSecOps team.
- We have started a small pilot project of DevSecOps work.
- We are using SOAR tools (Security Orchestration, Automation and Response) in the SOC as DevSecOps project.
- Our organization has a fully formed DevSecOps team.
Take the CyberWire's Feedback Friday survey here.
Simple, secure identity and access management for your business.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
On the Podcast
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CynergisTek as Caleb Barlow talks about how hospital CISOs are dealing with the COVID-19 situation. Our guest is Ronald Eddings of Palo Alto Networks and the Hacker Valley Studio Podcast, discussing strategies for finding and managing security architects.
Sponsored Events
Cyber Security Summit Virtual Power Hours - Get the Facts June 16 & June 18 (Online, June 16 - 18, 2020) Senior Level Executives are invited to the Cyber Summit Virtual Power Hours. Learn from Industry Experts from The FBI, DHS & leading cyber solution providers as they discuss the latest security challenges & develop cyber security battle plans in today’s unprecedented times. You will receive 1 CPE / CEU credit by attending. Free to register with code: CyberWire20 at CyberSummitUSA.com.
RSA Conference APJ July 15-17, 2020 - A Virtual Learning Experience (Online, July 15 - 17, 2020) The world’s leading cybersecurity event is going virtual 15-17 July. Join your peers and industry experts for three days of insights. Watch over 50 sessions live during Singapore business hours—or stream them later. Register today for free.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Twitter removes over 170,000 pro-China accounts (BBC News) The social media platform identified Beijing-linked accounts that have been posting misinformation.
Zoom locks activists out of accounts after marking Tiananmen Square anniversary (The Telegraph) A group of Chinese activists in the US raised concerns of 'censorship' following Zoom's actions
Zoom’s China Ties Under Scrutiny After It Muzzles Human-Rights Group (Wall Street Journal) Zoom Video Communications drew fresh questions over its relationship with Beijing when it shut down a U.S. human-rights organization’s account shortly after its videoconference on the 1989 Tiananmen Square massacre.
Is Zoom the Next Huawei? ‘Puppet of Chinese,’ Say Critics (Security Boulevard) Zoom has been closing accounts of U.S. residents who are critical of the Chinese Communist Party.
Power company Enel Group suffers Snake Ransomware attack (BleepingComputer) European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network.
Snake ransomware attack hits power company Enel Group (SC Magazine) The Enel Group was hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network, according to reports.
Honda Resumes Output at U.S. Factories Impacted by Cyber Attack (Bloomberg Law) Honda Motor Co.’s engine and vehicle plants in Ohio have restarted after being shutdown following an attack Sunday on an internal computer network, a spokesman said Thursday.
Honda Shuts Down Factories After Cyberattack (Popular Mechanics) Welcome to a new era of ransomware warfare.
ICS Threat Snake Ransomware Suspected in Honda Attack (Dark Reading) An attack targeting the automaker reportedly infected internal servers and led to the suspension of production at plants around the world.
Google Warns of Emerging #COVID19 Cyber-Threat Hotspots (Infosecurity Magazine) India, UK and Brazil seeing rising number of email attacks using crisis
Imperva Takes on its Largest Recorded Account Takeover Attack on a Single Company (Imperva) Imperva recently detected and mitigated the largest – and most concentrated – series of brute force ATO (account takeover) attacks in its history. Over the course of 60 hours from midnight on October 28, our ATO team’s monitoring systems detected more than 44 million ATO attempts on the login page of a particular online banking …
Bad Bots: What They Are and How to Fight Them - Hashed Out by The SSL Store™ (Hashed Out by The SSL Store™) Bad internet bot traffic rose by 18.1% in 2019, and it now accounts for nearly one-quarter of all internet traffic The figure above, which comes from Imperva’s 2020 Bad Bot...
Google removes 38 fraudulent camera apps from Play Store (Hindustan Times Tech) Many of these fraudulent camera apps have amassed over 1 million downloads on the Play Store.
