Join us as we step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. We're pleased to announce Career Notes, each episode of which features a look into one professional's journey, where it began, what influenced its course, and where it's going today.
More Signal. Less Noise.
Get real-time security intelligence at no cost.
We recently launched Recorded Future Express — a free browser extension for security teams. Use Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now.
BellTroX says it just helped some private eyes. Honda's incident investigation continues. SEO for crime. Patch Tuesday notes.
Announcements
Announcing Career Notes, a new podcast from the CyberWire.
Summary
Sumit Gupta, founder of BellTroX, the Indian company Citizen Lab named in its report on hackers-for-hire, told Reuters he did nothing wrong: all BellTroX did was help private investigators access email accounts when BellTroX was given credentials to those accounts.
Honda continues its investigation of the incident it sustained over the weekend. The Japan Times reports that domestic production has resumed, but that as of yesterday the company had advised its employees in Tokyo and some other Japanese offices to avoid using Honda’s internal networks. According to TechCrunch and other outlets, the incident was an attack using the Snake (also called "Ekans") strain of ransomware.
Avast describes a criminal campaign that uses search engine optimization tools to draw victims to malicious sites using promises of prizes (the promises often festooned with images of falling confetti).
Yesterday’s Patch Tuesday was a heavy one. Intel fixed twenty-two bugs, two of which, in its Active Management Technology, are rated critical. BleepingComputer says that Microsoft's patches amounted to the largest set ever: a total of one-hundred-twenty-nine fixes. KrebsOnSecurity assesses three issues with Microsoft Server Message Block as among the most troubling. Sophos points out that a majority of the issues Microsoft addressed (a "whopping sixty-nine") involved the risk of escalation of privilege exploitation. Adobe patched problems with Framemaker, Experience Manager, and Flash Player.
The Wall Street Journal reports that the latest settlement in Equifax's 2017 breach, $30.5 million, will mostly go toward a requirement that Equifax invest $25 million in upgrading its own security.
Notes.
Today's issue includes events affecting Canada, China, India, Iran, Israel, NATO/OTAN, the United Kingdom, and the United States.
Word Notes Wednesday: "Probability"
Probability (noun). 1. Statistics: The relative possibility that an event will occur, as expressed by the ratio of the number of actual occurrences to the total number of possible occurrences. 2. Risk: A person’s knowledge (or ignorance) about some uncertain distinction; a very detailed description of exactly what you know.
Simple, secure identity and access management for your business.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
On the Podcast
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses free online courseware aimed at Community College students. Our guest is Dennis Toomey from BAE, who describes how financial institutions need to enact stronger cyber protocols as employees migrate to working from home.
And Caveat is up. In this week's episode, "Cybersecurity at the global, national, and state levels," Dave's got the story of a class action privacy suit targeting Google, Ben takes a look at surveillance in a time of protests and unrest, and later in the show we speak with Maryland State Senator Katie Fry Hester, who talks about state-level cybersecurity policy and legislation.
Sponsored Events
Cyber Security Summit Virtual Power Hours - Get the Facts June 9 & June 11 (Online, June 9 - 11, 2020) Senior Level Executives are invited to the Cyber Summit Virtual Power Hours. Learn from Industry Experts from The FBI, DHS, U.S. Secret Service & more as they discuss the latest security challenges & develop cyber security battle plans in today’s unprecedented times. Free to Attend with Registration Code: CyberWire20 at CyberSummitUSA.com
Cyber Security Summit Virtual Power Hours - Get the Facts June 16 & June 18 (Online, June 16 - 18, 2020) Senior Level Executives are invited to the Cyber Summit Virtual Power Hours. Learn from Industry Experts from The FBI, DHS & leading cyber solution providers as they discuss the latest security challenges & develop cyber security battle plans in today’s unprecedented times. You will receive 1 CPE / CEU credit by attending. Free to register with code: CyberWire20 at CyberSummitUSA.com.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Exclusive: Obscure Indian cyber firm spied on politicians, investors worldwide (Reuters) A little-known Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years.
