Around the corner at the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC, that is. Our 6th Annual Women in Cybersecurity Reception takes place October 24. The Women in Cyber Security Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested.
More Signal. Less Noise.
Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Cyber espionage campaigns attributed to North Korea, China. A Steam 0-day is reported. Texas ransomware updates. Fútbol hacktivism.
Announcements
The CyberWire's 6th annual Women in Cybersecurity Reception is just around the corner.
Summary
Researchers at Anomali report finding an active North Korean cyber espionage campaign directed against universities, think tanks, and foreign ministries. The infection method is phishing, with the malicious payload taking victims to fake websites. In some instances the bogus sites masqueraded as login pages for government diplomatic portals. The threat group is thought to be connected to Pyongyang's missile program.
FireEye describes ongoing cyber espionage directed against the healthcare sector. The researchers associate the campaign with the Chinese government. It seems to have two goals. First, the operators are interested in simply acquiring large quantities of personal information, a goal many such campaigns have. Second, the campaign appears to be particularly interested in cancer research.
A researcher has disclosed a second zero-day vulnerability in Valve's Steam platform. The issue is thought to affect more than 96 million users worldwide, Bleeping Computer reports.
Detailed information about the coordinated ransomware attack that hit local-government targets in Texas last Friday remain sparse, but Ars Technica and WIRED have compilations of what's known so far. Twenty-three organizations have been affected. The attacks came from a single source authorities decline to name. The affected organizations also haven't been specified, although a few names have leaked. In general larger counties and cities seem to have been more resilient.
ESPN reports that impassioned and very disappointed fans of Veracruz's losing fútbol side have hacked the club president's Twitter account because he's "tarnishing the badge," and because doing so is their first step in "taking back their club."
Notes.
Today's issue includes events affecting Australia, China, European Union, Germany, Israel, Kazakhstan, Democratic Peoples Republic of Korea, Republic of Korea, Japan, Mexico, Netherlands, Portugal, Russia, United Kingdom, United States
Bring your own context.
Advice to buck up and protect yourself from ransomware.
"There are basically two factors in terms of why ransomware still even is a thing. If everyone had proper backups, ransomware would never have been a thing - just simple as that. There'd be no profit for it because everyone would just be, like, 'hit the restore button.' That's how it should be. The second factor, of course, is the whole controversy of paying the bad guys. That's what keeps them going. But there'd be no reason to pay them if you had backups."
—Michael Gillespie of Emsisoft, and also proprietor of the ID Ransomware website, on Hacking Humans, 8.22.19.
Thus, two points: first, backup is easier and cheaper than you may think. And, second, paying ransom fuels a bandit economy.
Is your cybersecurity program aligned with your business goals and objectives?
Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success.
On the Podcast
In today's podcast, out later this afternoon, we talk with our partners at Terbium Labs, as Emily Wilson continues her discussion of phishing kits. And our guest, Stewart Kantor, CFO and co-founder of Ondas Networks, discusses the ins and outs of securing licensed spectrum.
And Hacking Humans is up. In this episode, "Backups backups backups," Joe describes a primitive (but effective) phishing scheme being tracked by Bleeping Computer. Dave shares news from a Black Hat presentation on phishing stats from Google. The catch of the day is a friendly invitation from Hawaii. Our guest is Michael Gillespie from Emsisoft describing the ID Ransomware project.
Sponsored Events
Cyber Security Summits: Chicago on August 27 and on September 17 in Charlotte (Chicago, Illinois, United States, August 27, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Anomali Threat Research Team Identifies North Korea Based Cyber Attack Targeting Stanford University, Government Agencies, Think Tanks (West) Suspect Group May be Engaged in Phishing Campaign to Conduct Espionage, Anomali Researchers Believe
Hacking group targets organizations focused on North Korea's missile program - CyberScoop (CyberScoop) Hackers using web infrastructure associated with a known North Korean threat group are behind a dormant phishing campaign that’s targeted the ministry of foreign affairs in at least three countries, as well as a number of research organizations, according to findings shared exclusively with CyberScoop before their publication Wednesday.
State-Sponsored Cyberattacks Target Medical Research (Dark Reading) Cancer research is a particular target among Chinese espionage groups, says security firm FireEye.
Chinese Cyberspies Continue Targeting Medical Research Organizations (SecurityWeek) Chinese cyberspies continue targeting medical research organizations in the U.S. and elsewhere, and cancer-related research appears to be of particular interest.
