We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
The CyberWire will continue publishing normally through the disruptions COVID-19 is imposing in the US and elsewhere. We wish all of you health and good fortune amid the hardship. Stay safe, and you can continue to rely on us for a summary and analysis of what's up in cyberspace.
An outage, described as a "technical issue," not an attack, has disrupted voice service in four British mobile carriers--O2, Three, Vodafone and EE--inconveniencing many who were depending on service for remote work, the Telegraph reports.
One consequence of the pandemic-driven spike in remote work is that many of the norms that inform behavioral anomaly detection may need re-evaluation and revision. Duo Security's Decipher blog points out that people will work at unusual times and unusual places. Or they may fumble VPN access or unfamiliar multifactor authentication to such an extent that multiple login attempts will no longer indicate that some form of credential-stuffing or brute-force attack is in progress.
Another consequence of economic hardship occurring in tandem with telecommuting is an increase in the number of people being recruited as money-mules, KrebsOnSecurity reports. One of the larger operations Krebs describes, the "Vasty Health Care Foundation," strikes a high-minded tone about connecting causes with providers, tells prospective mules they're "hired," assigns busy work, and then has them "process donations"--that is, launder money.
The consensus about the incident the US Department of Health and Human Services experienced Sunday and Monday is now relatively firm: it probably wasn't an attack at all, and clearly the Department's operations didn't suffer. Some think that it might not even have amounted to a probe or a preliminary distributed denial-of-service attack. It might have been an unusually large number of visitors looking for reliable information on COVID-19, or even an artifact of the Department's Drupal instance.
Today's issue includes events affecting China, France, India, Israel, Democratic Peoples Republic of Korea, Malaysia, South Africa, Syria, United Kingdom, and United States.
Observations on corporate training for security positions.
"What we hear from employers is that not only is it costly, but it's impossible to tie the training or the career development opportunities that they give to staff back to what they're actually doing in their employment spaces. So it's being utilized as a retention tool in many cases, and there are things that are effective as retention measures, but it's not actually meeting the organizational need to have qualified people in those positions. So there's a gap in the return on investment in the expenditure you make on employer programs, especially in security training, and what that means when you bring them back into the workplace."
—Simone Petrella, CEO and founder of CyberVista, on the CyberWire Daily Podcast, 3.16.20.
So training as it commonly appears may be more about employee retention than it is about employee development.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. Join us April 14 to discover the most common ways organizations unintentionally put themselves at risk. This webinar will also highlight different strategies for mitigating the threats, from Security Information and Event Management (SIEM) tools to employee education. Register for the webinar.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan describes some limitations of two-factor authentication mobile apps. Our guest is Johnnie Konstantas from Oracle, on cloud misconfigurations and shared responsibility in the public cloud.
And Caveat is up. In this episode, "Dressing for privacy," Ben shares a story about dressing for privacy, Dave has the tale of location data putting an innocent man at the scene of a crime. And we speak with Admiral (retired) James Stavridis, former Supreme Allied Commander Europe.
Rare stalkerware 'MonitorMinor' emerges with targets around the world (CyberScoop) Kaspersky Lab on Monday explained that the “MonitorMinor” app bypasses so many controls meant to protect user information that it qualifies as stalkerware.
MonitorMinor: vicious stalkerware? (SecureList) The other day, our Android traps ensnared an interesting specimen of software that can be used for stalking. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality.
Stalkerware on the rise in Malaysia — but what’s the risk? (Tech Wire Asia) Kaspersky’s latest report finds that Malaysians are at an increased risk of stalker-ware and businesses could be affected.
Britain's mobile networks hit with outages as millions work from home (The Telegraph) Britain’s mobile networks have faced outages today as millions of workers across the country start to work from home.
Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book (Malwarebytes) The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we've been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected.
Profiting from Panic (Verizon) With thousands of fake coronavirus-related websites coming online, businesses need to be prepared for a surge in cyber-criminal activity.
Watch out for these scams while you’re stuck at home (WTVY) It’s no secret that scammers prey on people during their most vulnerable times.
