Our understanding of risks and our ability to secure ourselves in cyberspace come from the exacting work of researchers all over the world. Beginning this September 9th, we’ll talk to those researchers who are unpacking the threats and vulnerabilities, and who are making the fixes and building the defenses we depend upon. We’ll hear from the experts in industry and academia who are working on the hard problems of security in a rapidly evolving technological, policy, business, and social landscape. Watch our site for this new weekly podcast.
Can you protect your healthcare operations in the face of a cyber-attack? Experts from Stanford Children’s Health, Delta Risk, and Huntzinger Management Group discuss essential elements of how to respond to an incident and properly prepare a business continuity plan.
ISIS loses territory, steps up inspiration. Maritime hacking concerns. Another misconfigured AWS S3 bucket. "Mr. Smith" threatens to release Game of Thrones season finale. UK's NHS SwiftQueue breached. Google pulls 500 apps from Play.
As ISIS sees its physical caliphate shrink to territorial insignificance, it steps up activity in cyberspace. Such activity remains largely inspiration—information operations, marketing in battledress—as opposed to hacking properly so-called. Ability to summon the disaffected to acts of terror, recently on display in Barcelona, seems undiminished.
Worries about maritime hacking continue. The recent collision between the destroyer USS John S. McCain and the merchant tanker Alnic MC in the Straits of Malacca has aroused speculation that shipboard navigational and safety systems might have been deliberately interfered with. Such suspicions are based, it's important to note, on a priori possibility overlaid with what observers are calling an unusually high rate of collisions involving the US Navy. (Observers are also recalling the June 22nd incident in which Russian operators engaged in GPS spoofing affecting ships in the Black Sea.) The US Navy is investigating, and undertaking an immediate review of seamanship throughout the fleet.
Another misconfigured Amazon S3 bucket has exposed its data. This time the affected business is hospitality booker Groupize.
"Mr. Smith," ransom still unpaid by HBO, is threatening to release the season finale of Game of Thrones.
Britain's National Health Service has sustained a breach in its SwiftQueue appointment service. The hacker (hackers?) claiming responsibility represents himself (herself? themselves?) as performing a public service, exposing security flaws. The incident is under investigation.
Google has pulled about 500 apps from its Play store. They contained compromised versions of development kit Igexin that effectively installed a backdoor for spyware.
Today's issue includes events affecting Australia, China, Denmark, Russia, Saudi Arabia, Spain, United Kingdom, United States, and and Vietnam.
A note to our readers: we'll be in Palo Alto tomorrow, attending the Chertoff Group's Security in the Boardroom conference. We'll have special coverage out later this week.
In today's podcast we hear from our partners at the Maryland Cybersecurity Center at the University of Maryland. If you've wondered about how you could distinguish actual expertise from the merest charlatanism, especially when it's expertise you don't have, you could of course read Plato's Charmides. Or you could listen to Jonathan Katz, the Maryland Cybersecurity Center's Director, who'll explain how to tell fact from FUD, science from shinola.
You'll also be interested in Recorded Future's latest podcast, produced in partnership with the CyberWire. This week's edition is an overview of Russian policy in historical context, and how that's shaped tensions with the US in cyberspace. Download "Russia Revisited: How Did We Get Here?" and listen to this timely discussion.