The Winter Olympics opened today, but state-sponsored threat actors have hacked in first. So far it's mostly phishing and doxing by North Korea and Russia.
Apple has filed a notice under the Digital Millennium Copyright Act to have Github remove leaked iOS source code.
Cryptomminers turn up in more uncomfortable places, among them a Tennessee hospitals electronic medical records system.
As more criminals seek payment Litecoin, that cryptocurrency appears to be taking black marketshare from Bitcoin.
Phishing shows some fresh plausibility and sophistication as the criminals pay closer attention to their marks. Researchers report a spike in conversation hijacking, where criminals interpose themselves into an email thread, spoofing one of the parties to the conversation in an effort to induce the other to open a malicious attachment that carries the Gozi Trojan as its payload. Other observers note an increase in phishing attempts that induce employees to give up their credentials so their paychecks can be directly deposited in the criminals' account. In this scam a trusted company resource is spoofed, and suspicious employees who respond to the initial phishing email with questions are promptly reassured that, yes, this is legitimate.
NETGEAR has patched five vulnerabilities Trustwave's SpiderLabs found in their broadband routers.
WordPress has issued an emergency patch for version 4.9.3, but users will have to apply it manually. Admins are finding the update comes with some headaches.
US interest in forestalling Russian mid-term election influence operations remains high, with Congress suggesting strategy to the Department of Homeland Security.
The board and cyber-risk oversight: Crown Jewels Risk Assessments.
Corporate directors want to review cybersecurity risk and assist security leaders in protecting critical assets. Learn how to identify what matters the most and how to collaboratively assess and treat cyber risk using Crown Jewels Risk Assessments.
ON THE PODCAST
In today's podcast we speak with our partners at CenturyLink about victim notification: Dale Drew has some insights. Our guest, Deidre Diamond from #brainbabe, talks about her not-for-profit's work to bring students to work at trade shows.
Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28(Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com
Compete to win prize money plus the chance to be DataTribe’s next big investment(Online, March 23 - April 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.
Crypto-Mining Malware May Be a Bigger Threat than Ransomware(Security Boulevard) Crypto-Mining Malware is Crippling Enterprise Networks Cryptocurrencies such as Bitcoin and Ethereum have gone mainstream; it seems like everybody and their brother is looking to buy some crypto and get their piece of the digital currency gold rush. Hackers want a piece of it, too. In addition to hacking ICO’s and cryptocurrency exchanges, they’re using… Read More The post Crypto-Mining Malware May Be a Bigger Threat than Ransomware appeared first on .
Multiple Vulnerabilities in NETGEAR Routers(Trustwave) Last year I discovered multiple vulnerabilities in NETGEAR products. Now that these vulnerabilities have gone through the disclosure process and have been patched we can discuss the technical details. TWSL2018-002: Password Recovery and File Access on Some Routers and Modem...
Apple’s iOS source code leak – what you need to know(HOTforSecurity) What's happened? Earlier this week someone anonymously published a key piece of Apple's iOS source code onto GitHub. Which bit of iOS was it? It was an integral part of iOS known as "iBoot" - the section of code which controls the security of your iPhone... #appleios #sourcecodeleak #vulnerability
UDPoS - Exfiltrating Credit Card Data via DNS(Forcepoint) In the current era of mass malware it's becoming increasingly rare to find something beyond the ‘usual suspects’ we see being spread by high-profile botnets on a regular basis. However, in amongst the digital haystack there exists the occasional needle: we recently came across a sample apparently disguised as a LogMeIn service pack which generated notable amounts of 'unusual' DNS requests. Deeper investigation revealed something of a flawed gem, ultimately designed to steal magnetic stripe payment card data: a hallmark of ATM/PoS malware.
Hidden PDF Trojan in Startup India Website(Infosecurity Magazine) I was recently analysing the Indian government website startupindia.gov.in after recently gaining recognition from Startup India for my new company.
CISOs Wary Of Threat Intelligence Accuracy, Quality: Study(CXOtoday.com) In a world where cyber criminals are becoming increasingly stealthy and sophisticated—with new threats on the rise ranging from ransomware to DNS hijacking—it is ineffective and costly for companies to defend themselves against cybersecurity threats alone.
World’s First Blockchain Compliance Protocol Hooks Former Amex, IBM, Oracle Consultant as CTO(Digital Journal) The Prefacto Compliance Protocol is at the core of iComplyICO and makes it possible for ICO issuers and investors to be assured that legal, financial and regulatory compliance procedures are adhered to throughout the lifecycle of the token, enabling the token itself to monitor and report AML, KYC, and a myriad of other compliance matters with jurisdictionally specific considerations on every transaction.
