Most companies aren’t prepared to secure data and assets for a surge of remote employees. Whether your VPN is over capacity, new cloud services are coming on-board, or new devices need protection, we have you covered during this critical time. McAfee is offering 3-month subscriptions for Endpoint Protection, Unified Cloud Edge, and CASB to help you scale security to your remote employees. Learn more about these offers at mcafee.com/workfromhome.
For more, see our daily update on COVID-19 and the cybersecurity community.
The motivation behind attacks on European supercomputers, first discovered in an incident at the UK's ARCHER National Supercomputing Service, is now clearer: the attackers were cryptojacking, ZDNet reports. ARCHER has been updating its status regularly. Der Spiegel has reported attacks at six facilities in Germany. Last Thursday the Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities also closed outside access to its systems. TU-Dresden took the same action for its Taurus system. On Saturday Switzerland disclosed a similar incident at CCSC. The European Grid Infrastructure (EGI) Computer Security Incident Response Team (CSIRT) confirmed that the intruders were seeking to use the supercomputers as cryptomining rigs.
Elexon, a middleman in the UK's electrical grid, continues to recover from the cyberattack it sustained last week. Industry Week, while noting that the incident did not compromise power distribution, argues that the attack should place infrastructure operators on alert.
Global Times reports that Beijing intends to place US tech companies on an "unreliable entity list" that would severely restrict their ability to do business in China, a "counterattack" in a new "tech Cold War" China claims the US started.
The REvil ransomware gang released documents they said offered a foretaste of President Trump's "dirty laundry" they'd obtained in a hack of a celebrity law firm, but as Forbes reports the emails amount to little.
US state agencies administering unemployment relief funds are experiencing a surge in COVID-19 fraud, the Washington Post reports. The New York Times faults weak identity verification systems.
Today's issue includes events affecting Australia, Belarus, China, European Union, Germany, Ireland, Japan, Moldova, Nigeria, Romania, Russia, Spain, Switzerland, Taiwan, Ukraine, United Kingdom, United States, and Vietnam.
What's the motivation for zero trust?
"The Snowden incident caused the NSA and many network defenders elsewhere to rethink their network designs. For the infosec community, it moved [John] Kindervag’s theoretical paper [on zero trust] from an interesting idea to a key design principle that we were all trying to adhere to. This was how we were going to build networks moving forward. And then, nothing significant happened. Most did not build them. It turns out that even though Kindervag’s thesis is brilliant, the practical “how-to” section is sparse."
—Rick Howard, CSO, Chief Analyst, and Senior Fellow, The CyberWire, in the CSO Perspectives podcast, "First principles: zero trust."
It's not just the insider threat, but the insider threat gives a sharp reason for considering zero trust.
Zero trust will also be the topic of a webinar this afternoon hosted by DreamPort: join here for more in a live CyberWire Pro Briefing with Rick Howard, running from 2:00 to 3:00 PM, Eastern Daylight Time.
Staying one step ahead of your adversaries is more challenging than ever. Fortunately, deception technology can give new visibility and intelligence in combating threat actors who seek to infiltrate your network.
Join our webinar on May 27 at 12pm EDT to learn how to optimize your deception technology investments to enhance your day-to-day security threat detection and mitigation activities.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey describes how companies are adjusting to the new remote working environment, and the impact that's having on their security posture. Our guest is Ehsan Foroughi with SecurityCompass on compliance issues.
In this week's episode of CSO Perspectives, "Cybersecurity first principles." the CyberWire's CSO Rick Howard continues his discussion of first principles with an account of zero trust, the next infosec building block.
UK said to be on verge of major technology shift for Covid-19 contact-tracing app (ComputerWeekly) Technology community awash with reports of potential sea change in much-publicised and much-criticised app away from controversial centralised database
How will Europe’s coronavirus contact-tracing apps work across borders? (TechCrunch) A major question mark attached to national coronavirus contact-tracing apps is whether they will function when citizens of one country travel to another. Or will people be asked to download and use multiple apps if they’re traveling across borders? Having to use multiple apps when travelling …
Apple, Google Start to Win Over Europe to Their Virus-Tracking Technology (Wall Street Journal) The continent that helped lead a backlash against Silicon Valley is increasingly aligning itself with technology built by Apple and Google to blaze a path out of the pandemic.
