The CyberWire will continue to publish on schedule
The CyberWire will be up and running through the current COVID-19 pandemic. Stay healthy and stay in touch.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
The CyberWire will be up and running through the current COVID-19 pandemic. Stay healthy and stay in touch.
The EU’s foreign policy body, the European External Action Service, has called out Russia for systematically pushing disinformation about the coronavirus. “A significant disinformation campaign by Russian state media and pro-Kremlin outlets regarding COVID-19 is ongoing,” a document dated March 16 and obtained by Reuters said. “The overarching aim of Kremlin disinformation is to aggravate the public health crisis in Western countries...in line with the Kremlin’s broader strategy of attempting to subvert European societies.”
Bitdefender reports that TrickBot has a new module designed to brute-force Remote Desktop Protocol (RDP) for selected victims. Still under development, the RDP module seems intended for use against targets in Hong Kong and the US.
Morphisec has released more technical information on the Parallax remote access Trojan (RAT). Parallax has recently figured in coronavirus-themed attacks.
A few bits of criminality we didn't expect, but that retrospectively are fairly obvious, have emerged in this time of plague. First, SpyCloud warns that hoods are sharing instructions in their chat rooms on how to hijack food delivery services, the objective being, of course, free food. Second, with video-conferencing seeing heavy use as people work remotely, TechCrunch reports that "Zoom-bombing" is now a thing. That is, trolling Zoom virtual meetings and sharing unusually repellent violent or pornographic content as your screen, the objective being, of course, the lulz.
And BleepingComputer reports that high-minded criminals say they won't use ransomware against hospitals during the present pandemic. Sez the gangs, but the Register and the Telegraph seem reluctantly moved to skepticism.
Today's issue includes events affecting Canada, China, European Union, Iran, Italy, Democratic Peoples Republic of Korea, Latvia, Moon, Russia, United Kingdom, and United States.
Credential harvesting.
"A lot of phishing attacks, if you go from the, not the pre-text, phone call side but from the phishing side, a lot of those attacks are what we call credential harvesting attacks. So it's not to get a malicious payload onto the victim's endpoint; it's to get the credentials. So in those types of attacks of, you know, people adopt, companies adopt these passwordless technologies, then there's no passwords to steal."
—Kevin Mitnick, Chief Hacking Officer at KnowBe4, on the CyberWire Daily Podcast, 3.17.20.
The credentials are the goal, not installation of malware (not yet, anyway).
Doctor Rendezvous himself explains how to get through lockdown, quarantine, confinement. Buzz Aldrin, Apollo 11 Lunar Module pilot and alumnus of an Andromeda-strain-style quarantine at the Lunar Receiving Laboratory in Houston has offered us all not so much advice as an example. Ars Technica asked Mr. Aldrin what he was doing to protect himself from the coronavirus. "Lying on my a*s and locking the door," the second man on the moon immediately replied. He also suggested that one might pass the time the way he did, back in the day: watching ants and filling out travel vouchers. There may be some lessons here for telework, or at least for phoning it in. Ars calls Doctor Rendezvous a "national treasure," and what can one do but agree?
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. Join us April 14 to discover the most common ways organizations unintentionally put themselves at risk. This webinar will also highlight different strategies for mitigating the threats, from Security Information and Event Management (SIEM) tools to employee education. Register for the webinar.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Virtru, as Andrea Little Limbago reflects on insights from her own career path. Our guest is Tom Creedon from LookingGlass Cyber Solutions on cyber conflict in the Asia-Pacific region.
And Hacking Humans is up. In this episode, "Disinformation vs. misinformation," Dave shares the story of a malicious website posing as a Coronavirus map supposedly from Johns Hopkins University, Joe has the story of an elderly woman who lost a lot of money to two men claiming her grandson was in a car accident, the Catch of the Day's dying wish is to give you money to build an orphanage, and later in the show Carole Theriault returns and speaks with Samuel C. Woolley from University of Texas at Austin about disinformation campaigns.
EU says pro-Kremlin media trying to sow 'panic and fear' with coronavirus disinformation (CNN) Russian state media and pro-Kremlin outlets are waging a disinformation campaign about the coronavirus pandemic to sow "panic and fear" in the West, EU officials have warned in a report seen by CNN.
