The threat intelligence event of the year is just around the corner—Detect '18! Join team ANOMALI and your fellow professionals at the Gaylord National Resort & Convention Center September 19-21, 2018 in National Harbor, Maryland for timely education and training on today’s most compelling, relevant threat intelligence topics, breakout sessions designed for all levels of experience, and insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Register today!
August 30, 2018.
By The CyberWire Staff
Automated Twitter accounts have turned up in Sweden, according to a study by that country's defense research establishment. The bots, of unknown provenance, appear to be interested in the election, where they seem likelier to favor the country's third largest party, the Sweden Democrats, whose nationalist and anti-immigrant line appears positioned to make a run at overtaking the opposition Moderate party for second place behind the governing Social Democrats.
The US FBI says that it doesn't have much evidence supporting recent reports (and Presidential tweets) that Chinese intelligence compromised former Secretary of State Clinton's insecure private server. Observers say that doing so would represent a departure for Chinese espionage, which has specialized in intellectual property theft. Chinese information operations have tended to focus on sponsoring think tanks and cultural centers—a kind of malign version of Germany's benign Goethe Institut.
A criminal is selling data belonging to 130 million guests who've stayed at hotels belonging to China's Huazhu Group. Several security companies reporting finding the offering in a dark web souk: the hacker wants 8 Bitcoin (about $56,000) for the whole shebang.
Manufacturers of two medical devices, Qualcomm's Life Capsule Datacaptor Terminal Server and Becton Dickinson's Alaris TIVA Syringe Pump, disclosed through ICS-CERT that their devices allow remote unauthenticated access. Patches and upgrades are available; hospitals are urged to apply them.
A young man has been charged in connection with the creation of the Satori botnet, but observers wonder if he really had the technical chops to do the crime.
Find out what solutions are emerging, peaking and working for cyber risk managers.
In this recently-released report, Gartner Research analysts apply their “hype cycle” framework to describe the related services, software platforms, applications, methods and tools that organizations can use to develop programs to withstand risk events or take advantage of risk-related opportunities. Read the Gartner report, “Hype Cycle for Risk Management, 2018” courtesy of Coalfire.
Hacking Humans is also up: this week's theme is, "red-teaming starts with research." Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. And Joe interviews security consultant and pen tester Justin White.
Rapid Prototyping Event: The Chameleon and the Snake(Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.
Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA(Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.
The force is stronger when MSPs and MSSPs come together.(Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
Yahoo still scans your emails for ads — even if its rivals won’t(TechCrunch) You’re not the only one reading your emails. A deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email-scanning program analyzes over 200 mill…
Why Yahoo scanning user email is no cause for panic(Naked Security) The Wall Street Journal yesterday published an unsettling report that the owner of Yahoo, Verizon subsidiary Oath, has been quietly analysing the emails of its 200 million users to sell to advertis…
The State of IoT Security(Dark Cubed) The threat of in-home smart (IoT) devices – like smart light bulbs, thermostats, power outlets, and security cameras – being hacked and controlled by botnets has been researched and documented extensively, but we wanted to explore the level of risk they pose during their everyday operations, as designed and delivered out of the box.
Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threats?(Varonis Blog) Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their security and IT pros when it comes to cybersecurity? We asked 345 C-Suite executives and cybersecurity/IT pros in the U.S., U.K., France and Germany some questions to find out. Dreading Data Loss: What are Executives’ Top 3 Cybersecurity Concerns? Corporate executives share the same concerns…
VMware Pledges to Reduce Cybersecurity Costs(Security Boulevard) VMware, at this week's VMworld 2018 conference, signaled its intention to reduce dramatically the number of products and technologies required to secure VMware has signaled its intention to reduce dramatically the number of products and technologies required to secure an IT environment.
This is Google’s Titan security key(TechCrunch) Google isn’t one to shy away from bold claims. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a spokesperson told TechCrunch. And it’s probably true. Think of a security key as like a two-factor authentication code that…
DHS Official: NRMC Is ‘Long Game’ in U.S. Cyber Defense(MeriTalk) Matthew Travis, deputy undersecretary of the Department of Homeland Security’s National Programs and Protection Directorate (NPPD), said today that DHS’s recently-established National Risk Management Center (NRMC) represents the agency’s plan to play “the long game” in defending U.S. critical infrastructure sectors from attacks.
NPPD builds on reorg momentum in renewed pitch for name change(FederalNewsRadio.com) Building off the momentum of launching its National Risk Management Center last month, the Department of Homeland Security has renewed its pitch to Congress to approve an agency reorganization that would streamline DHS' cybersecurity functions.
The agency created to protect elections is broken(Yahoo News) The mission of the Election Assistance Commission — the nation’s first federal agency created to oversee elections at every level of government — has never been clear, and more than 15 years later, critics say the agency has succumbed to the whims of partisan operatives.
Why It Is Time For a U.S. Cyber Force(Center for International Maritime Security) By Dave Schroeder and Travis Howard The proposal to create a U.S. Space Force has cyber professionals wondering about the government’s national security
Cyber attack allegations nothing new: FM(Global Times) China's Foreign Ministry, asked on Wednesday about US President Donald Trump's claim that China hacked the emails of 2016 Democratic presidential candidate Hillary Clinton, said such allegations were nothing new.
Newbie Hacker Fingered for Monster Botnet(The Daily Beast) Federal prosecutors quietly indicted this 20-year-old, and rival hackers say he’s behind a king-sized botnet. But did he really have the skills to pull it off?
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Florida Cyber Conference 2018(Tampa, Florida, USA, October 10 - 11, 2018) The Florida Cyber Conference has quickly become the “can’t miss” networking event for Florida’s stakeholders in cybersecurity, bringing together a diverse audience from multiple sectors to encourage dialogue,...
Wild West Hackin’ Fest(Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
Intelligence & National Security Summit(National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...
Cyber Resilience & Infosec Conference(Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently
Incident Response 18(Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community,...
9th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...
SecureWorld Twin Cities(Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
2018 International Information Sharing Conference(Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.