Apple and Google are building a virus-tracking system. Health officials say it will be practically useless. (Washington Post) As states and national governments make efforts to use technology to augment their contact tracing efforts, Apple and Google's monopoly in the smartphone market has proved an obstacle.
Australian government justifies decision to go with AWS for COVIDSafe (ZDNet) The Digital Transformation Agency also outlined the technical specifications given to Amazon Web Services to build it an app.
Western nations are taking two very different approaches to digital contact tracing (Quartz) Nations around the world are locked in a fierce debate about whether a centralized or decentralized approach is best.
Ben Nimmo, the man leading Britain's fight against covid fake news (The Telegraph) Nimmo has been on the front line in uncovering Covid-19 disinformation
Tales from the Front Lines: Attackers on Lockdown Focus on APIs (Cequence) Lockdown means attacker have more time to focus on malicious actions, and API endpoints seem to be taking more of the brunt of the attacks than normal.
Editorial: Augusta, COVID-19 connect in cyberspace (Augusta Chronicle) All the facemasks in the world won’t protect America from this threat.
Wannabe ransomware operators arrested before hospital attacks (BleepingComputer) Law enforcement in Romania today arrested a group of individuals that were planning ransomware attacks against healthcare institutions in the country.
Secret Service investigating a crime ring inundating unemployment offices with fake claims (The Verge) States have been overwhelmed with applications
U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs (KrebsOnSecurity) A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.
How CIA-backed Palantir embedded itself in the NHS (The Telegraph) The AI firm which tracked down bin Laden now eyes a new target
IT Workers in U.S. Receive Pink Slips as Data Breaches Continue (Sovereign Wealth Fund Institute) In the U.S., an army of IT workers received their pink slips in April. A record 112,000 jobs were lost according to CompTIA’s review of U.S. Labor Department Data. CompTIA is a nonprofit IT trade association. This comes despite hordes of employees working from home, many for the first time ever. Retail, restaurants, and hotels […]
Coronavirus fails to stop consolidation trend (MicroscopeUK) Deals are still being done as firms look beyond the current crisis to secure a stronger future for their businesses.
Test and Measurement: Americans are 'falling back into old habits', Verizon says (RCR Wireless News) Verizon is starting to see a shift toward a more typical, pre-pandemic network mix of calls and texts and is seeing more evidence of people leaving home.
How COVID-19 has changed the cyber threat landscape (Continuity Central) The international business continuity management news, jobs and information portal
Cyber crisis management (LocalGov) Richard Stephenson outlines cybersecurity issues to be aware of during the pandemic and how to minimize risk.
Opinion | Now is the perfect time for a cyberattack. Here’s how to stop one. (Washington Post) Planning must reflect our new, remote reality. Contingency plans that assume crisis management teams are on premises are no longer viable.
Analysis | The Cybersecurity 202: Unemployment claims are the latest target for coronavirus fraudsters (Washington Post) The U.S. Secret Service is warning about hundreds of millions of dollars being paid in phony claims.
Washington halts unemployment payments for 2 days after finding $1.6 million in fraudulent claims amid coronavirus pandemic (Seattle Times) Washington state officials said Thursday they’re stopping unemployment payments for two days while they attempt to block a gush of fraudulent claims aimed at stealing some of the billions of dollars that Congress directed to workers left jobless amid the coronavirus pandemic.
Possible data breach on Arkansas pandemic unemployment website (KNWA FOX24) The possible breach occurred last night when an applicant got illegal access to the system according to Hutchinson. The breach resulted in the website temporarily being taken down.
Data breach in new Illinois online unemployment system exposes private information (Chicago Tribune) Data breach in new Illinois online unemployment system exposes private information
Iowa human rights group latest to endure racist cyber attack (KGAN) A Des Moines commission dedicated to protecting human rights is among the latest to endure racist and sexist messages from cyber attackers.
Zoom fixes global outage that disrupted Downing Street briefing (Computing) Daily coronavirus update had to be delayed
Kanguru: Covid-19 Vaccine Research Organizations Under Seige By Hackers, Kanguru Military-Grade AES Hardware Encrypted USB Drives Can Help Protect Sensitive Data (BusinessWire) Kanguru Defender AES (XTS Mode) 256-Bit hardware encrypted Flash Drives, HDDs and SSDs help organizations protect and secure information from hackers.
European Parliament hit by major cyber-attack (EU Today) The European Parliament has been the victim of "a major data breach" that has seen personal data of more than a thousand staff and members of the European Parliament exposed online.
