Time changes everything –so does the cloud. Yet, even as the cloud unlocks potential it opens the door to threats. McAfee designs security natively in the cloud, for the cloud. To protect the latest, like containers. To empower your change-makers, like developers. And to enable business accelerators, like your teams. Cloud security that accelerates business, it’s about time. Visit McAfee.com/time.
Our new subscription program, CyberWire Pro, launched this week. Designed for cyber security professionals and all others who want to stay abreast of this rapidly evolving field, CyberWire Pro is a premium news service that will save you time and keep you informed.
Virgin Media has disclosed a “data incident” in which some personal information belonging to about nine-hundred-thousand customers was exposed. The company says it's taken steps to close the breach.
The alert service Vulnerability claims that more than six-hundred Microsoft subdomains are susceptible to takeover. Forbes notes that while no exploitation has been seen in the wild, a proof-of-concept is out. Microsoft says it’s working on a fix.
Digital Shadows is tracking dark web search engine, “Kilos,” that’s gaining black-market share in criminal souks.
Super Tuesday may have gone off without much incident, but a recently released study by New York University’s Brennan Center for Justice thinks the US ought not relax its guard. The researchers concluded that disinformation operations directed against the 2020 election began last year, and that the operators behind the IRA troll farm have returned, using many of the same accounts. The study finds that the trolls have gotten better at impersonating candidates and parties, and are prepared to go beyond the simple amplification tactics seen so far.
The crypto wars have returned in a big way with the introduction of the EARN IT Act in the US Senate, WIRED reports. Nominally a measure directed against child exploitation, opponents from an unusually broad ideological spectrum see it as a roundabout way of subverting encryption.
The US Justice Department has also introduced a set of voluntary principles designed to control online child exploitation. Computing says that Facebook, Google, and a number of other tech firms have signed on.
Today's issue includes events affecting Australia, Brazil, China, Estonia, Iran, Russia, South Africa, Ukraine, United Kingdom, and United States.
Congratulations--you're a new CISO.
"I would say for any new CISO that's coming into an organization, it's really kind of important first to get to know the people who have been in place securing the environment. And sit down with them, and understand from them, where things stand from a security standpoint. It's important to understand the culture of the organization and really kind of step back a little bit and understand kind of what the risk tolerance is for the organization. And, you know, kind of based on that, you kind of understand where, you know, some of the potential gaps would be, kind of understand what the risk tolerance is. You can start to prioritize. At least in my case, having worked a lot with large enterprises, I think where a lot of people fall down is just doing things consistently across the board. You know, you have development environments. You have production environments. You have corporate IT environments. And you tend to have multiple teams working that. And things can get out of sync. So, you know, I think looking across the board there and just looking at kind of best practices that are occurring within each team and then trying to be able do that consistently and, you know, with rigor across the entire collection of IT systems is a good place to start."
—Chris Kubic, chief information security officer at Fidelis Cybersecurity, on the CyberWire Daily Podcast, 3.4.20.
Know thyself.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CrowdStrike, as Thomas Etheridge talks about ways of empowering business leaders to manage cyber risk. Our guest is Sherri Davidoff, discussing her book, Data Breaches: Crisis and Opportunity.
Russian disinformation efforts targeting 2020 elections began last year: study (TheHill) Social media accounts linked to the Russian Internet Research Agency (IRA) began spreading "brazen" misinformation connected to the 2020 election last year, New York University’s Brennan Center for Justice
US, UK and Estonia accuse Russia of cyber attack on Georgia (Washington Post) The United States, United Kingdom and Estonia are accusing Russia’s military intelligence of conducting cyber attacks against the Georgian government and media websites in an attempt “to sow discord and disrupt the lives of ordinary Georgians.”
Russian ‘Bot Farms’—The New-Old Challenge to Ukraine’s National Security (Jamestown) On February 17, the Security Service of Ukraine (SSU) disrupted the activity of a network of “bot farms”—an extensive, organized effort to create “fake” (automated) social media accounts, which was found to be active across multiple regions of Ukraine. According to the SSU, the technical equipment used by the operators of these “bot farms” was supported by Russian online services. …
Intel CSME bug is worse than previously thought (ZDNet) Researchers say a full patch requires replacing hardware. Only the latest Intel 10th generation CPUs are not affected.
