What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
April 15, 2019.
By the CyberWire staff
TechCrunch says Microsoft has acknowledged that "a limited number" of Redmond's web-mail service users had their accounts compromised. The incident, which occurred between January 1st and March 28th, arose when a customer support agent's credentials to a support portal were compromised. Microsoft advises affected users (whom it's notified) to change their passwords. The breach carries with it the usual attendant risk of derivative phishing.
Researcher John Page released a proof-of-concept Internet Explorer zero-day after Microsoft declined to patch it, deferring corrective action until some unspecified later time. ZDNet reports that the vulnerability could enable file exfiltration.
On Friday CISA announced that CERT/CC, the CERT Coordination Center, had issued a warning about vulnerabilities in widely used Virtual Private Network (VPN) applications. CERT/CC says the applications "store the authentication and/or session cookies insecurely in memory and/or log files."
Facebook, Instagram, WhatsApp, and Messenger were down for several hours yesterday, the second major disruption the social network has suffered in roughly a month, the third so far this year. Mashable and others quote the only explanation Facebook has so far offered: "The issue has since been resolved; we're sorry for any inconvenience."
Today is tax day, and as the dazed, confused, or dilatory scramble to file, Consumer Affairs warns that scammers are prepared to take advantage of the procrastinators' reduced capacity to set the phishhook. Zscaler shares some eleventh-hour advice: beware of "'IRS login' phishing," "fake 'Apply for EIN' scam and Google SEO poisoning," and (in the UK) the "tax refund phishing campaign."
Today's issue includes events affecting Australia, China, Ecuador, European Union, Germany, Jamaica, Democratic Peoples Republic of Korea, Malaysia, Philippines, Russia, Singapore, Thailand, United Kingdom, United States.
A note to our readers: if you find value in the CyberWire Daily News Briefing, why not encourage your colleagues to sign up as well? They can subscribe here. Thanks for your consideration (and, of course, thanks for reading).
Earn Your Master’s in Cybersecurity from Georgetown
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Homeland Security warns of security flaws in enterprise VPN apps(TechCrunch) Several enterprise virtual private networking apps are vulnerable to a security bug that can allow an attacker to remotely break into a company’s internal network, according to a warning issued by Homeland Security’s cybersecurity division. An alert was published Friday by the governmen…
Vulnerability in Multiple VPN Applications(CISA) The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#192371 for
RobbinHood Ransomware Claims It's Protecting Your Privacy(BleepingComputer) A new ransomware is in play called RobbinHood that is targeting entire networks and then encrypting all computers that they can gain access to. They then request a certain amount of bitcoins to decrypt a single computer or a larger amount to decrypt the entire network.
‘Land Lordz’ Service Powers Airbnb Scams(KrebsOnSecurity) Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “Land Lordz,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.
2019 tax season phishing scams(Zscaler) Zscaler ThreatLabZ team is keenly observing 2019 Tax Season Phishing Scams. We are actively monitoring tax related phishing campaigns and ensuring that Zscaler customers are protected. We have seen various types of phishing campaigns where attackers are using various methods to deliver the phishing content. Read more.
Recent Breach Targeted MyPillow And Amerisleep Customer Data(neoRhino IT Solutions) If you've purchased bedding from either MyPillow or Amerisleep, your data may have been compromised. These companies are two popular mattress and bedding merchants operating in the US. This is according to a recent report coming to us from RiskIQ....
Social Engineering Hacks the Way You Think(Security Boulevard) What does “social engineering” mean? The term “social engineering” may sound arcane and intimidating, and in some ways, it is. But most of us have encountered some form of social engineering many times — on the internet, in our emails, and in newspapers and magazines. The email advance-fee scam, which most of us will remember as the Nigerian Prince email scams from years ago, is one form of social engineering — deceiving the victim into believing they have something to gain.
Big Brother at the Mall(Wall Street Journal) Is facial recognition coming to a store near you? The privacy-protection debate in Congress is moving beyond e-commerce to bricks-and-mortar stores. Already, magic mirrors and in-store beacons log shoppers’ data.
IBM set to secure India against nation-state hackers
(Business Standard) As chorus in India grows to safeguard key defence installations and organisations from nation-state cyber criminals, IBM with its enterprise-grade security solutions is ready to partner the government on cyber-proofing sensitive data on Cloud.
Eugene Kaspersky: Mistrust makes us stronger(Computerworld) As the drummers in LED-studded military uniforms exit the stage at the opening ceremony of Kaspersky Lab's Singapore summit, on walks Eugene Kaspersky in a blue linen shirt, jeans and trainers, an SLR camera slung round his neck.
Password manager Dashlane closes on $30M, adds former Spotify CMO to board(TechCrunch) Dashlane, a popular password manager and all-round identity management solution, has raised another $30 million in funding, the company announced today. The funding — this time a round of debt financing from Hercules Capital — follows prior investment from FirstMark Capital, Rho Venture…
The Cybersecurity Threat Of GDPR(PYMNTS.com) The General Data Protection Regulation (GDPR) represented a new phase in data security and EU regulators’ approach to it. Designed to safeguard consumers with greater transparency into how, when and by whom their personal data is collected, GDPR, though based in EU, has a global reach and is likely to act as a blueprint for […]
WikiLeaks Set 21st Century Model for Cyber-Leak Journalism(SecurityWeek) Using cryptography and virtual drop boxes, Julian Assange's WikiLeaks created a revolutionary new model for media to lure massive digitized leaks from whistleblowers, exposing everything from US military secrets to wealthy tax-dodgers' illicit offshore accounts.
Will Assange's 'physical proof' blow up the Dem Party's biggest lie?(Conservative News Today) Is Julian Assange about to blow the lid off a whole pack of lies told by the Democrats and the intelligence community since 2016? In the summer of 2017, California Republican Congressman Dana Rohrabacher went to London and met with Assange at the Ecuadorian embassy, where he was living after having been granted asylum by …
Apple and Qualcomm’s Billion-Dollar Staredown (Wall Street Journal) The tech titans’ patent dispute has become one of the ugliest corporate battles in history. A frosty relationship between the companies’ CEOs, Tim Cook and Steve Mollenkopf, has deepened the divide.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
International Conference on Cyber Engagement(Washington, DC, USA, April 23, 2019) This year, the eighth annual International Conference on Cyber Engagement (ICCE) will be hosted for the first time by the Atlantic Council’s Scowcroft Center for Strategy and Security, in partnership with...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Sacramento Cybersecurity Conference(Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Austin Cybersecurity Conference(Austin, Texas, USA, August 15, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Pittsburgh Cybersecurity Conference(Pittsburgh, Pennsylvania, USA, August 22, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Washington DC Cybersecurity Conference(Washington, DC, USA, August 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Montréal Cybersecurity Conference(Montréal, Québec, Canada, September 5, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
IMPACT ’19(Chantilly, Virginia, USA, April 15 - 17, 2019) Prepare for the changes ahead and get out in front of the compliance curve by attending the 34th annual NSI IMPACT Forum on April 15-17 at the Westfields Marriott in Chantilly, VA. The theme of this year’s...
San Antonio Cybersecurity Conference(San Antonio, Texas, USA, April 16, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Insider Threat Summit 2019 (ITS5)(Monterey Bay, California, USA, April 17 - 18, 2019) ITS5 brings Government and Industry organizations and cybersecurity leaders together to better understand the type of threats that impact infrastructure and overall operations. Our two-day summit will...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.