Supercomputers hacked across Europe to mine cryptocurrency (ZDNet) Confirmed infections have been reported in the UK, Germany, and Switzerland. Another suspected infection was reported in Spain.
UK electricity middleman hit by cyber-attack (ZDNet) Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.
Cyber Attack On U.K. Electricity Market Confirmed: National Grid Investigates (Forbes) Elexon, a key player in the U.K. electricity market, has confirmed it fell victim to a cyber-attack on May 14.
Cyber Attack Lights up Threat Landscape (Industry Week) U.K. power administrator acknowledges its IT system suffered a cyber attack.
Chinese Hackers Target Air-Gapped Military Networks (SecurityWeek) A threat actor believed to be operating out of China has been targeting physically isolated military networks in Taiwan and the Philippines
Mysterious Chinese APT Linked to Multiple Central Asian Campaigns (SecurityWeek) An unknown threat actor, possibly Chinese, has been targeting high-profile organizations in Central Asia with a mix of commodity malware and previously unknown backdoors.
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia (Avast Threat Labs) Last fall, APT malware intrusions targeting high-profile companies in Central Asia caught our attention. A few months later, we began working together with fellow malware analysts from ESET to analyze samples used by the group to spy on a telecommunications company, a gas company, and a governmental institution in Central Asia. An APT group, which […]
FBI: ProLock ransomware gains access to victim networks via Qakbot infections (ZDNet) The FBI also warns that the ProLock decryptor doesn't always work correctly, even after victims pay the ransom.
How scammers abuse Google Search’s open redirect feature (Naked Security) Google Search uses open redirects by design, which is handy if you’re a scammer trying to hide an iffy-looking URL.
Cybercrime marketplace MagBo selling access to 43,000 hacked websites (HackRead) The operation is not limited to websites – MagBo is home to a number of cybercrime-related activities including selling of compromised servers.
Critical WordPress plugin bug allows for automated takeovers (BleepingComputer) Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites.
Was This Huawei’s Failed Attempt at a Linux Backdoor? (Security Boulevard) A Huawei employee submitted a large, buggy patch to the Linux kernel—apparently it contained a “trivially exploitable” security hole.
Lady Gaga's Law Firm Got Hacked. Now What? (New York Law Journal) Allen Grubman's New York firm says its celebrity clients have shown overwhelming support despite a multimillion-dollar ransomware demand. But do entertainment boutiques face special risks, both before and after an attack?
Hackers Publish First 169 Trump ‘Dirty Laundry’ Emails After Being Branded Cyber-Terrorists (Forbes) After the FBI classified ransomware threats to publish stolen data relating to President Trump as terrorism, the REvil cybercrime gang has pushed back by publishing the first batch of emails.
Anglo-Eastern suffers ransomware attack - (Splash 247) Anglo-Eastern, one of the world’s largest shipmanagers, has become the latest big name to suffer a cyber attack. The company’s website remained down today as the Hong Kong-headquartered manager, with more than 600 ships on its books, moved to get its IT systems back in place, just one month after moving office (pictured) to new […]
TxDOT website, online services down after ransomware attack (KBTX) The agency is now working closely with the FBI.
Cryptocurrency marketplaces leave $18 million in the open for anyone to steal, leak user data (CyberNews) New CyberNews research has discovered unsecured cryptocurrency marketplaces with at least $18 million, making it easy for anyone to steal that money.
Someone is trying to catfish women by pretending to be Paul Nakasone (CyberScoop) Someone is pretending to be Paul Nakasone as part of a scam where people are posing as top U.S. military generals in order to catfish women.
A Gmail scammer tried to impersonate a four-star US Army general to catfish a married woman (Business Insider) Once the scammer was found out, they threatened to send "my troops to get you" and "make a contact for the FBI to get you."
MN GOP forced to postpone state convention due to technical difficulties, possible cyber attack (Twin Cities) Leaders of the Minnesota Republican Party said they suspect a cyberattack was behind a mass of users overloading its online voting system, forcing the party to postpone its virtual state convention…
Edison Mail rolls back update after iOS users reported they could see strangers’ emails (The Verge) The company says it’s notifying affected users
More Data, More Digitalization Creates More Cyber Risks (Forbes) Corvus Insurance Holdings offers cyber risk insurance that relies on advanced technology to underwrite coverage for companies with up to $2 billion in annual revenues.