Products, Services, and Solutions
Mimecast Commits to GDPR Compliance for Customers(GlobeNewswire News Room) Mimecast Limited (NASDAQ:MIME), a leading email and data security company, today announced its commitment to helping customers comply with the General Data Protection Regulation (GDPR), a new European privacy regulation due to take effect on May 25, 2018
Gemalto, Entrust Datacard Pair On Payment Cards(PYMNTS.com) Gemalto, the digital security company and payment card supplier, announced news on Wednesday (Feb. 7) that it is joining forces with Entrust Datacard, a provider of identity and secure transaction technology solutions, to provide a Software-as-a-Service (SaaS)-based instant issuance solution for U.S. financial institutions. In a press release, the companies said that instant issuance began […]
How CISOs and Security Leaders Are Managing Evolving Global Risks to Safeguard Data(Ankura) Each year, new threats emerge faster than organizations can improve their defenses. Despite this perpetual challenge, security leaders continue to develop innovative strategies, adopt new tools, and assemble talented teams to combat information uncertainty. From the rise of cloud-computing to the evolving regulatory landscape, there are a myriad of issues to address.
22 Ransomware Prevention Tips(The State of Security) Dealing with the aftermath of ransomware attacks is like Russian roulette, where submitting the ransom might be the sole option for recovering locked data.
Exposing the Culture of Compliance Cramming(Security Boulevard) The latest PCI requires companies show evidence of continuous compliance, going well beyond the pass-or-fail audit of years past? Too many companies, however, are guilty of "compliance cramming."
Maturity in Your Cybersecurity Culture(Infosecurity Magazine) ENISA has published the most comprehensive and applicable recommendations and structure for setting up and running a successful security culture program.
The Brute Force Of IBM Deep Blue And Google DeepMind(Forbes) There are interesting parallels between one of this week’s milestones in the history of technology and the current excitement and anxiety about artificial intelligence (AI). Bottom line: Beware of fake AI news and be less afraid.
DHS S&T Awards $5.6M to Improve Cybersecurity Research(Newswise) DHS S&T awarded a total of $5,643,466 across seven organizations to develop new tools to arm researchers with the latest insight and an increased collection of cybersecurity incident data to understand and counter cyberattacks.
Cyberspace Vulnerability Factors(Modern Diplomacy) The fact is, contrary to what the majority of people think, “Cyberspace” is not a virtual and unrealistic space. In fact, the use of virtual words has led to the misleading of individuals and ideas in this area. Real space cyberspace is a new field for impact and as a result of friendship, cooperation, competition, […]
Course internationale autour de la physique quantique(Le Temps) La Chine multiplie les initiatives et les projets spectaculaires en matière de communications quantiques, un domaine dont elle était totalement absente il y a moins de vingt ans. Après avoir formé les experts chinois, l’Europe et les Etats-Unis peuvent perdre leur leadership
A Plan to Thwart Russian Meddling(The New Atlanticist – Medium) US Rep. Will Hurd [R-TX] has a strategy to check Russian meddling in the midterm elections later this year and the US Department of Homeland Security would have a pivotal role in that plan.
George W. Bush says Russia meddled in 2016 U.S. election(Los Angeles Times) Former President George W. Bush said on Thursday that "there's pretty clear evidence that the Russians meddled" in the 2016 American presidential election, forcefully rebutting fellow Republican Donald Trump's denials of Moscow trying to affect the vote.
Anti-China bill being softened after U.S. companies complain(Reuters) Proposed legislation in Congress aimed at preventing China from acquiring sensitive technology is being softened after protests by big U.S. companies that fear a loss in sales, four people with knowledge of the matter said this week.
Fed. Circuit Urged To Make Army Consider Palantir Software(Law360) Palantir Technologies Inc. urged the Federal Circuit on Thursday to uphold a lower court’s finding that the company was wrongly shut out of the running for a $206 million U.S. Army intelligence software contract, saying the service branch unnecessarily set out to develop a custom system and failed to conduct legally required research into available commercial options.
Cyber Security Summit: Silicon Valley(San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
CyberThreat 18(Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics...
Midlands Cyber: US Cyber Market Workshop(Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
The Cyber Security Summit: Atlanta(Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
PrivacyCon 2018(Washington, DC, USA, February 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the...
SINET ITSEF 2018(Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...
PCI Security Standards Council Middle East and Africa Forum(Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...
SecureWorld Boston(Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber 9-12(Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
3rd Annual Billington International Cybersecurity Summit(Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...
Infosecurity Magazine North America Virtual Conference(Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...
The Cyber Security Summit: Denver(Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Women in CyberSecurity 2018(Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.