We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
For details, see our daily update on COVID-19 and the cybersecurity community.
It's now a commonplace that ransomware gangs threaten to dox their victims as well as render their data encrypted and inaccessible. A report this week from Microsoft's Microsoft Threat Protection Intelligence Team concludes that even the gangs who don't threaten to steal information are doing it anyway. The data represent another revenue stream. The report also concludes that ransomware attackers don't necessarily leave a victim's networks even after a victim has paid. Instead they'll maintain persistence as long as possible, the better to position themselves for subsequent attacks. Redmond offers a good deal of advice on how an organization could protect itself. Security teams might start by watching for malicious use of penetration-testing tools, signs of credential theft, and tampering with a security event log.
Bogus scareware threats have been around for years. These usually tell users that some law enforcement organization (usually the FBI) has found the users to be up to no good, and that the users must pay a fine to avoid further trouble. The scare is usually delivered by email or displayed in a browser. But CyberScoop says there's a new wrinkle: ransomware is encrypting Android devices and delivering a note impersonating the FBI that offers decryption once the fine is paid. Most of the victims have been in Eastern Europe, and the ransomware itself has been traded in Russian-speaking criminal markets. Needless to say, the Bureau doesn't collect fines this way.
The Verdict publishes advice on how Huawei can be excluded from core British infrastructure.
Today's issue includes events affecting Canada, China, Democratic People's Republic of Korea, Latvia, Russia, United Kingdom, and United States.
The reason the Department of Defense is moving forward with its Cybersecurity Maturity Model Certification (CMMC)..
"Cumulatively, we're losing about $600 billion a year in the U.S. to cyber-espionage—IP loss and straight up cyber-espionage. And so we knew we had to do something different. And we had - in 2014, President Obama signed in Special Publication 800-171 R1. And it was directed that all Department of Defense contracts that had CUI, controlled unclassified information, had to be attesting to doing these 110 controls in that NIST guideline. And so we just needed a way to ... get companies, A, prepared for the data that they'd be receiving, and to have an auditable, trackable way to do that, understanding the resourcing within the DOD. So we understood clearly that this needed to be outside the government, something that companies - much like an ISO certification. And we could then make sure that everybody had the critical thinking skills behind cyber that are needed to defend themselves in this industrial age."
—Katie Arrington, CISO for the Assistant Secretary for Defense Acquisition at the U.S. Department of Defense, on the CyberWire's Daily Podcast, 4.28.20.
So CMMC is designed in large part to address the problem of intellectual property theft.
Financial organizations are on the frontline of COVID-19 pandemic. Financial organizations are seeing a drastic spike in online transactions during this new normal of working, banking, and shopping from home. With a huge surge in online payments and massive increases in the volume of financial transactions, the potential for fraud, phishing, and other threats is more severe than ever. Join our webinar on May 13, to hear from Olga Polishchuck, LookingGlass’ Senior Director of Threat Analysis and Investigations on:
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Rob Lee shares insights into a recent ransomware incident that shut down a gas pipeline. Our guest is Drex DeFord from Drexio, discussing healthcare cybersecurity during the COVID-19 pandemic.
Hacking Humans is up. In this episode, "Passwords are the easiest things to steal," Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show we speak with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance, who tells us why phishing and passwords remain such a huge security problem and options for doing away with passwords.
In this week's episode of CSO Perspectives, "Metrics and risk," we consider the related issues of metrics and the models that use them. All models are more-or-less accurate approximations of reality. The good ones, however, have some very valuable uses, and our CSO has some perspective on those uses.
American touting covid conspiracies probably posted WHO, Gates Foundation passwords online, report says (Washington Post) The organization that revealed the existence of the credentials concluded that whoever posted them was hoping to inspire a new wave of intrusions that might surface information about how the targeted institutions responded to the coronavirus pandemic.
Coronavirus-themed Threat Reports Haven’t Flattened The Curve (Bitdefender Labs) With the Coronavirus pandemic still going strong, cybercriminals have continued leveraging this crisis by pushing threats designed to compromise victims’ data and security. If during mid-March we’d already seen a five-fold increase... #coronavirusmalware #coronavirusstatistics #coronavirusthreats
New Dashlane Survey: Majority of Americans Feel More at Risk Online Due to COVID-19 (Dashlane Blog) We conducted a survey that looks at consumer sentiment and habits around online security in light of the shift to remote work due to COVID-19.
Cyberscammers: Pay Up or We’ll Infect Your Family With Coronavirus (The Daily Beast) The NYPD is on alert over a twisted coronavirus blackmail scheme by cybercriminals looking to profit off the pandemic and people’s anxiety.
