The CyberWire plans no changes to its regular operations during the current COVID-19 pandemic. Stay healthy and, as always, please stay in touch.
More Signal. Less Noise.
MVISION Cloud: Real-time protection for enterprise data across SaaS, PaaS, IaaS, and private cloud.
Time changes everything –so does the cloud. Yet, even as the cloud unlocks potential it opens the door to threats. McAfee designs security natively in the cloud, for the cloud. To protect the latest, like containers. To empower your change-makers, like developers. And to enable business accelerators, like your teams. Cloud security that accelerates business, it’s about time. Visit McAfee.com/time.
Mirai variant "Mukashi" active in the wild. Not DDoS, just citizens seeking relief. US goes after COVID-19 fraud.
Announcements
The CyberWire continues to publish on schedule
Summary
A new variant of the Mirai botnet has been exploiting LILIN DVRs and Zyxel network-attached storage devices. Both LILIN and Zyxel have issued fixes, but unpatched devices remain vulnerable. Palo Alto Networks researchers first described the Zyxel issues last Thursday. Researchers at Qihoo 360's Netlab found the similar LILIN vulnerabilities, which they disclosed Friday. Palo Alto calls the botnet "Mukashi." ZDNet reports that the LILIN bugs may have been under exploitation since last August, and have figured in distributed denial-of-service attacks.
Australia's Minister for Government Services said the country's MyGov website had suffered a successful distributed denial-of-service attack, but quickly recanted--it was just thousands seeking COVID-19 relief, the Guardian reports.
The US Department of Justice announced yesterday that it had undertaken its first enforcement action against online coronavirus scams. The Department secured an injunction against a website that was offering World Health Organization COVID-19 vaccine kits (there is no such thing) for $4.85 shipping (and entry of your credit card information on the site). A Federal criminal investigation into alleged wire fraud continues; the injunction is intended to prevent harm to potential victims. The announcement quoted the US Attorney for the Western District of Texas as noting the action's consistency with Attorney General Barr's memorandum urging that priority be given to prosecution of coronavirus-related online crime.
There are also some cooperative state and Federal law enforcement efforts in progress: StateScoop reports that the US Justice Department and the Commonwealth of Virginia have formed a task force to investigate coronavirus fraud.
Notes.
Today's issue includes events affecting Australia, China, Czech Republic, European Union, France, Germany, Hungary, India, Iran, Ireland, Israel, Jamaica, Japan, Republic of Korea, Russia, Slovakia, Taiwan, United Kingdom, United States
Bring your own context.
More on the cloud, and its vulnerabilities to misconfiguration. Sometimes the fault lies in the templates.
"And it sounds fancy, but really all infrastructure-as-code templates do is they create the basic building blocks for how cloud infrastructure is largely now created. And that's a good thing. But what we found was, you know, we wanted to look at what are the security implications of moving towards this infrastructure-as-code? And again, all that means is that instead of me going out and manually creating cloud infrastructure, I now design it on a whiteboard, I put it into code, and I can now re-use that template as many times as I want. Now, the security implication comes here – is that what we've known from both past research and also from this most recent report is that poor cloud security practices are rampant. One of the headlines that we kind of found as we sifted through just, you know, petabytes of data, is that we found over two hundred thousand insecure templates in use....
"In that two hundred thousand number, each of those templates had at least one or more medium or high-severity vulnerability. So an example of a high-severity vulnerability, what we would consider a high vulnerability would be, for example, if a template exposed a database to the public internet. That's an example of a template creating a high-severity vulnerability. Another example could be a infrastructure-as-code template that exposes an S3 bucket to the public internet, right? And of course, there's pieces of it that also come into that as well. But those are just some kind of very high-level examples of what we would consider a high or maybe even a medium-severity vulnerability. Of course, it depends upon the type of data that's also behind that, right? But from just analyzing just this massive number of templates, which has never been done before in the industry, we were able to kind of pull some of these statistics out."
—Matt Chiodi, Chief Security Officer for Public Cloud at Palo Alto Networks, on the CyberWire's Research Saturday, 3.21.20.
Templates make it easier for to replicate useful code, but also to replicate coding errors.
CyberWire Pro delivers timely briefings about developing news.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
Simple, secure identity and access management for your business.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
On the Podcast
Not commuting these days? You can listen to us at home, too. In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CenturyLink, as Mike Benjamin describes how threat actors are using third-party file hosting. Our guest is Andrew Peterson from Signal Sciences, with a discussion of top application security attacks.