Is Cybersecurity Insurance Leading to More Lax Security? (Beyond Trust) At an event earlier this year, I had the opportunity to meet with several organizations and the topic of Cybersecurity Insurance was at the forefront of our conversation.
Shifting responsibility is causing uncertainty and more security breaches (Help Net Security) Shifting responsibility is causing security confusion. 75 percent of security professionals have experienced data loss from a cloud service more than once.
CyberArk acquires Silicon Valley startup for $70M (Boston Business Journal) CyberArk, a Newton-based security company that provides multi-layer protection to secure privileged account information, has acquired Santa Clara, Calif.-based Idaptive for $70 million in cash.
Proofpoint Acquiring Even Amidst Crisis (Seeking Alpha) Proofpoint recently announced Q1 results that surpassed market expectations. Proofpoint is conserving cash and managing expenses. The current crisis has not slowed down Proofpoint's hunger for acquisition.
How Facebook Could Use Giphy to Collect Your Data (OneZero) Giphy joins Facebook’s data collection arsenal
Venafi acquires Jetstack to bring together developer speed and enterprise security (Help Net Security) Venafi, the inventor and leading provider of machine identity protection, announced a definitive agreement to acquire Jetstack.
NortonLifeLock buys back $625M in notes (NASDAQ:NLOK) (Seeking Alpha) NortonLifeLock (NASDAQ:NLOK) is repurchasing $625M of 2% convertible unsecured senior notes due 2022 from Bain Capital and Silver Lake.Under the agreement, NLOK will pay Bain and Silver Lake $1.18B, w
‘Remodelled’ Dimension Data to retrench 480 employees (ITWeb) Through a Section 189 process, the company starts consulting with stakeholders and employees, with a view to implementing a new operating model.
Air Force wants cyber experts to ‘make a living’ off hacking its tech (FedScoop) The Air Force plans to offer more of its systems as fodder for freelance cybersecurity researchers.
Facebook’s Smooth New Political Fixer (POLITICO) The company hired no less than a former deputy prime minister of the UK to fix its reputation and governance. But is Nick Clegg changing Facebook for the better—or putting a fresh shine on deep problems?
Candace Worley joins Ping Identity as global chief product officer (Help Net Security) Ping Identity, the Intelligent Identity solution, announced Candace Worley has joined the company’s leadership team as global chief product officer.
HackerOne Receives FedRAMP Authorization from U.S. Federal Government (BusinessWire) HackerOne, the leading hacker-powered security platform, today announced that it became the first and only hacker-powered security platform to achieve
Why CISOs are highly valuable in crisis situations (IDG Connect) Businesses encounter many types of crises in a lifetime, such as recessions, data breaches and global conflicts. While most people think of the CEO, CFO and board members as critical at these times, chief information security officers (CISOs) must be seen as integral in both security and business decisions.
BAD to the Bone — NIST, LOTL, and IoT/ICS Behavioral Anomaly Detection (BAD) (CyberX) Behavioral Anomaly Detection (BAD) technologies identify threats without relying on static IoCs, enabling detection of zero-day malware as well as fileless malware and Living Off the Land (LOTL) tactics. Learn how NIST tested BAD against 15 IoT/ICS-specific threat scenarios.
How IoT changes your threat model: 4 key considerations (CSO Online) More IoT devices connected to your network increases your attack surface, lowers visibility to potential threats, and requires greater coordination between IT and OT.
Dutch spies helped Britain's GCHQ break Argentine crypto during Falklands War (Register) Five Eyes-style Euro intel alliance Maximator tipped UK off about Crypto AG machines
Le premier smartphone quantique s’appuie sur une technologie genevoise (ICT Journal) Samsung, le fournisseur genevois ID Quantique et SK Telekom vont lancer le premier smartphone grand public à proposer un chipset avec un générateur quantique de nombres aléatoires, dans le but d’offrir un niveau de sécurité plus élevé.
Scientists unveil new concept for single-atom transistor (UPI) Scientists have developed a new method for constructing single-atom transistors, an essential component of the next generation of super-fast, ultra-powerful computers.
Announcing the ForgeRock University Achievement Awards (Security Boulevard) Each year, the ForgeRock University team comes together to reflect on the accomplishments of our team, instructors, and Authorized Training Partners. We are thrilled to announce our ForgeRock University Achievement Award winners.
