Join us as we step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. We're pleased to announce Career Notes, each episode of which features a look into one professional's journey, where it began, what influenced its course, and where it's going today.
More Signal. Less Noise.
Get real-time security intelligence at no cost.
We recently launched Recorded Future Express — a free browser extension for security teams. Use Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now.
Dark Basin's reverse advocacy. Honda hacked? Criminal cooperation (and competition). A contraband menu from the dark web.
Announcements
Announcing Career Notes, a new podcast from the CyberWire.
Summary
The University of Toronto's Citizen Lab this morning released a report on a hacker-for-hire operation, "Dark Basin," which targeted "advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries." Dark Basin is said to have been especially interested in US not-for-profits, notably climate change and net neutrality advocates. Citizen Lab says Dark Basin is run by Delhi-based IT and cybersecurity firm BellTroX. The New York Times says US Federal prosecutors are investigating.
Production at Honda plants in Europe, North America, and Japan has been affected by what the company calls a computer "disruption," NBC News and others report. The company is remaining relatively tight-lipped, but BleepingComputer says outside observers think they see signs that the incident was a ransomware attack with a variant of Snake (Ekans).
Here's the latest in a series of fitful attempts at cooperation among criminals, as described this morning by researchers at Digital Shadows. It's a DDoS protection tool, “EndGame” (no connection to the similarly named security company acquired last October by Elastic NV). Denial-of-service attacks have long been a drag on criminal operations, whether these are mounted by underworld competitors or law enforcement agencies. EndGame is a product of collaboration among players in the criminal souks Dread, White House Market, Big Blue Market, and Empire Market. Despite the ransomware cartelization BleepingComputer observes, Trend Micro reports that the underworld remains a low-trust community.
If you're buying commodity cyber contraband à la carte, Privacy Affairs has compiled a representative menu from the dark web.
Notes.
Today's issue includes events affecting Australia, Canada, China, Estonia, the European Union, Germany, Greece, Israel, Russia, Turkey, the United Kingdom, and the United States.
Trivia Tuesday
This week's question: which early superhero movie depicted the hacking technique called “salami slicing,” where the hacker sliced off pieces of every penny transferred in a banking transaction, and what famous comedian played the hacker? Send your answers to trivia@thecyberwire.com for chances to win stickers and other swell CyberWire stuff.
And last week's trivia question, in case you missed it, was, "What two Matthew Broderick movies presented the exact same social engineering hack to change his character’s grades?" The answer, of course, is WarGames (1983) and Ferris Bueller's Day Off (1986).
Simple, secure identity and access management for your business.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
On the Podcast
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin offers some clarification on Twitter’s rights in flagging or removing the U.S. President’s tweets Our guest is Jeremy Oddo from The Third Floor, discussing cybersecurity in Hollywood during COVID-19.
Recorded Future's Threat Intelligence podcast, produced in partnership with the CyberWire, is also up. In this week's episode, "Broadening Your View With Security Intelligence," Alex Noga, solutions engineering manager at Recorded Future, shares his insights on enhancing organizations’ ability to make the most of the information they’re gathering by adopting security intelligence. He explains how this approach helps analysts connect the dots and empowers them to focus on the signals that matter — all while blocking out the noise.
Sponsored Events
Cyber Security Summit Virtual Power Hours - Get the Facts June 9 & June 11 (Online, Jun 9 - 11, 2020) Senior Level Executives are invited to the Cyber Summit Virtual Power Hours. Learn from Industry Experts from The FBI, DHS, U.S. Secret Service & more as they discuss the latest security challenges & develop cyber security battle plans in today’s unprecedented times. Free to Attend with Registration Code: CyberWire20 at CyberSummitUSA.com
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Toronto’s Citizen Lab uncovers massive hackers-for-hire organization ‘Dark Basin’ that has targeted hundreds of institutions on six continents (Financial Post) The hackers were ‘brazen, they seem to think they are untouchable’
Dark Basin: Uncovering a Massive Hack-For-Hire Operation (The Citizen Lab) Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.
Obscure Indian cyber firm spied on politicians, investors worldwide (NBC News) Although they receive a fraction of the attention devoted to state-sponsored groups or headline-grabbing heists, “cyber mercenary” services are widely used.
Environmentalists Targeted Exxon Mobil. Then Hackers Targeted Them. (New York Times) Federal prosecutors in Manhattan are investigating a global hacker-for-hire operation that sent phishing emails to environmental groups, journalists and others.
