The CyberWire will be up and running through the current COVID-19 pandemic. Stay healthy and please stay in touch.
More Signal. Less Noise.
Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
CISA explains critical sectors. COVID-19 disinformation. Fraud and spoofing. Fancy Bear is back.
Announcements
The CyberWire will continue to publish on schedule
Summary
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, CISA, has issued guidance for how organizations should consider organizing their work (and employees) during the present COVID-19 emergency. CISA stresses that the recommendations are advisory in nature, but they do suggest how organizations might decide who needs to report, physically, to the job and who might work remotely. They also suggest ways of arranging workplaces and work schedules to “reduce the likelihood of spreading the disease.” A number of the jobs the recommendations discuss are directly concerned with cybersecurity. As the Voice of America and others point out, the risk of cyberattack rises with the incidence of telework.
Iran appears to have suffered particularly badly from COVID-19, with an acknowledged 17,361 cases, 1135 of which have proven fatal, Foreign Policy reports. The Islamic Revolutionary Guard Corps has mounted a domestic influence campaign to place responsibility for the pandemic on its two usual suspects: the US and Israel.
Some of the fictions circulating about the pandemic are disinformation, others promote fraud, while still others are popular bits of misinformation. Tenable has a rundown of fake cures, phony government statements, and simple panicky mistakes (often amplified by fearful conspiracy theories). IBM has found one set of hoaxed communiques that pretend to be from the World Health Organization--they’re vectors for HawkEye malware.
Trend Micro reports that APT28 (whom you may recognize as Fancy Bear, Russia’s GRU) is using previously compromised corporate email accounts to spearphish for credentials in the defense sector.
Notes.
Today's issue includes events affecting Brazil, Germany, Iran, Israel, Russia, United Kingdom, and United States.
Bring your own context.
So many breaches seem to happen because of misconfigured databases. Why should this be?
"Now, object stores by their very nature in the cloud are meant to be easily accessible because accessing that unstructured data, obviously, is very common. What happens is, those buckets - whoever sort of set it up thought, well, this is a database that contains sensitive information; I'm going to make it private. Months pass, and someone says, you know that database backup? We're going to run some analytics, so it would really be great to, you know, sort of get access to that backup. And so they flip it open - should probably only be kept open for - I don't know - the hour or so that... mere moments. And there it stays. And that is called configurations drift. So you start off with a security posture that is quite good. You will apply best practices. But over time, things get opened up for one reason or another, and they're never flipped back to their proper state."
—Johnnie Konstantas, senior director of security product management at Oracle, on the CyberWire Daily Podcast, 3.18.20.
Get the drift?
CyberWire Pro delivers timely briefings about developing news.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
How can SIEM protect against the top cybersecurity threats?
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. Join us April 14 to discover the most common ways organizations unintentionally put themselves at risk. This webinar will also highlight different strategies for mitigating the threats, from Security Information and Event Management (SIEM) tools to employee education. Register for the webinar.
On the Podcast
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Accenture Labs, as Malek Ben Salem discusses mobile tracking and privacy. Our guest is Tom Quinn from T. Rowe Price, who talks with us about the challenges of protecting a financial institution.
Sponsored Events
Free Webinar: Ransomware in an Industrial World (Online, April 2, 2020) Ransomware has become one of the most common methods of profit for cybercriminals – and a major cause of computer disruptions. Join Dragos and the CyberWire on April 2 to hear strategies to combat this new cyber risk.
Georgetown University Programs in Cybersecurity Webinar (Online, April 9, 2020) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on Thursday, April 9, at noon ET to learn more.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Cyber Threat Increases as More Americans Telework (Voice of America) The race to slow the spread of the coronavirus in the United States is placing an unprecedented burden on the country’s cyber infrastructure, potentially making it as vulnerable as it has ever been.
Iran Knows Who to Blame for the Virus: America and Israel (Foreign Policy) The regime’s ideological army is spinning conspiracy theories even as it helps spread the virus among Iran’s long-suffering people.
