The daily briefing.
Ukraine's SBU security service warns that various government agencies in Kiev are under cyberattack, again. No attribution so far.
ESET reports that Telebots and BlackEnergy, and therefore Industroyer and NotPetya, are linked to the same threat actor.
Observers look at cyberattacks against the ports of Barcelona and San Diego and conclude that commingling IT and OT yields unacceptably high risk.
Cisco's Talos research group has found a new Android Trojan, "GPlayed." It masquerades as the Play store, using the name "Google Play Marketplace" to further the imposture.
Skepticism over Bloomberg's Chinese supply chain attack story continues to rise. Some sources have walked back their statements to Bloomberg. Other observers point to an implausibility: if Chinese intelligence services really had seeded the supply chain as effectively as the story suggests, why would they engage in all the noisy hacking they've continued to conduct?
Facebook has purged more "inauthentic" sites. In this case the 559 pages and 251 accounts the social network took down were for the most part American. The problem, in Facebook's view, is their "coordinated inauthenticity." The company admits that inauthentic content is "often indistinguishable from legitimate political debate," and is trying to develop that distinction on the basis of behavior as opposed to content. The inauthenticity specified is moneymaking: clickbaiting people into ad farms.
The UK and Netherlands intend to push the EU to develop more effective sanctions against cyberattack.
Reuters says the Five Eyes and friends have agreed to closer cooperation against Russian and Chinese cyber operations.
Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com
Today's edition of the CyberWire reports events affecting Australia, Canada, China, European Union, Germany, Japan, Netherlands, New Zealand, Russia, Ukraine, United Kingdom, United States.
Find out what midsized enterprises are doing right to hit the cybersecurity “sweet spot.”
On the Podcast
In today's podcast, we hear from our partners at the University of Maryland, as Jonathan Katz discusses the use of a cryptographic ledger to provide accountability for law enforcement. Our guest is April Wensel from Compassionate Coding on her work bringing emotional intelligence and ethics to the tech industry.
Cyber Security Summits: October 16 in Phoenix and on November 29 in Los Angeles (Phoenix, Arizona, United States, October 16, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The CIA, Verizon, AT&T, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
SecurityWeek 2018 Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, United States, October 22 - 25, 2018) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Register today for the original ICS/SCADA Cyber Security Conference – October 22-25 in Atlanta.
Maryland Cybersecurity Career & Education Fair (Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.
The CyberWire is published daily, Monday through Friday, except for US holidays. Format and summary copyright CyberWire, Inc. To subscribe and to manage your subscription, visit our sign-up page. Follow us on Twitter @thecyberwire.
Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story.
Cyber Trends (6)
Cyber Events (13)
UNIAN: SBU - Ukrainian government agencies targeted in another cyber attack (KyivPost) The Security Service of Ukraine has reported a new cyber attack on government agencies, according to the SBU press center.
Security researchers find solid evidence linking Industroyer to NotPetya (ZDNet) A web of code reuse and shared infrastructure links together a slew of famous cyber-attacks.
Researchers link tools used in NotPetya and Ukraine grid hacks (Cyberscoop) New research provides evidence that TeleBots, a group with Russian military ties, was involved with the NotPetya and BlackEnergy incidents in Ukraine.
New TeleBots backdoor links Industroyer to NotPetya for first time (WeLiveSecurity) ESET’s analysis of a new TeleBots backdoor has uncovered the first evidence linking Industroyer to NotPetya, revealing a rumored connection that was not previously proven.
Facebook purged over 800 U.S. accounts and pages for pushing political spam (Washington Post) Facebook cracked down on over 800 accounts and publishers on Thursday, saying that the politically-oriented accounts violated its policies against spam.
Facebook: Most political trolls are American, not Russian (The Telegraph) Facebook has banned hundreds of pages and accounts which it says were fraudulently flooding its site with partisan political content – although they came from the US instead of being associated with Russia.
If Supermicro boards were so bug-ridden, why would hackers ever need implants? (Ars Technica) Whether spy chips reported by Bloomberg existed, attackers had much easier options.
