MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
February 5, 2020.
By the CyberWire staff
The Democratic Party continues to count the Iowa caucus results. As we write, those results remain incomplete, with 71% of the precincts accounted for. The problems at the caucus are attributed not to hacking, the Washington Post reports, but to a buggy, inadequately tested app produced by Shadow, effectively a for-profit tech arm of the progressive Washington not-for-profit consultancy ACRONYM. Sources at the Democratic National Committee say they warned Iowa not to try to run the caucus through the app; CISA says it offered to test the app but was turned down by the Iowa party. Iowa Democrats "rebuffed" the warning and say they didn't know about CISA's offer, according to the Washington Post.
There aren't many lessons about election security to be drawn from Iowa, because the caucus isn't conducted like an election and doesn't use standard voting machinery. But two at least are worth considering. First, don't deploy election software until it's thoroughly tested (and Shadow's app seems hardly to have been tested at all, judging from the Wall Street Journal's account). Second, a technical problem, even if it's an innocent mistake, erodes trust and spawns unfounded rumors (what the Washington Post calls "a cesspool of toxic...conspiracy theories").
PerimeterX reports finding a major vulnerability in the WhatsApp desktop platform.
Reuters says that emails spoofing the accounts of journalists are being used to prospect targets with bogus approaches for interviews. It appears to be an espionage campaign, and the circumstantial evidence of targets and topics suggests an Iranian operation.
Today's issue includes events affecting Canada, China, India, Iran, Israel, Lithuania, Russia, United Kingdom, United States.
Bring your own context.
When a start-up pitches a potential investor and is turned down, is that the end of the story?
"Like most investors, I invest in a relatively small subset of what is originally pitched to me. But I generally don't say, you know, you're not the right guy for me, no need to talk further. That's not generally how it ends. It's me providing them with feedback to say, hey, this isn't right for me or it's not right for me at this time and here's why. And, you know, here's the things that would make me be interested. It is pretty common that I talk to people six months later, and sometimes I do have a different opinion at that point."
—Michael Sutton, founder of StoneMill Ventures, on the CyberWire Daily Podcast, 1.31.20.
"You're dead to me" may be snazzy television when they say it on Shark Tank, but take heart: that's not the way things usually end.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Aerospace news worthy of attention.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.
Caveat is up. In this edition, "And the heat goes on," Dave shares a piece from the Verge about Amazon trying to have its cake and eat it, too when it comes to product liability. Ben has developments on the ClearView facial recognition story the New York Times recently broke, and later in the show our conversation with Mike Overly from Foley & Lardner on cybersecurity in aviation.
Suits & Spooks(Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.
Cyber or Cleared Job Fair, February 13, San Antonio.(San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Join us at this upcoming cybersecurity event in Loudoun, VA with a full lineup of industry experts, speakers and federal contractors presenting on cutting-edge topics in the domain of cyber. This event is FREE for everyone! Register today!
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Iowa caucuses descend into chaos as delay leaves outcome uncertain(Washington Post) The long-anticipated Iowa caucuses turned into a debacle Monday night when technical problems delayed the results, prompting presidential candidates to depart before the outcome was clear, spurring one campaign to challenge the integrity of the process and producing a muddled situation instead of what Democratic leaders hoped would be a decisive beginning to their attempt to oust President Trump.
Iowa’s Tally-by-App Experiment Fails(Wall Street Journal) Confusion and frustration buffeted Democratic Party officials and activists in Iowa after a new mobile app and a backup phone-in plan for reporting results malfunctioned, delaying the outcome from the first-in-the-nation Democratic presidential caucuses.
FBI Warns of DDoS Attack on State Voter Registration Site(BleepingComputer) The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification (PIN) released today.
A view of how DDOS weapons have evolved(Intelligent CIO) Throughout 2019, DDoS attacks continued to grow in frequency, intensity and sophistication. However, the delivery method of using infected botnets and vulnerable servers to perform crushing attacks on a massive scale has not changed during that time.
HorseDeal Riding on The Curveball!(Quick Heal Blog) It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could...
UK Council websites are letting citizens be profiled for ads, study shows(TechCrunch) On the same day that a data ethics advisor to the UK government has urged action to regulate online targeting a study conducted by pro-privacy browser Brave has highlighted how Brits are being profiled by the behavioral ad industry when they visit their local Council’s website — perhaps…
Golden Entertainment addresses data breach(CasinoBeats) Golden Entertainment has notified customers, employees, and vendors of an incident involving unauthorised access to employee' email accounts. Golden Entertainment has since addressed the issue and released a notice which details the incident, the measures taken,
Security Patches, Mitigations, and Software Updates
Twitter bans 'deepfakes' and 'cheap fakes'(The Telegraph) Twitter has banned "deepfakes", or manipulated videos, as it battens down the hatches for a misinformation offensive expected ahead of this year’s US presidential election.
