The US Treasury Department announced sanctions against five Russian organizations and three individuals. Treasury designated them as violating Executive Order 13694 (which authorizes measures against entities engaging in "significant malicious cyber-enabled activities"). The Department links them to Russia's FSB, and sees them implicated in threats to the US power grid, undersea cables, and other infrastructure. Those sanctioned include Digital Security, ERPScan (Treasury says Digital Security controls the company, a claim ERPScan denies), Embedi (also said to be under Digital Security's control), Kvant Scientific Research Institute (supervised by FSB, Treasury says), and Divetechnoservices (suspected of undersea cable tapping). The three individuals singled out are associated with Divetechnoservices.
Okta reports a long-standing third-party code-signing issue in macOS signature checks. The fault isn't in Apple code itself. It lies, rather, in unclear documentation that led developers to use the API incorrectly. The documentation has since been clarified.
A wave of spearphishing is hitting Russian IT device service centers, according to Fortinet researchers. The emails, which have the clumsy look of machine-translation as opposed to native (or even non-native) speakers of Russian, purport to be from Samsung. The exploit uses an old (and patched) vulnerability in Microsoft Office documents, CVE-2017-11882.
The Kim-Trump summit went off in Singapore yesterday as planned. It focused, as expected, on nuclear issues. Cyber conflict between the US and the DPRK is expected to resume (or continue) its now familiar course.
A multinational sweep picked up a large ring of business email scammers: the US Justice Department counts seventy-four collars.
Under GDPR non-compliant companies face trade-offs on borrowed time, says Control Risks.
Control Risks says non-compliance is a truly enterprise risk for companies operating in the EU. It burdens already taxed programs with particular measures to protect personal data and disclose security issues. Many worry that resources catching up to GDPR before an incident occurs trade-off other critical initiatives, leaving them vulnerable nonetheless. Companies must get executives and experts involved in managing the risk and competing priorities. Let Control Risks help you be both secure and compliant.
The Cyber Security Summit: DC Metro on June 28 and Seattle on July 19(Washington, DC, United States, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95 VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.
Major U.S. Refineries At Risk Of Cyberattacks As Many Continue To Use Windows XP(Forbes) The end of life of Microsoft's Windows 7 operating software is almost upon us, with the company saying its updates and patches for the widely used interface will cease after January 14, 2020. In such circumstances, most people would assume that critical plant control system operators must be in a mad scramble to upgrade to the latest version.
How Secure is that Third Party Mobile App?(BitSight) As mobile applications continue to pose looming threats, BitSight researchers leveraged data from its mobile application security risk vector to identify if mobile applications offered on iOS and Google Play stores have known security vulnerabilities and issues.
Weighing up the email security threat in EMEA(Barracuda Networks) Despite numerous attempts to dethrone it over the past few years, email continues to be the defacto for business communications. In research published last year, The Radicati Group estimated that more than 281bn email messages would be sent every day in 2018.
Spanish soccer app caught using microphone and GPS to snoop(TechCrunch) If you’ve ever found yourself wondering why an app is requesting microphone access when there doesn’t seem to be any logical reason why it should need to snoop on the sounds from your surroundings, hold that thought — and take a closer look at the T&Cs. Because it might turn o…
FIFA World Cup in Russia Bringing Cyberthreats at Home and Abroad(Government Technology) The No. 1 global sporting event, which only comes around once every four years, is about to begin in Russia. Billions of people are expected to be watching and commenting and clicking on all things football (soccer) over the next month. But with all the fun, and money and attention, there are criminals preparing as well. Let’s explore the FIFA World Cup cyberthreats and what can be done about security.
Vendor of Careers@Gov jobs portal hit by malware(The Straits Times) Applicants for public service jobs in Singapore could have had their information compromised, as a malware infection was found to have hit an outsourced Australian-based vendor here.. Read more at straitstimes.com.
Bad .Men at .Work. Please Don’t .Click(KrebsOnSecurity) Web site names ending in new top-level domains (TLDs) like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online.
Security Patches, Mitigations, and Software Updates
USCYBERCOM Awards Cyber Innovation Contract to MISI(MISI) The Maryland Innovation and Security Institute (MISI) has been awarded a five-year Partnership Intermediary Agreement (PIA) by United States Cyber Command (USCYBERCOM) to innovate new technologies in an unclassified, state-of-the-art facility located in Columbia, MD.