Arm CPUs impacted by rare side-channel attack (ZDNet) Arm issues guidance to developers to mitigate new "straight-line speculation" attack.
Nasty surprises lurking in furloughed employees’ inboxes (ComputerWeekly.com) Research conducted by KnowBe4 points to a looming email security problem as furloughed employees head back to work.
Honda probes suspected cyberattack after factories hit by network glitch (The Japan Times) Honda Motor Co. on Tuesday continued to restrict its employees from using work computers following an internal network issue that could be due to a cyberat
Honda’s global operations halted by ransomware attack (TechCrunch) The Snake ransomware is believed to be the cause.
Honda hit by cyber attack, some production disrupted (Reuters) Honda Motor Co <7267.T> suspended some of its auto and motorcycle production globally as the Japanese car giant grappled with a suspected cyber attack, a spokesman said on Tuesday.
Honda Halts Output at Some Plants After Cyber Attack (Assembly) Honda Motor Co. said a cyberattack has disrupted its internal network and brought some of its assembly plants around the world to a standstill.
Honda Cyber-Attack Halts Plants in India and Brazil (NDTV Gadgets 360) The cyber-attack at the beginning of the week targeted Honda's internal servers and spread a virus through the company's systems
Thanos Ransomware First to Weaponize RIPlace Tactic (Threatpost) Researchers say the new Thanos ransomware-as-a-service is the first ransomware family to feature the weaponized RIPlace tactic.
Cyber Criminals Unleash A Phony Recovery Tool On Ransomware Victims (Forbes) Unsuspecting victims wind up with folders full of unusable files, encrypted with Stop DJVU and held for ransoms of nearly $1,000.
Honda disrupted by cyberattack; Maze & Ragnar Locker groups team up (SC Media) Automobile manufacturer Honda has reportedly suffered an apparent ransomware attack that has disrupted its global operations.
Windows Group Policy flaw lets attackers gain admin privileges (BleepingComputer) Microsoft has fixed a vulnerability in all current Windows versions that allow an attacker to exploit the Windows Group Policy feature to take full control over a computer. This vulnerability affects all Windows versions since Windows Server 2008.
Scammers using SEO to lure victims (Avast) Don’t be duped by top ranked search results that seem to be too good to be true
The New Kid On The Cyber Block Data Manipulation (BW CIOWORLD) Security-Data is the most valuable resource today driving our economies, making it a prime target for hackers with ill intent to manipulate for their personal gain.
APT29 Emulation ATT&CK Evaluations 2019 (MITRE ATT&CK® EVALUATIONS) APT29 is a threat group that has been attributed to the Russian government and has operated since at least 2008.
We setup a honeypot to see how long for hackers find unsecured database (Comparitech) If you think leaving user data exposed online for "just a day" is no big deal, think again. We setup a honeypot to see just how quickly hackers find unsecured data.
Advantech WebAccess Node (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Advantech
Equipment: WebAccess Node
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could crash the application being accessed; a buffer overflow condition may allow remote code execution.
Mitsubishi Electric MELSEC iQ-R series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R series
Vulnerability: Resource Exhaustion
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause the Ethernet port to enter a denial-of-service condition.
Siemens LOGO! (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.4
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: LOGO!
Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to read and modify device configurations and obtain project files from affected devices.
Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK
Vulnerability: Unquoted Search Path or Element
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.
Siemens SIMATIC, SINAMICS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SINAMICS
Vulnerabilities: Uncontrolled Search Path Element, Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to affect the availability of the devices under certain conditions.
Siemens SINUMERIK (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SINUMERIK
Vulnerabilities: Buffer Underflow, Heap-based Buffer Overflow, Improper Initialization, Out-of-bounds Read, Stack-based Buffer Overflow, Access of Memory Location After End of Buffer, Off-by-one Error, Improper Null Termination, Improper Initialization
2.
OSIsoft PI System (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: OSIsoft
Equipment: PI System
Vulnerabilities: Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, Insertion of Sensitive Information into Log File
2.
Siemens Industrial Products (Update G) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Products
--------- Begin Update G Part 1 of 4 ---------
Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update H) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM
Vulnerability: Out-of-bounds Read
2.