GuLoader: A Popular New VB6 Downloader that Abuses Cloud Services (Proofpoint) Proofpoint researchers have observed a new downloader in the wild that we and other researchers are calling “GuLoader.” Our researchers first observed GuLoader in late December 2019 being used to deliver Parallax RAT, which itself had recently been released.
Attackers Deliver Malware via Fake Website Certificate Errors (BleepingComputer) Cybercriminals are distributing malware using fake security certificate update requests displayed on previously compromised websites, attempting to infect potential victims with backdoors and Trojans using a malicious installer.
Microsoft subdomains hijacked following DNS security blunder (BetaNews) Vulnerability researchers were able to hijack a series of subdomains belonging to Microsoft after the company was found to be employing poor DNS practices.
Virgin Media Data Breach Exposes Info of 900,000 Customers (BleepingComputer) Virgin Media announced today that the personal information of roughly 900,000 of its customers was accessed without permission on at least one occasion because of a misconfigured and unsecured marketing database.
Virgin Media spills personal details of 900,000 customers in data breach (Computing) Misconfigured marketing customer database access ‘did not include any passwords or financial details’, Virgin Media claims
Facebook Removes Trump Campaign Ads, Citing Census Interference Policy (Wall Street Journal) The social-media giant removed Trump campaign ads that referred to a census, saying they violated a company policy aimed at preventing interference with the nationwide 2020 census.
WAGO I/O-CHECK (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WAGO Equipment: I/O-CHECK Series PFC100 and Series PFC200 Vulnerabilities: Information Exposure Through Sent Data, Buffer Access with Incorrect Length Value, Missing Authentication for Critical Function, Classic Buffer Overflow 2.
Report: Most IoT transactions are not secure (Network World) Data gathered by security provider Zscaler shows that not only are most internet-of-things transactions unsecured, they are also unauthorized as IoT creeps in as shadow-IT devices.
Hackers Easily Breach U.S. Voting Machines in Chilling 'Kill Chain' Trailer (Rolling Stone) New documentary set to premiere on HBO this month
Online Retailers Are Fighting Coronavirus Scams (PYMNTS) Online retailers have to be wary of scams centering around the deadly coronavirus as it now makes its way across the world.
The Pensions Regulator hit by 148% increase in cyber attacks (Fire & Security Matters) The Pensions Regulator (TPR) was targeted by a total of 343,867 phishing, malware and spam email attacks in 2019, according to official data released by a Parliament Street think tank.
Researchers report widespread disclosure violations in political advertising on Facebook (Globe Newswire) NYU Tandon School of Engineering study tallies the cost of inauthentic ads and makes a case for independent monitors
Tens of thousands of political ads on Facebook lacked key details about who paid for them, new report finds (Washington Post) Four years after Russian agents weaponized the social-networking site and its powerful targeting tools in the 2016 presidential election, some key Facebook defects that could "enable a malicious advertiser to avoid accurate disclosure of their political ads," NYU researchers found in their study.
79% of Enterprises Want Better Integrated Security and Governance for Their Data in the Cloud (AtScale) New Independent Survey From AtScale, Cloudera and ODPi Reveals Majority of Enterprises Choose Multi-Cloud Strategies; 55% ... Invest in Data Virtualization.
Cybersecurity Press Release (IWCE) IWCE's Critical Communications Industry Insights report finds 64% of the critical communication industry feel they don’t have enough cybersecurity measures in place against hackers.
More Than Half of Healthcare Organizations Globally Experienced a Cyberattack in the Past Year (PR Newswire) Keeper Security, provider of the leading cybersecurity platform for preventing password-related data breaches and cyberthreats, today revealed...
Industrial cyber-threat warnings soared in 2019 (Drives and Controls Magazine) The number of “advisories” about control system cyber-threats issued by the US government’s ICS-Cert (Industrial Control Systems Cyber-Emergency Response...
Australia shoots up in cyber security rankings (Information Age) But are we actually getting better?
Brazil ranks third in email security threats (ZDNet) The country also tops the global ranking for ransomware, according to a new study
These companies will be kings in the cybersecurity industry as consolidation takes hold (MarketWatch) Thirty-six thousand cybersecurity professionals attended the RSA conference in San Francisco last week, with a full roster of executive keynotes and four...