PSA: 9 Ways Attackers Are Capitalizing on COVID-19 (SpyCloud) Cybercriminals are profiting off of coronavirus fears. SpyCloud summarizes 9 tactics security professionals should be aware of.
COVID-19: Novel Coronavirus Becomes Hotbed for Misinformation, Scams and Fake Cures (Tenable®) The worldwide fear and uncertainty surrounding the novel coronavirus isn’t just being leveraged in malware and phishing attacks, as it has also enabled the spread of misinformation, fake cures and
Coronavirus Disrupts Social Media’s First Line of Defense (Wired) Facebook, Twitter, and YouTube all announced this week that thousands of content moderators are being sent home—leaving more of our feeds in the hands of machines.
WHO Chief Impersonated in Phishing to Deliver HawkEye Malware (BleepingComputer) An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.
Covid-19 Drug Advice From The WHO Disguised As HawkEye Info-Stealer (IBM X-Force Collection) Summary
X-Force recent analysis identified a new HawkEye malware variant distributed in mails spoofing the World Health Organization. The email appears to be sent directly from Dr. Tedros Adhanom Ghebreyesus, Director-General, World Health Organization (WHO). This email campaign began on Thursday, March 19, 2020.
Overview
Timeline 03.19.2020 - 6:00 A.M - 9:45 A.M CET
fig 1. Timeline
Between 6:00 a.m. and 9:45 a.m. CET, the campaign distributed several waves of emails purporting to come from WHO. See Figu
‘Dirty little secret’ extortion email threatens to give your family coronavirus (Naked Security) …And it’s got your password as “proof”.
Coronavirus $1,000 relief check plan not even final yet and experts say fraudsters are already looking to cash in (CNBC) Over the past few days, the White House and federal lawmakers have discussed plans to send $1,000 checks to Americans to ease the financial burdens of the COVID-19 outbreak. But the Federal Trade Commission is warning consumers to beware of scammers looking to get their hands on that cash instead.
"Heightened risk of cyber criminals exploiting COVID-19 fears", NCSC warns (Data Protection Report) The National Cyber Security Centre (the NCSC) has warned that businesses and the public face an increased threat from attacks seeking to exploit COVID-19
COVID-19: Data Tells the Story (PerimeterX) As more business moves online in response to coronavirus, e-commerce web traffic and scraping bot attacks are increasing.
Coronavirus Scam Alert: Beware Fake Fox News Articles Promising A CBD Oil Cure (Forbes) COVID-19 scams are proliferating via text message and the latest sees CBD oil promised as a possible cure via a fake Fox News article.
RedLine Info-Stealing Malware Spread by Folding@home Phishing (BleepingComputer) A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake Folding@home app that installs an information-stealing malware.
Hackers Promise 'No More Healthcare Cyber Attacks' During COVID-19 Crisis (Forbes) As leading cybercrime gangs promise not to attack healthcare organizations during the COVID-19 pandemic, can we take them at their word?
COVID-19 Impact: As Retailers Close their Doors, Hackers Open for Business (Check Point Software) While we struggle to contain the outbreak of the coronavirus worldwide, its impact is spreading rapidly across the globe. Countries are shutting their
Digital Shadows Report: Dark Web's Reaction to COVID-19 (Security Magazine) Are discussions of COVID-19 as popular on the dark web as they are on the clear web? How are cybercriminals discussing COVID-19?
Food Delivery Service in Germany Under DDoS Attack (BleepingComputer) Cybercriminals found in the context of a public health crisis that caused unprecedented restrictions affecting the restaurant industry a perfect opportunity to launch an attack on the systems of Takeaway food delivery service in Germany.