Russia deploying coronavirus disinformation to sow panic in West, EU document says (Reuters) Russian media have deployed a "significant disinformation campaign" ag...
Russia using coronavirus fears to spread misinformation in Western countries (TheHill) Russia is deploying a misinformation campaign in Western countries designed to sow discord and concern around the spread of coronavirus, according to the European Union (EU).
Keep an Eye on North Korean Cybercrime as COVID-19 Spreads (Diplomat) Will North Korea turn to cybercrime as COVID-19 crunches its economy?
VDD: continued search for cross-border cooperation with Russia creates intelligence risks (Baltic News Network) Latvian municipalities continue looking for options to perform cross-border cooperation with Russia. Among those projects there are significant intelligence risks, according to the report for 2019 from Latvia’s State Security Service.
Rise in Cyberattacks in Italy Prove Coronavirus is Impacting Cybersecurity - Acting as a Warning for Organizations Worldwide (Global Security Mag Online) Cynet announced that an analysis of the company's aggregate customer data in Italy is connecting the spread of the Corona Virus (COVID-19) to a growing volume of cyber-attacks in the region.
Researchers Track Coronavirus-Themed Cyberattacks (SecurityWeek) The coronavirus pandemic has spawned a coronavirus malware epidemic, where everyone and every organization is a potential target.
New TrickBot Module Bruteforces RDP Connections, Targets Select... (Bitdefender Labs) Bitdefender researchers have discovered a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations on select targets. The new module was discovered on January 30 and, based on the IP addresses it targets, victims seem to be US and Hong... #rdpbruteforce #rdpscandll #trickbot
New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong (Bitdefender) Bitdefender researchers have discovered a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations on select targets.
Parallax: The New RAT on the Block (Morphisec) The Parallax remote access trojan (RAT) is the new RAT on the block, which Morphisec Labs has tracked since January 2020 appearing in a new campaign.
Report: British Printing Press Leaks Confidential Material & More (vpnMentor) The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered a leaking S3 Bucket with over 270k records and greater than 343GB in
Third-party Voatz security assessment says third of findings were ‘high severity’ (Biometric Update) Trail of Bits has performed the first-ever “white-box” security assessment of the Voatz biometric voting platform, with access to the Voatz Core Server and backend software, and assessed that it “c…
Hackers Hide Malware C2 Communication By Faking News Site Traffic (BleepingComputer) A cyber-espionage group active since at least 2012 used a legitimate tool to shield their backdoor from analysis attempts to avoid detection. In their effort, the hackers also used a fake host header named after a known news site.
Trickbot, Emotet Malware Use Coronavirus News to Evade Detection (BleepingComputer) The TrickBot and Emotet Trojans have started to add text from Coronavirus news stories to attempt to bypass security software using artificial intelligence and machine learning to detect malware.
Evolution of malware obfuscation poses security concerns (SC Magazine) Researchers discovered cryptomining module that uses new obfuscation techniques
Intel processors vulnerable to new Snoop hack (SC Magazine) Difficult to exploit, new flaw discovered in Intel processors could allow hackers to steal data from the CPU's cache memory.
Blizzard hit by massive DDoS attack; EA Sports facing lagging issue (HackRead) It is a fact that hackers carry out DDoS attacks especially during the holiday season but due to Coronavirus or COVID-19; companies are encouraging their employees to work from home. And while at home, there is no way one can stay away from gaming.
France warns of new ransomware gang targeting local governments (ZDNet) CERT France says some local governments have been infected with a new version of the Pysa (Mespinoza) ransomware.
Android malware uses coronavirus for sextortion and ransomware combo (Naked Security) The app says it will notify you of coronavirus cases… but in fact it locks up your phone and sextorts you for money at the same time
Most Ransomware Gets Executed Three Days After Initial Breach (BleepingComputer) Ransomware gets deployed three days after an organization's network gets infiltrated in the vast majority of attacks, with post-compromise deployment taking as long as 299 days in some of the dozens of attacks researchers at cybersecurity firm FireEye examined between 2017 and 2019.
Beware of ‘ZoomBombing:’ screensharing filth to video calls (TechCrunch) The world is vulnerable to a new type of trolling as people turn to Zoom video calls to feel connected amidst quarantines. Jerks are using Zoom’s screensharing feature to blast other viewers with the most awful videos from across the internet, from violence to shocking pornography.