Russian APT 'Silence' Steals $3.5 Million in One Year (SecurityWeek) A Russian-speaking threat group has managed to steal roughly $3.5 million since September 2018 by increasing the frequency of attacks.
Silence APT group eyes APAC banks (ComputerWeekly.com) Russian-speaking advanced persistent threat group has set its sights on banks in the region, customising its arsenal for targeted attacks.
Nasty Botnet Neutrino Caught Hacking Other Hackers' Web Shells (Fossbytes) A crypto mining botnet operation, going for almost a year, is hijacking web shells of other hackers, according to report from Positive Technologies. Researchers have linked the source of the dangerous botnet to Neutrino gang.
Backdoor Found in Utility for Linux, Unix Servers (Threatpost) Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.
Spot the fake: copies of victim's corporate Microsoft 365 page used in attacks (SC Magazine) Azure Blob Storage and Web Sites misused by scammers to create a semi-targeted and rather convincing credential harvesting page tailored to the user's organisation to fool users
Microsoft Contractors Listened to Xbox Owners in Their Homes (Vice) Multiple contractors working for Microsoft explain how they listened to audio captured by Xbox consoles.
Second Steam Zero-Day Impacts Over 96 Million Windows Users (BleepingComputer) A second Steam Windows client zero-day privilege escalation vulnerability affecting over 96 million users has been publicly disclosed today by Russian researcher Vasily Kravets.
New Cyberattack Warning For Millions Of Home Internet Routers: Report (Forbes) A new study reports that insecure separation between host and guest networks on home internet routers has put millions at risk.
PokerTracker.com Hacked to Inject Payment Card Stealing Script (BleepingComputer) A curious case of web-based card skimming activity revealed that the Poker Tracker website had been compromised and loaded JavaScript that stole payment information from customers.
Fortnite players targeted with ransomware in fake 'aimbot' (SiliconANGLE) Fortnite players targeted with ransomware in fake 'aimbot'
ECB takes blame for Bird website infection (bobsguide) A malware infection which caused the shutdown of a European Central Bank (ECB) website should not be blamed on its third-party service provider, according to a spokesperson at the ECB, as the central bank is responsible for its upkeep.
Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks (BleepingComputer) The threat actor that hit multiple Texas local governments with file-encrypting malwarelast week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says.
A Huge Ransomware Attack Messes With Texas (WIRED) A coordinated strike against 23 local governments is called the largest such hack from a single source.
While one Texas county shook off ransomware, small cities took full punch (Ars Technica) Lubbock County managed to isolate the attack quickly. Others, not so much.
Ransomware Attacks Are Testing Resolve of Cities Across America (New York Times) As hackers lock up networks that power police forces and utilities, municipalities must operate with hobbled computer systems, and decide whether to pay ransoms.
HOAX ALERT! Facebook ‘deadline’ on making your content public is fake (Naked Security) There’s no privacy Armageddon coming “TOMORROW!” If there was, you couldn’t copy and paste your way out of it!
An Old Instagram Hoax Fools a Bunch of Celebrities (Wired) Instagram users like Usher, Martha Stewart, and Rick Perry posted a meme warning about a new rule that doesn't actually exist.
Nampa School District victim of cyber attack (Idaho Press) The Nampa School District’s network services, including internet, is expected to be down for several days following a malware attack.
Glenwood schools recover from cyber-attack for new school year (NBC 6 News) The school year for the Glenwood District is off to a challenging start as schools recover from a cyber-attack back in July.
Angry Veracruz fans hack president's Twitter (ESPN.com) Mexican side Veracruz confirmed the Twitter account of club president Fidel Kuri Grajales was hacked by a group of angry supporters on Tuesday.
Security Patches, Mitigations, and Software Updates
New tool enables users to disconnect their off-Facebook activity from their account (Help Net Security) Facebook has announced the (partial) roll-out of a long-awaited "Clear History" privacy tool for users, only it called "Off-Facebook Activity".
Cisco Patches Six Critical Bugs in UCS Gear and Switches (Threatpost) Six bugs found in Cisco’s Unified Computing System gear and its 220 Series Smart switches can allow unauthenticated remote hackers to take over equipment.
The patching paradox: vulnerability scoring leads to slower high-risk remediation (SC Magazine) Companies focused on compliance tended to struggle to patch all high-risk vulnerabilities across their organisation and tended to be slower in patching high-risk vulnerabilities. Those performing better used....
Cyber Trends
What's in a Malvertisement? More Magecart and a 186% Spike in Drive-by Delivery (RiskIQ) What's in a malvertisement? The answer lies in a six-month sample of RiskIQ's threat detection data, which shows a stark increase in drive-by malvertising.
