Zero trust in one click. Impossibly simple microsegmentation
If we can land rockets on a barge, if we can search 30 trillion web pages in mere seconds, if cars can drive door to door autonomously, why does microsegmentation still take months to implement and cause so many headaches? Edgewise has radically simplified microsegmentation to one click, using machine learning and zero trust security:
Eliminate network attack surface in your hybrid cloud
News alleging that the US implanted malware in Russia's power grid in an apparent move toward deterring Russian cyberattacks against the US remains where it was when the New York Times broke its story at the beginning of the week. Observers tend to regard the alleged activity as problematic, but nonetheless arguably legitimate as a deterrent or reprisal.
Argentina's blackout remains under investigation, but the likelihood that it was caused by a cyberattack seems increasingly remote. IEEE Spectrum's account of preliminary findings suggests that the outage was caused by disconnection of two 500-kilowatt transmission lines. One seems to have failed in a short circuit, the other to have been disconnected by an automated system. Automatic load-shedding mechanisms that ought to have contained the outage failed for reasons still unknown.
In the wake of stories about catphishing on social media, ZDNet summarizes FBI warnings of the ways in which foreign intelligence services use social media to recruit sources. The Bureau says foreign intelligence services operate booths of front organizations at trade shows. At least some of the people approached at the shows gave personal information because they apparently wanted to stop the booth people's pestering them. The personal information was minimal--usually just a business card--but useful nonetheless. The foreign intelligence services followed up with requests to connect over social media. Clearance holders are prized targets.
Facebook will soon launch its own cryptocurrency, Libra (complete with its own wallet, Calibra). The announcement prompts concerns over antitrust, privacy, banking, and sovereign currency policy.
Today's issue includes events affecting China, France, Germany, India, Malaysia, Netherlands, Russia, Saudi Arabia, Turkey, Ukraine, United Kingdom, United Nations, United States.
Bring your own context.
Thoughts on team-building, from a CISO.
"But at the end of the day, you really have to make sure you're doing the simple stuff right. If you're not doing the simple stuff, I don't care what tools you have in place. And so the approach I've taken is it's really all about the workforce. You've got to get the workforce onboard. You've got to get them security minded."
—Dr. Matthew Dunlop. He's vice president and chief information security officer at Under Armour, on the CyberWire Daily Podcast, 6.14.19.
As someone or other once said, in some science fiction movie from like the 1970s, "Don't be too proud of this technological terror you've created."
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
Cyber Security Summits: Seattle on June 25th and in DC on July 16(Seattle, Washington, United States, June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The DOJ, U.S. Secret Service, Verizon, Center for Internet Security, Google and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Attacks, Threats, and Vulnerabilities
Hacking the Russian Power Grid(New York Times) Attacks by the United States risk escalating a digital Cold War and renew questions about whether certain targets should be off limits in cyber conflict.
Feds Issue BlueKeep Vulnerability Warning(Industrial Safety and Security Source) In a warning to prevent companies from suffering like they did during WannaCry and NotPetya, an alert went out this week from the Cybersecurity and
A deeper look into the WhatsApp hack and the complex cyber weapons industry(CSO) On May 13, a major security flaw in the popular messaging app, WhatsApp, was announced. The pervasive vulnerability, which affected both Apple and Android devices, allowed malicious actors to inject commercial spyware by ringing up unsuspecting targets using the WhatsApp’s VOIP-based call function.
Alert Regarding Vulnerability (CVE-2019-2729) in Oracle WebLogic Server(JPCERT/CC) On June 18, 2019 (local time), Oracle released a security advisory regarding a vulnerability (CVE-2019-2729) in Oracle WebLogic Server.According to the advisory, Oracle WebLogic Server contains a deserialization vulnerability. A remote attacker leveraging this vulnerability may execute arbitrary code.
Google Calendar is down, it’s not just you Update: It’s back(TechCrunch) Snow day. All meetings are canceled until further notice. Google Calendar has been hit with what appear to be some pretty widespread issues. The company has confirmed service interruptions via its G Suite Status Dashboard, noting, “We’re investigating reports of an issue with Google Cal…
Threat Actors Use Older Cobalt Strike Versions to Blend In(BleepingComputer) Plenty of outdated Cobalt Strike servers exist in the wild, helping cybercriminals or giving security professionals the upper hand when testing corporate defenses; and they can be easily identified to stifle intrusions of any purpose.
Platform Benchmark Report(NAVEX Global) Compliance programs consist of many components — training, policies, hotlines, third party risk management, etc — but in order to be successful, ethics and compliance programs must integrate these elements cohesively.
Most Cybersecurity Vendors Not Using Basic Email Authentication(Yahoo) A new assessment of security and risk vendors shows that most of these companies have an opportunity to adopt basic email security controls, in an effort to better protect their customers from third-party risks. The assessment, released today, was conducted
Mobile Video Conferencing: Trends, Challenges, And Solutions(Enterprise Mobility Exchange) Enterprise Mobility Exchange surveyed its audience in April 2019 about the current state of using mobile devices for collaboration tools in order to learn about the numerous complications prohibiting smooth video conferencing, and strategies that IT leaders can leverage to ensure smooth video conferencing on mobile devices.
A hiring initiative for cyber(FCW) A new fellowship program for young government cyber hires promises college loan repayment for participants, but the incentives don't reward long government service.
