Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
January 5, 2018.
By The CyberWire Staff
Today's news continues to be dominated by the Meltdown and Spectre bugs. Contrary to early reports, essentially all platforms are affected, not just those running on Intel processors. Most major vendors, including Microsoft, Intel, and Google, have fixes out, and others, including Apple, will release theirs soon. These can be expected to exhibit the usual fraction of unintended and unexpected consequences: Microsoft's Windows 10 update, for example, is reported to interfere with the functioning of some (not all) anti-virus products. The fixes will also generally have the effect of slowing down many processes. Individual and business Internet users will probably see this manifested in the cloud services they use.
In November Intel's CEO, Brian Krzanich, sold the maximum number of shares permitted under company bylaws. This was after Intel was notified of Meltdown and Spectre, but before the vulnerabilities were publicly disclosed. Intel says this was a mere coincidence, as indeed it may well be, but the industry press (notably TechCrunch and Ars Technica) is taking note.
India's Aadhaar national biometric identification database is said to have been breached, with access to its data for sale on the Dark Web for under $10. Aadhaar has had its security issues before, but this latest appears close to a complete compromise, affecting more than a billion people.
The cryptocurrency mania continues, as observers goggle in disbelief at the more bullish projections. Criminals are also affected by the speculative market in Bitcoin: rapid appreciation and volatility are driving them to alternative alt currencies.
Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it. getleftofboom.com
That Intel chip problem? It's now a far worse security issue(Silicon Valley Business Journal) Google researchers on Wednesday confirmed that they had uncovered a set of major security flaws in devices containing chips from Intel Corp., Advanced Micro Devices and ARM Holdings — potentially affecting virtually every computer and smart phone on the planet.
Search engine shenanigans: Malwarebytes mentions aren’t what they seem(Security Boulevard) Hunting for information on Malwarebytes, including blog posts or researcher names on Google's search engine? Be wary of websites stuffed with keywords designed to send you into an ad blizzard. Categories: Cybercrime Social engineering Tags: adadsadvertsredirectsearch engine (Read more...) The post Search engine shenanigans: Malwarebytes mentions aren’t what they seem appeared first on Malwarebytes Labs.
InfoShot: Most blacklisted mobile apps(IDG Connect) WhatsApp, Pokémon Go, WinZip, and Wild Crocodile Simulator are amongst the most blacklisted mobile apps within the enterprise, according to a new report.
Google’s Mitigations Against CPU Speculative Execution Attack Methods(Google Help) This document lists affected Google products and their current status of mitigation against CPU speculative execution attack methods. Mitigation Status refers to our mitigation for currently known vectors for exploiting the flaw described in CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.
Site Isolation(The Chromium Projects) Home of the Chromium Open Source Project
Louisville-based Swimlane raises $1.35 million(BizWest) Swimlane LLC, a Louisville-based software company, has raised $1.35 million in capital. The funding comes from an equity offering, according to a Form D filed Dec. 29 with the Securities and Exchange Commission. Swimlane did not respond to a request for more information. Swimlane produces an automated security platform that allows companies to automatically respond to cyber attacks and to automate tasks. In December 2016, Swimlane raised about $3 million in another equity offering.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
Cyber:Secured Forum(Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively...
4th European Cybersecurity Forum – CYBERSEC(Krakow, Poland, October 8 - 9, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.