Sponsored Events
COVID-19: Immediate Secure Remote Work Response Summit by Attila (Online, March 31, 2020) Learn how you can quickly get your organization and its employees up and running with a secure remote work solution during the coronavirus. Register now to attend this one day virtual summit featuring tracks for the government, government contractors and the private sector.
Free Webinar: Ransomware in an Industrial World (Online, April 2, 2020) Ransomware has become one of the most common methods of profit for cybercriminals – and a major cause of computer disruptions. Join Dragos and the CyberWire on April 2 to hear strategies to combat this new cyber risk.
Georgetown University Programs in Cybersecurity Webinar (Online, April 9, 2020) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on Thursday, April 9, at noon ET to learn more.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Embarrassing backflip over MyGov hack (NewsComAu) The government has had to retreat on its sensational claim the MyGov website crash was due to a cyber attack, eventually admitting the freeze was caused by increased visitors.
Crowd turned away from Centrelink office as website crashes (Sydney Morning Herald) Police had to turn people away from one Centrelink office as thousands of people lined up outside offices while tens of thousands of jobless Australians crashed the website when they tried to sign up for welfare.
'Incompetence attack': MyGov website did not crash because of DDoS cyber attack, as Stuart Robert claimed (the Guardian) Robert backtracks only hours after saying the Australian government website had suffered a distributed denial of service as use surged amid the coronavirus outbreak
The people of Australia are a DDoS machine that the government cannot handle (ZDNet) How many times do government systems need to fall over before Canberra realises it needs more resources
Hackers breach FSB contractor and leak details about IoT hacking project (ZDNet) Digital Revolution hacker group leaks details about "Fronton" an IoT botnet a contractor was allegedly building for the FSB, Russia's intelligence agency.
Hackers say they breached Russian contractor, got details on IoT hacking project for Russia spy agency (Boing Boing) ‘Fronton’ is the FSB’s IoT botnet project
Cyber Security firm exposes 5 billion+ login credentials (HackRead) The unprotected database was hosted on an Elasticsearch server.
Unidentified Database Exposes 200 Million Americans (CyberNews) Our research team discovered an unsecured database containing detailed records of more than 200 million American users. Here's what we found inside.
Mirai Malware "Mukashi" Exploit Zyxel Network Storage Devices Bug (GBHackers On Security) Mirai Malware by taking advantage of the recently patched remote code execution vulnerability (CVE-2020-9054) in Zyxel network-attached storage (NAS)
Zyxel Flaw Powers New Mirai IoT Botnet Strain (KrebsOnSecurity) In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices.
Critical bugs in dozens of Zyxel and Lilin IoT models under active exploit (Ars Technica) DDoS botnets abuse IoT flaws to conscript vulnerable devices. Are yours patched?
New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices (Threatpost) The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.
DDoS botnets have abused three zero-days in LILIN video recorders for months (ZDNet) Hackers first began exploiting the bug in August last year. LILIN patched the issue in February this year.
Security Breach Disrupts Fintech Firm Finastra (KrebsOnSecurity) Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.
Statement from Tom Kilroy, Chief Operating Officer (Finastra) Earlier today, our teams learned of potentially anomalous activity on our systems. Upon learning of the situation, we engaged an independent, leading forensic firm to investigate the scope of the incident. Out of an abundance of caution and to safeguard our systems, we immediately acted to voluntarily take a number of our servers offline while we continue to investigate.
NutriBullet blames RiskIQ for delayed breach response (Enterprise Times) NutriBullet now admits it classed warning over Magecart skimmer code as a phishing email rather than do any verification of the threat
Suspected Russian hackers struck the last Olympics. Tokyo worries it could be next. (Washington Post) Even with the Games uncertain amid the coronavirus pandemic, cybersecurity teams cannot rest.
Who’s Using Your Streaming Account? Protect Yourself from Credential Theft (Proofpoint) Video and audio streaming services continue to disrupt the entertainment industry. Services like Netflix, Hulu, Disney+, Spotify, and Apple Music have revolutionized the way we access and consume movies, TV shows, and music.
Who’s watching who? Netflix and your data (Reincubate) We conducted an experiment by examining the phones and Netflix data of 5 avid watchers to see what data was stored. The study reveals the data that Netflix keeps and tracks on user devices, and found that on average, users spend 58 hours watching Netflix on smartphones or tablet.
