We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
For more, see our daily update on COVID-19 and the cybersecurity community.
Tensions between China and its neighbors are finding more expression in cyberspace. As FireEye reported last week, Vietnam is thought to have conducted a recent cyber espionage campaign against Chinese targets, mostly targets that might yield information about the origins and transmission of COVID-19. Now Chinese threat actors are engaged in spearphishing officials in Da Nang. Anomali sees strong indications that the Pirate Panda group is behind the attacks. Da Nang is a coastal city relatively close to the Paracel Islands, ownership of which is disputed among China, Vietnam, and the Philippines. CyberScoop says that the spearphishing campaign seems linked to the territorial dispute, especially since Da Nang was recently visited by the USS Theodore Roosevelt and the USS Bunker Hill, on a diplomatic good will mission. The US regards those waters as international; China says it owns them.
While the best available information indicates that Kim Jong-un is still running North Korea, and isn't under any serious immediate challenge, the recent scare about his health and the realization that the DPRK's succession plans are vague at best have led the Atlantic Council to warn that North Korean offensive cyber capabilities could become a loose cannon in the event of a leadership crisis in Pyongyang.
The attacks on Israeli water and wastewater treatment facilities were conducted by hackers who knew how to affect programmable logic controllers, SecurityWeek reports.
The CBC says the Royal Canadian Mounted Police are investigating a ransomware attack against Northwest Territories Power Corporation website and email services.
Today's issue includes events affecting Australia, Canada, China, Czech Republic, European Union, India, Indonesia, Israel, Japan, Democratic Peoples' Republic of Korea, New Zealand, Nigeria, Russia, Singapore, United Kingdom, United States, and Vietnam.
What does the FBI do with respect to cyber threats?
"I think if you look historically at the perception of the FBI, there's the sense that we're slowly, methodically collecting evidence to hold in a vault until one day when we can put handcuffs on someone. That's certainly always a goal - to bring someone to that kind of judicial outcome - but it's not the only goal. Really, our primary objective is to impose risk and consequences on our cyber-adversaries, and we do that in a number of ways. And what we're doing during the COVID pandemic is one example."
—Tonya Ugoretz, deputy assistant director in the FBI's Cyber Division, on the CyberWire's Daily Podcast, 4.29.20.
Establish risk and impose costs on the adversary.
Financial organizations are on the frontline of COVID-19 pandemic. Financial organizations are seeing a drastic spike in online transactions during this new normal of working, banking, and shopping from home. With a huge surge in online payments and massive increases in the volume of financial transactions, the potential for fraud, phishing, and other threats is more severe than ever. Join our webinar on May 13, to hear from Olga Polishchuck, LookingGlass’ Senior Director of Threat Analysis and Investigations on:
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich talks about issues with Excel 4 Macros. Our guest is Tina C. Williams-Koroma, from TCecure, whos shares views on leadership in cybersecurity, and why it’s important.
In this week's episode of CSO Perspectives, "Metrics and risk," we consider the related issues of metrics and the models that use them. All models are more-or-less accurate approximations of reality. The good ones, however, have some very valuable uses. Our CSO has some perspective on those uses.
Top intel agency rules out 'manmade' theory of coronavirus origins (POLITICO) But the intelligence community is still investigating whether the virus may have accidentally leaked from a Chinese laboratory.
Intelligence Community Statement on Origins of COVID-19 (Office of the Director of National Intelligence) The Office of the Director of National Intelligence today issued the following Intelligence Community (IC) statement: “The entire Intelligence Community has been consistently providing critical support to U.S. policymakers and those responding to the COVID-19 virus, which originated in China. The Intelligence Community also concurs with the wide scientific consensus that the COVID-19 virus was not manmade or genetically modified.
EU Demands End to Coronavirus Cyberattacks (SecurityWeek) The European Union on Thursday accused unnamed parties of exploiting the coronavirus pandemic to launch cyberattacks on infrastructure and healthcare services
As Putin Seeks to Reinvent History, Russia-Czech Relations Hit a New Low (Foreign Policy) Three Prague officials are under police protection following reports of a poison plot.
