Most companies aren’t prepared to secure data and assets for a surge of remote employees. Whether your VPN is over capacity, new cloud services are coming on-board, or new devices need protection, we have you covered during this critical time. McAfee is offering 3-month subscriptions for Endpoint Protection, Unified Cloud Edge, and CASB to help you scale security to your remote employees. Learn more about these offers at mcafee.com/workfromhome.
For more, see our daily update on COVID-19 and the cybersecurity community.
Japan's Defense Ministry is investigating the possible theft of technical details from a proposal concerning a missile designed by Mitsubishi Electric. Reuters says that details of the cyber espionage are sparse, but that the data stolen probably included certain performance specifications. The report adds that the missile won't be produced: Mitsubishi Electric didn't get the contract.
Researchers at Broadcom's Symantec unit are attributing attacks on South Asian telecommunications companies to Greenbug, an espionage group associated with Iran, and thought to be connected to the group responsible for Shamoon. CyberScoop reports that most of the activity was directed against Pakistan's telecommunications system. Telcos are attractive targets because of the value of the data they carry; the focus on Pakistan suggests a service with a strong interest in the region.
Sources tell Reuters that Chinese intelligence services were responsible for the easyJet hack that affected some nine-million passengers. The anonymous sources say that the same threat group had tracked travelers before, and was interested in their movements, not in financial gain from credit card theft.
The Jerusalem Post, considering the recent cyberattack on an Iranian port as retaliation for a cyberattack on Israeli water treatment facilities, sees the exchange as typifying a new approach to cyber war: continuous engagement.
Some security advice for military and intelligence professionals: treat beer as a commodity and be content. See Bellingcat for the risk of using the Untappd app to rate brews: you can be tracked. And anyway, Warsteiner, Obolon, Krušovice, Brass Cannon? They're all good.
Today's issue includes events affecting Australia, Brazil, Canada, China, Iran, Israel, Japan, Malta, Nigeria, Pakistan, Ukraine, United Kingdom, and United States.
A look at the consequences of widespread remote work.
"And really, for high-profile targets and high-value victims out there in enterprises, we're seeing that adversaries are trying to track them down and get to their home machines. And the reason that we're seeing that is that more and more employees are working from home, and not everyone has a laptop. Some of them actually have - use their home workstations, and they install their VPN client. They install their email client on there. And essentially, what happens is it makes - it essentially extends the surface - the attack surface of the enterprise to cover the home as well. And the net effect of that is that you'll see more and more adversaries - or we've seen more and more adversaries that are targeting home users of enterprise employees in order to find an easier soft target, if you will."
—Justin Harvey, global incident response leader at Accenture, on the CyberWire Daily Podcast, 5.18.20.
Harden your house.
Staying one step ahead of your adversaries is more challenging than ever. Fortunately, deception technology can give new visibility and intelligence in combating threat actors who seek to infiltrate your network.
Join our webinar on May 27 at 12pm EDT to learn how to optimize your deception technology investments to enhance your day-to-day security threat detection and mitigation activities.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses the Thunderspy vulnerability. Our guest is James Dawson from Danske Bank on DMARC/DKIM threats and why people are susceptible to them during COVID-19.
And Caveat is up. In this episode, "The different implications of surveillance," Dave has the story of the potential expansion of the Patriot Act. Ben takes a look at hacking tools that were offered up to local law enforcement. And later in the show my conversation with Alan Z. Rozenshtein, associate professor of law at University of Minnesota. We’re discussing his recent article in Lawfare, Government Surveillance in an Age of Pandemics.
In this week's episode of CSO Perspectives, "Cybersecurity first principles." the CyberWire's CSO Rick Howard continues his discussion of first principles with an account of zero trust, the next infosec building block.
COVID-19 Risks Outlook: A Preliminary Mapping and its Implications (World Economic Forum) Two new reports from the team behind the annual Global Risks Report identify the headline risks, challenges and, encouragingly, the opportunities the world is facing as a result of the COVID-19 pandemic, with an aim to raise awareness and foster widespread debate.
The Coming Post-COVID Anarchy (Foreign Affairs) The Pandemic Bodes Ill for Both American and Chinese Power—and for the Global Order
Australia slams coronavirus crisis cyber attacks (Australian Financial Review) Australia risks further rousing Beijing's ire after accusing unnamed countries of conducting and supporting cyber attacks under the cover of the crisis.
