Save the date (or, even better, subscribe before that date arrives): Our second issue for Creating Connections newsletter focusing on women in cybersecurity will be published on Tuesday, September 8th. We are pleased to bring you more resources and thought leadership from women in the industry. In this issue, Andrea Little Limbago from Interos keeps it real and gives us the skinny on techtonics, Dr. Margaret Cunningham from Forcepoint helps you understand user security habits with Behavioral Analytics, and much more. Check out last month's issue or subscribe to join our league of cyber ladies.
CloudShield™ Eclipse is a Network Detection and Response solution that delivers visibility and advanced threat response for complete and effective defense across your network.
Find out how CloudShield™ Eclipse aligns intelligence, visibility, scalability, detection, and mitigation into a seamless software-based solution that defends your organization from cyber attacks.
Ransom DDoS is now a global problem. Phish hooks in legitimate file-sharing services. Warner Music discloses breach.
As New Zealand’s NZX stock exchange continues its week-long struggle to disentangle itself from the distributed denial-of-service attacks that have plagued it (CPO Magazine has an update), several European Internet service providers have seen their DNS infrastructure come under attack. ZDNet reports that ISPs in Belgium, France, and the Netherlands were all targeted with DNS amplification and “LDAP-type” DDoS attacks that took their services down. Some attacks lasted more than four hours and achieved 300Gbit per second volumes. The Netherlands’ cybersecurity authorities confirmed that the attacks against Dutch ISPs at least were part of an extortion campaign.
The attacks represent a trend in criminal extortion. BleepingComputer says that the US FBI has issued an alert concerning what’s being called RDDoS (“ransom distributed denial-of-service”). Whatever criminal group is behind the attacks (and it does seem to be a straightforward criminal effort, and not the work of state operators) is taking advantage of the notoriety of well-known threat actors by posing as Fancy Bear, Cozy Bear, the Lazarus Group, or the Armada Collective. Radware and Akamai have also warned of this trend.
Researchers at Cisco’s Talos unit describe a series of phishing campaigns that use legitimate file-sharing services to store the malicious documents they link in their emails. The malware payloads include, among others, Gozi ISFB, ZLoader, SmokeLoader and AveMaria.
Warner Music Group has disclosed a data breach in several e-commerce sites it operates. The data exposed includes name, email address, telephone number, billing address, shipping address, and complete payment card details.
Today's issue includes events affecting Belgium, China, France, Iran, Jordan, New Zealand, Nigeria, the Netherlands, Russia, the United Arab Emirates, the United Kingdom, and the United States.
Aerospace news worthy of attention.
If you're interested in space and communications (technology, policy, business, and operations), take a look at the latest issue of Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
And a happy Labor Day.
This coming Monday is Labor Day, and we'll be taking the US Federal holiday off to relax (and hope you do the same, even if you're not in the US, and if local law and custom permit it). We'll resume normal publication on Tuesday, September 8th.
Mandiant’s Jason Atwell will join a panel of government leaders, including, Kevin Stine, Chief, Applied Cybersecurity Division, Information Technology Laboratory, NIST, Dr. Daniel Ragsdale, Assistant Director for Cyber, Office of the Director of Defense Research and Engineering, and Lerone Banks, Technologist, Division of Privacy and Identity Protection, Federal Trade Commission. Panelists will discuss how agencies are adapting to remote work and offer guidance on how to keep IT protected across disparate networks, how frequently an agency should patch and the steps necessary to secure digital infrastructure.