Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
January 9, 2018.
By The CyberWire Staff
Where Twitter was the enabling technology of Iran's failed Green Revolution of 2009, current dissenters are turning to Canadian-made Psiphon, a firewall-evasion app that's seen up to 700,000 downloads a day in the new year, most of them in Iran. Psiphon, developed by the University of Toronto's Citizen Lab, isn't the only tool being used to circumvent Iran's "filternet," but observers are tending to keep quiet about other tools, lest they blow the gaff to the regime. (That regime appears to be showing some internal ambivalence towards its own response to dissent.)
The large task of mitigating the speculative-execution processor vulnerabilities Spectre and Meltdown continues. Apple has addressed Spectre with a fix for iOS and macOS devices. On the whole the cooperation vendors are showing in addressing the vulnerabilities seems commendable (at least Intel thinks so) but problems applying the fixes offered are widely reported, as one would expect. Microsoft has pulled its Spectre and Meltdown fixes for AMD-based devices: that patch is reported to have bricked machines where it was applied.
Concerns continue over phishing attempts during the run-up to the Winter Olympics.
Criminals show sustained interest in cryptocurrency mining and hardware wallet pilferage as the alt-coins very high valuations persist. Chinese authorities appear to be preparing a crackdown on illicit currency mining. Miners are said have appeared in BlackBerry mobile sites.
A surge in pop-up redirect ads is troubling mobile device users. The tactic isn't new, but it's recently become very widespread, and has begun infesting top-tier websites.
Today's issue includes events affecting China, European Union, India, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Russia, United Kingdom, United States, Venezuela, and Vietnam.
The board and cyber-risk oversight: Crown Jewels Risk Assessments.
Corporate directors want to review cybersecurity risk and assist security leaders in protecting critical assets. Learn how to identify what matters the most and how to collaboratively assess and treat cyber risk using Crown Jewels Risk Assessments.
The continuing lack of adequate cyber security consideration in process safety(Control Global) I will be giving the keynote January 25th at the Texas A&M Instrumentation and Automation Symposium where I hope to publicize this issue to the control and safety engineers that attend the Symposium. I am also hoping the new Texas A&M brochure will be modified to better address ICS cyber security.
Chip Vulnerability Takes Toll On Intel Stock(PYMNTS.com) Intel shares fell nearly 2 percent last Thursday (Jan. 4) after it was revealed that security flaws might allow hackers to steal sensitive information from devices. According to Reuters, the disclosure has caused investors to worry not only about the potential financial liability, but also the toll it will take on the largest chipmaker’s reputation.
BAE Debuts Cloud-Based Supply Chain Cybersecurity Service(ExecutiveBiz) BAE Systems has launched a cloud-based service offering designed to help organizations protect supply chains against cybersecurity threats, IFSEC Global reported Friday. The company’s Supply Chain Assurance service includes guidance on how to identify risks and measures to avoid a supply chain breach...
WPA3 to feature much needed security enhancements(Help Net Security) The Wi-Fi Alliance, a non-profit organization that tests and slaps the "Wi-Fi Certified" logo on products that meet certain standards of interoperability, has announced WPA3 security enhancements.
The botnet solution everybody already knows about(Fifth Domain) The tools and best practices for preventing botnet attacks already exist, governments and industries worldwide just need to take advantage of them, according to a recent National Telecommunications and Information Administration draft report to the president.
The 5 Most Relevant Questions for a SOC Analyst(Recorded Future) This episode looks at some of the most relevant questions for a SOC analyst, including collecting and prioritizing indicators of compromise, handling news feeds, and performing trend analysis.
Continuous security: What's in a name?(Help Net Security) Continuous security is the engineering philosophy of automating security concerns throughout an organization. It nicely parallels continuous delivery.
Governor Mead announces Cyber Challenge for Wyoming students(KGWN) Governor Mead announces a new Cyber Challenge for Wyoming students. The competition is open to Wyoming high school junior or senior girls who are at least 16 years old. Contestants will learn cybersecurity skills and test their aptitude through a no-cost online game of discovery called CyberStart.
Cyber Vigilantes & Hacktivists: Double-Edged Sword Against ISIS(The Cipher Brief) Bottom Line: Cyber vigilantes and “hacktivists” increasingly fill the void left by governments in combating terrorist activity online. While such politically motivated non-state hackers are relatively effective at removing the presence of terrorist content, their continued operations could damage overall counterterrorism efforts by undermining intelligence operations – say by taking down a website that the …
Russia And Venezuela Plan Cryptocurrencies(NPR.org) Venezuela and Russia announced plans to launch their own cryptocurrencies. NPR's Scott Simon speaks to Monica de Bolle of the Peterson Institute for International Economics about why.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
DistribuTECH(San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...
ATARC Federal CISO Summit(Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.