Adobe has issued a quick fix for the Flash Player exploit that's been used in the wild against mostly South Korean targets. The attacks have been generally attributed to North Korean operators. North Korean cyber operators are also believed to be engaged in an ongoing campaign to steal cryptocurrency during the run-up to the Olympic Games.
Ledger hardware wallets have been found susceptible to man-in-the-middle attacks. There will be no patch; instead Ledger invites users of the cryptocurrency product to "verify your receive address on the device's screen by clicking on the 'monitor button'."
UpGuard has found another leaky Amazon Web Services S3 bucket. This one belongs to Octoly, a Paris-based firm that connects "influencers" on Instagram, Twitter, and YouTube with companies willing to provide them with goods and services for marketing purposes. Some 12 thousand influencers had their data exposed.
Dutch police have made an arrest in the distributed denial-of-service attacks that disrupted some of the country's financial institutions last week. It's an unnamed teenager from Oosterhout who rented a booter service for unclear reasons. That booter service may explain the Russian IP addresses reported to be associated with the attack traffic.
In testimony before the Senate yesterday, the US Securities and Exchange Commission recommended regulating cryptocurrencies.
In other Congressional hearings, Uber defended its odd "bug bounty" program, but the company also said it was wrong to delay disclosure of its 2016 breach.
In industry news, Proofpoint announced that it will acquire Wombat Security for a reported $225 million.
The board and cyber-risk oversight: Crown Jewels Risk Assessments.
Corporate directors want to review cybersecurity risk and assist security leaders in protecting critical assets. Learn how to identify what matters the most and how to collaboratively assess and treat cyber risk using Crown Jewels Risk Assessments.
ON THE PODCAST
In today's podcast, we hear from our partners at Accenture, as Justin Harvey talks about ransomware, and offers his views on when (or whether) someone might consider paying the extortionists (short take: don't pay unless lives are on the line, as they might be in healthcare). Our guest, Yassir Abousselham from Okta, discusses Okta's 2018 Businesses @ Work report. Among other topics, the report touches on passwords, identity theft, and multifactor authentication.
Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28(Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com
Compete to win prize money plus the chance to be DataTribe’s next big investment(Online, March 23 - April 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.
Buffett's Business Wire suffers cyberattack(Reuters) Business Wire, the corporate news release distributor owned by Warren Buffett's Berkshire Hathaway Inc, on Tuesday said it has been suffering for nearly a week from a cyberattack designed to disable it.
CSS Code Can Be Abused to Collect Sensitive User Data(BleepingComputer) With the recent upgrades to the CSS language, CSS code has become a powerful tool that could be abused to track users on websites, extract and steal data from a web page, collect data entered inside form fields (including passwords), and even deanonymize Dark Web users in some scenarios.
Ransomware Victims Hit on Average by Two Attacks per Year(BleepingComputer) A study of 2,700 IT professionals across the globe has revealed that 54% of organizations suffered a ransomware attack in the last year, and most organizations were hit more than twice, with the average number of ransomware per attacks being two.
Bitdefender Ironically Stopped Working on Safer Internet Day(BleepingComputer) Ironically on what has become known as Safer Internet Day, users of Bitdefender Antivirus are reporting today that the security software has suddenly stopped working. After installing an update, Bitdefender users are seeing errors that state "The Bitdefender Security Service (vsserv.exe) is unavailable".
Security Patches, Mitigations, and Software Updates
Adobe Fixes Flash Player Zero-Day Vulnerability(Security Boulevard) Adobe has released an emergency update for Flash Player to fix a critical zero-day vulnerability that already has been used in targeted attacks by North Korean hackers.
How Secure is Your Medical Data?(Security Boulevard) Imagine getting online with your doctor on the other end of the streaming connection, and then sending her real-time data of your blood pressure and glucose levels for real-time analysis and consultation..
Why FireEye's Fiscal 4Q17 Results Matter(Market Realist) FireEye (FEYE), a leading player in the cybersecurity space, is scheduled to announce its fiscal 4Q17 earnings on February 8, 2018. Analysts expect the company to report revenue and non-GAAP (generally
New Lightweight Security Patching Agent(Waratek) Waratek has announced a new lightweight runtime plugin agent for fast and easy patching of known flaws, including long-term un-patched vulnerabilities.