Doubts mount over effectiveness of UK contact-tracing app (ComputerWeekly) Studies from BCS and Anomali reveal that a significant proportion of the UK population is not prepared to download the Covid-19 contact-tracing app.
UK contact tracing app: will it be effective? (Compting) Emma Wright, Partner at technology and digital specialist law firm Kemp Little, discusses the various thorny issues around the NHSX contact tracing app, including its effectiveness, the privacy issues surrounding the technology, and possible discriminatory effects
Former Labour deputy leader Harriet Harman calls on UK govt to legally protect data from contact-tracing apps (Register) 'We don't want the system to rely on the individual integrity of any minister, ministerial team, or government'
Health Minister denies states and territories unable to access COVIDSafe data (ZDNet) Following reports earlier this week that no state or territory health officials were able to access the data from COVIDSafe despite the app being live for nearly a month.
GDPR wholly inappropriate to govern contact-tracing data (ComputerWeekly) Human Rights Committee Chair Harriet Harman says current data protection law is not up to the job of governing the data collected by the Covid-19 contact-tracing app
Malta joins Interpol campaign against COVID-19’s cyber criminals (MaltaToday) Malta joins international alliance led by Interpol to enhance cybersecurity during COVID-19
Congress must lead the fight against the disinformation pandemic (Military Times) Disinformation campaigns such as the
Imperva Research Labs Finds Early Signs of Recovery from Web Traffic Dips Following COVID-19 Shelter-in-Place Orders (BusinessWire) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, published its April 2020 Cyber Thr
Analysis | The Cybersecurity 202: Two primaries underscore dueling paths to holding elections during coronavirus pandemic (Washington Post) Oregon’s came off without a hitch, Kentucky is scrambling to be ready in June.
Cyber security and home working (York Press) AS A high proportion of the UK workforce will continue to work from home for the foreseeable future, the potential for relaxation in security…
How Congress is shaping data privacy laws during the pandemic (VentureBeat) How privacy advocates and Congress want to balance big data, AI, surveillance, and consumer data rights during the COVID-19 pandemic.
Cybercrime Ring Exploits the COVID-19 Pandemic with Fraudulent Unemployment and CARES Act Claims (Agari) Based on information we have uncovered, some, if not all, of the actors behind these fraudulent schemes are part of Scattered Canary.
BEC Scammers target unemployment and CARES Act claims (BleepingComputer) A group of business email compromise (BEC) Nigerian scammers has been targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act.
Analysis | The Cybersecurity 202: Unemployment claims are the latest target for coronavirus fraudsters (Washington Post) The U.S. Secret Service is warning about hundreds of millions of dollars being paid in phony claims.
COVID-19 contact tracing text message scams (Consumer Information) You’ve probably been hearing a lot about contact tracing.
The ‘Bank of America’ Is Circulating Notices of a Data Breach (TechNadu) A subset of sensitive data belonging to PPP loan applicants has been exposed to lenders, after the Bank of America uploaded the data on a testing platform.
Misinformation about coronavirus finds new avenues on unexpected sites (Washington Post) Despite a tougher approach during the pandemic, misinformation continues to elude social media companies' best efforts to police it.
Surveillance capitalism in the age of Covid-19 (ComputerWeekly) Could the Covid-19 coronavirus pandemic further consolidate surveillance capitalist practices and enterprises? Author Shoshana Zuboff warns Computer Weekly it is possible
Workplace Testing and Data Protection: Guidance for Employers (Cooley) As the UK begins to ease lockdown measures, employers in all sectors are considering how their employees can return to work in the safest possible way. For many, this will include testing to check …
'I can't see anyone going back to full occupancy' - CIOs on 'new normal', and what it will mean for their tech suppliers (CRN) Two IT leaders who have spent the last two months shifting staff to a remote working model will be opening up on what skills and technology they will need from the...
We’re about to re-enter an office full of half-baked design prototypes (Quartz at Work) Under normal circumstances, these makeshift, untested solutions would be deemed dangerous or even oppressive—literally barriers to work.
'More productive than ever’: Agency IT officials see benefits from telework (Federal Times) Increased productivity raises questions about the future of work for federal employees.
