Schneider Electric has patched a vulnerability in its InduSoft Web Studio and InTouch Machine Edition. The products aren't themselves control systems, but rather toolsets used to develop SCADA systems, human-machine interfaces, and applications that connect automated systems. The bug, discovered and disclosed by Tenable, is a buffer-overflow issue that could be exploited to execute arbitrary code.
NetScout's Arbor Networks reported a possible backdoor in LoJack for Laptops, a tool that enables administrators to remotely lock, locate, and remove files from a stolen computer. Five LoJack agents were found to be communicating with four dodgy command-and-control domains, three of which have in the past been associated with Fancy Bear, Russia's GRU. Absolute Software, which makes LoJack for Laptops, says it's been in discussions with Arbor Networks, takes the matter seriously and is investigating, but doesn't believe its customers are at risk.
Travel reward points are relatively easy to monetize, and they're being sold in Russian-language dark web souks. Botnet operators often pick up such credentials incidentally in the course of other illicit activities, and for the most part they sell them to other criminals.
Becton Dickinson has advised that its medical devices using WPA2 encryption are vulnerable to KRACK key reinstallation attacks. This general Wi-Fi problem isn't confined to medical systems, but Becton Dickinson has issued a fix. And the US FDA has ordered the recall of about 465 thousand St. Jude implantable cardioverter defibrillators for a firmware update.
Today is World Password Day. Do you know where your credentials are?
There's a better way to stop data loss. Learn more!
Data loss is a big problem. Every organization that deals with electronic data needs to have a data loss prevention strategy in place. ObserveIT’s white paper, Building a Strategy for the Post-DLP World, explores how organizations have been dealing with data loss to date, why these strategies are failing, and what a better path forward looks like. Get information you need to build a data loss prevention strategy that works for the modern organization. Download your free copy.
HackNYC2018(New York, New York, United States, May 8 - 10, 2018) Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely through the exploitation of vulnerable information systems and processes. Use code CWIRE20 for 20% off the $50.00 individual ticket price.
Cyber Security Summits: May 15 in Dallas & Boston on June 5(Dallas, Texas, United States, May 15, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Third Annual Cyber Investing Summit 5/15/18(Dallas, Texas, United States, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.
The existing focus on control system cyber security is not appropriate(Control Global) The focus of control systems is reliability, availability, productivity, and safety which is directly affected by field devices such as process sensors, actuators, and drives. Yet the focus of cyber security has been on networks and data. There is also a lack of understanding of control systems.
Insuring Uncle Sam’s cyber risk(CSO Online) The insurance sector needs to have panel members that are already cleared and approved by the DoD in advance of a cyber incident being reported and arguably before coverages are agreed upon within the four corners of an insurance policy.
CACI takes $407M CDM cyber task order(Washington Technology) CACI International wins a potential $407.2 million task order to help implement cybersecurity tools as part of the government-wide Continuous Diagnostics and Mitigation program.
Risk Intelligence recruits execs from Cobham and Maersk(ShippingWatch) Security analyst firm Risk Intelligence establishes a new organization. Employees from Cobham and Maersk Line are the first of a series of hires in the months to come, CEO Hans Tino Hansen tells ShippingWatch.
Comprehensive OT Cybersecurity from Nozomi Networks & Fortinet(Nozomi Networks) At the RSA Conference in San Francisco, many CISOs and IT leaders shared that OT risk management, defense and resiliency topped their must-have list.
Nozomi Networks and Fortinet deliver one ‘knock-out’ IT/OT cybersecurity solution for network and operational visibility, risk assessment, and proactive defense. Read on to see how it tackles two of the most common OT use cases.
Companies Grapple With AI’s Opaque Decision-Making Process(Wall Street Journal) Artificial intelligence is becoming more pervasive as companies look to drive innovation and competitive advantage, but some executives say they are coming up against a big challenge: advanced AI systems are not able to explain how they make decisions.
Facial Recognition for Robots Advances With AI, Machine Learning(Robotics Business Review) Software improvements and better vision are helping facial recognition grow beyond security use cases. Future robots will not only know who you are, but how old you are, your gender, and emotional state to provide better service.
Leidos's Treatment of Female Whistle-Blower Gets Pentagon Review(Bloomberg.com) Defense Department attorneys are reviewing possible disciplinary action against Leidos Holdings Inc. after the Pentagon’s inspector general backed allegations that the information technology company retaliated against a female subcontractor for complaining of a hostile work environment.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security Dallas(Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States.
National Cyber League Spring Season(Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
Automotive Cybersecurity Summit 2018(Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners...
Application of the Law of War to Cyber Operations(Washington, DC, USA, May 3, 2018) Cyber law experts meeting at the George Washington University will cover Title 10 vs. Title 32 vs. Title 50 and the lawful and operational restrictions related to these authorities. The panelists will...
Global Cyber Security in Healthcare & Pharma Summit(London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring...
Secure Summit DC(Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to...
HACKNYC(New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience...
SecureWorld Kansas CIty(Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber Ready 2018 Cybersecurity/Intel Conference(MacDill Air Force Base, Florida, USA, May 14, 2018) Major General Mike Ennis (USMC, ret), CIA National Clandestine Service's first Deputy Director for Community Human Intelligence (HUMINT), will deliver the keynote. The conference will also feature an all-audience...
Cyber Investing Summit(New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products...
Third Annual Cyber Investing Summit(New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial...
The Cyber Security Summit: Dallas(Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Digital Utilitites Europe(Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.