Our new subscription program, CyberWire Pro, launched this week. Designed for cyber security professionals and all others who want to stay abreast of this rapidly evolving field, CyberWire Pro is a premium news service that will save you time and keep you informed.

Time changes everything –so does the cloud. Yet, even as the cloud unlocks potential it opens the door to threats. McAfee designs security natively in the cloud, for the cloud. To protect the latest, like containers. To empower your change-makers, like developers. And to enable business accelerators, like your teams. Cloud security that accelerates business, it’s about time. Visit McAfee.com/time.
Virgin Media data breach. Microsoft subdomain vulnerability. Dark web search. Disinformation update. Crypto wars return.
Virgin Media has disclosed a “data incident” in which some personal information belonging to about nine-hundred-thousand customers was exposed. The company says it's taken steps to close the breach.
The alert service Vulnerability claims that more than six-hundred Microsoft subdomains are susceptible to takeover. Forbes notes that while no exploitation has been seen in the wild, a proof-of-concept is out. Microsoft says it’s working on a fix.
Digital Shadows is tracking dark web search engine, “Kilos,” that’s gaining black-market share in criminal souks.
Super Tuesday may have gone off without much incident, but a recently released study by New York University’s Brennan Center for Justice thinks the US ought not relax its guard. The researchers concluded that disinformation operations directed against the 2020 election began last year, and that the operators behind the IRA troll farm have returned, using many of the same accounts. The study finds that the trolls have gotten better at impersonating candidates and parties, and are prepared to go beyond the simple amplification tactics seen so far.
The crypto wars have returned in a big way with the introduction of the EARN IT Act in the US Senate, WIRED reports. Nominally a measure directed against child exploitation, opponents from an unusually broad ideological spectrum see it as a roundabout way of subverting encryption.
The US Justice Department has also introduced a set of voluntary principles designed to control online child exploitation. Computing says that Facebook, Google, and a number of other tech firms have signed on.
Today's issue includes events affecting Australia, Brazil, China, Estonia, Iran, Russia, South Africa, Ukraine, United Kingdom, and United States.
Bring your own context.
Congratulations--you're a new CISO.
"I would say for any new CISO that's coming into an organization, it's really kind of important first to get to know the people who have been in place securing the environment. And sit down with them, and understand from them, where things stand from a security standpoint. It's important to understand the culture of the organization and really kind of step back a little bit and understand kind of what the risk tolerance is for the organization. And, you know, kind of based on that, you kind of understand where, you know, some of the potential gaps would be, kind of understand what the risk tolerance is. You can start to prioritize. At least in my case, having worked a lot with large enterprises, I think where a lot of people fall down is just doing things consistently across the board. You know, you have development environments. You have production environments. You have corporate IT environments. And you tend to have multiple teams working that. And things can get out of sync. So, you know, I think looking across the board there and just looking at kind of best practices that are occurring within each team and then trying to be able do that consistently and, you know, with rigor across the entire collection of IT systems is a good place to start."
—Chris Kubic, chief information security officer at Fidelis Cybersecurity, on the CyberWire Daily Podcast, 3.4.20.
Know thyself.
Aerospace news worthy of attention.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CrowdStrike, as Thomas Etheridge talks about ways of empowering business leaders to manage cyber risk. Our guest is Sherri Davidoff, discussing her book, Data Breaches: Crisis and Opportunity.