Our 6th Annual Women in Cybersecurity Reception takes place October 24 at the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC. The Women in Cybersecurity Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested in one of those, too.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Twitter and Facebook take on Chinese-government info ops. Home camera vulnerabilities fixed. Cyberspace Solarium wants you.
Twitter has identified and suspended 936 accounts it determined to be engaging in coordinated activity to discredit the ongoing protests in Hong Kong. China blocks Twitter, so the accounts either used VPNs or specially unblocked IP addresses on the mainland. Crediting Twitter with having tipped it off, Facebook followed suit, and terminated seven pages, three groups, and five accounts engaged in the same campaign of coordinated inauthenticity designed to mislead and misdirect protesters in Hong Kong. Facebook is also blocked in China. As the Wall Street Journal notes, the fact that many of the social media accounts involved were operating unblocked from the mainland strongly suggests that they were operating on behalf of the Chinese government.
Twitter also changed its advertising policy in a gesture toward cracking down on government-run influence campaigns. Henceforth the company will no longer sell advertising to state-sponsored media. Those media will continue to be able to tweet, just not buy ads. It seems likely that more state control will become covert and deniable.
Cisco Talos discovered and helped remediate eight vulnerabilities in Google's Nest Cam IQ Indoor camera. The issues could have been exploited to commit denial-of-service attacks, code execution, and information theft.
Researchers at vpnMentor report that they've found that the niche adult site, "Luscious," is leaky. That is, it exposes data on the roughly one-million registered users that include usernames, personal email addresses, activity logs, country of residence, and gender.
Lawfare has published an appeal for public engagement with the Cyberspace Solarium Commission.
Today's issue includes events affecting China, France, Greece, India, Pakistan, Russia, United Arab Emirates, and United States.
Bring your own context.
There's been enough litigation to show that insurance companies and their clients don't always agree on when a claim for damages incurred in a cyberattack should be paid. What about war clauses, for example?
"You need to have an understanding of at least one of the outcomes you need in order for them to pay out. But if you look at where they're basically saying the recent breach was an act of war, an act of war is becoming a common tool that insurance companies are using to limit their risk and liability for a breach. You have to assume that there will be collateral damage in any state-sponsored cyberwarfare campaign, right? If you look at the U.S. military, they sort of cordon off or they organize their theaters by coms. There's Northcom, Africom, Southcom. Cybercom is a global command, if that makes sense, right? So while - if you look at the U.S. and the Ukraine, we are - I Googled it - we are 5,687 miles away from the Ukraine. And while you might be 5,000-plus miles away from a conflict, if it's a cyber conflict, in most cases, you are digitally fractions of a second away from that conflict. If you have a public IP address, you are basically in theater. So you have to understand exactly what risks you're going to take in terms of what Get Out of Jail Free cards are there for the insurance company.... You have to understand what are the things that could nullify your policy, right? And you need to understand that we live in this world where if it's a digital conflict, if you have a public IP address, you are in theater, and you definitely run the risk of collateral damage in the way that physical confrontations don't."
—John Smith, principal sales engineer at ExtraHop, on the CyberWire Daily Podcast, 8.16.19.
Cyber insurance remains a maturing market, and some important actuarial data and risk decisions are still taking shape.
Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success.
In today's podcast, out later this afternoon, we speak with our partners at Booz Allen Hamilton, as Michael Sechrist continues his discussion of cities' paying ransom to cyber extortionists. Our guest is John Bennett, General Manager of Identity and Access Management at LogMeIn, and he describes the growing cyber threats to small and medium businesses.