Dodging AV and endpoint defenses is a 'snap' for new Thanos ransomware (SC Media) Resrachers say a new ransomware tool named Thanos is the first to strategically use RIPlace, a technique known to bypass AV protections and EDR solutions.
Microsoft: Misconfigured Kubeflow Workloads are a Cybersecurity Risk (Security Magazine) Microsoft's Azure Security Center (ASC), which regularly searches for and researches for new attack vectors against Kubernetes workloads, revealed a new campaign that was observed recently targeting Kubeflow, a machine learning toolkit for Kubernetes.
Unsecured AWS S3 Buckets Infected With Skimmer Code (BankInfo Security) Cybercriminals are continuing to take advantage of unsecured Amazon S3 buckets, with RiskIQ researchers recently finding card skimming code and redirects to a
Philips IntelliBridge Enterprise IBE (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 2.0
Vendor: Philips
Equipment: IntelliBridge Enterprise (IBE)
Vulnerability: Insertion of Sensitive Information into Log File
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access credentials to the hospital’s clinical information systems (EMR).
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of IntelliBridge Enterprise (IBE), an interface, are affected:
OSIsoft PI Web API 2019 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.7
ATTENTION: Exploitable remotely
Vendor: OSIsoft
Equipment: PI Web API 2019
Vulnerability: Cross-site Scripting
2.
Rockwell Automation FactoryTalk Linx Software (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Rockwell Automation
Equipment: FactoryTalk Linx Software
Vulnerabilities: Improper Input Validation, Path Traversal, Unrestricted Upload of File with Dangerous Type
2.
MAZE Attacks Victoria Beckham’s Advisory Firm (Infosecurity Magazine) Threat group claims to have exfiltrated data from M&A firm used by Victoria Beckham
City of Knoxville shuts down network after ransomware attack (BleepingComputer) The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.
ConnectWise Discloses Flaw In Welcome ‘About Face,’ Partners Say (CRN) ConnectWise partners praised the company’s first-ever security bulletin, saying it shows the organization has embraced the responsibility it has to its partners to fix and announce vulnerabilities when they are discovered.
Security Patches, Mitigations, and Software Updates
Android 11 brings numerous security and privacy improvements (BleepingComputer) The beta version of Android 11, the next version of Google's operating system for mobile devices, comes with lots of security and privacy changes designed to allow the OS to protect users' data from malicious attacks.
Cyber Trends
Cybereason’s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert (Cybereason) Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers.
New research reveals SD-WAN is the solution of choice for securing public cloud deployments (PR Newswire) Highlights: 74% of respondents have either already deployed software-defined wide area network (SD-WAN) or expect to do so within the next 12...
The Pandemic Is Propelling a New Wave of Automation (Wired) Software programs adopted during the Covid-19 crisis make it easier to complete forms and track requests. It saves work, but could cost jobs.
90 per cent of top ASX Healthcare companies face email fraud risk, says Proofpoint (Which-50) During the COVID-19 pandemic, healthcare organisations are working diligently to diagnose patients, adjust to an increased need for telehealth services,
The rapid increase in pandemic-related cybersecurity claims (PropertyCasualty360) As of the end of March, the FBI has investigated more than 1,200 complaints of COVID-19-related cybercrimes.
Marketplace
GitLab Acquires Peach Tech and Fuzzit to Expand its DevSecOps Offering (GlobeNewswire) Acquisitions will make GitLab the first security solution to offer both coverage-guided and behavioral fuzz testing
Palantir close to registering for stock market debut: sources (Reuters) Data mining firm Palantir Technologies Inc is aiming to file confidentially with U.S. regulators to go public in the coming weeks, emboldened by the strong performance of other initial public offerings (IPOs), people familiar with the matter said.
How one of America's most controversial billionaires cracked the NHS (New Statesman) In early 2019, "James", a British healthcare analyst, received an unsolicited approach from a recruiter online.
