What if your security solution could provide zero doubt?
A foundation of artificial intelligence delivers smart, simple, and secure solutions that change how organizations approach endpoint security. Cylance provides full-spectrum, predictive threat prevention and visibility across the enterprise to combat the everyday - as well as the most notorious and advanced - cyberattacks. Let Cylance help you understand how you can create real confidence in your organization’s security posture and zero in on what really matters.
February 8, 2019.
By the CyberWire staff
The Australian Federal Parliament was subjected to a cyberattack that seems to have been largely unsuccessful. ABC says investigators think it's probably a foreign attack.
Bitdefender warns that Triout spyware has been bundled with altered copies of the legitimate Android privacy app Psiphon. Triout, discovered last year bundled with an adult-content app, records calls, logs incoming texts, records videos, takes pictures and collects GPS coordinates. Bitdefender thinks the combination of high capability and low infection rate suggests that the spyware's masters are using it against carefully selected targets. The clean version of Psiphon is the one sold through Google Play; avoid buying it from other stores.
KrebsOnSecurity reports that there's been a recent phishing campaign targeting officers at credit unions who are responsible for anti-money-laundering measures.
Amazon founder and Washington Post owner Jeff Bezos says AMI, the National Enquirer's corporate parent, is trying to blackmail him into calling the Post off stories AMI would prefer it didn't run. AMI seems to have told Mr. Bezos they have, and will publish, intimate selfies. He's responded by preemptively telling everyone what's in those selfies. How the Enquirer got the selfies is unclear, TechCrunch reports, and also notes that the Enquirer is an old hand at getting embarrassing pictures. AMI, according to the Independent, is conducting its own internal investigation to see if it might have done something wrong, which it doesn't think it did.
Thought IE was a browser? Think again. Microsoft says it's a "compatibility solution" that should be used selectively,
Vendors, suppliers, and independent subsidiaries are gaining more access to your network and sensitive data because today’s business models include outsourcing of non-mission critical programs and tasks, which brings a new world of risk to your organization. In this webinar, LookingGlass Product Manager, Brandon Dobrec and Security Ledger Editor-in-Chief, Paul Roberts will discuss what you need to assess vendors in the modern cyber environment, providing you with the right map to assess your external risk.
Cyber Job Fair, Feb 13, San Antonio(San Antonio, Texas, United States, February 13, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, February 13 in San Antonio. Meet leading cyber employers including AF Civilian Service, CNF Tech, Lockheed Martin, and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.
Cyber Security Summits: February 13th in Atlanta and on April 2nd in Denver(Atlanta, Georgia, United States, February 13 - April 2, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Darktrace and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Rapid Prototyping Event: The Needles in the Haystack(Columbia, Maryland, United States, February 26 - 28, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event in which we hope to find a solution that can not only 'map' the network in the traditional sense but provide inferences as to the most important servers, workstations or hardware devices. Once these assets are identified they could be isolated, replicated or studied closely via live forensics.
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Cyberattack Rattles Australian Parliament(Wall Street Journal) The seat of Australia’s government was hit by a cyberattack that authorities believe came from overseas, but officials said it was intercepted early and did not appear to be an attempt to influence coming national elections.
A Time To Laud In Security(Forbes) Unlike sports, cyber victories are hard to see. Everyone sees the breaches in the headlines, but what is there for those who avoided that? It's critical to take a moment and point out when a team has succeeded in the face of adversity and to learn from it, inside and out.
Qealler – a new JAR-based information stealer(Zscaler) Qealler, a new piece of malware, is written in Java and designed to silently steal credentials in infected machines. ThreatLabZ has observed a rise in the malware's activity, which was detected in the Zscaler Cloud Sandbox.
Triout Android Spyware Framework Makes a Comeback, Abusing App...(Bitdefender Labs) In August 2018, Bitdefender researchers stumbled across an Android malware framework, dubbed Triout, which packed massive surveillance capabilities. Bundled with a legitimate application ripped from the official Google Play marketplace, the spyware...
Phishing by Open Graph Protocol(Security Boulevard) The Open Graph Protocol (OGP) was introduced by Facebook approximately eight years ago to give users a way to have control over the appearance of links on social media platforms.