Risk of online sex trolling rises as coronavirus prompts home working (Reuters) More people could fall prey to online ...
Hospitals under threat as hackers exploit coronavirus to carry out cyber attacks (The Telegraph) As healthcare workers on the front line are coping with a wave of patients stricken by coronavirus, a different kind of virus is waiting for the opportune moment to wreak havoc.
Ransomware Gangs to Stop Attacking Health Orgs During Pandemic (BleepingComputer) Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.
Oh-so-generous ransomware crooks vow to hold back from health organisations during COVID-19 crisis (Register) Don't take their word for it. Governments need to up their security game, says security firm
As coronavirus crisis worsens, hacking is increasing, security experts say (CNET) Hackers want to manipulate your fears about COVID-19.
Google makes Play Protect mandatory in Advanced Protection program, blocks non Google Play apps (VentureBeat) Google is making Google Play Protect mandatory under its Advanced Protection program and is restricting apps from outside Google Play.
Google Prioritizes Security Updates After Halting Chrome Releases (BleepingComputer) Google has announced today that the release of future Chrome and Chrome OS versions is temporarily paused because of adjusted work schedules caused by employees having to work from home due to the novel coronavirus pandemic.
Cisco Patches Several Vulnerabilities in SD-WAN Solution (SecurityWeek) Cisco has patched several vulnerabilities in its SD-WAN solution, and while some of the flaws have been rated high severity, authentication and local access are required for exploitation
VMware Fixes Privilege Escalation Vulnerability in Fusion for Mac (SecurityWeek) VMware has patched a serious privilege escalation vulnerability that can be exploited on Mac systems where Fusion, VMRC or Horizon Client are installed
Trend Micro fixes two actively exploited zero-days in enterprise products (Help Net Security) Trend Micro has fixed two actively exploited zero-day vulnerabilities in its Apex One and OfficeScan XG enterprise security products.
Dear Adobe, Trend Micro users: Please vaccinate your software – at least some of these security holes were exploited in the wild (Register) Genuine Integrity doesn't exactly live up to its name
Study Explores why we Delay Software Updates Despite the Risks (EDGY_ Labs) In a recent study, researchers explore why we delay software updates, even though we know the risk involved in doing so. Three years ago, attackers infected roughly 250,000 computers around the world running Windows with malware that would later be named “WannaCry.” Victims of the attack found their PC locked and unusable. To regain access … Continue reading "Study Explores why we Delay Software Updates Despite the Risks"
The Coronavirus Crisis Is Showing Us How to Live Online (New York Times) We’ve always hoped that our digital tools would create connections, not conflict. We have a chance to make it happen.
CYFIRMA says Coronavirus pandemic has impact on cyberspace (CISO MAG) CYFIRMA’s threat visibility and intelligence research reveals increase in cyberthreat indicators related to the Coronavirus pandemic.
Securing Remote Workers: Impact On Enterprise IT Collaboration Tools (Wandera) With coronavirus stirring fears around the world, corporate continuity plans are being put to the test. In what Fortune is describing as the “world’s largest work-from-home experiment”, an increasing number of people are staying at home. How are businesses coping?
Red Canary's 2020 Threat Detection Report (Red Canary) Worms dominated the landscape in 2019, according to an analysis of confirmed threats in Red Canary’s 2020 Threat Detection Report. Read other key takeaways.
7th Annual Data Breach Preparedness Study (Experian) Experian partners with the Ponemon Institute to release the 7th Annual Data Breach Preparedness Study
SMBs Face Remote Working Challenges Due to COVID-19 (Small Business Computing) Bandwidth demands and security threats loom large for businesses new to remote working.
Cybersecurity Professionals Exhibit Risky Behavior – RSA Conference Survey (Gurucul) Privileged credentials are the keys to the IT kingdom. That phrase has been repeated so much in recent years it’s bordering on marketing hyperbole. But there’s a reason it’s become part of the cybersecurity lexicon.