Hacker selling data of 538 million Weibo users (ZDNet) Data for 538 million Weibo users, including 172 million phone numbers, has been put up for sale on the dark web.
Ransomware group said to be publishing freight forwarding firm's data (iTWire) The group behind a Windows ransomware attack on Australian freight forwarding and logistics firm Henning Harders has started publishing data from the company which was stolen during the attack, security sources have told iTWire. The ransomware in question is believed to be Maze, though Henning Harde...
South Carolina Fire Department Servers Disabled by Hacker (Government Technology) Staff at the Bluffton Township Fire Department discovered they could not log into their computers Sunday and alerted IT staff, who discovered that records, files and email communications had been encrypted.
Attackers Launch DDoS Attack on Food Delivery Startup Liefrando (CISO MAG) Attackers launched a distributed denial-of-service (DDoS) attack on Germany-based food delivery service Takeaway.com (Liefrando.de).
What you need to know about DDoS weapons today (CRN - India) A DDoS attack can bring down almost any website or online service. The premise is simple: using an infected botnet to target and overwhelm vulnerable servers with massive traffic. Twenty years after its introduction, DDoS remains as effective as ever—and continues to grow in frequency, intensity, and sophistication. That makes …
‘Zoombombing’: When Video Conferences Go Wrong (New York Times) As its user base rapidly expands, the videoconference app Zoom is seeing a rise in trolling and graphic content.
Crowdstrike reports a 'real uptick in phishing campaigns' during coronavirus crisis (CNBC) "When there's chaos and there's this fear in the street that's when the adversary tends to strike hardest," Crowdstrike CEO George Kurtz said.
How Cybercriminals Are Exploiting The Coronavirus Outbreak (Law360) Hackers are exploiting vulnerabilities stemming from the global coronavirus pandemic, including distracted workers and stretched-thin IT staff, as cybersecurity attorneys say the spread of COVID-19 has also brought with it a spike in data security incidents.
FBI Warning: Phishing Emails Push Fake Govt Stimulus Checks (BleepingComputer) FBI's Internet Crime Complaint Center (IC3) today warned of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims.
COVID-19 SCAM ALERT: Military Officials Encourage Vigilance to Prevent Cyber Scams (Space Coast Daily) During this time of heightened awareness and protection against potential health risks associated with COVID-19, there is also an increased risk in scam methods used by cybercriminals.
Coronavirus scam appears in Hungary (Budapest Business Journal) A coronavirus scam has been detected by ESET, an international provider of business and home security software solutions, in several countries, including Hungary.
How One Particular Coronavirus Myth Went Viral (Wired) From an obscure Indian site to ZeroHedge to, well, everyone, here's the trajectory of a fake story about Covid-19.
Elon Musk Incorrectly Tweeted Children Are “Essentially Immune” From The Coronavirus. Twitter Said That’s Okay. (BuzzFeed News) Musk's tweet that children were “essentially immune” from the coronavirus contradicted information from the CDC and scientific research.
Did the NSA bust China's coronavirus cover-up? (Washington Examiner) What does the National Security Agency know about China's effort to conceal the crisis of its original coronavirus outbreak?
‘Do Not Believe the Disinformation Campaigns’: DHS Tamps Down COVID-19 Lockdown Rumors (Homeland Security Today) In response to the rumor mill, the Federal Emergency Management Agency also released a mythbusters guide addressing allegations from impending military action to prepper hoarding.
Geopolitics of cyberspace: fake news as a topic of global cooperation (Mehr News Agency) Today cyberspace has become one of the most important aspects of human life, in the political world, government and non-government players have been competing in this field.
No, the head of the World Health Organization has not emailed you – it's a message laced with malware (Register) On the other hand, these Pwn2Own results are legit
Fake COVID-19 Test Results (The Hacker Factor Blog) At FotoForensics, I see all sorts of altered pictures. But one fake came out two days ago that got my entire team talking. The fake image appears to show a lab test for presidential candidate Joe Biden and it claims to show a positive result for the coronavirus.
Security Patches, Mitigations, and Software Updates
Microsoft Fixed an Azure Security Vulnerability before Researchers Could Report It - WinBuzzer (WinBuzzer) A bug in the Microsoft Azure portal's javascript parsing let security researchers steal the access tokens of an external organization.