China warns US of 'all necessary measures' over Huawei rules (ABC News) China’s commerce ministry says it will take “all necessary measures” in response to new U.S. restrictions on Chinese tech giant Huawei’s ability to use American technology, calling the measures an abuse of state power and a violation of market principles
China ready to target Apple, Qualcomm, Cisco and Boeing in retaliation against US' Huawei ban: source (Global Times) China is ready to take a series of countermeasures against a US plan to block shipments of semiconductors to Chinese telecom firm Huawei, including putting US companies on an
China decries new US rules against Huawei (CRN Australia) US govt moved to block global 5G chip supplies to the company.
The US Will Help a Taiwan Firm Build a Chip Plant in Arizona (Wired) The announcement comes as the Commerce Department issues new restrictions on sales to Huawei, the latest sign of US-China friction.
U.S. moves to cut Huawei off from global chip suppliers as China eyes retaliation (Reuters) The Trump administration on Friday moved to block global chip supplies to blacklisted telecoms equipment giant Huawei Technologies, spurring fears of Chinese retaliation and hammering shares of U.S. producers of chipmaking equipment.
U.S squeezes Huawei on chip design (FCW) An export rules change will limit the Chinese telecommunications company's ability to use U.S. gear and software to make semiconductors abroad.
US Seeks to Cut Off China's Huawei From Global Chip Suppliers (SecurityWeek) The U.S. Commerce Department said it was broadening its sanctions enforcement to include semiconductor designs that are developed using US software and technology.
Huawei accuses U.S. of guarding tech hegemony, not security (The Economic Times) The Trump administration opened up a new front in its conflict with China on Friday by barring any chipmaker using American equipment from supplying Huawei without U.S. government approval. That means Taiwan Semiconductor Manufacturing Co. and its rivals will have to cut off the Chinese company unless they get waivers from the U.S. Commerce Dept.
Japan, U.S. to set up economic security dialogue: Yomiuri (WKZO) Japan and the United States will set up a dialogue on economic security that will discuss 5G mobile-phone networks and the export of civilian technology that also has military use, the Yomiuri newspaper reported on Saturday.
Top intelligence official to take charge of briefing candidates on election threats (CNN) The top US counterintelligence official, Bill Evanina, has been tapped to provide "intelligence-based threat briefings" for Republican and Democrat candidates, campaigns and political organizations in the run-up to the 2020 election, the Office of the Director of National Intelligence announced Friday.
The Pentagon's fight to kill Ligado's 5G network (CNET) The Defense Department says the FCC's approval of Ligado's petition to use satellite spectrum for 5G will destroy GPS.
State and local cyber aid could find home in defense bill, congressman says (StateScoop) The top Republican on the House Homeland Security Committee said a cybersecurity grant program could be included in the National Defense Authorization Act.
Bill Proposes to Incentivize Cybersecurity Innovations With Cash Prizes (Nextgov) The legislation tries to breathe life into a “moonshot” idea first proposed by tech industry leaders.
Extent of Taiwanese government data breaches still unknown to public: Former NSC official (Taiwan News) 'Attacks have never been effectively subdued, nearly all core government units have experienced them': Enoch Wu
Burr submits final Russia report before leaving chairmanship (KRNV) WASHINGTON (AP) — Senate Intelligence Committee Chairman Richard Burr has submitted the final report in the panel's three-year Russia investigation to the intelligence community for a declassification review. The move came hours before he was to temporarily step aside as chairman of the panel.
WSJ News Exclusive | Justice Department, State Attorneys General Likely to Bring Antitrust Lawsuits Against Google (Wall Street Journal) Both the Justice Department and a group of state attorneys general are likely to file antitrust lawsuits against Alphabet’s Google—and are well into planning for litigation, according to people familiar with the matter.
Exclusive: India watchdog reviewing antitrust allegations against Facebook's WhatsApp - sources (Reuters) India's antitrust watchdog is looking into allegations that Facebook's WhatsApp is abusing its dominant position by offering payment services to its vast base of messaging app users in the country, three sources told Reuters on Friday.
Tusla becomes first organisation fined for GDPR rule breach (The Irish Times) Agency fined €75,000 over three cases where data about children was wrongly disclosed
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID (Register) Claims consent was neither informed, nor specific, nor free – but Google says it cannot identify a user from the ID
Ohio professor the latest to be arrested over China ties (Campus Reform) Another one.
Report: Marin governments still unsafe from hackers (Marin Independent Journal) The county and a majority of its municipalities have fallen victim to financial fraud and network breaches, according to the Marin County Civil Grand Jury.