Cost of Cyber-Events Worsening for Large Businesses (Infosecurity Magazine) Fortune 1000 businesses face increasing cyber incidents costs
Australian Telecom Regulator Says Email and SMS Phishing Scams of Online Gambling Operators Have Increased (Casino Guardian) This week, the Australian Communications and Media Authority (ACMA) has issued a notice to local residents to warn them to be careful about suspicious emails or SMS that claim to be sent from online gambling
Kids are facing cyberbullying with 66% of parents being unaware (Atlas VPN) According to data investigated by Atlas VPN, children who use the internet excessively are more likely to become depressed. With kids spending 8.5 hours on screen per day, risk of cyberbullying, loneliness, and anger issues arise. Recently, four thousand US households completed a survey on parental control over social media consumption. Questionnaire findings show that …
Online trolls (Quartz) Online trolls: Out from under the bridge
Venture funding in security startups is falling. Don't blame the coronavirus. (CyberScoop) Venture capital investment in security startups in the first two months of this year is down from years past, according to DataTribe.
A Look at Early Stage Venture Investment Activity in the Preceding Decade and how the Coronavirus (COVID-19) plays into 2020 (DataTribe) Venture capital investment activity can fluctuate year-to-year due to a variety of reasons ranging from macroeconomic conditions to geopolitical concerns. As an early-stage startup foundry...
An update on our continuity strategy during COVID-19 (Twitter) As the entire world faces an unprecedented public health emergency, we want to share the challenges we are facing and the contingency measures we’re putting in place to serve the public conversation.
The Hot 150 Cybersecurity Companies To Watch In 2020 (Cybercrime Magazine) Annual list of the world’s hottest pure-play cybersecurity companies Selection Criteria
Controversial Group Behind Coronavirus Tracking App Has Crypto Ties (Yahoo) The coronavirus crisis may highlight the overlap between the surveillance state and the cryptocurrency industry.
4 Cybersecurity Stocks Are Dirt Cheap After the Crash and Ready to Soar (24/7 Wall St.) Coming off of the worst trading day since 1987 on Monday, and a getting an encouraging but mild bounce back on Tuesday, many investors can barely find the nerve to open their bludgeoned brokerage accounts, and with good reason.
The Crypsis Group Announces the Formation of Crypsis Threat Research Labs to Analyze and Share Threat Data with the Public (PR Newswire) The Crypsis Group, a leading incident response, risk management and digital forensics firm, today announced the formation of the Crypsis Threat...
KnowBe4 Adds New Independent Board Member Kara Wilson (KnowBe4) KnowBe4 Adds New Independent Board Member Kara Wilson
ReversingLabs Names Paul Ciesielski as Chief Revenue Officer to Support Company’s Continued Growth and Scale Sales Operations (AP NEWS) ReversingLabs, a leading provider of explainable threat intelligence solutions, has appointed Paul Ciesielski its Chief Revenue Officer.
Akamai Technologies Elects Marianne Brown to Board of Directors (PR Newswire) Akamai (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital experiences, today announced the appointment of...
Security firms offer free ransomware help to healthcare providers during coronavirus pandemic (SiliconANGLE) Security firms offer free ransomware help to healthcare providers during coronavirus pandemic - SiliconANGLE
Free ransomware help for healthcare providers during the Coronavirus outbreak (Emsisoft | Security Blog) We are offering free ransomware help for healthcare organizations during the Coronavirus outbreak.
COVID-19: Awake Security Offers Free Platform Access to Support Healthcare Institutions Defend Against Ransomware and Other Threats (BusinessWire) Awake Security provides free access to the Awake Security Platform for hospitals and other healthcare facilities.
DH2i Launches DxOdyssey Work From Home Software - Completely Free of Charge, No Strings Attached (PR Newswire) DH2i®, a leading provider of multi-platform Software Defined Perimeter (SDP) and Smart Availability™ software, today announced that in response...
Digerati Technologies' Business Solutions Provide Certainty to Work During the Coronavirus Pandemic (Benzinga) Digerati Technologies, Inc. (OTCQB: DTGI) ("Digerati" or the "Company"), a provider of cloud services...
Beachhead Solutions Offering Customers Free Temporary Licenses to Accommodate the Surge in Their Employees Working Remotely (Globe Newswire) Additional SimplySecure licenses immediately available to businesses to ensure device and data security while their employees work remotely
Safe-T’s Remote Access Solution Implemented by Several Businesses Impacted by the Coronavirus Crisis (Yahoo) Safe-T® Group Ltd. (NASDAQ, TASE: SFET), a provider of secure access solutions for on-premise and hybrid cloud environments, today announced that several organizations have successfully deployed its Secure Application Access (SAA) solution to allow
Sift Announces Partner Program to Bring Digital Trust & Safety Technology to Businesses Everywhere (Globe Newswire) Program features partnerships with leading platforms and service providers, integrations, and open APIs via Sift Connect
Stealthbits Combines Ease of Use and Security for a Unique Approach to Privileged Access Management (BusinessWire) Stealthbits today announced the release of Stealthbits Privileged Activity Manager® (SbPAM®) 2.0.
