MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
January 23, 2020.
By the CyberWire staff
The UN has asked the US to investigate the spyware incident involving the phone belonging to Amazon founder Jeff Bezos, the Guardian reports. Motherboard has obtained a copy of FTI Consulting’s forensic report on the device, and notes this conclusion: “Bezos’ phone was compromised via tools procured by Saud al Qahtani,” a close adviser to the Saudi Crown Prince. Experts Motherboard consulted note that the investigators may not have achieved the root access needed to fully inspect the phone, since “good state-sponsored malware” wouldn’t betray itself by appearing in backups. NSO Group’s Pegasus tool is the usual suspect, but the basis for that conclusion, while compelling, remains largely circumstantial.
Comparitech found five Microsoft Elastisearch servers exposed online on December 29th. Microsoft secured them over the next two days, and disclosed details of the incident yesterday. The data were held in a customer service database. Some two-hundred-fifty-million records were exposed.
A ransomware infestation must now be considered a data breach until investigation proves otherwise. BleepingComputer notes that both Maze and Sodinokibi are prepared to leak data belonging to victims who fail to pay. Dark Reading writes that organizations are increasingly disposed to pay.
According to CNET, Apple and Google are engaged in a dispute over Google’s claims that Apple’s Safari anti-tracking features may actually facilitate tracking.
Windows 7 may have gone west, but the German government just can’t quit it. Berlin will pay Redmond €800,000 in 2020 for extended security updates for about thirty-three-thousand PCs still running Windows 7, OnMSFT reports.
Today's issue includes events affecting Bahrain, Canada, China, France, Germany, Saudi Arabia, United Arab Emirates, United Kingdom, United Nations, United States.
Bring your own context.
GDPR is now a well-established regulatory regime whose effects are felt beyond the European Union. But with enforcement actions (and fines) on the rise, it can be difficult to know exactly how to comply.
"But I think one of the challenges that we've had with GDPR - that it's been completely nonprescriptive in terms of technology and how people do things. So it gives you kind of best practices buzzwords about - you know, you will keep information secure. You will protect the individual. But there's actually nothing underneath that as to how you - or recommendations or suggestions on technology or, as you say, page layout. So that then is left to each individual company."
—Jon Fielding of Apricorn, on the CyberWire Daily Podcast, 1.21.20.
It will take awhile to sort the best practices out.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.
And Hacking Humans is up. In this week's episode, "Flipping the script," Dave's phone is blowing up with smishing attempts. Joe shares a story about fake license renewal attempts from The New Zealand Transportation Agency. The catch of the day flips the script on their attacker. Later in the show Carole Theriault speaks with Jamie Bartlett, the brains and host behind the Missing Cryptoqueen, an amazing BBC podcast about trying to get to the bottom of the OneCoin scam.
CyberTech Tel Aviv(Tel Aviv, Israel, January 28 - 30, 2020) Cybertech Tel Aviv is a 3-day event with 200+ organizations, 180+ speakers and 18,000+ attendees with a goal to create business and networking opportunities across borders. For 15% off, use code tcwtlv20dis on the registration page and enter the “Full-Pass" option. https://www.cybertechisrael.com/
Cyber Security Summits: February 5 in Atlanta and on March 20 in Tampa(Atlanta, Georgia, United States, February 5, 2020) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, IBM Security, Google and more. Register with promo code cyberwire20 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Suits & Spooks(Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Access Misconfiguration for Customer Support Database - Microsoft Security Response Center(Microsoft Security Response Center) Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking …
This Citibank Phishing Scam Could Trick Many People(BleepingComputer) A new Citibank phishing scam is underway that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily cause people to believe they are submitting their personal information on a legitimate page.
It’s All About Identity for SecureAuth’s New CISO, Chief Evangelist(Yahoo) SecureAuth, the secure identity company, has announced the appointment of Bil Harmer as chief information security officer and chief evangelist. Harmer joins the executive team to “bring trust back to a zero-trust world” and support the rapid growth of the company. Harmer brings more than 30 years
GK8 - Bounty Program: Hack-Proof Digital Vault(GK8) The biggest bounty prize of the year, up to a quarter of a million USD in Bitcoin, $250,000. GK8 Introduces the proven and validated first TRUE cold wallet for executing the entire digital asset management process without an Internet connection
Dubai regulator takes the wraps off cyber threat intelligence sharing platform(Finextra) The Dubai Financial Services Authority (DFSA) launched the first financial regulator-led Cyber Threat Intelligence Platform (Platform) in the region in collaboration with the Dubai Electronic Security Center (DESC), the National Computer Emergency Response Team for the UAE (aeCERT), the Computer Incident Response Center Luxembourg (CIRCL) and the Open Source Threat Intelligence and Sharing Platform Project (MISP).
Cybercrime Prevention Principles for Internet Service Providers(World Economic Forum) A number of studies and surveys describe the impact of cybercrime around the world and attempt to quantify the scale of the threat. The financial impact of cybercrime on businesses and individuals continues to rise, with Accenture estimating that the cost of cybercrime to businesses has risen by 72% over the past five years.
Election Security Coalition Opposes Weakening Encryption(Project On Government Oversight) A bipartisan group of organizations and individuals working to protect election security highlighted the importance of encryption, and, in order to protect the integrity of our elections, called on the DOJ to end its efforts to weaken encryption.
Glenn Greenwald Charged With Cyber Crimes By Brazilian Government(Citizen Truth) “Charging journalists with criminal activity based on interactions with sources sends a chilling message to reporters working on sensitive stories…” The Brazilian government charged Rio-based journalist Glenn Greenwald with cybercrimes for his reporting on leaked cellphone communications that undermined the credibility of Sergio Moro, President Jair Bolsonaro’s Justice Minister, for his politically-motivated efforts to imprison [...]
18-Year-Old Hacker Stole Crypto Worth $50 Mn In Sim Swapping Scam(Fossbytes) What happens when an 18-year old guy with a passion for hacking takes his passion too far? He earns $50 million worth cryptocurrency by organizing a SIM Swapping scam. Samy Bensaci, a Montreal based 18-year old was released charged with the theft of cryptocurrency worth $50 million in a well-organized SIM swapping scam.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
SecureWorld Charlotte(Charlotte, North Carolina, USA, March 4 - 5, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized...
SecureWorld Philadelphia(King of Prussia, Pennsylvania, USA, March 18 - 19, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized...
SecureWorld Boston(Boston, Massachusetts, USA, March 25 - 26, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized...
SecureWorld Houston(Houston, Texas, USA, April 15, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized...
SecureWorld Cincinnati(Cincinnati, Ohio, USA, April 21, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized...
SecureWorld Toronto(Toronto, Ontario, Canada, April 23, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized...
SecureWorld Kansas City(Overland Park, Kansas, USA, April 29, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized...
SecureWorld Atlanta(Atlanta, Georgia, USA, May 27 - 28, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized...
SecureWorld Chicago(Rosemont, Illinois, USA, June 3, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
CPX 360 Vienna(Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...
5th Annual Atlanta Cyber Security Summit(Atlanta, Georgia, USA, February 5, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from The FBI, U.S. Secret Service, U.S. Dept. of Homeland...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.