Our new subscription program, CyberWire Pro, will be available soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Patch Tuesday, with help from NSA. Fronts for APT40. Fancy Bear paws at Burisma.
Today is Patch Tuesday, and late yesterday KrebsOnSecurity said that sources told him Microsoft would issue an unusually important patch for a core cryptographic component shared by all versions of Windows. The Washington Post this morning reported that the flaw was discovered by the US National Security Agency, which quietly reported it to Microsoft rather than weaponizing the vulnerability. The flaw is said to be similar in severity to that exploited by EternalBlue. NSA is expected to offer comment in a media call early this afternoon.
ZDNet reports that the anonymous security analysts of Intrusion Truth have uncovered some thirteen companies, operating for the most part from Hainan, that serve as fronts for APT40, a threat group associated with the Chinese government and best known for espionage on behalf of the People’s Liberation Army Navy. Intrusion Truth posted its findings this past Thursday and Friday.
Area 1 has released research indicating that Russia’s GRU in November of 2019 began a phishing campaign against the Ukrainian energy company Burisma Holdings. The goal was to obtain email credentials from Burisma, its subsidiaries, and its partners. Burisma is the company whose connections to former US Vice President Biden’s son, Hunter Biden, were at the center of the impeachment inquiry directed at US President Trump, who wanted a Ukrainian investigation of those connections. Phishing is a common method of attack, and as the New York Times and Wall Street Journal point out, it’s how Fancy Bear (the GRU) accessed Democratic Party accounts in 2016.
Today's issue includes events affecting China, Iran, Israel, Lebanon, New Zealand, Russia, Taiwan, Ukraine, United Kingdom, United States, and and Yemen.
Bring your own context.
What would a board of directors playbook for cybersecurity look like?
"Great question. So one of the things we try to outline in the board of directors playbook and in our presentations to many boards is that it's really important for them to get access to and have the security staff, typically the CISO, provide regular updates to the board about the status of the organization's preparedness, their ability to respond to a breach, what types of tools they're leveraging, where are the gaps, where are investments required in order for them to improve their overall preparedness and their overall ability to respond in the event that an incident happened."
—Tom Etheridge, VP of services at CrowdStrike, describing their Board of Directors Playbook on the CyberWire Daily Podcast, 1.10.20.
Boards have many balls in the air, but two of the cyber balls seem to be made of glass: regulatory risk and the attack surface the board members themselves present. So get involved with the security staff.
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses the security implications of Android bloatware. Our guest, Haiyan Song from Splunk, reviews their security predictions for 2020.
And Recorded Future's podcast, produced in partnership with the CyberWire, is up. In this episode, "Threat Intelligence Is the Centerfold," they speak with Steven Atnip, senior advisor for Verizon’s threat research advisory center and the dark web hunting team. Steven shares his early career experience in the U.S. Navy and explains why he believes the military provides unique opportunities for people looking to launch their careers. He offers his views on the importance of company culture, being a lifelong learner, how to step up to challenges of an organization running at scale, as well as his insights on security and threat intelligence.