Philips PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.1
ATTENTION: Low skill level to exploit
Vendor: Philips
Equipment: PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs
Vulnerabilities: Improper Input Validation, Use of Hard Coded Credentials
2.
Nintendo reveals that an additional 140,000 accounts were hacked (CNET) On top of the 160,000 it acknowledged back in April, that brings the total to 300,000.
Babylon Health data breach: GP app users able to see other people's consultations (the Guardian) User alerted company after finding about 50 recordings of appointments that did not apply to him
Natura’s Avon suffers ‘cyber incident’ weeks after major data breach (Cosmetics Business) The Brazilian cosmetics owner said it is working ‘diligently’ to mitigate the effects of the latest incident
IBM Cloud suffers prolonged outage (TechCrunch) The IBM Cloud is currently suffering a major outage, and with that, multiple services that are hosted on the platform are also down, including everybody’s favorite tech news aggregator, Techmeme. It looks like the problems started around 2:30pm PT and spread from there. Best we can tell, this…
IBM Cloud suffers global outage, bringing down customer websites (Computing) The issue has been resolved now, according to IBM
The Google Outage Highlights the Perils of a Centralized Internet (Vice) Google so far has no answers as to why its massive cloud outage downed everything from Snapchat to 'Rocket League' servers.
Security Patches, Mitigations, and Software Updates
Microsoft June 2020 Patch Tuesday: largest ever with 129 fixes (BleepingComputer) Today is Microsoft's June 2020 Patch Tuesday, and as many Windows administrators will be routinely screaming at computers, please be nice to them!
Microsoft Patch Tuesday, June 2020 Edition (KrebsOnSecurity) Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. None of the bugs addressed this month are known to have been exploited or detailed prior to today, but there…
Microsoft pushes fixes for 128 security bugs in June, 2020 Patch Tuesday (Sophos News) In this month’s Patch Tuesday, a total of 128 security vulnerabilities have been patched in Microsoft products, a slight increase compared to the last few months. Only twelve of the vulnerabi…
Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs (TrendLabs Security Intelligence Blog) This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.
Intel patched 22 vulnerabilities in the June 2020 Platform Update (BleepingComputer) Intel addressed 25 vulnerabilities today as part of its June 2020 Patch Tuesday, with two of them being rated as critical security flaws after receiving CVSS scores of 9.8.
Cyber Trends
Restrictive Privileged Access Management Can Lead to Risky User Behaviors, According to SSH.COM (BusinessWire) New Research from SSH.COM Reveals that Restrictive IT Access Emboldens Employees to Seek Workarounds that Threaten Corporate Data
Netwrix reveals five cyber security trends to watch in 2020 and beyond (Netwrix) The rapid transition to remote office has shifted focus away from cybersecurity, enabling threat actors to take advantage of loosened security policies.
Email is biggest security risk, old devices aren't getting patched, and local cyber 'incidents' (ZDNet) 51% of organisations surveyed by Mimecast have suffered a ransomware attack, meanwhile NTT says ageing devices are causing network vulnerabilities, and two local companies have been struck by 'cyber incidents'.
Ransomware Hits Soar With No Relief In Sight, Insurer Says (Law360) Ransomware attacks continued to climb during the first quarter of 2020, specialty insurer Beazley Group reported Tuesday, and companies shouldn't expect any reprieve in the coming months as attackers keep seizing on the security holes and economic fears that the COVID-19 pandemic has created.
Identity Theft and Credit Card Monitoring Consumer Shopping Study: 2020 (Security.org) Last Updated: June 9th, 2020 By Gabe Turner and the Security.org Research Team Billions of private records are breached every year, from email addresses to names and phone numbers to sensitive banking information. In fact, during just the first half of last year, more than 4.1 billion records were exposed in hacks and other cyberattacks, … Continued
2020 Global Network Insights Report (NTT) The pace of change in business and the market is ever-increasing. To accommodate this, organizations’ infrastructure is also under pressure to change.
No Excuses: Why Brands Must Manage PII Better (Akamai) Consumer retail is a major economic driver around the world. Global retail revenue was estimated at $24 trillion in 2018, split between $21.2 trillion of in-store spend and $2.8 trillion online....
