Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
May 1, 2019.
By the CyberWire staff
E&E News reports that the US Department of Energy has said that four counties in California, Utah, and Wyoming experienced a "cyber event" that interrupted "electrical system operations" briefly on March 5th. E&E News notes that the Department's definition of "cyber event" is expansive, but little information has so far been forthcoming.
The US Department of Homeland Security has issued Binding Operational Directive 19-02, which establishes "Vulnerability Remediation Requirements for Internet-Accessible Systems." The directive builds on and supersedes Binding Operational Directive 15-01. Agencies will have to fix faster. The new directive requires that critical vulnerabilities be remediated within fifteen calendar days of initial detection. Agencies will have thirty calendar days to remediate "high vulnerabilities." Binding Operational Directives apply to US Federal agencies, with exceptions for the Defense Department and the Intelligence Community.
Facebook at its F8 shindig announced that "the future is private." CNET quotes CEO Zuckerberg as acknowledging the skepticism that will meet the new direction: "I get that a lot of people think we're not serious about this. I know we don't have the strongest reputation on privacy, to put it lightly." A look at the Telegraph's review of the company's initiatives suggests that end-to-end encryption of messages represents the biggest move toward privacy. Other changes, like the new prominence of groups, and initiatives to suggest unknown people likely to become "Friends," seem likelier to lead the social network into data temptation.
Mr. Assange will be detained fifty weeks at her Majesty's pleasure, the Wall Street Journal reports.
Today's issue includes events affecting China, Italy, United Arab Emirates, United Kingdom, United States.
Bring your own context.
Where does the famously risky shadow IT come from? From commitment and good intentions, for the most part.
"When IT is not acting in an agile or responsive manner, when IT doesn't provide enough funding to support strategic initiatives, business tends to try to do things on their own." Dean Pipes from TetraVX, discussing the root causes of shadow IT on the CyberWire Daily Podcast 04.30.19.
So blame it on the gung-ho young MBAs. Or rather, don't blame them, but don't let IT become an obstacle to productivity.
Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow
When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes NYC, D.C., and Houston!
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee reviews the pros and cons of conferences like RSA. Our guest is Bert Grantges from Vera, who discusses cyber security as a business enabler.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th(Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
Ransomware Attacks Enjoying a Spring Renaissance(CPO Magazine) Are ransomware attacks making a comeback as a dominant cyber security threat? Norsk Hydro, Verint, Weather Channel and Arizona Beverages are among the big names who have fallen victim in recent weeks.
Microsoft Outlook Security Breach Targeted Bitcoin Accounts(BTCMANAGER) Earlier in April 2019, Microsoft Hotmail, MSN, and Outlook email accounts suffered a severe security breach. Now, a good number of the victims have revealed that their cryptocurrency wallets were hacked during the ugly incident, reports Motherboard on April 29, 2019. Microsoft Customer Support Account Hacked Per the report, the…
Mobile Chrome Hoax Could Target Android Users(TechNewsWorld) A new method for hiding the true location of a website from users of the mobile Chrome Web browser has come to light. Phishers can trick users into revealing their credentials for a legitimate website to operators of a malicious one, security researcher James Fisher reported. Scammers can exploit mobile Chrome's feature that hides the address bar when users are scrolling on a Web page.
Most 2020 U.S. Presidential Campaigns Unprotected Against Nation-State Email Attacks(Agari) The campaigns for nearly all top-tier candidates running for President of the United States in 2020 are unprotected against email attacks, fraud and data breaches typically instigated by nation-states, according to a new report published today by Agari. Agari, the next-generation Secure Email Cloud that restores trust to the …
Philips Tasy EMR(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 4.1ATTENTION: Low skill level to exploitVendor: PhilipsEquipment: Tasy EMRVulnerability: Cross-site Scripting2. RISK EVALUATIONSuccessful exploitation of this vulnerability could impact or compromise patient confidentiality and system integrity.
Schools’ cyber fraud has others on alert(News-Graphic.com ) Crimes like the cyber fraud that struck Scott County Schools for $3.7 million last week, are part of a growing trend of crimes using the internet to target businesses and government agencies, said Scott Hall, executive director of the Georgetown/Scott County Revenue Commission. Hall also assists the FBI as a member of InfraGard, a public-private partnership which focuses specifically on such attacks.
The Internet Risk Surface Report(RiskRecon) The Internet Risk Surface Report is a new research collaboration between RiskRecon and the Cyentia Institute. As the name implies, the focus of this initiative is to map, measure, and ultimately manage risk associated with the internet facing assets of an enterprise and its 3rd party partners.
Analysis | How Huawei Became a Target for Governments(Washington Post) Huawei Technologies Co., one of China’s most-global companies, is increasingly in the cross-hairs of the U.S. government and its Western allies, just as it’s pushing for a leadership role in the new wireless standard known as 5G.
Akamai beats revenue estimates on cyber-security strength(Yahoo) Akamai Technologies Inc beat analysts' estimates for first-quarter revenue on Tuesday, powered by demand for its cyber-security services and its traditional business of helping speed up content delivery on the web. Revenue from the security business, which helps data centers operate and deliver
Cybersecurity is everyone’s business(IOL Business Report) Everyone from the top down including government, banks, service providers and municipalities are responsible for promoting cybersecurity awareness.
Match me if you can: Cryptographic breakthrough helps spies to shake hands(Tech Xplore) When spies meet, they use secret handshakes to confirm their identities, ensuring they are who they say they are. Now, researchers at Stevens Institute of Technology, and colleagues, have solved a 15-year-old problem that allows handshake-style encryption to be used for time-delayed digital communications such as email—a challenge once thought to be impossible.
DHS Says Federal Agencies Have 15 Days to Fix Critical Flaws(BleepingComputer) The Department of Homeland Security' Cybersecurity and Infrastructure Security Agency issued the Binding Operational Directive 19-02 which requires federal agencies to remediate critical security vulnerabilities within 15 days since the initial detection.
PTAB Says Juniper Patent Challenge Would Be 'Inefficient'(Law360) With Cisco’s challenge to a Finjan patent on cybersecurity technology in its final stages, the Patent Trial and Appeal Board on Monday said starting a new review of the patent based on a request from Juniper Networks would be an “inefficient” use of resources.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
Detect '19(National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Global Cyber Innovation Summit(Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...
2019 Innovator's Showcase(McLean, Virginia, USA, May 2, 2019) The Intelligence and National Security Alliance (INSA) will showcase IR&D projects with national security applications at its 2019 Innovators’ Showcase. Held in partnership with the Office of the Director
social media for protecting or removing anonymity utilizing social media, internet-connected data stores, and other assets associated with life in a fully digital world, and ephemeris identity telemetry. including identifying characteristics such as biometrics, geolocation, digital signatures, and geo-environmental association..
Data Connectors Cybersecurity Conference Philadelphia(Philadelphia, Pennsylvania, USA, May 2, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Infiltrate 2019(Miami Beach, Florida, USA, May 2 - 3, 2019) INFILTRATE is a deeply technical conference that focuses entirely on offensive security issues. Groundbreaking researchers demonstrate techniques that you cannot find elsewhere. Learn computer and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.