Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
January 8, 2018.
By The CyberWire Staff
In the run-up to next months Winter Olympics, to be held in Pyeongchang, South Korea, the first significant hacking campaign directed at those interested in the games has surfaced. Researchers at McAfee discovered the campaign, which uses phishing emails to spread malicious code in the form of an attached Korean-language text document. McAfee offers no attribution, but they have said that the campaign's complexity suggests that a nation-state is behind it.
Other Olympics have experienced associated cyber attacks, notably the 2016 Rio games. Most were criminal in motivation, although there were Fancy Bear sightings in retaliation for exposure of Russian doping scandals. More attacks can be expected as the Pyeongchang games approach.
Remediation of Meltdown and Spectre, which MIT's Technology Review is calling "Chipmageddon," continues. Spectre is now clearly known to affect essentially all chips, not just Intel's, but Intel continues to bear the brunt of hostile scrutiny, including class action lawsuits the plaintiff's bar quickly and predictably initiated at the end of last week. Despite concerns over incompatibilities between a patched Microsoft Windows 10 and a number of anti-virus products, and despite widespread fear of slower performance, most experts are advising enterprises and individuals to apply the fixes. Intel discounts the effect of mitigations on speed, and Motherboard reassures gamers that they'll still be fast enough to "crush noobs."
Unrest continues in Iran, as do government attempts to control information: former president Mahmoud Ahmadinejad (no Westernizing reformer, by any account) is said to have been arrested for fomenting dissent.
The board and cyber-risk oversight: Crown Jewels Risk Assessments.
Corporate directors want to review cybersecurity risk and assist security leaders in protecting critical assets. Learn how to identify what matters the most and how to collaboratively assess and treat cyber risk using Crown Jewels Risk Assessments.
Meltdown and Spectre: clearing up the confusion(SANS Internet Storm Center) Unless you’ve been living under a rock (or on a remote island, with no Internet connection), you’ve heard about the latest vulnerabilities that impact modern processors.
Scary Chip Flaws Raise Spectre of Meltdown(KrebsOSecurity) Apple, Google, Microsoft and other tech giants have released updates for a pair of serious security flaws present in most modern computers, smartphones, tablets and mobile devices. Here’s a brief rundown on the threat and what you can do to protect your devices.
Banks, telcos working to mitigate major chip flaws(The Straits Times) Essential-services sectors in Singapore are working furiously to mitigate cyber security risks linked to two critical hardware flaws discovered last year but made public only last week.. Read more at straitstimes.com.
When Speculation Is Risky: Understanding Meltdown and Spectre(TrendLabs Security Intelligence Blog) For several days, rumors circulated about a serious vulnerability in Intel processors. It wasn’t until January 3 that the official disclosure of the Meltdown and Spectre vulnerabilities was made, and it became clear how serious the problems were. To summarize, Meltdown and Spectre both allow malicious code to read memory that they would normally not have permission to.
Spectre & Meltdown: Tapping into the CPU's Subconscious Thoughts(DS9A.NL) In this post I will attempt to fully explain the Spectre and Meltdown vulnerabilities in an accessible way. I decided to write it up after I realised it took me more than a day to figure it out, even though I’ve been doing security related stuff on CPUs for 20 years.
Who's affected by computer chip security flaw(Fifth Domain) Technology companies are scrambling to fix serious security flaws affecting computer processors built by Intel and other chipmakers and found in many of the world’s personal computers and smartphones.
Businesses cautious in installing patches to fix chip flaw(Reuters) Chances that a fix to a major microchip security flaw may slow down or crash some computer systems are leading some businesses to hold off installing software patches, fearing the cure may be worse than the original problem.
New ways to bet on bitcoin?(Seeking Alpha) The SEC has received a request to allow five bitcoin-related ETFs to be listed on Arca, a secondary marketplace on the NYSE (NYSE:ICE).The instruments, created by Direxion Asset Management, are not ti
The changing face of cyber insurance(Intelligent Insurer) It’s time for insurers to wake up to the reality of their role in protecting companies from the fallout from cyber attacks, says Dan Trueman, the global head of cyber at AXIS Insurance.
Cyber Insurance Gets a Boost with Cyber Risk Benchmarking Model(CPO Magazine) AIG releases new cyber risk benchmarking model to quantify and score cyber maturity of clients, boosting cyber insurance and promoting metrics useful for the industry to evaluate the risks that organizations face in terms of cyber security.
Google makes millions from plight of addicts(Times) Google has been profiting from a practice banned in America in which brokers secretly reap millions of pounds from vulnerable people seeking treatment for addictive diseases in the UK. An...
How Blockchain Will Protect Driverless Cars(Overstock Garage) Have you ever taken a ride in a self-driving car? You will. The industry shift towards autonomous vehicles is gaining so much momentum that you might even own one eventually.
Plugging Singapore’s cyber security skills gap(Computer Weekly) Some 20 teams of cyber security industry professionals and tertiary students in Singapore pitted their skills against one another in a competition aimed at plugging the cyber security skills gap in the city-state.
Agency Transformed, NSA Chief Rogers Set for Spring Departure(The Cipher Brief) The Cipher Brief spoke with its former NSA and cyber experts on their reactions to the news that NSA and Cyber Command chief Adm. Michael Rogers would be retiring in the spring. In his four years in the post, Rogers presided over a controversial reorganization of NSA that some hailed as rendering the top code-breaking agency
DHS Election Unit Has No Plans for Probing Voter Fraud: Sources(Reuters via US News and World Report) The U.S. Department of Homeland Security's election security unit has no immediate plans to probe allegations of electoral fraud, despite President Donald Trump's announcement this week he was giving the issue to the agency, according to administration officials.
Equifax Says It Will Hand Over NY Data Breach Info(New York Law Journal) A spokeswoman for Atlanta-based credit reporting agency Equifax said the company would comply with a demand by Secretary of State Rossana Rosado for information on a July data breach that was made public in September. The demand was made under emergency regulations issued by New York state in December.
DOJ prepares new probe of Clinton’s email server(New York Post) The Trump administration is launching another probe into Hillary Clinton’s use of a private email server when she was secretary of state, a new report said Thursday. Attorney General Jeff Sessions …
FBI launches new Clinton Foundation investigation(TheHill) The Justice Department has launched a new inquiry into whether the Clinton Foundation engaged in any pay-to-play politics or other illegal activities while Hillary Clinton served as secretary of State, law enforcement officials and a witness tells
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
SINET ITSEF 2018(Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...
3rd Annual Billington International Cybersecurity Summit(Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...
SINET Innovation Summit 2018(New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration...
SINET61 2018(Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...
9th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...
Global Cybersecurity Innovation Summit(London, England, UK, September 18 - 19, 2018) Advancing global collaboration and innovation. SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption...
SINET Showcase(Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.