2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
November 1, 2018.
By The CyberWire Staff
Armis reports finding two zero-day flaws in Texas Instruments' Bluetooth Low-Energy chips, widely used in Wi-Fi access points. An attacker would need to be within one-hundred to three-hundred feet of a vulnerable device to gain unauthenticated access to the supported Wi-Fi networks. Armis calls the issue "Bleeding Bit." Texas Instruments has issued a patch for the flaws.
US Cyber Command continues to reach out to individual Russian trolls to deter more extensive information operations aimed at US elections. The direct, unconcealed approach is thought to be disconcerting enough (the US Government knows you, and where you are, and what you do, and it won't forget) to give individual operators (if not the Russian government) pause.
Despite efforts to screen accounts for coordinated inauthenticity, social networks continue to find that denying information operators and their bots access to social media is harder than it looks. Vice News tested Facebooks new commitment to transparency by sending them political ads that falsely represented themselves as being paid for by one-hundred US Senators (that's all the Senators there are). Facebook approved all of them. It's an inherently hard problem.
Dueling bots and fake news sites continue to push rival versions of the murder of Jamal Khashoggi.
Bitdefender's free decryptor for GandCrab ransomware is thought to have deprived the crooks of about a $1 million in ill-gotten revenue. That's not a death-blow to GandCrab, of course, but nonetheless, bravo Bitdefender.
Zscaler has found that the matchmaking app Soulmates, found on Google Play, is actually spyware.
Create a culture of cybersecurity awareness with Coachable Moments.
According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.
And Hacking Humans is up. In this week's episode, "Scams are fraud and fraud is crime," we get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of the day. And Carole Theriault interviews Max Bruce from Action Fraud UK.
Maryland Cybersecurity Career & Education Fair(Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.
Cyber Attacks, Threats, and Vulnerabilities
A pair of new Bluetooth security flaws expose wireless access points to attack(TechCrunch) Security researchers have found two severe vulnerabilities affecting several popular wireless access points, which — if exploited — could allow an attacker to compromise enterprise networks. The two bugs are found in Bluetooth Low Energy chips built by Texas Instruments, which networking device mak…
Beware: China may be reading your email(Asia Times) A new report alleges China uses key internet vulnerabilities to hijack traffic amid claims its technological success is ‘dependent on massive expropriation of foreign R&D’
Soulmate: A Dating App That Spies On You(Zscaler) Zscaler ThreatLabZ team came across a piece of spyware disguised as an Android app and hosted on Google Play, Google’s official Android app store. The app portrays itself as partner matching app but the app has capabilities of stealing contacts, tracing current and last-known location, and more
GandCrab: The most popular Multi-Million Dollar Ransomware of the Year(Security Boulevard) Ransomware has been around for years and has inflicted financial losses estimated in the billions of dollars. As one of the most lucrative types of malware, from a financial perspective, ransomware developers have invested considerable time, effort, and knowledge into perfecting both its delivery mechanisms and its capabilities. Traditional ransomware families such as CryptoWall and
Digital Trust Insights(PwC) Digital businesses that lead in safety, security, reliability, privacy and data ethics will be the titans of tomorrow.
Proofpoint Quarterly Threat Report(Proofpoint) The Proofpoint Quarterly Threat Report highlights the threats, trends and key takeaways of threats we see within our large customer base and in the wider threat landscape.
Only half of the Fortune 500 use DMARC for email security(TechCrunch) When Homeland Security told all federal government departments last year to roll out a new email security policy to cut down on incoming spam and phishing emails, three-quarters of all federal domains were compliant by the time of their deadline just a few weeks ago. That’s far more than what…
Facebook Growth Slows as It Revamps(Wall Street Journal) Facebook recorded lower revenue than expected as the social-media giant continues to adjust to slowing growth rates. Profit, though, rose more than forecast.
DICT partners with Kaspersky to boost cybersecurity in gov’t(Philippine News Agency) The Department of Information and Communications Technology (DICT) has partnered with international cybersecurity firm, Kaspersky Lab, to strengthen cybersecurity efforts in the government.The DICT has signed a Memorandum of Understanding (MOU) with Kaspersky, which will enhance...
Equifax Has Chosen Experian. Wait, What?(KrebsOnSecurity) A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people,
The case for high-frequency readiness(C4ISRNET) Alarmingly, as hostile near-peer adversaries reemerge, it is necessary to re-establish HF alternatives should very-high frequency, ultra-high frequency or SATCOM come under attack.
Kaspersky Lab reveals research on future threat of memory hacking(Intelligent CIO Middle East) Kaspersky Lab has warned that the cyberattackers of the future may be able to exploit memory implants to steal, spy on, alter or control human memories. And while the most radical threats are several decades away, the essential technology already exists in the form of deep brain stimulation devices. Scientists are learning how memories are […]
California Consumer Privacy Act of 2018 – Full Text(Cooley) For your ease of reference, we reproduce here a formatted, hyperlinked copy of the California Consumer Privacy Act of 2018 (CCPA), current as of October 15, 2018. We’ve included our own topic headi…
HHS opens renamed cyber center after management debacle(Federal Times) The Department of Health and Human Services announced the opening of its Health Sector Cybersecurity Coordination Center over a year after debate over the cyber center's reporting structure caused upheaval at the agency.
Plans to secure Internet access deferred before cyber attack(The Straits Times) A more secure way of accessing the Internet was meant to be put in place to protect public medical systems some time this year, but had to be pushed back to next year because of technical issues.. Read more at straitstimes.com.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
SecureWorld Denver(Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber Security Dallas(Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States.
InfoWarCon 18(Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...
RETR3AT Cybersecurity Conference(Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...
4th Annual Cyber Southwest (CSW) Symposium(Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...
Hybrid Identity Protection Conference(New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...
Hybrid Identity Protection Conference 2018(New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...
Cyber Security & Artificial Intelligence MENA Summit(Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...
2nd Annual Aviation Cyber Security Summit Summit(London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations,...
Federal IT Security Conference: FITSC 2018(College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well...
SINET Showcase(Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.
SecureWorld Seattle(Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Infosecurity North America(New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...
Kingdom Cyber Security(Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.