Hackers start selling and distributing Sodinokibi data leaks on hacking forums (Computing) The data allegedly belongs to consultancy Brooks International, which refused to pay ransom to cyber criminals
Russia-linked APT28 is using stolen corporate email accounts to facilitate phishing attacks (Computing) Almost 40 per cent of the attacks launched by the group, also known as Pawn Storm, launched over the past year targeted defence companies
Russian hackers using stolen Middle Eastern email accounts to mask their phishing attempts (CyberScoop) Since at least May of last year, Fancy Bear has used hacked email accounts belonging to personnel working at defense firms to send phishing emails.
Pawn Storm in 2019: A Year of Scanning and Credential Phishing on High-Profile Targets (Trend Micro) Pawn Storm has had traditional cyber weapons, like malware, in its attack arsenal since at least 2004, the earliest year we have been able to trace the group’s activities.
Concern mounts over security of military PCs amid hacking attacks (Dong-a Ilbo) Operational problems occurred including temporary freezing of TACS, a core security program of the …
Some commercial password managers can be fooled into disclosing user passwords, researchers warn (Computing) Such password managers use weak criteria to find out whether an app is genuine or not
Security flaws found in popular password managers (WeLiveSecurity) Password manager security isn’t as airtight as some might think with new vulnerabilities discovered and old ones remaining unpatched, an academic study has found.
Researchers Reveal Crypto Mining Botnet's Sneaky Tactics (Cointelegraph) The cybercriminals behind the crypto mining Stantinko botnet have devised some ingenious methods to evade detection.
Stantinko’s new cryptominer features unique obfuscation techniques (WeLiveSecurity) ESET researchers bring to light unique obfuscation techniques discovered in the course of analyzing a new cryptomining module distributed by the Stantinko group’s botnet.
New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices (Threatpost) The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.
Insulet Omnipod (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit/public exploits are known for this vulnerability
Vendor: Insulet
Equipment: Omnipod Insulin Management System
Vulnerability: Improper Access Control
2.
Systech NDS-5000 Terminal Server (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Systech Corporation
Equipment: NDS-5000 Terminal Server
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.
HBO’s ‘Kill Chain’ reveals scary reality: U.S. voting system under attack (Amsterdam News) Is America’s voting process broken? Recent developments aren’t encouraging. For instance, in May of 2019 Sen. Kamala Harris along with twelve other senators, introduced the Protecting American Votes and Elections (PAVE) Act in the senate.
Addressing Safety of Smart Devices for Use in Nuclear Power Plants (IAEA) With rapid advances in digital technologies, smart digital devices such as smart sensor transmitters, electrical protective devices and variable speed drives, are increasingly used at many nuclear power plants – even if they were not initially designed for nuclear-related purposes.
Hacker holds Bluffton fire department servers hostage, as authorities investigate (Island Packet) “If you see this message — this means your files are now encrypted and are in a non-working state!”
Pwn2Own Hacking Contest Exposes Vulnerabilities in Windows, macOS, Ubuntu (NDTV Gadgets 360) The winners, Team Fluoroacetate have won their fourth Pwn2Own in a row.
Security Patches, Mitigations, and Software Updates
Drupal Updates CKEditor to Patch XSS Vulnerabilities (SecurityWeek) The CKEditor library is affected by a couple of XSS vulnerabilities that could be used to target Drupal website admins
Microsoft postpones end of support for some Windows 10 1709 versions (ZDNet) Microsoft is giving customers an additional six months of support for some variants of Windows 10 1709 as a result of the impact of COVID-19 on IT professionals.
UK printer’s S3 Bucket leaks military documents, AWS issues patch (SC Magazine) Amazon Patches S3 buckets of Doxzoo after vpnMentor researchers find 343 GB trove
Cyber Trends
Coronavirus affects national security in novel ways (The Cipher Brief) Cipher Brief Expert and former Acting Director of CIA, John McLaughlin shares his thoughts on why this virus poses unique challenges to US national security
Lurking in the shadows: the disturbing rise of stalkerware (Engineering and Technology) With the installation of software to spy on individuals on the rise, advocates plead more needs to be done to ensure no more people fall victim to such heinous crimes.