Do you know your attack surface?(Sweepatic Blog) Think about the company you work for. How big is its digital footprint? 5 or 50 subdomains? Or 500? Which files are exposed? Do they leak sensitive information? How are new online assets reported? Is there an inventory of all assets?
Multi-risks in the Multi-cloud: An Industry Perspective(CSO Online) CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership.
3 Golden Opportunities to Mitigate Network Cyber Attacks(Bricata) Effective network security provides 3 opportunities to detect and mitigate cyber threats: at the initial download; during communication between endpoint and router; and the lateral movement of files or malware within the network. #idp #ids #networksecurity
News and Events – S&T’s cybersecurity offerings strengthen employment credentials of business students(Missouri S&T) To address the growing need to protect online infrastructures and equip business students and executives for success in this arena of the global workplace, Missouri University of Science and Technology has added a cybersecurity and information assurance minor to its bachelor’s degree programs in business and management systems and information science and technology, as well as a graduate certificate in cybersecurity for its MBA and M.S. in information science and technology.
Audit: UW System hasn’t protected computer systems(The Seattle Times) A new state report indicates the University of Wisconsin System hasn't developed a comprehensive computer security program. The Legislative Audit Bureau's report Tuesday found the UW Information Assurance Council established authentication, data classification, security awareness, incident...
What is Cryptocurrency And Where Did It Come From?(The Merkle) In its barest form, cryptocurrency is a digital medium of exchange, designed to be purchased, exchanged, and utilized for a variety of services. It is an intangible form of currency, having no physical ...
New Bill Would Moot Microsoft Ireland Case — And Much More!(Just Security) A bipartisan group of Senators introduced the Clarifying Lawful Overseas Use of Data, or CLOUD, Act– a bill that authorizes the executive to enter into bilateral and multilateral agreements so as to to facilitate cross-border access to data in the investigation of serious crime.
Suspect arrested for cyber attacks on Dutch tax service; Bunq(NL Times) The police arrested an 18-year-old man from Oosterhout in connection with multiple DDoS attacks on the Tax Authority, tech site Tweakers and internet provider Tweak last week, as well as on online bank Bunq in September last year. The man was arrested on Thursday, February 1st, the police said in a statement on Monday. In a DDoS attack large amounts of data is sent to the targeted site, overloading the site's server and thereby crashing the site.
Where’s the Beef? The House Intelligence Committee Memo Provides Few Answers and Leaves Many Questions(Foreign Policy Research Institute) After touting its content with almost breathless anticipation, the Republican majority of the House Permanent Select Committee on Intelligence (HPSCI) last week secured President Donald Trump’s approval to declassify and publicly release the memorandum prepared by the Republican majority’s staff provocatively titled “Foreign Intelligence Surveillance Act Abuses at the Department of Justice and the Federal Bureau of Investigation” (the “HPSCI Memorandum”).
Uber Defends Bug Bounty Hacker Program to Washington Lawmakers(Bloomberg.com) Uber’s information security chief, John Flynn, defended the company’s practice of paying hackers to find security flaws as he faced lawmakers over a data breach in 2016 where hackers stole the personal information from 57 million people.
Court Considers Cold War Secrecy Over Muslim Surveillance(New York Law Journal) The New York Police Department overstepped its reach when it used a Cold War-era legal tactic to conceal information about whether it put two Muslim men under surveillance a lawyer representing the men argued Tuesday before New York's highest court.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Sea-Air-Space: The Navy League’s Global Maritime Exposition(National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete.
SecureWorld Charlotte(Charlotte, North Carolina, USA, February 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber Security Summit: Silicon Valley(San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
CyberThreat 18(Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics...
Midlands Cyber: US Cyber Market Workshop(Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
The Cyber Security Summit: Atlanta(Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
SINET ITSEF 2018(Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...
PCI Security Standards Council Middle East and Africa Forum(Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...
SecureWorld Boston(Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber 9-12(Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
3rd Annual Billington International Cybersecurity Summit(Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...
Infosecurity Magazine North America Virtual Conference(Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...
The Cyber Security Summit: Denver(Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Women in CyberSecurity 2018(Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.