Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 11, 2019.
By the CyberWire staff
US Customs and Border Protection says a subcontractor lost pictures of travelers' faces and license plates taken at a single border crossing point. CBP didn't say which subcontractor was involved, but the Washington Post reports that it was Perceptics.
Bloomberg quotes Russia's Deputy Prime Minister Akimov as deploring the way US suspicion of Huawei is "destroying this world." In contrast, Recorded Future explains why it's reasonable to consider Huawei a security risk. The company is large enough to become both a monopoly and a technological monoculture, it increasingly pervades global supply chains, and it exists in symbiosis with a repressive, authoritarian government.
Raytheon's combination with United Technologies, described at the time of its announcement as United Technologies' acquisition of Raytheon, is now being characterized as a "merger of equals." The combined company will be called Raytheon Technologies, a very large aerospace integrator that will play in both civilian and military markets. Some units not directly relevant to those markets, notably United Technologies' Carrier (HVAC) and Otis (elevators), will be spun out. The new company's investor prospectus lists "cyber protection" for commercial aerospace as one of the complementary capabilities Raytheon brings to the merger. Raytheon owns cybersecurity company Forcepoint; United Technologies owns security provider Lenel.
Salesforce's acquisition of Tableau in a $15.7 billion deal represents a CRM and data analytics merger will complex security implications: the company will handle a tremendous quantity of sensitive data. As ZDNet points out, the acquisition suggests that Salesforce has ambitions outside its core CRM market.
Today's issue includes events affecting China, Estonia, Ethiopia, India, Iran, Israel, Pakistan, Russia, Sri Lanka, Turkey, United Kingdom, United States.
Bring your own context.
One of the salient features of "digital transformation" is how it changes the ways in which people working in an organization decide where to place their official trust.
"Imagine an organization that is used to dealing with physical customers, where they kind of meet them face-to-face and transact, that is now moving into the digital realm needs to make sure that they can trust that people on the other side of the connection are who they expect them to be. Then we get into questions of authentication, and how you deliver a great customer experience at the same time that you're trying to make sure that people are who they say they are."
—Jordan Blake, of BehavioSec, discussing digital transformation on the CyberWire Daily Podcast, 6.4.19.
Transformation involves culture (and then behavior) as well as technology.
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
Cyber Security Summits: Seattle on June 25th and in DC on July 16(Seattle, Washington, United States, June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The DOJ, U.S. Secret Service, Verizon, Center for Internet Security, Google and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Vulnerability Summary for the Week of June 3, 2019(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Cryptocurrency attack thwarted by npm team(Naked Security) Cryptocurrency users narrowly escaped losing all their funds last week after an attacker poisoned a digital wallet with malicious code that stole their blockchain access details.
Personal data of 900k Russians leaked online from 3 Russian banks(Indiablooms.com) Almost 900,000 Russians have had their personal data, including passport details, phone numbers, and work and home addresses, leaked online from three Russian banks and may now fall victim to spamming and even fraud, Russia's Kommersant newspaper reported on Monday, citing Moscow-based data security company DeviceLock.
FBI Issues Warning on ‘Secure’ Websites Used For Phishing(BleepingComputer) FBI issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns to trick users into trusting attacker-controlled sites and handing over sensitive personal information.
Protecting against cyberthreats in the hospitality sector(Intelligent CIO Kuwait) The hospitality sector is facing up to an increase in cyberattacks and, as an industry known for holding huge amounts of data, it’s critical that CISOs and their teams know where the threats are coming from and how they can be defended against.
The top 11 VC investors in cybersecurity(PitchBook) Cybersecurity will likely continue to be a valuable industry as long as the internet and its accompanying threats persist. We took a look at the top investors in the sector.
IT Unemployment Rate Estimated at 20-Year Low(Wall Street Journal) Demand is surging for information-technology workers with advanced digital skills, as more companies seek help developing data analytics, artificial intelligence and other emerging business tools.
Have I Been Pwned is looking for a new owner(TechCrunch) Troy Hunt has revealed he’s looking for an acquirer for the breach notification service he set up more than five years ago — aka: Have I Been Pwned. In a blog post discussing the future of the service, Hunt details how traffic to the site has exploded since January when he uploaded a ma…
GSA Issues Discovery BPA for Centers of Excellence(G2Xchange) The U.S. General Services Administration’s Technology Transformation Services, along with the team in GSA Region 1 Assisted Acquisition Services, issued the Centers of Excellence (CoE) Discovery Blanket Purchase Agreement (Discovery BPA) on May 21, 2019.
Cisco Catalyst Switches Embed Nozomi Networks Solution(Nozomi Networks) This week at Cisco Live!, Nozomi Networks is proudly introducing its solution for real-time cyber security and OT network visibility on Cisco Catalyst 9300 Series switches.Find out about this consolidated offering that gives industrial operators a powerful switching platform with built-in industrial cyber security capabilities.
Network tokenization versus PCI tokenization: five key differences(Rambus) The concept of tokenization is not a new one in the payments industry. Solutions that replace sensitive data with a non-sensitive equivalent have been around for years in various forms. But as the digital payments ecosystem continues to expand, it is becoming increasingly apparent that ‘payment tokenization’ solutions, …
The bright side of super intelligence(IOL Business Report) OPINION: The creation of superintelligent machines may still be decades away, but people already fear the impact it might have … writes Paul Stemmet.
Majesty of Cambridge science and technology honoured by The Queen(Business Weekly) Cambridge and East of England life science, industry and technology entrepreneurs figured large in the Queen’s birthday honours list. Dr Jane Osbourn, Vice-President of Research & Development at AstraZeneca and chair of the UK BioIndustry Association, and Darktrace co-founders Poppy Gustafsson and Jack Stockdale all won OBEs.
US cannot ‘expect to stay safe,’ warns Iran’s foreign minister(Military Times) Iran’s foreign minister warned the U.S. on Monday that it “cannot expect to stay safe” after launching what he described as an economic war against Tehran, taking a hard-line stance amid a visit by Germany’s top diplomat seeking to defuse tensions.
UK carriers warn over ongoing Huawei 5G uncertainty: Report(TechCrunch) UK mobile network operators have drafted a letter urging the government for greater clarity on Chinese tech giant Huawei’s involvement in domestic 5G infrastructure, according to a report by the BBC. Huawei remains under a cloud of security suspicion attached to its relationship with the Chin…
House passes bill to establish DHS cyber 'first responder' teams(TheHill) The House passed legislation by voice vote on Monday that would create “cyber incident response teams” at the Department of Homeland Security (DHS), which can be used to assist both government and private sector organizations after a data breach o
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
International Cyber Risk Management Conference(Bermuda, December 4 - 6, 2019) The International Cyber Risk Management Conference (ICRMC) provides delegates with an essential forum to learn from experts, network and share experiences with peers and colleagues, and get the answers...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
NetDiligence® Cyber Risk Summit(Philadelphia, Pennsylvania, USA, June 12 - 14, 2019) The NetDiligence® Cyber Risk Summit in Philadelphia is attended by more than 600 cyber insurance, legal/regulatory, and technology leaders from all over the globe. A premier education and networking event,...
SecureWorld Chicago(Chicago, Illinois, USA, June 13, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Baltimore Cybersecurity Conference(Baltimore, Maryland, USA, June 13, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SINET Innovation Summit 2019(New York, New York, USA, June 13, 2019) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.