Social Security Scams Are a Growing Threat to Retirees(Kiplinger) As scammers get more aggressive, some types of Social Security fraud are growing exponentially. Here's what you can do to safeguard your personal data and keep fraudsters from stealing your Social Security benefits.
Opera adds a free VPN to its Android browser app(TechCrunch) Opera became the first browser-maker to bundle a VPN with its service, and now that effort is expanding to mobile. The company announced today that its Android browser app will begin offering a free VPN. The feature will be rolled out to beta users on a gradual basis. The VPN is free and unlimited,…
Google makes it easier for cheap phones and smart devices to encrypt your data(TechCrunch) Encryption is an important part of the whole securing-your-data package, but it's easy to underestimate the amount of complexity it adds to any service or device. One part of that is the amount of processing encryption takes — an amount that could be impractical on small or low-end devices. Google …
Latest Quarterly Threat Report(Proofpoint) The Proofpoint Quarterly Threat Report highlights the threats, trends, and key takeaways for threats we see within our global customer base and in the broader threat landscape. Download the Q4 2018 Report to get actionable intelligence you can use to: Better combat today’s attacks Anticipate emerging threats Manage your security posture
Towards an AI Economy that Works for All(Keystone Research) This is the first report of a Keystone Research Center project on the “Future of Work.” The aim is to identify public policies that could help ensure that the application and diffusion of artificial intelligence (AI) over the next several decades fosters an economy in which Americans generally thrive.
Businesses at Work 2019(Okta) Welcome to the fifth Businesses @ Work report, an in-depth look into how organizations and people work today — exploring workforces and customers, and the applications and services they use to be productive.
Post-Shutdown, Are Feds Going to RSA Conference?(Meritalk) Less than two weeks after the end of the partial Federal government shutdown and with the looming threat of another such disruption coming on Feb. 15, will Federal government IT officials in large numbers be making the trip out west to the U.S.’s preeminent cybersecurity conference next month?
Apple to compensate teenager who found Group FaceTime eavesdrop bug(TechCrunch) Apple has said it will compensate the teenager who first found a security bug in Group FaceTime that allowed users to eavesdrop before a call was picked up. The bug was initially reported to Apple by 14-year-old Grant Thompson and his mother, but the family struggled getting in contact with the com…
Netography Emerges with $2.6M Funding from Andreessen Horowitz to Make Network Security Self Governing(Odessa American) Netography, an autonomous network security platform that serves as an enterprise security ‘Eye in the Sky,’ today launched with $2.6M in seed funding from Andreessen Horowitz. The company aims to help security and network teams work smarter, not harder, by leveraging the wealth of real-time data produced by network devices to automatically detect and block malicious traffic to defend networks.
Qualifying Encoders with Akamai(Security Boulevard) Introduction The encoder qualification program was created to improve the process for vendors that wish to align themselves with Akamai network specific requirements. It is also intended to , mitigate the risk of encoder issues before using in production. A...
The perils of using Internet Explorer as your default browser(TECHCOMMUNITY.MICROSOFT.COM) From time to time, I am asked by customers, “How do I ensure that all web traffic goes to Internet Explorer?” In fact, I was recently asked this question by someone trying to help a hospital. Now, I understand the scenario. In healthcare (as in many other industries), it’s often the case that you’re...
Spotify will now suspend or terminate accounts it finds are using ad blockers(TechCrunch) Spotify will take a harder stance on ad blockers in its updated terms of service. In an email to users today, the streaming music and podcast platform said its new user guidelines “mak[e] it clear that all types of ad blockers, bots and fraudulent streaming activities are not permitted.” Accounts t…
Instagram and Facebook will start censoring ‘graphic images’ of self-harm(TechCrunch) In light of a recent tragedy, Instagram is updating the way it handles pictures depicting self-harm. Instagram and Facebook announced changes to their policies around content depicting cutting and other forms of self-harm in dual blog posts Thursday. The changes come about in light of the suicide o…
Confidential Computing Challenge (C3)(Google Cloud) In collaboration with Intel, Google Cloud is hosting a cybersecurity contest called the Confidential Computing Challenge. If you’re a developer, security researcher, or otherwise interested in developing safe apps, this is your chance to make an impact in the growing field of confidential computing.
