We recently launched Recorded Future Express — a free browser extension for security teams. Use Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now.
For more, see our daily update on COVID-19 and the cybersecurity community.
Facebook has removed "hundreds" of disinformation accounts. Menlo Park's report on coordinated inauthenticity for April listed six countries where the Facebook and Instagram accounts formerly operated. Georgia leads, with almost a thousand suspect accounts taken down; they were for the most part associated with domestic political groups. Russia and Iran showed high levels of state-directed activity directed at foreign targets. A number of takedowns in the US removed inauthentic accounts associated with conspiracy theorists at QAnon. Accounts taken down in Mauretania and Myanmar focused on domestic audiences, and the Myanmar operations were associated with that country's police.
Taiwan's state-owned energy company CPC Corp., a major distributor of petroleum and liquified natural gas, has sustained a ransomware attack, CyberScoop says. Investigators think it likely that the attack was state-sponsored, but have not specified which state. Authorities in Taiwan believe the attack was timed to coincide with President Tsai Ing-wen's inauguration, Taiwan Focus reports.
Microsoft is tracking a surge in Remcos attacks that it says are using COVID-19 lures to prospect organizations across many sectors.
Europol announced that Polish and Swiss police have taken down the credential-trading InfinityBlack gang. Five Polish hackers were arrested, and assets (including hardware and cryptocurrency wallets) worth €100,000 were seized. InfinityBlack operated on both its own site and other dark web souks, ZDNet reports, and the gang not only trafficked in credentials, but also in attack tools sold to other criminals. The gang was well-organized and segmented; it seems unlikely the five arrested were its only members.
Today's issue includes events affecting Australia, Canada, China, European Union, Georgia, India, Iran, Israeli, Luxembourg, Mauretania, Myanmar, New Zealand, Pakistan, Poland, Russia, Singapore, Switzerland, Taiwan, United Kingdom, and United States.
When the social distancing of the pandemic ends, as it will, can we expect the workplace to go back to the way it was?
"One of the things that is coming up a lot in the conversations I have with CIOs and CISOs around the world is they do not expect to go back to the way things were as recently as January, with the amount of people that will be coming into offices.
"And there is a interesting focus on the new norm for working from home. And it's interesting for a couple of reasons. First, there are rules that a lot of organizations thought must be in an office to be successful. Everything from being a coding engineer to an IT administrator to service desk, help desk employees - they're all working from home now, and a lot of organizations are seeing not only success with that but improved performance, improved efficiencies and improved morale where there are areas that may have heavy commute times.
"One of the interesting things that's also happening is around that, a lot of financial executives are looking at the cost per employee to keep them in an office as compared to keeping them at home. So I think you're going to see not the number stay where it is now, which is that 90 to 100% work from home, but I don't think we're going to get back to that 13 to 17% where, you know, there's been this huge push over the last few years to really get people into offices."
—Mathew Newfield, chief information security officer at Unisys, on the CyberWire's Daily Podcast, 5.4.20.
Shorter commutes would surely be welcome (although there are some who would miss the rolling happy hour home that is the MARC Brunswick Line out of DC in the early evening). But does working from home contribute to the erosion of employees' free time? Will a general move toward work-from-home will be met by an employee push to move from exempt to non-exempt status, and will that in turn be met by moving more jobs to the gig economy?
If you're interested in space and communications (technology, policy, business, and operations), take a look at the latest issue of Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Looking to advance your cybersecurity career? Then the Georgetown University Master's in Cybersecurity Risk Management is for you. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses recent flaws in antivirus products. Our guests are Laura Deimling and Courtney Wandeloski from Down To Staff on interviewing tips for employees and hiring managers.
Caveat is up. In this episode, "If there's cyberwar, are there cyber war crimes?" Dave has the story of a US appeals court asking why a Facebook encryption order should remain sealed, Ben takes a look at the effects of GDPR. Later in the show we speak with Tarah Wheeler, Cybersecurity Policy Fellow at New America, and she describes why the world needs a digital Geneva Convention.
In this week's episode of CSO Perspectives, "Dark web and TOR: What kind of intelligence can you find there?" the CyberWire's CSO Rick Howard discusses counterintelligence operations by commercial vendors on the dark web, and the kinds of intelligence that can be found there.
Cybersecurity And COVID-19: The First 100 Days (Forbes) With cybercrime accelerating as COVID-19 spreads, manufacturing and retail organisations are seeing the most attacks.