Google Exposes User Data, Continues Deciding Which Sites Are Secure: What The Experts Say (Information Security Buzz) We now know that Google knowingly avoided disclosing its own data breach. At the same time it announces the decision to “fully remove trust in Symantec’s old infrastructure and all of the certificates it has issued” when it releases Chrome 70 later this month. Bill Holtz is CEO of Comodo CA, web security provider and the world’s largest commercial Certificate …
Cisco's Talos Group discovers new Android trojan (iTWire) A new Android trojan, named GPlayed, has been spotted by Cisco's Talos Intelligence Group which says it has an icon very similar to Google Apps and us...
An Examination of a Phishing Kit Dubbed Luis (Akamai) There have been plenty of articles describing the structure of phishing emails, and how to spot them. However, less explored, are phishing websites - what they are, how they are used, and how users can protect themselves. We'll take a...
Troubled waters: cyber-attacks on San Diego and Barcelona's ports show risk of IT/OT convergence (Computing) Operational technology has been kept separate from IT in the past - but as that changes, systems are being exposed to attacks,Threats and Risks ,Darktrace,computer security,Cyber security
Security warning: Attackers are using these five hacking tools to target you (ZDNet) Free - but powerful - tools are being used by everyone ranging from cyber criminals to nation-state operators, says a report by five government security agencies.
Fake Adobe Flash Updates Hide Malicious Crypto Miners (Threatpost) A fake Adobe update actually updates victims' Flash - but also installs malicious cryptomining malware.
PoC exploit for Windows Shell RCE released (Help Net Security) A PoC exploit for a RCE vulnerability (CVE-2018-8495) that can be exploited via Microsoft Edge has been published and can be easily adapted by attackers.
Stolen Apple IDs in China Lead to Mobile-Payment Pilfering (Wall Street Journal) China’s two mobile-payments giants, Alibaba affiliate Alipay and Tencent's WeChat Pay, said stolen Apple IDs were used to swipe customer funds, and called on Apple to address the issue.
Scam callers impersonating Parke County Deputies for personal information and money (WTHI News) Parke County residents are saying they are receiving phone calls from deputies demanding money.... or so it seems. Now the Sheriff's office is taking action.
FitMetrix Exposes “Millions” of Customers’ Data (Infosecurity Magazine) Unprotected cloud database again to blame
Yale 'smart' security app crash left people locked out of their homes for 24 hours (Computing) Yale smart lock crash locks users in - and out - of their homes,Big Data and Analytics,Cloud and Infrastructure ,yale,burglar alarm,smart locks,smart alarm
‘Payment Notification’ Is Top Healthcare Phishing Attack Subject (HealthITSecurity) The term “Payment Notification” is the top healthcare phishing attack subject, appearing in more than half of healthcare phishing attack campaigns in 2018.
Google's Project Zero thwarts another major bug in Facebook's WhatsApp (Inquirer) And Facebook fixed it in good time. So yay.,Security ,Security,Hacking,Facebook,Google
Patch Tuesday, October 2018 Edition (KrebsOnSecurity) Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.
Delaying Further Symantec TLS Certificate Distrust (Mozilla Security Blog) Due to a long list of documented issues, Mozilla previously announced our intent to distrust TLS certificates issued by the Symantec Certification Authority, which is ...
DHS, FBI chiefs say cyber inflects every security and criminal threat (FCW) Cybersecurity isn't the only threat facing the country, but an Oct. 10 Senate Homeland Security hearing hammered home the extent to which the digital revolution touches every problem in the national security space.
Q2 2018 Quarterly Threat Report (eSentire) The 2018 Quarterly Threat Report provides a quarterly snapshot of threat events and trends investigated by the eSentire Security Operations Center (SOC).
Identity Spoofing Hits the Jackpot as the Primary Attack Vector on Gaming and Gambling Sites, Reveals New ThreatMetrix Cybercrime Report (AP NEWS) ThreatMetrix ®, a LexisNexis® Risk Solutions Company , today released insights into cybercrime attacks on the gaming and gambling sector in its Q2 2018 Gaming & Gambling Report .
One-Third of US Adults Hit with Identity Theft (Dark Reading) That's double the global average and more than three times the rate of French and German adults.
The rise of the chief compliance officer (Digital Guardian) What does the role entail, and does your organisation need one?
