skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Citing intelligence from the Republic's National Cyber and Information Security Agency (NUKIB), the Czech Senate has concluded that a "foreign state power" was responsible for recent attacks on the Foreign Ministry. The Senate doesn't name the foreign state, but Reuters says that Czech news outlets are calling the attacks a Russian operation.

The large-scale worm infestation expected from BlueKeep has yet to appear, but yesterday Microsoft released patches for a similar family of vulnerabilities, "DéjaBlue," that according to an account in WIRED affect more recent versions of Windows than BlueKeep.

Facebook has been paying contractors to review user interactions with its products, Bloomberg reports. The social network is the latest to receive scrutiny over the practice. Google, Apple, Amazon, and Microsoft have all been found doing this, most commonly in human-AI interactions with such digital assistants as Siri, Alexa, and Cortana. Facebook had offered Messenger users transcription of voice chats, but without making it clear that humans would check the quality of the automated transcription. Facebook says it stopped this practice two weeks ago.

Wandera reports that British Airways has been sending insecure check-in links to passengers.

vpnMentor has found the biometric data of some one-million people exposed online in an unprotected database. The data were held by BioStar 2, a web-based smart-lock platform that controls access using fingerprints and facial recognition. The information exposed includes employee personal information and unencrypted usernames and passwords. The exposure was discovered on August 5th, disclosed on August 7th, and resolved on August 13th.

Notes.

Today's issue includes events affecting China, Czech Republic, European Union, France, Germany, New Zealand, Russia, United Kingdom, United States.

Bring your own context.

Some observations on trends in industrial control system security, as it was on display in Las Vegas at Black Hat last week.

"I'm not seeing a lot of the vendors here talk about the convergence of information technology and operation technology or, in essence, the ability to marry the digital with the kinetic world. For the last decade or in 15 years, they've been very segmented. If you are in IT, you're dealing with business systems. If you're in OT, you're an engineer. You're not a technologist. And I think the industry is just now waking up to OT and critical infrastructure and figuring out how to bond those two together. At RSA this last year, we saw OT with one of the big things. Now, we're here, and we're not seeing that. I'm also not seeing a lot of emphasis on the small and medium businesses. It seems like if you bring in less than 50 or $100 million in revenue, there aren't a lot of solutions out there in the market for you. And I think that's really worrisome to us in the industry."

—Justin Harvey, global incident response leader at Accenture, on the CyberWire Daily Podcast, 8.9.19.

Some cultural and technological gaps remain to be closed.

What are the best practices and tools for SecOps in 2019?

Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.

In today's podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour shares some thoughts on cyber security insurance policies. Our guest is Elisa Costante from ForeScout; she discusses vulnerabilities in building automation systems.

CyberTexas Job Fair, August 20, San Antonio. Visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, August 20, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberTexas Job Fair, August 20 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Cyber Attacks, Threats, and Vulnerabilities

Foreign power was behind cyber attack on Czech ministry: Senate (Reuters) A foreign state staged the latest cyber attack targeting the Czech Foreign Minis...

New BlueKeep-Style Bugs Renew the Risk of a Windows Worm (WIRED) Vulnerabilities in Microsoft's Remote Desktop Protocol continue to plague the web.

Analysis | The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet (Washington Post) And they did it with the Air Force's blessing.

'Screwed Drivers': Driver Vulnerabilities affect Intel, AMD (CRN Australia) Attackers can take over Windows even after OS wipes.

British Airways Has Yet Another Security Problem, New Report Says (Fortune) British Airways' check-in links are leaking sensitive information that hackers could use to access itinerary information, according to a security firm.

British Airways sending vulnerable check-in links (Wandera) Wandera’s threat research team has discovered a vulnerability affecting British Airways’ e-ticketing system that exposes passengers’ personally identifiable information (PII).Airline check-in links that are unencrypted and easily intercepted enable unauthorized third parties to view and ch

Biometrics of one million people discovered on publicly accessible database (Computing) Biostar 2 database, used for access control by police, defence contractors and banks, found online unprotected and unencrypted

Report: Data Breach in Biometric Security Platform Affecting Millions of Users (vpnMentor) Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s team recently discovered a huge data breach in security platform Biostar 2.   ...