Behind China’s Twitter Campaign, a Murky Supporting Chorus (New YorkTimes) Swarms of accounts are amplifying Beijing’s brash new messaging as the country tries to shape the global narrative about the coronavirus and much else.
Nefilim Hackers Publish Oil Firm Data Online and Continue Campaign (Computer Business Review) A cyber criminal group known for its Nefilim (Netfilim) ransomware is continuing to target energy companies. Nefilim Hackers Publish Oil Firm data.
Greek hackers continue revenge attack by accessing sensitive Turkish data (Greek City Times) Turkish hackers initiated a “cyberwar” with Greece, and it is likely they are regretting it now, as Greek hackers have completely compromised the security of important Turkish government websites and recovered personal data.
Honda could be victim of ransomware cyber attack (The Telegraph) Japanese car giant confirms IT issue but evidence indicates cyber criminals have targeted the company
Honda puts some manufacturing on hold over computer 'disruption' (NBC News) Some cybersecurity researchers believe the company was at least targeted by cybercriminals after they found evidence Monday of customized ransomware.
Japanese car giant Honda probes suspected cyber attack (Sky News) The Japanese carmaker is investigating a suspected cyber attack in Europe and Japan, Sky News understands.
Honda investigates possible ransomware attack, networks impacted (BleepingComputer) Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.
Computer network ‘disruption’ forces Honda to cancel some production (CyberScoop) A “disruption” to Honda’s computer network forced the company to cancel some production operations on Monday, according to a company spokesperson.
Reports: Honda operations disrupted after suspected cyber attack (Dayton Business Journal) Automotive manufacturer Honda is experiencing a company-wide network outage that is suspected to have been caused by a ransomware attack, according to international media reports.
Possible malware attack grinds production to a halt at Honda plants in Alliston (Simcoe) Company spokesperson won't confirm reports of cyber attack, says IT department still assessing situation.
Maze Ransomware adds Ragnar Locker to its extortion cartel (BleepingComputer) A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.
New DDoS protection tool advertised on the dark web (Digital Shadows) This blog examines a newly launched DDoS protection filter mechanism dubbed EndGame advertised last week on the dark web community forum Dread, which required a combined effort from many parts of the dark web to create a solution for an ongoing problem that has been slowly killing off the cybercriminal scene one platform at a time.
Law Enforcement Is Starting to Make Criminals Doubt the Dark Web (Cointelegraph) Trend Micro reveals dwindling confidence among darknet users in marketplaces due to security concerns
Shifts in Underground Markets: Past, Present, and Future (Trend Micro) This research paper presents a wide-ranging view of dark web marketplaces and underground cybercriminal forums.
Double-crossing ransomware decryptor scrambles your files again! (Naked Security) Just when you thought a bad thing could get no worse…
CallStranger vulnerability lets attacks bypass security systems and scan LANs (ZDNet) The CallStranger vulnerability can also be used to launch major DDoS attacks.
Singapore’s Contact Tracing Wearable Causes Privacy Backlash (Threatpost) Thousands have signed a petition that underscores data privacy issues with Singapore's newly announced contact-tracing wearable, in development.
Google's indexing of WhatsApp numbers raises privacy concerns (BleepingComputer) Google is indexing the phone numbers used on WhatsApp, and a researcher is concerned that it could cause privacy issues or be used for malicious purposes.
Cyber incidents at NASA surged by 366% (Atlas VPN) According to data extracted and analyzed by Atlas VPN, cyber incidents at NASA increased by 366% in 2019. Being one of the nation’s most important federal agencies, this is an alarming finding.
Poorly-secured AWS buckets used to launch Magecart attacks (ComputerWeekly) Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data.
Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets (The Hacker News) Magecart Hackers Used Misconfigured Amazon S3 Buckets to Steal Payment Card Data From Emergency Service-related Websites.
KingMiner botnet brute-forces MSSQL databases to install cryptocurrency miner (ZDNet) The KingMiner gang is brute-forcing the "sa" user, the highest-privileged account on a MSSQL database.
Malicious Android apps deactivated fraud code to bypass Google's security scans (ZDNet) Trick didn't work. Google banned them anyway.
Exploits Target Patched Server Message Block (ISSSource) Publicly available and functional proof-of-concept (PoC) code that exploits a vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol CVE-2020-0796 in unpatched systems, according to a report with CISA.
