The CEO of Strava promises to work with the US military and Government to better keep sensitive data secure. The company's fitness app generated a publicly accessible heat map of user activity that could be readily correlated with the location of sensitive US bases. Even anonymized and aggregated data can yield interesting intelligence.
An opinion piece in Technology Review argues that when it comes to user privacy, you're probably on your own. A report in the Guardian seconds that conclusion, noting that Strava isn't the only app tracking you: you're just a tap away from giving yourself away.
Hackers thought to be associated with Iran have been phishing Israeli nuclear scientists. The bait consists of links to bogus British news sites.
Phishing in the interest of state security can be done cheaply and without much skill. The University of Toronto's Citizen Lab has a report on a campaign directed against "members of the Tibetan community." For just a thousand dollars the phishers successfully spied for nineteen months.
Observers note that the large denial-of-service campaign against financial institutions in the Netherlands came shortly after stories broke about Dutch intelligence services having hacked into Russia's Cozy Bear.
Cisco has patched serious vulnerabilities in its VPN offerings. Users are advised to apply the patches as soon as possible.
In cryptocurrency news, South Korean authorities report $600 million in fraud, but will permit trading to continue. And the US Securities and Exchange Commission last week alleged fraud and shut down AriseBank's initial coin offering.
Implement these seven cybersecurity best practices for 2018.
Is your organization prepared for the threat landscape of 2018? In this article, ObserveIT takes a look at seven cybersecurity best practices—ranging from preparing for GDPR to testing backup systems to leveling up user training—that will better prepare you for everything from spearphishing to insider threats. Rather than dwell on the past, take stock of where your organization stands today and put these best practices in place, and you’ll be well-prepared for the coming year.
ON THE PODCAST
In today's podcast we hear from our partners at Ben Gurion University of the Negev, as Yossi Oren discusses insecure mobile device cases, that is, the kind of cases you'd put your phone into to protect it from scratches and bumps. Those cases can have security issues. Our guest is JT Keating from Zimperium on the effects Meltdown and Spectre are having on mobile devices.
Juha Saarinen: When hackers get hacked themselves(New Zealand Herald) By now, anyone who's glanced sideways at the internet and the IT systems that connect to it should be totally aware that it's a very unsafe place, riddled with hackers hell-bent on causing grief for innocent users.
Intel Chips Without Meltdown, Spectre Flaws Arriving This Year(eWEEK) Intel promises new processors to fix the Meltdown and Spectre vulnerabilities; attackers distribute cryptocurrency miners via the DoubleClick ad network; up to 30 million systems were impacted by an unauthorized Monero mining campaign; and Microsoft improves Azure cloud disaster recovery visibility.
OTX Trends Part 3 - Threat Actors(Alien Vault) By Javvad Malik and Chris DomanThis is the third of a three part series on trends identified by AlienVault in 2017.Part 1 focused on exploits and part 2 addressed malware. This part will discuss threat actors and patterns we have detected with OTX.Which threat actors should I be most concerned about?Which threat actors your organization should be most concerned about will vary greatly. A flower shop will have a very different threat profile from a defense contractor. Therefore below
Widespread API use heightens cybersecurity risks(Help Net Security) A new Imperva survey showed a heightened concern for cybersecurity risk related to widespread API use. Specifically, 63 percent of respondents are most worried about DDoS threats, bot attacks, and authentication enforcement for APIs.
Sarkari bot tool takes global malware to the cleaners(The Economic Times) Since the launch of the Cyber Swachhta Kendra or the Botnet Cleaning and Malware Analysis Centre last year, there has been a 51% decrease in malware infections in all networks in the country.
Army Takes on Wicked Problems With the Internet of Battlefield Things(Meritalk) The Army’s work on the Internet of Battlefield Things (IoBT) is more than just a way to carve out a catchy name for the proliferation of smartphones, tablets, wearable devices, cameras and embedded devices that take the field with military forces. It also underscores the most important element of having those connected devices–the data collection and automated analytics capabilities required to make good use of the information they provide.
Defending our nation’s cyber services(TheHill) As the chief cybersecurity official for the Department of Homeland Security, Jeanette Manfra is laser-focused on preventing cyberattacks that could destabilize the U.S. financial system or open the federal government up to spying.
Wanted: a firewall to protect U.S. elections(Harvard Gazette) A new bipartisan initiative at Harvard Kennedy School picks up where the federal government leaves off, bringing together experts in national security, cybersecurity, and politics to develop practical strategies, tools, and guidance to help U.S. political campaigns protect themselves from cyber threats.
Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US(KrebsOnSecurity) On Jan. 27, 2018, KrebsOnSecurity published what this author thought was a scoop about the first known incidence of U.S. ATMs being hit with “jackpotting” attacks, a crime in which thieves deploy malware that forces cash machines to spit out money like a loose Las Vegas slot machine. As it happens, the first known jackpotting attacks in the United States were reported in November 2017 by local media on the west coast, although the reporters in those cases seem to have completely buried the lede.
Legal CIO(New York, New York, USA, January 31 - February 1, 2018) LegalCIO: Formerly the Law Firm Chief Information and Technology Officers Forum, combines cutting-edge updates on legal technologies with the chance to exchange practical guidance and discuss daily challenges...
Cyber Security Summit: Silicon Valley(San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
SINET ITSEF 2018(Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...
PCI Security Standards Council Middle East and Africa Forum(Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...
Cyber 9-12(Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.