Optimize your security teams with threat intelligence.
At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.
October 3, 2018.
By The CyberWire Staff
Facebook says that so far it's seen no evidence of illicit sign-ons to third-party apps. There have been concerns that the social media platform's Facebook Login feature would expose applications to fraud or hijacking. Irish authorities (the "one-stop shop" for Facebook with respect to GDPR enforcement) are proceeding with their investigation of the breach.
Cofense warns users of the free Zoho Office Suite that they're at risk of data exfiltration attacks. Criminals have opened multiple keylogging campaigns that exploit the product.
High-profile Instagram users, "influencers," are being subjected to an account hijacking campaign in which criminals are holding the victims' accounts for ransom.
Radware and Qihoo 360 are independently tracking a very large botnet that's intercepting traffic destined for Brazilian banks.
Tenable warns that widely-used TP-Link TL-WR841N consumer routers are susceptible to attacks that concatenate a series of flaws to obtain control over the devices. TP-Link has yet to fix the vulnerable firmware.
Several companies have patched their widely used products. Adobe has fixed eighty-five issues (forty-seven of them critical) in Acrobat and Reader. Google has addressed six critical remote code execution vulnerabilities in the Android operating system. Mountain View has also put measures in place to introduce more privacy and security into app development.
There are Fortnite cheats circulating in instructional videos posted to YouTube. Players who attempt to use them are likely to be infected with malware for their troubles. There's similar stuff on offer through Instagram posts. Don't cheat. (And the cheats wouldn't improve your dance anyway.)
Create a culture of cybersecurity awareness with Coachable Moments.
According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.
ON THE PODCAST
In today's podcast, we speak with our partners at Webroot: David Dufour discusses the evolution of online games into social networks, and what that means for security. (We do not address the big question, however, which would be, is the Fortnite dance really just a virtual Charleston?) Our guest, Michael Feieretag from tCell, presents the results from their Q2 incident report.
CyberMaryland Job Fair on October 9 in Baltimore, MD.(Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.
Cyber Security Summits: October 16 in Phoenix and on November 29 in Los Angeles(Phoenix, Arizona, United States, October 16, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The CIA, Verizon, AT&T, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Cyber Attacks, Threats, and Vulnerabilities
Facebook Login Update(Facebook Newsroom) Our investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.
2018 Cybersecurity Trends Research(CompTIA) Free download of CompTIA's official industry analysis on 2018 trends in Cybersecurity. Learn about the new innovations and opportunities happening this year.
Microsoft report reveals top 3 cyberthreats in Saudi Arabia(Arab News) DUBAI: Digital transformation will generate an extra $16.9 billion in revenue each year for the Middle East between now and 2021, according to Microsoft. Because of this, Saudi Arabia has become an enticing target for cybercriminals because of insecure consumer habits and inadequate security measures, the company’s cybersecurity study has revealed. The study highlights top three kinds of cyberthreats the Kingdom faces.
Cyberattacks Are Becoming A Greater Challenge For The Energy Industry(Forbes) Cyber adversaries have increasing incentives and opportunities to target critical energy infrastructure. Shoring up infrastructure industries is critical not just because cyber adversaries have more and more motives for attacks, but today’s expanding attack landscape, adds urgency to the situation.
Security startup Tanium raises another $200M at a $6.5B valuation(TechCrunch) Security continues to remain top of mind for organizations and consumers, as each day seems to bring another high-profile network breach. One of the faster-growing startups in the space is capitalising on that by raising some significant funding to fuel its growth. Tanium today said that it has rai…
Palo Alto Networks to acquire RedLock for $173 M to beef up cloud security(TechCrunch) Palo Alto Networks launched in 2005 in the age of firewalls. As we all know by now, the enterprise expanded beyond the cozy confines of a firewall long ago and vendors like Palo Alto have moved to securing data in the cloud now too. To that end, the company announced its intent to pay $173 [&hellip…
AdaptiveMobile Security Introduces Commercial Traffic Management(ReadITQuik) The company noted that the A2P SMS market is expected to be worth $26.61 billion in 2022, which translates into an opportunity for carriers and aggregators to introduce supplementary management and analytics to these messages to make sure that A2P messages are distinguished as well as priced appropriately on the basis of their value to the sender.
Anti-spam service Truecaller is now a messaging app too(TechCrunch) Truecaller, the app that helps screen spam calls and messages, is becoming a chat app as it continues to develop into a social service. The company announced today that it is introducing a chat feature to its Android and iOS apps, although it is already live for Android beta users. The move follows…
You gotta fight, for your right, to erasure(Help Net Security) The right to erasure grants any user or customer the right to request that an organization deletes all data related or associated to them without delay.
Jargon Buster Guide to Post Quantum Cryptography(ComputerWeekly.com) This Jargon Buster will help you to understand the key concepts of quantum computing and why businesses should be acting now to ensure they are able to encrypt sensitive data in a secure way in a post-quantum era.
Existence and Smoothness of Navier-Stokes Equations(ArXiv) In this paper we propose new method for proving of global solutions for 3D Navier-Stokes equations. This complies an application to the Clay Institute Millennium Prize Navier Stokes Problem. The proposed method can be applied for investigation of global solutions for other classes of PDEs.
Legislation, Policy, and Regulation
Is the U.S. Using Sanctions Too Aggressively?(Foreign Affairs) The United States’ use of sanctions has exploded over the past decade. An analysis by the law firm Gibson Dunn found that President Donald Trump’s administration added nearly 1,000 people, companies, and entities to U.S. sanctions lists during 2017, nearly 30 percent more than the number added during former President Barack Obama’s last year in office.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
COSAC & SABSA World Congress(Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content...
Cyber Defense Summit 2018(Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...
Retail Cyber Intelligence Summit(Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference...
IP Expo Europe(London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO...
Borderless Cyber USA 2018(Washington, DC, USA, October 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across...
Borderless Cyber USA(Washington, DC, USA, October 3 - 5, 2018) Automation, people, information sharing, intelligence, risk and the economics of risk have been identified as key cybersecurity strategy measures to focus on in order to keep pace with modern threats.
MSPWorld® Peer Group & Data Analytics Summit(Las Vegas, Nevada, USA, October 4 - 5, 2018) The MSPWorld® Peer Group & Data Analytics Summit is a revolutionary new concept for the managed services executive. Accessible only by MSPs, this conference will focus on small, peer lead groups exchanging...
4th European Cybersecurity Forum – CYBERSEC(Krakow, Poland, October 8 - 9, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
4th European Cybersecurity Forum – CYBERSEC(Krakow, Poland, October 8 - 9, 2018) CYBERSEC is a public policy conference dedicated to strategic aspects of cyberspace and cybersecurity. CYBERSEC 2017 brought together record-breaking 150 speakers and more than 1,000 delegates from all...
8th Annual (ISC)2 Security Congress(New Orleans, Louisiana, USA, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices,...
CyberMaryland 2018(Baltimore, Maryland, USA, October 9 - 10, 2018) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private...
HoshoCon 2018(Las Vegas, Nevada, USA, October 9 - 11, 2018) Over 3 days, attendees will gain firsthand knowledge about blockchain security. You are invited to converse with technologists working on blockchain and cryptocurrency projects, hear key insights from...
U.S. Department of Transportation Cybersecurity Symposium(Washington, DC, USA, October 9 - 10, 2018) The U.S. Department of Transportation (DOT) Cybersecurity Symposium is 2 days of training sessions and educational seminars focused on the mission of protecting government networks and privacy. Hosted...
SecureWorld Dallas(Dallas, Texas, USA, October 10 - 11, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.