Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the first episode and subscribe today. The second episode will arrive Thursday. (Thanks to KnowBe4, our sponsors for season 1.)
By The CyberWire Staff
Covellite, the North Korean Internet-of-things hacking group, seems to have grown quiet with respect to American targets during the runup up to the June 12th Kim-Trump summit. Covellite, tracked by Dragos, is said to share considerable infrastructure and malicious code with the Lazarus Group (a.k.a. Hidden Cobra).
NATO members (the US in particular) find themselves relearning Cold War lessons about Russian electronic warfare capabilities.
Russian authorities are said to share Western concerns over the increasing rate of criminal attacks on cryptocurrencies.
The New York Law Journal, in a look at trends in social engineering, concludes that law firms are surprisingly easy marks.
Anyone attending World Cup events this summer should be aware of the significant risk Wi-Fi hotspots present.
Apple's latest round of updates are regarded as markedly friendly to user privacy. MacOS Mojave and iOS 12 both include features designed to block "secret trackers," and a feature being tested for iOS 12, USB Restricted Mode, is designed to impede Cellebrite's unlocking tools the FBI and others have used. The Safari browser also has new features designed to impede ad-trackers.
As the US Congress considers legislation designed to restrict Chinese intelligence collection, and the FBI warns that Chinese espionage is a "whole-of-nation" problem, the US Justice Department has charged former US Army warrant officer and DIA civilian employee Ron Rockwell Hansen with fifteen counts related to spying for China, including attempting to gather or deliver national defense information to aid a foreign government and acting as an unregistered foreign agent.
$8.76 million: The average yearly cost of insider threats. Get the report.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.
ON THE PODCAST
In today's podcast we speak with David Dufour from our partners at Webroot on new roles for security, and how they affect hiring and education. Our guest,John Dickson from the Denim Group, discusses the challenges of securing voting infrastructure.
Cyber Security Summits: Boston on June 5 & June 28 in DC(Boston, Massachusetts, United States, June 5, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
TU-Automotive Cybersecurity Conference(Detroit, Michigan, United States, June 6 - 7, 2018) Uniting 150+ experts from the connected car and security industries to help automotive to apply technology and best practices to deliver robust security defenses and processes. Co-located with TU-Automotive Detroit, attendees can access the world’s largest automotive technology exhibition. CyberWire audience save $100 off standard and basic passes with code TCW100.
8th Annual (ISC)2 Security Congress(New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.
Scammers Targeting Booking.com Users with Phishing Messages(Security Boulevard) Scammers recently targeted Booking.com customers with phishing messages designed to steal their sensitive financial information. According to The Sun, criminals sent out WhatsApp messages and text messages to customers claiming that a security breach had occurred and that recipients needed to change their passwords. The attack correspondence came with a link that, when clicked, gave … Read More The post Scammers Targeting Booking.com Users with Phishing Messages appeared first on The State of Security.
The Future of Cyber Threats: When Attacks Cause Physical Harm(New York Law Journal) The ability of cyber threats to compromise information systems is an ongoing danger to all organizations. However an emerging threat presents a new challenge—cyberattacks that may cause physical harm to systems and persons. This threat has become acute for certain sectors such as critical infrastructure.
Security Patches, Mitigations, and Software Updates
Apple Touts Privacy Features of New Operating Systems(SecurityWeek) Apple said new MacOS Mojave and iOS 12 software powering its mobile devices and computers would include features designed to thwart the use of secret trackers to monitor people's online activities.
Cybersecurity: A core component of digital transformation(Help Net Security) In this podcast, Kai Grunwitz, Senior VP EMEA at NTT Security, talks about the NTT Security 2018 Risk:Value Report, and the importance of cybersecurity for a successful digital transformation. Here’s a transcript of the podcast for your convenience. Hello. My name is Kai Grunwitz, and I'm Senior VP EMEA at NTT
AIG: Data Breaches Made 2017 Worst Year Yet(PYMNTS.com) Following a series of sophisticated cyberattacks, such as WannaCry and NotPetya, AIG received a surge of cyber claims in 2017: The insurer saw as many claims notifications as the previous four years combined, RT reported. “The combination of leaked National Security Agency (NSA) tools, plus state-sponsored capabilities, triggered a systemic event,” Mark Camillo, head of cyber for […]
Perspecta Announces Leadership Team(WashingtonExec) Perspecta Inc. has announced the formation of its leadership team to coincide with the completion of its separation from DXC Technology Company and commencing trading on the New York Stock Exchange under the ticker symbol PRSP. With 14,000 employees and pro-forma revenues of $4.2 billion, Perspecta helps U.S.