Hacker site’s incriminating database published online by rival group (Ars Technica) Fortnite cracks, software exploits among the topics discussed in almost 357,000 PMs.

Facebook has been listening to users' voice messages without their knowledge (The Telegraph) Facebook has been paying hundreds of people to listen to users' private audio clips without their knowledge.

Facebook Paid Hundreds of Contractors to Transcribe Users’ Audio (Bloomberg) Social network says it paused human review of conversations. Apple, Amazon, Google have been scrutinized for similar work.

Choice Hotels data breach leaks 5.6 million customer records: report (Comparitech) Hackers apparently stole and demanded ransom for more than 5.6 million customer records belonging to major hotel franchisor Choice Hotels.

Chrome Incognito mode detection fix busted by researchers (Naked Security) Remember that Chrome update that stopped websites from detecting Incognito mode? Well, researchers claim to have found a way around it.

Varonis Uncovers New Malware Strains and a Mysterious Web Shell During A Monero Cryptojacking Investigation (Varonis) The Varonis Security Research team recently investigated an ongoing cryptomining infection that had spread to nearly every device at a midsize company. Analysis of the collected malware samples revealed a new variant, which the team dubbed “Norman,” that uses various techniques to hide and avoid discovery. We also discovered an interactive Web Shell that may be related to the mining operators.

Serious security flaws discovered in six widely used enterprise printers (Computing) Some of the security flaws date back 30-40 years - but probably didn't matter in pre-internet days,Threats and Risks,Security ,Security,Kyocera,Xerox,Ricoh,Lexmark,HP,Brother,Printers,SNMP

Hacked devices can be turned into acoustic weapons (Naked Security) Security researcher Matt Wixey found that many gadgets aren’t protected from being turned into hearing-damaging weapons. Or melting.

Siemens SIMATIC PCS7, WinCC, TIA Portal (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC (TIA Portal) Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2.

Siemens Spectrum Power (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-04 Siemens Spectrum Power that was published July 9, 2019, on the ICS webpage on us-cert.gov.

Siemens SIMATIC WinCC and PCS7 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory titled ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7 that was published July 11, 2019, on the ICS webpage of us-cert.gov.

Siemens SCALANCE X Switches (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition.

Delta Industrial Automation DOPSoft (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds read, Use after free 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, or crash of the application.

Siemens SIPROTEC 5 and DIGSI 5 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2    UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 that was published July 09, 2019 on the ICS webpage on us-cert.gov.

Mitsubishi Electric smartRTU and INEA ME-RTU (CISA) 1    EXECUTIVE SUMMARY CISA is aware of a public report of vulnerabilities with proof-of-concept (PoC) exploit code affecting Mitsubishi Electric smartRTU (Versions 2.02 and prior) and INEA ME-RTU (Versions 3.0 and prior), remote terminal unit products. According to this report, there are multiple vulnerabilities that could be exploited to gain remote code execution with root privileges. CISA has notified Mitsubishi Electric of the report and has asked them to confirm the vulnerabilities and identify mitigations.

OSIsoft PI Web API (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely Vendor: OSIsoft LLC Equipment: OSIsoft PI Web API Vulnerabilities: Inclusion of Sensitive Information in Log Files, Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow direct attacks against the product and disclose sensitive information.

Hundreds of Wisconsin elections offices use expired operating systems, official says | StateScoop (StateScoop) The state’s election security lead said 527 local clerks access the voter database on devices with operating systems near or past their expiration dates.

Security Patches, Mitigations, and Software Updates

Microsoft Releases August 2019 Security Updates (JPCERT/CC) Microsoft has released August 2019 Security Updates. This contains updates that are rated as "Critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code.

Cyber Trends

‘Under the Radar’ DDoS Attacks Increase by 158 Percent in Q2, 2019 Compared to the Same Time Last Year (BusinessWire) ‘Under the radar’ DDoS attacks increase by 158 percent in Q2, 2019 compared to the same time last year, according to Neustar

Q2 2019 Cyberthreats and Trends Report (Neustar) The Q2 2019 Cyberthreats and Trends Report from Neustar provides information on the latest developments in DDoS attacks, how to mitigate them and shares what steps to take in order to defend against these threats. Download the report and stay up to date.