Report: Average data breach costs public companies $116M (Compliance Week) An Audit Analytics report on cyber-security breaches at public companies found the sensitivity of customer information stolen-along with length of time it took companies to report breaches-greatly affected the financial damage the breaches caused.
Why remote workers across APAC say they're vulnerable to cyber threats (Tech Wire Asia) Senior staff in surveyed nations believe devices used while working from home could be better secured against advanced cyber threats.
Military members are disproportionately affected by cybercrime: Here’s why and how to avoid it (Military Times) Cybercriminals are targeting America's military personnel and families, but steps can be made to avoid becoming a victim.
Marketplace
NS8 Raises $123 Million Series A, Now Among Fastest Growing Fraud Prevention Platforms in the World (Yahoo) NS8, an online fraud prevention company, announced the company has successfully closed $123 million in venture funding led by Lightspeed Venture Partners and AXA Venture Partners (AVP).
Concourse Labs Raises $15.2 Million in Series A Funding led by ForgePoint Capital to Accelerate Enterprise Digital Transformation by Automating Cloud Governance. (Concourse) Concourse Labs, a company that accelerates enterprise digital transformation through automated cloud governance today emerged from stealth mode announcing $15.2 million in Series A funding. The round was led by ForgePoint Capital, with existing investors 83North and Capri Ventures participating.
Sophos undertakes company restructuring, staff cuts due to COVID-19: reports (CRN Australia) Three months after being acquired by private equity firm Thoma Bravo.
Council Post: Cybersecurity In The M&A Process: A CISO's Strategy (Forbes) If approached with vigilance, the M&A process should not cause increased cyber risks but should lessen the threat landscape and strengthen the new organization on many fronts.
British start-ups in turmoil with two-fifths in need of urgent cash (The Telegraph) Two-fifths of the businesses believe they had less than 12 months of funds
Wing Venture Capital Raises $450 Million Third Fund (Monterey County Weekly) Wing Venture Capital announced today that it has raised Wing Three, a $450 million pool of capital dedicated to early stage investing
How One CEO Is Maximizing Cybersecurity With Network Metadata (Forbes) It has never been more apparent that current cybersecurity testing practices are not enough.
Canalys: Seven vendors crowned “Champion” in 2020 Cybersecurity Leadership Matrix (Canalys) Seven cybersecurity vendors have attained Champion status in the Canalys Cybersecurity Leadership Matrix 2020.
Stage 2 Security Hires Jacob Groth as Chief Technology Officer (CTO) (PR Newswire) A leader in Adversary Simulation, Protection and Prevention services, Stage 2 Security (S2) http://www.stage2sec.com is excited to announce...
Netskope Announces David Fairman as Chief Security Officer for Asia-Pacific Region (PR Newswire) Netskope, the leading security cloud, today announced the appointment of David Fairman to Chief Security Officer (CSO), APAC. With his global...
ColorTokens Boosts ANZ Presence, Appoints Elvis Jusic as Regional Director Sales (PR Newswire) ColorTokens Inc. a leading innovator in cyber security, today announced the appointment of Elvis Jusic to Regional Director of Sales for...
Products, Services, and Solutions
Sixgill and King & Union Join Forces for Next-Gen Threat Intelligence Visualization (PR Newswire) Sixgill, a leading threat intelligence company, has partnered with King & Union to provide users of its Avalon Cyber Analysis Platform with...
One Identity Safeguard for Privileged Passwords 6.6 Now Tames Disperse Use of Personal Passwords for Corporate Accounts (GlobeNewswire) One Identity, a proven leader in identity-centered security, today introduced a new feature within One Identity Safeguard for Privileged Passwords 6.6, which manages and secures the use of corporate personal passwords to access corporate third-party accounts.