Huawei CSO Responds to 5G Security and Espionage Concerns (BankInfo Security) In response to White House warnings that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage, Andy Purdy of Huawei
Does the word “#backdoor” seem frightening? (Huawei) That’s because it’s often used incorrectly – sometimes to deliberately create fear. Watch to learn the truth about backdoors and other types of network access.
Accenture finds Context for security M&A spree (CRN) Services giant snaps up UK-based Context Information Security to its growing security portfolio
HP rejects Xerox's $35 billion hostile takeover bid (Computing) The takeover would disproportionately benefit Xerox shareholders, HP believes, and leave behind a company overburdened with debt
Palo Alto Networks Should Expand Through Acquisitions (Seeking Alpha) Not only did Palo Alto Networks fail to meet market expectations on revenues for the quarter, but its outlook was also weak. For the current quarter, Palo Alto
Palo Alto Partnership May Boost Confidence in Google Cloud’s Chronicle (Data Center Knowledge) The cloud provider’s security unit is said to have been struggling, and its RSA announcements might provide a boost.
Cyber defense of critical military infrastructure the focus of collaboration between Raytheon, IronNet (Military Embedded Systems) Raytheon has announced a partnership with IronNet Cybersecurity (Fulton, Maryland) to develop cyber solutions aimed at defending defense-related operational and information technology (OT/IT) systems.
ZTE’s AI technology guarantees network security for China Unicom during the fight against novel coronavirus (TelecomTV) ZTE Corporation (0763.HK / 000063.SZ), a major international provider of telecommunications, enterprise and consumer techno…
Mellanox buys network intelligence tech developer Titan IC (VanillaPlus) Mellanox Technologies Ltd, a supplier of end-to-end, smart interconnect solutions for data centre servers and storage systems, has agreed to acquire privat
Palantir seals its first major U.S. Navy deal as Raytheon is passed over (Washington Post) The Silicon Valley-based big-data analytics firm has finalized multiple deals with Defense Department agencies over the past year.
Chris Scott To Lead Viyu Network Solutions as CEO (Viyu Network Solutions) Former CEO of Netera Networks Tapped to Grow Richardson-based IT Services Company Richardson, TX (March 5, 2020) – Chris Scott, founder and CEO of Netera Networ
Code Dx, Inc. adds John N. Stewart, Cisco Systems, Inc. Chief Security and Trust Officer, to Board of Directors (Globe Newswire) John N. Stewart, Chief Security and Trust Officer of Cisco Systems, Inc. has joined the Board of Directors of Code Dx, Inc., a start-up company that recently received seed investment and has emerged as an Application Security industry leader. This announcement follows his departure from Cisco, announced earlier this week.
TikTok Adds Executive to Keep Watch Over User Data (Wall Street Journal) Roland Cloutier, former chief security officer from ADP, will lead TikTok’s security efforts.
TikTok Taps Leading Cyber Security Expert as Chief Information Security Officer (Newsroom | TikTok) Roland Cloutier to spearhead company’s ongoing efforts to provide world-class security to its growing global community of users and creatorsMountain View, California – TikTok today announced that cybe
KnowBe4 and Agari Announce New Partnership to Transform Phishing Protection (KnowBe4) As market leaders, KnowBe4 and Agari have joined forces to help stop identity-based email attacks.
Jetico Delivers Industry’s Most Comprehensive Enterprise Encryption Software for Windows and Mac (Yahoo) BestCrypt Volume Encryption – Enterprise Edition becomes the industry’s most comprehensive enterprise encryption software for Windows and macOS.
Contextual Awareness: Advancing Identity and Access Management to the Next Level of Security Effectiveness (Mobileiron) Download this report and learn how organizations are making actionable decisions on the adoption of contextually-aware platforms.
Get the Skills You Need to Be a Successful Social Engineer (Security Boulevard) In This Issue: “Get the Skills You Need to Be a Successful Social Engineer” What skills do you need to be a social engineer? The March newsletter answers that question by narrowing the focus to two specific skill groups: interpersonal and technical skills. We’ll also discuss how to use social engineering in the best possible way by employing ethics. The post Get the Skills You Need to Be a Successful Social Engineer appeared first on Security Through Education.