Everyone wants to be more secure — as long as it isn't an inconvenience (CIO Dive) Apply that logic for CIOs and IT leaders, except the stumbling block revolves around revenue, or a lack thereof.
Most Brazilians not receiving tech support for remote work – Avast (BNamericas.com) According to Avast, 58% of company employees say they do not receive the technological support or knowledge they need from their employer when they work at h...
Marketplace
Eset creates a fund to support coronavirus diagnoses (Slovak Spectator) The security software developer has allocated €300,000.
KnowBe4 Mobilizes All 884 Employees to Work From Home in One Day (KnowBe4) KnowBe4 Mobilizes All 884 Employees to Work From Home in One Day
Huntress Labs' Kyle Hanslovan on how his team tricked a hacker into being arrested (CyberScoop) Huntress Labs Co-Founder Kyle Hanslovan talks with Greg Otto on how his company found a hacker breaking into a managed service provider's network.
Cyber security chiefs respond to Covid-19 with support for companies (Commentator) Cyber securtiy industry leaders have unveiled a series of new measures to during the Coronavirus crisis and issued warnings about the security risks to companies
Security Firms Offer Ransomware, Security Assistance During COVID-19 (HealthITSecurity) A number of security firms, such as Awake Security and EmsiSoft are offering healthcare providers free access to security tools and ransomware assistance; CynergisTek offers additional privacy tools.
Thomson Reuters Acquires Gov Tech Company Pondera Solutions (Government Technology) The Ontario-based conglomerate Thomson Reuters now has Pondera’s anti-fraud, waste and abuse platform in its suite of business intelligence tools, potentially giving health-care giants greater insight into bad actors.
CrowdStrike stock soars as sales nearly double, results beat expectations (MarketWatch) CrowdStrike Holdings Inc. shares skyrocketed in the extended session Thursday after the cybersecurity company’s results and outlook topped Wall Street...
CrowdStrike CEO: Partners Coming To Us As Symantec ‘Abandons’ Many Customers (CRN) CrowdStrike CEO George Kurtz said his company has landed many Symantec channel partners following the November sale of the company’s enterprise business to Broadcom.
Why Cisco Stock Is Becoming Attractive Following the Coronavirus Sell-Off (The Motley Fool) The solid tech giant should profit from its work-at-home solutions, and it remains exposed to long-term technology tailwinds.
Cygilant Names Jim Fairweather Its New Chief Revenue Officer (Cygilant) Industry Veteran to Lead Sales Team and Guide Future Company Growth
AppOmni Expands Executive Leadership Team to Support Rapid Growth (Yahoo) AppOmni welcomes three new executives to the company’s leadership team: Kathleen McKinnon, Brandon Conley and John Yun
Illusive Networks appoints Steve Katz to board of advisors (Consulting) Cyber-defense consultancy Illusive Networks has named Steve Katz to its board of directors.
Products, Services, and Solutions
Code42 Enhances its Data Security Solution to Help Protect Organizations as the Number of Employees Working from Home Surges (Code42) Code42, the leader in insider threat detection, investigation and response, today announced it enhanced its data security solution, adding new capabilities that pinpoint suspicious data activity among remote employees. To speed the detection and investigation process, the company’s new dashboard features highlight remote employees who have the riskiest file activity. They also give immediate insights into …
Cato Launches Instant Access: The First SASE-Based Clientless Access Service to Enable Enterprises to Support Work-From-Home at Scale (Cato Networks) Newest enhancement to Cato SDP demonstrates the power of full SASE architecture. With Instant Access for Cato SDP, enterprises can deliver large scale, secure, high-performance remote access worldwide at the flip-of-a-switch.
COVID-19 Update (Virtru) To better support organizations hit especially hard by the effects of the COVID-19 pandemic, Virtru is committed to enabling organizations to protect and control their data, everywhere, at all times.