Charitable Endeavors on Cybercriminal Forums (Digital Shadows) The current spirit of charity has also reached the cybercriminal community, although the results in that environment have not necessarily been as successful as those seen in the offline world.
A Scramble for Virus Apps That Do No Harm (New York Times) Dozens of tracking apps for smartphones are being used or developed to help contain the coronavirus pandemic. But there are worries about privacy and hastily written software.
Apple and Google release first seed of COVID-19 exposure notification API for contact tracing app developers (TechCrunch) Apple and Google have released the first version of their exposure notification API, which they previously called the contact tracing API. This is a developer-focused release, and is a seed of the API in development, with the primary intent of collecting feedback from developers who will be using t…
EFF: Google, Apple’s Contact-Tracing System Open to Cyberattacks (Threatpost) Malicious actors could potentially harvest data over the air and use it to shake confidence in the public-health system, EFF says.
UK privacy and security experts warn over coronavirus app mission creep (Yahoo) A number of UK computer security and privacy experts have signed an open letter raising transparency and mission creep concerns about the national approach to develop a coronavirus contacts tracing app. "We urge that the health benefits of a digital solution be analysed in depth by specialists
Zero trust for Covid-19 tracing app privacy: NHS app due, GCHQ gets access, call for EU standards (SC Magazine) Privacy advocates wary of the uses to which tracing app data may be put plus technical security, EU call for standarisation; NHS bluetooth app due; GCHQ gets access; encrypted decentralised approach
Security experts warn: Don't let contact-tracing app lead to surveillance (ZDNet) Joint letter by over 170 of the UK's top researchers and scientists voices privacy and security concerns over 'mission creep' on government plans for using smartphones to trace and combat coronavirus.
Privacy International puts Palantir in the dock for NHS data analysis work (ComputerWeekly) Civil liberties campaigner questions role of US data analytics specialist in health service’s data work in battle against Covid-19.
Coronavirus: GCHQ gets access to NHS data to beef up security (ComputerWeekly) Health secretary gave GCHQ emergency powers to obtain information relating to the security of its networks and IT systems at the beginning of April, it has emerged.
GCHQ granted extended powers to demand data from the NHS during the Covid-19 crisis (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
US was warned of threat from anti-vaxxers in event of pandemic (the Guardian) FBI-connected researchers suggested biggest threat in controlling outbreak was from ‘those who categorically reject vaccination’
RDP brute-force attacks are skyrocketing due to remote working (BleepingComputer) Internet-exposed and poorly configured RDP servers from all over the globe are the target of an increasing number of brute-forcing attacks that have started since the beginning of March.
Kaspersky: RDP brute-force attacks have gone up since start of COVID-19 (ZDNet) RDP brute-force attack numbers rose in mid-March as quarantines were being imposed over the globe.
Millions of Brute-Force Attacks Hit Remote Desktop Accounts (Threatpost) Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks.
Feds can now spot the signs of pandemic phishing (Fifth Domain) Fifth Domain reached out to 24 agencies to see if they've seen an increase in phishing attacks since the coronavirus pandemic began. Here's what they said.
FBI: Cybercriminals promising vaccines, PPE, disguising scam links (FOX5 Las Vegas) Cybercrime surrounding the pandemic continues to impact people around the world, the Las Vegas FBI office said.
House of Commons meeting virtually on a platform described as a 'gold rush for cyber spies' (CBC) Canada's House of Commons will reconvene today for virtual session on Zoom, a videoconferencing platform described by security researchers as a "privacy disaster."
Roundtable on Continuity of Senate Operations and Remote Voting in Times of Crisis (The Permanent Subcommittee on Investigations) On April 30, 2020, at 9 a.m., the Permanent Subcommittee on Investigations will hold an online roundtable via WebEx entitled “Continuity of Senate Operations and Remote Voting in Times of Crisis.” The recorded roundtable will be posted to the Subcommittee’s website.
Zoom privacy and security issues: Here's everything that's wrong (so far) (Tom's Guide) More than a dozen security and privacy problems have been found in Zoom recently. Here's an updated list.
Google Meet video conferencing is now free for anybody (The Verge) Can it stem Zoom’s meteoric growth?
CrowdStrike’s James Yeager: Organizations Must Ensure Quick Cyber Response Amid COVID-19 Pandemic (ExecutiveBiz) James Yeager, vice president of public sector at CrowdStrike, has said that government and industry entities must implement speedy threat detection, assessment and resolution as the current health crisis brings more aggressive cyber attacks.
