Malwarebytes notes the appearance of an "evil cursor" attack that affects recent versions of the Chrome browser. It prevents users from closing a window or a tab by clicking the usual "x" at the top, instead displaying a scare pop-up to drive nervous users to the criminals' bogus service offerings. A number of organized criminal groups are using the evil cursor attack, with the "Partnerstroka" gang first among equals.
Check Point has been following the Ramnit banking Trojan, and they see a seasonal pattern: it peaks during the summer. Why isn't clear: some speculate school-age skids are on summer break with time on their hands.
The Safari browser flaw reported this week does make url spoofing easier, but it's more likely to be a nuisance than a major threat. An easy protection, Sophos says, is to stay clear of easily impersonated http sites.
North Korea denounces the US indictment of one of its Lazarus Group hackers as a "smear campaign," which of course North Korea would. The indictment is part of a long-running American policy of charging officers of foreign government with hacking offenses.
There's much mutually amplifying woofing in social media to the effect that gas explosions in the US Commonwealth of Massachusetts were the result of cyberattacks. This is grossly premature speculation. The incident is under investigation, and such inquiries take time. There are plenty of accidents, and most of them are just that, so wait and see.
$8.76 million: The average yearly cost of insider threats. Get the report.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.
ON THE PODCAST
In today's podcast, we talk with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan shares his frustrations with his bank’s insufficient password practices. Our guest is Ron Gula, former CEO and co-founder of Tenable Network Security, currently President of Gula Tech Adventures, which advises and invests in two dozen cybersecurity companies.
Rapid Prototyping Event: The Chameleon and the Snake(Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.
The force is stronger when MSPs and MSSPs come together.(Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.
The Browser Can Win and Lose Midterm Elections(Washington, DC, United States, September 20, 2018) Join Authentic8 in DC for a happy hour and appetizers. Come learn how a browser can be tracked and used for campaign targeting, what technical hurdles are in the current campaign targeting landscape, and how you can protect yourself.
Cyber Security Summits: September 25 in NYC on October 16 in Phoenix(New York, New York, United States, September 25, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Google, IBM, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
FireEye Cyber Defense Summit 2018(Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
Is Huawei a Genuine Security Threat?(TechCo) Huawei phones are effectively banned from sale in the US, due to suspicion of ties to the Chinese state and military. Would you be safe buying a Huawei phone?
Cyber attack on financial system could trigger next crisis, Charles Schwab strategist says(CNBC) Michael Farr of Farr, Miller and Washington and Liz Ann Sonders, chief investment strategist with Charles Schwab, discussed whether or not a cyber attack could trigger the next financial crisis. Sonders said that a cyber attack on the financial system could create fear in investors and trigger a crisis. Farr agreed, but added that cybersecurity is not the only threat to the economy.
Second Cyrise cohort attracting “more mature” cybersecurity startups(CSO) Australian cybersecurity startups are “a lot more mature” this year and many are ready to go to market as they push for support under the auspices of cybersecurity incubator Cyrise, the firm’s head has noted as the firm counts down the last days for applications to its second round of funding.
Multi-Billion Dollar ICO Market down to a Few Hundred Million(CoinCentral) The Initial Coin Offering (ICO) market is currently experiencing a sharp decline according to August statistics. The industry, which peaked during the months of January, February, and March is believed to be moving down in lockstep with the current floundering cryptocurrency market.
Crypto’s second bubble, Juul has 60 days and three Chinese IPOs(TechCrunch) Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast where we unpack the numbers behind the headlines. After a long run of having guests climb aboard each week, we took a pause on that front, bringing together three of our regular hosts instead: Connie Loizos, Danny Chrich…
What every OT and IT leader should know about protecting industrial control systems and critical infrastructure(Forcepoint) Forcepoint's approach to cybersecurity within critical infrastructure provides the end-user an option to quickly move from visibility to control with Forcepoint NGFW and Forcepoint Data Guard to provide robust network defense and secure segmented network communications. Leveraging defense-grade approaches which are used by top government agencies, customers can deploy a variety of solutions for highly sensitive areas like nuclear and power generation, or meet simple DMZ and remote access requirements.
