The CyberWire is thrilled to announce the launch of our new newsletter, Creating Connections, focused on connecting women in the cybersecurity field across the globe. Brought to you by women in the industry, you're invited to join our league of cyber ladies and create lasting connections. We'd like to thank Malek Ben Salem and Sylvia Acevedo for their contributed pieces. Remember, we will continue publishing monthly on the first Monday of every month. Check it out and subscribe here.
More Signal. Less Noise.
Simple, secure identity and access management for your business.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
VPN server credentials compromised. Interpol reports on cybercrime trends. Oilrig gets stealthy. NSA's privacy advice.
Announcements
The CyberWire’s new newsletter for women in cybersecurity has launched.
Summary
Plaintext usernames, passwords, and IP addresses for more than nine-hundred Pulse Secure VPN enterprise servers are being shared on a Russian language hacker forum, a ZDNet investigation has found. All the compromised servers were running firmware vulnerable to CVE-2019-11510. The forum to which the data were posted is frequented by ransomware gangs.
Interpol yesterday released a report on cybercrime trends observed during the COVID-19 pandemic. There’s been a shift in targeting. Initially individuals and smaller organizations were the preferred targets, but more recently large companies, government agencies, and infrastructure have been the focus of threat actors.
ZDNet reports that Kaspersky has found that the Iranian threat group Oilrig (APT34) is using DNSExfiltrator, a utility that uses DNS-over-HTTPS (DoH) as an exfiltration channel that enables attackers to move data in more surreptitious ways.
The US National Security Agency has released an advisory on the risks associated with the geolocation data many systems and apps routinely collect. “Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations,” NSA’s warning said. The agency’s recommendations are addressed in the first instance to Government personnel, but they’re presented as applicable to anyone concerned about privacy: turn off location-sharing services, give apps minimal privileges, set browser options to prevent use of location data, turn off advertising permissions, and even disenabling features that track lost devices.
Notes.
Today's issue includes events affecting Australia, Canada, China, the European Union, India, Iran, New Zealand, Russia, the United Kingdom, and the United States.
Aerospace news worthy of attention.
If you're interested in space and communications (technology, policy, business, and operations), take a look at the latest issue of Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Cyber leadership session on-demand: Adopting a proactive, intelligence-led cyber mission
Leaders from the Navy, Government Accountability Office and Mandiant Security Validation took the virtual stage to discuss "Adopting a Proactive, Intelligence-Led Cyber Mission". Watch the on-demand webcast to join the discussion on how automated security validation, integrated with the latest threat intelligence and frontline expertise can validate the health of your infrastructure by testing against actual threats.
Sponsored Events
Future of Digital Identity: Self-Sovereign Identity & Verifiable Credentials (Online, August 6, 2020) Users and employees want control over their data. Self-Sovereign Identity is an identity paradigm poised as the next enterprise-ready solution. Learn more about the future of identity from international experts from organizations such as Bosch, Novartis, and NHS at our virtual event.
CyberTech Latin America (Online, August 11, 2020) Cybertech Latin America is a digital event bringing together government officials, industry experts, academics, leading companies, and startups. Topics include cyber for healthcare and for the financial sector, banking and e-commerce, logistics and transportation, digital transformation and a startup pitch showcase. Register for free.
AusCERT2020 (Online, September 15 - 18, 2020) AusCERT is Australia’s pioneer cyber emergency response team. Attend AusCERT2020 virtually and experience 4-days packed with world-class tutorials and presentations delivered to you by speakers from around the globe.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Lockdown does not mean vacation: APT groups continue to update and diversify their arsenal (Zawya) The COVID-19 pandemic is actively used as bait for many campaigns, large and small
Interpol warns of 'alarming rate' of cyberattacks amid pandemic (UPI) Interpol said it has observed an "alarming rate" of cyberattacks targeting governments and corporations amid the coronavirus pandemic as employees around the world are forced to work remotely due to COVID-19.
Chinese-speaking hackers increase activity and diversify cyberattack methods (TechRadar) Some nation-states treat Covid crisis as a continuation of the age-old game of tit-for-tat, Cybereason says
NSA Warns Cellphone Location Data Could Pose National-Security Threat (Wall Street Journal) The National Security Agency issued new guidance for military and intelligence-community personnel, warning about the risks of cellphone location tracking through apps, wireless networks and Bluetooth technology.
Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH) (ZDNet) Kaspersky says Oilrig (APT34) group has been using DoH to silently exfiltrate data from hacked networks.
Russian hackers stole trade secrets from Liam Fox's email account (teiss) Russian hackers stole confidential U.S.-UK trade documents after breaching the email account of Conservative MP and former trade minister Liam Fox.
Liam Fox targeted by Russian hackers in reminder of “uncomfortable truth” (Verdict) Cybersecurity experts are calling for greater vigilance after it emerged that Russian hackers targeted former trade minister and Conservative MP Liam Fox.
Hacker leaks passwords for 900+ enterprise VPN servers (ZDNet) EXCLUSIVE: The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs.
Hacker Exposes More than 900 Enterprise VPN Servers (KoDDoS Blog) A hacker leaked the plaintext usernames, passwords, and IP addresses of over 900 Pulse Secure VPN enterprise servers on a darknet forum. Threat intelligence firm, KELA, verified the originality of the list using different sources in the cybersecurity community.
Trend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today announced new research highlighting design...
NodeJS module downloaded 7M times lets hackers inject code (BleepingComputer) A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access.
Facebook plugin bug lets hackers hijack WordPress sites’ chat (BleepingComputer) A high severity bug found in Facebook's official chat plugin for WordPress websites with over 80,000 active installations could allow attackers to intercept messages sent by visitors to the vulnerable sites' owner.
Decades-Old Email Flaws Could Let Attackers Mask Their Identities (Wired) Researchers found 18 exploits that take advantage of inconsistencies in the email plumbing most people never think about.
Security flaws within remote work access devices uncovered by RiskIQ (Information Age) The Vulnerability Landscape report from RiskIQ shows critical security flaws to be present within 12 widely used remote work access devices
FBI: Networks exposed to attacks due to Windows 7 end of life (BleepingComputer) The U.S. Federal Bureau of Investigation (FBI) has warned private industry partners of increased security risks impacting computer network infrastructure because of devices still running Windows 7 after the operating system reached its end of life on January 14.
Google flags several major zero-day security threats (TechRadar) 11 zero-day vulnerabilities have been discovered so far this year
Google and Amazon most impersonated brands in phishing attacks (TechRepublic) WhatsApp, Facebook, and Microsoft rounded out the top five as the most spoofed brands last quarter, says Check Point Research.
Another allegation that DJI's software has security issues (DroneDJ) First, there were allegations against the Android version of the DJI GO 4 app. Now, similar concerns have been raised about DJI's Android Pilot app.
DJI refutes allegations against Android 'Pilot' app (DroneDJ) DJI has denied claims by a tech firm that its Android "Pilot" app has problems with security. DJI says the app keeps user data secure & the report is false
New 'Meow' Cyber Attack That Wipes Unsecured Databases Is a Malicious Throwback (CPO Magazine) 'Meow' cyber attack seeks out unsecured databases and simply wipes them out without seeking either fame or material gain, as a form of activism or perhaps just for fun.
Robots Running the Industrial World Are Open to Cyber Attacks (Claims Journal) Industrial robots are now being used to assemble everything from airplanes to smartphones, using human-like arms to mechanically repeat the same processes
The Cyber Security Threats Lurking In Your HVAC System (Propmodo) As the Internet of Things proliferates in smart buildings, devices requesting third party access to building systems pose a cybersecurity risk.
Treck TCP/IP Stack (Update F) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely
Vendor: Treck Inc.
Equipment: TCP/IP
Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control
Delta Industrial Automation CNCSoft ScreenEditor (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics
Equipment: Industrial Automation CNCSoft ScreenEditor
Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read, Access of Uninitialized Pointer
2.
Robot Motion Servers (CISA) 1 EXECUTIVE SUMMARY
CISA is aware of a public report of a vulnerability affecting robot motion servers. The motion servers are programs written in OEM exclusive programming languages and run on the robot controller. Motion servers enable receiving target values and optionally sending actual values.
Is Your WhatsApp At Risk From This Dangerous Hack? (Forbes) This is the WhatsApp hack that will most likely hijack your account—here's how you stay safe.
