Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
November 30, 2017.
By The CyberWire Staff
The US Army's Intelligence and Security Command and NSA continue to mop up the embarrassing exposure of Red Disk data on an unsecured AWS S3 account.
HP denies media reports that its PCs came pre-loaded with software that surreptitiously reported usage data back to HP without users' permission.
Clarksons, the UK-based global shipping company, said its network had been compromised by criminals who accessed proprietary information and demanded ransom in exchange for keeping the information unannounced. Clarksons declined to pay and turned the matter over to the police. The criminals appear to have achieved access through a single compromised legitimate user's account (since disabled), not by exploiting a software vulnerability.
Apple has patched the root vulnerability in MacOS High Sierra. The upgrade appears to be quick and painless to install; all Mac users are advised to do so.
Callcredit, Equifax and Experian are said to be preparing for GDPR implementation by working on a Credit Reference Agency Information Notice (CRAIN). The document is intended to bring credit bureau use of personal information into line with the EU's pending requirements.
US Representative Adam Schiff (Democrat, California), ranking member of the House Intelligence Committee, says the committee is close to consensus on how to reform and reauthorize Section 702 foreign electronic surveillance authorities.
An inspector general report on US Department of Defense Management challenges finds that measures put in place post-Snowden to control and monitor privileged insiders remain inadequate.
Accused NSA leaker Reality Winner has been denied her request for pre-trial release.
Today's issue includes events affecting Australia, India, United Kingdom, United States.
A note to our readers: We invite everyone to join us in expressing our condolences to the family and friends of Gerald Masson, who passed away last week at the age of 74. The founding chair of Johns Hopkins University’s Department of Computer Science and founder of the Johns Hopkins University Information Security Institute, he played a long and leading role in the development of information security as an academic and research discipline. He'll be missed; please join us in remembering a life well-lived.
Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it. getleftofboom.com
ON THE PODCAST
In today's podcast we hear from our partners at Dragos, as Robert M. Lee reviews industrial control system security for that natural gas sector. Our guest, Shaun Walsh from Cylance, brings some perspective to the topic of artificial intelligence.
Flying Blind: 2017 Cloud Configurations Gone Wrong(Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
NSA’s fifth data leak: All you need to know(TEISS) Confidential and sensitive data belonging to INSCOM, a joint US Army and NSA command that gathers intelligence for US military and political leaders, were stored on an unprotected cloud server with no password protection.
More Malspam pushing Emotet malware(SANS Internet Storm Center) I published a diary on malicious spam (malspam) pushing Emotet back in June 2017. Since then, I continue to catch the occasional sample, and this malspam appears to occur on a near-daily basis.
UK shipping firm Clarkson reports cyber attack(Reuters) British shipping services provider Clarkson Plc (CKN.L) on Wednesday said it was the victim of a cyber security hack and warned that the person or persons behind the attack may release some data shortly.
75% of insider breaches are accidental(Help Net Security) Approximately 25% of insider threats are hostile with the remaining 75% due to accidental or negligent activity, according to NTT Security. This graph repr
NSS Labs Adds Dina Bruzek as Senior Vice President of Products(Business Insider) NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced that Dina Bruzek has joined the company as Senior Vice President of Products. In this role, Dina will execute the product strategy across the company’s engineering and product management groups delivering on the CAWS Continuous Security Validation Platform.
Scarab Ransomware Protection Tips(Information Security Buzz) News reporting a major new ransomware campaign using the infamous Necurs botnet to spread via millions of spam emails. The Scarab ransomware was sent to 12.5 million email addresses in the first four hours alone, according to Forcepoint. IT security experts commented below. Jim Walter, Senior Research Scientist at Cylance: “This is an example of where modern, …
Future proofing organisations with zero-trust approach(CPI Financial) Repeated onslaughts of cybersecurity attacks are driving businesses to relook at their security policies end-to-end, and to make them more future-ready for digital environments, explains Mechelle Buys Du Plessis, Managing Director–UAE, Dimension Data.
DMU student named among UK's best cyber sleuths(DeMontfort University) Following a challenging three-day cyber-attack simulation, a student from De Montfort University Leicester (DMU) has been named among the best cyber security investigators in the UK.
Legislation, Policy, and Regulation
Policy to prevent ransomware attacks soon: IT ministry(DNA India) Policy to prevent ransomware attacks soon: IT ministry - The government has been taking proactive steps to ensure safe cyber space. The ongoing global conference will seek to extend cooperation amongst global counterparts on this issue
Trump admin to Supreme Court: No warrant needed for cellphone records(The Washington Times) The Trump administration told the Supreme Court on Wednesday that cellphone records belong to telecom companies, not to their customers, as they sought to defend the ability of police to track Americans’ whereabouts without having to obtain a warrant first.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
New York State Cybersecurity Conference(Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services,...
Cyber Security Summit Los Angeles(Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...
Hackers Challenge(New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.