Mitigating the Passive Insider Threat (BankInfo Security) As the RSA 2020 conference showcased "The Human Element," Palo Alto Networks' M.K. Palmore, turned his attention to the passive insider threat - the one
Why Do So Many Cybersecurity Vulnerabilities Remain Unpatched? ( How to, Technology and PC Security Forum | SensorsTechForum.com) Unpatched issues remain a major problem for companies of all sizes. A recent report revealed that 56 percent of reported bugs aren't patched within 90 days.
How GSA’s innovation initiative is helping the Defense Department (Federal Times) The General Services Administration's Centers of Excellence program has been working at the Joint Artificial Intelligence Center to accelerate accelerate modernization projects.
Alabama School of Engineering and Cyber Technology partners with Northrop Grumman (WAFF) The Alabama School of Engineering and Cyber Technology has a new founding partner: Northrop Grumman.
University’s Hacking Team Qualifies for Northeast Collegiate Cyber Defense Competition - University of New Haven (University of New Haven) Proving to be calm and cool under intense pressure, the University’s top cybersecurity students are seeking to move on to the national round of an immersive competition that challenges students to defend corporate networks and systems from active hackers.
Peace in cyberspace is still possible, let’s make it an international priority (The Telegraph) The number of threats facing the digital landscape are increasing, placing the industry at a crossroads
Huawei Takes Its Case to the People in Australia (Wall Street Journal) Huawei is bidding to convince citizens in Australia, one of America’s closest allies, that its telecom gear is safe—a grass-roots fight against the government’s decision to exclude the Chinese company from its 5G build-out.
U.S. lawmakers seek to step up pressure on UK to reverse Huawei 5G decision (Reuters) Members of the U.S. Congress on Wednesday took another step to try to prod Brita...
Dangerous Partners: Big Tech and Beijing | United States Senate Committee on the Judiciary (United States Senate Committee on the Judiciary) The Senate Committee on the Judiciary, Subcommittee on Crime and Terrorism hearing entitled “Dangerous Partners: Big Tech and Beijing”...
Statement Of Adam S. Hickey Deputy Assistant Attorney General National Security Division United States Department Of Justice Before The Subcommittee On Crime And Terrorism Committee On The Judiciary United States Senate (US Department of Justice) Good afternoon Chairman Hawley, Ranking Member Whitehouse, and distinguished Members of the Subcommittee. Thank you for the opportunity to testify on behalf of the Department of Justice regarding the threats that foreign adversaries pose to our information security, the vulnerabilities that can arise from doing business in those nations or with companies they can control, and the national security implications of an increasingly integrated internet.
House members worry if the cyber force is the right size (Fifth Domain) U.S. Cyber Command’s cyber mission force consists of 133 offensive, support and defensive cyber teams. But during a March 4 hearing of the House Armed Services Committee, Rep. Jim Langevin, D-Rhode Island, used his opening statement to ask about Cyber Command’s staffing.
Cyber Command preps force assessment (FCW) The organization's election security role is expanding as cybersecurity threats evolve.
Panel will recommend that feds can declare a ‘cyber state of distress’ (Fifth Domain) In another preview of its March 11 report, the Cyberspace Solarium Commission laid out new authorities, roles and partnerships it wants to see in the federal government.
Voluntary Principles to Counter Online Child Sexual Exploitation and Abuse (US Department of Justice) Online child sexual exploitation and abuse is a global crime that demands a global response. In an increasingly digital and borderless world, this crime is becoming easier to commit, more extreme in nature and growing in scale.
Facebook, Google and other tech firms pledge to follow new guidelines to fight online child abuse (Computing) Other tech firms have also shown interest in implementing the guidelines
Analysis | The Cybersecurity 202: Senate bill sparks open war over encryption (Washington Post) Lawmakers launched the most serious challenge in decades to the digital protection.
NetChoice Announces Opposition to Sen. Graham’s EARN IT Act (NetChoice) Today, Sen. Graham (R-SC) introduced the EARN IT Act, a bill with good intentions to tackle child exploitation yet falls short in addressing the underlying issues while creating new vulnerabilities…
The EARN IT Act Is a Sneak Attack on Encryption (Wired) The crypto wars are back in full swing.
ACLU and AFP to Congress: “EARN IT” Act Jeopardizes Every Americans’ Private Communications - Americans for Prosperity (Americans for Prosperity) The American Civil Liberties Union (ACLU) and Americans for Prosperity (AFP) today announced joint opposition to the EARN IT Act.