The Security Maturity Model Knowledge Center(Secureworks) The Secureworks Security Maturity Model is a pragmatic methodology for evaluating your cybersecurity maturity and identifying next steps in your organization's security journey.
New voting machines will provide ‘paper trail’(Delaware State News) Delaware is set to have new voting machines for the 2020 presidential election, with the goal of putting them in place by May’s school board elections. A task force given the responsibility of approving a contract with a vendor to replace the current machines unanimously approved the selection Tuesday, although the choice …
‘Cyber Fog’ exercise aims to strengthen US and Estonian defences(Jane's 360) US and Estonian militaries conducted a joint cyber exercise aimed at boosting their co-ordination and communication in combined cyberspace operations.
The two-day ‘Cyber Fog’ exercise took place in late July/early August at the Estonia Defence Forces Cyber Command in Tallinn. US Navy
Cornell Beats Other Ivies in Cryptocurrency Course Offerings(The Cornell Daily Sun) Cornell is among several other higher education institutions in actively meeting the rising academic interest in this field by offering a total of 28 relevant courses — the largest amount among the world’s top 50 universities as ranked by U.S. News and World Report, beating other Ivy League universities.
University harnesses AI to counter cyber threats(Police Professional) Cardiff University has been named as an Academic Centre of Excellence in Cyber Security Research by the UK’s National Cyber Security Centre (NCSC) – the first institution in Wales to be given this status.
Talking UK Cyberwar With Sir David Omand(SecurityWeek) SecurityWeek talked to Professor Sir David Omand to get a better understanding of the UK viewpoint on the notion that a cyber attack that resulted in actual or threatened loss of life could legally elicit a kinetic military response.
Hackers wage a new Cold War(Help Net Security) Many believe the US and Russia have returned to a Cold War footing, one that promises to re-imagine war. The new Cold War incorporates cyber tactics.
Coercion And Cyberspace – Analysis(Eurasia Review) Cyberspace is a new domain for coercive operations in support of foreign policy and security with advantages for offensive actions and hindrances to its success. By Miguel Alberto Gomez* Over the p…
Venafi Black Hat Survey - Cyber War(Venafi) Venafi conducted a survey at Black Hat 2018 on cyber war and nation state security. Over 500 IT security professionals participated.
Senators: Why we need a better cyber Paul Revere(CNN) Senators Rob Portman and Maggie Hassan write that two bipartisan legislative proposals, the Hack DHS Act and the DHS Cyber Incident Response Teams Act, are necessary to develop a "one if by land, two if by sea"-style warning system for hacking vulnerabilities in the US.
Trump’s Election Meddling Sanctions Will Not Deter Russia(Atlantic Council) US President Donald J. Trump on September 12 issued a new executive order (EO) authorizing sanctions in response to interference in US elections, likely as an attempt to stave off two bipartisan bills circulating in the Senate that would mandate...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FutureTech Expo(Dallas, Texas, USA, September 14 - 16, 2018) With over 2,000 expected attendees, 70 top-notch speakers and 100+ exhibitors from the Blockchain & Bitcoin, Artificial Intelligence, Cyber Security / Hacking, Quantum Computing, 3D Printing, and Virtual...
Insider Threat Program Development-Management Training Course(San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will...
Air Space & Cyber Conference(National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring...
SecureWorld St. Louis(St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
SINET Global Cybersecurity Innovation Summit(London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place...
5th Annual Industrial Control Cyber Security USA(Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges...
Security in our Connected World(Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and...
Detect 18(National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn...
Cyber Beacon(Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community,...
IT Security Leadership Exchange(Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique...
Global Security Exchange(Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...
Connect Security World 2018(Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...
The Cyber Security Summit: New York(New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.