Our 6th Annual Women in Cybersecurity Reception will be held this October 24th in the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC. The Women in Cybersecurity Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested in one of those, too.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Beijing advocates free speech (in a way). A look at the Silence gang. Credit cards hacked in South Korea. Gaming search results.
After Twitter on Monday identified and suspended 936 accounts it determined were conducting information operations against the ongoing protests in Hong Kong (and modified its advertising policy to no longer accept paid advertising from state-controlled media), and after Facebook took down seven pages, three groups, and five accounts for the same coordinated inauthenticity, China's government protested the companies' actions. Beijing says the accounts belonged to Chinese living temporarily overseas: they were expressing their patriotic outrage over the Hong Kong protests. China's government added, Reuters reports, that it also had a "right to tell its story."
Group-IB has a follow-up report on Silence, the Russian-speaking criminal gang they've tracked for the last three years. Initially marked by slovenly opsec and a target set largely confined to Russia, Silence has upgraded its security game and expanded internationally. Their expansion and improvement seem opportunistic and derivative, repurposing code and perhaps personnel from other gangs, notably TA505. Their customary infection technique is phishing, beginning with a reconnaissance phase that sends bogus email delivery failure notices.
Stars and Stripes reports that US servicemembers are caught up in a large South Korean credit card breach.
Scammers are gaming search engine results with paid advertising to display their own phone numbers at the top of search results for help lines belonging to well-known brands, Naked Security reports. The ads seem to make economic sense for the criminals: they get a solid return on their marketing investment. Voice assistants have proven particularly vulnerable to this form of deception.
Today's issue includes events affecting Armenia, Australia, Austria, Azerbaijan, Belarus, China, Cyprus, Czech Republic, Denmark, European Union, Georgia, Germany, Greece, India, Iran, Israel, Kazakhstan, Kenya, Republic of Korea, Kyrgyzstan, Latvia, Malaysia, New Zealand, Poland, Romania, Russia, Serbia, Taiwan, Turkey, Switzerland, Ukraine, United Kingdom, United States, Uzbekistan, and and Vietnam.
Bring your own context.
Bug bounties used to be a mom-and-pop segment of the security market, but that's changed.
"We're definitely seeing more adoption. It's becoming much more mainstream, I would say. And also, we're actually starting to see the rewards more accurately reflect the type of value that these kinds of bugs have. You're seeing organizations offering rewards in the tens or, in some places, even hundreds of thousands of dollars, which really makes it worth that investment on behalf of the researcher to be spending the time to find these unique and interesting vulnerabilities in software."
—Ben Waugh, chief security officer at Redox, on the CyberWire Daily Podcast, 8.19.19.
Companies are also growing more comfortable with outsiders looking at their systems. (The outsiders are going to poke around in any case, right?)
Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success.
In today's podcast, out later this afternoon, we speak with our partners at Lancaster University, as Daniel Prince discusses cyber risk in the global economy. Our guest, Rick Howard, from our partners at Palo Alto Networks, describes a Palo Alto study that reveals Americans' confusion about cybersecurity.