Microsoft Confirms How Coronavirus Will Impact Windows 10 Security Updates (Forbes) Microsoft has confirmed some Windows 10 security support changes in the light of the ongoing COVID-19 pandemic.
Google to Abandon Chrome 82 Development Due to Release Delays (BleepingComputer) Due to the change in Google Chrome's release schedule because of the Coronavirus pandemic, Google has announced that they are no longer developing Chrome 82 and will skip to Chrome 83 instead.
COVID-19 disruption delays release of Chrome version 81 (Naked Security) It’s the COVID-19 shortage nobody expected – not toilet rolls, tinned goods or headache pills this time but Google software engineers.
Cyber Trends
Microsoft’s Major New Browser Security Move Suggests Broader COVID-19 Impact (Forbes) Microsoft has just become the latest to respond to the coronavirus crisis with a major browser security move. And it could be a hint at what’s to come...
5 Times More Coronavirus-themed Malware Reports during March (Bitdefender Labs) Government, Hospitality, Healthcare, Education & Research, and Retail are among the verticals most targeted on the Coronavirus heatmap. As the Coronavirus pandemic continues, cybercriminals have started piggybacking news of the crisis to deliver... #coronavirusmalware #coronavirusthreats #covid19
Coronavirus Sets the Stage for Hacking Mayhem (Wired) As more people work from home and anxiety mounts, expect cyberattacks of all sorts to take advantage.
For the first time in 228 years, the New York Stock Exchange will open without its trading floor (Quartz) The disruption is symbolic, but will likely have little impact on the $28 trillion stock market.
Lockdowns and panic leads to a 124% surge in VPN usage in the US (Atlas VPN) VPN usage in the US increased by 124% during the last two weeks. VPN usage in the country increased by 71% in the last 7 days alone.
Nozomi Networks Newsweek Vantage Survey Finds Executives Believe Employees are the Greatest Threat to Critical Infrastructure Security (Globe Newswire) A new Newsweek Vantage survey finds as critical infrastructure organizations converge their IT, OT, IoT and physical systems to improve overall performance, employees are the biggest threat to cyber and physical security.
Marketplace
Cisco commits $225 million in fight against coronavirus as Silicon Valley initiates investment blitz (CNBC) Cisco will provide $225 million "in cash, in-kind, and planned-giving to support both the global and local response to COVID-19."
Desperate tech investors turn to virtual meetings in Fortnite to find deals (The Telegraph) Technology investors unable to hold in-person meetings with potential investments are seeking new ways to meet start-ups, including a service which arranges virtual meetings inside the video game Fortnite.
Neurodiversity Week: Changing The Face Of Cybersecurity (Forbes) Despite a vast skills gap, the cybersecurity industry is failing to tap into the neurodivergent talent pool – it's time to change this.
How Can India Produce 1 Million Cybersecurity Professionals By 2020? (Analytics India Magazine) The 6-month-long programme is designed to get the cybersecurity learners employed in India by providing them with a broad understanding of the basic and advanced concepts.
SecuLetter Raises US$8M in Series B Funding (FinSMEs) SecuLetter Co., Ltd, a Seoul, South Korea-based information security company, closed US$8m in Series B funding
Radware Announces $20 Million Share Repurchase Plan in Addition to The Previous Plan (Yahoo) Radware® (RDWR), a leading provider of cyber security and application delivery solutions, today announced that its board of directors has authorized a new $20 million share repurchase plan that is exceptional and in addition to the previously announced $40 million share repurchase plan. The share repurchase
Columbia consulting firm acquires St. Louis geospatial startup (Baltimore Business Journal) The buyer said the deal will grow its footprint in St. Louis' "flourishing" geospatial industry.
Nemko Group acquires System Sikkerhet to offer comprehensive compliance solutions (Help Net Security) Nemko Group acquires System Sikkerhet, a provider of assessment and consultancy services within the fields of information technology and cybersecurity.
Why Hellman & Friedman Is Buying Checkmarx For $1.15 Billion (Pulse 2.0) Tel Aviv-based Checkmarx is going to be acquired by private equity firm Hellman & Friedman (H&F) at a $1.15 billion valuation. These are the details.
CrowdStrike Caps a Huge First Year as a Public Company and Has Plenty More Upside (The Motley Fool) Forget coronavirus -- endpoint security is still in growth mode.