Building a Culture of Security: 73 articles Summarizing Black Hat USA 2019 (Bricata) If there was a common theme at the 2019 Black Hat USA conference in Las Vegas, it may well have been security culture. Black Hat 2019 can be summarized here.

Opinion | All Your Data Is Health Data (New York Times) And Big Tech has it all.

SOC-as-a-Service promises threat protection in a world of scarce resources (Help Net Security) Because many are currently offering various flavors of SOC-as-a-Service, there can be a lot of variation in terms of what they can deliver.

CIOs Strive for Balance Between Looking Inward and Outward (Wall Street Journal) Technology’s expanding reach in the corporate world means chief information officers are taking a bigger role in developing strategies and customer services, while still keeping underlying systems running smoothly.

Marketplace

Western Companies in Hong Kong Activate Contingency Plans as Turmoil Spreads (Wall Street Journal) Banks and others are considering how to respond to a variety of possible scenarios as unrest in the city becomes more widespread and unpredictable.

What government can do to keep its cyber workforce (Fifth Domain) The government needs to show cybersecurity pros their value and invest in their careers, industry said.

Big name cybersecurity vendors are trying to buy their way to the top (CyberScoop) A strong economy and higher demand for security products means big vendors will continue buying startups to keep up with emerging technology.

Computacenter buys back ITAD business from Arrow (CRN) Services giant welcomes RDC unit back into the fold

Cybersecurity Association of Maryland (CAMI) Continues Dramatic Growth (MDCyber.com) Organization promotes Conklin to Director of Operations, CEO Smith Resigns   August 13th, 2019 (Baltimore, MD) – The Board of Directors of the Cybersecurity Association of Maryland Inc. (CAMI) today announced that it has reached 500 overall members and in the last thirty days the association added three new Premier Sponsors bringing the total number to …

Inside the dark web scramble to get far-right conspiracy site 8chan back online (The Independent) Bad actors have thrived on dark web because it allows website owners and visitors to obscure their location and internet address

Products, Services, and Solutions

Stronger as One: IronNet Expands the Power of Collective Defense to Organizations of All Sizes - IronNet Cybersecurity | Network Traffic Analysis, AI, and Collective Defense (IronNet Cybersecurity) New strategic initiative will improve cyber defense collaboration and security outcomes across organization and industry IronNet Cybersecurity, the leading provider of collective defense and network behavioral analysis for companies and industries, today announces that IronDome, the industry’s first and only collective defense platform, is now available to companies of all sizes. Understanding that the ability …

BitSight® Announces Enterprise Analytics™ to Help Security and Risk Leaders Manage Cyber Risk Across Corporate Structures (PR Newswire) BitSight, the Standard in Security Ratings®, today announced BitSight Enterprise Analytics, the latest Security...

Netwrix Teams with Mott MacDonald to Power Data-Driven Decisioning with New Data Classification Offering (PR Newswire) Netwrix, a vendor of data security, governance and content services software, today announced that it has...

Technologies, Techniques, and Standards

NIST Lays Out Roadmap for Developing Artificial Intelligence Standards (Nextgov.com) The plan is meant to help federal leaders roll out standards that reduce the potential risks of AI without stifling innovation.

NGA takes big step to enable AI, big data and more (C4ISRNET) A potentially $824 million contract will help the National Geospatial-Intelligence Agency transition from its legacy systems.

CBP to expand use of facial recognition tech (Seeking Alpha) The U.S. Customs and Border Protection agency is set to expand its use of facial recognition, deploying the controversial technology to screen people entering the country.

Design and Innovation

Lockheed Launches New Weapons Cybersecurity Strategy (Breaking Defense) Hacking a spy satellite, stealth fighter, or smart bomb is very different from hacking a computer network, so the US military needs different defenses.

This is Lockheed’s new cyber resiliency scale for weapon systems (Fifth Domain) The goal is a framework to audit the cybersecurity of defense systems old and new.

Research and Development

Pentagon could offer up its bases as 5G test beds (C4ISRNET) The Pentagon might offer its infrastructure as test areas for American 5G technology development.