In Response to COVID-19 Pulse Technology Solutions to Provide Free PC and Server Monitoring (EIN) Includes patch management, e-learning solutions and critical cyber security relief with secure remote working from home options to connect to the office
The Financial Data Exchange Releases First Major Update to FDX API, Makes Fourth Version of Standard Available Immediately (FinancialDataExchange)
The FDX API 4.0 introduces critical improvements to tax applications and brings full compliance with REST conventions, other international standards
Coalfire ISO Awarded One Of The World's First ISO 27701 Accreditation Decisions Among Certification Bodies (PR Newswire) /PRNewswire/ -- Coalfire ISO, the conformity assessment body arm of Coalfire, announced today that it has become one of the world's first certification bodies...
MSPs Fueling Growth for Avanan Email Security (Markets Insider) NEW YORK, March 19, 2020 (GLOBE NEWSWIRE) -- Avanan, the highest rated security solution for cloud-based email and collaboration suites, today a...
Palo Alto's IoT Product Gains FedRAMP's "In Process" Status (Yahoo) Palo Alto (PANW) obtains the FedRAMP "In Process" designation for its Zingbox IoT Guardian product, which would allow it to gain contracts across the government sector.
Microsoft Touts Secured-Core PCs To Block Driver Exploits (Redmondmag) The Windows platform security team explained this week in an announcement that PC devices are subject to possible driver exploits, and recommended the use of Secured-core PCs as a defensive measure.
Minerva Labs Protects Every Home Computer That Connects to the Organization (PR Newswire) Minerva Labs, a market leader in Endpoint Security solutions, offers a unique solution for home-office workers. The remote connection security...
Technologies, Techniques, and Standards
CISA Tabs 16 Sectors, including IT, as Critical During Virus Response (MeriTalk) The Cybersecurity and Infrastructure Security Agency (CISA) on March 19 issued a list of 16 sectors – including information technology – that it considers essential during Federal, state, and local government responses to the COVID-19 coronavirus pandemic.
NIST, DHS Publish Guidance on Securing Virtual Meetings, VPNs (SecurityWeek) NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes.
All hands on deck: Infosec volunteers to protect medical organizations during COVID-19 crisis (CyberScoop) Hackers crossed a line last week when they struck the computer network of the Czech Republic’s second largest hospital as it was testing people for the novel coronavirus.
Coronavirus: Cyprus’ cyber-security entity shares guidelines for working remotely (infographics) (In-Cyprus.com) In response to increased requests from companies to their employees to work from home brought about by the Covid-19 outbreak, Cyprus’ national Computer Security Incident Response Team (CSIRT) issued on...
VPNs: Not a cybersecurity slam dunk for telecommuters in the age of COVID-19 (SC Media) CISOs and cybersecurity teams around the world are watching their threat surface multiply as millions of staffers find themselves working from home for the first time in order to help constrain the spread of Coronavirus.
VPN Usage Surges as More Nations Shut Down Offices (Dark Reading) As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
How to Protect Your VPN: Lessons From a DDoS Attack Test (Security Boulevard) In the wake of the COVID-19 pandemic, many IT organizations find themselves scrambling to meet the sudden spike in VPN traffic. The post How to Protect Your VPN: Lessons From a DDoS Attack Test appeared first on Radware Blog.
BT: Working from home? We can handle it (Computing) BT responds to media claims that the UK’s networks can’t handle the strain of millions of people suddenly working from home
Internet use could be rationed to prioritise health services and online lessons (The Telegraph) Internet access to services such as entertainment and gaming could be rationed if networks come under severe strain, experts have warned.
Cyber Security Tips for Working from Home during COVID-19 (NetNewsLedger) COVID-19 has many companies allowing or encouraging workers to work from home. Tele-commuting via computer is common, but not normally practiced. One of the potential threats to company data and files can be employees working from home using insecure data networks, or not having the same security protocols as they would in the corporate world. …
Agency-approved messaging services adjust to crush of federal telework (FedScoop) Federal agencies need more telework capabilities as the coronavirus forces employees to stay home, and companies are noticing a bump in demand.
Why everyone binge watching Netflix won’t break the internet (The Telegraph) On Thursday evening, Netflix announced a bold measure to save Europe’s internet.