Coronavirus scams – how to spot them and stop them (Which? News) We’ve seen many coronavirus scams already, ranging from emails that come with a nasty payload of malware and those sending you to phishing sites, to reports of criminals knocking on front doors…
Report: Two Corporate Finance Companies Leak Half a Million Legal and Financial Documents Online (vpnMentor) vpnMentor’s research team, led by Noam Rotem, recently uncovered a breached database leaking a massive amount of sensitive financial documents online. Whatever
ICS Advisory (ICSA-20-077-01) Delta Electronics Industrial Automation CNCSoft ScreenEditor (ICS-CERT) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation CNCSoft ScreenEditor Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application.
Hackers hit Nutribullet with credit card stealing malware (TechCrunch) The security researcher who found the card stealing malware said hackers still have access to Nutribullet's infrastructure.
Microsoft Edge: The Least Private Browser, Research Finds (Threatpost) An academic study found Microsoft's Edge browser to be the least private, due to it sending device identifiers and web browsing pages to back-end servers.
Coronavirus Widens the Money Mule Pool (KrebsOnSecurity) With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer.
FBI warns of human traffickers luring victims on dating apps (WeLiveSecurity) The FBI has issued a warning about human traffickers continuing to use social media and online dating platforms to lure victims.
Exposed—These Vicious Cyber Thieves Want To Steal Your Money: Here’s How They Work (Forbes) Real cybercriminals, real victims. This new report uncovers the shocking world behind the malware and scams we see every day.
Toll Group 'returns to normal' after Mailto ransomware attack (iTnews) Brings full track and trace back online.
Tor browser fixes bug that allows JavaScript to run when disabled (Naked Security) The Tor browser has a bug that could allow JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity.
Adobe Fixes Nine Critical Vulnerabilities in Reader, Acrobat (BleepingComputer) Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution.
Remote Work Increasing Exponentially Due to COVID-19 (Netskope) As governments and organizations take steps to prevent the further spread of COVID-19, we at Netskope Threat Labs have been tracking the effects of these measures. We have seen an exponential growth in the number of remote workers over the past two weeks as “social distancing” measures have been enacted throughout North America. This blog …
US is fighting COVID-19 with 83% of healthcare systems running on outdated software (Atlas VPN) According to the latest Atlas VPN research, the US is combating COVID-19 while having 83% of their healthcare systems run on outdated software. The US is taking serious measures to prevent coronavirus from spreading: Trump banned all incoming flights from Europe, Ireland, and the UK. And, while US prevention methods seem in check, the security …
Spyware Dwarfs Ransomware in 2019 Malware Distribution, Not Impact: Report (MSSP Alert) A closer look at spyware and ransomware malware infection trends, according to Deep Instinct's latest cybersecurity research findings.
The Web’s Bot Containment Unit Needs Your Help (KrebsOnSecurity) Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City.
Akamai Stock Finds Support On Views Coronavirus Will Drive Video Streaming (Investor's Business Daily) Expectations that stay-at-home consumers will engage in more video streaming could be providing support for shares in Akamai Technologies (AKAM). The relative strength rating of Akamai stock has improved amid the coronavirus-driven market correction.
Hellman & Friedman acquires Checkmarx to bolster growth (Help Net Security) Checkmarx announced that Hellman & Friedman (“H&F”) has entered into a definitive agreement to acquire the Company from Insight Partners.
Cybersecurity Information Sharing and Analysis Organization TSP-ISAO Comes Under the CompTIA Banner (PR Newswire) CompTIA, the leading trade association for the global information technology (IT) industry, announced today that it will assume the management...
Claroty Partners with Global Resilience Federation to Help ISAC Members Strengthen their Operational Technology (OT) Security (Yahoo) Claroty, the global leader in industrial cybersecurity, today announced that it has partnered with Global Resilience Foundation (GRF) to provide its members access to original threat research, best practices, and strategic content to help guide them as they converge their information technology (IT)
(ISC)² Announces CEO Succession Plan ((ISC)²) David Shearer to Step Down at the End of 2020
Balbix Expands Leadership Team With Appointment of Shelly Morales as Vice President of People (BusinessWire) Balbix Inc., provider of the industry’s first system for cybersecurity posture transformation, today announced the addition of Shelly Morales as the c
Cylance ANZ boss promoted to lead BlackBerry Spark (CRN Australia) Jason Duerden will continue managing Cylance in expanded role.
