Free 2018 User Risk Report: Find Out What End Users Know About Phishing, Ransomware, Password Safety, And More In Our International Survey.
What do today’s employees really know about cybersecurity topics and best practices that protect data and network security? To find out, we surveyed over 6,000 working adults across the US, UK, France, Germany, Italy, and Australia about their personal security habits. You might find the results heartening, perplexing, or terrifying — but always enlightening. Download our 2018 User Risk Report to see how employees shaped up on cybersecurity awareness issues that are impacting organizations worldwide.
November 5, 2018.
By The CyberWire Staff
US midterm elections will be held tomorrow (and with early voting have been in progress for some weeks, so it may be more accurate to say that they will end tomorrow, around 8:00 PM local time). There's been much concern about election security, but at the eleventh hour most of that concern has shifted from fear of direct manipulation of voting or disruption of polling toward worries about voter suppression efforts or other last-minute influence operations.
A flurry of reports suggests efforts to penetrate election-related databases, but most such reports have been in the context of state officials announcing their successful defense against such penetration. And it's not clear that this isn't largely a matter of the officials attending to the regular background of attempts to steal personal data.
The Department of Homeland Security is getting nice marks on its election security work from a normally tough Senatorial audience. US Cyber Command, with unusual blood in its eye, is apparently ready to hit back hard at Russia if anything develops.
Chatter from observers expecting the worst is expressing worries about distributed denial-of-service attacks or (if they really expect the worst) local power grid hacks.
A team of academic researchers (from Tampere University of Technology and the Technical University of Havana) have reported a side-channel vulnerability, "PortSmash," in Intel CPUs that employ a simultaneous multithreading architecture.
Cyware warns that two botnets, "Fbot" and "Trinity," are competing to cryptojack Android devices. Fbot is a Satori variant; Trinity is a version of ABD.Miner.
A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.
Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.
Cyber Security Summit: November 29 in Los Angeles(Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Cyber Attacks, Threats, and Vulnerabilities
Huawei denies foreign network hack reports(ZDNet) Huawei has pointed to its 'unblemished record of cybersecurity' following reports over the weekend that it helped the Chinese government gain access codes for a foreign network.
Why it's still in Russia's interest to mess with US politics(AP NEWS) Sweeping accusations that the Kremlin tried to sway the 2016 U.S. election haven't chastened Russian trolls, hackers and spies — and might even have emboldened them. U.S. officials and tech companies say Russians have continued online activity targeted at American voters during the campaign for Tuesday's election, masquerading as U.S. institutions and creating faux-American social media posts to aggravate tensions around issues like migration and gun control.
CTA Security Playbook: Goblin Panda(Security Boulevard) The FortiGuard SE Team has released a new playbook on the threat actor group known as Goblin Panda as part of its role in the Cyber Threat Alliance (CTA).
CTA Adversary Playbook: Goblin Panda(Security Boulevard) The FortiGuard SE Team has released a new adversary playbook on the threat actor group known as Goblin Panda as part of its role in the Cyber Threat Alliance (CTA).
SMS Phishing + Cardless ATM = Profit(KrebsOnSecurity) Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.
Spam campaign targets Exodus Mac Users(News from the Lab) We’ve seen a small spam campaign that attempts to target Mac users that use Exodus, a multi-cryptocurrency wallet. The theme of the email focuses mainly on Exodus. The attachment was “Exodus-MacOS-…
New Ransomware using DiskCryptor With Custom Ransom Message(BleepingComputer) A new ransomware has been discovered that installs DiskCryptor on the infected computer and reboots your computer. On reboot, victims will be greeted with a custom ransom note that explains that their disk has been encrypted and how to pay the ransom.
Want to Make $100 Million from Hacking? Steal Press Releases(Security Boulevard) Stealing credit card number? Old hat. Ransoming information? Been there, done that. Apparently, if you want to make real money from hacking (not that we’re suggesting this), press releases are the latest and most lucrative piece of valuable information.
Who’s In Your Online Shopping Cart?(KrebsOnSecurity) Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites.
Why no cyber 9/11 for 15 years?(Security Boulevard) This The Atlantic article asks why hasn't there been a cyber-terrorist attack for the last 15 years, or as it phrases it:National-security experts have been warning of terrorist cyberattacks for 15 years. Why hasn’t one happened yet?
How the world’s first cyberattack set the stage for modern cybersecurity challenges(Fifth Domain) Back in November 1988, Robert Tappan Morris, son of the famous cryptographer Robert Morris Sr., was a 20-something graduate student at Cornell who wanted to know how big the internet was – that is, how many devices were connected to it. So he wrote a program that would travel from computer to computer and ask each machine to send a signal back to a control server, which would keep count.
The Top Three Cyber Attack Threats that Cause a Financial CISO to Lose Sleep(Security Boulevard) We recently had the chance to hear a presentation by the chief information security officer of a leading financial services firm, which gave a number of valuable insights into today’s top security challenges. To set the stage, the speaker shared recent cyber attacks that may not have caught an individual’s attention but definitely made financial... Read More The post The Top Three Cyber Attack Threats that Cause a Financial CISO to Lose Sleep appeared first on CSPi.
The IBM And Red Hat Tango(Seeking Alpha) IBM, under the leadership of Ginni Rometty, has just announced the biggest acquisition in its history, an acquisition it hopes will bring it into the future of cloud computing.
Raytheon’s GPS OCX passes cybersecurity tests(GPS World) System prevented broadcast of corrupt navigation, timing data. Raytheon Company’s GPS Next-Generation Operational Control System, known as GPS OCX, has completed several cybersecurity vulnera…
ODNI releases Insider Threat Framework(Intelligence Community News) The National Insider Threat Task Force (NITTF), operating under the joint leadership of the Attorney General and the Director of National Intelligence, announced on November 1 the release of the “I…
Germany ex-spy chief Maassen may be fired for insults(Deutsche Welle) Maassen reportedly heavily criticized the government to other European security chiefs in his farewell speech. Interior Minister Horst Seehofer, who backed Maassen in other controversies, has declined to do so this time.
Data localisation: A strategic weapon in cyber war(Express Computer) A sovereign has the right to protect its own property in its own jurisdiction and data about its own citizens or entities remains to be adjudicated by Indian laws. No bigger capitalist or profiteering organisations registered in some other jurisdictions can dictate the fate of Indian property i.e. data
Ex-CIA Contractor Says Prison Over Classified Info Unfair(Law360) A Virginia federal judge Friday sentenced a former CIA contractor to 90 days behind bars for illegally obtaining and taking classified material from his former workplace and lying about it to federal investigators, despite his counsel’s arguments that notable government officials have done likewise with lesser consequence.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Hybrid Identity Protection Conference(New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...
Hybrid Identity Protection Conference 2018(New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...
Cyber Security & Artificial Intelligence MENA Summit(Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...
2nd Annual Aviation Cyber Security Summit Summit(London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations,...
Federal IT Security Conference: FITSC 2018(College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well...
SINET Showcase(Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.
SecureWorld Seattle(Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Infosecurity North America(New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...
Kingdom Cyber Security(Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.