How are you handling your cloud monitoring and security?
Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.
December 8, 2017.
By The CyberWire Staff
Iranian threat groups, Charming Kitten among them, have attracted attention this week with reports of their having made quiet inroads into compromising Western, especially US, infrastructure. No major attacks are reported, but security organizations have their eyes open.
Researchers at the University of Birmingham report finding flaws in a banking security app that expose the data of millions of bank customers to credential theft.
oBike, the widely used bicycle-sharing app, is investigating a leak that may have affected users in some fourteen countries.
Bitcoin and other cryptocurrency prices are way up in a major speculative bubble, and criminal attention is enthusiastically keeping pace.
Microsoft has issued an emergency out-of-band patch to its Malware Engine.
WikiLeaks faces more US investigation.
Today is the day ISIS promised to bring America to its knees with a massive cyberattack. A video posted by adherents of the terrorist group formerly known as the Caliphate promised, "We will face you with a massive cyber-war…Black days you will remember.” The specific group making the threat was the "Electronic Ghosts of the Caliphate" or the "Caliphate Cyber Ghosts," but as we go to press the only sign of ISIS hacking appears to have been some defacement of the Gloucester Township website (we believe this is the Gloucester Township in southern New Jersey). "The lions of the Caliphate will be at your door" is what Fleet Street's Daily Mail reported was said, but when we looked it all seemed in order—the mayor's picture was up, looking good.
DevSecOps experts from Visa and CYBRIC talk cyber threat survival.
How can you protect yourselves against breaches like Equifax? Swapnil Deshmukh, Sr. Director of Emerging Technologies Security, Visa and Mike D. Kail, CTO, CYBRIC weigh in. Rapid innovation and continuous delivery via DevOps exposes organizations to a constant, evolving cyber threat. Seamlessly embedding continuous security within existing ecosystems will enforce security across the production environment. In this webinar, you’ll learn cultural changes needed for true DevSecOps. Register for this webinar December 12 at 1PM ET.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Hacking prison – lessons learned from recent Databreach(ERPScan) Did you ever think that a hacker could spring a prisoner out of jail? A hack like this is no longer an imaginary plot for serial movies like “Mr. Robot” or a potential for “Prison Break”. It fell outside of the fictional world turning into a real-live event.
Phishers Are Upping Their Game. So Should You.(KrebsOnSecurity) Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages.
Why is bitcoin’s price so high?(TechCrunch) Bitcoin's price has risen stratospherically, a fact that leaves many minor players in the market with massive gains and many bigger players millionaires. But..
CONFICKER/ DOWNAD 9 Years After: Examining its Impact on Legacy Systems(TrendLabs Security Intelligence Blog) Despite being nearly a decade old, and years past its peak, DOWNAD, also known as CONFICKER, has not gone away. 9 years to the month after its first discovery, we take a look at the numbers to see where DOWNAD is today, and why it is still one of the world’s most prevalent malware.
Apps Can Track Users Even When GPS Is Turned Off(BleepingComputer) Princeton researchers have developed a proof-of-concept app that can be used to reliably track users even if an app does not access a phone's GPS data, and the user has purposely turned off GPS services.
ISIS hackers take down local council website(Mail Online) A group called Electronic Ghosts of the Caliphate hacked the Gloucester Township site and posted threats on its homepage as another group shared a picture of the White House on fire.
Malware-free breaches lead to big breaches: 5 things to know(Becker's Hospital Review) Though ransomware attacks have been highly publicized, the majority of cyberattacks exploited a combination of native software from a victim's system, memory-only malware and stolen credentials, according to the 2017 "Cyber Intrusion Services Casebook" from CrowdStrike.
Cybersecurity Predictions for 2018(Proofpoint) In 2018, attackers will continue to exploit humans to install malware, transfer funds, and steal information, with significant changes in techniques and behavior.
List of IT Services Statistics(Clutch) We compiled a list of statistics about how businesses use and source IT services. Use this list to learn how to approach partnerships with IT companies and consultants for IT services, cybersecurity, and mobility services.
Half of U.S. Companies Face Serious Challenges in Becoming GDPR Compliant(eSecurity Planet) A recent Varonis survey of 500 cyber security professionals in the U.S., U.K., Germany and France found that 50 percent of U.S. respondents and 60 percent of E.U. respondents believe they face serious challenges in becoming compliant with the upcoming E.U. General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018.
Meow! Facial recognition reaches pet doors(Naked Security) It takes mere seconds to recognize a cat, thereby avoiding confused pets. Microsoft, who built it, didn’t address pre-confused pets or hacker squirrels.
GAO details lack of policy around continuous evaluation of cleared workers(InsideDefense.com) The federal government has not set clear policies for using technologies to continuously monitor individuals who hold security clearances, which experts say could call into question the Defense Department's plan to replace a large portion of the background investigation process with continuous evaluation.
Automotive ISAC Fall 2017 Summit(Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.