Try cloud-native network detection and response for free!
ExtraHop Reveal(x) Cloud is SaaS-based NDR for AWS, giving you complete visibility, real-time detection, and automated threat response in the cloud. Request your free 30-day trial today.
November 7, 2019.
By the CyberWire staff
The highly diversified and decentralized US election system kept a close eye on Tuesday's off-off-year elections (see WOLF News) and has more-or-less declared success (as Fifth Domain notes), but CISA Director Krebs told CBS News no one should get cocky.
The website defacement campaign against Georgia remains unattributed. It required little skill to execute, but CPO Magazine thinks it could be a harbinger of election attacks elsewhere.
The US Justice Department has charged three men, two former Twitter employees and a Saudi national who apparently acted as their controller, with acting as agents of a foreign government without notice to the Attorney General and with the destruction, alteration, or falsification of records in a Federal investigation. The Government accused Ahmad Abouammo, a US citizen, with snooping into three twitter users' accounts. Ali Alzabarah, a Saudi national who, like Mr. Abouammo, worked at Twitter, allegedly accessed more than six-thousand Twitter accounts in 2015. Their liaison with Riyadh is alleged to be Ahmed Almutairi.
Mr. Abouammo is in custody, but Messrs. Alzabarah and Almutairi are on the wing, and thought likely to be in Saudi Arabia. The criminal complaint ties their activities to "Organization No.1" led by "Foreign Official-1," and "Royal Family Member-1," who owned the charity. The Washington Post identifies these respectively as Bader Al Asaker, MiSK, and Crown Prince Mohammed bin Salman. The Twitter accounts of interest to the alleged spies were, the Wall Street Journal reports, critical of the Saudi regime in general and the Crown Prince in particular.
Today's issue includes events affecting China, Ethiopia, European Union, Georgia, Germany, India, Russia, Saudi Arabia, Spain, United Kingdom, United States, and Venezuela.
Bring your own context.
Question: When can a user not sue a company for damages, like selling their data to a third party? Answer: When the end user license agreement commits them to binding arbitration. See a recent case involving AT&T.
"Now, pretty much every telecommunications company and pretty much any big business, for that matter, has these mandatory arbitration clauses. When you sign those terms and conditions, when you press, I agree to the 40 pages of terms and conditions that AT&T is presenting itself, when I just want to open my new iPhone, you are agreeing to these mandatory arbitration clauses. These are very disfavorable to users of the technology because generally AT&T picks the arbiters. See, the users themselves, once it gets into arbitration, generally do not have a good chance of winning at those proceedings."
—Ben Yelin, program director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security, on the CyberWire Daily Podcast, 11.5.19.
Or, as the song says, "The large print giveth, and the small print taketh away." Anyway, it's complicated.
A note to our readers.
This coming Monday, November 11th, is Veterans Day, the US Federal holiday that both marks the end of the First World War and honors all veterans. We won't be publishing on the holiday, but we'll be back as usual on Tuesday, November 12th.
Meet the team of leading experts dedicated to making the world a safer place.
If cybersecurity is important to your business (and of course it is), work with the team whose entire mission is to make the world a safer place for everyone. Based on years of law enforcement and military experience, our team pulls and analyzes the best data and delivers it in the most actionable format. Get human-curated, in-depth analysis, layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.
And Hacking Humans is up. In this episode, "When you are the target, objectivity is gone," Joe shares a report on who's more susceptible for scams. Dave shares a story from a listener who was hit by a scam attempt while staying at a hotel. Our catch of the day involves an attempt to scam someone selling a motorcycle. Our guest is Maria Konnikova, an award-winning author, journalist, and international champion poker player. Her latest book is The Biggest Bluff, not out yet, but coming soon.
Cyber Security Summits: November 6 in Boston and November 21 in Houston(Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Ring Video Doorbell Pro Under the Scope(Bitdefender Labs) Bitdefender researchers have discovered an issue in Amazon’s Ring Video Doorbell Pro IoT device that allows an attacker physically near the device to intercept the owner’s Wi-Fi network credentials and possibly mount a larger attack against the household network. Vulnerability at a glance When...
We can’t resist the lure of getting rich quick(Times) Here’s one for the Annals of Human Frailty. Like hundreds of thousands of other people, I’ve been listening to a BBC podcast series, The Missing Cryptoqueen, that ended this week. It’s an...
Defending Against Ransomware: The Growth of Targeted Attacks(Security Magazine) Cybercriminals are moving away from mass-volume, opportunistic ransomware attacks. Instead, they are focusing on enterprises they believe will pay their ransoms. What are some security best practices to protect against ransomware?
2019 Cybersecurity Workforce Study ((ISC)²) The (ISC)² Cybersecurity Workforce Study, 2019 is downloadable here. The study is conducted annually to assess the cybersecurity workforce or skills gap and how to recruit, build and strengthen cybersecurity staff or teams.