Academia

Women's Society of Cyberjutsu Crowns First Wicked6™ Cyber Games Champion (Yahoo) Electrifying Event Raised Funds for Women and Girls in Cybersecurity

Forum aims to reach and teach Kiwi youth about cybersecurity (CIO New Zealand) Cyber attacks are sent every 39 seconds which can accumulate to 300,000 new malware each day. It may be already too late but have you wondered how safe your device is? This is the key message Ytech aims to impart to Kiwi youth as it launches its first forum on cybersecurity.

CIT students earn scholarships to attend national cybersecurity conference (Gilmer Mirror) Three Kilgore College Information Technology (CIT) students were presented scholarships to attend a three-day national cybersecurity education conference in Bossier City, La.

MU designated as a National Center of Academic Excellence in Cyber Defense Research (University of Missouri News Burea) The National Security Agency (NSA) and the Department of Homeland Security have recognized the University of Missouri as a National Center of Academic Excellence in Cyber Defense Research. The distinction is designated through June 2024.

Legislation, Policy, and Regulation

Russia after Putin: 2024 is a long way off, but the battle for the Kremlin has already begun (Times) Over the past few years Russia’s capital has undergone a transformation. Muscovites used to buy their groceries from faceless corner stores full of overheating refrigerators; today many shop at the...

Federal Ban on Chinese Telecom Equipment Takes Effect (Nextgov.com) Contracting officers will have new disclosure provisions to include in contracts issued after Aug. 13.

U.S. Retreats on Chinese Tariff Threats, Stocks Soar (Wall Street Journal) The U.S. will delay some tariffs against China on items such as cellphones, laptops and toys until Dec. 15, softening the blow of levies that were scheduled to take effect Sept. 1 on $300 billion of imports.

Litigation, Investigation, and Law Enforcement

[Letter from the Ranking Member to the Chairman] (US House Judiciary Committee) Dear Chairman Nadler: On July 24th, 2019, former Special Counsel Robert Mueller appeared before the House Judiciary Committee, compelled by subpoena, and answered questions from both Democrats and Republicans.

FTC Chief Says He’s Willing to Break Up Big Tech Companies (Bloomberg) Chairman Simons says FTC can unwind approved deals over harm. FTC is investigating Facebook acquisitions in antitrust probe.

SEC Investigating Data Leak at First American Financial Corp. (KrebsOnSecurity) The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned.

Energy Department Never Blacklists Risky Nuclear Tech Vendors, GAO Says (Nextgov.com) The process is too time-consuming and narrow to be effective, according to officials at the National Nuclear Security Administration.

Another EU antitrust complaint filed against Google - this time Google's job search service (Computing) The search giant has been accused of using its market dominance to favour its job search unit,Search ,Google for Jobs,Margrethe Vestager,EU Competition Commissioner,BestJobsOnline,Google,Antitrust

Geeky license plate earns hacker $12,000 in parking tickets (Ars Technica) A California man's vanity license plate backfires spectacularly.

He tried to prank the DMV. Then his vanity license plate backfired big time. (Mashable) It seemed like a good idea at the time.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybersecurity Summit, New York (New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...

Virginia Cybersecurity Education Conference (Fairfax, Virginia, USA, August 13 - 14, 2019) The goal of the Virginia Cybersecurity Education Conference is to get attendees thinking about ways to engage students at all grade levels in hands-on, meaningful educational activities related to cybersecurity.

AcceleRISE (Minneapolis, Minnesota, USA, August 14 - 16, 2019) Prepare for your future. Designed for young industry professionals like yourself, and presented by SIA, AcceleRISE brings together tomorrow’s security leaders for two-plus days of idea sharing, coaching, The conference, hosted by SIA’s RISE community for young professionals and those new to the industry, will present blended learning sessions featuring a mix of keynotes, panel sessions, team building exercises, peer networking and workshops.

PCI Security Standards 2019 Latin America Forum (São Paulo, Brazil, August 15, 2019) Don’t miss the data security event of the year for the payment card industry. We provide you with the information and tools to help secure payment data. We lead a global, cross industry effort to increase...

Austin Cybersecurity Conference (Austin, Texas, USA, August 15, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.