2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
November 16, 2018.
By The CyberWire Staff
Russian GPS jamming (denied by Russia, but asserted by Norway and its NATO allies) during a NATO military exercise continues to raise questions about flight safety (Atlantic Council).
Chinese authorities are pushing for vendors, both foreign and domestic, to bring their offerings into line with state-mandated censorship requirements (Wall Street Journal). Among other things, it will want a great deal of user data from online companies (Reuters).
Formerly prosperous failed state Venezuela has taken a page from Beijing’s book on content control, and has enlisted ZTE to show it the way (Reuters).
In the West, social networks work on content moderation at the behest of both governments (especially in Europe) and interest groups. Facebook is working hard to come up with an approach to speech governments wish to see curtailed (Washington Post). The social network casts its efforts as an enforcement of “community standards” (Facebook Newsroom).
A server belonging to communications firm Vovox has exposed millions of SMS messages. The server was unprotected and left open to inspection (TechCrunch).
Russian banks are under a phishing attack by Silence, a criminal group thought to have infosec roots (BleepingComputer).
The US Justice Department seems to have inadvertently revealed (through a cut-and-paste error) that it’s indicted Wikileaks founder Julian Assange. The indictment (if any) appears to be under seal, but Mr. Assange’s name and what appear to be passages that describe him turned up, out-of-place, in a completely unrelated indictment. What if anything Mr. Assange is being charged with remains unclear (Ars Technica).
Securing the Vote: How Easily Could Our Elections Be Hacked?
U.S. voting systems are broken. They are peppered with risks from people, process, and technology – and something must be done to regain voter confidence. In the latest Securealities report, Coalfire identifies these vulnerabilities and provides recommendations for remediation based on analyses from their work on voting networks and systems, plus 3,000 cybersecurity engagements in the past year.
Cyber Security Summit: November 29 in Los Angeles(Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Rapid Prototyping Event: The Turing Test(Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.
China’s Cyber Cop Ups the Pressure to Control Online Speech(Wall Street Journal) China’s chief cybercensor is raising the pressure on internet companies to police online speech, requiring they keep extensive records about users and alert authorities about the spread of what the government deems harmful content.
Emotet infection with IcedID banking Trojan(SANS Internet Storm Center) Emotet malware is distributed through malicious spam (malspam), and its active nearly every day--at least every weekday. Sometimes the criminals behind Emotet take a break, such as a one month-long hiatus from early October through early November, but the infrastructure pushing Emotet has been very active since Monday 2018-11-05.
Russian Banks Under Phishing Attack(BleepingComputer) Banks in Russia today were the target of a massive phishing campaign that aimed to deliver a tool used by the Silence group of hackers believed to have a background in legitimate infosec activities.
5 Privacy Mistakes that Leave You Vulnerable Online(HackRead) When news broke about Cambridge Analytica, the Internet went into a frenzy: “How could Facebook do this!” “Facebook should be made accountable!” Besides the fact that I think the whole Cambridge Analytica issue was blown out of proportion, I believe bigger issue is the fact that very few people are willing to be responsible for their own privacy: the kind of permissions we give to apps and sites like Facebook, freely allowing applications and websites to access our location information, etc, are just some of the ways we jeopardize our own privacy.
Introducing WatchGuard’s 2019 Security Predictions(Secplicity - Security Simplified) As we move into 2019, once again, it’s time to offer our annual security predictions. What threats could have the biggest impact on businesses? How will malware continue to evolve? Will we see a continued escalation of state-sponsored attacks? Our predictions this year take a dystopian theme, and it’s no surprise following a year full of …
Cyber security will be the single biggest risk in 2019(Asia Insurance Review) Cyber security will perhaps be the single biggest risk that organisations are likely to face in 2019 according to the third edition of European Confederation of Institutes of Internal Auditing's (ECIIA) annual report Risk in Focus.
DirtySecurity Podcast: Chris Stephen on What Separates Cylance from the Herd(Security Boulevard) In this week’s episode of DirtySecurity, guest host Matt Stephenson talks with Chris Stephen about what Cylance is doing that is so fundamentally different from the old guard of the cybersecurity industry and the new kids trying to make a splash. Are Cylance’s claims about artificial intelligence real? Tune in and judge for yourself.
Data Protection Firm Cognigo Raises $8.5 Million(SecurityWeek) Cognigo, a Tel Aviv, Israel-based startup focused on data protection and compliance, has completed an $8.5 million Series A round of funding led by OurCrowd, with Prosegur, and State of Mind Ventures.
SEC Awards Booz Allen Spot on 10-yr $2.5B IT Contract(Odessa American) In an ever-changing financial regulatory environment, the U.S. Securities and Exchange Commission (SEC) must constantly leverage technological capabilities to meet the commission’s evolving business needs.
Italians clearly aren’t that suspicious of Huawei(Telecoms.com) Despite governments around the world turning against Chinese vendors, Telecom Italia has agreed a new partnership with Huawei based on Software Defined Wide Area Network (SD-WAN) technology.
Facebook ‘smears rivals’ like Apple to hide failings(Times) When Mark Zuckerberg banned Facebook executives from using iPhones it appeared to be a petulant, kneejerk response to criticism from the Apple boss, Tim Cook. However, the edict was said to be part...
Facebook has other ties to Definers, the GOP-led opposition research group(TechCrunch) In the wake of a fairly catastrophic behind the scenes glimpse into Facebook’s high-level decision making, one question remains: Who brought a controversial Republican opposition research firm into the fold? In a long call with reporters on Thursday, Mark Zuckerberg denied any knowledge of hi…
NAB offers new Cybersecurity certificates programm(Global Security Mag Online) The National Association of Broadcasters (NAB) is releasing a robust Broadcast Cybersecurity Certificate Program for engineering and information technology professionals. The online program is specifically tailored to the needs of the broadcast industry and is available to NAB members and nonmembers.
GreatHorn Expands Email Security Platform(SecurityWeek) GreatHorn has expanded its phishing protection system into a complete email security platform that addresses every potential stage of a phishing attack with integrated threat detection, protection, and incident response.
Intel and NCSA Share Tips for Safe Online Holiday Shopping(AP NEWS) Heads up holiday shoppers! As you scour the internet for end-of-the-year deals and discounts, it’s important to protect your PC from hackers and fraudsters who are looking for an opportunity to steal your personal information. While online shopping has made our lives easier, it potentially exposes us to new vulnerabilities that can compromise our identities and personal data and provide access to our credit card and bank account information. In order to help shop online safely this season, let’s take a look at some safety tips.
Alphabet, Microsoft leaders named to National Security Commission on Artificial Intelligence(Fedscoop) Two West Coast tech experts were chosen Wednesday by the Republican and Democratic leaders of the House Armed Services Committee to serve on the new National Security Commission on Artificial Intelligence. Armed Services Chairman Mac Thornberry, R-Texas appointed Eric Schmidt, technical adviser to the board of Google parent company Alphabet, while ranking member Adam Smith, D-Wash., went with …
Facebook under pressure over Soros smear tactics(TechCrunch) Facebook is facing calls to conduct an external investigation into its own lobbying and PR activities by an aide to billionaire George Soros. BuzzFeed reports that Michael Vachon, an advisor to the chairman at Soros Fund Management, made the call in a letter to friends and colleagues. The call foll…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Global Cyber Innovation Summit(Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...
Kingdom Cyber Security(Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
IEEE WIE Forum USA East(White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.