Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
December 1, 2017.
By The CyberWire Staff
In what's become a dog-bites-man story (or maybe even an evergreen) another unsecured Amazon Web Services S3 bucket has been found, open online and misconfigured for public access. This one held data belonging to the National Credit Federation (NCF), and contained some 111GB of data, much of it in the form of sensitive credit records. Up to forty-thousand individuals may have been affected, but UpGuard, which found the data, saw no evidence anyone had actually stolen the data.
As more reports emerge of the scurrilous content of Russian election trolling in the US, it seems Russia also feels itself under threat. The Kremlin sees a coordinated US campaign to turn Russia's oligarchs against their government.
The Cobalt hackers, criminals who target financial institutions with phish-baited malware, may have committed a misstep. Some of their spam appears to reveal their intended targets in the most obvious place: the emails' "To" field. But there's speculation this may be misdirection intended to send security researchers on a wild goose chase while Cobalt unobtrusively pursues its real targets.
Cisco has patched its widely used WebEx players.
A quick look back at Black Friday weekend suggests good news. According to Iovation, credit card fraud appears to be down 29% from 2016.
A team of investigators formed by South Korea's Ministry of Defense is said to have concluded that the Republic of Korea's Cyber Command illegitimately sought to influence 2012's domestic elections.
Uber faces a rising tide of lawsuits. It's also apparently losing business to Lyft.
Today's issue includes events affecting Australia, Brazil, China, Denmark, Estonia, European Union, Germany, India, Republic of Korea, Netherlands, Norway, Russia, Spain, South Africa, United Kingdom, United States.
Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it. getleftofboom.com
Flying Blind: 2017 Cloud Configurations Gone Wrong(Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Popular Cryptocurrency Apps Expose Users to Data Theft(KoDDoS Blog) Researchers from the cybersecurity firm, High-Tech Bridge, recently conducted a study which concluded that the majority of cryptocurrency-related apps available on the Google Play store carry medium to severe security risks which could greatly compromise its users' security.
Phishing Kit (Ab)Using Cloud Services(SANS Internet Storm Center) When you build a phishing kit, they are several critical points to address. You must generate a nice-looking page which will match as close as possible to the original one and you must work stealthily to not be blocked or, at least, be blocked as late as possible.
2017 Enterprise Phishing Resiliency Report(PhishMe) Our 2017 Phishing Resiliency and Defense Report examines data gathered from our holistic services: phishing simulations, reporting, triage and intelligence. See how the data supports a proactive approach to combatting attacks.
FireEye: Never Forget Your Thesis(Seeking Alpha) The IoT thesis is still valid for bullish bets. YoY, sentiments have shifted towards more upsides. FireEye remains a BUY going by valuation multiples and demand
The Truth About Machine Learning In Cybersecurity: Defense(Forbes) A considerable number of articles cover machine learning and its ability to protect us from cyberattacks. Still, it's important to separate the hype from the reality and see what exactly machine learning (ML), deep learning (DL) and artificial intelligence (AI) algorithms can do right now in cybersecurity.
Thwarting Cyber Attacks on Retirement Plans(ASPPA) A stolen identity, a few clicks, and there it is — a handsome retirement plan balance, ripe for the picking. A recent blog entry,and the IRS, offer some ideas on how to protect retirement plans from identity theft.
GDPR: Who is responsible for what?(Security Boulevard) The EU General Data Protection Regulation (GDPR) and the Network Information Security (NIS) directive are already causing a flurry of activity among businesses. Who is ultimately responsible for cybersecurity seems to be attracting particularly intense discussion.
Should Social Media be Considered Part of Critical Infrastructure?(Security Week) Russia interfered in the U.S. 2016 election, but did not materially affect it. That is the public belief of the U.S. intelligence community. It is a serious accusation and has prompted calls for additions to the official 16 critical infrastructure categories. One idea is that 'national elections' should be included. A second, less obviously, is that social media should be categorized as a critical industry.
DOD Taking Mission-Specific Approach to Growth in Cyber Threats(Avionics) The increasing frequency and widening attack vector of cyber warfare threats is forcing U.S. military officials to adopt a more mission-specific approach to defensive operations rather than attempting to defend entire networks. A greater emphasis on increasing cyber capabilities in the recently passed fiscal year 2018 National Defense Authorization Act (NDAA) conference report and a …
Uber breach signals need for tougher rules(The Daily Star) Uber's cover-up of a massive breach involving the personal details of about 57 million passengers and drivers draws global concern, and lends further support to calls for tougher privacy rules.
'Cyber Command attempted to influence 2012 election'(Korea Times) The military’s cyber warfare command engaged in suspicious online activities ahead of the general election in 2012 in an apparent bid to influence voters, a fact-finding team under the Ministry of National Defense said Thursday. Announcing the interim results of its investigation, the team said the Cyber Command under the Lee Myung-bak government created “operational guidance for psychological warfare” in cyberspace “to respond to election meddling by North Korean sympathizers in the general election.” The election took place April 11.
Lawsuits Pile Up on Uber(Dark Reading) Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...
Hackers Challenge(New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.