Equifax Inks $30M Deal With Credit Unions Over Data Breach (Law360) Equifax Inc. has agreed to pay $5.5 million to a putative class of thousands of banks and credit unions, and to spend at least $25 million on the financial institutions' data security, to end their claims in multidistrict litigation stemming from a massive 2017 data breach, the banks said Friday.
Shutterfly User Must Arbitrate Ill. Biometric Privacy Claim (Law360) An Illinois federal judge said Friday that a Shutterfly user must arbitrate her accusations that the photo publishing service unlawfully stored biometric data from its facial-recognition technology, even though the company unilaterally added its arbitration clause after she sued.
AT&T Accused Of Using GPS To Track Workers And Dock Pay (Law360) AT&T used the GPS systems in company vehicles to track its sales representatives' appointments and illegally deduct money from workers' paychecks as reimbursement for letting them use the cars, according to a proposed class action filed Thursday in California federal court.
Patient's Privacy Suit Over Hospital Worker's Text Revived (Law360) Although suspicions of infidelity perhaps motivated a hospital employee to send her husband a text containing protected health information about a patient, an Indiana appeals court nevertheless said Friday that a jury should decide whether the employee was acting within the scope of her employment.
Capital One Judge Skeptical That Breach Report Is Privileged (Law360) A Virginia federal magistrate judge tackling discovery issues in the sprawling litigation over Capital One's massive 2019 data breach appeared unconvinced during a hearing Friday morning that consumers suing the bank are barred from seeing a cybersecurity firm's report on the event.
For a complete running list of events, please visit the Event Tracker.
Security Summit Virtual--Re-Prioritizing Security: Now & Beyond (Onine, May 20, 2020) The COVID-19 pandemic has set new business norms. A consistently rising number of businesses will be found going online and virtual, propelled by the pandemic. This will require higher attention towards cybersecurity, which must be enhanced using technologies like AI and ML. With an aim to bring together leading cybersecurity thinkers and practitioners, ETCISO.in, in association with IBM, is organizing an exclusive virtual summit on 20th May 2020.
BSides Las Vegas (Online, Aug 4 - 5, 2020) BSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community by providing an annual, two-day conference for security practitioners and those interested in (or looking to) enter the field. Our event is a source of education, communication, and collaboration. The technical and academic presentations at BSidesLV are given in the spirit of peer review and for the dissemination of knowledge among all specialties. This allows the field of Information Security to grow and continue its pursuit of a world where privacy and security are attainable.
Practical steps on your zero trust journey. A CyberWire Pro Briefing by Rick Howard. (Online, May 18, 2020) The Zero Trust strategy assumes that your network is already compromised and compels you to design it to reduce the probability of material impact to your organization if you experience either a trusted insider attack or an invading outsider who has bypassed your security controls to attain the same status. In other words, trust nobody and only allow employees enough access to the organization's resources to get their jobs done, but nothing further. You may think that designing and building that type of network is 180 degrees away from what you have right now. You would be wrong. You can get a long way down the Zero Trust path by using the equipment you already own in your current architecture. The thing that has to change is people and process. This CyberWire Pro online briefing will discuss what Zero Trust is, how to think about it in terms of your own environments, and the practical steps you can take right now with equipment you already have that will move you along that journey. This will be a vendor-neutral briefing by the CyberWire's CSO and Chief Analyst, Rick Howard, which will also provide some history and context for those looking to implement Zero Trust solutions.
41st IEEE Symposium on Security and Privacy (SP2020) (San Francisco, California, USA, May 18 - 20, 2020) IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems.
AFCEA/GMU Critical Issues in C4I Symposium (Online, May 19 - 20, 2020) For well over a decade, the AFCEA/GMU Critical Issues in C4I Symposium has connected academia, industry and government annually to address important issues in technology and systems research and development. The audience is typically more than 70% government/military featuring decision makers at all levels looking to advance their understanding of the key C4I challenges being faced now and in the future.
Cyber and Technology Day at Fort Gordon (Fort Gordon, Georgia, USA, May 20, 2020) If your product or service is cyber-related, Fort Gordon is where you want to be. The Fort's 2020 Cyber and Technology Day provides an excellent opportunity for IT, cybersecurity and tactical technology-oriented companies to network face-to-face with the Army's key IT, communications, and cybersecurity personnel.
Georgetown Law 2020 Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2020) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don’t know what they don’t know! At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.
