Our 6th Annual Women in Cybersecurity Reception takes place October 24 at the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC. The Women in Cybersecurity Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested in one of those, too.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Google takes down YouTube accounts for Hong Kong disinformation. Cryptojacking a nuclear plant. Don't listen to Radio Balouch.
Google has joined Facebook and Twitter in taking down social media accounts probably operated by Chinese government sock puppets. Mountain View blogged yesterday that it had closed two-hundred-ten YouTube accounts it found spreading coordinated disinformation about the ongoing protests in Hong Kong. Google didn’t explicitly attribute the activity to the Chinese government, but it did note that the activity was similar to the campaigns flagged by Twitter and Facebook. Google also observed behavior it associates with inauthenticity, notably the use of VPNs.
The SBU, Ukraine's security service, confiscated cryptomining rigs at the Yuzhnoukrainsk nuclear power facility. An undisclosed number of personnel are under investigation for illicitly mining cryptocurrency on the plant's computers. Cointelegraph noted the similarities to the case of the nuclear engineers Russian authorities arrested in February of 2018 for pulling Bitcoin from the Russian Federal Nuclear Center. The nuclear power and research sector deploys a lot of computational power, which attracts cryptojackers. The Uniam news service claimed that control systems at Yuzhnoukrainsk were connected to the Internet, which presents its own problems.
ESET reports the first known instance of spyware built on AhMyth open-source malware. "Radio Balouch" or "RB Music," advertised itself as a Balouchi-music streaming service. It delivered as promised, but also came with an information stealer. It has been expelled from Google Play.
Valve has patched the Steam flaws spurned bug hunter Vasily Kravets discovered. The company told Ars Technica that it recognizes its handling of the disclosures was a mistake. It's adjusting its policies accordingly.
Today's issue includes events affecting China, European Union, France, India, Israel, New Zealand, Russia, Ukraine, United Kingdom, and United States.
Bring your own context.
A Palo Alto survey found that 62% of Americans feel that they should be responsible for the security of their own personal information, but only 24% claimed to have even so much as a rudimentary security process in place to meet that responsibility. (And, we might add, some fraction of that 24% is probably blowing sunshine.)
"As I've gotten more mature in this field it occurs to me that blaming the user for not being technical enough to see adversaries like OilRig and Emissary Panda and Reaper attacking their laptops, you know—that all just belongs in the pile of cybersecurity elitist B.S., OK? It just does. Right? I have problems spotting malicious links in email, and I've been doing this stuff for over twenty years. But the community has been expecting the grandmas of the world to know enough to spot these advance attacks. In hindsight, you know, that's just laughable."
—Rick Howard, head of Palo Alto Networks' Unit 42, on the CyberWire Daily Podcast, 8.21.19.
He's right, and his point applies not only to the grandpas and grandmas, but to millennial gamers, businesses of all sizes, government agencies, etc.
Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success.