For pen testing firm IOActive, security is cultural not transactional(TechCrunch) IOActive may not be a household name but you almost certainly know its work. The Seattle-headquartered company has been behind some of the most breathtaking hacks in the past decade. Its researchers have broken into in-flight airplanes from the ground and reverse engineered an ATM to spit out gobs …
Imperva Strengthens Defense-in-Depth Application Security Portfolio(Imperva) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, today announced significant enhancements to the Imperva Application Security portfolio, now offering targeted protection against account takeover (ATO), an industry-leading approach to detecting and blocking malicious attacks targeted at APIs, as …
MongoDB gets a data lake, new security features and more(TechCrunch) MongoDB is hosting its developer conference today and, unsurprisingly, the company has quite a few announcements to make. Some are straightforward, like the launch of MongoDB 4.2 with some important new security features, while others, like the launch of the company’s Atlas Data Lake, point t…
Atos and Virtru announce partnership to offer a data security solution for Digital workplace(APN News) Atos, a global leader in digital transformation, today announced a strategic partnership with Virtru, a leading data protection platform provider that stands at the intersection of security and privacy. The partnership will provide global organizations with a joint encryption solution for Digital Workplace, protecting customer data across cloud-based platforms. This solution combines Atos hardware encryption with Virtru’s encryption software and […]
Akamai Technologies join hands with DreamHack for cybersecurity(CISO MAG | Cyber Security Magazine) Digital entertainment company DreamHack recently announced a new partnership with the cloud delivery network provider Akamai Technologies to jointly share data security insights along with analysis on the global gaming and eSports industry.
Grappling With Cyber Threats in a Smart Building Era(Commercial Property Executive) In a Realcomm panel in Nashville, Tenn., experts hashed out the implications of new privacy regulations and the growing array of risks as people and properties get more connected.
A simple message for security teams: Prove the value(CIO Dive) New technologies create new risks. New risks put pressure on the security organization. And the security organization, in a competitive threat and talent landscape, is asked to meet demands while proving worth.
Design and Innovation
Coming in 2020: Calibra(Facebook Newsroom) Today we're announcing plans for a digital wallet for Libra, a new global currency powered by blockchain technology.
Facebook announces Libra cryptocurrency: All you need to know(TechCrunch) Facebook has finally revealed the details of its cryptocurrency, Libra, which will let you buy things or send money to people with nearly zero fees. You’ll pseudonymously buy or cash out your Libra online or at local exchange points like grocery stores, and spend it using interoperable third-…
Adobe Created an A.I. That Spots -- and Reverses -- Fake Photos(Digital Trends) The company behind the software that's often used to manipulate photographs may help make it easy to spot a fake photo. Researchers at Adobe recently created an artificially intelligent program that can recognize when Photoshop's Face Aware Liquify tool is used -- and even reverse the edits.
Instagram Targets Account Hijacking(TechNewsWorld) Account hijacking has become a nettlesome problem at Instagram so it has decided to do something about it. The social media company has begun testing a simpler method for users to reclaim their compromised accounts. It allows users locked out of their hacked accounts to ask for a six-digit code to be sent to the email address or phone number originally used to open the account.
Why cyber warfare represents diplomatic territory(PBS NewsHour) The New York Times reported over the weekend on U.S. military attempts to infiltrate the Russian power grid. The effort represents the latest offensive in an increasingly digital conflict with Russia, whose 2016 election interference is well documented. John Yang talks to R.P. Eddy, a former National Security Council official and founder of an intelligence consulting firm, about this new frontier.
Editorial: American cyber hacking(Richmond Times-Dispatch) On June 15, The New York Times published an alarming news story that detailed how the U.S. has recently become far more aggressive toward Russia in its online countermeasures as
Don’t think that Putin and Xi are going soft(Times) Disruptors of the world, unite! If I had my way the world’s most irritating opponents of police states would gather for a pint every Thursday (Karl Marx’s old digs in Dean Street would do fine) to...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Florida Cyber Conference 2019(Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...
Hack in Paris 2019(Paris, France, June 16 - 20, 2019) Intrusion attempts are more and more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place...
Gartner Security & Risk Management Summit 2019(National Harbor, Maryland, USA, June 17 - 20, 2019) Make sure you have the latest insights on fast-moving IT trends such as IoT and AI, evolving security technologies and the ever-changing threat landscape. At Gartner Security & Risk Management Summit 2019,...
Norwich University CGCS 2019 Cyber Security Summit(Northfielf, Vermont, USA, June 18 - 19, 2019) Mid- and executive-level managers seeking to broaden their organizations’ approaches to prudent cyber security practices will gain insight through a series of workshops and discussions on relevant issues...
Cyber 2019(Columbia, Maryland, USA, June 19, 2019) Please join us for our 10th annual cyber conference, where on June 19, 2019, we will tackle the topic of Cyber Sensemaking. Cyber Sensemaking is a fluid and continuous approach for establishing better...
ICX Insurance Summit with Pindrop and MassMutual(Springfield, Massachusetts, USA, June 19 - 20, 2019) MassMutual, together with Pindrop, is hosting the Identity & Customer Experience (ICX) Summit specifically for insurance organizations to discuss current issues and share strategies and ideas around security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.