How are you handling your cloud monitoring and security?
Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.
December 7, 2017.
By The CyberWire Staff
As the US prepares to make good on its long-promised recognition of Jerusalem as Israel's capital, Israel and the US brace for a wave of hacktivism expected to accompany the promised "second Intifada."
Citizens Lab confirmed the Ethiopian government's use of intercept tools procured from Cyberbit to surveil dissidents, when it connected suspicious emails to a misconfigured command-and-control server that exposed the government's target list.
Russian cyber gangs are particularly active in ransom campaigns against businesses in the UK. Cerber remains their most popular strain of ransomware. Extortion demands commonly run to £100,000.
Cryptocurrencies continue to draw criminal attention as raw meat draws flies. Denial-of-service attacks remain popular against Bitcoin sites. A planned Bitcoin rival, Electroneum, failed to launch as its proprietors pulled their offering in the face of effective hacking. An updated version of the Quant Trojan is raiding cryptocurrency wallets. And Nicehash, a popular Bitcoin mining pool, is reported to have suffered a compromise, with some $56 million in coin stolen.
A keylogger has been found in more than 5000 infected WordPress sites.
Android app development tools are found vulnerable to backdoors. Fixes are in progress.
Ashley Madison comes in for more security criticism as its default settings are found vulnerable to leakage.
Apple has again updated MacOS High Sierra to close security holes.
As Section 702 electronic surveillance authority approaches sunset and renewal works its way slowly through the US Congress, the Administration suggests that aspects of the program might legally continue in the absence of reauthorization.
DevSecOps experts from Visa and CYBRIC talk cyber threat survival.
How can you protect yourselves against breaches like Equifax? Swapnil Deshmukh, Sr. Director of Emerging Technologies Security, Visa and Mike D. Kail, CTO, CYBRIC weigh in. Rapid innovation and continuous delivery via DevOps exposes organizations to a constant, evolving cyber threat. Seamlessly embedding continuous security within existing ecosystems will enforce security across the production environment. In this webinar, you’ll learn cultural changes needed for true DevSecOps. Register for this webinar December 12 at 1PM ET.
Flying Blind: 2017 Cloud Configurations Gone Wrong(Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Russian hackers hold UK to ransom(Times) Thousands of British businesses have paid ransoms to Russian hackers who are launching hundreds of attacks every day and demanding up to £100,000 to release files. Experts said that the “epidemic”...
Apple updates everything. Again.(SANS Internet Storm Center) After a rushed release of iOS 11.2 over the weekend to fix a "December 2nd Crash" bug, and last weeks special update to fix the passwordless root authentication bypass in macOS, Apple today released its official set of security updates.
21 Interesting Cyber Security Statistics (2017-2018)(TheBestVPN.com) Cyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role cyber warfare plays in our daily lives should not be underestimated. In fact, billionaire investor Warren Buffett claims that cyber threats are the biggest threat to mankind, and that they are bigger than threats from nuclear …
Our Chips, Code Are More Secure Than Silicon Valley’s: Northrop Grumman(Breaking Defense) The Pentagon has fallen in love with Silicon Valley — though it’s largely unrequited — but traditional defense firms argue there are some things only they can do. One striking example: this Northrop Grumman factory, where the company makes its own microchips “from sand” with unique security features that are not available from commercial vendors.
Emerging Winners in Cybersecurity(Emerging Winners in Cybersecurity) There have been some interesting dynamics at play across the security sector so far in the Q3 earnings season. The vendors of next-generation secur
Why FireEye Is One of the Top Cybersecurity Stocks(Market Realist) FireEye (FEYE) went public in September 2013 and in December 2014, it acquired Mandiant for ~$1.0 billion. Mandiant was considered one of the most prominent data breach and response players in the space.
GDPR Compliance | Trustwave(Trustwave) The EU General Data Protection Regulation (GDPR) is a data protection law for Europe as well as any organizations doing business in Europe. Trustwave delivers a GDPR Privacy and Information Security Risk Assessment to help you holistically and strategically assess how well your organization is addressing the GDPR.
Northrop Grumman Awards Scholarships to Australian Professors(WebWire) Northrop Grumman Corporation (NYSE: NOC) will support multiyear research projects of three Australian academics with initial grants of AU$75,000 for interdisciplinary research collaboration in engineering, quantum communications, human machine interactions and cognitive radio systems. Senator Birmingham announced the awards recently at Parliament House.
Students learn job skills from ethical hackers(Press Publications) Picking locks and infiltrating buildings aren’t part of the typical high school curriculum, but they were a few of the unique lessons during a recent off-campus excursion
The High Stakes of Misunderstanding Section 702 Reforms(Lawfare) In less than a month, Section 702 of the Foreign Intelligence Surveillance Act (FISA) is set to expire. As the clock runs out on one of the U.S. government’s most important national security tools, public discussion remains mired in misunderstandings, misrepresentations, and political sound bites.
Updated Guide to Section 702 Value Examples(IC on the Record) To facilitate public understanding of what the government has released regarding Section 702’s value, the ODNI has prepared a guide that gathers together those examples in one place. We originally posted this Guide on October 27, 2017. We have now updated this Guide to include additional value examples.
Science panel asks DHS for update on government-wide Kaspersky Lab purge(The Washington Times) The chairman of the House Science, Space and Technology Committee has asked the Department of Homeland Security for an update on the federal government’s efforts to identify and remove software made by Kaspersky Lab, an embattled Moscow-based antivirus vendor accused of having ties to Russian intelligence.
HBO Hacker Linked to Iranian Spy Group(Security Week) A man accused by U.S. authorities of hacking into the systems of HBO and attempting to extort millions of dollars from the company has been linked by security researchers to an Iranian cyber espionage group tracked as Charming Kitten.
DeWolfe takes cellphone-search case to Supreme Court(Maryland Daily Record) The mere contention that criminals use cellphones to memorialize their crimes cannot be sufficient to secure a warrant to search a suspect’s phone, Maryland’s public defender has stated in papers u…
Automotive ISAC Fall 2017 Summit(Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.