Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
May 2, 2019.
the Global Cyber Innovation Summit
The Global Cyber Innovation Summit opened yesterday and continues through today in Baltimore. One of the principal organizers, Allegis Cyber’s Bob Ackerman, explained the choice of venue. The group that put the summit together wanted to create a “Davos-like atmosphere” that would cater to the needs and interests of CISOs. They chose to hold the Summit in Baltimore because the cybersecurity community needed this kind of engagement on the American East Coast. And Baltimore, being at the center of what Ackerman called an “unparalleled pool of cyber engineering talent” that’s grown in Maryland universities with the support of massive US Federal investment, was a natural choice. That massive Federal investment, of course, has long been centered on the National Security Agency, whose Fort Meade home is in the Baltimore suburbs.
Dave DeWalt, now of Momentum Cyber, formerly CEO of both FireEye and McAfee, delivered his account of the obverse of rapid innovation: rapid expansion of vulnerabiliies. He called the convergence of trends contributing to increased risk “a perfect cyber storm” created by the speed of innovation and the swift evolution of vulnerabilities and threats such innovation brings with it.
Flashpoint updates its inquiry into the attack on Wipro: the threat actors behind it have been active since 2015.
Barracuda is the latest to point out active attacks against users of Microsoft Office 365. Account takeover attacks surged during March. The attackers are opportunistic: brute-forcing, credential stuffing, and social engineering are all in play.
Zscaler warns against a third-party Android app store seemingly specializing in games. It's simply a front for a campaign to install malware into too-trusting victims' devices. The “Smart Content Store" isn't a smart place to shop, and it doesn't even offer real content. If you try to download "CrazyBirds" [sic] or SuperBros Run [sic], you won't even get a Trojanized game. All you'll install is malware.
The Times reports that UK Defense Secretary Williamson has been fired after investigation indicated he was the Cabinet member who talked out of school about Huawei. Williamson blames his sacking on a "kangaroo court" rigged by mandarins who had it in for him. He'll be succeeded by Penny Mordaunt.
After a failed attempt by Venezuela's constitutional acting president to oust President Maduro failed, the Times reports that the US has warned Russia not to continue attempts to prop up the Chavista regime.
Foreign Affairs looks at Ukrainian separatists and discusses how the commodification of attack tools has enabled even small, breakaway pseudostates to punch above their weight in cyberspace, but the analysis may underplay the extent to which such threat actors are deniable units operating in big power's hybrid wars.
Today's issue includes events affecting Austria, China, India, Russia, Ukraine, United Kingdom, United States, and Venezuela.
Bring your own context.
A call for reflection on how enterprises reach decisions on industrial control system security.
"A lot of industrial security over the years has been copy-and-pasted enterprise security. We take frameworks and regulations from IT, and whatever doesn't break the ICS, we just move into the ICS. Like 'oh, you should have a patch program; that makes sense, we should have a patch program; let's have a patch program.' But why we have a patch program, or what its implications are, or even if it's valuable at all, never gets questioned." Robert M. Lee, CEO of Dragos, on the CyberWire Daily Podcast, 5.1.19.
So perhaps think through the implications of easy analogies with IT security before applying them to ICS security.
Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow
When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes NYC, D.C., and Houston!
And Hacking Humans is also up. In this episode, "Twitter bots amplifying divisive messages," we feature some followup from listeners on Google search result scams. Dave describes the city of Ottawa sending $100K to a fraudster. Joe shares results from the FBI's Internet Crime Report. The catch of the day involves a dating site and an offer to be someone's "sugar daddy." Our guest is Andy Patel from F-Secure, describing how Twitter bots are amplifying divisive messages.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th(Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
Austrian construction group Porr hit by cyber attack(The Mighty 790 KFGO) VIENNA (Reuters) - Austrian construction company Porr detected a cyber attack on its communication infrastructure on Thursday and its telephone lines and emails were disrupted, the company said.
The disruption was caused by a virus, which has been identified, a company spokeswoman said. Technicians were working to find a solution, but the spokes...
Job recruitment site Ladders exposed 13 million user profiles(TechCrunch) Ladders, one of the most popular job recruitment sites in the U.S. specializing in high-end jobs, has exposed more than 13.7 million user records following a security lapse. The New York-based company left an Amazon -hosted Elasticsearch database exposed without a password, allowing anyone to acces…
Industry Invasions: Fraud & Security Incidents By Business Size...(Merchant Machine) Security is one of the biggest issues facing businesses and their customers, with advancing technology making attacks harder to defend against. We've outlined some the impacts this has and the industries that suffer most. Fraud & Security By Business Size. Depending on how big your company is...