CISA Warns that Windows SMB 3 Exploit Code Now Published (Redmondmag) Functional proof-of-concept code for a Server Message Block 3.1.1 vulnerability in newer Windows systems has been published, the U.S. Cybersecurity and Infrastructure Security Agency warned on Friday.
Online Voting System Used in Florida and Elsewhere Has Severe Security Flaws, Researchers Find (One Zero) Significant problems with Democracy Live’s OmniBallot internet voting program could result in doctored ballots as voters gear up for election season in the era of Covid-19
Minuscule number of potentially fraudulent ballots in states with universal mail voting undercuts Trump claims about election risks (Washington Post) A Washington Post analysis found that state officials identified just 372 possible cases of fraud out of about 14.6 million votes in five elections in which ballots were all cast by mail.
Elexon files posted online following May’s ransomware attack (Current) Documents obtained during a cyberattack on Elexon last month have reportedly been leaked on the dark web.
Vulnerability Summary for the Week of June 1, 2020 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
Dark Web Price Index 2020. Check all 2020 Dark Web Prices (Privacy Affairs) To see just how prevalent items of personal data are being listed on the dark web, and at what price, we sent our researchers on a data-gathering mission.
U.P. Cebu confirms data breach on its Student Evaluation on Teaching system (Rappler) The names and passwords to access a site used to let students rate the performance of their lecturers and professors are made public in the breach
South Africa's Life Healthcare hit by cyber attack (1450 99.7 WHTC) (Reuters) - South Africa's Life Healthcare said on Tuesday its southern African operation was hit by a cyber attack affecting its admissions systems, business processing systems and email servers, but is yet to determine the extent to which data has been compromised.
The hospital operator said its patient care was not impacted and an investigati...
Security Patches, Mitigations, and Software Updates
Get the Windows 10 June Patch Tuesday updates today (Windows Report) Microsoft will soon release the 6th round of major updates of 2020 called the Patch Tuesday Updates, and these also include improvements to Windows 10 2004.
Microsoft Patch Tuesday is nigh: Pause updates now. (Computerworld) Take a minute right now and make sure you have Windows Update paused. Every month we see problems with patches -- some rare and innocuous, others toxic to a specific subset of Windows users. Step out of the line of fire. It’s easy.
High-severity bugs patched in Chrome, Firefox browsers (SC Magazine) Google has introduced multiple security fixes for the desktop edition of its Chrome browser and Mozilla has also done the same for Firefox and Firefox Extended Support Release.
Cyber Trends
Ransomware attacks spike by 140%, 57% of organizations agree to pay (Atlas VPN) Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 months.
Continuous Intelligence Moves from Hype to Reality in the C-Suite According to New Report from Sumo Logic (Sumo Logic) Independent Survey Shows 88% of C-level Executives Believe their Company will Benefit from Continuous Intelligence, with 76% Planning to Employ it within the Next Year to Help Drive Speed and Agility
We're seeing more cyber attacks this year 'than ever before,' CrowdStrike CEO says (Yahoo) CrowdStrike CEO George Kurtz joins Yahoo Finance’s Zack Guzman to discuss the biggest risks and security threats Americans are facing as many continue to work from home amid the coronavirus.
European Organisations Have False Sense of (cyber) Security, Despite Over Half Suffering a Breach (BusinessWire) New insights from the 2020 Thales Data Threat Report – European Edition reveal that European organisations have a false sense of security when it come
Marketplace
E3/Sentinel's fifth acquisition to pave way for rebrand (Washington Technology) E3/Sentinel's fifth acquisition in the less than two years since E3 and Sentinel merged paves the way for a rebranding.
Rackspace changes name in preparation for public markets (San Antonio Business Journal) Rackspace is now Rackspace Technology, the company announced Monday morning.
A Guide To Digital Risk Protection For Security Teams (Momentum Cyber) We are pleased to provide you with Momentum’s Cybersecurity Snapshot for April 2020. Strategic activity in April included 43 transactions completed totaling $1.5B in deal value across M&A (14 transactions, $557M) and Financing (29 transactions, $922M).
Israel's NSO showcases drone tech, pushes to counter rights abuse allegations (Reuters) Israel's NSO Group showcased a new anti-drone defence on Monday, giving the public a rare look at its technology as it seeks to counter allegations that another of its products has aided privacy breaches and political surveillance.
IBM will no longer offer, develop, or research facial recognition technology (The Verge) IBM is also advocating for police reform.
