Some additional notes from last week's Billington CyberSecurity Summit, including reflections on inherent government responsibilities with respect to cybersecurity from NCSC's Ciaran Martin. And the US Department of Defense finds it more difficult to retain cyber operators than it does to recruit them in the first place.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
NCSC advice on DDoS protection. Stealth Falcon update. Web radios patched. Toyota BEC. US exfiltrates a source from Russia.
The distributed denial-of-service attack that struck Wikipedia over the weekend remains under investigation, but BleepingComputer reports some speculation that the incident was the result of a botnet testing round. (They also report that the UK's NCSC recommends dusting off DDoS protection advice it's offered for some time.)
ESET says it's associated a hitherto overlooked backdoor with Stealth Falcon. Stealth Falcon itself has been connected by the University of Toronto's Citizen Lab with the distribution of spyware against a range of Middle Eastern targets. It's regarded as being, probably, a United Arab Emirates' operation, linked to Project Raven, which Reuters described earlier this year.
In a disclosure coordinated with manufacturer Telestar Digital, Vulnerability-Lab reports that Dabman and Imperial web radios were vulnerable to exploitation through an "undocumented Telnet service on the standard port 23." Telestar has fixed the vulnerabilities.
Toyota Boshoku, a parts unit of Toyota Group, continues to investigate a business email compromise scam in a European subsidiary that may have cost the company ¥4 billion (approximately $37 million). According to Infosecurity Magazine, the incident occured on August 14th, and if it followed the usual business email compromise template, the theft depended on social engineering.
The Washington Post reports that in 2017 the US exfiltrated an "asset" (a source, an agent) from Russia. The asset had provided the US with information about 2016 Russian election hacking.
Today is Patch Tuesday, and updates will appear throughout the day. Ivanti recently offered a forecast of Microsoft's expected patches in Help Net Security.
Today's issue includes events affecting Australia, Canada, China, Czech Republic, European Union, India, Japan, Republic of Korea, Netherlands, Oman, Philippines, Poland, Russia, Saudi Arabia, Thailand, Ukraine, United Arab Emirates, United Kingdom, and United States.
Bring your own context.
What lessons can CISOs learn from venture capitalists?
"VCs are used to working with the financial stakeholders. They're used to building funds and generating specific targeted returns, but, you know, you look at a lot of the folks that move into these roles of CISO and CSO. There is not a lot of training, whether it's how to put cybersecurity into a business context and think of it as a kind of key strategic plank for the business, whether it's defining the risk not as an IT risk but as an enterprise risk. You know, those kinds of strategic skills and that kind of board interaction are not commonplace in terms of their career path development, so gaining those skills and building that capability, I think, is one of the really significant challenges facing most CISOs."
—Doug Grindstaff, senior vice president of cybersecurity solutions for the CMMI Institute, on the CyberWire Daily Podcast, 9.6.19.
Think in terms of enterprise risk, and pay close and continuous attention to the stakeholders.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
In today's podcast, out later this afternoon, we talk with our partners at Booz Allen Hamilton, as Michael Sechrist discusses how geopolitical issues spill over into cyber security. Our guest, Ashish Gupta from Bugcrowd, talks through the economics of hacking and the adoption of ethical hacking.
And Recorded Future's podcast, produced in cooperation with the CyberWire, is up. In this episode, "The Intersection of Political Science, Risk Management, and Cybersecurity," Matt Devost, CEO and co-founder of OODA LLC, shares his insights on managing cyber risk in a complex world, as well as his thoughts on threat intelligence.