Joint Chiefs of Staff chairman says evidence suggests coronavirus was not man-made or released from lab (TheHill) The Pentagon’s top uniformed official on Tuesday maintained that available evidence indicates the virus that has caused a global pandemic was natural and not man-made or released purposely from a Chinese lab.
Intel shared among US allies indicates virus outbreak more likely came from market, not a Chinese lab (CNN) Intelligence shared among Five Eyes nations indicates it is "highly unlikely" that the coronavirus outbreak was spread as a result of an accident in a laboratory but rather originated in a Chinese market, according to two Western officials who cited an intelligence assessment that appears to contradict claims by President Donald Trump and Secretary of State Mike Pompeo.
State-sponsored hackers ‘trying to steal’ coronavirus vaccine research (The Week UK) China, Russia and Iran accused of targeting UK and US labs
NHS workers targeted by hostile states in 'malicious cyber campaigns' (The Telegraph) Healthcare workers and those at universities and pharmaceutical companies being urged to change their passwords
UK expects hacker attacks on COVID responders to last months: minister (Reuters) Sophisticated networks of hackers are targeting national and international organisations which are responding to the COVID-19 pandemic, Britain's foreign minister Dominic Raab said on Tuesday, calling them "particularly dangerous and venal".
'No Security Breach In Aarogya Setu App': Govt Assures After Ethical Hacker Raises Privacy Concerns (Outlook India) On Tuesday, a French hacker and cyber security expert Elliot Alderson had claimed that 'a security issue has been found' in the app and that 'privacy of 90 million Indians is at stake'.
Britain's decision to go it alone on contact tracing app may be costly (The Telegraph) The process of developing and rolling out an effective app in different countries has provoked widespread disagreement
COVID-19 Contact Tracing Apps: Effective Virus Risk Management Tools or Privacy Nightmare? (SecurityWeek) Whether contact tracing apps succeed in curtailing the spread of COVID-19 will not be known for weeks or even months after their us, but experts warn about privacy and security implications.
Why New Contact Tracing Apps Have A Critical WhatsApp-Sized Problem (Forbes) This is the staggering scale of the contact-tracing challenge intended to get us back to work.
Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware (KrebsOnSecurity) Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.
Malspam Campaigns Attempt to Install Remote Access Trojans (BankInfo Security) Several malicious spam campaigns using COVID-19 as a lure are attempting to install the Remcos remote access Trojan on victims' devices, according to Microsoft.
Surge in security concerns due to remote working (Journey Notes) More than half of businesses responding to a recent survey have seen an increase in email phishing attacks during the COVID-19 pandemic.
‘Dramatic Rise’ in Scam Websites Mimicking Online Streaming Services (CPO Magazine) 700 scam websites pretending to offer online streaming services are taking advantage of the recent pandemic lockdowns to steal personal data and credit card information.
Pandemic-Related Malicious Activity Rising, With Online Retailers Hardest Hit (Media Post) Spam and opportunistic detection rose 26.3%, while impersonations rose 30.3%, malware rose 35.16%, and blocking of URL clicks rose 55.8%. Lookalike domains are easily forged, according to a report released Tuesday from Mimecast.
Risk Ledger Report: Impact of the COVID-19 Crisis on Supply Chain Security (Security Magazine) Risk Ledger, London-based cybersecurity company, part of the UK's Government's LORCA program, has produced a white paper designed to guide professionals who manage supply chain risks on how to tackle the situation.
Most Malicious Coronavirus-Related Domains Located in U.S. (SecurityWeek) The United States has the highest number of malicious domains with names associated with the current coronavirus crisis
Singapore scrapes fraudulent COVID-19 healthcare products from online stores (ZDNet) Since February, more than 1,700 product listings that contain fraudulent COVID-19 claims have been removed from local e-commerce sites and retail shops.
Senator Says AI Co. Evasive On Facial Recognition Software (Law360) A senior Democratic lawmaker has continued to press an artificial intelligence company that has reportedly offered its facial recognition software as a "contact tracing" tool to track the spread of the novel coronavirus, asking it to verify that its technology works and does not pose an undue threat to U.S. citizens' privacy.
White House coronavirus task force to be wound down around Memorial Day (CNN) The White House coronavirus task force will start to wind down later this month, a senior White House official told CNN on Tuesday.