Don't Let Congress Kill Free Speech Online (Fight for the Future) A new bill threatens to destroy free speech on the Internet as we know it. If passed, the EARN IT Act would give Attorney General Willliam Barr the power to demand that tech companies kill important encryption programs that keep us all safe from government censorship, cybersecurity breaches, and human rights abuses.
As the U.S. spied on the world, the CIA and NSA bickered (Washington Post) The two agencies collaborated on the “intelligence coup of the century” but clashed over control of a Swiss encryption company and tradecraft to protect the operation.
Unsealed DOJ indictment accuses Group-IB executive of hacking crimes - CyberScoop (CyberScoop) The DOJ indicted Nikita Kislitsin in 2014 for his alleged role in hacking Formsrping. He is currently listed as head of network security at Group-IB,
Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef (Register) Tales of terrible security, poor compartmentalization, and more, emerge from the Schulte hearings
Self-described ‘butt lover’ dismissed as juror on trial of CIA leaker Josh Schulte (New York Post) One of accused CIA leaker Josh Schulte’s jurors was dismissed Thursday — a self-described “butt lover” who makes fashion accessories for derrières and was canned for admitting she looked at a press…
Brussels Airlines sues hacker who flew to New York for free (The Brussels Times) Brussels Airlines is seeking thousands in compensation from a Flemish hacker who put himself and two other friends on a business class flight to New York for free. The airline is requesting up to €20,
For a complete running list of events, please visit the Event Tracker.
2020 Security Tour and Hackathon (San Diego, California, USA, Mar 19, 2020) Come experience some of the hottest cybersecurity technologies at our 2020 Security Tour and Hackathon March 19th at the Nth Generation Headquarters in San Diego, CA. Don’t miss out on electrifying activities including: a taco truck, lock picking station, hack the box station, networking, technology showcase, hackathon, and rapid-fire presentations from top cybersecurity companies including: Arctic Wolf, Blackberry Cylance, Cyberinc, Cyberark Software, Extreme Networks, Hewlett Packard Enterprise, and Varonis. Think you can hack? Extreme Networks bets you can’t! Hack their network and win a Dji Mavic 2 Enterprise Dual Drone!
LBC2 (Towson, Maryland, USA, Mar 7, 2020) The third annual Loyola Blakefield Cyber Challenge is an exciting event for all participants. It will take place on March 7, 2020 at Loyola Blakefield High School. The challenge is created by students for students. Participants will be challenged with real-life scenarios that embody the specific cyber threats that are prevalent in today’s society. Whether you have had little or no training or are well-skilled in computer management, this challenge is open to everyone. The challenge will teach and assess participant’s skills and applications for handling cyber threats. Industry mentors will be on hand to make this a true teaching and learning day. If you have wanted to get involved in Cyber Security this is a great opportunity to try it out. The competition is open to all students in grades 8 thru 12. There is NO COST to attend for the day and lunch is provided. You only need to bring a laptop with you that is capable of accessing the internet wirelessly.
Techno Security & Digital Forensics Conference (San Diego, California, USA, Mar 9 - 11, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private sectors. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. Educational sessions cover topics within the following primary tracks from which CPE credits can be earned: Audit/Risk Management, Forensics, Investigations, Information Security, and Sponsor Demos. Learn from industry experts, connect with leading suppliers, and discover the latest innovations in cybersecurity and digital forensics.
WiCyS 2020 Conference (Denver, Colorado, USA, Mar 12 - 14, 2020) WiCyS is the only non-profit membership organization with national reach that is dedicated to bringing together women in cybersecurity from academia, research and industry to share knowledge, experience, networking and mentoring. The initiative was created through an NSF grant (Award #1303441) by Dr. Ambareen Siraj at Tennessee Tech University six years ago, and has grown into a wonderful alliance among academia, government and industry.
InfoSec Connect 2020 (San Diego, California, USA, Mar 15 - 17, 2020) InfoSec Connect is a high profile, interactive meeting of senior-level cybersecurity leaders from top credit unions, US banks, insurances, and financial services companies. It’s a forum built to share detailed discussions, source solutions/services from leading providers, and gain valuable insights on improving strategy. It covers discovering cutting-edge security approaches and managing risk in the ever-changing threat of the cybersecurity workforce.
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Mar 18 - 19, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