Employee Error Behind Half of Industrial Network Incidents (Infosecurity Magazine) Kaspersky report warns of crucial skills gaps
Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report (SecurityWeek) Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons.
Marketplace
Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program (ZDNet) Valve gets heavily criticized for mishandling a crucial bug report.
Online Security - a Fine Line between Clients Feeling Benefit Versus Burden (PR Newswire) Whether a recommended security measure or good practice is implemented by an online user often depends on how...
Remediant Secures $15 Million in Series A Funding Round Co-led By Dell Technologies Capital and ForgePoint Capital (Remediant) Remediant Introduces SecureONE – Advanced PAM Software Solutions for Regulatory Compliance and Enterprise Management. Evolving Privileged Access Management, Just-in-Time
MxD to Develop a ‘Cybersecurity in Manufacturing’ Workforce Development Program with $1.25 Million Grant from the Siemens Foundation | MxD (UI LABS) MxD today announced a comprehensive workforce development program for cybersecurity in manufacturing, underwritten with a $1.25 million grant from the Siemens Foundation. The grant will fund the development and implementation of a highly-skilled cybersecurity for manufacturing initiative as part of MxD’s workforce strategy known as MxD Learn.
VMware acquires application security startup Intrinsic (CRN Australia) Vendor's seventh acquisition of the year.
Splunk to buy San Mateo cloud monitoring startup SignalFx for $1.05B (Silicon Valley Business Journal) San Francisco-based Splunk is paying double what SignalFx was valued at by private investors in June.
Splunk to Acquire Cloud Monitoring Leader SignalFx (Seeking Alpha) Splunk to Redefine APM Category with Any Data at Any Scale to Help Organizations Navigate Cloud Journey; Establishes Splunk as a Leader in Observability
Honeywell builds out building IoT applications, cybersecurity tools (ZDNet) Honeywell's most recent move adds to its smart buildings software and aims to meld operations and information technologies.
Microsoft, Tech Leaders Back Confidential Computing Consortium (Redmond Channel Partner) The Linux Foundation on Wednesday announced the formation of a new group that aims to ensure the security of processed data.
Intel Joins Industry Consortium to Accelerate Confidential Computing (Intel Newsroom) By Lorie Wigle Leaders in information and infrastructure security are well versed in protecting data at-rest or in-flight through a variety of methods.
CashFlows turns to Akamai for cyber protection (Finextra Research) Akamai (NASDAQ: AKAM), the intelligent edge platform for delivering and securing web experiences, today announced it is protecting CashFlows, an innovative FinTech offering comprehensive merchant services, alternative payments, and BIN Sponsorship solutions (card issuing and ATMs), from the growing threat of Distributed Denial of Service (DDoS) attacks against its cloud-based services.
Checkmarx beats US firms to provide US Navy with fast, secure coding (The Jerusalem Post) The Israeli firm offers a comprehensive solution to coding security issues, vastly reducing waiting times to implant them.
SAIC announces prime spots $812M worth of national security, intelligence contracts (Intelligence Community News) Science Applications International Corp. of Reston, VA announced on August 21 that it was awarded $812 million in contracts to support various U.S. government national security and intelligence act…
AttackIQ Deepens Leadership Bench, Appoints Dariush Afshar as VP Business Development and Corporate Strategy (BusinessWire) AttackIQ™, the leading, independent player in the emerging market of continuous security validation, today announced Dariush Afshar has joined the com
Google DeepMind Co-Founder Placed on Leave From AI Lab (Bloomberg) The co-founder of DeepMind, the high-profile artificial intelligence lab owned by Google, has been placed on leave after controversy over some of the projects he led.
Cybersecurity Luminary Etay Maor Joins IntSights as Chief Security Officer (PR Newswire) IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward™, announced today that...
Products, Services, and Solutions
Capacity Unveils AI Knowledge Sharing Platform to Boost Workplace Productivity (PR Newswire) Today, Capacity officially introduced its secure, AI-native knowledge sharing platform. Designed to meet the...
Flashpoint - A Clean View of Vulnerabilities Helps Prioritize Patching (Flashpoint) Matthew Howell weighs in on risk-based vulnerability prioritization and how the Flashpoint CVE Dashboard supports it.
Just Released: New WeChat Compliance & Cybersecurity Capability (Safeguard Cyber) New capability to secure conversations in WeChat, making it one of the only entities to provide security & real-time compliance protection for businesses.