NS1 Expands Executive Team With Security and Product Leaders (Yahoo) NS1 appoints Ryan Davis as chief information security officer and Jay Liu as vice president of product strategy.
Lares adds industry expert to enhance vCISO offerings (Consulting) Security consultancy Lares has hired Dr. Mark Arnold as vice president of advisory services. Arnold will serve to expand the firm’s virtual chief information security officer (vCISO) services.
VMware’s Pat Gelsinger: Coronavirus will ‘permanently change’ work (CRN Australia) Dubs outbreak a "black swan."
Tempered Offering Free Next-Gen VPN Services to Offset Impact of COVID-19 Remote Work Transition (BusinessWire) Tempered, an emerging innovative network security provider, announced today it will offer its next-gen VPN, Airwall, free for 90 days.
New Customer Programs to Help Secure Remote Workers (CrowdStrike) CrowdStrike is introducing a pair of new programs to help our customers deal with the challenges of the sudden burst in remote workers due to the COVID-19 crisis.
SentinelOne makes security platform free to support remote workers (ComputerWeekly) Endpoint protection platform service will be made free until 16 May 2020 to help protect remote workers during the Covid-19 coronavirus crisis
As a FortiGate Customer, Your Teleworker Strategy is Already in Place (Fortinet Blog) Discover how FortiGate enables customers to shift from a primarily on-site workforce to a comprehensive teleworker strategy without additional hardware.…
Kount Announces Industry's First Adaptive Protection Solution for Account Takeover Fraud (BusinessWire) Kount, the leader in identity trust and digital fraud protection, today announced Kount Control, the industry’s first adaptive protection solution to
Contrast Security Simplifies DevSecOps by Application Security with World's First Route Intelligence (PR Newswire) Contrast Security, the next-generation software security platform, today announced Route Intelligence™, a major new capability for application...
Security Compass Expands SD Elements Product Offering to Support CCPA Compliance (BusinessWire) Security Compass announced that it has added content to SD Elements enabling organizations to maintain or achieve compliance under the CCPA.
Ansaldo Energia chooses Kaspersky as strategic partner on its digital transformation path (Utilities Middle East) Protecting data and equipment is becoming an increasingly wide and more strategic priority for Ansaldo Energia, especially since it started an important digital transformation process a few years ago that involved the adoption of smart devices and connected production plants
Darktrace Cyber AI: An Immune System for Cloud Security (IoT World Today) The journey to the cloud has reshaped the digital business world. As the network perimeter dissolves, hybrid and multi-cloud infrastructure have become part of
Darktrace Cyber AI: An Immune System for Email (IoT World Today) Spear phishing, impersonation attacks, and account takeovers remain a top avenue of attack for cyber-criminals. Targeted email attacks remain a challenge for or
Contrast Security simplifies DevSecOps with Route Intelligence (Help Net Security) Contrast Security, the next-generation software security platform, announced Route Intelligence, a major new capability for application security.
Fortinet launches self-learning AI appliance for cyber threat detection (Elets CIO) Cybersecurity software, appliances and services provider Fortinet has come up with a first-of-its-kind on-premises appliance that leverages self-learning Deep Neural Networks (DNN) to speed threat remediation and handle time consuming, manual security analyst tasks...
NIST Updates and Expands Its Flagship Catalog of Information System Safeguards (NIST) Revision to SP 800-53 includes more useful safeguards for protecting system security and privacy.
Security Norms Must Shift in a Crisis (Decipher) With so many employees and contractors working remotely, security teams and CISOs grapple with the job of continuing to protect networks, systems, data, and people. One challenge: recognizing clues that something is wrong when nothing looks normal.
US Commerce Dept Shares Tips On Securing Virtual Meetings (BleepingComputer) The US National Institute of Standards and Technology (NIST) today shared a number of measures that should be taken by remote workers to prevent eavesdropping and protect their privacy during virtual meetings while working from home during the current COVID-19 pandemic.