Microsoft announces a raft of new features for Teams (Computing) The company says it will add a range of customisable templates to Teams in "coming months"
Secure Code Warrior® Answers the Call From Zoom Video Communications (BusinessWire) Secure Code Warrior® announces it has been selected by Zoom Video Communications, Inc. to implement its online secure coding training platform.
Introducing the Varonis Remote Work Update (Varonis) The Varonis Data Security Platform Remote Work Update is here!
'Greenbug' hacking group hits three telecom firms in Pakistan (CyberScoop) For the past several months, suspected Iranian hackers have been rooting around the IT systems of at least three telecommunications companies in Pakistan, accessing data servers when it suits them, according to cybersecurity company Symantec.
New missile data feared leaked via cyberattack on M'bishi Electric (Kyodo News) Data regarding the capability of a cutting-edge high-speed gliding missile may have leaked through a cyberattack on Mitsubishi Electric Corp., sources close to the matter say.
Japan defence ministry investigating potential hack of next-gen missile details: Asahi (Reuters) Japan's defence ministry is investigating a possible leak of details of a new state-of-the-art missile in a large-scale cyber attack on Mitsubishi Electric Corp, the Asahi Shimbun newspaper reported on Wednesday.
Israel strikes back at Iran - the constant cyber warfare paradigm (The Jerusalem Post) Numerous top cyber and intelligence officials in Israel and the United States have spoken to "The Jerusalem Post" about a shift to “constant” cyber warfare.
Israel Hack of Iran Port Is Latest Salvo in Exchange of Cyberattacks (New York Times) Israel was behind a cyberattack that disrupted a major port in Iran, done in response to an attempt by the Revolutionary Guards to infiltrate an Israeli water facility.
Iranian Cyberattack Endangers Israeli Water Infrastructure (Watch Jerusalem) Israel’s tech-reliance is its Achilles’ heel.
Chinese hackers suspected of stealing details of 9 million easyJet customers (Reuters) Chinese hackers are suspected of accessing email and travel details of about nine million easyJet customers, said two sources familiar with the investigation into a cyberattack disclosed by the British airline on Tuesday.
EasyJet cyber attack ‘came from China’ (The Telegraph) The details of 9m customers have been compromised, including about 2,000 credit card numbers, in a major data breach
Easyjet data breach: how to know if you've been affected, and what to do about it (The Telegraph) EasyJet has revealed that hackers have accessed the email and travel details of around nine million customers, as well as the credit card details of more than 2,000 of them, in a "highly sophisticated" attack.
ICO a ‘toothless tiger’ claim commentators, as EasyJet breach (SC Magazine) The Information Commissioner's Office has not done enough when it comes to GDPR, some industry experts have claimed.
Dark Nexus IoT Botnet: Analyzing and Detecting its Network Activity (Nozomi) The massive presence of unprotected IoT devices is providing many opportunities for malicious threat actors. Most of these devices are plug-and-play and do no not require any kind of configuration, making security optional.
GhostDNS Source Code Leaked (Avast Threat Labs) Router exploit kits are becoming more and more popular among cybercriminals, mostly targeting routers in Brazil, because many Brazilian routers are poorly secured with default and well known login credentials. Router exploit kits are usually distributed via malvertising webpages, and these campaigns appear in waves. A year ago (May 2019), our Avast Web Shield, a […]
WolfRAT Android Malware Targets WhatsApp, Facebook Messenger (Threatpost) Researchers link the malware to Wolf Research with "high confidence" after it was spotted in campaigns targeting Thai users.
WolfRAT targets WhatsApp, Facebook Messenger app users on Android devices (ZDNet) The new malware is unstable and appears to be a slapdash effort based on leaked DenDroid code.
Microsoft warns of 'massive' phishing attack pushing legit RAT (BleepingComputer) Microsoft is warning of an ongoing COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool.
Quarter of a million customers exposed as Brazilian cosmetics brand suffers data leak (SafetyDetectives) One of the leading online retailers in Brazil, Natura&Co, has been informed of a significant data leak within its website...
REvil Ransomware Attacks Food Distributors; Hackers Seek $7.5M Ransom (MSSP Alert) REvil (Sodinokibi) ransomware attacks two large food distributors & reportedly exposes sensitive information of at least three megamarket food chains.
Sydney sports store Instore hit by Windows REvil ransomware (IT Wire) Sydney sports specialty store chain Instore has been hit by the REvil ransomware that attacks Windows systems and a limited set of data from the company has been published on the dark web by the attackers. Insport has 17 stores in Sydney and is one of the larger companies in its sector. The fact tha...
Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks (ZDNet) A firmware patch has been released last year, in November.
3 Phishing Trends Organizations Should Watch Out For (Digital Shadows) Based on data from 2019 and what we've observed in 2020, Digital Shadows has gathered three phishing trends that cybercriminals and advanced persistent threat (APT) groups are using to target your
Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices (Threatpost) A host of unpatched security bugs that allow BIAS attacks affects Bluetooth chips from Apple, Intel, Qualcomm, Samsung and others.
'Animal Crossing hackers' are selling modified trees that can bear any item (Micky) Animal Crossing hackers have found a way to put star fragments in trees. Thes may be cool looking trees but they come with risks.
Hacker sells 129 million sensitive records of Russian car owners (BleepingComputer) A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum.
Toll Group may have lost over 200GB of data in ransomware attack (iTnews) Attackers start posting files.
“A Cybercriminal’s Dream”—Zerto Research Shines a Light on Infrequent Backups and Insufficient Recoverability Testing within Organizations (Zerto) Results show that businesses have availability gaps preventing them from properly safeguarding against increasing cyberthreats
'Scam' Spyware Vendor Gets Caught, Once Again (Vice) Security researchers expose a new Android malware linked to Manish Kumar, the infamous owner of government spyware vendor Wolf Intelligence.
HOPSEC: Beer rating app could pose a military security threat (Stars and Stripes) Tapping into a beer rating app allowed researchers to track military and intelligence personnel, including some who checked in at a military base that hosts a CIA training facility known as “the farm.”
Emerson OpenEnterprise (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerabilities: Missing Authentication for Critical Function, Improper Ownership Management, Inadequate Encryption Strength 2.
Rockwell Automation EDS Subsystem (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: Rockwell Automation Equipment: EDS Subsystem Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a denial-of-service condition.
Andrews University Recovers From Malware Attack (Adventist Review) Windows servers were infected, as well as PCs connected to them, officers reported.
Chrome 83 released with massive security and privacy upgrades (BleepingComputer) Google has released Chrome 83 today, May 19th, 2020, to the Stable desktop channel, and it includes massive security and privacy overhaul changes for its users.
Chrome 83 arrives with redesigned security settings, third-party cookies blocked in Incognito (VentureBeat) Google Chrome 83 brings redesigned safety and privacy settings, third-party cookies blocked in Incognito mode, and more developer features.
Firefox to tell you if sites are shortening your passwords (Naked Security) Mozilla is fixing a longstanding password problem to alert users when their password exceeds the maximum length allowed.
Adobe Patches Critical RCE Flaw in Character Animator App (Threatpost) A critical remote code execution flaw in Adobe Character Animator was fixed in an out-of-band Tuesday patch.
New Research Reveals That 70% of Applications Have Open Source Security Flaws (GlobeNewswire) Veracode’s State of Software Security: Open Source Edition examines the cascading effect of flaws in open source libraries widely used to create applications
CEOs Fear Becoming the Next Big Breach According to WSJ Intelligence and Forcepoint Survey (Forcepoint) The C-Suite Report: The Current and Future State of Cybersecurity sponsored by Forcepoint reveals less than half of CEOs believe their business has an ongoing cybersecurity strategy in place Geographic location influences how business and security leaders prioritize security for customer data versus organizational IP Enterprises use more than 50 security vendors on average with 62% reporting they want even more
Data recovery is cheaper than paying off a ransomware hacker (TechRadar) Ransom costs double that of data recovery by other means
CEOs and CISOs disagree on cyber strategies (Help Net Security) There are growing disparities in how CEOs and CISOs view the most effective cybersecurity path forward, according to Forcepoint.
Hackers and cyber attacks are now evolving faster than ever before: Subex (Devdiscourse) Digital technology provider Subex said on Wednesday it has detected 46 per cent increase in attacks on smart homes, enterprises and control systems connected to critical infrastructure as the global cyber threat landscape alters amid the ongoing coronavirus pandemic.
RSA Conference 2021 Changes Date from February to May 2021 (RSA Conference) Without question, the events industry has been heavily impacted by the global pandemic. With public health and safety as the top priority, we have officially announced that the 30th anniversary of RSA Conference will take place the week of May 17, 2021 at the Moscone Center in San Francisco versus in February. The physical event will be accompanied by a robust and innovative virtual experience.