Products, Services, and Solutions
Rookout releases serverless debugging tool for AWS Lambda(TechCrunch) The beauty of serverless computing services like AWS Lambda is that they abstract away the server itself. That enables developers to create applications without worrying about the underlying infrastructure, but it also creates a set of new problems. Without a static server, how do you debug a progr…
Discover all IT assets across your global hybrid infrastructure(Help Net Security) Qualys announced Asset Inventory (AI), a new cloud app that provides customers a single source of truth for IT assets spread across hybrid environments including on-premises, endpoints, clouds and mobile, with synchronization capabilities to Configuration Management Databases (CMDBs) to keep asset data up-to-date.
Egnyte releases one-step GDPR compliance solution(TechCrunch) Egnyte has always had the goal of protecting data and files wherever they live, whether on-premises or in the cloud. Today, the company announced a new feature to help customers comply with GDPR privacy regulations that went into effect in Europe last week in a straight-forward fashion. You can sta…
Microsoft Adds Post-Quantum Cryptography to an OpenVPN Fork(BleepingComputer) Microsoft has recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) with OpenVPN. This project is being developed by the Microsoft Research Security and Cryptography group as part of their research into post-quantum cryptography.
Broadband Leaders Push Back on Proposed Ban on ZTE, Huawei Gear(Bloomberg.com) Trade groups representing the leading American broadband and wireless providers told the the Federal Communications Commission to go slow as it weighs banning the use of federal subsidies to purchase gear from Huawei Technologies Co. and ZTE Corp.
Is the Pentagon taking over security clearances a good idea?(Washington Business Journal) The plan calls for the Defense Department to oversee all background investigations involving its military and civilian employees and contractors and eventually have the authority to conduct security reviews for nearly all other government agencies.
Masterminds behind prolific CEO fraud ring arrested(Help Net Security) It took two years and a collaborative effort of French, Belgian, Romanian and Israeli law enforcement agencies to take down an organised crime group that was behind at least 24 cases of CEO fraud across Europe, Europol has announced.
When the FBI Can Help Companies Deal With a Cyber Event(New York Law Journal) Many companies neglect to reach out to the FBI following a cyber incident turning instead to law firms and cybersecurity firms alone. This might be a mistake considering the practical assistance the FBI can provide to targets of a cyber attack.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Securing Federal Identity(Washington, DC, USA, June 5 - 6, 2018) Securing Federal Identity 2018, a highly focused and high-energy event, will feature an in-depth view of the future of federal government policies and technology developments for securing federal identity...
New York State Cybersecurity Conference(Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services,...
The Cyber Security Summit: Boston(Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
SecureWorld Chicago(Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
NSA 2018 Enterprise Discovery Conference(Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning...
National Cyber Summit(Huntsville, Alabama, USA, June 5 - 7, 2018) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. Held in Huntsville,...
Cyber//2018(Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual...
TU-Automotive Cybersecurity(Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply...
SINET Innovation Summit 2018(New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration...
CYCON: Cyber for the Community(Reston, Virginia, USA, June 9, 2018) Join us for a day of Cyber Security talks on privacy, lock picking, the Dark Web, cyber education, building attack machines, phishing attacks, malware analysis, Internet of Things security, threat monitoring...
Transport Security and Safety Expo(Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly...
Transport Security & Safety Expo(Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.
Dynamic Connections 2018(Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive...
Norwich University Cyber Security Summit(Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format,...
GovSummit(Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
The Cyber Security Summit: DC Metro(Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is...
Impact Optimize2018(Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity.
Nuclear Asset Information Monitoring and Maintenance(Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s...
The Cyber Security Summit: Seattle(Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Cyber Security Summit 2018(Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.