Join us as we step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. We're pleased to announce Career Notes, each episode of which features a look into one professional's journey, where it began, what influenced its course, and where it's going today.
We recently launched Recorded Future Express — a free browser extension for security teams. Use Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now.
BellTroX says it just helped some private eyes. Honda's incident investigation continues. SEO for crime. Patch Tuesday notes.
Sumit Gupta, founder of BellTroX, the Indian company Citizen Lab named in its report on hackers-for-hire, told Reuters he did nothing wrong: all BellTroX did was help private investigators access email accounts when BellTroX was given credentials to those accounts.
Honda continues its investigation of the incident it sustained over the weekend. The Japan Times reports that domestic production has resumed, but that as of yesterday the company had advised its employees in Tokyo and some other Japanese offices to avoid using Honda’s internal networks. According to TechCrunch and other outlets, the incident was an attack using the Snake (also called "Ekans") strain of ransomware.
Avast describes a criminal campaign that uses search engine optimization tools to draw victims to malicious sites using promises of prizes (the promises often festooned with images of falling confetti).
Yesterday’s Patch Tuesday was a heavy one. Intel fixed twenty-two bugs, two of which, in its Active Management Technology, are rated critical. BleepingComputer says that Microsoft's patches amounted to the largest set ever: a total of one-hundred-twenty-nine fixes. KrebsOnSecurity assesses three issues with Microsoft Server Message Block as among the most troubling. Sophos points out that a majority of the issues Microsoft addressed (a "whopping sixty-nine") involved the risk of escalation of privilege exploitation. Adobe patched problems with Framemaker, Experience Manager, and Flash Player.
The Wall Street Journal reports that the latest settlement in Equifax's 2017 breach, $30.5 million, will mostly go toward a requirement that Equifax invest $25 million in upgrading its own security.
Today's issue includes events affecting Canada, China, India, Iran, Israel, NATO/OTAN, the United Kingdom, and the United States.
Word Notes Wednesday: "Probability"
Probability (noun). 1. Statistics: The relative possibility that an event will occur, as expressed by the ratio of the number of actual occurrences to the total number of possible occurrences. 2. Risk: A person’s knowledge (or ignorance) about some uncertain distinction; a very detailed description of exactly what you know.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses free online courseware aimed at Community College students. Our guest is Dennis Toomey from BAE, who describes how financial institutions need to enact stronger cyber protocols as employees migrate to working from home.
And Caveat is up. In this week's episode, "Cybersecurity at the global, national, and state levels," Dave's got the story of a class action privacy suit targeting Google, Ben takes a look at surveillance in a time of protests and unrest, and later in the show we speak with Maryland State Senator Katie Fry Hester, who talks about state-level cybersecurity policy and legislation.