Avoiding Dating Disasters: Check Point Research Helps to Mitigate Significant Vulnerabilities in OkCupid's Website and Mobile App (MarketScreener) Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. , a leading provider of cyber security solutions globally, recently identified and helped mitigate...
Haryana police cautions retired govt personnel regarding cyber crime threat | Chandigarh News (The Times of India) The Haryana police have issued advisory requesting citizens, especially the recently retired government employees not to share any persona.
Colorado city pays $45,000 ransom after cyber-attack (Albuquerque Journal) Lafayette, Colorado, officials announced Tuesday the city's computer systems were hacked and they were forced to pay a ransom to regain access. Lafayette officials said hackers disabled the city's network services and…
Cyber attack affects Hudson ISD website (The Lufkin Daily News) Hudson ISD's website was down throughout the weekend and Monday after a cyber attack affected the website's host.
Cyber-attack 'cost council more than £10m' (BBC News) Thousands of people were affected when public services were knocked offline earlier this year.
Are you safe? Your data could be breached in one of 10,000 exposed databases around the world. (Nord Pass) Your data is visible in 10,000 exposed databases around the world. And the U.S is top of the list.
Cyber Trends
Studies find epidemic of human errors threatens cloud security - SiliconANGLE (SiliconANGLE) Studies find epidemic of human errors threatens cloud security - SiliconANGLE
Venafi Media Alert: Malware Attacks Exploiting Machine Identities Doubles Between 2018 to 2019 (BusinessWire) Commodity malware campaigns utilizing machine identities are increasing rapidly
Venafi Researchers Examine Malware Attacks (Venafi) Malware attacks exploiting machine identities doubles between 2018 and 2019.
Accurics Releases ‘State of DevSecOps Report’ for Summer 2020, Unveils Common but Dangerous Breach Paths in Cloud Deployments (BusinessWire) Research explores security challenges as organizations adopt cloud native technologies and highlights the need for codifying security into development
The State of DevSecOps (Accurics) The adoption of cloud native infrastructure such as serverless, containers, and service mesh are enabling organizations to deliver new innovations to market. Unfortunately, over 30 billion records have been exposed as a result of cloud infrastructure misconfigurations over the last two years and the velocity of cloud breaches continue to increase.
New Study Finds Cloud-Native Patch Management Saves Industry Billions Over Legacy Alternatives (BusinessWire) A new study has found that cloud-native patch management saves the industry billions over legacy alternatives
Trend Micro: Hackers target hospitals during COVID-19 pandemic, many are still vulnerable (SoyaCincau.com) Trend Micro says hospital systems are often held hostage using ransomware by hackers as they will often pay up quickly in order to save lives.
VMware Carbon Black Threat Report finds hackers using more aggressive and destructive tactics (TechRepublic) Security firm recommends digital distancing for devices and more collaboration between IT and security teams to harden the attack surface.
Ninety-Four Percent of Organizations Have Experienced At Least One Business-Impacting Cyberattack in the Past 12 Months, According to New Industry Study (GlobeNewswire) Yet only four out of 10 security leaders can answer the question, “How secure, or at risk, are we?”
Marketplace
There Is No Cloud Security Market Segment (Forbes) Of 2,337 vendors of security products there are none that can be put in a separate Cloud Security segment.
Agentless Authentication Provider Silverfort Secures $30 Million in Series B Funding (BusinessWire) Silverfort, provider of the industry’s first agentless, proxyless authentication platform, announced today that it has raised $30 million in a series
Startup HeadSpin to Return Funding After Probe of Financial Statements (The Information) HeadSpin, a mobile app testing company recently valued at $1.16 billion, plans to return up to $95 million in funding to investors after an internal review of financial irregularities forced it to restate its financials.The previously unreported review follows the board’s discovery that the ...
Microsoft paid almost $14M in bounties over the last 12 months (BleepingComputer) Microsoft has awarded $13.7 million to security researchers who have reported vulnerabilities over the last 12 months through 15 bug bounty programs, between July 1st, 2019, and June 30th, 2020.
Microsoft goes big in security bug bounties: Its $13.7m is double Google's 2019 payouts (ZDNet) Microsoft has tripled its bug-bounty payouts to security researchers over the past year.
