Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Step right up and trust us: check out the first two episodes and subscribe today. And thanks to KnowBe4, our sponsors for Season 1.
By The CyberWire Staff
CrowdStrike says that, after more-or-less abiding by a 2015 mutual undertaking with the US not to engage in massive IP theft, China is back at it with a vengeance. CrowdStrike doesn't offer any particular reason for the upswing, but observers speculate that it's linked to recent trade tension between the US and China. Recorded Future sees a potential partial explanation in terms of reshuffled agency equities after consolidation of signals and intelligence organizations into China's large Strategic Support Force, a process that began in 2015.
The US Congress seems loaded for bear in its investigations of ZTE and Huawei, and their (alleged) US partners Facebook and Google. There's also dissatisfaction over the lifeline extended to ZTE (despite the billion dollar fine).
Adobe issued an emergency patch yesterday of a Flash vulnerability that's being exploited in the wild. Most of the exploitation has been against targets in Qatar, still in bad odor with other regional Arab powers including Egypt, Saudi Arabia, and the UAE. At issue are Qatar's alleged Iranian connections.
ESET analyzes InvisiMole, a cyberespionage tool that backdoors targets, engages in remote code execution, and steals audio from infected devices. It's uncommon, and ESET offers no attribution, but the malware has been found in Ukrainian and Russian computers.
A Facebook glitch inadvertently turned some 14 million users' private data public.
Leidos becomes the latest US Federal contractor to exit the commercial cybersecurity market, selling its commercial unit to Capgemini.
The US Federal Trade Commission wants to hear from cryptojacking victims.
$8.76 million: The average yearly cost of insider threats. Get the report.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.
8th Annual (ISC)2 Security Congress(New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.
InvisiMole cyber espionage malware detailed(SC Media US) A rarely used, but very powerful cyberespionage malware with the ability to install backdoors, remotely execute code and grab sound and audio from the affected device has been discovered and analyzed by ESET researchers.
What Companies Should Know About VPNFilter(Wall Street Journal) The revelation on Wednesday of a network of hacked routers and storage devices that could be used to launch a massive cyberattack shows how connected devices with weak security safeguards are making companies vulnerable to powerful cyberattacks, experts say.
Cryptomining malware digs into nearly 40% of organizations worldwide(Help Net Security) Check Point published its latest Global Threat Index for May 2018, revealing that the Coinhive cryptominer impacted 22% of organizations globally – upCheck Point published its latest Global Threat Index for May 2018, revealing that the Coinhive cryptominer impacted 22% of organizations globally.
Unsecured mobile endpoints are leaving the public sector vulnerable to cyberattacks(Fedscoop) In recent years, the public sector has fallen in line with the rest of society, taking a sharp turn toward mobility. In today’s connected environment, this trend is playing a significant role in shaping the U.S. government’s mission to better serve and protect our nation’s citizens. Mobile devices provide users with an added level of …
Anatomy of a Russian 'Troll Factory' News Site(bellingcat) When browsing through stories on the newly-established media outlet USAReally.com, you may think that you are reading a procedural-generated site that exists entirely from search engine optimization tricks, stealing articles from more established outlets and reposting them as if they were original. However, a closer inspection shows that there are no advertisements on the site...
Security Patches, Mitigations, and Software Updates
Secure Aviation Requires a Connected Industry(Avionics) Alaska Airlines is no longer an airline. That’s according to Jessica Ferguson, Alaska’s director of security architecture. It’s now “a technology company that flies planes.” Delivering a keynote speech at this week’s Global Connected Aircraft Summit in San Diego, Ferguson was discussing company culture in the age of connectivity. Particularly for an 85-year-old company that …
Leidos lets go of commercial cyber(Washington Technology) The number of government contractors who have tried and failed to integrate a commercial cyber business continues to grow now as Leidos announces plans to sell that business to Capgemini.
Verizon CEO to Retire, Succeeded by a Newcomer(Wall Street Journal) Verizon Communications named Hans Vestberg to succeed Lowell McAdam as its next chief executive, appointing a relative newcomer to run the wireless giant at a time when its industry is being reshaped by megadeals.
Privacy and the Internet of Things: Emerging Frameworks for Policy and Design(CLTC) Regulators and product makers need to do more to protect consumer data in the Internet of Things (IoT), as the rapid proliferation of web-connected devices is leading to the potentially irreversible erosion of our personal privacy. That is among the key findings of a new research report, Privacy and the...
Why Best of Breed May Not Be Best(Tanium Blog) It’s no secret that many organizations rely on numerous tools to manage technology operations and security. Purchased over the years to solve the hottest new problem, these tools combine to form layers of often-overlapping capabilities.
Understand the mobile cyber threat and how to mitigate it(FederalNewsRadio.com) Bob Stevens, Lookout’s vice president for the public sector and Kristen Todt, managing partner of Liberty Group Ventures, outline the mobile security situation and offer practical insight for getting it under control.
Defense Digital Service redesigns Army Cyber Command training(Fedscoop) The Defense Digital Service has cut down the training time for Army cyber-operations specialists from six months to just 12 weeks in a new pilot project, helping the Army Cyber Command boost its pipeline of talent. DDS, known for trying to get the military to think differently about building and buying technology, worked with the Army Cyber …
NATO trumpets resolve over Russia, plays down divisions(Military Times) NATO defense ministers met Thursday in a fresh show of resolve against Russia and played down a series of festering trans-Atlantic disputes that threaten to undermine unity across the 29-nation military alliance.
GDPR: A Compliance Quagmire, for Now(Threatpost) Experts say the devil is in the details when it comes to complying with the swath of new privacy and cybersecurity laws enforced by the European Union’s General Data Protection Regulation.
GDPR: A Four-letter Word With Global Ramifications(SecurityWeek) The GDPR compliance deadline is the starting point for a longer journey towards protecting user data on a global scale. As the ramifications of GDPR begin to take effect, here are a few things that can be done.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CYCON: Cyber for the Community(Reston, Virginia, USA, June 9, 2018) Join us for a day of Cyber Security talks on privacy, lock picking, the Dark Web, cyber education, building attack machines, phishing attacks, malware analysis, Internet of Things security, threat monitoring...
Transport Security and Safety Expo(Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly...
Transport Security & Safety Expo(Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.
Dynamic Connections 2018(Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive...
Norwich University Cyber Security Summit(Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format,...
GovSummit(Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
The Cyber Security Summit: DC Metro(Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is...
Impact Optimize2018(Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity.
Nuclear Asset Information Monitoring and Maintenance(Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s...
The Cyber Security Summit: Seattle(Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Cyber Security Summit 2018(Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...
Health Cybersecurity Summit 2018(Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.