Confluera Raises $20 Million in oversubscribed Series B round to accelerate adoption of autonomous security for Cloud Infrastructure. (BusinessWire) Confluera today announced that it has raised over $20 million in Series B funding led by Icon Ventures to unlock the future of cyber threat detection
Responsible Cyber acquires Secucial in S$7m deal (ComputerWeekly) Singapore startup Responsible Cyber plans to bolster its Immune platform with access control management capabilities and expand its global footprint
Aqua Security Raises $30 Million in Series D Funding (Aqua) Aqua Security announced today that it has closed a Series D round of $30M led by Greenspring Associates, with participation by Aqua’s existing investors.
Coalition Raises $90 Million in Funding to Build the Future of Cyber I (PRWeb) Coalition, the leading cyber insurance and security company, today announced it has raised $90 million in equity capital to fuel its mission to solve cyber risk
Charlesbank Invests $70M in Cyberbit – Letter from Cyberbit CEO (Cyberbit) In 2015, we embarked on our mission of creating a platform that will prepare the cyber defenders of the world.
Orange Cyberdefense exec on rivaling the IT services giants (CRN) After building a leader in cybersecurity services through acquiring two of Europe’s largest independent players, Thomas Gourgeon discusses the difficulties of integrating the firms during COVID-19, and plans for the future
4 Cybersecurity Stocks to Buy for Long-Term Gains (InvestorPlace) Secular tailwinds underpinning the cybersecurity market remain as favorable as ever, meaning these four cybersecurity stocks are good buys.
Wire Leads with Security at the Forefront of 407% Year-On-Year Revenue Growth (PR Newswire) As the need for secure and effective collaboration tools rises globally, Wire, the most secure collaboration platform, tracks turbo-charged...
Cygilant Expands Globally with New Belfast Office (Cygilant) Company’s First European Security Operations Center Opens to Meet Global Demand for Affordable Cybersecurity
Utilities Industry Cybersecurity Veteran, Michael Bailey, Joins Fortress Information Security (Fortress Information Security) Security and compliance innovator Michael Bailey joins Fortress to develop groundbreaking solutions for utilities, vendors and service providers
Cenit: Dr. Markus Wesel neuer Finanzvorstand (Automationspraxis) Beim Softwarehaus Cenit AG wurde Dr. Markus Wesel als Finanzvorstand (CFO) in den Vorstands berufen.
Stephan Klokow, Direktor DPI bei Rohde & Schwarz, in Vorstand des Cluster IT Mitteldeutschland e.V. gewählt, ipoque Gmbh (Pressebox) A Rohde & Schwarz Company, Die Teilnehmer der Mitgliederversammlung des Branchennetzwerkes Cluster IT Mitteldeutschland e.V. wählten Stephan Klokow…
Telos Corporation Welcomes General Keith Alexander as Inaugural Member of Advisory Board (Telos Corporation) New Telos Advisory Board member General Keith Alexander (Ret) to aid cyber, cloud and enterprise security firm in pursuit of strategic objectives.
RunSafe Security Appoints Veteran Security Experts to Technical Advisory Board (PR Newswire) RunSafe Security, a pioneer of a patented process to immunize software from cyber attacks without developer friction, today announced the...
BlackBerry Spark Suites: Bringing Order to the Chaos (BlackBerry) What if organizations could address the complexities of modern cybersecurity with a single solution? Now you can with the introduction of the BlackBerry Spark® Suites, which provide a comprehensive solution with a range of options tailored to meet the security and endpoint management requirements of a wide range of organizations with specific needs.
Exabeam Launches New Application for User and Entity Behavior Analytics in the CrowdStrike Store (Exabeam) Through integration with CrowdStrike’s Falcon Platform, the Exabeam Ingester for CrowdStrike will help security teams identify anomalies and[...]
Humio accelerates its momentum with extended collaboration with IBM (Humio) Humio and IBM deliver streaming observability at scale to more customers around the globe
Avanan Introduces Cloud-based Security for Citrix ShareFile (GlobeNewswire) Avanan, the leading security solution for cloud-based email and collaboration suites, announced today new security protocols to protect Citrix ShareFile.