Data Theorem Named a Top Cybersecurity Startup of the Year at Black Hat USA 2020 Virtual Conference (BusinessWire) Data Theorem, Inc., a leading provider of modern application security, today announced that is has been named a Top 100 Cybersecurity Startup for 2020
Cybellum Named Winner as Top 100 Cybersecurity Startup for 2020 (PR Newswire) Cybellum, the leading Automotive Cybersecurity Risk Assessment solution provider, today announced that it has been named a Top 100...
A Patriotic Solution to the Cybersecurity Skills Shortage (Dark Reading) Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.
Cyber Security Firm Expands To Europe To Help Firms Protect Data (Media Post) SecureReview uses several technologies, including facial verification and a secure mail system, to limit access to data.
Tortuga Logic Announces Expansion of Cybersecurity Leadership Team (PR Newswire) Tortuga Logic, Inc., a cybersecurity company specializing in hardware security, today announced that its Board of Directors has appointed...
Respond Software Welcomes George Vukcevich as Vice President of Sales (Respond Software) George Vukcevich has joined Respond Software as VP of sales. The tech sales leader will lead the strategy for the cybersecurity and soc automation market.
Tufin Names Mitch DeBerdt as Country Manager for Japan (BusinessWire) Tufin announced the appointment of Mitch DeBerdt to the position of Country Manager for Japan.
Products, Services, and Solutions
Spin Technology Introduces Cyber Liability Insurance for SpinOne (PRWeb) Spin Technology, Inc., today introduced Cyber Liability Insurance for SpinOne. This additional offering provides a policy that new and existing SpinOne c
Global Payments Makes PCI History in Partnership with Coalfire (PR Newswire) Coalfire, the first cybersecurity firm in the world accredited by the Payment Card Industry Security Standards Council (PCI SSC) to perform...
Tanium and Google Cloud partner to deliver security transformation (Help Net Security) Tanium has expanded its partnership with Google Cloud to help organizations accelerate the transformation to distributed business operations.
Cloudflare Selects ForAllSecure to Bring Increased Application Security to its DevOps Pipeline (PR Newswire) ForAllSecure, Inc., a pioneer in automated application security, announced today that Cloudflare, a security, performance, and reliability...
Lumu Unveils Enhanced Spambox Analysis Capabilities (GlobeNewswire) Lumu Empowers Customers to Unleash the Value of Spambox Threat Intelligence to Continuously Improve their Compromise Detection
Yellowbrick Data and Emtec Enter into a New Partnership (Emtec Inc) New partnership with hybrid cloud data warehouse firm, Yellowbrick data, will expand value of Emtec's enterprise data lake services & strategic business intelligence solutions.
New Spin on a Longtime DNS Intel Tool (Dark Reading) Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.
Thales Offers Solutions to Hotels and Casinos for Enhanced Security and Efficiency (Kiosk Marketplace) InterContinental® Singapore demonstrates flexibility of Thales Gemalto Document Reader solutions.
Cybereason launches program in the Middle East (Security Middle East) Cyberason looks to expand market footprint by joining forces with MSSPs and VARs, offering training, favorable pricing models and more
Enhanced Features Extend ReversingLabs Explainable Threat Intelligence Capabilities for Threat Hunters and Security Operations Teams (GlobeNewswire) MITRE ATT&CK® Mapping, Indicator Transparency and Interactive Storytelling Provide Added Context, Transparency and Prescriptive Recommendations
Cyware Partners with Recorded Future For Enhanced Threat Intelligence Automation and Analysis (PR Newswire) Cyware, the leading provider of cyber fusion solutions, today announced a new partnership with Recorded Future, the largest global security...
Trend Micro Cloud-Powered XDR Drives Monumental Business Value (Eletimes) Organizations can save the cost of 8 full time employees by adopting an XDR approach, says ESG
Unisys enhances CloudForte, the multi-cloud and application optimization platform (Help Net Security) Unisys has enhanced CloudForte, its integrated, multi-cloud and application optimization platform. The new CloudForte capabilities help organizations
SailPoint and Proofpoint Team Up to Fight Security Threats Facing Today’s Digital Workforce (BusinessWire) With more than 90% of today's threats starting with a seemingly innocuous email, SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in ide
Radiflow launches CIARA, a ROI-driven risk assessment and management platform for industrial organizations (Help Net Security) Radiflow CIARA helps meet emerging best practice around risk modelling and management using the ISA/IEC 62443 series of standards.