Microsoft weathers the coronavirus pandemic, posting earnings boost from its cloud business (Washington Post) One of the world's most valuable companies grew as at-home workers turned to its Web-based services.
Microsoft Earnings Jump, Aided by Cloud-Computing Demand During Pandemic (Wall Street Journal) Microsoft reported strong growth in quarterly sales and profit and said the shift of more activities online amid the coronavirus pandemic is helping propel growth in areas from cloud-computing to videogames.
HITRUST Assessment XChange Furthers Collaboration with Healthcare Leaders to Lessen COVID-19 Impact on Supply Chain Risk Management (BusinessWire) HITRUST offers its Assessment XChange™, a Comprehensive Third-Party Risk Management Solution to Health Ecosystem at No Cost due to COVID-19.
National Cyber Summit postponed until 2021 (WAFF) For those who are currently registered as an attendee, sponsor or exhibitor, event management will be reaching out in the coming days to help guide you through this process
No major changes observed for activities of foreign intelligence services towards Latvia (Baltic News Network) The number of cyber-attacks performed by foreign intelligence services in Latvia has not changed much in the past year. The total observed number reaches a couple dozen cases, according to the report from Constitution Protection Bureau for 2019.
Scammers are abusing mobile ad networks in an attempt to phish to Android app users (CyberScoop) At least 400 apps in Google’s Play Store are feeding malicious ads into apps through abuse of a mobile advertising firm's SDK.
Disinformation For Hire: How A New Breed Of PR Firms Is Selling Lies Online (BuzzFeed News) One firm promised to “use every tool and take every advantage available in order to change reality according to our client's wishes.”
GDPR ignored by Warwick University? - failure to alert staff & students over data breach (SC Magazine) Warwick University has reportedly kept secret from staff and student data breaches to its infrastructure. Breach happened after employee unwittingly installed malware.
The latest in FBI impersonation: An extortion scheme involving mobile ransomware (CyberScoop) Ransomware on mobile phones may not be the most profitable avenue for criminals, but that hasn't stopped some from trying to make a buck.
Microsoft: Ransomware gangs that don't threaten to leak your data steal it anyway (ZDNet) And these human-operated ransomware gangs have stepped up attacks amid the pandemic to maximize profits.
Report Finds Ransomware Crews Don't Leave After Being Paid (Law360) Organized crews of cybercriminals that attacked health care organizations and other critical services with ransomware this month kept their access to victims' networks even after ransoms were paid, new research released by Microsoft Corp. says.
10 Ransomware Strains Being Used in Advanced Attacks (BankInfo Security) Many attackers continue to camp out in networks for months, conducting reconnaissance and stealing sensitive data before unleashing ransomware. Experts say many
CZ Blames ‘Self-Perceived Competitors’ for New DDoS Attacks on Binance (Cointelegraph) The world’s largest crypto exchange, Binance, faced a series DDoS attacks on its Chinese domains on April 29
Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone (ZDNet) Attacks began earlier this month after WordPress theme developer did not release a patch for a trivial bug.
28 antivirus products share nasty flaw that can brick your PC: What you need to know (Tom's Guide) Attack tricks antivirus software into deleting legitimate files
Chegg confirms third data breach since 2018 (TechCrunch) Exclusive: The education company said hackers made off with employee records, including Social Security numbers.
Microsoft Office 365 Security Recommendations (CISA) As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of these platforms.
The Continuing Gap in Control System Cybersecurity of the Electric Industry (Energy Central) I helped start the control system cyber security program for the electric industry in 2000 while at the Electric Power Research Institute-EPRI (I left EPRI in 2002).
Android Phone Makers Improve Patching Practices (SecurityWeek) Android smartphone manufacturers have significantly improved their patching practices over the past couple of years.
Monitor Deloitte reveals five trends for Chief Strategy Officers (Consulting) Monitor Deloitte, the strategy consulting arm of professional services firm Deloitte, has released the 2020 edition of its annual Chief Strategy Officer report.
The Feasibility Of Cyber-risk Management To Ensure Social Good | Forbes India (Forbes India) In the wake of huge cyber-attack induced losses in the past half-decade on firms like Sony and Target, risk mitigation has become a top board-level concern across many organizations worldwide
Particle Health Secures $12M In Menlo-Led Series A To Make Health Care Data Easier To Access (Crunchbase News) Particle Health's technology platform aims to connect digital health care solutions with patient health data.