ControlScan Becomes One of the First PCI Software Security Framework Assessor Companies (AP NEWS) ControlScan, a leader in managed security and compliance solutions that help secure IT networks and protect payment card data, has become one of the first Software Security Framework Assessor companies to be listed by the PCI Security Standards Council.
SolarWinds N-central 12.3 Integrates SolarWinds Endpoint Detection and Response Capabilities (AP NEWS) SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today announced the launch of SolarWinds ® N-central ® 12.3, offering new features including SolarWinds Endpoint Detection and Response (EDR), updated Network Topology Mapping, and capabilities for managing VMware ® systems.
Sixgill Introduces Dark Web Data Feed Product (SecurityWeek) Threat intelligence provider Sixgill has announced a new product that allows organizations to integrate a real-time, actionable dark web data feed into any security platform
Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services · StackRox: Cloud-Native, Container, and Kubernetes Security (StackRox) StackRox Kubernetes Security Platform delivers compliance and security for Sumo Logic’s containerized and Kubernetes applications across global AWS zones
SixFifty Launches Automated GDPR Compliance Tool to Help Companies Navigate EU Privacy Law (PR Newswire) SixFifty, the technology subsidiary of Wilson Sonsini Goodrich & Rosati (Wilson Sonsini), today announced the launch of its fully automated...
Open Access BPO Secures PCI DSS Certification (PR Newswire) Open Access BPO achieved Payment Card Industry Data Security Standard certification from the PCI Security Standards Council. Open Access BPO, a...
Lanner Teams with Gorilla Technology to Launch Secure Edge AI Appliance (PR Newswire) Lanner Electronics, a world leader in design and manufacturing of intelligent edge appliances, announced partnering with Gorilla Technology,...
Kaspersky announces partnership with Arctic Security (ITP.net) Aims to deliver tailored threat intelligence to enterprises and service providers
Our Technology | Sertainty | Data: Empowered (Sertainty) Sertainty technology provides empowered data solutions tailored to your needs for active risk mitigation and data control.
Cofense PhishMe Achieves Significant FedRAMP Milestone (PR Newswire) Cofense®, the global leader in intelligent phishing defense solutions, today announced Cofense PhishMe®, its award-winning phishing security...
Kanguru: Protecting Data In The New Remote World (BusinessWire) Kanguru Defender Hardware Encrypted USB Drives and Remote Management are ideal solutions for securing data in a new remote working environment.
Fortinet’s New Partner Program Addresses Evolving Security Landscape and Business Needs (Globe Newswire) Fortinet’s Engage Partner Program Offers Channel Partners New Enablement Initiatives and More Flexibility to Drive Business Growth
Zero Trust Architecture (NCCOE/NIST) We are currently seeking feedback on a draft project description, Implementing a Zero Trust Architecture. The public comment period is now open and will close on April 14, 2020. Please submit your feedback.
GPS satellite gets a digital twin to ensure cyber security (GPS World) The U.S. Air Force is using digital replica of a GPS IIF satellite to detect any cyber-security issues, …
Privacy and Cybersecurity Considerations when Managing COVID-19 Risk (Cooley) Companies are working hard to balance the privacy of their employees and the need to keep employees informed and safe. Many have encouraged employees and visitors to report if they experience COVID…
Coronavirus: Why taking digital precautions is as important as handwashing (The National) Employees should avoid sharing sensitive data over WhatsApp or personal email accounts
Mitigating the Potential Impact of COVID-19-Related OT Security Risks (Nozomi Networks) As a cybersecurity practitioner, you may be wondering what you can do to prepare yourself and your organization for the potential impact of COVID-19, aka coronavirus?