Palo Alto Networks Introduces Industry's Largest and Most Comprehensive Security Orchestration Marketplace (PR Newswire) Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today introduced a marketplace for Cortex™ XSOAR, its extended security...
Sixgill Joins Palo Alto Networks Cortex XSOAR Marketplace as a Launch Partner (PR Newswire) Sixgill, a leading threat intelligence company, today announced that Darkfeed™, its fully automated stream of indicators of compromise, is now...
SafeBreach Joins Palo Alto Networks Cortex XSOAR Marketplace as a Launch Partner (PR Newswire) SafeBreach, the world's most widely used breach-and-attack-simulation platform, today announced that SafeBreach with the SafeBreach Insights(™)...
Recorded Future Joins Palo Alto Networks Cortex XSOAR Marketplace as a Launch Partner (PR Newswire) Recorded Future, the largest global security intelligence provider, today announced that the Recorded Future Security Intelligence Platform...
RiskIQ Joins Palo Alto Networks Cortex XSOAR Marketplace as a Launch Partner (GlobeNewswire) Cortex XSOAR Marketplace enables organizations to discover, share and consume security orchestration innovations from a global ecosystem to scale up automation
The Future of Cyber Security – The Best Defense is an Impenetrable Offense (Security Boulevard) The post The Future of Cyber Security – The Best Defense is an Impenetrable Offense appeared first on Fidelis Cybersecurity.
CERT NZ provides threat intelligence for InternetNZ's DNS Firewall (Security Brief) It’s important to InternetNZ to keep adding intelligence to Defenz to make sure our customers are protected from known security threats.
GrayMatter deceptionGUARD Responds to Cybersecurity Critical Infrastructure Warnings (PR Newswire) GrayMatter releases its latest cybersecurity offering to protect industrial companies and critical infrastructure from the types of...
Forescout and Arista Networks Join Forces to Deliver Zero Trust Security (GlobeNewswire) Partnership and integration of best-of-breed technologies deliver comprehensive device visibility and enforcement across heterogeneous networks
LogMeIn Introduces New LastPass Security Dashboard and Dark Web Monitoring, Delivering a Complete Command Center for Managing Digital Security (AP NEWS) LastPass by LogMeIn today unveiled a new Security Dashboard, providing end users with a complete overview of the security of their online accounts and actionable steps to strengthen their online security.
Certes Announces New Distributorship Agreement (Certes Networks) Certes Networks Signs Distributorship Agreement with Largest Value-Added Technology Distributor in Turkey
Technologies, Techniques, and Standards
Limiting Location Data Exposure (National Security Agency) Mobile devices store and share device geolocation data by design.
Here's the NSA's advice for reducing the exposure of cellphone location data (CyberScoop) Although cellphone users can work to limit the risk their cellphones are exposing location data, the NSA warns there's no way to eliminate the risk.
Federal program offers new cybersecurity tool for elections (AP NEWS) ATLANTA (AP) — State and local officials are receiving additional tools from the federal government to help defend the nation’s election systems from cyberthreats ahead of the November vote, as...
Why SSO isn’t a silver bullet for enterprise security (1Password Blog) SSO plays a huge role in business security – we love it, we use it, and we understand the enormous contribution it makes. But by itself, SSO doesn’t solve every challenge businesses face with securely signing in to services. And it can’t replace an enterprise password manager. Let’s talk a little bit about why that is.
AT&T Cybersecurity: Do Secure VPNs, Don’t Pay Ransoms (SDxCentral) AT&T research suggests that the vast majority of large businesses believe widespread remote working because of the COVID-19 pandemic makes their companies less secure and more vulnerable to cyberattacks.
Top 5 Security Considerations for Cloud Migration (CPO Magazine) Cloud-based deployments have significantly changed the security paradigm and the foremost consideration for cloud migration involves a security framework that spans the entire cloud infrastructure.