AppOmni Expands Executive Leadership Team to Support Rapid Growth (BusinessWire) AppOmni welcomes three new executives to the company’s leadership team: Kathleen McKinnon, Brandon Conley and John Yun
Behind BlackBerry’s local leadership makeover (ARN) BlackBerry has given its local leadership an overhaul of sorts, with the company bringing its Cylance AI platform and BlackBerry UEM offering together as BlackBerry Spark while handing its team in the region a somewhat expanded remit.
Products, Services, and Solutions
New infosec products of the week: March 20, 2020 (Help Net Security) The featured products this week come from the following vendors: HYAS, Contrast Security, Security Compass, Box and Microsoft.
Banyan Security Offers Free Usage of its Remote Access Solution to Help Companies During the Coronavirus Pandemic (Banyan Security) Banyan’s high-performing, scalable platform offers a seamless user experience to give remote employees and third parties fast, secure access to corporate assets without a VPN
Employees Working From Home During COVID-19 Utilize Accellion to Avoid Data Security Risks (Accellion) Accellion protects the sensitive data remote employees access, share and collaborate on while working from home during the coronavirus.
Apklab.io Flags Malicious COVID-19 Apps (Avast) Avast urges malware researchers to submit coronavirus-related apps to mobile threat intelligence platform apklab.io in order to weed out the fraudulent and malicious ones.
King & Union and Threat Intelligence Partners Form Coalition to Help Organizations Moving to Remote Work Policy (King & Union) To our Cyber Community Fellows & Friends: Our team at King & Union understands the mission to keep cybersecurity teams working, focused and efficient.
Verizon teams on the frontlines with COVID-19 first responders (Yahoo) As the world is facing COVID-19, Verizon is partnering with first responders, federal agencies, state and local governments, and public health agencies to deploy mobile network assets to support emergency response facilities, supply emergency wireless communications devices, support communications and
Responding to COVID-19 together (Microsoft) Learn what Microsoft is doing to support customers, employees and the community during the COVID-19 outbreak.
Google’s coronavirus website finally launches alongside enhanced search results (The Verge) After lots of complicated drama, a simple website
How Telegram became a refuge for WeChat users during the coronavirus outbreak (Abacus) Telegram features like channel broadcasts and optional chat encryption have helped some people stay up to date amid heavy censorship on Tencent’s WeChat
Facebook to reduce video streaming quality in Europe (Reuters) Facebook said on Sunday that it would temporarily reduce streaming rates for vid...
Irish security firm fights back against the cyber virus (Irish Examiner) An Irish cybersecurity startup outlines the cyber threats facing health organisations, writes Trish Dromey
Link11 Offers Its Cloud-Based DDoS Protection Solution To Public Sector Organizations Free Of Cost During COVID-19 (Security Informed) Link11, renowned European firm in the field of cyber-resilience and cyber security, is offering its DDoS protection solutions free of charge to public sector health, government and public education...
ImmuniWeb Enables Secure Digital Transformation for Coronavirus-Affected Business (ImmuniWeb) The Covid-19 salvage plan includes provision of ImmuniWeb solutions totaling $500,000 for eligible entities and an extended version of free Community Edition for everyone.
MediaPRO and BSI offer personalized privacy awareness and regulation specific training programs (Help Net Security) MediaPRO, a provider of security and privacy training solutions, has announced a new partnership with BSI, the international business improvement company.
ConnectWise threat intelligence sharing platform changes hands (SearchITChannel) CompTIA has assumed management and operations of ConnectWise's threat intelligence sharing platform, the TSP-ISAO. Learn about how CompTIA aims to enhance the initiative.
Huawei receives security certificate for the EMUI 10.1, launches with the P40 series (GizmoChina) Huawei is gearing up for the launch of its flagship P40 series. The smartphone will arrive with top notch specs and features and will run the latest EMUI build version 10.1, which just received an important cybersecurity certification in China.
Huawei says its surveillance tech will keep African cities safe but activists worry it’ll be misused (Quartz Africa) Concerns over how such technology may be deployed in the African context have been exacerbated by a lack of regulatory safeguards and privacy legislation across the continent.