Darktrace backers shift stakes as cybersecurity giant nears IPO (Sky News) The investment firm set up by Mike Lynch is reducing its stake in the UK cybersecurity company, Sky News learns.
Unisys Announces Support for Cyber4Healthcare,a Cybersecurity Initiative (AiThority) Unisys Corporation today announced its support of the CyberPeace Institute's Cyber4Healthcare initiative, a program designed to offer free cybersecurity services to healthcare providers fighting the COVID-19 pandemic.
The Cyberwar Needs More Women on the Front Lines (Wired) To combat criminals who prey on women and children, we must start educating girls to be the cybersecurity leaders of tomorrow.
Nick Clegg will struggle to transform Facebook's culture (The Telegraph) As Mark Zuckerberg faces internal crisis over Trump's posts, former deputy PM has been advocate of leaving politicians alone
Chris Cox is returning to Facebook as chief product officer (The Verge) He’ll oversee Instagram, WhatsApp, and more.
Jacob Groth joins Stage 2 Security as Chief Technology Officer (Help Net Security) Stage 2 Security (S2) has announced the hiring of Jacob Groth to serve as Chief Technology Officer, effective June 9, 2020.
Cyren Names New Chairman of the Board (Yahoo) Security Industry Veteran James Hamilton Replaces Lior Samuelson as Chairman McLEAN, VA / ACCESSWIRE / June 11, 2020 / Cyren (NASDAQ:CYRN), a publicly traded cloud security vendor, announced today that ...
Products, Services, and Solutions
Optiv Debuts New Thought Leadership Community Focused on Technical Side of Security (Optiv) Optiv’s Source Zero is a new technical cybersecurity thought leadership resource.
Cynet Launches Cybersecurity Skill Tests Website (PRWeb) Cynet (http://www.cynet.com) today announced a new service the cybersecurity industry -- the Cynet Cybersecurity Skill Tests Website. The new site is designed to he
BlackBerry AtHoc Expands Leadership Position in Crisis Communications with U.S. Federal Government; Includes the U.S. Department of Transportation, U.S. Federal Trade Commission and U.S. Department of Health and Human Services (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced that its FedRAMP-authorized BlackBerry ® AtHoc ® crisis communication system continues...
Tessian launches Human Layer Security Intelligence to give businesses greater visibility into employees’ cybersecurity behaviors (RealWire) 11 June 2020 - San Francisco. Human layer security company Tessian announces the launch of its new solution Human Layer Security (HLS) Intelligence, to provide businesses with deeper insights into hum
IRONSCALES Expands Threat Assessment Capabilities; Launches Email Secu (PRWeb) IRONSCALES, the pioneer of self-learning email security, today announced another industry’s first with Phishing Emulator™. Available to both cur
Improve your users’ experience and your bot protection with PerimeterX Human Challenge (PerimeterX) Protect your web and mobile applications from CAPTCHA-solving bots while also improving your users’ experience with PerimeterX Human Challenge.
Yellowbrick and Striim Partner on Data Streaming Solution (BusinessWire) Hybrid cloud data warehouse company Yellowbrick Data today announced that Striim, provider of an enterprise-grade platform for streaming data integrat
Signal Downloads Are Way Up Since the Protests Began (New York Times) Organizers and demonstrators say they feel safer communicating with end-to-end encryption.
Siemens Teams Up in OT Endpoint Security (Dark Reading) Machine language-based endpoint security collaboration with SparkCognition is the latest move by Siemens in security.
Versa Networks Launches Secure Access Solution To Enhance Security For Employees Working From Home (Security Informed) Versa Networks, the Secure SD-WAN provider, launches Versa Secure Access, the solution delivering Secure SD-WAN services and private connectivity for employees who are remote or working from home....
SonicWall launches new network switches - (Enterprise Times) SonicWall announces a new range of switches and a focus on remote workers as it expands its product line from security into the network.