As More People Need To Work From Home, Companies Need To Ask Themselves If Their IT Managers Are Up To The Task (Forbes) If you run a company, and in an exceptional situation like the present one, you find yourself faced with a wave of protests from the workforce claiming that your security protocols are preventing them from doing their job normally, you probably have the wrong security manager.
IT is strained and remote-work culture is being challenged (Fortune) As more employees log on from the comfort of their own home, a question arises: How are IT professionals handling this?
CISO Offers Advice For Making Work From Home Work (Avast) As IT teams scramble to transition their workforce to work from home, Avast CISO Jaya Baloo offers security advice for midsize businesses
Working from home because of coronavirus? Be careful what you download to keep cybersafe (Techxplore) So you've been told to work remotely because of the coronavirus. About the worst thing you could do right now is download a bunch of sketchy programs for video conferencing, mobile working and the like that might carry computer viruses and make it so you can't do any work at all.
KnowBe4's Perry Carpenter on the human element of cybersecurity (CyberScoop) Chief Evangelist and Strategy Officer for KnowBe4 Perry Carpenter talks with CyberScoop Editor-in-Chief Greg Otto about the behavioral changes that have been made to security awareness training.
HHS cyberattack highlights how hackers are exploiting the pandemic. Here are 4 strategies to mitigate the risks (FierceHealthcare) Amid the coronavirus pandemic, cybersecurity experts are raising the alarm about an increase in phishing and malware attacks as hackers exploit the outbreak's disruption. Here are four strategies to help mitigate cyber risks, according to experts.
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams (Dark Reading) As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
North Korean elite increasingly turning to VPNs, Tor (Techworld) While only a small group of North Koreans have access to the global internet, usage patterns are changing among the elites of Pyongyang – with those in military intelligence circles now exhibiting stronger security chops, a report from Recorded Future has found
Consensus on 6G is gradually forming (Telecoms.com) Participants at the virtual 6G Wireless Summit shared their thinking on what 6G can do and what research is needed to get the underlying technologies in place.
Many Ransomware Attacks Can be Stopped Before They Begin (Dark Reading) The tendency by many attackers to wait for the right time to strike gives defenders an opening, FireEye says.
Could dystopian technology be what saves mankind? (The Telegraph) In India the authorities want to know where you are.
Britain developing coronavirus 'close contact detector' app (The Telegraph) A new mobile app that can instantly alert people if they have been in close contact with someone carrying the coronavirus is under development.
U.S. government, tech industry discussing ways to use smartphone location data to combat coronavirus (Washington Post) The U.S. government is in active talks with Facebook, Google and a wide array of tech companies and health experts about how they can use data gleaned from Americans’ phones to combat the novel coronavirus, including tracking whether people are keeping one another at safe distances to stem the outbreak.
Israeli Spyware Firm Wants to Track Data to Stop Coronavirus Spreading (Bloomberg) Product sifts through mobile phone data to pinpoint contagion. Israel security agency uses own software to critics’ dismay.
Internet's largest social networks issue joint statement on COVID-19 misinformation (ZDNet) Facebook, Google, LinkedIn, Microsoft, Reddit, Twitter, and YouTube put out joint statement promising to fight COVID-19 fraud and curb misinformation.
Google, Facebook, Twitter join other tech giants in bid to curb fake COVID-19 posts (Silicon Valley Business Journal) The rare joint statement issued by Facebook, Twitter, Google, YouTube, LinkedIn, Reddit and Microsoft called on others to join them to fight false information that has spread in response to the COVID-19 outbreak.
Facebook is wrongly blocking news articles about the coronavirus pandemic (Business Insider) Facebook's automated moderation systems appear to be "going haywire."
Intel's innovative approach to data encryption could advance AI and machine learning (SiliconANGLE) Intel's innovative approach to data encryption could advance AI and machine learning - SiliconANGLE
Viewpoint: Geneva Conventions for Cyber Warriors Long Overdue (National Defense) Cyber warfare is a fact of the modern world. However, there is no clear international law that distinguishes between warfare, terrorism, crime or vandalism.