Here We Go Again: Russia Gears Up to Interfere in 2020 Election With Coronavirus Disinformation (Foreign Policy) A campaign linked to Russia aims to manipulate this year's elections in the United States and Europe. Trump needs to let the intelligence professionals do…
Covid hoaxes are using a loophole to stay alive—even after content is deleted (MIT Technology Review) Pandemic conspiracy theorists are using the Wayback Machine to promote "zombie content" that avoids content moderators and fact-checkers.
Google 'Task Force' Fights Bad COVID-19 Ads (SecurityWeek) Google said Thursday its task force devoted to fighting "bad" ads hawking bogus coronavirus cures, illegitimate unemployment benefits and overpriced medical supplies had blocked tens of millions of messages.
Trump’s Disinfectant Talk Trips Up Sites’ Vows Against Misinformation (New York Times) Facebook, Twitter and YouTube have declined to remove the president’s statements about unproven coronavirus treatments.
Schiff to Google and Twitter: Please be more like Facebook when it comes to coronavirus misinformation (CNBC) Facebook said it would notify users if they had engaged with a post that had been removed for including misinformation about Covid-19.
The Inevitable Coronavirus Censorship Crisis is Here (Matt Taibbi) As the Covid-19 crisis progresses, censorship programs advance, amid calls for China-style control of the Internet
CFFS Decries Censorship Practices of Social Media Giants (PR Newswire) In a shocking display of disregard for First Amendment protections afforded all Americans, the leadership of popular social media platforms...
A Scramble for Virus Apps That Do No Harm (New York Times) Dozens of tracking apps for smartphones are being used or developed to help contain the coronavirus pandemic. But there are worries about privacy and hastily written software.
Palantir’s NHS data project “may outlive coronavirus crisis” (NS Tech) <p>An ambitious project to forecast demand on NHS services at both a local and national level is likely to outlive the coronavirus pandemic, according to two sources close to the work. The initiative,
Palantir is one of 'our best weapons' against the coronavirus: Co-founder (Yahoo) Palantir co-founder and investor Joe Lonsdale sat down with Yahoo Finance to discuss the company's COVID-19 work and the current state of VC in Silicon Valley.
RDP brute-force attacks are skyrocketing due to remote working (BleepingComputer) Internet-exposed and poorly configured RDP servers from all over the globe are the target of an increasing number of brute-forcing attacks that have started since the beginning of March.
National Security Agency Releases Cybersecurity Guidance for Remote Workers (Security Magazine) The U.S. National Security Agency (NSA) has released cybersecurity guidance, containing a snapshot of current, commercially-available collaboration tools available for telework use, along with a list of security criteria to consider when selecting which capability to leverage.
How telework has changed two agencies’ IT practices (Federal Times) Top IT officials from the Small Business Administration and General Services Administration discussed how coronavirus has changed IT at their agencies.
Zoom admits it doesn’t have 300 million users, corrects misleading claims (The Verge) Rivals like Microsoft and Google are closer to Zoom’s numbers than expected
Zoom meeting of black lawmakers in Delaware was hacked (Washington Post) A Zoom meeting that included state lawmakers from Delaware as well as members of Congress had been hacked
Managers turn to surveillance software, always-on webcams to ensure employees are (really) working from home (Washington Post) Always-on webcams, virtual "water coolers," constant monitoring: Is the tech industry’s new dream for remote work actually a nightmare?
Microsoft Office 365: US issues security alert over rushed remote deployments (ZDNet) CISA is concerned hasty deployments of Office 365 and Teams may lead to missed key security configurations.
US govt updates Microsoft Office 365 security best practices (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) today issued an update to its Microsoft Office 365 security best practices as part of an alert distributed via the US National Cyber Awareness System.
FBI Warns of Major Spike in Cyber Attacks (CyberArk) Cyber attackers are taking advantage of the uncertainty and remote workers to increase their attacks, the FBI says. Privileged access management can help.
