Where do cyber security professionals go to find jobs and career advice?
CyberSecJobs.com features thousands of opportunities across the country and overseas for cyber security pros. Check us out today by visiting CyberSecJobs.com.
October 9, 2018.
By The CyberWire Staff
Germany has joined other nations in attributing widespread cyberattacks to Russia's GRU ("APT28," a.k.a. Fancy Bear). Brazil is voicing concerns about Russian election influence operations. The UK is preparing a retaliatory capability against Russian cyberattacks.
Bloomberg's report of Chinese hardware seeding attacks on the IT supply chain receives more skeptical criticism. Both Apple and Amazon quickly denied the report as soon as it was published. On Friday the UK's National Cyber Security Centre said it had no reason to doubt Apple's and Amazon's assessments. On Saturday the US Department of Homeland Security agreed: "Like our partners in the UK...at this time we have no reason to doubt the statements from the companies named in the story." Both DHS and GCHQ deny investigating the issue.
Google announced yesterday that it would wind down its social network. Google+ had been commercially disappointing. It was also leaky: the Wall Street Journal reports that Google+ revealed user data to app developers without users' knowledge. The Journal says Google knew about the API issue in March, but decided on legal advice that it wasn't strictly speaking obligated to disclose it. Mountain View feared regulatory scrutiny and reputational damage. (It will now receive both.)
In the UK, the High Court threw out a suit that could have cost Google £3.3 billion. The suit concerned illegitimate data collection rom Apple's Safari browser (the "Safari Workaround") between August 2011 and February 2012. Google has settled various US claims over the same incident for a total of $39.5 million.
Today's issue includes events affecting Australia, Brazil, Canada, China, Denmark, Germany, India, Indonesia, Iraq, Italy, Democratic Peoples Republic of Korea, Latvia, Netherlands, Russia, Saudi Arabia, Syria, Turkey, Ukraine, United Kingdom, United States.
Find out what midsized enterprises are doing right to hit the cybersecurity “sweet spot.”
Despite having bigger budgets and greater resources, large enterprises aren't better protected from cyberattacks than are their smaller counterparts. The sweet spot for cybersecurity is found among midsized businesses, which testing finds performed best at protecting their assets and mitigating their security risks. That's the conclusion of Coalfire's inaugural Coalfire Penetration Risk Report, based on more than 300 penetration tests in 148 companies worldwide. Download the report to gather data-driven insights and make informed decisions based on Coalfire’s innovative analysis.
Cyber Security Summits: October 16 in Phoenix and on November 29 in Los Angeles(Phoenix, Arizona, United States, October 16, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The CIA, Verizon, AT&T, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
SecurityWeek 2018 Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, United States, October 22 - 25, 2018) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Register today for the original ICS/SCADA Cyber Security Conference – October 22-25 in Atlanta.
Google Exposed User Data, Feared Repercussions of Disclosing to Public(Wall Street Journal) Google exposed the private data of hundreds of thousands of users of the Google+ social network, though it didn’t find evidence of misuse. The company opted not to disclose the issue this past spring, in part because of fears doing so would draw regulatory scrutiny.
RIP Google+. We Hardly Knew Ye. (Wall Street Journal) Few tears were shed Monday over the death of Google+, the search giant’s oft-derided effort at challenging Facebook in social media.
Shedding Skin – Turla’s Fresh Faces(Securelist) Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT.
Denmark Reportedly Calls for Attacking Russia in Cyberspace(Sputnik) Earlier this week, the US and the Netherlands accused Russian intelligence services of cyberattacks against different international organizations, including the Organisation for the Prohibition of Chemical Weapons, anti-doping agencies and sports federations. Moscow responded by saying about Western governments' "spy mania."
Five Trends in Attacks on Industrial Control Systems(eWEEK) Attacks on industrial control systems are up, according to Kaspersky and Symantec. Yet, there are specific trends in the attack data: Developing countries are being hit harder than Western Europe and the United States; most attacks come via the internet, removable drives or email; and between 1 and 4 percent of IC systems are attacked by cryptocurrency malware each month.
DHS Warns of Cybersecurity Threats to Agriculture Industry(BleepingComputer) A new report from the U.S. Department of Homeland Security called Threats to Precision Agriculture warns against the cybersecurity risks faced by the emerging technologies being adopted by the agricultural industry.
Silence: Moving into the Darkside(Group-IB) Group-IB has exposed the attacks committed by Silence cybercriminal group. While the gang had previously targeted Russian banks, Group-IB experts also have discovered evidence of the group's activity in more than 25 countries worldwide.
Git Project Patches Remote Code Execution Vulnerability in Git(BleepingComputer) The Git Project announced yesterday a critical arbitrary code execution vulnerability in the Git command line client, Git Desktop, and Atom that could allow malicious repositories to remotely execute commands on a vulnerable machine.
Google's Privacy Whiplash Shows Big Tech's Inherent Contradictions(WIRED) Google announced on Monday that it is shuttering its Google+ social network, following revelations in a Wall Street Journal report that the company did not disclose a recently discovered bug that had exposed data from up to 500,000 Google+ users users since 2015.