Secret Double Octopus Raises $15M to help Eliminate Passwords and Secure Remote Workforce (Secret Double Octopus) Secret Double Octopus’ revolutionary Passwordless Authentication solution eliminates password-related pains by remodeling employee authentication, delivering unprecedented enterprise security
K1 makes 26 times its money on Checkmarx stake sale (PE Hub) Marking the largest-ever acquisition of an application security company, a consortium led by Hellman & Friedman, joined by TPG, bought the majority of Checkmarx in a deal valued at $1.15bn.
Cloud startup wants to put security at the start of infrastructure projects (TechRepublic) Accurics provides code review before deployment to reduce drift and keep cloud projects in compliance.
$2.75M grant a 'huge win' for cybersecurity in Colorado Springs (The Colorado Springs Business Journal) The sprawling facility that houses the National Cybersecurity Center, Space ISAC and Exponential Impact is set for a huge injection of cash and a
Benchmark Executive Search Names New Members to its Cybersecurity & National Security Advisory Board (BusinessWire) Benchmark Executive Search, an industry-recognized and award winning executive recruitment firm, announced today its newly expanded Advisory Board and
Strider announces John Mullen, Former Assistant Director of CIA, Joins Company as Advisor (PR Newswire) Strider Technologies, developer of the world's first economic statecraft technology platform, announced today that John Mullen has joined...
Security And Compliance Innovator, Tobias Whitney, Joins Fortress Information Security (Fortress Information Security) Security and compliance innovator Tobias Whitney joins Fortress to develop groundbreaking solutions for utilities, vendors and service providers
Facebook poaches social media regulator Tony Close from Ofcom (Times) A senior official at the watchdog preparing to regulate social media companies has been poached by Facebook to help it respond to the curbs.Tony Close, Ofcom’s director of content standards, has been
Okta taps former CBA CSO for global role (CRN Australia) David Bradbury joins authentication company as CSO.
VMware Carbon Black exec Thomas Hansen leaves company (CRN Australia) Top go-to-market leader left after nearly three years.
Authentic8 hires former White House information officer (Intelligence Online) Former CIA cyber unit specialist Matthew Ashburn, who served as...
Coalfire Federal Growth Prompts Malone Promotion, New Board Of Directors (The Grand Junction Daily Sentinel) Coalfire Federal, a wholly owned subsidiary of cybersecurity advisory and assessment services provider Coalfire, today announced the promotion of Bill Malone to President.
The new “Hotness” at DomainTools, Introducing Domain Hotlist (DomainTools) In 2018, we announced our Domain Risk Score, powered by machine learning classifiers, to predict and identify domains our data indicates were likely registered with malicious intent.
WatchGuard Firebox T35-DW (WatchGuard Technologies) Small businesses and remote locations have long been thought of as soft targets for attackers. WatchGuard Firebox T35-DW brings enterprise-grade network security to those small office/branch office and small retail environments that matches the reality of today's distributed work style.
New CompTIA Cybersecurity Analyst (CySA+) Certification Available Worldwide (Default) CompTIA, the leading provider of vendor-neutral skills certifications and training for information technology (IT) professionals around the world, said today it has updated its Cybersecurity Analyst (CySA+) certification exam, making it the industry’s most up-to-date security analyst credential.
Ordr Expands NIST FIPS 140-2 Validated Product Offerings (PR Newswire) Ordr, the leader in visibility and security for agentless, unmanaged devices and enterprise Internet of Things (IoT), today announced it has...
Simple, Secure, Automatic: Manetu launches its radical new Consumer Privacy Management service (Yahoo) Manetu's Consumer Privacy Management (CPM®) platform is the first of its kind: An end-to-end, automated, secure, enterprise privacy management platform. It is available now as a cloud-based software-as-a-service (SaaS). For a free demonstration or to begin a trial, contact us at info@manetu.com.
Bricata Network Security Platform Features Support for MITRE ATT&CK® (Bricata) Latest release includes BZAR scripts, support for high-density data nodes and new features to simplify analyst workflows.
Authentic8 Launches OSINT Academy to Improve Readiness and Effectiveness of Research | Markets Insider (Business Insider) Authentic8 today announces the immediate availability of OSINT Academy, an integrated suite o...
Elcomsoft Phone Viewer 5.0 gains the ability to display conversation histories and secret chats in Telegram (Help Net Security) Elcomsoft Phone Viewer 5.0 gains the ability to display conversation histories and secret chats in Telegram, one of the most popular instant messaging apps.
The Things Industries partners with CYSEC to offer a new dimension to LoRaWAN security (Cysec Systems) The Things Industries, a global LoRaWAN Network provider, creators of The Things Network and contributor member of the LoRa Alliance, is partnering with CYSEC SA, a cybersecurity company from Switzerland, to offer a highly secure on-premises LoRaWAN network deployment for enterprise customers.