Stage 2 Security Launches Federal Practice (PR Newswire) A leader in Adversary Simulation, Protection and Prevention services, Stage 2 Security (S2) www.stage2sec.com announced on May 18, 2020 the...
Portshift Announces Extended Kubernetes Cluster Protection – Adding Po (PRWeb) Portshift, a leader in Kubernetes-native solutions, today announced Extended Kubernetes Cluster Protection. The new capability provides Kubernetes API calls/
Cowbell Standalone Cyber Insurance Product Now Admitted in California - (Cowbell Cyber) Cowbell Prime 100, Cowbell's standalone cyber insurance product is now admitted in the State of California and available immediately to SMBs.
SAFE Identity Announces Revamped SAFE-Biopharma Trust Framework and New Services to Expand and Evolve Digital Trust in Healthcare Sector (GlobeNewswire) Today marks the official introduction of SAFE Identity, an industry consortium and certification body supporting the advancement of digital identity and cryptography in healthcare by enabling trust of digital credentials.
ImmuniWeb to Offer a Free Online Test to Illuminate Your Dark Web Exposure (ImmuniWeb) ImmuniWeb Community edition, processing over 50,000 free daily web security tests, now offers a comprehensive snapshot of Dark Web exposure for organizations and enterprises of all sizes.
Internews, ESET announce security partnership (ITP) The pilot project will protect more than 1000 devices, reaching a network of journalists, human rights groups and members of civil society
How -- and why -- to add SolarWinds modules (SearchITOperations) Operations teams can enhance their IT monitoring capabilities when they add SolarWinds modules. Because any module can be used as a starting point, there's flexibility in how to create a monitoring system that's tailored to an organization's specific priorities.
ShipChain Will Use Baseline Protocol to Facilitate Private Transactions on Public Ethereum Network (Supply and Demand Chain Executive) ShipChain will use Baseline Protocol to help facilitate both fully private transactions on both the public Ethereum network and the ShipChain sidechain.
SecureSky Announces Partnership with ThreatQuotient (PR Newswire) SecureSky is pleased to announce its new strategic partnership with ThreatQuotient, headquartered in Northern Virginia, with international...
Exabeam Accelerates Cloud Growth and Extends Security Management to Zoom and Other Cloud Applications (BusinessWire) Exabeam today announced a significant performance milestone with Exabeam SaaS Cloud.
Cyber Threat Alliance and IT-ISAC Sign Cooperative Working Agreement (Cyber Threat Alliance) Both entities will cooperate on threat intelligence and coordinate during cybersecurity incidents and emergencies WASHINGTON, May 20, 2020 – The Cyber Threat Alliance (CTA) and The Information Technology – Information Sharing and Analysis Center (IT-ISAC) have signed a working agreement to cooperate on threat intelligence and coordinate during cybersecurity incidents and emergencies. CTA and IT-ISAC... View Article
Object Management Group Forms Digital Twin Consortium with Founders Ansys, Dell Technologies, Lendlease, and Microsoft | Digital Twin Consortium™ (Digital Twin Consortium) PR: Users to create standard terminology, reference architectures and share use cases across industries.
Cyber resiliency is key to remodeling your cyber plan (GCN) Agencies can improve their resiliency by establishing and extending trust through every layer of the enterprise -- from the critical hardware infrastructure all the way out to the data on the network.
How to detect and manage web bots? (Wire19) Web bots have evolved dramatically in recent years, and we can classify these bots (especially bad bots) into four ‘generations’. Read more.
Technologies in all layers of the cloud stack are at risk (Help Net Security) As the cloud stack becomes increasingly complex, what’s needed is a holistic approach with consistent protection for the risk organizations face.
For ethical artificial intelligence, security is pivotal (Fifth Domain) AI is a top priority in the United States and to our friendly foreign partners, but potential adversaries will make the pursuit of finding ways to compromise these systems a top priority of their own.
DoD developing ‘best practices’ for AI programs (C4ISRNET) The Department of Defense has many artificial intelligence programs, but has yet to develop a cohesive set of standards for them.
DoD Creating Standards For AI Programs (Breaking Defense) DoD has "so many hundreds of programs that we really couldn't do a fair evaluation of each individual activity," Mark Lewis, director of modernization in the Research and Engineering office, said today.
John Ratcliffe, Trump’s pick for top intelligence post, clears divided Senate panel (Washington Post) The Texas congressman is expected to win full confirmation to oversee all U.S. intelligence agencies.