India invites Huawei for 5G trials despite security concerns(TelecomLead) India Government has invited Huawei, the largest telecom equipment maker, for conducting the 5G trials in the country. India aims to conduct 5G spectrum auction towards the end of 2019 due to weak financial conditions of the telecom industry.
Trump administration tackles pipeline cybersecurity(Utility Dive) The U.S. Department of Energy and the Department of Homeland Security this week co-chaired a meeting with the oil and gas industry to address how pipelines can be protected from cyberattacks.
Catching hackers in the act(Santa Fe New Mexican) At Los Alamos National Laboratory, where some of the nation’s most precious secrets are kept, we’re not only working to guard our own information; we’re also developing tools to help
Graduate Student Solves Quantum Verification Problem(Quanta Magazine) Urmila Mahadev spent eight years in graduate school solving one of the most basic questions in quantum computation: How do you know whether a quantum computer has done anything quantum at all?
UK war-games cyber attack on Moscow(Times) Defence chiefs have war-gamed a massive cyber-strike to black out Moscow if Vladimir Putin launches a military attack on the West, after concluding that the only other way of hitting back would be...
Cybercrime and cybersecurity surveys reveal important answers(WeLiveSecurity) Public support for efforts to reduce negative incidents in cyberspace is critical to society’s efforts to preserve the benefits of digital technologies. By having regular surveys on cybercrime and cybersecurity we can better gauge public opinion in relation to the topic.
What New Calif. Law Means For Connected Medical Devices(Law360) Last month, California passed the first-ever state legislation aimed at regulating "internet of things" devices. The new law restricts liability to manufacturers of physical hardware — drawing a narrower line than the U.S. Food and Drug Administration's previous guidance, say Michael Buchanan and Michelle Bufano of Patterson Belknap Webb & Tyler LLP.
Military doctor named as second novichok spy(Times) The second suspect in the Salisbury poisoning was unmasked last night as a military doctor working for Russian intelligence. Alexander Yevgenyevich Mishkin, 39, allegedly travelled to Britain in...
Silk Road Admin Pleads Guilty(SecurityWeek) Gary Davis of Ireland pled guilty in a United States court to his role in the administration of Silk Road, a black-market website, and now faces up to 20 years in prison.
Amazon Fires Employee for Sharing Customer Emails(Wall Street Journal) Amazon.com said it has terminated an employee responsible for an incident in which a third-party seller on the tech giant’s website got access to email addresses of some Amazon customers.
4th European Cybersecurity Forum – CYBERSEC(Krakow, Poland, October 8 - 9, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
4th European Cybersecurity Forum – CYBERSEC(Krakow, Poland, October 8 - 9, 2018) CYBERSEC is a public policy conference dedicated to strategic aspects of cyberspace and cybersecurity. CYBERSEC 2017 brought together record-breaking 150 speakers and more than 1,000 delegates from all...
8th Annual (ISC)2 Security Congress(New Orleans, Louisiana, USA, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices,...
CyberMaryland 2018(Baltimore, Maryland, USA, October 9 - 10, 2018) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private...
HoshoCon 2018(Las Vegas, Nevada, USA, October 9 - 11, 2018) Over 3 days, attendees will gain firsthand knowledge about blockchain security. You are invited to converse with technologists working on blockchain and cryptocurrency projects, hear key insights from...
U.S. Department of Transportation Cybersecurity Symposium(Washington, DC, USA, October 9 - 10, 2018) The U.S. Department of Transportation (DOT) Cybersecurity Symposium is 2 days of training sessions and educational seminars focused on the mission of protecting government networks and privacy. Hosted...
SecureWorld Dallas(Dallas, Texas, USA, October 10 - 11, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Florida Cyber Conference 2018(Tampa, Florida, USA, October 10 - 11, 2018) The Florida Cyber Conference has quickly become the “can’t miss” networking event for Florida’s stakeholders in cybersecurity, bringing together a diverse audience from multiple sectors to encourage dialogue,...
Geneva Information Security Day(Geneva, Switzerland, October 12, 2018) Geneva Information Security Day (GISD) is a leading European cybersecurity conference created as a vendor-independent platform for open and actionable discussion of emerging digital threats and remedies,...
FAIRCON18(Pittsburgh, Pennsylvnia, USA, October 14 - 18, 2018) Focused on advancing cyber, operational risk management.The event will feature in-depth training seminars, insightful presentations from industry leaders, candid executive and practitioner-led discussions...
The Cyber Security Summit: Phoenix(Phoenix, Arizona, USA, October 16, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Zero Day Con: Hacking Democracy(Washington, DC, USA, October 16, 2018) Join Zero Day Con and Strategic Cyber Ventures on October 16th in Washington, D.C. to examine the path forward in reducing our attack surface, managing risk, regaining control of our networks and data,...
FAIRCON18(Pittsburgh, Pennsylvania, USA, October 16 - 17, 2018) Hosted by the FAIR Institute and Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy, the 2018 FAIR Conference brings leaders...
PCI Security Standards Europe Community Meeting(London, England, UK, October 16 - 18, 2018) The PCI Security Standards Council’s 2018 Europe Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry effort...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.