A10 Networks Launches Turnkey OEM Application Delivery and Security Solutions (A10 Networks) New Solutions Provide Application Reliability and User Protection with Advanced Load Balancing and SSL Visibility
WatchGuard brings simplified, flexible security to small, home and midsize office environments (Security Info Watch) Upgraded Firebox T Series appliances offer heightened HTTPS throughput, advanced security services, integrated SD-WAN, PoE and more
CYSEC and Build38 partner to facilitate the secure deployment of Mobile App Protection (Cysec Systems) Build38 GmbH, the global provider of Mobile Application Security made in Germany, is partnering with CYSEC SA from Switzerland to offer a fully-integrated solution combining mobile and backend deployments for Enterprise customers.
Z-CERT and EclecticIQ Cooperate to Bring Benefits of CTI to Dutch Healthcare Sector (PR Newswire) EclecticIQ, the global provider of cyber threat intelligence (CTI) technology solutions and the operator of Fusion Center, and Z-CERT, the...
Get the latest news on application protection (PerimeterX) Protect your web apps against account takeover, carding, denial of inventory, scalping, skewed analytics, digital skimming, Magecart, PII harvesting, scraping.
GlobalPlatform’s technical evolution – new initiatives, built on strong foundations (GlobalPlatform) The standard for secure digital services and devices
Vectra integrates threat detection with Microsoft security (BetaNews) Network threat detection and response company Vectra AI is announcing deep product integration with Microsoft Defender Advanced Threat Protection (ATP) and Microsoft Azure Sentinel to allow enterprises to better protect their networks.
Thycotic Offers Free Digital Toolkit to Help Secure Remote Worker Access (PR Newswire) Thycotic, provider of Privileged Access Management (PAM) solutions for more than 10,000 organizations worldwide, including 25 of the Fortune...
ThreatQuotient Granted DoDIN-Level Authority to Operate (ThreatQuotient) ThreatQ is the first threat-centric security operations platform to be approved for a DoD-wide ATO.
IRONSCALES Expands Threat Assessment Capabilities; Launches Email Secu (PRWeb) IRONSCALES, the pioneer of self-learning email security, today announced another industry’s first with Phishing Emulator™.
Instana Achieves Certified SOC 2 Type 2 Compliance for Data Security (Instana) Instana is now SOC2 Type II Compliant certified, showcasing our commitment to security for all our users, customers and partners.
Netsurion Introduces Remote Workforce Security to Provide Portable, Comprehensive Cybersecurity in the WFH Era (GlobeNewswire) Netsurion, a leading managed security services provider, today released Remote Workforce Threat Detection, a new built-in feature of its best-in-class EventTracker SIEM platform that provides portable and comprehensive protection against cybersecurity threats in the emerging Work-From-Home (WFH) era.
Siemplify Unveils Industry’s First Cloud-Native SOAR Platform (Siemplify) Siemplify, the leading independent provider of security orchestration, automation and response (SOAR), today...
Versa Networks Launches Industry's First SASE Solution Delivering Leading Secure SD-WAN Capabilities to Remote and Working from Home Employees (PR Newswire) Versa Networks, the Secure SD-WAN leader, today launched Versa Secure Access, the industry's first solution delivering leading Secure SD-WAN...
Technologies, Techniques, and Standards
Analysis | The Cybersecurity 202: Georgia’s primary debacle should sound alarm bells for November (Washington Post) The state’s primary day snafus were all predictable
Cyber Command creates new malware sharing portal with National Guard (Fifth Domain) The new portal, called Cyber 9-Line, allows states through their National Guard to report malware samples to Cyber Command, which can then turn its vast resources to the problem.
CISA focuses on building agency trust in data as part of upcoming CDM dashboard (Federal News Network) The new dashboard puts a focus on building agency trust in the underlying reporting data behind the dashboard and related algorithms.
“Cyber 9-Line” Improves Cybersecurity and Enables Election Integrity (U.S. Cyber Command) When Dorchester County reported a ransomware attack on a majority of its servers this past January, Maryland turned to a program recently established by U.S. Cyber Command and the National Guard.
