CyberWire Pro, launched last week. A new subscription program, CyberWire Pro is designed for security professionals and all others who want to stay abreast of this rapidly evolving field. CyberWire Pro is a premium news service that will save you time and keep you informed.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Turla is back, this time in Armenian watering holes. Data exposures. COVID-19 in cyberspace.
Turla, a.k.a. Snake, or Venomous Bear, appears to be back, BleepingComputer reports. ESET reports two previously unrecorded malicious tools, one a downloader, the other a backdoor, in a watering hole staged from compromised Armenian government sites. The Register observes that one reason the operation has gone unremarked for so long is the campaign's patience and discernment: it won’t install its malware until it’s determined that the victim is a sufficiently high-value target. Turla is generally regarded as a unit belonging to one of Russia’s intelligence services.
Two major data breaches have come to light. According to ZDNet, the Netherlands' government has lost hard drives containing the personal information of almost seven-million organ donors, that is, of more a third of the country's population. In the US, Ars Technica reports that Comcast inadvertently published some two-hundred-thousand "unlisted" phone numbers.
In what appears to be a tu quoque response to earlier charges from Taipei, China has accused Taiwan of using the current COVID-19 epidemic as an opportunity to wage cyberwar against the People's Republic, says Taiwan News.
There's lots of COVID-19 mis- and disinformation circulating online, from state propaganda to criminal phishbait (as American Banker notes) to just direct fraud (e.g., bogus colloidal silver cures).
Twitter is the latest Big Tech company to mandate working from home in response to the COVID-19 pandemic, TechCrunch reports. Organizations considering making a similar decision might consider a white paper from Hysolate that offers a systematic consideration of how to make the shift to temporary telecommunications.
Today's issue includes events affecting Armenia, Australia, Austria, China, European Union, Ireland, Philippines, Russia, Taiwan, United Kingdom, and United States.
Bring your own context.
Any surprising trends in vulnerabilities, lately?
"One of the biggest surprises of this year's report compared to other years is that there was a large number of vulnerabilities that were repeated from the prior year. This goes hand in hand with there only being one vulnerability from the 2019 calendar year that was exploited enough to be included in the top 10. And this was surprising because in past years, we've typically had at least three or four vulnerabilities from that particular calendar year included. And I believe - or Recorded Future believes one of the main reasons why there were so many repeated vulnerabilities is because of the number of new exploit kits continues to dwindle. So because of the number of exploit kits continuing to decrease, there are less reasons to include new vulnerabilities in those exploit kits, and this has helped contribute - at least why Recorded Future thinks that there are not as many 2019 vulnerabilities included in that top exploited category.
"One of the main things that people and companies can do to protect themselves from these vulnerabilities is to enable automated patching whenever possible. There are many researchers across Microsoft and Adobe as well who are working on what are those vulnerabilities that are new and helping them with the patching cycle - so enabling automated patching whenever possible. But then, for those vulnerabilities that, say, can't be automatically patched or there's a reason they can't be, maybe because of the technology itself that the automated patch would be impacting, that's when using threat intelligence to learn of these vulnerabilities that are left, which ones are the most weaponized. These are the ones that we should impact and are the ones that we should patch. That's where threat intelligence can come in and help prioritize those critical vulnerabilities that patching teams cannot keep up with."
Because those who don't remember to patch are doomed to repeat being exploited...
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CenturyLink, as Mike Benjamin updates us on Emotet. Our guest is Tom Pendergast from MediaPRO; he's discussing the results of their State of Privacy and Security Awareness Report.
And Hacking Humans is up. In this week's episode, "Winking emoji," Joe shares the story of a phishing website posing as the Singapore Police site, Dave shares a harmful, simple little message, the Catch of the Day drags her scammer through the mud but also wants her casserole dish back! We also speak with Gretel Egan from Proofpoint on their 2020 State of the Phish report.