Infoblox Announces Cloud Managed DDI to Extend Foundational Network Services at Branch Offices (PR Newswire) Infoblox Inc., the leader in Secure Cloud-Managed Network Services, today announced the launch of BloxOne...
Digital Defense, Inc. Technology Partnership with Cherwell Automates Prioritization and Response to Security Threats (Yahoo) Organizations Benefit from Reduction of Noise and False Positives SAN ANTONIO , Aug. 21, 2019 /PRNewswire-PRWeb/ -- Digital Defense, Inc. today announced the integration of their Frontline.Cloud™ vulnerability ...
Visa Tackles Payment Fraud with New Security Services (SecurityWeek) Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems.
Box adds native security controls to content management (ZDNet) With Box Shield, customers get machine learning-powered threat detection, as well as the ability to set classification-based security policies.
Technologies, Techniques, and Standards
‘Desperate Need For Speed’ As Army Takes On Chinese, Russian, ISIS Info Ops (Breaking Defense) The Army wants to move much faster in cyberspace against espionage, subversion, and disinformation -- but that means accepting higher risks.
Forced Password Reset? Check Your Assumptions (KrebsOnSecurity) Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password.
Properly Safeguarding Distributed Internet of Things Networks (DH2i) Aside from the internet itself, The Internet of Things has the potential to become the most transformative technological application of our times. Conservative estimates indicate it will encompass approximately 30 billion devices in the next couple years, more than half of which will include machine to machine communication. With each of those smart devices connected Read More...
NIST Recommendations For IoT & ICS Security (CyberX) NIST’s latest report demonstrates how purpose-built IoT & ICS anomaly detection technologies can effectively reduce the risk of destructive cyberattacks.
A new, more secure GPS signal could be ready by 2020 (C4ISRNET) A fix that will allow ground systems to receive M-Code Early Use from GPS III satellites is on track for early 2020, according to Lockheed Martin executives.
Why the intel community wants to improve its top-secret intranet (Fifth Domain) As the Defense Intelligence Agency looks to overhaul JWICS, it’s looking to move from defending the network as a whole to protecting the data within the network.
Analyzing Packed Malware (Infosec Resources) Malware is created with deception in mind. Malware authors want to go undetected in order to steal, alter or delete as much information as possible.
Three essential elements of a successful Zero Trust cybersecurity program (Help Net Security) This article contains three essential considerations that help organizations move toward a stronger Zero Trust cybersecurity program.
How solid is your cyber incident response strategy? (Information Age) Don't become the next headline.
Ignore these 3 cybersecurity risks at your own peril (Podium | The Next Web) 3 missing pieces in your all-encompassing cybersecurity strategy
The difference between zero-day vulnerability and zero-day exploit (SearchSecurity) Software flaws, if not fixed in a timely manner, can be devastating to an enterprise. Read on to learn about two zero-day terms -- zero-day vulnerability and zero-day exploit -- and why CISOs should be on high alert for any zero-day issue.
Why You Need Intelligence Driven Threat Detection to Stay Secure () The importance of integrating Threat Intelligence into Your Security Strategy to Counter Threats
U.S. Army Cyber School puts its defense system to the test against the Japanese Ground Defense Force in a game of capture the flag (WJBF) The International Parsons Capture the Flag Challenge is the only time hackers are welcome to attack a network.
Design and Innovation
Facebook’s New Privacy Feature Comes With a Loophole (WIRED) "Off-Facebook Activity" will give users more control over their data, but Facebook needs up to 48 hours to aggregate your information into a format it can share with advertisers.
Google denies reports of unannounced changes to Android app review process (TechCrunch) Multiple reports this week claimed Google had quietly rolled out a more in-depth app review process to all developers — changes designed to keep the Play Store safer from spam, malware and copycat apps. Those reports are inaccurate, Google tells TechCrunch. Instead, the company is giving itse…
YouTube killing built-in 'Messages' feature next month (9to5Google) In August 2017, YouTube introduced a "Messages" feature for its mobile apps and later the web. Two years later, YouTube killing Messages should...
Why These Social Networks Failed So Badly (Gizmodo) Sixteen years ago, the sun set on Web 1.0, and we embarked by the light of our smartphones to 24/7 connectivity, down a road paved with corporate blunders, littered with yesterday’s top 8 friends, scrubbed n00ds, trashed chiptune tracks, bomb threats, and downy unicorn costumes. Comedic treasures were born and abandoned by parent companies; screaming crowds running through billowing tear gas from police vanished behind defunct video players. Devs dreamed of love, artists of postmodern interfaces, and unknowns of entertainment careers. Netizens injured themselves for stunts, by accident, and on purpose. We submitted to our overlord Mark Zuckerberg and the army of influencers. And so many rubber ducks wailed.
