Our new subscription program, CyberWire Pro, launched this week. Designed for cyber security professionals and all others who want to stay abreast of this rapidly evolving field, CyberWire Pro is a premium news service that will save you time and keep you informed.
Time changes everything –so does the cloud. Yet, even as the cloud unlocks potential it opens the door to threats. McAfee designs security natively in the cloud, for the cloud. To protect the latest, like containers. To empower your change-makers, like developers. And to enable business accelerators, like your teams. Cloud security that accelerates business, it’s about time. Visit McAfee.com/time.
J. Crew discloses data breach. Emcor reports Ryuk infestation. Coronavirus phishing. Super Tuesday lessons. Huawei agonistes.
Clothing retailer J. Crew is warning customers that it sustained a data breach in April of 2019. The store has disabled an unknown number of accounts and asked the affected parties to contact Customer Care to restore those accounts. The breach affected some paycard data. BleepingComputer says the incident was a credential stuffing attack, and TechCrunch wonders why it took J. Crew almost a year to disclose the breach.
Connecticut-headquartered industrial conglomerate Emcor has disclosed that it’s sustained a ransomware attack. The strain involved is Ryuk. Emcor says it’s investigating, but that operations continue and there appears to have been no data breach.
Criminals continue to use coronavirus stories as phishbait in attacks on businesses, the Wall Street Journal writes. It’s an international problem: according to Reuters even Russian President Putin is taking note, and Roskomnadzor has been blocking bogus stories on Vkontakte and Facebook.
The Super Tuesday primaries in the US went off without hacking or evidence of effective disinformation, and Bloomberg reports that NSA Director Nakasone told Congress that superior preparation on the defenders’ part made the difference.
Los Angeles County did stumble badly with its new voting machines. Long delays induced by malfunctioning machines produced what the Los Angeles Times called an “ugly debut for the county’s new $300-million voting system.” Other election authorities who’ve adopted similar devices are reviewing their plans.
Executives from Nokia and Ericsson expressed their support this week for US laws that would push Huawei out of 5G infrastructure, the Washington Post reports.
Today's issue includes events affecting Australia, Brunei, Cambodia, China, Germany, Indonesia, Laos, Lebanon, Malaysia, Myanmar, Philippines, Russia, Singapore, Thailand, United Kingdom, United States, and Vietnam.
Bring your own context.
Why phishing scales so well.
"When you're doing a con one-on-one or even conning in a pyramid scheme a few thousand, there's some sort of investment to get over the hump, whether that's having to expose yourself to possibly being busted. But the thing about phishing scams is you can send out, you know, a hundred million emails, and all you have to do is hit your most vulnerable. So whereas someone who's doing a pigeon drop scam or any of these get-rich-quick scams or even paving-your-driveway scams or any of that, you have to find an older person in their home. You have to go there. You might be bumping into an ex-law enforcement person who's aware of this stuff. There's a lot of risk. When you're sending out hundreds of millions of emails, you know, you don't need to get close to one-hundredth of 1% to be able to hit, so you can dumb them down tremendously to protect yourself. You don't want to get someone on the hook who is at all savvy."
And you don't need to be Mokele-mbembe to figure that one out, friend.
Aerospace news worthy of attention.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CenturyLink, as Mike Benjamin talks about the NanoCore RAT, Our guest is Bil Harmer from SecureAuth, with a discussion of nation-state cyberattacks.
And Hacking Humans is up. In this week's episode, "Don't go looking for morality here," Dave shares a story of an investment scam featuring celebrities. Joe warns of scams surrounding the Coronavirus. The Catch of the Day features Joe's son-in-law's adventure with thousands of bot infiltrations. And we hear Dave's extended interview with magicians and entertainers Penn and Teller at RSAC 2020 in San Francisco. (The place you shouldn't look for morality, by the way, is in the vicinity of a three-card Monte table.)