Welcome Back to the Office. Your Every Move Will Be Watched. (Wall Street Journal) Employers plan new tools to measure office interactions and track workers’ health. Some offices say it’s the only way to reopen without a vaccine; others worry the new technology could remain in place even after the coronavirus pandemic is under control.
COVID-19 Pandemic Pummels Biometrics Market Causing Device Revenues to Drop by US$2 Billion While Forcing Investment (ABI Research) According to global tech market advisory firm, ABI Research, the COVID-19 pandemic is expected to cause a significant pushback on biometric device shipments, creating a major revenue drop of US$2 billion over the course of 2020.
Authentication methods: how coronavirus sped up adoption (Raconteur) Enforced home working has forced companies to reassess how they identify employees, and could be a catalyst for strong growth in the authentication sector.
Big Brother is eyeing some PPP loans. Here's why it might be time to give the money back. (Silicon Valley Business Journal) Public blowback against some larger companies caused the SBA to issue new guidance, altering the PPP landscape, experts say.
Learn digital ways soon to make your life easy; social-distancing set to last long even after lockdown (The Financial Express) The forced lockdown period is a good opportunity for everyone to learn basics such as making online fund transfers via the payment gateways, pay renewals, and check balances, etc from the comfort of home.
Cybersecurity Layoffs: Targeted MSSP, Software, and Appliance Cuts Continue (MSSP Alert) Amid the coronavirus pandemic & economic fallout, some cybersecurity companies disclose targeted layoffs and/or temporary pay cuts for remaining staff.
VMware confirms employee salary freeze, CEO pay cut (CRN Australia) Implemented a “number of cost management changes”.
Data show how some startup founders are still raising capital during the COVID-19 crisis (Fast Company) The cofounder of startup incubator and investor DataTribe believes that founders who can answer “yes” to all four of these essential questions are likely to successfully raise capital.
Israeli Startups Want More Cash But With Lower Valuations During Covid-19 Era, Says VC Partner (CTECH) Victor Orlovski, founding partner at Fort Ross Ventures spoke to CTech about what the coronavirus pandemic means for investors and local entrepreneurs
RapidFire Tools Releases Secure Remote Working Solution (Database Trends and Applications) To aid the transition to remote work, RapidFire Tools, a Kaseya company and provider of business-building IT technologies, is releasing the Network Detective Work from Home (WFH) solution.
Nixu Corporation Initiates a Cost Reduction Program to Address the Impact of the COVID-19 (Cision) Nixu Corporation estimates that the COVID-19 pandemic will lead to a situation where economic growth pace will slow sharply in 2020 and the economic impact will continue still in 2021.
CyberforCOVID | Cybersecurity Deals for Remote Work Security (Cyberforcovid) Find cybersecurity products that have discounts or special offers to help you or your business work more securely during COVID-19.
Taiwan security officials link cyberattacks to Tsai inauguration (Focus Taiwan) Taipei, May 6 (CNA) Security officials suspect that recent cyberattacks on petrochemical companies in Taiwan could be linked to President Tsai Ing-wen's (蔡英文) second-term inauguration on May 20, but did not offer specifics Wednesday to support their claim.
Taiwan’s state-owned company CPC Corp. suffers ransomware attack (CyberScoop) Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to forensic reports reviewed by CyberScoop.
Facebook says it dismantles disinformation network tied to Iran's state media (Reuters) Iran's state broadcaster has used hundreds of fake social media accounts to covertly spread pro-Iranian messaging online since at least 2011, targeting voters in countries including Britain and the United States, Facebook said on Tuesday.
Iranian hackers tried to help Scotland become independent, Facebook claims (HeraldScotland) Disinformation agents ran fake pages which churned out memes, cartoons and propaganda in support of the Yes movement.
RFE/RL: Facebook removes hundreds of disinformation accounts linked to Russia, Iran, and Georgia | KyivPost - Ukraine's Global Voice (KyivPost) Facebook has removed hundreds of social media accounts — more than half of them based in Russia, Iran, and Georgia — after finding they belonged to networks that were running influence campaigns. Facebook announced the move on May 5, saying it took them down in April as part of its ongoing efforts to purge its platforms …
Facebook removes accounts belonging to QAnon, VDARE anti-immigration group (CyberScoop) Facebook says removed 20 accounts, six groups and five pages caught fabricating personas to like and comment on QAnon posts to build engagement.