Why Do Tech Companies File So Many Weird, Alarming Patents? (Slate Magazine) Most of these patents are basically science fiction. Companies love them anyway.
Badge life: The story behind DEFCON’s hackable crystal electronic badge (Ars Technica) Original DEFCON hackable badge creator Joe "Kingpin" Grand gives Ars the story behind his comeback.
Research and Development
Galois Awarded $8.6 Million DARPA Contract To Build Cyber Reasoning Tool that Discovers Security Vulnerabilities (Galois, Inc.) Galois will partner with Harvard University and Trail of Bits to build scalable and more cost-effective tools that identify hard-to-find vulnerabilities. Galois has been awarded an $8.6 million contract by the Defense Advanced Research Projects Agency (DARPA) to build a tool that uses a hybrid human-machine approach to detecting cyber security vulnerabilities that go undetected …
Cyberthreat assessment tool contract signed between USAF, Radiance Technologies (Military Embedded Systems) Cyberengineering firm Radiance Technologies has won a potential five-year, $99.9 million contract to design, build, develop, and integrate a set of tools and models for the U.S. Air Force to use in the assessment of cyber vulnerabilities on Internet of things-based devices and other distributed systems.
You Won't See Quantum Internet Coming (Gizmodo) The quantum internet is coming sooner than you think—even sooner than quantum computing itself. When things change over, you might not even notice. But when they do, new rules will protect your data against attacks from computers that don’t even exist yet.
Academia
Virginia Tech receives federal award for counterintelligence work (VT News) The award, given annually since 2010, recognizes up to four companies and/or institutions, out of about 10,000, that exhibit the best counterintelligence results and cooperation to support the U.S. government’s efforts to detect and stop foreign entities from stealing national security information.
Cyberbit and Purdue Partner to Advance Cybersecurity Workforce Education (PRWeb) Cyberbit and Purdue today announced they are entering into a partnership to enhance cybersecurity workforce education and trainin
UMaine Augusta opens state-of-the-art Maine Cyber Range (WABI) We're told there's only about a dozen facilities in the country with these capabilities.
Universities Working to Fill High Cybersecurity Job Demand (Diverse) There is a shortage of qualified professionals within the cybersecurity field across the globe, and universities in the United States are looking for solutions.
Legislation, Policy and Regulation
South Korea to withdraw from military intelligence sharing pact with Japan (Stars and Stripes) South Korea scrapped an intelligence sharing pact with Japan because of a trade spat between the two U.S. allies.
When will the GDPR pot boil over? It's sooner (and different) than you think (Help Net Security) Let’s take a look at the security and privacy lessons from GDPR enforcement actions, especially for security, privacy professionals and executives.
Australia’s data encryption laws an oppression of freedom: Joseph Carson (CIO) Australia’s data encrytion laws, which compel tech firms to give police and security agencies access to encrypted messages, are an oppression of human rights, according to a visiting cyber expert.
Google and Mozilla Block Kazakhstan’s Browser Spying Tool (Vice) Browser makers announced they would block the Kazakhstan government’s root certificate, which was designed to spy on citizens’ internet usage.
Firefox and Chrome Fight Back Against Kazakhstan's Spying (WIRED) The Central Asian country’s government has repeatedly threatened to monitor its citizens’ internet activities. Google and Mozilla aren’t having it.
Israel eases rules on cyber weapons exports despite criticism (Reuters) Israel is easing export rules on offensive cyber weapons, despite accusations by...
The Cybersecurity 202: Chinese-built tech poses danger throughout the Pentagon, lawmaker warns (Washington Post) The Defense Department is filled with Chinese commercial products that pose hacking risks
Huawei is embedded in our infrastructure and the federal government subsidized it (TheHill) After having allowed Huawei and ZTE to penetrate the American communications networks, it is now up to the government to undo the damage it facilitated. Despite the huge cost that this will incur, it will no doubt be the American taxpayer who foots the clean-up bill.
Suzanne Spaulding: Cyberspace Solarium Commission to Publish Security Recommendations Early Next Year (Executive Gov) Suzanne Spaulding, a member of the Cyberspace Solarium Commission, said the group will release cyber
Defense Intelligence Agency cyber operations chief talks cybersecurity (DVIDS) The Joint Worldwide Intelligence Communications System and the Department of Defense Intelligence Information System are major topics this week at the Defense Intelligence Agency Department of Defense Intelligence Information Intelligence System Worldwide Conference, Aug. 18-22, 2019.
