Optimize your security teams with threat intelligence.
At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.
September 24, 2018.
By The CyberWire Staff
Saturday's terrorist attack on a military parade in the Iranian city of Ahvaz killed at least twenty-nine: twelve members of the Revolutionary Guard and seventeen civilian spectators, including children and the elderly. Responsibility for the murders has been claimed by several groups, including ISIS and the Ahvaz National Resistance (an Arab opposition group that operates a television station from London). Tehran attributes the attack to the separatist Patriotic Arab Democratic Movement in Ahwaz (which denies involvement), but the Islamic Republic places ultimate blame on the US, the UK and the Arab Gulf states. Renewed cyber conflict among Iran, its allies, and its adversaries may be expected.
The Zero Day Initiative at the end of last week reported a vulnerability in the Microsoft JET Database Engine. It's said to affect all versions of Windows. Trend Micro, which discovered the issue, disclosed it to Microsoft. The Zero Day Initiative has gone public with the disclosure because one-hundred-twenty days have elapsed since Redmond was notified. The Register says that 0Patch has promised to offer its own fix; 0Patch has been tweeting about the vulnerability.
ANSSI, France's national information security agency, is asking outsiders to contribute to the development of CLIP OS, ANSSI's Linux-based, security-optimized operating system.
Tough talk about Russian cyber operations and the prospect of Western retaliation has been emerging from both the US and the UK.
Russian regional elections appear not to have gone entirely as Moscow would have wished.
Stolen frequent-flier miles are a hot commodity in dark web souks.
Is your company passionate about empowering women to succeed in the cyber security industry?
The CyberWire’s 5th Annual Women in Cyber Security reception is a networking event that highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. Visit our website to learn more.
And, in case you missed it, be sure to check out the most recent episode of Research Saturday. This one looks at what industrial control system honeypots turn up. We speak with Ross Rustici, senior director of intelligence services at Cybereason, and he shares the news that it's no longer just the nation-states fiddling with industrial control systems.
FireEye Cyber Defense Summit 2018(Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.
CyberMaryland Job Fair on October 9 in Baltimore, MD.(Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
ZDI Shares Details of Microsoft JET Database Zero-Day(SecurityWeek) Trend Micro's Zero Day Initiative (ZDI) has shared details on a zero-day vulnerability impacting the Microsoft JET Database Engine. ET Database Engine that could be exploited for remote code execution.
SMB Pulse Survey(Webroot) Webroot and the small- to medium-sized business (SMB) focused research agency Bredin recently conducted a survey on the cybersecurity habits of small (1-19), medium (20-99), and large (100-500) companies.
50 Best Cloud Security Podcasts(Security Boulevard) Some of the earliest podcasters were influencers in the technology and online space. For well over a decade, programs that specifically discuss security news and topics have been keeping people up to date on data and systems safety. For many, it’s the ideal medium to learn about the latest happenings in the industry via a …
U.S. General Services Administration Selects HackerOne as TTS Bug Bounty Partner(Odessa American) HackerOne, the leading hacker-powered security platform, today announced the General Service Administration’s (GSA) Technology Transformation Service (TTS) awarded HackerOne a multi-year contract to run a bug bounty program. GSA was the first federal civilian agency to engage in a bug bounty program and continues their ongoing momentum with this latest bug bounty contract.
What do you mean by storage encryption?(Help Net Security) In my year-long research project, the F5 Labs’ 2018 Application Protection Report, I asked if security professionals used storage encryption for data and
5 Reasons why e-commerce sites need a token gateway(Rambus) Growing card-not-present fraud is driving demand for card-on-file EMV payment tokenization. As industry players look to simplify tokenization initiatives, token gateway solutions can deliver considerable competitive advantages:
We are all at risk from high-tech snooping(Times) Smuggling Oleg Gordievsky out of the Soviet Union under the noses of the KGB was one of the greatest feats in British intelligence history. It wouldn’t work today. Britain’s top spy in the KGB...
PAID POST: Can blockchain save the vote?(TechCrunch) Elections are a symbol of hope and freedom, and the right to vote is an expression of belonging and of having a voice. We trust our electoral systems to preserve an immutable record of the voices we have raised, and the choices we have made. Yet the concept of “one person, one vote” is [&hel…
Sinclair receives almost $1 million in grant award(WDTN) The grant money will be used to support the Community College Accelerated CyberCorp Pilot Program, a project that aims to help strengthen cybersecurity education programs and improve security of information technology across the country.
Trump eases curbs on US cyber weapons as election threat looms(The Straits Times) President Donald Trump has issued an order making it easier for the United States to launch cyber attacks, highlighting the potential for a counter-attack if a foreign government is found to be trying to meddle in congressional elections in November.. Read more at straitstimes.com.
DHS cyber-agency bill may finally come to pass; will it make a difference?(Inside Cybersecurity) The frenetic recent efforts by Senate Homeland Security and Governmental Affairs Chairman Ron Johnson (R-WI) to secure final passage of a long-stalled DHS reorganization measure may finally pay off -- prompting the next question: whether creation of a cyber agency at the Department of Homeland Security actually improves cybersecurity.
Separate The NSA And Cyber Command Now(Law360) Since its inception in 2009, U.S. Cyber Command has been functioning concurrently and under the same leadership as the National Security Agency. In the beginning this may have been appropriate, but in today’s environment they should be conducting their missions independently, says Daniel Garrie of JAMS.
Social media is a battlefield that can perpetuate sexual violence and cyber-bullying(Times Live) Rape culture and cyber-bullying are dominating the spaces students at higher-education institutions find themselves in. The South African Human Rights Commission (SAHRC) in collaboration with the University of Johannesburg held a dialogue in an effort to unpack the causes and solutions to the challenges of rape culture and cyber-bullying at universities.
Iran vows vengeance after military parade slaughter(Times) Iran furiously condemned Britain and other European countries for “harbouring terrorists” yesterday as it accused the West of orchestrating an attack on a military parade that killed 29 people. A...
Why was Equifax fined for 2017 cyber attack?(Evening Standard) Credit reference agency Equifax has been fined £500,000 for failing to protect peoples' personal information during a 2017 cyber attack. Up to 15 million Brits had their personal information compromised in the attack but the company said the breach would not have put consumers at risk.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
4th Annual Cyber Southwest (CSW) Symposium(Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...
IT Security Leadership Exchange(Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique...
Global Security Exchange(Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...
Connect Security World 2018(Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...
The Cyber Security Summit: New York(New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
5th Cyber Operations for National Defense Symposium(Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to...
PCI Security Standards North America Community Meeting(Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort...
Hack the Capitol(Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout...
COSAC & SABSA World Congress(Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content...
Monterey Cyber Security Workshop 2018(Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows...
Cyber Defense Summit 2018(Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...
Retail Cyber Intelligence Summit(Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference...
IP Expo Europe(London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO...
Borderless Cyber USA 2018(Washington, DC, USA, October 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.