Working from home a cybersecurity headache for employers (Crain's Cleveland Business) From Bloomberg: The huge influx of people working at home has expanded the places hackers can exploit. As companies across Europe and the Americas come to grips with this new normal, hackers are tweaking their attacks — sending phishing emails that claim to be about the coronavirus or purport to be from a trusted health agency — to leverage fear of the global pandemic.
Redefining Zero Trust: Does Zero Really Mean Zero? (Forbes) Many companies have embraced teh concept of zero trust security, but the way it is commonly implemented, zero doesn't really mean zero.
US Army Europe’s growing challenge? Fight fake news and misinformation (C4ISRNET) An Army tiger team faces a growing number of disinformation campaigns from Russia that senior service officials said are an attempt to destabilize allies’ governments.
Cloud Misconfig Mistakes Show Need For DevSecOps (Threatpost) Unit 42 researchers discuss public cloud misconfiguration issues that are leading to breaches of sensitive data.
Design and Innovation
Covid-19: Twitter learns from FB's folly, changes content guidelines (SC Magazine) Twitter released new content guidelines regarding Covid-19 tweets after Facebook’s AI fails to differentiate between verified content and spam
Is innovation in enterprises outpacing their cyber-security? (SC Magazine) What is often overlooked in the mad rush to innovate via adoption of big data and analytics, cloud computing, blockchain, AI, and IoT is the impact of these efforts on enterprises' cyber-security.
Research and Development
How people deal with fake news or misinformation in their social media feeds (Help Net Security) Researchers at the University of Washington wanted to know how people deal with fake news on their own Facebook and Twitter feeds.
Why Intel Heavily Funds Security Research To Find Vulnerabilities In Its Own Chips (Forbes) What you might be surprised to know, especially with some of the more recent discoveries, is that Intel brought much of this pain upon itself through an aggressive program of bug bounties and investments in internal and external research.
Academia
Meet CLARK, the cybersecurity learning platform that's powered by a team of Towson students (Technical.ly Baltimore) With a mission to "code responsibly," a team of TU software engineering students is running a platform where faculty can find and build cybersecurity curriculum. With COVID-19's spread closing schools, it's spinning up a new collection built for online learning.
Legislation, Policy and Regulation
U.S. Steps Up Iran Sanctions Amid Coronavirus, as Tehran Charges Cruelty (Wall Street Journal) The Trump administration this week sent a stark message to Iran in three new rounds of sanctions: The U.S. won’t ease its economic pressure campaign even as the coronavirus pandemic batters the country.
UK should rethink deadline for defense, foreign policy review, says former national security adviser (Defense News) Analysts are concerned that the review will be fudged in the rush to complete the promised deep dive into defense, foreign policy and security strategy reform.
O2 in talks with Government over using location data to track coronavirus spread (The Telegraph) O2 is in discussions with the Government to build models that can help track the spread of the coronavirus.
The U.S. wants smartphone location data to fight coronavirus. Privacy advocates are worried. (NBC News) Federal health officials say they could use anonymous, aggregated user data collected by the tech companies to map the spread of the virus.
Google to limit federal access to location data as it fights coronavirus (TheHill) Google said on Tuesday that it would be limiting the access that the federal government has to its massive collection of user location data, even as it said it would help the government try to slow the coronavirus outbreak in the co
Senator Pushes For HHS Cybersecurity Measures After Incident (LawStreetMedia) Law Street provides accessible, client-focused legal news designed to inform readers and connect lawyers with the legal needs in their field.
Interest groups pressure White House and Congress to allow federal contractors to telework (Federal Times) While federal employees can currently telework, contractors have been left in the dark. The Professional Services Council fears the lack of clarity could lead to layoffs.
‘Confusion and anxiety’ at Pentagon over telework guidance (POLITICO) "Every other workplace is saying go home, but there are quite a few people in the building that are not mission-essential," said one official.