AI has triggered 'so many concerns in the world' - Google Cloud CEO (CRN) Diane Greene says that AI is a 'power for good', but warns that the tech industry has to address worries,Vendor ,google cloud platform,Next,Diane Greene,Artificial Intelligence (AI)
Demisto Secures $43 Million Series C Round Led by Greylock Partners (Venture Dreams) Demisto, the US-based company operating in the space of Security Orchestration, Automation and Response (SOAR) technology, has announced the closing of a $43 million Series C funding round led by Greylock Partners. Additional investors participating in this funding round include early investors Accel Partners, ClearSky Security and others, bringing total funding to date to $69 …
Thales makes concessions to soothe EU's Gemalto deal worries
Nyotron Enters Into Strategic Partnership With Ingram Micro to Scale Business Operations Globally | Nyotron (Nyotron) Partnership Agreement Includes $10 Million Investment and Channel Agreement to Help Cybersecurity Pioneer Increase US Presence and Build Channel Program
New infosec products of the week: October 12, 2018 (Help Net Security) Featured infosec products of the week include releases from: Alert Logic, Arcserve, AVG, EclecticIQ, Portnox, Utimaco, WhiteHat Security.
Securonix Selects Cylance for End-to-End AI-Enabled Security Intelligence and Threat Prevention (Cylance) Partnership To Provide Clients with Seamless Integration with CylancePROTECT and Securonix Security Analytics
Lockpath Introduces Two New Editions of the Keylight Platform (PR Newswire) Lockpath, a leading provider of integrated risk management solutions, today announced the availability of...
Carbon Black Debuts Threat Hunting On Endpoint Protection Platform (CRN) Cb ThreatHunter continuously collects unfiltered data, making it easier for security teams to proactively hunt threats, uncover suspicious and stealthy behavior, and disrupt active attacks.
NCSC is monitoring the internet to block DDoS and other cyber attacks (Computing) Technical director Ian Levy says it will be awesome if it works,
Why big business can bank on cyber failures (Global Banking and Finance) When it comes to cyber failures, it’s the big names that make the news. It seems that almost every other day we hear about the latest multi-national bank
Threat Hunters & Security Analysts: A Dynamic Duo (Dark Reading) Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
12 Free, Ready-to-Use Security Tools (Dark Reading) There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
GDPR Fear is Stifling Employees, Here’s How to Fix It (Infosecurity Magazine) A level of accountability is, of course, necessary, because businesses will not be GDPR compliant without it.
FICO, Chamber of Commerce release tool to score businesses on cybersecurity (TheHill) FICO and the U.S. Chamber of Commerce released a new tool Thursday to score how strong businesses' protections are when it comes to cybersecurity.
Analysis | The Cybersecurity 202: Kanye West is going to make password security great again (Washington Post) Yes, his password is bad. But the celeb put security in the spotlight.
China’s central bank hiring cryptography experts for digital money development (South China Morning Post) PBOC is leading the world in the development of a sovereign virtual currency that is cheaper to handle and easier to trace
DARPA wants to teach and test ‘common sense’ for AI (TechCrunch) It's a funny thing, AI. It can identify objects in a fraction of a second, imitate the human voice, and recommend new music, but most machine "intelligence" lacks the most basic understanding of everyday objects and actions — in other words, common sense. DARPA is teaming up with the Seattle-based …
How to protect jets, missiles and ships from cyberattacks (Fifth Domain) Experts told Fifth Domain that protecting American weapons systems from cyberattacks will require a culture of cyber hygiene, resilient systems and a workforce overhaul.
Securing campus networks became more challenging (Help Net Security) A global Infoblox survey reveals that 81 percent of IT professionals believe securing campus networks has become more challenging in the last two years.
Nato to be fully operational in cyber space by 2023 (ComputerWeekly.com) Nato is aiming to achieve full operational readiness in cyber space within five years.
Military intelligence offers career path in today's Russia (AP NEWS) "First time here?" the conductor on the train that stops at the logging outpost of Loyga asks some departing passengers. "My condolences — there isn't even cell phone connection." This desolate village, deep in the far northern Arkhangelsk region, is the hometown of one of the suspected GRU Russian military intelligence agents who is believed to have poisoned a former Russian spy in Britain. The other alleged attacker and an alleged military intelligence operative accused of a hacking attack in the Netherlands come from equally dismal places.
U.K., Netherlands Lead EU Push for New Cyber Sanctions (Bloomberg) Memo sent to EU countries ahead of leaders’ summit next week
U.S. Needs a Global Alliance Against Russia’s Cyberattacks (Bloomberg) Washington can coordinate with Europe, the UN, Interpol and nongovernmental groups.
