Free 2018 User Risk Report: Find Out What End Users Know About Phishing, Ransomware, Password Safety, And More In Our International Survey.
What do today’s employees really know about cybersecurity topics and best practices that protect data and network security? To find out, we surveyed over 6,000 working adults across the US, UK, France, Germany, Italy, and Australia about their personal security habits. You might find the results heartening, perplexing, or terrifying — but always enlightening. Download our 2018 User Risk Report to see how employees shaped up on cybersecurity awareness issues that are impacting organizations worldwide.
November 8, 2018.
By The CyberWire Staff
The US Department of Homeland Security has said that Tuesday’s elections went off without disruption by cyberattack (TheHill), but DHS also notes that disinformation about election security and the effects of influence operations is being actively distributed (CBS). It’s hogwash from St. Petersburg, whose Internet Research Agency (IRA) cries victory for its trolls (Daily Beast). Expect this to continue.
Also from St. Petersburg comes a zero-day for Oracle’s VirtualBox, posted to GitHub. This isn’t the IRA’s work, but rather of one irritated freelance bug-hunter, Sergey Zelenyuk. Mr. Zelenyuk says he loves VirtualBox, but that the industry just takes too long to evaluate reported bugs, and so he’s dropped the zero-day without prior disclosure as a gesture of defiance (Naked Security).
US Cyber Command is also reporting bugs, but in regular way. The command has submitted samples of Russia-linked Lojack malware to VirusTotal (CSO).
A major incident affecting banks in Pakistan appears to be a paycard-skimming operation as opposed to a breach (Infosecurity Magazine).
With next month’s Chrome 71 release, Google will give “abusive” advertisers thirty days to clean themselves up (Naked Security).
The Ontario Cannabis Store warns that its delivery list for newly legal weed has been illicitly accessed due to missteps at Canada Post (Motherboard). Some coverage seems to show signs of the Butterfield Effect, representing a fairly obvious causal connection—new and trendy industry already under cyberattack, which of course it is—as paradoxical. No word on whether Canada Post officials were baked at the time of incident.
A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.
Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.
Hacking Humans is also up, and this week's topic is "human sources are essential." Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI Special Agent Dennis Franks shares his experience developing human intelligence sources.
Cyber Security Summit: November 29 in Los Angeles(Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Vulnerability Intelligence Report(Tenable®) What are the top vulnerabilities found in the enterprise? Prioritizing vulnerabilities to manage cyber risk is getting harder. Our analysis of vulnerability prevalence highlights the key threats enterprises face today. Download the Free Report!
New Research On Storage Device Security Flaws(Information Security Buzz) Radboud University (NL) researchers today announced their discovery that widely used data storage devices with self-encrypting drives do not provide the expected level of data protection. A malicious expert with direct physical access to widely sold storage devices can bypass existing protection mechanisms and access the data without knowing the user-chosen password. Mounir Hahad, Head …
Major DDoS Attacks on Cambodian Internet Service Providers(Cambodia Expats Online) Cambodia s ISPs Encounter DDoS 6 11 18 18:38 Phnom Penh FN , Nov. 6 - Some of Cambodia s major internet service providers ISPs , including EZECOM, SI Net, Digi, and others have encountered Distributed Denial of Service DDoS , causing internet speed ..
OCS warns customers of data accessed in Canada Post breach(CityNews Toronto) The Ontario Cannabis Store (OCS) said the shipping information of some of its customers was accessed by an outside source through the Canada Post delivery tracking tool. In a letter sent to the customers on Wednesday, the OCS said it was notified by Canada Post on Nov. 1 that the data for two per cent …
Security Patches, Mitigations, and Software Updates
Merck & silent cyber impacts drove Petya industry loss: PCS(Artemis.bm) It was the impacts to pharmaceutical giant Merck as well as silent cyber exposure that drove the insurance and reinsurance industry loss from the 2017 Petya / NotPetya cyber attack, according to PCS, providing a further warning of how cyber losses can hit multiple business lines.
Cybersecurity officials start focusing on the 2020 elections(AP NEWS) An unprecedented federal and state collaboration to defend election systems against Russian interference ended with no obvious voting system compromises, although it's not entirely clear why. Federal officials are wondering whether foreign agents are saving their ammunition for the 2020 presidential showdown or planning a late-stage misinformation campaign to claim Tuesday's election had been tainted. It doesn't change how vulnerable most states are to possible interference.
Trump forces out Jeff Sessions as US attorney general(Federal News Network) Attorney General Jeff Sessions resigned as the country's chief law enforcement officer after enduring more than a year of blistering and personal attacks over being recused from the Russia investigation.
U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service(KrebsOnSecurity) A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SINET Showcase(Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.
SecureWorld Seattle(Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Infosecurity North America(New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...
Kingdom Cyber Security(Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.