CyberX Not Just an Amazon.com Subsidy(Bacon's Rebellion) Virginia economic development officials have kept their lips tight about the incentive package Virginia is extending to Amazon.com, Inc., to induce the e-commerce giant to locate its second headquarters in Northern Virginia. My concern has been that the Commonwealth might … Continue reading →
Dreamit Ventures launches new security vertical(TechCrunch) Dreamit Ventures, a Philadelphia-based early stage investor and accelerator, announced it was moving into security today. To that end, it also announced it was bringing on Bob Stasio, an industry vet with roots in startups, IBM and work in the military and the NSA to run the new division. The compa…
Tenable Launches Pioneering Solution to Help Secure Critical Infrastructure across Converged IT/OT Environments(Tenable™) Tenable®, Inc., the Cyber Exposure company, today announced the industry’s first solution designed to reduce cybersecurity risk across today’s converged IT/OT environments. Enhancements to the Tenable.io® platform and Industrial Security, an asset discovery and vulnerability detection solution for Operational Technology (OT) systems, delivered in partnership with Siemens, enable organizations to manage Cyber Exposure holistically across IT and OT and effectively prioritize remediation based on the criticality of the asset and the vulnerability.
LogRhythm adds NESA compliance regulation to platform(Intelligent CIO Middle East) In an effort to support the United Arab Emirates’ (UAE) cybersecurity outlook and show commitment to the country and the region as a whole, LogRhythm, the Security Intelligence Company, has integrated the UAE National Electronic Security Authority (NESA) cybersecurity compliance standards and guidelines into its NextGen SIEM (Security Information and Event Management) platform. These standards were […]
How to Establish Effective Intelligence Requirements(SecurityWeek) Intelligence requirements (IRs) lay the foundation and set the direction of an intelligence operation, and enable teams to prioritize needs, allocate resources, determine data sources, and establish the types of analysis and expertise required to process that data into intelligence.
Ditching entourages, Trump and Kim Jong Un to meet 1 on 1(Military Times) They came with scores of aides, bodyguards and diplomats in tow: Donald Trump from Washington, Kim Jong Un from Pyongyang. But for the better part of an hour, the two men will square off one on one, alone but for a pair of translators, raising concerns about the risk of holding such a monumental meeting with barely anyone to bear witness.
Today Only The Beginning of a Much Longer Term Process(Bloomberg) Saruhan Hatipoglu, CEO, B.E.R.I. (Business Environment Risk Intelligence), discussed his expectations for the Trump-Kim summit with Rishaad Salamat and Bryan Curtis. He explains how different Kim Jung Un is to his father, goes on to discuss the prospect of a peace deal ahead between North and South Korea and the importance of agreeing on what denuclearization means.
Senate may deal Trump trade defeat on ZTE (CNN) The Senate is on the verge of directly undercutting a key piece of President Donald Trump's trade negotiations with China, as a bipartisan group of lawmakers successfully pushed for the inclusion of a bill to undo a deal to save Chinese telecom ZTE.
Senator hopes to draw red line discouraging election cyberattacks(Cyberscoop) A prominent lawmaker wants to draw a line in the sand to discourage hackers from targeting U.S. election systems. Sen. Mark Warner, D-Va., proposed Monday that the United States formally declare it will respond in cyberspace to any foreign interference in American elections.
The cyber bases of the future(C4ISRNET) From BRACtown to downtown: National cyber defense units should be located in metropolitan areas where they can best take advantage of IT capabilities and infrastructure.
Trump's coal, nuclear bailout no shield from hackers: cyber experts(Reuters) Bailing out nuclear and coal-fired power plants will not toughen the U.S. power grid against cyber attacks as the Trump administration claims, according to cyber experts, because hackers have a wide array of options for hitting electric infrastructure and nuclear facilities that are high-profile targets.
Vietnam’s new cyber security law draws concern for restricting free speech(TechCrunch) Big tech firms including Google, Facebook and Twitter have expressed major concern after Vietnam’s government passed a law that promises to introduce tighter restrictions on free speech online. The new regulation passed this week strengthens the government’s position on censoring the in…
Treasury Sanctions Russian Federal Security Service Enablers(U.S. Department of the Treasury) Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated five Russian entities and three Russian individuals under Executive Order (E.O.) 13694, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” as amended, and Section 224 of the Countering America’s Adversaries Through Sanctions Act (CAATSA).
US hits Russian firms with sanctions, citing cyberattacks(Fifth Domain) The Trump administration on Monday slapped sanctions on several Russian companies and businessmen for engaging in cyberattacks and assisting Russia’s military and intelligence services with other malicious activities.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Transport Security & Safety Expo(Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.
Transport Security and Safety Expo(Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly...
Dynamic Connections 2018(Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive...
Norwich University Cyber Security Summit(Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format,...
GovSummit(Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
The Cyber Security Summit: DC Metro(Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is...
Impact Optimize2018(Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity.
Nuclear Asset Information Monitoring and Maintenance(Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s...
Cyber Security Summit 2018(Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...
The Cyber Security Summit: Seattle(Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Health Cybersecurity Summit 2018(Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency...
Global Cyber Security Summit(Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.