Jitsuin Brings Security Expertise to Digital Twin Consortium (Odessa American) Jitsuin, a leading provider of collaborative risk management for enterprise and industrial IoT, today announced it has joined Digital Twin Consortium ™ as a Groundbreaker.
Technologies, Techniques, and Standards
Analysis | The Cybersecurity 202: States plan to expand mobile voting amid coronavirus pandemic, despite security concerns (Washington Post) States weigh increasing access to voting during a crisis with cybersecurity risks.
Analysis | The Cybersecurity 202: D.C.’s use of email voting shows what could go wrong in November (Washington Post) Email is a fundamentally insecure way to cast votes, but the District tried it out of desperation.
Venafi Survey: Can Our Election Infrastructure Withstand Cyber Attacks? (Venafi) Security professionals don’t believe their governments can defend election infrastructure against cyber attacks. Find out more, on Venafi’s blog.
Turn the Table on Phishers and Scammers to Protect Your Brand (BleepingComputer) Consumers are now paying close attention to how companies behave and treat consumers during this global COVID-10 public health crisis.
When Crisis Strikes, So Do Cyber Criminals (Ed Tech) Opportunistic criminals thrive amid chaos. Here are tips for universities and colleges on how to stay safe from cyberthreats during times of crisis.
Integration is the next step for Air Force information warfare leaders (C4ISRNET) Following the mergers of intelligence and cyber across the service, the Air Force is now looking at how to integrate those capabilities together.
Design and Innovation
DeepCode survey finds 85% of software users prefer bug/security fixes over new features (Medium) DeepCode — the platform for AI-powered code reviews — has released the results of its Software User Survey
Legislation, Policy and Regulation
Democrats press Intel chief for answers on foreign efforts to exploit US racial tensions (TheHill) Reps. Val Demings (D-Fla.) and Raja Krishnamoorthi (D-Ill.) pressed Director of National Intelligence John Ratcliffe for answers Thursday on whether any hostile foreign actors were attempting to take advantage of recent U.S. protests to spread misinformation.
US intelligence bill takes aim at commercial spyware makers (TechCrunch) Critics say commercial spyware poses a threat to U.S. national security.
Matt Hancock downplays role of contact tracing app (The Telegraph) The Health Secretary also insisted that the NHS would not retreat in future from the intensified integration with big tech firms
Biden Prepares Attack on Facebook’s Speech Policies (New York Times) The campaign will urge its supporters to push the social media giant to strengthen its rules against misinformation and harmful comments.
What is free speech on social media? (NASDAQ:FB) (Seeking Alpha) The debate over online speech continues to heat up ahead of the 2020 U.S. presidential election.Presumptive Democratic nominee Joe Biden penned a letter to Facebook (NASDAQ:FB) that called for the pro
House Rep. Puts China On Notice With Accountability Act (Law360) A Republican House member with the support of 22 lawmakers unveiled a bill Thursday to combat China's theft of U.S. intellectual property by prohibiting Chinese nationals from visiting the U.S. on trips involving technology, engineering and science.
Senate committee wants more cyber pilot programs (Fifth Domain) The Senate Armed Services Committee also wants to add new responsibilities to the Pentagon’s Principal Cyber Advisor as part of a broader effort to ensure cyber forces can meet new challenges.
Tech companies pledge to improve visibility on online child exploitation (CRN Australia) As pressure to ease encryption mounts.
National Guard Prepping for November Election Security Role (BankInfo Security) The National Security Agency and U.S. Cyber Command are ramping up to offer security protection during the presidential election in November. The program, called
Senate legislation would slow Ligado launch (C4ISRNET) The Senate's version of the National Defense Authorization Act would require a new study comparing Ligado and the Pentagon's claims on interference.
Litigation, Investigation, and Enforcement
He’s a spy — but he didn’t spy on Canada. So his asylum bid should go ahead, court says (Peterborough Examiner) Canada cannot turn away foreign spies seeking asylum simply by arguing espionage activities are ‘contrary to Canada’s interests,’ Federal Court rules.