Higher Education Ministry suspends all teaching, e-learning (The Star Online) The Higher Education Ministry has suspended all teaching and learning activities, including e-learning, in all public and private higher-learning institutions in the country.
China Banishes U.S. Journalists from Wall Street Journal, New York Times and Washington Post (Wall Street Journal) China said it was revoking the press credentials of American journalists working for three major U.S. newspapers in the largest expulsion of media since the Mao era, amid an escalating battle with the Trump administration over media operating in the two countries.
Op-Ed: Spying for profit: The dangers of economic intelligence (Daily Maverick) For all intents and purposes, protecting economic well-being has become about protecting the economic wellbeing of the rich. Economic intelligence in pursuance of a country’s national interests facilitates crony capitalism and legitimises spying for profit.
U.S. Blacklists New Islamic State Leader (Wall Street Journal) The designation of Amir Muhammad Sa’id Abdal-Rahman al-Mawla as a global terrorist comes as the U.S. continues to add pressure on ISIS.
US waives potential health privacy penalties during coronavirus crisis (CNET) Doctors in the states can start using Facebook Messenger and FaceTime to diagnose patients, without worrying about violating privacy laws.
What Happened to FISA Reform? (Lawfare) On March 16, the Senate punted on the issue of reforming the Foreign Intelligence Surveillance Act—a sign of just how dysfunctional Congress and the executive branch have become.
FTC Increasingly Looks to Public Companies’ SEC Disclosures for Privacy and Cybersecurity Enforcement Opportunities (Cooley) While the FTC does not make its initial privacy and cybersecurity investigations public, there have been reports that the FTC has initiated an increasing number of privacy and cybersecurity-related…
Attorney General Barr urges DOJ to prioritize prosecuting coronavirus scammers (CyberScoop) Scammers who have been taking advantage of the coronavirus pandemic by spreading spearphishing emails have the attention of the Department of Justice.
Report urges alternative to tampering with tech's liability shield (Axios) Digital free speech group says lawmakers should force more transparency instead.
Needed: A Cybersecurity Good Samaritan Law (Dark Reading) Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
Cabaniss resigns as OPM director (Federal News Network) Dale Cabaniss, who briefly led the Office of Personnel Management for six months, has resigned Tuesday afternoon, Federal News Network has learned.
Election commission hires cyber-savvy adviser to support 2020 efforts (CyberScoop) Maurice Turner is set to join the federal commission at the end of the month as a senior adviser to the EAC's executive director.
DOD's red team hackers struggle sharing vulnerabilities with military (FedScoop) The DOD's own hackers need to share the vulnerabilities they uncover with the military and be better trained, among other issues a new DOD IG report found.
Followup Audit on Corrective Actions Taken by DoD Components in Respon (Department of Defense Office of Inspector General) Publicly Released: March 17, 2020The objective of this followup audit was to determine whether DoD Cyber Red Teams and DoD Components took actions to correct problems identified in Report No.
Government Is Broadening Investigations of Spoofing-Like Practices (Wall Street Journal) Authorities are investigating whether traders at JPMorgan Chase & Co. manipulated the market for Treasury securities and futures contracts, according to regulatory disclosures and people familiar with the matter.
For a complete running list of events, please visit the Event Tracker.
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Mar 18 - 19, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
National Cyber League (NCL) Spring Season (Various locations, Mar 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
Inaugural Tampa Cyber Security Summit (Tampa, Florida, USA, Mar 20, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from the U.S. Dept. of Homeland Security, the U.S. Dept. of Justice, Darktrace, ExtraHop and more about the latest threats facing your company.
2020 Cipher Brief Threat Conference (Sea Island, Georgia, USA, Mar 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some of the top names in intelligence and global security involved in matters of cyber, defense and security. Combined with an invitation-only audience, The Cipher Brief Threat Conference provides a unique experience that no other event in the defense and national security space can match. For us, it's not just about who's on the stage, it's about who's in the room.
SecureWorld Boston (Boston, Massachusetts, USA, Mar 25 - 26, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