Aaron Swartz: As JSTOR opens it doors amid pandemic, people laud hacker who fought for access to knowledge (MEAWW) Swartz was a fierce advocate of the open access movement which promotes free and easy access to the world's knowledge online
Technologies, Techniques, and Standards
Coast Guard Announces New Cyber Guidelines for Maritime Transportation Security Act-Regulated Facilities (Homeland Security Today) The USCG said it
Europe Issues Pragmatic Privacy Guidance for COVID-19 Data Processing (Cooley) European data protection authorities have issued important guidance on the processing of personal data in connection with COVID-19. At a pan-European level, on March 19, 2020, the European Data Pro…
The GDPR and Coronavirus: What Organisations in the UK Need to Know (Cooley) The UK’s Information Commissioner’s Office has, over the course of this week, published various notes of advice and blog posts to organisations and data subjects in respect of the coronavirus (COVI…
In COVID-19 crisis, public cloud computing is ‘an unsung hero’ (CRN Australia) Keeping online services alive amid unprecedented demand.
COVID-19: Keep Calm and Monitor Your Remote Access (CyberX) Stay secure through COVID-19's new reality by monitoring your remote connections, implementing secure remote access, and fully integrating IoT/OT security.
Coronavirus: VPN hardware becomes a chokepoint for remote workers (SearchNetworking) Vendors specializing in network monitoring report that VPN hardware has become a bottleneck for many companies with a high number of remote workers. Government efforts to reduce the spread of the coronavirus have forced businesses to order employees to work from home.
How to Stay Safe From Cybercrime When Working at Home During the Outbreak (Consumer Reports) Online criminals are targeting people working from home with new kinds of scams, aimed at stealing both personal and corporate information. Here's how to stay safe from cybercrime.
What You Should Know About Online Tools During the COVID-19 Crisis (Electronic Frontier Foundation) A greater portion of the world’s work, organizing, and care-giving is moving onto digital platforms and tools that facilitate connection and productivity: video conferencing, messaging apps, healthcare and educational platforms, and more. It’s important to be aware of the ways these tools may...
How to Avoid the Worst Online Scams (Wired) Phishing, malware, and more only escalate in times of uncertainty. Here's how to protect yourself.
Managed security services: why a provider is a business no-brainer (Raconteur) Managed security services providers can become trusted advisers in the understanding and awareness of emerging cyberthreats.
Crowdsourced pentesting is not without its issues (Help Net Security) Security researchers engaged in crowdsourced pentesting are not paid for the work, but per found vulnerability, and they can often work for nothing.
Messing With Portscans With Honeyports (Cyber Deception) (Black Hills Information Security) Hello and welcome! My name is John Strand, and in this video, we’re going to be talking about tripwire Honeyports. Now, this is a lab that’s used in ADHD. This is the virtual machine that we use in my classes that we teach at Wild West Hackin’ Fest and also at Black Hat. But in …
Detecting Long Connections With Zeek/Bro and RITA (Black Hills Information Security) Hello and welcome, my name is John Strand and in this video, we’re going to be talking about RITA, Real Intelligence Threat Analytics and how it can quickly do DNS analysis to find DNS backdoors in your environment. So once again we are using ADHD, if you want to find ADHD just go to ActiveCountermeasures.com …
Check Your Perimeter (Black Hills Information Security) With so many organizations transitioning to remote work in order to stem the tide of COVID-19 infections, we wanted to cover some of the configuration elements you should be considering to ensure that your network perimeter is properly protected. Employee remote access is often a target for attackers looking to gain initial …
Design and Innovation
SOCCRATES: Improving detection and response to complex cyber-attacks (Open Access Government) SOCCRATES brings together some of the best expertise in the field to develop and implement an automated platform to defend against complex cyber-attacks
Hidden data is revealing the true scale of the coronavirus outbreak (WIRED UK) Satellite images, internet speed and traffic information tell a whole new story about Covid-19
Academia
Eight university teams recently competed in two-day cyber attack competition at Regis University (Denver Post) Eight teams vied for the coveted top spot at the Rocky Mountain Collegiate Cyber Defense Competition (RMCCDC) hosted by Regis University in early March, but only one team – top-performing Red Rocks Community College – will represent the Rocky Mountain region at the national event in Orlando, Fla., later this year.
Diocese of Wilmington elementary, secondary schools on cutting edge with cyber education as teachers, students 'do whatever we can' (The Dialog) While social distancing may be a new concept in a world focused on coronavirus prevention, distance learning is not and Catholic schools in the Diocese of Wilmington are putting to use every multimedia tool and tactic at their disposal. “We came into this very strong on computer learning skills, but we’re going to come out …
Legislation, Policy and Regulation
Bias And Misperception In Cyberspace – Analysis (Eurasia Review) With cyber operations serving as an instrument of foreign policy, it is fair to posit that cognitive factors that account for behavior in the physical domain are equally applicable to cyberspace. B…
Global conflict in the 'Age of Coronavirus': No shortage of deadly threats (TheHill) When nations, their governments and their people are distracted, they become more vulnerable.