Mitigating ransomware and phishing attacks during a pandemic (SearchSecurity) Preventing and mitigating ransomware and other cyberattacks become even more challenging -- and critical -- during a pandemic. Learn how security leaders can protect their organizations in a global crisis like the one caused by COVID-19.
The Benefits of Giving Up a Little Control over Cybersecurity (Security Boulevard) The COVID-19 pandemic and shutdown of businesses has forced families to embrace new processes. There are lessons in the Coronavirus quarantine for businesses in terms of giving up control to achieve desired outcomes.
Fortinet CISO: Here’s What ‘New Normal’ Cloud Security Needs (SDxCentral) Not even global pandemics last forever. “My advice to companies right now is to really think about what will happen next,” said Fortinet VP and Global Field CISO Jonathan Nguyen-Duy.
The Department of Defense Should Not Wage Cyber War Against Criminal Hackers During the Coronavirus Crisis (Council on Foreign Relations) Some have called for the Department of Defense to "defend forward" against cybercrime that exploits the coronavirus pandemic. However, doing so would strain the department's already limited resources and put democratic values at risk.
Ensuring Safe Elections (Brennan Center for Justice) Federal Funding Needs for State and Local Governments During the Pandemic
Pentagon Wary Of Adversaries Buying Defense Firms Amid Economic Crisis (Breaking Defense) DoD officials are working with Congress to come up with new ways to keep foreign governments out of the US military industrial base.
Request your free Tessian platform access today (Tessian) Request your free platform access. Learn how Tessian’s Human Layer Security Platform protects your employees from data exfiltration, accidental data loss and phishing.
Coronavirus: UKCloud and VMware join forces to meet public sector demand for remote desktops (ComputerWeekly) Public sector-focused IaaS provider UKCloud forges closer ties with VMware to meet the public sector demand for “government-grade” remote desktop technology.
Suspected Chinese hackers aim attacks at Vietnamese government officials (CyberScoop) As tensions flare between China and Vietnam over territories in the South China Sea, China appears to be spearphishing Vietnamese government officials.
Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center (Anomali) Authored by: Sara Moore, Joakim Kennedy, Parthiban R, and Rory GouldThe Anomali Threat Research Team detected a spear phishing email targeting government employees in the Municipality of Da Nang, Vietnam. The email contained a malicious Microsoft Excel document which drops a malicious Dynamic-Link Library (DLL) providing the actor with CMD reverse shell over HTTP. The DLL shares code similarities to exile-RAT, a tool associated with Pirate Panda. Pirate Panda is an APT backed by China and
Loose cobras: DPRK regime succession and uncertain control over offensive cyber capabilities - Atlantic Council (Atlantic Council) Unconfirmed rumors surfaced in mid April 2020 regarding the potential incapacitation of North Korean leader Kim Jong Un, leading to speculation about the ramifications of a sudden transition of leadership in Pyongyang. These rumors have once again raised serious concerns over the stability of the Democratic People’s Republic of Korea’s (DPRK) control of strategic weapons, including nuclear and ballistic missiles. These worries are familiar to the international affairs community from multiple earlier crisis moments. In particular, the international community’s fears surrounding a North Korean transition of power are compounded by its questions about control of offensive cyber operations capabilities.
NTPC confirms 'cyber attack' from unknown source on Thursday (CBC) The Northwest Territories Power Corporation says it has "experienced a cyber attack from an unknown source."
Hackers Knew How to Target PLCs in Israel Water Facility Attacks: Sources (SecurityWeek) The changes made to PLCs in the attacks targeting Israeli water facilities shows the sophistication of the hackers and that they knew exactly what they were doing
Group-IB uncovers PerSwaysion — sophisticated phishing campaign targeting executives worldwide (www.group-ib.com) Group-IB, a Singapore-based cybersecurity company, has identified a series of sophisticated successful phishing attacks against the management and executives of more than 150 companies around the world.
