Another misconfigured Amazon Web Services S3 bucket leaks. This one belongs to the Australian Broadcasting Corporation. Amazon continues its efforts to nudge customers to more mindful use of its cloud services.
Kaspersky has released the results of its own investigation of the alleged NSA leaks that appear retrospectively to have played a role in prompting the US Government to eject Kaspersky products from its systems. Kaspersky says a laptop with a Baltimore-area IP address, and protected with Kaspersky software, was found to have been infected with what appeared to be Equation Group tools, and that those were the files Kaspersky uploaded for inspection. That there turned out to be classified files in the mix Kaspersky says was unknown at the time, and that such files were promptly deleted as soon as recognized. Kaspersky also says the laptop, which is thought to have been used by an NSA worker or contractor, was thoroughly compromised by other sources.
Bitdefender warns that the Terdot banking Trojan is a very capable information-stealer, one that would be easily adaptable into an espionage tool.
Inevitably concerns about fake news are being monetized by cyber criminals, some of whom are now offering fake-news-as-a-service, often in the forms of spoofed legitimate sites.
Criminals get disrupted when their black markets are shuttered. They will move to other dark web souks to do business, but they operated less effectively and with more leaks in their new virtual hangouts.
The new US Vulnerabilities Equities Process continues to draw generally positive reviews.
Today's issue includes events affecting Australia, China, European Union, France, NATO/OTAN, Russia, Turkey, United Kingdom, United States.
A note to our readers: We are offering continuing coverage of some recent events on our site. Today we have two new articles from CyCon US: one on the international law of conflict as it applies in cyberspace (with notes from a panel of authorities on the Tallinn Manual, and thoughts on attribution by an international law expert from Dentons) and another on Engility's cyber certification scholarship program for transitioning veterans.
A well-informed cybersecurity strategy is essential to keeping your organization protected, but gathering global intelligence from various sources and locations is difficult. Your organization needs a partner with deep roots in cyber threat intelligence. The LookingGlass digital library (STRATISS) of strategic intelligence reports expands your understanding of the threat landscape and delivers the intelligence your decision makers want to their fingertips. Check out our intelligence here.
ON THE PODCAST
In today's podcast, we hear from our partners at Booz Allen Hamilton, as Chris Poulin discusses the ethical conundrums artificial intelligence will face when it begins driving cars. In an emergency, how does the self-driving car decide whom or what it's going to run over, or into? Does it protect its passengers first, no matter what, or does it apply some more complex moral calculus? Listen and discuss among yourselves when you get back to the dorm, students. And we also have a guest, Jeremy Wittkop from Intelisecure, who tells us what we need to know about the trouble with Social Security Account Numbers.
Earn a master’s degree in cybersecurity from SANS(Online, November 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, November 21st, at 1:00pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).
'Fake news' Becomes a Business Model: Researchers(Security Week) Cyber criminals have latched onto the notion of "fake news" and turned it into a profitable business model, with services starting at under $10, security researchers said Thursday.
Does GDPR enable identity theft?(Computing) Under GDPR you'll be able to ask organisations to hand over all the data they hold on you. But what happens when a cyber criminal is able to pass himself off as you, and force firms to tell him everything?
Inside the Army’s interim WIN-T plans(C4ISRNET) WIN-T could lose funding, but soldiers around the world still rely on system capabilities so the Army is accelerating repairs and focusing on modernization.
The Motherboard Guide to Not Getting Hacked(Motherboard) Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.
Dark Web Shops Are Leaking IPs Left and Right(BleepingComputer) The takedown of three major Dark Web markets by law enforcement officials over the summer has driven many vendors of illegal products to set up their own shops that, in many cases, are not properly configured and are leaking the underlying server's IP address.
Cybersecurity: A fiduciary duty(Ethical Boardroom) The recent WannaCry ransomware exploit brought into full view several factors that terrify many companies and their boards of directors.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
The 3rd Annual Billington INTERNATIONAL Cybersecurity Summit(Washington, DC, USA, November 21, 2017) The 3rd Annual Billington International Cybersecurity Summit on March 21 in Washington, D.C. at the National Press Club, will attract over 400 attendees at the leading forum on global cybersecurity in...
Aviation Cyber Security(London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...
Global Conference on Cyberspace (GCCS)(New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...
AutoMobility LA(Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...
Cyber Security, Oil, Gas & Power 2017(London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.
Cyber Security Summit Los Angeles(Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.