As the West Panics, Putin Is Watching (Foreign Policy) The coronavirus crisis is exposing the West’s weaknesses—and adversaries of the U.S. and EU are paying close attention so they can exploit vulnerabilities in a…
The battle against disinformation is global (Fifth Domain) Disinformation-spewing online bots and trolls from halfway around the world are continuing to shape local and national debates by spreading lies online on a massive scale.
Are we ready for China to control global communications? (TheHill) The threat is very real as companies like Huawei amass an ever-increasing share of the world’s 5G infrastructure.
It's time to track people's smartphones to ensure they self-isolate during this global pandemic, says WHO boffin (Register) Suspected carriers need to stay home – and we should use their phones to monitor them, we're told
Israel Govt's New 'Shield' App Tracks Your Coronavirus Exposure (BleepingComputer) The Israeli Ministry of Health has released a new mobile app called "The Shield" that will alert users if they have been at a location in Israel at the same time as a known Coronavirus patient.
Taiwan's new 'electronic fence' for quarantines leads wave of virus monitoring (Reuters) Taiwan, which has won global praise for its effective action against the coronav...
Oxford University campaigns for pan-European COVID-tracking mobile app (SC Magazine) Oxford researchers are working with European governments on the feasibility of a mobile app for instant contact tracing of possible COVID-19 patients
As Coronavirus Surveillance Escalates, Personal Privacy Plummets (New York Times) Tracking entire populations to combat the pandemic now could open the doors to more invasive forms of government snooping later.
Cyber-States and US National Security: Learning from Covid-19 (Small Wars Journal) What are the current implications for US national security? The first implication is our open market view of cyberspace and the sale of data by private social network companies like Facebook. Our national security is encumbered when private companies can use the data of citizens to sell to any entity who can pay, like the Cambridge Analytica case.
GOP lawmakers call on Twitter to ban Chinese Communist Party from the platform (TheHill) Two Republican lawmakers on Friday called on Twitter to ban the Chinese Communist Party (CCP) from its platform following a surge in Chinese misinformation around the coronavirus.
France Authorizes the Use of Huawei Equipment in Its 5G Network While Plans for a New Factory Are Underway (CPO Magazine) According to anonymous sources, the French authorities have decided to approve the use of Huawei equipment but only in non-core parts of the 5G network.
Coronavirus pandemic: why cybersecurity matters (World Economic Forum) Hackers are targeting our increased dependence on digital tools.
IronNet's Jamil Jaffer on U.S. deterrence efforts in cyberspace (CyberScoop) IronNet's Jamil Jaffer talks about the ways the U.S. government is trying to stop nation-states from carrying out hacking attempts.
OMB Requests $45.8B Emergency Funds to Support Telework, Cyber (MeriTalk) The Office of Management and Budget (OMB) is requesting $45.8 billion in Fiscal Year 2020 emergency funds to support the government-wide response to the COVID-19 coronavirus outbreak, including updates to agency IT to support telework and improve cybersecurity.
INSIGHT: New DoD Cybersecurity Certification Holds Key to Contracts (Bloomberg Law) New Department of Defense cybersecurity certification will represent contractors’ ticket to get into the game, Baker Donelson attorneys write. Without that ticket, contractors will not have a chance to compete for and win DoD contracts.
Analysis | The Cybersecurity 202: Democrats see coronavirus stimulus as last, best chance for vote-by-mail push (Washington Post) They fear the virus could damage faith in elections more than Russian interference.
The Solarium Commission report and its incomplete applicability to control systems and critical infrastructure (Control Global) The Cyberspace Solarium Commission was established in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences."
Trump appoints Special Forces officer to head Counterterrorism Center (SOFREP) "Mr. Miller develops and oversees the implementation of all DOD policies, strategies, and plans related to special operations and combating terrorism,"
Covid-busy NHS postpones cyber-security audit (SC Magazine) The annual data security audit of NHS organisations, due this month, has been postponed to the end of September
Litigation, Investigation, and Enforcement
The Russians Are Coming Again, and They’re Winning (The Daily Beast) One thing appears certain: Russia’s victory last week in our courts is only going to further embolden the trolls as we go through the 2020 election.