The 2020 URL Querystring Data Leaks — Millions of User Emails Leaking from Popular Websites to Advertising & Analytics Companies (Medium) Breaches have been found on websites including Wish.com, JetBlue.com, Quibi.com, WashingtonPost.com, NGPVan.com and numerous other…
Quibi, JetBlue, Wish, others accused of leaking millions of email addresses to ad orgs via HTTP referer headers (Register) From URL to UR-Hell
Warning over EventBot banking Trojan draining financial details from Android phones (Computing) The malware can intercept the two-factor authentication security codes sent to the device
2FA-stealing Android malware gives enterprises cause for concern (SC Magazine) Security researchers have warned that newly created mobile banking malware can not only grab passwords for more than 200 financial apps, but intercept two-factor authentication codes as well.
Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks (Infosecurity Magazine) Scammers using reCAPTCHA walls to fool analysis systems and trick users
Surge in phishing attacks using legitimate reCAPTCHA walls (Help Net Security) Cyber scammers are starting to use legitimate reCaptcha walls to disguise malicious content from email security systems, Barracuda Networks has observed.
Nintendo data breach reportedly caused by credential stuffing (TechRepublic) Attackers used an account checker tool to identify Nintendo accounts with compromised and vulnerable login credentials, says SpyCloud.
Critical Vulnerability in Salt Requires Immediate Patching (SecurityWeek) The Salt community has been aware of a critical vulnerability (CVE-2020-11651) in Salt Master It was informed that the vulnerability has a CVSS rating of 10.0, that Salt Masters should not be exposed to the internet until fixes are made.
Bumper Adobe update fixes flaws in Magento, Bridge and Illustrator (Naked Security) Adobe’s latest patches are out, including fixes for its ecommerce platform.
Ransomware mentioned in 1,000+ SEC filings over the past year (ZDNet) A growing number of public companies have started listing ransomware as a forward-looking risk factor in their SEC documents.
ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel (Threatpost) Overall bot activity on the web has soared, with a 26 percent growth rate — attacks on applications, APIs and mobile sites are all on the rise.
TAG Analysis of Asia-Pacific Markets Shows Success of Industry Anti-Fraud Programs (MarTech Series) The Trustworthy Accountability Group (TAG), an advertising industry initiative to fight criminal activity in the digital advertising supply chain, today released a snapshot of ad fraud across a range of Asia-Pacific markets, showing dramatically lower IVT rates in TAG Certified Channels when compared with global industry averages. Trustworthy Accountability Group Conducted by The 614 Group, the analysis found a 91 percent overall reduction in invalid traffic (IVT) when advertisers used TAG Certified distribution channels which involve multiple companies that have achieved the TAG Certified
Six IoT Security Threats to Watch (Toolbox Tech) Internet-of-Things technology still has a long way to go before it is secure.Last year, Congress introduced the . The stated goal of the Act was to leverage federal government procurement power to encourage increased cybersecurity for Internet-of-Things devices, specifically to help promote an increased level of education around cybersecurity and...
ICANN rejects sale of .org registry to for-profit investor group (Reuters) A body overseeing web addresses said it has vetoed a $1.1 billion deal to sell control of domain names ending in .org to a private investment firm after an outcry from internet pioneers and officials including California's attorney general.
MobileIron + incapptic Connect (Mobileiron) MobileIron has acquired incapptic Connect, the leading provider of mobile app release automation software.
Ontic Raises $12 Million in Series A Funding Round Led by Felicis Ventures (TylerPaper.com) AUSTIN, Texas, April 30, 2020 /PRNewswire/ -- Ontic, the protective intelligence software platform developed to help businesses proactively address physical safety, announced today it has raised $12 million in a
Accurics Launches with a Vision of Making Cloud Infrastructure Security Ubiquitous (Yahoo) Accurics launches to protects cloud native infrastructure throughout the DevOps lifecycle - 'code-to-cloud’ - and reconcile risk posture drift.
Accenture Completes Acquisition of Broadcom’s Symantec Cyber Security Services Business (BusinessWire) Accenture completed its acquisition of the Symantec Cyber Security Services business from Broadcom Inc.