Apple tells app developers to disclose or remove screen recording code(TechCrunch) Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps — or face removal from the app store, TechCrunch can confirm. In an email, an Apple spokesperson said: “Protecting user privacy is …
The world must work together against Chinese cyber-aggression(Washington Examiner) China has sought to exploit global cyber vulnerabilities to build its network of intelligence, trade secrets, and other data. As the latest revelations about a breach of Norwegian business software firm Visma make clear, the U.S. cannot push back on China’s nefarious hacking without cooperation…
France to Tighten 5G Security: Minister(SecurityWeek) France will soon make proposals to reinforce the security of mobile telephone networks, after the US stepped up pressure on Europe to block China's Huawei from building 5G networks.
Italy denies report of Huawei, ZTE 5G ban(RCR Wireless News) Local newspaper La Stampa had reported that the Italian government was considering to implement legislation to ban these two carriers from 5G contracts
Time to get serious about reining in Facebook(Times) During Sir Nick Clegg’s recent visit to Europe, in his role as spin doctor for Facebook, an ungenerous thought popped into my head. Does the former Liberal Democrat leader believe the rubbish he is...
Duty of Care Campaign(The Telegraph) The internet has been a liberating revolution in communications. But it is also potentially a malign one. It allows content, images and opinions that would once have been curtailed or forbidden to be easily available at the touch of a button.
Senate Bill Would Send DHS Back to Campus for Cyber Training Work(Meritalk) A new bill introduced by Sens. John Cornyn, R-Texas, Patrick Leahy, D-Vt., and Ted Cruz, R-Texas, would push the Department of Homeland Security (DHS) to work with the National Cybersecurity Preparedness Consortium (NCPC), an association of university-based training organizations, to improve cybersecurity training for state and local governments.
Booz Allen Made 'No Poach' Pact, Intelligence Worker Says(Law360) Booz Allen Hamilton Inc., CACI International Inc. and Mission Essential Personnel LLC illegally agreed not to hire each others' employees for intelligence contracting work at a U.S. military installation in England, a former employee alleged Thursday in a proposed class action in Ohio federal court.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Insider Threat Program Development-Management Training Course(Herndon, Virginia, USA, February 18 - 19, 2019) Insider Threat Defense announced it will hold its highly sought after 2 day Insider Threat Program Development-Management Training Course, in Herndon, VA, on February 19-208, 2019. This 2 day training...
Cyber Security for Critical Assets Summit(Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...
IP Expo Manchester(Manchester, England, UK, April 3 - 4, 2019) The event will showcase industry leaders and those at the forefront of technology, to encourage debate and inform attendees on the critical technological issues affecting modern business. IT and cyber...
AcceleRISE(Minneapolis, Minnesota, USA, August 14 - 16, 2019) Prepare for your future. Designed for young industry professionals like yourself, and presented by SIA, AcceleRISE brings together tomorrow’s security leaders for two-plus days of idea sharing, coaching,
The conference, hosted by SIA’s RISE community for young professionals and those new to the industry, will present blended learning sessions featuring a mix of keynotes, panel sessions, team building exercises, peer networking and workshops.
National Security Technology Forum and Exposition (NSTFX)(San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...
3rd Next Generation Cyber Security for Utilities(Denver, Colorado, USA, February 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities...
BSides Huntsville(Huntsville, Alabama, USA, February 15 - 16, 2019) The fun and cheap way to earn CEU's. Instead of paying way too much to listen to some guy in a suit try and sell you something, you can pay just a few bucks to hear actual programmers and hackers talk...
Border Security: Physical Wall vs. Virtual Wall(Arlington, Virginia, USA, February 18, 2019) Marymount University ISACA Student Group (MUISG) has its CyberNight at MU scheduled for 9 March 2019 from 6-8pm. Panelists will discuss Border Security: Physical vs Virtual Wall. This is an educational...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.