Free 2018 User Risk Report: Find Out What End Users Know About Phishing, Ransomware, Password Safety, And More In Our International Survey.
What do today’s employees really know about cybersecurity topics and best practices that protect data and network security? To find out, we surveyed over 6,000 working adults across the US, UK, France, Germany, Italy, and Australia about their personal security habits. You might find the results heartening, perplexing, or terrifying — but always enlightening. Download our 2018 User Risk Report to see how employees shaped up on cybersecurity awareness issues that are impacting organizations worldwide.
November 9, 2018.
By The CyberWire Staff
TASS is authorized to disclose that Russian election observers told the Organisation for Security and Co-operation in Europe they watched two polling places in DC and seven in Maryland but found no irregularities with the US midterms. Thanks, guys, but up your game: nine locations are nothing, don't even cover one Congressional district.
The Internet Research Agency, a.k.a. Fancy Bear’s St. Petersburg troll farm, seems to have conducted an odd ask-me-anything Reddit with itself. The Daily Beast noticed that the IRA used questions the Beast posed to develop an illustrated auto-interrogation suffused with hipster irony.
National Cyber Security Centre deputy director Peter Yapp warned again that Britain hadn’t yet experienced a devastating Category One cyberattack, but that such an attack is likely (Forbes). In the US the Department of Homeland Security and the National Institutes of Standards and Technology (NIST) are working with private industry on a wide range of industrial control system and IoT security measures to prevent or mitigate such an attack on their side of the Atlantic (NCCoE, Nextgov).
Symantec has dissected and described the FASTcash Trojan North Korea’s Lazarus Group has been using to loot ATMs.
Microsoft renews its pleas for an international accord that would bring formal norms to cyberspace (Dark Reading).
NSA cyber strategist Joyce describes how China has circumvented an agreement concluded under Presidents Obama and Xi that would have precluded industrial espionage in cyberspace (TheHill).
MIT studies conclude that people fall for fake news because they’re careless and want to believe (WIRED).
Today's issue includes events affecting Austria, China, Democratic Peoples Republic of Korea, Luxembourg, Russia, Saudi Arabia, United Kingdom, United States.
A note to our readers: This coming Monday, November 12th, we will observe the US Veterans Day holiday and not publish. We'll be back as usual on Tuesday. And on Sunday, spare a thought for veterans everywhere, and the service they rendered.
A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.
Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.
Cyber Security Summit: November 29 in Los Angeles(Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
In online ruse, fake journalists tried to hack Saudi critic(AP NEWS) Hackers impersonating journalists tried to intercept the communications of a prominent Saudi opposition figure in Washington, The Associated Press has found. One attempt involved the fabrication of a fake BBC secretary and an elaborate television interview request; the other involved the impersonation of slain Washington Post columnist Jamal Khashoggi to deliver a malicious link. Media rights defenders denounced the hacking effort, which they said would make it harder for genuine reporters to do their jobs.
The Growing Menace of Cyber Attacks in the Asia-Pacific region(Entrepreneur) A Frost & Sullivan study commissioned by Microsoft revealed that a large-sized organization in the Asia Pacific region can possibly incur an economic loss of $30 million, more than 300 times the average economic loss for a mid-sized organization.
ForeScout Acquires SecurityMatters (GlobeNewswire News Room) Accelerates ForeScout’s momentum by enabling the industry’s first, and only, end-to-end agentless device visibility and control platform across the extended enterprise...
Exostar names new member to Board of Directors(Compliance Week) Exostar, a secure information sharing company, named Philip E. Goslin to its Board of Directors. Goslin serves as vice president of global supply chain for Lockheed Martin’s Rotary and Mission Systems (RMS) business area. In that role, Goslin’s responsibilities span all aspects of supply chain strategy, supply chain operations, and subcontract program management for RMS.
Aspen Cybersecurity Group: Internet of Things (IoT) Security First Principles(Aspen Institute) The Aspen Cybersecurity Group is a cross-sector public-private forum comprised of former government officials, Capitol Hill leaders, industry executives, and respected voices from academia, journalism, and civil society that have come together to translate pressing cybersecurity conversations into action.
A Brief History of Higher Education Insecurity(Edguards) Educational institutions play a major role in the US economic, political, and intellectual well-being. Ironically, the security of the software and data systems used in such organizations on an everyday basis is far from perfect.
Cyber War Requires Cyber Marines(U.S. Naval Institute) To ensure Marine Corps competitiveness in the cyber domain, personnel reforms must address policy, training, and organization, without compromising a warrior ethos.
SEC Poised to Ramp up Cybersecurity Enforcement(Cooley) On October 16, 2018, the Securities and Exchange Commission (SEC) issued an investigative report signaling its intent to use sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934…
Notorious "DerpTrolling" Pleads Guilty to DDoS Attacks on EA & Sony(BleepingComputer) A Utah resident named Austin Thompson has pleaded guilty in federal court in San Diego for performing DDoS attacks against multiple victims from 2013 to 2014. These victims ranged from small Twitch streamers to major gaming companies such as EA, Sony, and Microsoft.
Chinese headmaster fired after setting up his own secret...(HOTforSecurity) A Chinese headmaster has lost his job after it was discovered he was stealing the school's electricity to power a secret cryptocurrency-mining rig. As the South China Morning Post reports, Lei Hua, the head teacher of a school in the central province of Hunan... #china #cryptojacking #cryptomining
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Infosecurity North America(New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...
Kingdom Cyber Security(Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.