US: Russia Could Try to Covertly Advise Candidates in 2020 (Voice of America) The Department of Homeland Security and FBI warned states earlier this year that Russia could look to interfere in the 2020 U.S. elections by covertly advising political candidates and campaigns, according to a law enforcement memo obtained by The Associated Press.
Details of 44m Pakistani mobile users leaked online, part of bigger 115m cache (ZDNet) The leak is already under investigation in Pakistan since last month, April 2020.
WordPress Hacker Attacks One Million Sites in a Month (Infosecurity Magazine) Cross-site scripting bugs in plug-ins targeted in new campaign
A hacker group tried to hijack 900,000 WordPress sites over the last week (ZDNet) Massive hacking operations causes a 30 times spike in bad traffic.
Tarkett Lëtzebuerg: Cyber attack to have repercussions on work (RTL Today) About 500 people are currently employed by Tarkett in Wiltz and in Lentzweiler.
Crowdfunding platform ImpactGuru hit by cyber attack (MediaNama) In a cyber attack on ImpactGuru, a Mumbai-based crowdfunding platform, attackers got unauthorised access to the platform's website, Inc42 reported.
Nearly a Million WP Sites Targeted in Large-Scale Attacks (Wordfence) Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat ...Read More
SAP discloses security lapses; says there was no data breach (Reuters) Business software group SAP disclosed on Tuesday that some of its cloud products did not meet contractual or statutory security standards and said it would take remedial action to fix the problem as soon as possible.
Firm's MDM Server Abused to Deliver Android Malware to 75% of Its Devices (SecurityWeek) A threat actor managed to infect more than 75% of the devices within a company by distributing their Android malware through a mobile device management (MDM) server.
Now we know what the P really stands for in PwC: X-rated ads plastered over derelict corner of accountants' website (Register) Naughty posters on hijacked subdomain show up in search results
BJC HealthCare warns patients of possible data breach (KMOV.com) BJC HealthCare experienced a data breach in March resulting in the possible exposure of the protected health informationof patients.
Professional data leakage: How did that security vendor get my personal data? (WeLiveSecurity) Antispam testing has created a lucrative business model for vendors selling spam feeds to testing organizations and security vendors alike. You might be surprised to find out how exactly your emails can end up in these feeds.
Virgin Media data breach: A different kind of security threat (SC Magazine) How can consumers expect businesses to protect their data from external attacks if their internal practices put them at risk? Claims can be brought under GDPR for material and non-material damage.
Hackers exploit Salt RCE bugs in widespread attacks, PoCs public (BleepingComputer) Hackers kept busy this weekend exploiting vulnerable Salt instances used in various infrastructures for server management and automation.
Researcher Demonstrates How to Easily Create Malicious Chrome Proxies (TechNadu) A security researcher has released the “CursedChrome” extension, which can set up proxies on target browsers allowing the launching of stealthy attacks.
Logistics giant Toll Group hit by ransomware for the second time in three months (ZDNet) Toll says that it has no intention of bowing to blackmail.
The world’s biggest PC games are fighting a new surge of cheaters and hackers (The Verge) Some game developers are using unique and controversial ways to combat cheating.
Fazecast jSerialComm (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fazecast Equipment: jSerialComm Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system.
SAE IT-systems FW-50 Remote Telemetry Unit (RTU) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SAE IT-systems Equipment: FW-50 Remote Telemetry Unit (RTU) Vulnerabilities: Cross-site Scripting, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose sensitive information, or cause a denial-of-service condition.
Toll Group suffers second ransomware attack this year (iTnews) Hit by Nefilim infection.
Nearly 200 Law Firms Affected By Potential Data Leak (Law360) Potentially sensitive information belonging to 193 U.K. and global law firms including Baker McKenzie, Clifford Chance LLP and Hogan Lovells was posted publicly to a website that remained up for "an extended period" of time, according to a recent report by cybersecurity company TurgenSec.
Click Here to Find Out Who Falls for Scams (Infosecurity Magazine) What persuaded you to click was most likely some form of social proof.
Firefox 76 arrives with password management and Zoom improvements (VentureBeat) Mozilla has launched Firefox 76 with new Firefox Lockwise password functionality, a change to how Zoom works, and a handful of developer features.
Office 365 to stop data theft by disabling external forwarding (BleepingComputer) Microsoft is planning to put a stop to enterprise data theft via email forwarding by disabling Office 365's email forwarding to external recipients by default.