After a turbulent 2019, what's next for Huawei in 2020? (Abacus) Huawei says services have helped during the Covid-19 pandemic, but it's looking for more local alternatives to Google services as a bulwark against US restrictions
Teams lining up for $1B Army cyber competition (Washington Technology) Raytheon Technologies has officially joined the fray to compete for a $1 billion Army cyber training contract that has several other notable names in the running.
Raytheon Technologies-Red Hat-VMware Team to Pursue Army Cyber TRIDENT Training Contract; Bob Williams Quoted (GovCon Wire) Raytheon Technologies (NYSE: RTX) has teamed up with Red Hat and VMware (NYSE: VMW) to compete for t
FireEye Layoffs 'Never Ideal,' But 'Necessary,' Says CEO (Channel Partners) Just-announced FireEye layoffs are part of an organizational restructuring planned before the COVID-19 pandemic. Six percent of the workforce is being cut.
Get to know KnowBe4, a 2020 Best Places to Work honoree (Tampa Bay Business Journal) How would you describe your company to someone outside of your industry?
German Blockchain-anchored Data Security Company Ubirch Expands to Israel (PR Newswire) German blockchain-anchored data security start-up Ubirch is on course for internationalization and is thus consistently pursuing its growth...
Coalfire Federal Growth Prompts Malone Promotion, New Board Of Directors (The Grand Junction Daily Sentinel) Coalfire Federal, a wholly owned subsidiary of cybersecurity advisory and assessment services provider Coalfire, today announced the promotion of Bill Malone to President.
One Identity to Bolster Microsoft SQL Server and Azure SQL Database Security with End-to-End Privileged Access Management (Globe Newswire) One Identity Safeguard allows organizations to manage, monitor, record and audit administrators’ access to Microsoft SQL Server 2017. SQL Server 2019 and Azure SQL Database
SlashNext Launches URL Analysis & Enrichment to Automate Phishing IR (SlashNext) New Solution Delivers Real-Time Phishing Threat Intelligence and Automated Incident Responses in the Cloud
Illusive Networks Extends Distributed Deception to the Cloud - Illusive Networks (Illusive Networks) New Capabilities Defend Organizations Against Attacks from Anywhere to Anywhere
Microsoft Office 365: This new feature will keep you safe from malware-filled documents (TechRepublic) Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.
Accurics Takes the Wraps off Its Code-to-Cloud Security Solution (Tech) Stealth mode startup Accurics details free and premium ‘code-to-cloud’ security offerings that protects infrastructure throughout the DevOps lifecycle.
Appsian Enables Adaptive Multi-Factor Authentication in Oracle PeopleSoft Applications (PR Newswire) Appsian, the global leader in Enterprise Resource Planning (ERP) data security, has announced an integration with Duo Security, now part of...
Shedding Light On Possible Child Exploitation with Digital Intelligence (Cellebrite) A Netherlands nonprofit organization analyzes a teenage girl’s photo data to search for signs of sexual exploitation.
Why You Want to Fail a Red Team Exercise (Infosecurity Magazine) Why failing a Red Team exercise is good and what happens afterwards is more important.
Digital Assets and Data Management – Managing Enterprise Risks and Leveraging Data in a Digital World (BakerHostetler) Key Findings: Enable MFA already! Back at the top of our key findings again for many and obvious reasons....
What Is a DDoS Attack - A Guide for Protection | Cybersecurity | CompTIA (Default) Learn what a DDoS attack is, the types of DDoS attacks, DDoS attack tools, DDoS protection and how to stop a DDoS attack.
Eastern Mennonite University team wins international codebreaking contest (Augusta Free Press) Eastern Mennonite University’s veteran codebreaker team emerged victorious in the KRYPTOS 2020 challenge.
Purdue’s Spafford named to American Academy of Arts and Sciences (Purdue University) Purdue University professor Eugene H. Spafford has been elected to the American Academy of Arts and Sciences, one of the nation’s oldest and most prestigious honorary societies.