The fight against cyber crime: Why cooperation matters(ComputerWeekly) With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today.
Prevailion's Apex Global Cyber Report: Q4 2019(Prevailion) Prevailion’s Apex Report: Q4 2019 See Global Cyber Infection Prevailion’s first Apex Report demonstrates its unique visibility into the top compromised industries. The first in our series of quarterly reports shows evidence of compromise by threat actor campaigns that have infested organizations and industries all around the world. Download this report to see: The top …
INSA Taps Sue Gordon to Serve as Senior Intelligence Advisor(Homeland Security Today) The Intelligence and National Security Alliance (INSA) has announced that The Honorable Susan M. Gordon, former Principal Deputy Director of National Intelligence, will serve as a senior intelligence advisor to the organization.
F-Secure Releases New Version of Flash Drive-Sized Computer(Financial IT) Cyber security provider F-Secure’s hardware security professionals at F-Secure Foundry have created a new version of the USB armory – a computer on a USB stick built from the ground up to be secure. The USB armory Mk II entrenches security in its lowest levels and is suitable for a wide range of applications – such as custom hardware security modules, cryptocurrency wallets, secure authentication and licensing tokens, and more – that need the efficiency and flexibility of an embedded computer without sacrificing security.
The NSA says...(Bitglass) The NSA has released its latest recommendations on how organizations should secure their cloud assets. Check out our latest blog for more information!
How companies legally harvest your data — and how to stop them(Reincubate) Online data collection is increasingly insidious and continuous. This article aims to help you protect your data by making you aware of how your data is vulnerable, and we share some tips on what you can do to help keep your data secure.
Why we need Layer 8 for Application Security(CISO MAG | Cyber Security Magazine) While not official, Layer 8 (and sometimes 9 and 10) is often referred to as the Human Layer. This is the layer where people become part of the communication structure.
How Law Firms Can Prevent Phishing and Malware(The National Law Review) Law firms harbor information directly linked to politics, public figures, intellectual property, and sensitive personal information. Because lawyers rely on email to manage cases and interact with cli
Why should you use correlation rules on top of traditional signatures?(AT&T Cybersecurity) The AT&T Cybersecurity Alien Labs team is in charge of writing correlation rules and releasing threat intelligence updates on a day-to-day basis. When researchers in the team find new malware families or threats, we always try to find the best approach to keep our customers protected. In this blog, we will look into some of the differences between signatures and correlation rules.
Online targeting needs tighter controls, UK data ethics body suggests(TechCrunch) A UK government advisory body on AI and data ethics has recommended tighter controls on how platform giants can use ad targeting and content personalization. Concerns about the largely unregulated eyeball-grabbing targeting tactics of online platforms — be it via serving “personalized c…
Review of online targeting: Final report and recommendations(Centre for Data Ethics and Innovation) Online targeting is a remarkable technological development. The ability to monitor our behaviour, see how we respond to different information and use that insight to influence what we see has transformed the internet, and impacted our society and the economy.
Do not stop progress on 5G(C4ISRNET) The FCC’s plan to provide 45 MHz for unlicensed use while preserving the upper 30 MHz for new automotive safety applications is a win for both the automotive industry and the American people. Here's why ...
Information Technology: DHS Directives Have Strengthened Federal Cybersecurity, but Improvements Are Needed(GAO) The Department of Homeland Security issues mandatory cybersecurity directives for most federal agencies. For example, one directive requires agencies to better secure their websites and email systems. If the actions specified in these directives are not addressed, agency systems can remain at risk.We found that these directives have often been effective in strengthening federal cybersecurity. However, agencies and DHS didn’t always complete the directives’ actions on time.
Ancestry.com said it rejected a police warrant on a technicality(TechCrunch) DNA profiling company Ancestry.com has narrowly avoided complying with a search warrant in Pennsylvania after a search warrant was rejected on technical grounds, a move that is likely to help law enforcement refine their efforts to obtain user information despite the company’s efforts to keep…
Attorney general warns of data breaches(Carolina Coast Online) Attorney General Josh Stein announced Jan. 28 that a record number of data breaches had been reported to the N.C. Department of Justice last year as he released the department’s
CPX 360 Vienna(Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...
5th Annual Atlanta Cyber Security Summit(Atlanta, Georgia, USA, February 5, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from The FBI, U.S. Secret Service, U.S. Dept. of Homeland...
2020 OurCrowd Global Investor Summit(Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.