Critical vulnerability found in WordPress plugin; patch available (TechGenix) A severe vulnerability in a popular WordPress plugin can be leveraged by hackers to inject arbitrary malicious code by a threat actor.
The SecureAuth 2020 State of Identity Report (SecureAuth) SecureAuth conducted the research using an online survey among 2,000 general population consumers in the U.S. Data was collected between March 16 and March 21, 2020. With nearly 50% of survey respondents currently in the U.S. workforce, the survey provides an objective data set with respect to the security and privacy habits consumers apply in both their personal and professional lives.
2020 Identity Breach Report - 4iQ (4iQ) This report offers insights into breached data trends and how it's weaponized in underground markets fueling Identity-based attacks across the globe.
LastPass Psychology of Passwords Report Reveals 91% of People Know Password Reuse is Insecure, Yet Two Thirds Do It Anyway (BusinessWire) Cognitive dissonance prevails, unchanged behaviors create new online security concern
Psychology of Passwords: Inside Risky Online Behavior (LastPass) Since 2016, we have analyzed how password practices and online behavior could be putting our personal identity and data at risk. Take a look at our infographic for the Psychology of Passwords 2020!
We beg, implore and beseech thee. Stop reusing the same damn password everywhere (Register) Survey finds 66% of lazy gits don't change between sites
Firms perceived to fake social responsibility become targets for hackers, study shows (Science Codex) Data breaches have become daily occurrences.
Bad password habits continue with 53% admitting to using the same password (TechRepublic) Ahead of World Password Day, a survey finds management is worse than junior staff at practicing good password hygiene, according to SecureAuth.
Australian Breach Notifications increase in the second half of 2019 but continue to lag behind other nations (Mondaq) Assessment of key trends from the Notifiable Data Breaches Report ending December 2019.
Cybersecurity Startup Orca Security Lands $20.5M Series A Funding (Orca) Orca Security provides deep cloud security in minutes, not Months. Unit 8200 taught me a lot about how to approach a problem...
Orchestra Group buys Israeli cybersecurity co Cronus (Globes) Cronus' developments will be integrated into Orchestra's broad raft of cybersecurity solutions.
Perspecta's second acquisition centers on electronic warfare, cyber convergence (Washington Technology) Just shy of two years since its launch, Perspecta makes the company's second acquisition and this deal centers on how electronic warfare and cybersecurity are closely linked.
BlackCloak Secures Funding from DataTribe to Fuel Growth Protecting the Homes and Personal Lives of Executives and High-Net-Worth Families from Cybercriminals (PR Newswire) DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies with nation-state...
Could Oracle Solve Zoom Video Communications’ Biggest Problem? (The Motley Fool) The underdog cloud provider could help Zoom support more users and reduce its dependence on AWS and Azure.
Why MobileIron CEO Simon Biddiscombe isn’t scared (Diginomica) A look at what MobilIeon - the IT security company that did it ‘the other way round’ - plans to do next
Interview: Debra Danielson, CTO and SVP of Engineering, Digital Guardian (Infosecurity Magazine) Infosecurity speaks to Debra Danielson about mentoring in the information security industry
Crowdstrike: Strike Hard, Strike Fast (Seeking Alpha) CrowdStrike Holdings, Inc is a leading cybersecurity technology company as illustrated in Gartner's Magic Quadrant of Endpoint Protection Platforms in 2019.
Microsoft announces limited Azure Sphere bug bounty program (Help Net Security) Microsoft will launch a new security research / bug bounty program aimed at improving the security of Azure Sphere, its comprehensive IoT security solution.
Matthew G. Devost Joins Flashpoint Board of Directors (PR Newswire) Flashpoint, the globally trusted leader in risk intelligence, has today announced that Matthew G. Devost has been appointed to the company's...
Coalfire Appoints Cyber Vet Jim Pflaging to Board of Directors (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today welcomed industry veteran Jim Pflaging to its board of directors....
After Data Hack, Capital One Brings in Goldman's Cyber Chief For Cleanup (Claims Journal) One of Wall Street's top cybersecurity czars is leaving Goldman Sachs Group Inc. to help take charge of the cleanup at Capital One Financial Corp., which
Plurilock Announces Addition of Cybersecurity Leader Ed Hammersla to B (PRWeb) Plurilock Security Solutions, Inc., leading provider of behavioral-biometric authentication technologies, this week announced the addition of seaso
SecureSky Accelerates Growth as it Expands its Strategic Advisory Board | HostReview.com (HostReview) SecureSky, a leader in the cloud security posture management and compliance solutions, announced the appointment of three new Advisory Board members.M
TransUnion Accelerates the Expansion of its Global Fraud Business and Hires Shai Cohen to Lead it (TransUnion) TransUnion (NYSE: TRU) today announced the creation of its Global Fraud & Identity Solutions Group, a move focused on uniting all aspects of the company’s fraud risk offerings, and the hiring of industry veteran, Shai Cohen, to lead the group.