Panacea Infosec to hike headcount by 40-45 per cent; sees rising demand for cybersecurity, audits (The Economic Times) At present, Panacea offers its services in verticals of cybersecurity consulting, auditing and compliance areas like certification and assessment services, CERT-In security auditing services, threat and vulnerability management, advisory services, managed security services, training and products.
Demand for Cybersecurity Operations Fueling Arctic Wolf’s Growth (BusinessWire) Arctic Wolf®, the leader in security operations, today announced that its fourth fiscal quarter of FY2020, ended April 30, set a record for most reven
Products, Services, and Solutions
HelpSystems Expands Native Virus Protection Software to Include LinuxONE and IBM Z (GlobeNewswire) HelpSystems announced today that its native virus protection software Powertech Antivirus has expanded to include coverage for IBM LinuxONE and Linux on IBM Z.
HelpSystems Expands Native Virus Protection Software to Include LinuxONE and IBM Z (GlobeNewswire) HelpSystems announced today that its native virus protection software Powertech Antivirus has expanded to include coverage for IBM LinuxONE and Linux on IBM Z.
Huawei and Trustonic App Protection Partnership Grows with Huawei P40 Series Launch (Trustonic) Trustonic platform can now be used by developers to secure apps with both multiple hardware-backed TEEs and advanced software protection to enable the next generation of secure mobile user experiences.
Kaspersky launches free online talks to spread cybersecurity knowledge (BetaNews) Kaspersky has announced that it's launching a series of online talks, created to present knowledge and the latest cybersecurity findings, freely accessible to anyone with an internet connection.
BeyondTrust secures Mac and Windows endpoints with SaaS offering (TahawulTech.com) BeyondTrust has announced that its BeyondTrust Privilege Management for Windows and Mac solution is now available as SaaS (software-as-a-service).
Data61's seL4 security enforcement now available to the RISC-V ecosystem (ZDNet) CSIRO has announced the completion of the proof of implementation correctness of the open-source seL4 microkernel for the RISC-V ISA.
Thycotic Offers Free Digital Toolkit to Help Secure Remote Worker Access (PR Newswire) Thycotic, provider of Privileged Access Management (PAM) solutions for more than 10,000 organizations worldwide, including 25 of the Fortune...
Cryptographic Solutions Delivering Cloud, IoT, Blockchain and Digital Payment Security (nCipher Security) nCipher Security empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.
Proofpoint Launches New Enterprise Archiving Innovations Across eDiscovery and Compliance Supervision (Proofpoint) Advancements reduce enterprise compliance risks while streamlining regulatory audits and investigations for cost effectiveness
Centrify Debuts Reliance Partner Program for Identity-Centric Privileged Access Management (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today unveiled the Centrify Reliance Partner Program to empower the Centrify channel ecosystem to quickly and easily meet the demand for Identity-Centric PAM.
Aon’s partnership with GK8 provides insurable digital-asset storage tech (Hedgeweek) The product provided by GK8, a high-security custody solution for safeguarding and managing digital assets, is now insurable via Aon UK Ltd utilising insurance provided by a panel of insurers led by Arch Underwriting at Lloyd’s Syndicate 2012, which is part of the Lloyd’s insurance market.
Securden Unveils Enhancements to its Remote Access Solution with Turnkey Provisions Eliminating VPN Hassles (PR Newswire) Securden, Inc., a leading provider of Privileged Access Governance solutions today announced that it has implemented significant enhancements...
Osmio Tackles Deep Fake Videos & Fake News (PR Newswire) Videos, images, and news stories can now be digitally signed by their creator, letting anyone know exactly what individual is responsible for...
Unisys Announces Support for Cyber4Healthcare a Global Cybersecurity Initiative in Healthcare with the CyberPeace Institute (Unisys) Unisys Corporation (NYSE: UIS) today announced its support of the CyberPeace Institute’s Cyber4Healthcare initiative, a program designed to offer free cybersecurity services to healthcare providers fighting the COVID-19 pandemic. This follows a public call last month asking governments around the globe to join forces with the private sector and academia to ensure that medical facilities are protected from cyber threats.
Looking at Big Threats Using Code Similarity – part 1 (Secure List) Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team,
Futurex and Venafi Partner to Expand Machine Identity Protection (PR Newswire) Futurex, a leading provider of hardened enterprise-class data security solutions, and Venafi, the leading provider of machine identity...