COVID-19 Cybersecurity Exposure (Data Privacy Monitor) Risk scenarios and recommendations History tells us that unscrupulous actors will exploit any crisis, and COVID-19 is no exception. Attackers wasted no
COVID-19: With everyone working from home, VPN security has now become paramount (ZDNet) DHS, SANS, NJCCIC, and Radware warn companies about securing enterprise VPN servers in the midst of the coronavirus outbreak and when a vast majority of employees are working from home.
How to better defend your organization against remote access threats (TechRepublic) With people working remotely due to the coronavirus, cybercriminals are trying to take advantage of such tools as VPNs and remote desktop services, says security firm Radware.
Cloud security can be broken down into 4 practical steps (TechRadar) Cloud security is much like trying to eat an elephant
Using Mystery Novel Techniques to Track Down Cyberthreats (Security Intelligence) If you consider yourself a good sleuth who can predict the end of every Agatha Christie novel, you might have a knack for discovering the origins of cyberthreats.
Telework, or ‘tele-goofing off?’ Mixed agency messages show stigma still exists (Federal News Network) Agencies have offered mixed messages about telework and the flexibilities their employees have in balancing the coronavirus pandemic, childcare duties and family medical concerns — and their work and…
Facebook launches one-stop shop portal for coronavirus information (Washington Post) Facebook’s new portal aims to be a one-stop shop for its more than 2.5 billion users to find news and resources about the pandemic.
Facebook accidentally blocks genuine COVID-19 news (Naked Security) Facebook is denying that a recent content moderation glitch has anything to do with workforce issues, but blames automatic systems.
TikTok forms outside group to aid in content moderation policies (Axios) Experts on misinformation, hate speech and child safety will advise TikTok on policy.
How China built facial recognition for people wearing masks (Ars Technica) Hanwang says its technology has reached 95% accuracy in identifying mask wearers.
The Coronavirus Exposes Education’s Digital Divide (New York Times) In China, many rural students lack the connections or hardware to learn remotely. More nations will confront the same reality as the outbreak spreads.
Russia’s Internet knockout punch (Meduza) Hackers leak internal documents showing the FSB’s quest for a cyber-weapon that can take whole nations offline.
MI5's counter espionage organisation made public (SC Magazine) Yesterday Home Secretary Priti Patel publicly confirmed the existence of the joint state threats assessment team (JSTAT) based in MI5's headquarters at Thames House in London.
What Now? Facing Cyber Threats to Infrastructure in the Aftermath of Global Political Conflicts (Threatpost) The Federal Government has recommended a starting point for security that highlights some elementary cyber hygiene, such as backups and multi-factor authentication.
Analysis | The Cybersecurity 202: Coronavirus pandemic makes U.S. more vulnerable to serious cyberattack, lawmakers warn (Washington Post) They're calling for a strong response to hacks and misinformation to avoid emboldening adversaries.
Message to Cybercriminals: Hospitals Are Off-Limits (Council on Foreign Relations) Late Sunday evening, the U.S. Department of Health and Human Services was hit with a cyberattack.
Notification of Enforcement Discretion for telehealth (HHS.gov) Notification of Enforcement Discretion for telehealth remote communications during the COVID-19 nationwide public health emergency
Analysis | The Cybersecurity 202: Trump's decision to loosen rules for digital doctors visits raises hacking concerns (Washington Post) But experts say it's worth the risk to stop the spread of coronavirus.
Trump harnesses wartime powers and signs coronavirus legislation (San Diego Union-Tribune) Congress is working on emergency legislation to protect Americans from the financial fallout of the coronavirus epidemic
Analyzing Cyberspace Solarium Commission's Blueprint for a Cybersecure Nation (SecurityWeek) Cyberspace Solarium Commission (CSC) report provides recommendations on how the United States can contain and counter the threat from cyberspace, and continue to thrive.
Where the Cyberspace Solarium Commission Report Succeeded and Could Improve (Infosecurity Magazine) The report moves the governments defense of civilization into modern times, but I feel we can do more
A new label to better protect critical infrastructure (Fifth Domain) A new report suggests that the federal government take steps to more actively defend networks of critical infrastructure operators.
The Cyberspace Solarium Commission’s Mandate to Fix Congressional Oversight (Lawfare) The report of the Cyberspace Solarium Commission is finally out—and it provides a fresh look at congressional oversight on cybersecurity.
