What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
April 18, 2019.
By the CyberWire staff
Cisco Talos describes "Sea Turtle," a state-directed espionage campaign that's been active since early 2017. Most of Sea Turtle's operations have been in the Middle East, and the campaign is noteworthy for its sophisticated Domain Name System (DNS) manipulation. Cisco Talos divides the victims into "two distinct groups." The first group includes the targets proper: energy organizations, defense establishments, and foreign ministries. The second group are third-parties used to reach the primary targets: telcos, ISPs, and DNS registrars. CrowdStrike and FireEye had earlier described aspects of this DNS-manipulation campaign. FireEye tentatively attributed it to Iran.
Buzzfeed says Google has booted six ad-fraud apps from the Play store.
Yesterday Facebook acknowledged inadvertently uploading email contacts of a million-and-a-half users without the users' consent. The social network regrets this, and says it will remove contacts uploaded in connection with its now-disenabled email password verification feature. The contacts may have found their way into data used to draw inferences for ad-targeting and the People You May Know feature. Whether those inferences will also be removed is, the Guardian reports, unknown.
ZeroFOX sees a wave of opportunistic scamming conducted around the Notre Dame fire: ad fraud, direct fraud, malware installation, and even stock fraud.
The Washington Post interviews a professor who sees problems with the conduct of cybersecurity research. The issues apparently derive from how research uses data entangled with marketing that are better adapted to persuasion than replication.
The Mueller report is being released this morning. CNN and others are following the story.
Today's issue includes events affecting Brazil, Canada, China, France, India, Iran, Italy, Indonesia, Republic of Korea, Liberia, NATO/OTAN, New Zealand, Nigeria, Romania, Russia, Singapore, United Kingdom, United States.
Today is the CyberWire's third anniversary as an independent business, and we'd like to mark the occasion with a sincere thank you to all of our sponsors, patrons, listeners, and readers. On behalf of our whole team, thanks for reading and listening.
Earn Your Master’s in Cybersecurity from Georgetown
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee takes a look back at the evolution of ICS technology. Our guest is Nathan Katzenstein. He’s worked twenty years in IT, and he offers his perspective on the job market as he finishes up a master's degree in cybersecurity at Utica College.
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Hackers Are Messing With the 'Web's Phone Book' For Espionage(PCMAG) The suspected government-backed hackers have been infiltrating companies that run the Domain Name System, including internet service providers and web-hosting organizations, allowing them to corrupt the "phone book of the internet," security researchers warn.
CyberInt Reports: Suspected Russian-speaking Threat Actors Targeting Korea(Korea IT Times) [Tel Aviv] Investigation from CyberInt’s Research Lab announced on April 17 that has connected a single gang to a range of attacks against retailers and financial institutions around the world using legitimate remote access software. CyberInt’s managed detection and response solutions protect the wo
Chipotle customers are saying their accounts have been hacked(TechCrunch) A stream of Chipotle customers have said their accounts have been hacked and are reporting fraudulent orders charged to their credit cards — sometimes totaling hundreds of dollars. Customers have posted on several Reddit threads complaining of account breaches and many more have tweeted at @Chipotl…
Ad blocker firms rush to fix security bug(Naked Security) If you’re using an ad blocker to filter out online commercials, then beware: You might be vulnerable to a new attack revealed on Monday that enables hackers to compromise your browser.
Why India's trojan menace will only increase(Live Mint) Almost three in four banks in Asia Pacific anticipate that fraud in their country will increase in 2019, said a new report by FICO.Cybersecurity continues to be a major issue in India with 76.3% of organizations hit by cyber attacks in the last year, a global survey from security firm Sophos corroborated
Over 80% of All Phishing Attacks Targeted U.S. Organizations(BleepingComputer) U.S. entities remained the most attractive targets of phishing attacks throughout 2018, with an estimated 84% of the total volume of millions of incidents analyzed during the last year by threat intelligence company PhishLabs.
Cyber pricing: Have carriers got it right?(Canadian Underwriter) Cyber insurance is a good tool to help clients understand their vulnerabilities, but carriers need to do a better job of pricing according to risk, speakers suggested at a recent conference. “There seems to be a lot of spit-balling on…
Orange Cyberdefense s’implante à Casablanca(afriqueactudaily) Le groupe Orange renforce ses solutions au profit des entreprises marocaines en procédant, vendredi, à l’implantation à Casablanca de sa filiale Orange Cyberdefense, spécialisée dans la sécurisation des actifs numériques.