King & Union Adds Threat Intelligence Services to Avalon Cyber Analysis Collaboration Platform (King & Union) King & Union today launched a suite of new service offerings to augment its Avalon Cyber Analysis Platform and help customers address the human aspect of threat intelligence operations, bridging common gaps that many security teams face.
Yellowbrick Data Forms Global Partnership With Next Pathway as Its Preferred Workload Migration Partner (BusinessWire) Yellowbrick Data, the industry’s leading data warehouse for hybrid cloud, and Next Pathway Inc., the Automated Cloud Migration company, today announce
Thales deploys GSMA-certified eSIM activation solution on Google Cloud (Help Net Security) Thales to use Google Cloud technology to deliver highly secure and scalable activation of eSIM (embedded SIM) capable devices.
Recorded Future to Provide Free Access to Elite Intelligence Through New Browser Extension (PR Newswire) Recorded Future, the largest global security intelligence provider, today released a free browser extension that helps prioritize SIEM alerts...
Thycotic rolls out ServiceNow integration for privileged service accounts (Security Brief) The integration aims to resolve workflow approvals, which is a common bottleneck for IT teams that manage privileged service accounts.
RMS Launches New Products and Models on RMS Risk Intelligence, the Unified Cloud Platform for Global Risk (BusinessWire) Latest product releases include Risk Modeler 2.0, new and updated HD Models and intelligent applications purpose-built for navigating the growing risk landscape
Acronis Launches World’s First Comprehensive Cyber Protection Solution in India (CXOToday.com) Able to curb cyberthreats and improve remote working practices during the pandemic. Enables service providers to cut costs by...
Veridify Security's DOME™ Client Library Achieves PSA Certified Level 1 Accreditation (PR Newswire) Veridify Security Inc., a leader in securing low-resource devices at the edge of the IoT, announced today that its DOME Client, running on the...
Security Maturity and Business Enablement Survey Brief (AT&T Cybersecurity) Learn about the fielded survey and resulting thought leadership report by Enterprise Strategy Group (ESG) and AT&T Cybersecurity on the topic of security maturity and business enablement.
[Executive Summary] Security Effectiveness Report 2020 Summary for Federal (FireEye) When it comes to cyber security, federal agencies constantly wonder “Will our effort and strategy protect us from an attack?” Our Security Effectiveness Report 2020 confirms that continuous validation of effectiveness is critical to performance.
Forget Whitelists and Blacklists: Go for 'Allow' or 'Deny' (BankInfo Security) Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
DoD cybersecurity tech to be standardized by RTI (Military Embedded Systems) Real-Time Innovations (RTI), the Industrial Internet of Things (IIoT) connectivity company, announced that it won $500,000 in additional government funding to continue support of their Small Business Innovation Research (SBIR) Phase II contract.
Is your smartphone pushing you to overshare? (Help Net Security) Smartphone devices can affect the extent to which they disclose intimate or personal information about themselves and can make people overshare.
It’s Not Me—It’s You: We Believe We’re Less Likely than Others Are to Fall for Online Scams (NYU) We believe we are less likely than others are to fall for phishing scams, thereby underestimating our own exposure to risk, a new cybersecurity study has found.
#Disinformation – Commission welcomes intermediary report on Code of Practice (EU Reporter) The Commission welcomes the adoption by the European Regulators Group of Audiovisual Media Services (ERGA) of the monitoring report on the effectiveness of the Code of Practice on disinformation of October 2018.
Lawmaker to Introduce Bill to Help US Manufacturers Move Out of China (Epoch Times) Rep. Mark Green (R-Tenn.) is set to introduce a bill to help companies move their manufacturing from China ...
DNI Nominee Wants More Investments in Quantum Tech (MeriTalk) The Trump administration’s nominee for Director of National Intelligence told the Senate Intelligence Committee today he is worried about the lack of investments the U.S. is making in quantum computing technologies relative to those being made by China.