How data breaches affect stock market share prices(Comparitech) A data breach incurs serious consequences no matter whether a company is big or small. Staff get fired, executives issue apologies, and entire systems are overhauled to ensure that it doesn’t happen again. They instill doubt in consumers, damage the company’s reputation, and the impact can last for years. A data breach can harm both …
This is Google’s plan to rid Google Play of bad Android apps(TechCrunch) Google has partnered with mobile security firms ESET, Lookout and Zimperium to combat the scourge of malicious Android apps that sneak into the Google Play app store. The announcement came Wednesday, with each company confirming their part in the newly created App Defense Alliance. Google said it…
Guardsquare Opens North American HQ(Yahoo) Guardsquare, the leading mobile application security platform, today announced the opening of its North American headquarters in Boston, Mass. The new office will serve as the global home of the company’s sales and marketing operations and will be led by two new executives – chief revenue officer John
IronNet Cybersecurity Appoints Donald Closser as Chief Product Officer(Newkerala.com News) IronNet Cybersecurity announced today that it has appointed Donald Don Closser as Chief Product Officer CPO reporting to Co-CEOs Bill Welch and GEN Ret. Keith B. Alexander, the former Director of the U.S. National Security Agency and Founding Commander of U.S. Cyber Command.
VMware bolsters security with in-house, Carbon Black tech(TechCentral.ie) VMware is moving quickly to meld its recently purchased Carbon Black technology across its product lines with an eye toward helping users protect their distributed enterprises. VMware just closed the $2.1 billion (€1.9 billion) buy of cloud-native endpoint-security vendor Carbon Black in October and in the process created a new security business unit that will target cybersecurity [&hellip
NMU updates cyber product(Insurance Age) Product launched earlier this year also now includes cover for court attendance costs, service providers’ extensions and operational error.
The Best Cybersecurity Podcasts in 2019(ClearanceJobs) With the rise of identity theft, data leaks, and financial breaches, cybersecurity is more important now than it ever has been. The problem with podcasts - there are a lot out there. So how do you separate the great ones from the ones you'll want to turn off right away? To make it easy, here's a list of what I believe are the best cybersecurity podcasts to listen to in 2019 and beyond.
Technologies, Techniques, and Standards
CISA Releases New ‘Cyber Essentials’ to Help Small Businesses, SLGs(MeriTalk) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) today released its Cyber Essentials guide, which it describes as “a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks.”
Cyber Essentials(CISA) Your success depends on cyber readiness. Both depend on you. CISA’s Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
Phishing detection via analytic networks(Akamai) As mentioned in previous Akamai blogs, phishing is an ecosystem of mostly framework developers and buyers who purchase kits to harvest credentials and other sensitive information. Like many framework developers, those focusing on phishing kits want to create an efficient...
Cyber security monitored closely during election night(WOLF) State and federal officials closely monitored cyber security across Pennsylvania yesterday. The department of homeland security helped reassure all voters it's working to make sure the integrity of this election is in place. With concerns over foreign interference it's important for voters to get their information from the secretary of state or their local election office. "Our mission, our goal, is to ensure that American elections are decided by Americans free of foreign interference.
NTT Research Partners with Simons Institute at UC Berkeley(Yahoo) NTT Research, Inc., a division of NTT (9432.T), today announced that it has entered into a three-year Industrial Partnership with the Simons Institute for the Theory of Computing at the University of California, Berkeley. A celebratory partnership signing event took place this morning at 11:15 a.m.
The National Cybersecurity Strategy of the European Union(Analytics Insight) The European Commission proposed the Network and Information Security Directive (NIS Directive) in 2013, designed to enhance the EU Member States’ national cybersecurity capabilities, improving the cooperation between the Member States, the public and the private sector, while also requiring companies.
Study: Russia's web-censoring tool sets pace for imitators(Star Tribune) Russia is succeeding in imposing a highly effective internet censorship regime across thousands of disparate, privately owned providers in an effort also aimed at making government snooping pervasive, according to a study released Wednesday.
California Probing Facebook’s Privacy Practices(Wall Street Journal) California is investigating Facebook’s privacy practices, the state’s attorney general revealed in a lawsuit that accuses the tech giant of failing to adequately comply with information requests that the company said it has satisfied.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SINET Showcase(Washington, DC, USA, November 6 - 7, 2019) SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. Each year, SINET evaluates...
Health Data Stewardship & Privacy Summit(Arlington, Virginia, USA, November 7, 2019) AdvaMed’s inaugural Health Data Stewardship & Privacy Summit will bring together leading experts and health care industry stakeholders to explore the current data privacy landscape and forecast what may...
ACSC 2019: Collaborate(Boston, Massachusetts, USA, November 7, 2019) The 2019 Annual Conference is a chance for ACSC members and people from the New England cybersecurity community to come together and share information, network, and learn about the latest information in...
CyberForce(College Park, Maryland, USA, November 7, 2019) A gathering of government and industry to bridge the managerial, operational, and technical skills gap of today's cybersecurity workforce. Attendees enjoy panels and presentations that address the themes...
CyberForce(College Park, Maryland, USA, November 7, 2019) A gathering of government and industry to bridge the managerial, operational, and technical skills gap of today's cybersecurity workforce.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.