New Army units worth the risk (Fifth Domain) Army leaders are ok with accepting some risk in haste to create new multidomain units.
How the Army is helping combatant commands with cyber planning (Fifth Domain) Army Cyber Command is building cyber planning organizations within the staffs at Africa Command, Central Command and Northern Command.
California’s Cybersecurity task force leads charge to defeat hackers (Fox Business) California’s cybersecurity voluntary task force is aimed at transforming municipalities’ approach to cybersecurity.
Schools Brace for Cyberattacks (Wall Street Journal) As hacks against schools wreak more damage, state governments are moving to help school districts recover from attacks and prevent new ones.
Litigation, Investigation, and Enforcement
Suspect in Huge Capital One Breach Seeks Release From Jail (SecurityWeek) Lawyers for a transgender woman charged in a massive data breach at Capital One asked a judge to release her from federal custody, saying that for her to remain jailed with men is a serious threat to her mental health.
Ring asks police not to tell public how its law enforcement backend works (Ars Technica) Ring asks cops not to call its security cameras "security cameras" in public.
Who's in Town Denies Instagram Block (Infosecurity Magazine) App Who's in Town has hit back against claims it was blocked on Instagram and Facebook.
LinkedIn blocked 21.6M fake accounts in first half of year, as scrutiny of social media giants grows (GeekWire) LinkedIn blocked or removed 21.6 million fake accounts on its platform from January to June of this year, a sign that the Microsoft-owned social network is actively fighting some of the same issues…
Covington Interim Report (Facebook) Facebook strives to “give people the power to build community and bring the world closer together.” Consistent with that mission, over 2 billion people use Facebook’s products and services to share ideas and news, organize events, and promote candidates for federal, state, and local office.
Opinion | Why Conservatives Don’t Trust Facebook (Wall Street Journal) My independent team of investigators looked into the complaints, and the company has taken action.
Exclusive: The results from Facebook's conservative bias audit (Axios) Facebook will release the findings of a roughly year-long conservative bias audit.
Analysis | The Technology 202: Facebook attracts swift blowback from report on anti-conservative bias (Washington Post) Neither Republicans nor civil rights groups are happy.
Here's the data Facebook's bias report doesn't show you (Media Matters for America) Facebook issued a report regarding right-wing cries of bias on the platform. Notably, the report includes no actual data supporting those claims. Nor does the Wall Street Journal op-ed penned by former Sen. Jon Kyl.
U.S. charges five in scheme to swindle millions from military personnel (CyberScoop) The U.S. Department of Justice on Wednesday announced the indictment of three Americans, an Australian, and a South Korean for their alleged involvement in a plot to steal millions of dollars from current and former American military personnel.
Online sneaker reseller StockX faces lawsuit over data breach (Engadget) The lead plaintiff is a minor from Kansas whose information was stolen in the breach.
Blockchain Capital Says UK Crypto Firm Is Copying Its Name (Law360) Tech-focused venture capital firm Blockchain Capital LLC sued a London-based company for trademark infringement on Wednesday, claiming Blockchain Capital Ltd.'s effort to market itself in New York is causing confusion.
Industry Events
upcoming Events
Pittsburgh Cybersecurity Conference (Pittsburgh, Pennsylvania, USA, August 22, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.
Industrial Control Systems Joint Working Group (ICSJWG) Fall Meeting (Springfield, Massachusetts, USA, August 27 - 29, 2019) The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial control systems. The ICSJWG provides a vehicle for communicating and partnering across all Critical Infrastructure (CI) Sectors between federal agencies and departments, as well as private asset owners/operators of industrial control systems. The goal of the ICSJWG is to continue and enhance the collaborative efforts of the industrial control systems stakeholder community in securing CI by accelerating the design, development, and deployment of secure industrial control systems.
Integrate (Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to transform customer experiences. This three-day event is a nexus for local and global brands to showcase the latest solutions and products, to the region's largest gathering of AV professionals, end users and technology buyers.
Washington DC Cybersecurity Conference (Washington, DC, USA, August 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.
9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's most pressing cybersecurity threats, remediation strategies and best practices. Peak Cyber Schedule includes: Capture The Flag (CTF) at Peak Cyber; Speaker Sessions, Panels and In-Depth Training Workshops & Boot camps.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.