Technologies, Techniques, and Standards
The eight reasons building a contact-tracing app is so difficult (The Telegraph) From convincing people to download the technology to Bluetooth issues, we take a look at why the NHSX app is delayed
UK Provides Software Co Access To Personal Data (PYMNTS) United Kingdom officials gave a California software company access to the personal data of millions of British residents to answer questions around COVID-19.
Bishop Fox, Illumio Share Microsegmentation Research Findings (Dark Reading) Project finds a 300% increase in attacker difficulty with even simple microsegmentation.
Mitigating Kubernetes Vulnerabilities with the Least Privilege Principle | Tufin (Tufin) A few days ago, the Kubernetes community announced a new vulnerability: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements This is a normal event with any software package. Vulnerabilities are found, fixed and announced, but not necessarily in this order.
Deconstructing the Adversary Exploit Process (Recorded Future) In this report, Recorded Future's Insikt Group examines current attacker methodologies to reveal how exploitation testing may play out in the wild.
Design and Innovation
How to improve cybersecurity for artificial intelligence (Brookings) Key defenses against cyberattacks.
Twitter to launch a revamped verification system with publicly documented guidelines (TechCrunch) Twitter is developing a new in-app system for requesting verification, according to a recent finding from reverse engineer Jane Manchun Wong, which Twitter has since confirmed. The discovery involves an added “Request Verification” option that appears in a redesigned account settings sc…
Facebook to Review Content Policies Related to Civil Unrest, Violence (Wall Street Journal) Facebook CEO Mark Zuckerberg said that the company will review existing policies on how it handles content related to civil unrest or violence, as the company faces criticism over its decision to not moderate or take down certain posts.
NYU study: Facebook’s content moderation efforts are ‘grossly inadequate’ (VentureBeat) In a scathing indictment of Facebook's content moderation practices, a new study says outsourcing is a key reason the company's efforts are failing.
Research and Development
DARPA Seeks to Embed Security Into Chip Designs (EE Times Asia) As semiconductors become the choke point in global tech wars, the U.S. looks to advance security to the IC design stage...
Academia
Peng Liu, co-authors earn Test-of-Time Award (Penn State University) A paper co-authored by Peng Liu, Raymond G. Tronzo, MD Professor of Cybersecurity in the College of Information Sciences and Technology, has been selected as one of the two winners of the prestigious 10-year Test-of-Time Award from the 2020 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) — a top conference in fault tolerance and dependable computing.
Legislation, Policy and Regulation
Analysis | The Cybersecurity 202: Senate panel says U.S. telecoms failed for decades to prevent Chinese spying (Washington Post) Chinese telecoms operated in the United States with minimal oversight.
Investigation finds interagency group lacked authority to oversee Chinese telecom companies (Federal News Network) A Senate subcommittee completed a year-long investigation into federal oversight of three Chinese telecommunications companies.
Huawei on the defensive as threat of UK 5G exclusion hovers (Engineering & Technology) As the UK government considers making a U-turn on its decision to permit Huawei a limited role as a supplier for the country’s 5G infrastructure, the Shenzhen-based telecommunications giant is launching a full-throttle media campaign to bolster its reputation.
KrattAI: Estonia's National Artificial Intelligence Strategy (Interesting Engineering) KrattAI will let people in Estonia use public information services by voice-based interaction with AI-based virtual assistants.
Canadians' Security and Privacy Must Be Protected in The Race To Trace (PR Newswire) Canadians seem ready to embrace digital contact tracing to help contain COVID-19 through an anonymous mobile app, with a majority prepared to make the...
Israeli security head calls for halt in virus phone tracking (AP NEWS) The head of Israel's Shin Bet security service reportedly said Monday that he opposes the continued use of his agency's phone-snooping technology to track coronavirus...
Government publishes artificial intelligence procurement guidance (ComputerWeekly) A document has been published outlining the challenges for public sector buyers as well as best practices.
Can the UK government’s efforts solve the cyber skills gap? (ComputerWeekly) There has been an active effort by the UK government to tackle the lack of skills in the cyber security space – but is it enough?
California Attorney General Submits Final CCPA Regulations for Review (Cooley) On June 1, the California Attorney General submitted its final proposed regulations implementing the CCPA to the California Office of Administrative Law (OAL) for its review and approval. The final…
Germany Govt Bans official Whatsapp use oped (CIOReview) Germany Govt Bans official Whatsapp use oped By Adam A. Such II, President and COO, Communication Security Group Inc. - Officials say no, nein and not for official use to WhatsApp
Litigation, Investigation, and Enforcement
House Intelligence Committee chairman wants to know whether Pentagon spy agency provided information on protesters (Washington Post) Rep. Adam B. Schiff (D-Calif.) is seeking assurance that no intelligence agency resources were used to track demonstrators.