You know this Land of the Free thing, yeah? Well then, why allow the FBI to trawl through America's browsing history without a warrant? (Register) 50-plus advocacy groups call on US House of Reps to slap limits on surveillance law
California Consumer Privacy Steams Ahead Even as the Economy Stops | ICLG.com Briefing (ICLG.com/briefing) It would appear that nothing can stop the momentum that is the California Consumer Privacy Act (CCPA) and the privacy advocates who want the people to decide, directly, how their data is used
Joshua Schulte will go on trial again in connection with Vault 7 leak (CyberScoop) U.S. prosecutors will retry ex-CIA employee Joshua Schulte on espionage-related charges after a jury couldn't come to a decision in his first trial.
Facebook fined by Canada competition watchdog after privacy probe (Reuters) Canada's competition watchdog said on Tuesday it had fined Facebook Inc C$9 million ($6.5 million) after an investigation found the social network made "misleading" claims about personal information of Canadians on Facebook and Messenger.
Hacker arrested in Ukraine for selling billions of stolen credentials (ZDNet) Hacker "Sanix" has been selling billions of hacked user credentials on hacker forums and Telegram channels.
Cyber attack suspect granted bail in Vic (Blue Mountains Gazette) An IT professional allegedly launched a cyber attack against a major Melbourne shopping centre a day after he was accused of stealing shorts. Xi Hu allegedly...
Cash-flashing rapper charged with money laundering for BTC-e (Naked Security) The FBI nabbed “Plinofficial” when he arrived at Miami airport carrying $20K cash, allegedly made off of the defunct, fraud-fav exchange.
Supreme Court judges legality of WhatsApp blocks by Justice - Latest News, Breaking News, Top News Headlines (Explica) The Federal Supreme Court (STF) will start to judge this Wednesday, 20, if the Brazilian courts can prevent the operation of WhatsApp, and other messaging...
U.S. Sanctions Chinese Company, Alleges Ties to Iran’s Mahan Air (Wall Street Journal) The U.S. imposed sanctions on a Chinese logistics company that it says acted as a sales representative for blacklisted Iranian airline Mahan Air.
Susan Rice's resurfaced 2017 comments denying knowledge of Trump team surveillance raise eyebrows (Fox News) An old interview clip of former National Security Adviser Susan Rice resurfaced Tuesday after the declassified email she sent to herself on the final day of the Obama administration was released.
Ukrainian lawmaker releases leaked phone calls of Biden and Poroshenko (Washington Post) Ukrainian lawmaker Andriy Derkach, a former member of a pro-Russia faction who met with Rudolph Giuliani in Kyiv last year, said he got the tapes from “investigative journalists.”
For a complete running list of events, please visit the Event Tracker.
CyberTech Tel Aviv (Tel Aviv, Israel, Apr 20 - 22, 2021) Cybertech Global in Tel Aviv is one of the largest cyber events in the region expecting over 18,000 attendees, hundreds of global speakers and delegations from all over the world—and participation and involvement by a vast range of companies, startups, and organizations.
41st IEEE Symposium on Security and Privacy (SP2020) (San Francisco, California, USA, May 18 - 20, 2020) IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems.
AFCEA/GMU Critical Issues in C4I Symposium (Online, May 19 - 20, 2020) For well over a decade, the AFCEA/GMU Critical Issues in C4I Symposium has connected academia, industry and government annually to address important issues in technology and systems research and development. The audience is typically more than 70% government/military featuring decision makers at all levels looking to advance their understanding of the key C4I challenges being faced now and in the future.
Cyber and Technology Day at Fort Gordon (Fort Gordon, Georgia, USA, May 20, 2020) If your product or service is cyber-related, Fort Gordon is where you want to be. The Fort's 2020 Cyber and Technology Day provides an excellent opportunity for IT, cybersecurity and tactical technology-oriented companies to network face-to-face with the Army's key IT, communications, and cybersecurity personnel.
Georgetown Law 2020 Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2020) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don’t know what they don’t know! At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.
Techno Security & Digital Forensics Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private sectors. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. Educational sessions cover topics within the following primary tracks from which CPE credits can be earned: Audit/Risk Management, Forensics, Investigations, Information Security, and Sponsor Demos. Learn from industry experts, connect with leading suppliers, and discover the latest innovations in cybersecurity and digital forensics.