SANS Institute Outlines Path to Effective Security Metrics Use (Herald-Mail Media) Metrics for security are in wide use in organizations today, with over 80% of respondents to a new SANS Institute survey claiming some
New SANS Institute Reports Advocate for Remote Browser Isolation and Assess the Effectiveness of the Cyberinc Isla Isolation Platform (PR Newswire) Cyberinc today announced that SANS Institute, the leading independent provider of security research and education, has published an independent...
The realities of ransomware: A victim’s-eye view of an attack (Sophos News) The Managed Threat Response manager offers a unique perspective on the realities of being the target of ransomware
Maryland IT Strategy Consulting Firm Educates On IT Due Diligence (Digital Journal) Hartman Executive Advisors, a Maryland IT strategy consulting firm, recently released a blog educating business owners on IT due diligence and risk management consulting. The article outlines the benefits of undergoing a comprehensive IT assessment and how it can significantly affect the state of your business.
Design and Innovation
WhatsApp rolling out Search the Web functionality to help fact check viral messages (Android Police) Curb the spread of misinformation online
Research and Development
Ntrepid Awarded Patent for Method to Transmit Network Traffic with a Proxy Device (BusinessWire) Ntrepid announced today that the company was recently awarded a patent for a method to transmit network traffic with a proxy device.
Academia
CSU launches new cybersecurity program (WTVM) CSU unveiled its cybersecurity program with an inaugural class made up of 14 students.
Great Falls College MSU's cyber security program nationally recognized for academic excellence (KHQ Right Now) Great Falls College MSU has received national recognition for it's cyber security program.
Legislation, Policy and Regulation
First EU Sanctions for Cyberattacks Point to Alignment With U.S. on Foreign Hacking (Wall Street Journal) The European Union imposed sanctions for the first time in response to major cyberattacks, bringing the bloc more in line with the U.S. approach of publicly naming and seeking punishment for nation-state hackers.
Australian PM says no evidence to suggest TikTok should be banned (Reuters) Australia has found no evidence showing it should restrict the popular short-video app TikTok, the country's Prime Minister Scott Morrison said on Tuesday, after U.S. President Donald Trump threatened to ban the Chinese-owned app.
Canada’s Scattered and Uncoordinated Cyber Foreign Policy: A Call for Clarity (Just Security) Authors from the Citizen Lab explain why Canada's scattershot approach to cybersecurity fails to advance fundamental Canadian interests
ByteDance CEO Says Trump’s Real Goal Is to Kill Off TikTok (Bloomberg) U.S. doesn’t really want to see a sale to American buyers. Founder Zhang Yiming issues second letter in two days.
TikTok becomes latest casualty in Trump's tech war with China (TheHill) The future of popular social media platform TikTok in the U.S.
It’s Not Just TikTok. Chinese Firms Face More US Roadblocks (Wired) Chinese companies have been free to expand in the US while American firms were stymied by Beijing. Now, the climate is not as welcoming.
China Is Waging Economic War on America. The Pandemic Is an Opportunity to Turn the Fight Around. (Barron's) China has targeted America’s most productive economic sectors for years. As we rebuild after the pandemic, the U.S. government should stand shoulder to shoulder with industry.
TikTok Standoff Raises Fear of Retaliation Against U.S. App Developers (Wall Street Journal) Digital companies making inroads in China could face heat should Beijing respond in kind to U.S. tactics.
US stress on security will hurt trade (China Daily) By disrupting the world's interconnected economic, social and geopolitical spheres, the COVID-19 pandemic has exposed just how fragile and inequitable the institutions that govern them really are. It has also highlighted how difficult it is to address systemic fragility and inequity amid escalating national security threats.
Huawei ban won’t damage UK tech industry, say IT experts (Yahoo) A survey of industry professionals found the majority do not believe the UK will be adversely affected by the Huawei 5G ban.
Litigation, Investigation, and Enforcement
Senate Intel panel approves final Russia report, moves toward public release (TheHill) The Senate Intelligence Committee on Tuesday voted to adopt its fifth and final report on Russia’e election interference efforts in 2016, with committee leaders vowing to keep working towards releasing a declas
Mergers: Commission opens in-depth investigation into the proposed acquisition of Fitbit by Google (European Commission - European Commission) The European Commission has opened an in-depth investigation to assess the proposed acquisition of Fitbit by Google under the EU Merger Regulation.
Tampa teenager accused in Twitter hack pleads not guilty (AP NEWS) A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on...