Exclusive: Five Eyes intelligence alliance builds coalition to counter China (Reuters) The five nations in the world's leading intelligence-sharing network have...
Trump vows to punish China amid spying row (Times) President Trump threatened to punish China further for its aggression towards the United States as tensions between the two economic rivals escalated sharply yesterday. Mr Trump warned that there...
This Act may be cited as the ‘‘Protect our Elections 5 Act’’. (US Senate) To amend the Help America Vote Act of 2002 to require States to take steps to ensure domestic ownership and control of election service providers, and for other purposes
Here's the US Army's New Russia-Era Shopping List (Defense One) After Putin's Ukraine invasion, the Army's future command wants longer guns, better cybersecurity, and a new way to buy weapons.
Ukrainian church wins independence battle against Moscow Patriarchate (Deutsche Welle) Ukraine should have its own Orthodox church, independent from Moscow, the Istanbul-based Ecumenical Patriarchate has ruled in a bitter row. Representatives of Russia's Patriarch Kirill slammed the move as "catastrophic."
Kaspersky Lab treason suspect is hospitalized in critical condition after suffering pulmonary embolism in jail (Meduza) Ruslan Stoyanov, the former Kaspersky Lab expert now on trial for treason, was recently rushed to the hospital in critical condition, after suffering a pulmonary embolism on October 1, his lawyer told the independent television network Dozhd.
Google questioned over delay in disclosing vulnerability (CRN Australia) US senate asks why Google+ vulnerability wasn't made public sooner.
INVESTIGATION NOTICE: The Schall Law Firm Announces it is Investigating Claims Against Alphabet Inc. and Encourages Investors with Losses in Excess of $100,000 to Contact the Firm (Yahoo) The Schall Law Firm, a national shareholder rights litigation firm, announces that it is investigating claims on behalf of investors of Alphabet Inc. (''Alphabet'' or ''the Company'') (NASDAQ: GOOG; NASDAQ: GOOGL) for violations of §§10(b) and 20(a) of the Securities Exchange Act of 1934 and Rule 10b-5 promulgated thereunder by the U.S. Securities and Exchange Commission.
Internet operator challenges network tapping by German spy agency (Reuters) Internet exchange operator DE-CIX said on Thursday it had filed a constitutional...
'I Could Ruin Your Business Right Now': Listen to a SIM-Jacking, Account-Stealing Ransom (Motherboard) Jared Goetz's credit card was fraudulently charged, his phone cut-off, and his email account hacked. But in an extraordinary phone call, Goetz managed to talk the hacker down, and get his digital life back.
For a complete running list of events, please visit the event tracker on the CyberWire website.
Geneva Information Security Day (Geneva, Switzerland, October 12, 2018) Geneva Information Security Day (GISD) is a leading European cybersecurity conference created as a vendor-independent platform for open and actionable discussion of emerging digital threats and remedies, knowledge sharing and building sustainable cybersecurity industry.
FAIRCON18 (Pittsburgh, Pennsylvnia, USA, October 14 - 18, 2018) Focused on advancing cyber, operational risk management.The event will feature in-depth training seminars, insightful presentations from industry leaders, candid executive and practitioner-led discussions and keynotes aimed at driving awareness, knowledge and the development of operational blueprints for building quantitative risk management programs. FAIRCON18 will attract C-suite officers and practitioners responsible for information and operational risk management decisions. The event will unite leaders in information and operational risk management to explore FAIR best practices that produce greater value and alignment with business goals.
The Cyber Security Summit: Phoenix (Phoenix, Arizona, USA, October 16, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.
Zero Day Con: Hacking Democracy (Washington, DC, USA, October 16, 2018) Join Zero Day Con and Strategic Cyber Ventures on October 16th in Washington, D.C. to examine the path forward in reducing our attack surface, managing risk, regaining control of our networks and data, and restoring trust in our cyber-powered global democratic institutions. Zero Day Con Washington DC is an independent conference comprised of interactive learning sessions, keynotes and panel discussions, and will feature an area designated for technology companies to demo and share their latest innovations, products and services. Open to security executives, researchers, operators, policy makers, and all defenders of democracy from private industry, non-profits, academia, military, and government. A half day of focused discussions on cyber-enabled information warfare efforts eroding democracy and the infosec capabilities we need. Network with peers and speakers at the event and during the post-conference cocktail hour.