Accenture Opens Federal Cyber Center in San Antonio(Hastings Tribune) Accenture (NYSE: ACN) has launched the Accenture Federal Services (AFS) Cyber Center, a state-of-the-art facility in San Antonio that provides cybersecurity capabilities on an as-a-service basis
IoT device monitoring added to Nyansa Voyance(SearchNetworking) Nyansa has added IoT device monitoring to its network monitoring software. The latest version of Nyansa Voyance can monitor the activity of IoT devices found in healthcare and retail.
The Economic Side Of Cyber Security Risk Management(Cyber Security Hub) Robert (Bob) Vescio is the Chief Analytics Officer of Secure Systems Innovation Corporation, and he is recognized as one of the industry's foremost experts in the area of cyber risk economics. He joined Host George Rettas, president and CEO of TF 7 Radio on Monday night.
Emotionally intelligent AI will respond to how you feel(The Next Web) Artificial intelligence offers us an opportunity to amplify service and the integration of technology in everyday lives many times over. But until very recently, there remained a significant barrier in how sophisticated the technology could be. Without a complete understanding of emotion in voice and how AI can capture and measure it, inanimate assistants (voice …
Research and Development
Army researchers identify new way to improve cybersecurity(U.S. Army Research Laboratory) With cybersecurity one of the nation's top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it. Researchers at the U.S. Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.
Huawei CEO offered Berlin no-spy deal to soften 5G concerns: Wirtschaftswoche(The Mighty 790 KFGO) China's Huawei offered Berlin a "no-spy agreement" to address security concerns over the Chinese company's involvement in building Germany's next-generation 5G mobile infrastructure, a German magazine said on Wednesday. "Last month, we talked to the German Interior Ministry and said that we were ready to sign a no-spy agreemen...
EU Parliament Votes to Ban Ticketing Bots(Billboard) The European Parliament has voted to ban the use of automated software -- or "bots," as they are more commonly known -- to mass-purchase concert tickets which are then resold at inflated rates on the secondary market.
Liberia allays cyber security threat fears(Journal du Cameroun) Liberia’s Ministry of Posts and Telecommunications has assured the business community that the government will ensure that their businesses are protected against cyber security threats in the country.According to Posts and Telecommunications Minister Cooper Kruah, the Coalition for Democratic Change (CDC) led Government takes the protection of businesses and the general economy from this growing threat very …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security Lunch & Learn(Waltham, Massachusetts, USA, April 30, 2019) Data Security breaches happen daily. Security and protection of intellectual property, financial information and client data require the strongest levels of protection from theft or attack, both inside...
CyCon 2.0 Manassas Edition(Manassas, Virginia, USA, June 15, 2019) CyCon is touching down in Manassas with a full lineup of experts in the field of Cybersecurity to present on current topics or demo bleeding edge technologies.
Nashville Cybersecurity Conference(Nashville, Tennessee, USA, November 21, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Dallas Cybersecurity Conference(Dallas, Texas, USA, December 4, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
St, Louis Cybersecurity Conference(St. Louis, Missouri, USA, December 5, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Anaheim Cybesecurity Conference(Anaheim, California, USA, December 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cincinnati Cybersecurity Conference(Cincinnati, Ohio, USA, December 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Insider Threat Summit 2019 (ITS5)(Monterey Bay, California, USA, April 17 - 18, 2019) ITS5 brings Government and Industry organizations and cybersecurity leaders together to better understand the type of threats that impact infrastructure and overall operations. Our two-day summit will...
SecureWorld Houston(Houston, Texas, USA, April 18, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
INSA Spring Symposium: Managing the Evolving Cyber Landscape(Arlington, Virginia, USA, April 18, 2019) Join INSA on Tuesday, April 16 for our annual Spring Symposium. The 2019 theme, Managing the Evolving Cyber Landscape, focuses on the need for a strong, secure digital infrastructure. Hear from senior...
Data Connectors Cybersecurity Conference Hartford(Hartford, Connecticut, USA, April 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.