Analysts: U.S., China should tread carefully in case of North Korea collapse (UPI) China plays an outsize role in North Korea's economy, but its clout in the region doesn't mean Beijing can easily intervene in the event of North Korea instability, U.S. analysts say.
China wasn’t wild about Mike Pompeo before the virus. It’s really gunning for him now. (Washington Post) Beijing has unleashed a wave of vitriol against Pompeo over unsupported claims that the virus could have leaked from a Wuhan lab.
China Issued the Measures for Cybersecurity Review (The National Law Review) The Cyberspace Administration of China (&ldquo;CAC&rdquo;), together with 11 other authorities, has jointly issued the Measures for Cybersecurity Review (the &ldquo;Measures&rdquo;), which will take e
Washington’s Anti-Huawei Tactics Need a Reboot In Europe (Foreign Policy) Efforts to convince allies of the Chinese threat in 5G have floundered.
Republicans to introduce bill to ban government employees from using Huawei, ZTE products (TheHill) Republican Sens. Ted Cruz (Texas) and Josh Hawley (Mo.) announced their intention on Thursday to introduce a bill that would ban U.S.
National Security Surveillance on U.S. Soil Fell Amid Scrutiny of Russia Inquiry (New York Times) But overseas targets of the government’s warrantless surveillance program continued to soar in 2019, a new report disclosed.
WhatsApp claims NSO Group's lawyers have conflict of interest - CyberScoop (CyberScoop) Facebook is trying to get NSO Group’s legal counsel dismissed because of an alleged conflict of interest in its case regarding the abuse of WhatsApp users.
WhatsApp claims hacking software infected users after one phone call (Newsweek) The messaging app claims that an Israeli spyware company has responsibility for human rights violations and helped hack government officials, journalists and dissidents.
WhatsApp says NSO Group hacked 1,400 users, including human rights activists (times of Israel) News from Israel, the Middle East and the Jewish World
FBI Director Wray Previously Represented Facebook in Encryption Fight Before Turning Critic (Wall Street Journal) FBI Director Christopher Wray, who has been pushing tech companies to give law-enforcement officials access to encrypted messages, once advocated the opposite view when representing Facebook’s WhatsApp.
LabCorp sued for allegedly concealing data breaches (TechCrunch) The laboratory giant had two security incidents in as many years.
LabCorp investors file lawsuit, alleging 'persistent' failure to secure data (CyberScoop) LabCorp investors have filed a lawsuit against the company following a major data breach last year.
Trump praise of ‘tormented’ Flynn raises pardon speculation (Military Times) President Donald Trump voiced strong support Thursday for his former national security adviser Michael Flynn, raising speculation that a pardon may be coming after Flynn's lawyers disclosed internal FBI documents they claim show the FBI tried to “intentionally frame
For a complete running list of events, please visit the Event Tracker.
National Cyber League (NCL) Spring Season (Various locations, Mar 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
think2020 (Online, May 4 - 7, 2020) The annual IBM business and technology conference. Acquire hands-on experience with the latest advancements in open technologies from hybrid multicloud to data and AI – then meet the luminaries who are using them to transform our lives. Think isn't a single conference for thousands of people. It's thousands of curated conferences in one.
THOTCON (Chicago, Illinois, USA, May 8 - 9, 2020) THOTCON is a hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference possible on a limited budget. Once you attend a THOTCON event, you will have experienced one of the best information security conferences in the world combined with a uniquely casual and social experience. The conference will be held at a location only to be disclosed to attendees and speakers during the week before the event.
41st IEEE Symposium on Security and Privacy (SP2020) (San Francisco, California, USA, May 18 - 20, 2020) IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems.
AFCEA/GMU Critical Issues in C4I Symposium (Online, May 19 - 20, 2020) For well over a decade, the AFCEA/GMU Critical Issues in C4I Symposium has connected academia, industry and government annually to address important issues in technology and systems research and development. The audience is typically more than 70% government/military featuring decision makers at all levels looking to advance their understanding of the key C4I challenges being faced now and in the future.