FAIRCON18 (Pittsburgh, Pennsylvania, USA, October 16 - 17, 2018) Hosted by the FAIR Institute and Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy, the 2018 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals. Large enterprises and government organizations are creating breakthroughs in the management of information and operational risk that enable business-aligned communication, cost-effective decision-making and ultimately managing what matters. Interested in on-site FAIR training? Head to FAIRCON18 early to attend an on-site FAIR Analysis Fundamentals Course, October 14-15, for those that elect to partake in this optional conference add-on. The FAIR Institute is an expert, nonprofit organization led by information risk officers, CISOs and business executives to develop standard information and operational risk management practices in a movement central to “cyber risk economics,” the revolutionary approach to measuring and managing information risk enabled by the Factor Analysis of Information Risk (FAIR) model.
PCI Security Standards Europe Community Meeting (London, England, UK, October 16 - 18, 2018) The PCI Security Standards Council’s 2018 Europe Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!
SecureWorld Cincinnati (Cincinnati, Ohio, USA, October 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.
2018 ISSA International Conference (Atlanta, Georgia, USA, October 17 - 18, 2018) Join us for solution oriented, proactive and innovative sessions focused on Securing Tomorrow Today. Every day, cyber threats become increasingly intricate and difficult to detect. No cyber security professional can become an expert on these dangers without continued efforts to educate themselves on the industry’s latest trends and technologies. We look forward to welcoming you and over 1,000 of your colleagues and peers in Atlanta as we discuss topics ranging from incident response, to emerging technologies, to business skills for the information security professional. Join us at the 2018 ISSA International Conference and we’ll help you prepare to Secure Tomorrow Today.
Fifth Annual Cyber Warfare Symposium (New York, New York, USA, October 18, 2018) The Fifth Annual Cyber Warfare Symposium is an annual one-day event presented by the Journal of Law & Cyber Warfare in conjunction with academia, government and private industry organizations at NYU School of Law in New York City. The theme, “Attend. Engage. Learn,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side.
5th Annual Women in Cyber Security Reception (Washington, DC, United States, October 18, 2018) This annual networking event highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships and build new ones. - See more at: https://thecyberwire.com/events/s/5th-annual-women-in-cyber-security-reception.html
National Insider Threat Special Interest Group (NITSIG) - Insider Threat Symposium & Expo (Laurel, Maryland, USA, October 19, 2018) The NITSIG will hold an Insider Threat Symposium & Expo (ITS&E), on October 19, 2018, at the Johns Hopkins University Applied Physics Laboratory, in Laurel, Maryland. This is a must attend event if you are involved in Insider Threat Program (ITP) Management or Insider Threat Risk Mitigation. We have some outstanding speakers lined up with hands-on experience: Insider Threat Risk Mitigation Subject Matter Experts, managing or supporting ITPs, who work for the US Government, Defense contractors and private sector businesses. The symposium and expo will focus on, and provide guidance on developing, managing or enhancing an Insider Threat Program (ITP) / ITP Working Group, ITP Unintended Impacts / Consequences / Challenges, Insider Threat Fraud, Employee Threat Identification and Mitigation, Employee User Activity Monitoring, Protecting Controlled Unclassified Information and more.
2018 ICS Cyber Security Conference USA (Atlanta, Georgia, USA, October 22 - 25, 2018) SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity. Since 2002, the conference has gathered ICS cyber security stakeholders across various industries and attracts operations and control engineers, IT, government, vendors and academics. Over the years, the focus of the conference has shifted from raising awareness towards sharing security event histories and discussing solutions and protection strategies. As the original cybersecurity conference for the industrial control systems sector, the events cater to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations.
Energy Tech 2018 (Cleveland, Ohio, USA, October 22 - 26, 2018) The annual EnergyTech Conference & Expo is an organized event, supported by NASA and INCOSE, highlighting advancements in Energy, Smart-Grids and Microgrids, Aerospace, Critical Infrastructure, Security and Policy. In 2018, we continue to expand our collaboration effort with professional societies including InfraGard, IEEE, SAE, AIAA, PMI, and others, to join in advancing the technology and system integration of these complex domains, and managing the risk scenarios confronting civilizations.