Covid-19 data store has transformed NHS resource planning, says official (NS Tech) A data analytics project designed to predict demand on the health service at both a local and national level has had a transformative impact on NHS resource planning during the coronavirus crisis,
Autonomous Cyber is Re-Shaping the Federal Information Security Landscape (MeriTalk) Autonomous cybersecurity is changing the way the government protects and secures its crucial data. By leveraging artificial intelligence and machine learning, agencies can respond to cyber threats in real time and more efficiently than ever. MeriTalk connected with Dr. Matt McFadden, Cyber Director, GDIT to discuss this burgeoning field.
Design and Innovation
Fundamental Changes In Economics Of Security (Semiconductor Engineering) More and higher value data, thinner chips and a shifting customer base are forcing long-overdue changes in semiconductor security.
LGU+ claims to be 'industry-first' to apply quantum-resistant cryptography technology to customer-only network equipment (Aju Business Daily) LGU+, a mobile carrier in South Korea, claimed to be "industry-first" to apply quantum-resistant cryptography technology to customer-only network equipment. The new technology can be applied to next-generation wired and wireless networks as well as various 5G services.
Facebook labels ‘state-controlled’ Russian, Chinese, Iranian media (Naked Security) Facebook users will see notices labeling “state-controlled media”, based on criteria such as funding, editorial independence, ownership structure and more.
Twitter system to identify 5G coronavirus conspiracy tweets goes haywire (The Telegraph) A new system designed to limit coronavirus misinformation has suffered constant errors, drawing scorn and mockery from users
How Facebook Fact-Checking Can Backfire (Intelligencer) The “implied truth effect” means that Facebook’s fact-checking process may be worse than doing nothing.
Debunked child trafficking conspiracy theory trends on Twitter (The Telegraph) The "For you" section of the Twitter app prominently featured the Pizzagate conspiracy theory for some users on Tuesday
Academia
CyberTitan III National Finalists will hear remarks from Defence Minister Harjit Singh Sajjan and cyber security industry experts this June 8-10 (IT Business) The CyberTitan III National Finals are this Monday, June 8 with the Awards Presentation on Wednesday, June 10. For the occasion, the
ISRO Announces Cyberspace Competition for School Students: Here are the Details (Data Quest Indai) ISRO has announced that the organization will hold an online cyberspace competition (ICC 2020) for students from classes 1 to 12
Legislation, Policy and Regulation
A ‘new normal’ in cyberwar should scare us to action (The Japan Times) Israel and Iran appear to be engaged in tit-for-tat cyberattacks on each other’s physical infrastructure. While attacks on information technologies — phish
NATO chief says on Huawei: UK review of 5G security is important (Reuters) The head of the NATO military alliance said on Wednesday that the West could not ignore the rise of China and so it was important that Britain had a review of the role of Huawei in its 5G network to ensure its security.
UK to Launch Huawei Cyber Security Review Amid US Trade Tensions (CPO Magazine) U.K. government is starting cyber security reviews on Huawei amid U.S. trade sanctions to measure its potential for espionage using 5G infrastructure as a backdoor.
Opinion | Huawei and the U.S.-China Tech War (Wall Street Journal) Computer chips are the first battlefield of the great power rivalry.
US telcos asked to rip out Huawei and replace it with a quandary (Light Reading) The FCC has been tasked with ripping Huawei's equipment out of US wireless networks. Now it has to figure out what goes in its place.
Senate report: Chinese telecom firms operated in US without proper oversight for decades (TheHill) Three Chinese telecommunications firms were allowed to operate for roughly 20 years in the U.S.
Republican senators push FCC to act on Trump social media order (Reuters) Four Republican U.S. senators on Tuesday urged the Federal Communications Commission (FCC) to review whether to revise liability protections for internet companies after President Donald Trump urged action.
DHS’s cyber wing pledges to invest more in industrial control systems security (CyberScoop) DHS's cybersecurity division, CISA, unveiled a strategy Tuesday to help protect industrial control systems from being hacked.
Cyber Command is getting a new deputy commander (Fifth Domain) Cyber Command's next deputy commander is a familiar face.
Litigation, Investigation, and Enforcement
Facebook Helped the FBI Hack a Child Predator (Vice) Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls.