CORONAVIRUS RESOURCE: Find out what your agency is planning (Federal News Network) This page will be updated as additional information, updates and resources regarding the coronavirus become available.
Defending U.S. Interests in Cyberspace (War on the Rocks) Amidst the deepening Coronavirus crisis, Melanie and Chris discuss another type of invisible danger: the threats posed by both state and non-state actors
Did the Cyberspace Solarium Commission Live Up to its Name? (War on the Rocks) Last week, as a real virus upstaged computer viruses, the congressionally mandated Cyberspace Solarium Commission released a sweeping plan to organize and
Counterterrorism chief leaving as Trump administration weighs downsizing NCTC (NBC News) Two former officials say Russell Travers, head of the National Counterterrorism Center, was seen as resisting potential personnel cuts.
Acting counterterrorism center head fired, according to former U.S. officials (Washington Post) The acting national intelligence director is said to have fired Russell Travers amid uncertainty about the National Counterterrorism Center’s future.
COVID-19 Warrants CCPA Enforcement Delay, Calif. AG Told (Law360) Nearly three dozen business community members are stepping up pressure on California's attorney general to delay enforcement of the state's consumer privacy law, arguing that the novel coronavirus pandemic has further complicated companies' efforts to get up to speed with their still-evolving obligations.
ANA and Others Ask for CCPA Enforcement Extension (Regulatory Rumblings) ANA, along with more than 30 major California and national trade associations, have called on the California Attorney General to provide a brief delay in enforcement of the California Consumer Privacy Act (CCPA).
Litigation, Investigation, and Enforcement
The FBI thinks criminals will target 3 states with coronavirus scams (WDEF) There has been a “significant spike” in coronavirus scams across the nation, with the FBI anticipating that criminals will zero in on three states with high rates of infections: Washington, California and New York, Section Chief Herb Stapleton of the FBI Cyber Division, confirmed to CBS News on Thursday. “Virtually all of the attacks targeting …
California Man Gets Prison for Hacking Atlanta-Based Company (SecurityWeek) A California man has been sentenced to more than seven years in prison for hacking an Atlanta-based company and trying to extort money in exchange for the return of the company’s intellectual property.
Former Google Engineer Charged With Trade-Secret Theft Reaches Deal With U.S. (Wall Street Journal) Anthony Levandowski, the engineer charged with 33 counts of trade-secret theft from Google’s self-driving car project, reached a deal with U.S. prosecutors in which he will plead guilty to one count and the remaining charges will be dropped.
Industry Events
newly Noted Events
International Cyber Expo 2020 (London, England, UK, December 2 - 3, 2020) The worlds of cyber and physical security are colliding - International Cyber Expo is the first dedicated event to bridge the gap between these two industries on a global scale.
upcoming Events
National Cyber League (NCL) Spring Season (Various locations, March 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
Inaugural Tampa Cyber Security Summit (Tampa, Florida, USA, March 20, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from the U.S. Dept. of Homeland Security, the U.S. Dept. of Justice, Darktrace, ExtraHop and more about the latest threats facing your company.
2020 Cipher Brief Threat Conference (Sea Island, Georgia, USA, March 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some of the top names in intelligence and global security involved in matters of cyber, defense and security. Combined with an invitation-only audience, The Cipher Brief Threat Conference provides a unique experience that no other event in the defense and national security space can match. For us, it's not just about who's on the stage, it's about who's in the room.
SecureWorld Boston (Boston, Massachusetts, USA, March 25 - 26, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
Kernelcon (Omaha, Nebraska, USA, March 27 - 28, 2020) Kernelcon is the result of many motivated information security professionals who recognized the opportunity to create an awesome security conference in Omaha. The idea for Kernelcon started within the local DEF CON Group, DC402, with lots of help from other members of other local security groups such as NebraskaCERT and OWASP. We are inspired by many other conferences including DEF CON, DerbyCon, ShmooCon, etc., and wanted to bring those same experiences to the Mid-West here in Omaha.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.