The Teenager Allegedly Behind the Twitter Hack and How He Did It (Wall Street Journal) A crucial moment in the worst hack in Twitter’s history was when a Florida teenager convinced a company employee that he was a co-worker, prosecutors say.
Social Engineering: A Plague on Crypto and Twitter, Unlikely to Stop (Yahoo) The SIM swapping community entered the spotlight after helping the Twitter hacker breach the social media platform, but these threat actors have been going after the crypto community for years.
Elizabeth Warren Wants To Know Why This Company Was Spying On BLM Protesters (BuzzFeed News) A group of Democratic lawmakers is demanding answers about protester surveillance conducted by data broker Mobilewalla.
Israeli Spy Firm NSO Can Hack Phones Of Activists And Journalists: 5 Things You Need To Know (Moguldom) Secretive Israeli surveillance firm NSO can hack phones of activists and journalists. Here are five things you need to know.
Inside the Courthouse Break-In Spree That Landed 2 White Hat Hackers in Jail (Wired) When two men were hired to break into an Iowa judicial buildings, they thought it was just another physical security audit—until they were charged with burglary.
Industry Events
newly Noted Events
Female Trailblazers in Cybersecurity (Online, August 25, 2020) ISA Cybersecurity, in partnership with CyberArk and Tenable, is proud to host a virtual roundtable that brings together leading women in cybersecurity to address today’s pressing industry issues by highlighting women’s vital roles through powerful stories. Join us for an interactive, 60-minute roundtable moderated by Kathleen Smith, Chief Marketing Officer at ClearedJobs.Net/CyberSecJobs.com, where inspiring cybersecurity and technology female leaders will share their insights and personal experiences on the rapid changes to the industry, the growing need for female representation and what they’ve done to impact the ecosystem today.
upcoming Events
WSIS Forum 2020 (Online, June 22 - September 10, 2020) The World Summit on the Information Society (WSIS) Forum 2020, celebrates 15 years of providing a multi-stakeholder platform to discuss, share experiences, showcase innovation, and foster partnerships in strengthening the impact of ICTs for sustainable development. Online sessions to be held from 22 June, 12:00-13:00 onwards, featuring a weekly program, including a series of thematic/country workshops which are hosted by WSIS Stakeholders, high-level policy sessions, special tracks on various themes, a virtual knowledge café, a Hackathon, WSIS Action Line meeting and a virtual exhibition addressing issues that are critical to WSIS implementation and follow-up in a multi-stakeholder setting.
Black Hat USA 2020. (Online, August 1 - 6, 2020) Now in its 23rd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2020 opens with four days of technical Trainings (August 1-4) followed by the two-day main conference (August 5-6) featuring Briefings, Arsenal, Business Hall, and more.
BSides Las Vegas (Online, August 4 - 5, 2020) BSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community by providing an annual, two-day conference for security practitioners and those interested in (or looking to) enter the field. Our event is a source of education, communication, and collaboration. The technical and academic presentations at BSidesLV are given in the spirit of peer review and for the dissemination of knowledge among all specialties. This allows the field of Information Security to grow and continue its pursuit of a world where privacy and security are attainable.
Cyber HealthTech Conference (Atlanta, Georgia, USA, August 6, 2020) The Inaugural Cyber HealthTech Conference & Challenge is the premier global innovation conference dedicated to creating opportunities for senior leaders from health tech enterprises and startups from around the country to come together in the spirit of connection, innovation and acceleration. Advancements in cybersecurity and health technology play an ever increasing role in consumer behavior. For those of us in the Atlanta metro area, now is the time to be part of an innovative community focused on serving and growing the mobile on-demand economy.
Dolphin Tank®: Cyber Security (Online, August 12, 2020) Springboard Enterprises Dolphin Tank® Sessions offer entrepreneurs actionable insights and resources from knowledgeable people in the community. It’s not about sharks or piranhas but rather, “How can we help?” The objective is to provide connections and advice to enable entrepreneurs to overcome their challenges and capitalize on their opportunities. All presenting companies have at least one woman founder (who will present), have a full-time team of two or more, have raised at least a seed round of funding, is generating monthly recurring revenue and has developed a technology solution with applications in cyber security.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.