Where the Cyberspace Solarium Commission Report Succeeded and Could Improve (Infosecurity Magazine) The report moves the governments defense of civilization into modern times, but I feel we can do more
Senator calls for cybersecurity review at health agencies after hacking incident (TheHill) Sen. Michael Bennet (D-Colo.) is calling on the three top federal health agencies to allow for an investigation into their cybersecurity defenses following an attempted hack of the Department of Health and Human Services (HHS).
Sens. Sound Privacy Alarm On Google's Virus Screening Site (Law360) Five senior Democratic senators raised concerns Wednesday over whether a new coronavirus screening website set up by a Google subsidiary adequately protects users' data from hackers, or includes a promise not to use the data for targeted advertising.
US Actions Show View Of Crypto As National Security Threat (Law360) The U.S. Office of Foreign Assets Control, the U.S. Department of Justice and other agencies' recent coordinated responses against jurisdictions using cryptocurrencies to evade sanctions signal a U.S. government clampdown on this area, say attorneys at King & Spalding.
GOLDSTEIN: The case to ban Huawei from Canada’s 5G is more compelling than ever (Toronto Sun) In light of everything that’s happened over the past 466 days, it boggles the mind that the Canadian government can still be considering whether to allow Huawei Technologies to participate in…
Huawei rip & replace remains priority amid pandemic (FierceWireless) Two weeks ago, Competitive Carriers Association (CCA) President and CEO Steve Berry was testifying before a U.S. Senate committee on 5G supply chain security and how CCA members need funds to “replace, then rip” as opposed to “rip and replace.” This week, he’s still talking about CCA members’ requirements for that program—but now they’re grappling with seemingly far greater problems from the coronavirus pandemic.
Government’s Maximum Telework Policy Overlooks Contractors (Nextgov.com) Industry association pushes for the administration to issue guidance for flexibility and greater use of contractors during the coronavirus pandemic.
Indian Govt does not clarify if it will audit WhatsApp's systems (MediaNama) The government has sought information from WhatsApp, including "discussing the need to conduct an audit" of the app's security systems and processes.
How Microsoft Dismantled the Infamous Necurs Botnet (Wired) A years-long investigation and global cooperation disrupted one of the biggest botnets ever.
Alarming Coronavirus Police Surveillance Tags Are Now Here: Hong Kong First To Deploy (Forbes) These bracelets monitor people in isolation—if you leave home you are automatically flagged and face arrest.
Barr: FBI probing if foreign gov't behind HHS cyber incident (AP NEWS) Attorney General William Barr vowed in an interview with The Associated Press on Tuesday that there would be swift and severe action if a foreign government is behind...
Senators blast Google for facemask ads, demand action from FTC (CNN) Two Democratic senators asked the Federal Trade Commission to pursue enforcement action against Google Tuesday saying the company is continuing to allow ads for the sale of facemasks amid the coronavirus pandemic.
Feds Justify Ditching Mueller Case, But Questions Remain (Law360) The prosecution of a pair of Russian companies in a case initially filed by Robert Mueller over alleged interference in the 2016 U.S. presidential election may have been understandably dropped out of a concern for national security and in the face of aggressive discovery tactics, but the dismissal raises questions about the precedent it sets.
Fife defence firm manager uploaded images of women he knew to porn website (The Courier) A high-ranking employee of a multinational defence company posted photographs and video of women he knew on a pornography website.
For a complete running list of events, please visit the Event Tracker.
International Cyber Expo 2020 (London, England, UK, Dec 2 - 3, 2020) The worlds of cyber and physical security are colliding - International Cyber Expo is the first dedicated event to bridge the gap between these two industries on a global scale.
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Mar 18 - 19, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
National Cyber League (NCL) Spring Season (Various locations, Mar 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
Inaugural Tampa Cyber Security Summit (Tampa, Florida, USA, Mar 20, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from the U.S. Dept. of Homeland Security, the U.S. Dept. of Justice, Darktrace, ExtraHop and more about the latest threats facing your company.
2020 Cipher Brief Threat Conference (Sea Island, Georgia, USA, Mar 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some of the top names in intelligence and global security involved in matters of cyber, defense and security. Combined with an invitation-only audience, The Cipher Brief Threat Conference provides a unique experience that no other event in the defense and national security space can match. For us, it's not just about who's on the stage, it's about who's in the room.
SecureWorld Boston (Boston, Massachusetts, USA, Mar 25 - 26, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.