Agencies Spending Millions on 'Crossbow' Spy Tech, an Upgraded Stingray (Vice) Motherboard found various military and federal law enforcement agencies have bought the Crossbow, which appears to target phones on 4G.
Most Bitcoin Trading Faked by Unregulated Exchanges, Study Finds (Wall Street Journal) Nearly 95% of all reported trading in bitcoin is artificially created by unregulated exchanges, a new study concludes, raising fresh doubts about the nascent market following a steep decline in prices over the past year.
UK Supreme Court To Hear Google Data Privacy Case (Law360) The Supreme Court has agreed to weigh in on whether a collective lawsuit brought against Google for allegedly tracking the personal data of 4 million iPhone users should be allowed to proceed through the U.K.'s courts.
Macy's To Pay Up To $192K To End Data Breach Suit (Law360) Macy's Inc. will pay up to $192,500 to settle claims that its "cavalier" approach to data security opened the door for hackers to access online customer accounts over a three-month span in 2018, according to terms approved by an Alabama federal court.
Amazon sues former AWS marketing VP Brian Hall after he takes Google Cloud job (GeekWire) A lawsuit filed by Amazon against Brian Hall, former Amazon Web Services vice president of product marketing, alleges that his new role at Google Cloud violates the terms of his non-compete agreement…
Industry Events
newly Noted Events
Texas Cyber June’gle Virtual Summit (Online, Jun 27 - 28, 2020) The Texas Cyber June’gle Virtual Summit is June 27th and June 28th, it runs approximately 30 hours straight, Multiple time zones, speakers and trainers from all over the world. The #TexasCyber Summit and the #RedTeam Village are hosting a two day, 30 hr - non-stop training and briefing virtual conference - Free to attend - Blue Team Defender, Defense, Forensics, RE and More, as well as Red Team TTP, Exploit development, and more.
upcoming Events
FutureCon Virtual Western Conference (Online, Jun 16, 2020) This virtual event features thought-provoking presentations by Industry Security Leaders, esteemed Keynote Speakers, and a Panel Session discussion with experienced professionals and a talented team who are at the forefront of cutting edge strategies for Cybersecurity defense. 100% off promo code: CYBERWIRE https://futureconevents.com/events/
Hardware Hacking Virtual Conference (Online, Jun 24, 2020) Join the ioXt Alliance and register now for our upcoming Summer Virtual Conference. You’ll hear the latest on IoT security challenges and learn the most effective ways to secure your device against hardware hackers, script kids and botnet infections. The Conference will feature keynote Bruce Schneier. Bruce is an internationally-renowned security technologist, philanthropist and author who gets the call when people want to hear straight talk on how security really works.
Texas Cyber June’gle Virtual Summit (Online, Jun 27 - 28, 2020) The Texas Cyber June’gle Virtual Summit is June 27th and June 28th, it runs approximately 30 hours straight, Multiple time zones, speakers and trainers from all over the world. The #TexasCyber Summit and the #RedTeam Village are hosting a two day, 30 hr - non-stop training and briefing virtual conference - Free to attend - Blue Team Defender, Defense, Forensics, RE and More, as well as Red Team TTP, Exploit development, and more.
FutureCon Virtual Eastern Conference (Online, Jun 30, 2020) This virtual event features thought-provoking presentations by Industry Security Leaders, esteemed Keynote Speakers, and a Panel Session discussion with experienced professionals and a talented team who are at the forefront of cutting edge strategies for Cybersecurity defense. 100% off promo code: CYBERWIRE
CS4CA World: Global Cyber Security Event (Online, Jun 30, 2020) CS4CA World will take place virtually as a unique large-scale event to keep the critical asset community connected across the globe. As a world-wide 24-hour event, it will follow the sun by starting with speakers from the APAC region through to MENA, Europe, LatAm, finishing in North America. This unique format allows sponsors, speakers, and attendees to engage & connect with peers through a wide range of interactive content & networking formats much like a physical event. We are living in unprecedented times where workflows and devices must learn to blend seamlessly together in a digitally transforming world. During this process, cyber security (threats) has emerged as the worst-affected domain, needing careful processes and protocols to protect the world’s critical assets from vulnerabilities.
Sponsor & Support
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.