Sixgill's new Darkfeed automated threat intelligence now available in the Anomali APP Store (Help Net Security) Sixgill announced that its new Darkfeed automated threat intelligence is available in the Anomali Preferred Partner (APP) Store.
Avast Secure Browser comes to Android (Security Brief) Avast Secure Browser has been a mainstay for the security platform in Windows and Mac, and this is the first time it has come to mobile.
Cybereason adds mobile features to its endpoint protection platform (TahawulTech.com) Cybereason has announced the expansion of its Cyber Defense Platform with the introduction of Cybereason Mobile.
Darktrace Cyber AI An Immune System for Cloud Security (TechRepublic) An Immune System for the Cloud and Beyond! Employing self-learning technology like Darktrace’s Cyber AI Platform, organizati...
IRONSCALES Strengthens ‘Power of the Pack’; Introduces New In-App Coll (PRWeb) IRONSCALES, the pioneer of self-learning email security, today unveiled incident responder’s first in-app chat tool to encourage the sharing o
The Cyber Security Issues That Arise When Transitioning to the Cloud (Cyber Security Hub) These are extraordinary times and in the haste to migrate to the cloud, organizations may be losing sight of security protocols, cautioned Ranulf Green, head of assurance USA for Context Information Security, a US-based cyber security consultant business.
Getting Started With Base64 Encoding and Decoding - Black Hills Information Security (Black Hills Information Security) Hello and welcome. My name is John Strand and in this video, we’re going to be talking about Base64 encoding and decoding. Now the reason why we’re talking about it is once again we have the BHIS Cyber Range for our customers and friends and this is just basically a video to walk people through …
Artificial Intelligence Outperforms Human Intel Analysts In This One Key Area (Defense One) An experiment from the Defense Intelligence Agency shows that AI and humans have different risk tolerances when data is scarce.
Who Would Succeed Kim Jong Un in North Korea? Look to Mount Paektu (Wall Street Journal) There is little doubt the next leader up would be a Kim family member, though the options look limited, with some analysts pointing to Kim Yo Jong, sister and confidante of the dictator, as a likely candidate.
Former National Security Council Officials Flag Backlash From Commerce Blacklisting Huawei (Nextgov.com) U.S. companies’ participation in crucial standards setting bodies is falling off even more precipitously.
Analysis | The Cybersecurity 202: State election officials warn that federal strings on stimulus cash stand in way of using it (Washington Post) The challenges are mounting to mail-in voting by November.
Cybersecurity Maturity Model Certification: An Idea Whose Time Has Not Come And Never May (Forbes) CMMC represents a new approach to improving industry resilience to cyber-attack and protecting sensitive but unclassified information. CMMC is a deeply flawed way to achieve this objective. The Defense Department should at least delay CMMC implementation, and probably cancel it altogether.
BlackBerry Accused of Extorting Companies Through Patent Claims (Bloomberg Law) Mobile security software maker MobileIron Inc. sued BlackBerry in San Francisco federal court for allegedly infringing its patents and attempting to extort it and other companies with infringement assertions and license demands.
MobileIron Accuses BlackBerry Of 'Extortion' Over Patents (Law360) Software company MobileIron alleged in a suit filed Monday in California that BlackBerry has committed attempted extortion by making "spurious and baseless" allegations of patent infringement against it that "would not pass muster in any court of law."
For a complete running list of events, please visit the Event Tracker.
National Cyber League (NCL) Spring Season (Various locations, Mar 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
think2020 (Online, May 4 - 7, 2020) The annual IBM business and technology conference. Acquire hands-on experience with the latest advancements in open technologies from hybrid multicloud to data and AI – then meet the luminaries who are using them to transform our lives. Think isn't a single conference for thousands of people. It's thousands of curated conferences in one.
THOTCON (Chicago, Illinois, USA, May 8 - 9, 2020) THOTCON is a hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference possible on a limited budget. Once you attend a THOTCON event, you will have experienced one of the best information security conferences in the world combined with a uniquely casual and social experience. The conference will be held at a location only to be disclosed to attendees and speakers during the week before the event.
41st IEEE Symposium on Security and Privacy (SP2020) (San Francisco, California, USA, May 18 - 20, 2020) IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems.
AFCEA/GMU Critical Issues in C4I Symposium (Online, May 19 - 20, 2020) For well over a decade, the AFCEA/GMU Critical Issues in C4I Symposium has connected academia, industry and government annually to address important issues in technology and systems research and development. The audience is typically more than 70% government/military featuring decision makers at all levels looking to advance their understanding of the key C4I challenges being faced now and in the future.