Analysis | The Cybersecurity 202: John Ratcliffe, spy chief nominee, hedged on whether Russia favored Trump in 2016 (Washington Post) It's still a litmus test for Trump's national security nominees.
75 small, micro agencies to have access to advanced cyber services under new award (Federal News Network) GSA and DHS awarded a $276 million contract to CGI-Federal to modernize the current shared services platform and add new capabilities.
Advocates Push Ahead With New Version Of Calif. Privacy Law (Law360) Sponsors of a California ballot measure that would revamp the state's landmark consumer privacy law say they are moving forward with plans to put the proposal on November's ballot, despite the impact of the COVID-19 pandemic.
AGs Urge Telecom Industry To Step Up Robocall Fight (Law360) Attorneys general from across states and territories are calling on the U.S. telecom industry to beef up technology needed to combat robocalls, as service providers roll out a working group to trace the sources of illegal calls.
Effective Cybersecurity Requires a ‘Whole of State Approach’ (Government Technology) At a virtual session of the NASCIO midyear conference, North Carolina Chief Risk Officer Maria Thompson explained why states must help their cities and counties in the fight against hackers.
Govts Deployed Pegasus Spyware on People: NSO Group Tells US Court (The Quint) Israeli company NSO Group has submitted to a California court that government clients had used the Pegasus spyware.
InfinityBlack hacker group dismantled by European authorities (BleepingComputer) Europol announced today that Polish and Swiss law enforcement authorities dismantled the 'InfinityBlack' hacker group after arresting five of its members in Poland on April 29, 2020.
Europol arrests hackers behind Infinity Black hacker group (ZDNet) Polish police arrests five hackers for selling stolen user credentials and hacking tools.
European Police Bust Hacking Ring Targeting Loyal Shoppers (Law360) European police have taken down a hacking ring responsible for the theft of millions of loyalty points from unsuspecting shoppers in Poland and Switzerland, the bloc's law enforcement agency said Tuesday.
Cybereason Accuses Ex-Leader Of Taking Trade Secrets To SentinelOne (CRN) Cybereason has sued its former top product leader in an effort to block him from taking the company’s “most sensitive commercial secrets” to rival SentinelOne.
7th Circ. Says Ill. Biometric Consent Claims Have Standing (Law360) Federal courts can hear claims that employers violated biometric privacy laws by collecting fingerprints without the informed consent of their workers, because that's a concrete and particularized injury that establishes standing, the Seventh Circuit held Tuesday.
Class-action lawsuit dismissed against LU hacker (Sudbury.com) Spencer Brydges reaches settlement with students, staff pursuing litigation
For a complete running list of events, please visit the Event Tracker.
National Cyber League (NCL) Spring Season (Various locations, Mar 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
think2020 (Online, May 4 - 7, 2020) The annual IBM business and technology conference. Acquire hands-on experience with the latest advancements in open technologies from hybrid multicloud to data and AI – then meet the luminaries who are using them to transform our lives. Think isn't a single conference for thousands of people. It's thousands of curated conferences in one.
THOTCON (Chicago, Illinois, USA, May 8 - 9, 2020) THOTCON is a hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference possible on a limited budget. Once you attend a THOTCON event, you will have experienced one of the best information security conferences in the world combined with a uniquely casual and social experience. The conference will be held at a location only to be disclosed to attendees and speakers during the week before the event.
Practical steps on your zero trust journey. A CyberWire Pro Briefing by Rick Howard. (Online, May 18, 2020) The Zero Trust strategy assumes that your network is already compromised and compels you to design it to reduce the probability of material impact to your organization if you experience either a trusted insider attack or an invading outsider who has bypassed your security controls to attain the same status. In other words, trust nobody and only allow employees enough access to the organization's resources to get their jobs done, but nothing further. You may think that designing and building that type of network is 180 degrees away from what you have right now. You would be wrong. You can get a long way down the Zero Trust path by using the equipment you already own in your current architecture. The thing that has to change is people and process. This CyberWire Pro online briefing will discuss what Zero Trust is, how to think about it in terms of your own environments, and the practical steps you can take right now with equipment you already have that will move you along that journey. This will be a vendor-neutral briefing by the CyberWire's CSO and Chief Analyst, Rick Howard, which will also provide some history and context for those looking to implement Zero Trust solutions.
41st IEEE Symposium on Security and Privacy (SP2020) (San Francisco, California, USA, May 18 - 20, 2020) IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems.