AusPost touts 'business-led cybersecurity risk culture' ahead of committee probe (ZDNet) Despite claims otherwise from the National Audit Office, the postal service said it already has clear oversight of its critical asset infrastructures and has prioritised actions under an existing program of work.
COVID-19 ‘Vaccine’ Seller First To Be Busted In Crackdown On Vile Coronavirus Scams (Forbes) As cybercriminals continue to exploit the coronavirus pandemic for profit, the law enforcement fightback begins.
Justice Dept. brings first fraud case stemming from coronavirus crisis (Washington Post) The department successfully sought a restraining order against a website falsely claiming to distribute coronavirus vaccines.
Justice Department Files Its First Enforcement Action Against COVID-19 Fraud (US Department of Justice) Federal Court Issues Temporary Restraining Order Against Website Offering Fraudulent Coronavirus Vaccine
Coronavirus cybercrime task force launches in Virginia (StateScoop) The group, launched by the state and the U.S. Department of Justice, targets cybercriminals seeking to exploit fears of the growing public health crisis.
Zoom Urged To Divulge Gov't Data Demands In COVID-19 Era (Law360) As the coronavirus pandemic ramps up demand for remote conferencing services, an advocacy group is pushing Zoom Video Communications Inc. to release regular transparency reports detailing how it responds to requests by government authorities for access to users' data.
Breaking: TQL faces lawsuit over data breach (FreightWaves) A lawsuit, seeking class action status, was filed against TQL over its recent data breach.
Interpol Enters Deal With South Korea's S2W Lab Over Cyber Threat Intelligence Data (TWJ News) The agreement would ease the load on Interpol, as the S2W Lab will reduce the difficulty of filtering the data connected to the targeted individuals that are consistently active on the dark web.
Interpol Enlists Korean Startup to Track Crypto on the Dark Web (Cointelegraph) Interpol partners with a South Korean startup that specializes in examining crypto flows on the dark web to help fight darknet cybercrime.
Korea University staffer accused of data breach, sexual harassment (Korea Times) Korea University staffer accused of data breach, sexual harassment
Police investigate ransomware attack at Jamaica National (Jamaica Observer) The Jamaica National Group says the Jamaica Constabulary Force's Major ...
Facebook executives allegedly ‘knew for years’ about misleading metric (Financial Times) New court documents claim company was aware key ad metric was exaggerating marketing reach
Industry Events
newly Noted Events
QuBit Sofia 2020 (Sofia, Bulgaria, October 28 - 29, 2020) The third annual cyber community conference QuBit in Sofia offers its delegates excellent speakers, leading edge topics, keynotes, case studies, panel discussions, hands-on trainings and popular networking events. QuBit is a cybersecurity community event connecting the East and West, now in its 6th year on the cybersecurity market in Central and Eastern Europe. Based on its success in Prague, QuBit expanded further and brought educational conference also to Southeastern Eurrope. QuBit seeks to bring together and build a like-minded cybersecurity community. Our mission is to create a community of knowledge and information sharing for the industry’s experts and professionals through networking & education events.
upcoming Events
National Cyber League (NCL) Spring Season (Various locations, March 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
2020 Cipher Brief Threat Conference (Sea Island, Georgia, USA, March 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some of the top names in intelligence and global security involved in matters of cyber, defense and security. Combined with an invitation-only audience, The Cipher Brief Threat Conference provides a unique experience that no other event in the defense and national security space can match. For us, it's not just about who's on the stage, it's about who's in the room.
SecureWorld Boston (Boston, Massachusetts, USA, March 25 - 26, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
Kernelcon (Omaha, Nebraska, USA, March 27 - 28, 2020) Kernelcon is the result of many motivated information security professionals who recognized the opportunity to create an awesome security conference in Omaha. The idea for Kernelcon started within the local DEF CON Group, DC402, with lots of help from other members of other local security groups such as NebraskaCERT and OWASP. We are inspired by many other conferences including DEF CON, DerbyCon, ShmooCon, etc., and wanted to bring those same experiences to the Mid-West here in Omaha.
InfoSec World (Lake Buena Vista, Florida, USA, March 30 - April 3, 2020) Join your peers and our experts at InfoSec World 2020 Conference & Expo on March 30 – April 1 to not only address the disruptive technologies and threats on the horizon, but to create a plan for managing the people, processes and tools for how your organizations react and cope with these intrusive circumstances.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.