Schiff won't oppose Trump intel chief's bid to declassify more of House GOP Russia report (POLITICO) John Ratcliffe's move is the latest sign that the administration is trying to relitigate the investigations that have dogged Trump's presidency.
Republican Sen. Urges FTC Probe Into New TikTok Competitor (Law360) Sen. Josh Hawley, R-Mo., has called on the Federal Trade Commission to open an inquiry into a new app that closely resembles TikTok, suggesting it may not be abiding by children's online privacy rules and has "substantial" ties to the Chinese Communist Party.
Capital One Claims Breach Disclosure Order Is 'Unworkable' (Law360) Capital One has asked a Virginia federal court to overturn a magistrate judge's ruling ordering it to disclose a consultant's analysis of its 2019 data breach, claiming the order has "unworkable practical implications" for banks responding to cybersecurity episodes.
Dish Asks 7th Circ. To Rethink Telemarketer Liability Ruling (Law360) Dish Network urged the Seventh Circuit on Wednesday to rehear its challenge to a judgment finding it liable for unlawful telemarketing calls made by contractors, arguing its decision to largely affirm the ruling caused a circuit split and "radically expands vicarious liability."
Analysis | The Cybersecurity 202: New Jersey lawsuit tries to block Internet voting in the state (Washington Post) Online voting systems are derided by security experts but getting attention during the pandemic.
Former government spokesman pretended to be CIA operative in $4.4 million scam (Washington Post) Garrison Courtney admitted Thursday he was never a covert operative.
Industry Events
upcoming Events
FutureCon Virtual Western Conference (Online, June 16, 2020) This virtual event features thought-provoking presentations by Industry Security Leaders, esteemed Keynote Speakers, and a Panel Session discussion with experienced professionals and a talented team who are at the forefront of cutting edge strategies for Cybersecurity defense. 100% off promo code: CYBERWIRE https://futureconevents.com/events/
Hardware Hacking Virtual Conference (Online, June 24, 2020) Join the ioXt Alliance and register now for our upcoming Summer Virtual Conference. You’ll hear the latest on IoT security challenges and learn the most effective ways to secure your device against hardware hackers, script kids and botnet infections. The Conference will feature keynote Bruce Schneier. Bruce is an internationally-renowned security technologist, philanthropist and author who gets the call when people want to hear straight talk on how security really works.
Texas Cyber June’gle Virtual Summit (Online, June 27 - 28, 2020) The Texas Cyber June’gle Virtual Summit is June 27th and June 28th, it runs approximately 30 hours straight, Multiple time zones, speakers and trainers from all over the world. The #TexasCyber Summit and the #RedTeam Village are hosting a two day, 30 hr - non-stop training and briefing virtual conference - Free to attend - Blue Team Defender, Defense, Forensics, RE and More, as well as Red Team TTP, Exploit development, and more.
FutureCon Virtual Eastern Conference (Online, June 30, 2020) This virtual event features thought-provoking presentations by Industry Security Leaders, esteemed Keynote Speakers, and a Panel Session discussion with experienced professionals and a talented team who are at the forefront of cutting edge strategies for Cybersecurity defense. 100% off promo code: CYBERWIRE
CS4CA World: Global Cyber Security Event (Online, June 30, 2020) CS4CA World will take place virtually as a unique large-scale event to keep the critical asset community connected across the globe. As a world-wide 24-hour event, it will follow the sun by starting with speakers from the APAC region through to MENA, Europe, LatAm, finishing in North America. This unique format allows sponsors, speakers, and attendees to engage & connect with peers through a wide range of interactive content & networking formats much like a physical event. We are living in unprecedented times where workflows and devices must learn to blend seamlessly together in a digitally transforming world. During this process, cyber security (threats) has emerged as the worst-affected domain, needing careful processes and protocols to protect the world’s critical assets from vulnerabilities.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.