Equifax’s Latest Breach Settlement Is Skimpy to Plaintiffs, Critics Say (Wall Street Journal) Most of the money would go to security measures at Equifax, not to community banks and credit unions affected by the breach.
Senior official estimates $30 billion in stimulus funds will be stolen through coronavirus scams (TheHill) A top official with the U.S. Secret Service said Tuesday that coronavirus-related fraud could lead to $30 billion in federal relief funds being stolen by criminals.
FCC Floats $225M Fine Over Spoofed Health Insurance Calls (Law360) The Federal Communications Commission on Tuesday floated its largest to date fine against a robocaller that allegedly copped the caller IDs of the likes of Cigna, Aetna and Blue Cross Blue Shield to sell health plans from lower-profile providers.
SRA to beef up AML monitoring of law firms (Legal Futures) The Solicitors Regulation Authority is to beef up its monitoring of firms’ anti-money laundering efforts and begin a review of continuing competence.
Former Harvard Chemistry Chair Indicted for False Statements About China Funding (Epoch Times) The former chair of Harvard University's chemistry department was indicted on June 9 on charges of making false ...
Facebook Sues Indian Firm for Registering Impostor Domains (CISO MAG) Facebook filed a lawsuit in Virginia against 12 hoax domain names registered by Indian-based proxy service provider Compsys Domain Solutions Private Ltd.
LAPD Got Tech Demos from Israeli Phone Hacking Firm NSO Group (Vice) Emails obtained by Motherboard also reveal new details about previously unreported NSO Group products.
No evidence of unauthorized data transfers by top Chinese drone manufacturer: study (TheHill) Drones manufactured by Da Jiang Innovation that were previously used by the U.S. government have not transferred data to the Chinese company or China’s government, according to a report published Tuesday by consulting firm Booz Allen Hamilton.
Industry Events
upcoming Events
FutureCon Virtual Western Conference (Online, June 16, 2020) This virtual event features thought-provoking presentations by Industry Security Leaders, esteemed Keynote Speakers, and a Panel Session discussion with experienced professionals and a talented team who are at the forefront of cutting edge strategies for Cybersecurity defense. 100% off promo code: CYBERWIRE https://futureconevents.com/events/
Hardware Hacking Virtual Conference (Online, June 24, 2020) Join the ioXt Alliance and register now for our upcoming Summer Virtual Conference. You’ll hear the latest on IoT security challenges and learn the most effective ways to secure your device against hardware hackers, script kids and botnet infections. The Conference will feature keynote Bruce Schneier. Bruce is an internationally-renowned security technologist, philanthropist and author who gets the call when people want to hear straight talk on how security really works.
Texas Cyber June’gle Virtual Summit (Online, June 27 - 28, 2020) The Texas Cyber June’gle Virtual Summit is June 27th and June 28th, it runs approximately 30 hours straight, Multiple time zones, speakers and trainers from all over the world. The #TexasCyber Summit and the #RedTeam Village are hosting a two day, 30 hr - non-stop training and briefing virtual conference - Free to attend - Blue Team Defender, Defense, Forensics, RE and More, as well as Red Team TTP, Exploit development, and more.
FutureCon Virtual Eastern Conference (Online, June 30, 2020) This virtual event features thought-provoking presentations by Industry Security Leaders, esteemed Keynote Speakers, and a Panel Session discussion with experienced professionals and a talented team who are at the forefront of cutting edge strategies for Cybersecurity defense. 100% off promo code: CYBERWIRE
CS4CA World: Global Cyber Security Event (Online, June 30, 2020) CS4CA World will take place virtually as a unique large-scale event to keep the critical asset community connected across the globe. As a world-wide 24-hour event, it will follow the sun by starting with speakers from the APAC region through to MENA, Europe, LatAm, finishing in North America. This unique format allows sponsors, speakers, and attendees to engage & connect with peers through a wide range of interactive content & networking formats much like a physical event. We are living in unprecedented times where workflows and devices must learn to blend seamlessly together in a digitally transforming world. During this process, cyber security (threats) has emerged as the worst-affected domain, needing careful processes and protocols to protect the world’s critical assets from vulnerabilities.
Sponsor & Support
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.