At F8, Facebook focuses on privacy — and little else(Interface) F8 is a conference where Facebook executives talk about the future — and at Facebook, the future is flexible. In 2015, the future was video. The next year, the future was bots. The year after that, the future was augmented reality — and also a project to let you hear with your skin. All of those technologies eventually found their way into Facebook's products, in some form — well, all except the skin hearing thing. But none really shifted the company away from its core product: an infinitely scro
Secureworks launches new cybersecurity analytics application(Intelligent CIO) Secureworks, a leading cybersecurity company that keeps organisations safe in the digitally connected world, has announced the launch of a software-as-a-service (SaaS) application that will transform the way companies detect, investigate and respond to cyberthreats.
Do You Need a WAF, or Something Better than a WAF?(Security Boulevard) “The king is dead! Long live the king!” The jarring conflict embodied in this timeless hoorah is about to apply to the application security space. Subjects are giving up on the old king—the web application firewall (WAF) technology—as their primary appsec tool, for several reasons. First, because WAFs are too complicated. Second, because attackers have …
Home - Password Day(Password Day) Treat everyday like Password Day and #LayerUp your login to make the Internet a more secure place. Identity theft is one of the world’s fastest growing crimes, but adding strong authentication to your password can prevent it. Whether you’re protecting your bank account, your email, or your social media, put the brakes on ID theft...
World Password Day: We Need to Talk(Juniper Networks) Passwords are the foundation upon which much of modern IT security is built, and what better day to discuss the topic than World Password Day, an event which occurs on the first Thursday of May every year.
Cyber Defense Media Group Announces Black Unicorn Awards for 2019 Are (PRWeb) Cyber Defense Media Group (CDMG), the industry’s leading electronic information security media group, is announcing that the annual Black Unicorn awards are now open. Innovative information security companies of any size, that have not yet gone public, with a public market valuation of $1B USD or more may apply for this prestigious award.
Air National Guard partners with UMass Dartmouth on cybersecurity(DVIDS) DARTMOUTH, Mass. - The Massachusetts Air National Guard’s 102nd Intelligence Wing and the University of Massachusetts Dartmouth signed a Memorandum of Understanding (MOU) agreeing to establish collaborative programs in the field of cybersecurity on Monday, April 29, 2019. The MOU creates a partnership that aims to mutually benefit both organizations for years to come.
TSA preps new guidelines on pipeline cyber(FCW) The Transportation Security Administration has developed a plan to more regularly update its cybersecurity guidelines for oil, natural gas and hazardous materials pipeline operators.
Evaluating the GDPR experiment(SC Media) Companies are keeping their eyes on fines and gauging how GDPR compliance, or lack thereof, might impact them. Allen Bernard reports. We are starting to
Killer Apps(Foreign Affairs) The real danger of an AI arms race isn't that another country would win; it's that unsafe technologies would make everyone lose.
US warns Moscow against propping up Maduro regime(Times) The United States has warned Russia to stop meddling in Venezuela and has again raised the possibility of direct military action to oust the Maduro regime after Tuesday’s failed coup. John Bolton...
Venezuela’s Suicide(Foreign Affairs) Socialism and declining oil prices are often blamed for Venezuela’s catastrophe. In reality, it was decades of destructive leadership under Hugo Chávez and his successor, Nicolás Maduro, that transformed Venezuela into a poor country and criminalized state beholden to a foreign power.
Theresa May sacks Gavin Williamson over Huawei leak(Times) Gavin Williamson blamed a vendetta by Britain’s most senior civil servant for his dismissal as defence secretary yesterday. Mr Williamson became the first cabinet minister in more than 30 years to...
Zuckerberg Sued Over Privacy Scandals, Alleged Insider Trades(Bloomberg Law) Mark Zuckerberg and Facebook Inc.‘s other top executives have been hit with a lawsuit accusing them of insider trading and blaming them for the privacy scandals that have rocked the social media giant and its stock value since 2016.
Mueller complained that Barr’s letter did not capture ‘context’ of Trump probe(Washington Post) In a letter and phone call, special counsel Robert S. Mueller III and Attorney General William P. Barr went back and forth over Mueller’s concerns. “The summary letter the Department sent to Congress and released to the public . . . did not fully capture the context, nature, and substance of this office’s work and conclusions,” Mueller wrote.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Global Cyber Innovation Summit(Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...
2019 Innovator's Showcase(McLean, Virginia, USA, May 2, 2019) The Intelligence and National Security Alliance (INSA) will showcase IR&D projects with national security applications at its 2019 Innovators’ Showcase. Held in partnership with the Office of the Director
social media for protecting or removing anonymity utilizing social media, internet-connected data stores, and other assets associated with life in a fully digital world, and ephemeris identity telemetry. including identifying characteristics such as biometrics, geolocation, digital signatures, and geo-environmental association..
Data Connectors Cybersecurity Conference Philadelphia(Philadelphia, Pennsylvania, USA, May 2, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Infiltrate 2019(Miami Beach, Florida, USA, May 2 - 3, 2019) INFILTRATE is a deeply technical conference that focuses entirely on offensive security issues. Groundbreaking researchers demonstrate techniques that you cannot find elsewhere. Learn computer and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.