{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
State, local and federal government officials are keeping their focus on plugging any holes Iranian hackers could use to avenge Qassem Soleimani. This year is going to be a big one for security deals, if the first week is any indication. And did a Baltimore city employee steal money during the ransomware attack? This is CyberScoop for Tuesday, January 7.

The preparation continues

An advisory issued Monday evening by the DHS’s Cybersecurity and Infrastructure Security Agency acknowledges Iran’s considerable cyber capabilities and urges organizations to consider whether they make an attractive target for Tehran’s hackers. Iranian operatives could  steal intellectual property or conduct cyber-espionage “to enable a better understanding of our strategic direction and policy-making,” CISA advised U.S. organizations. The memo also urged companies and government agencies to closely monitor network traffic, including data flowing into industrial control systems, where Iranian hackers have taken an increased interest of late. Sean Lyngaas had the report.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

State and local governments need to up their game, too

An advisory by the Multi-State Information Sharing and Analysis Center instructs state and local governments to “maintain heightened log monitoring and awareness” of activity on their networks, particularly as they pertain to critical infrastructure. The warning, issued Friday, came in the wake of a U.S. drone strike that killed Qassem Soleimani, Iran's top security and foreign intelligence commander. “While [the Department of Homeland Security] assesses there are currently no specific credible threats against our homeland, it anticipated an Iranian cyber response to the U.S. is likely to involve destructive malware with intent to disrupt U.S. critical infrastructure,” reads the advisory. StateScoop's Benjamin Freed had the bulletin.

A big week for the security biz

Accenture Security announced this morning it's acquired Symantec's Cyber Security Services business from Broadcom. The firms didn't disclose the terms of the deal, but it means that Accenture is buying one part of the Symantec Enterprise business that Broadcom acquired for more than $10 billion last year. (Symantec doesn't break out Cyber Security Services revenue from the Enterprise side, Accenture said.) Meanwhile, the venture capital and private equity firm Insight Partners said it will acquire Armis, an IoT security vendor, at a $1.1 billion valuation. And, in unrelated news, Imperva has named Pam Murphy, the longtime COO of the cloud security firm Infor, as its new CEO. If all that isn't enough for you, don't forget: Mastercard said around Christmas it will acquire RiskRecon, a risk assessment firm. Jeff Stone is following it.

Cybersecurity's warranty challenge

Making the best decision about risk sometimes means forgoing cybersecurity’s best practices. That can be the unfortunate reality for companies with equipment that is under warranty. Security leaders sometimes have to make the tough choice of forgoing a patch because in some cases, it would void the manufacturer warranty on the product if applied, and leave them on the hook for any potential costs if the equipment were to break. In this op-ed ForeScout's Ellen Sundra examines both sides of this problem, and what security professionals need to weigh as they examine their enterprise's posture. Read the full column.

DHS makes a move on vulnerability reporting

DHS’s Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information recently via the General Services Administration to identify potential vendors who can provide “a software-as-a-service web application that serves as the primary point of entry for vulnerability reporters to alert the government of potential issues on federal information systems for those agencies that participate in the platform.” CISA plans to manage the vulnerability reporting platform, which is voluntary, and leave it up to the agencies to remediate any bugs shared there. FedScoop's Billy Mitchell is on the case.

Telemarketing CEO blames ransomware for sudden closure

The CEO of an Arkansas telemarketing firm is blaming a ransomware attack for her decision to temporarily shut the company’s doors and leave workers unsure of their employment status just days before Christmas. Sandra Franecke, in a letter to employees of The Heritage Company, said the business, which solicits money on behalf of nonprofit clients, was infected with malicious software about two months ago. Hackers “basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the ‘key’ just to get our systems back up and running,” Franecke said in a letter. The ransomware incident has cost The Heritage Company “hundreds of thousands of dollars,” Franecke wrote. Jeff has more.

City employee accused of embezzlement amid ransomware attack

A Baltimore sanitation worker used a workflow procedure implemented after ransomware attack earlier this year to steal government funds, the city’s inspector general announced last month. For two days following a May 7 cyberattack that disrupted many municipal functions, including the ability to process electronic and credit-card payments, a cashier for the Baltimore Department of Public Works embezzled as much as $455.73 by shredding tickets for garbage hauls that came through one of the city’s waste-transfer stations. The ransomware attack, which has been attributed to a virus known as RobbinHood, disabled numerous IT systems across the city government. Many agencies that process payments, including DPW, temporarily developed “manual workarounds,” reverting to pen and paper to log transactions for several weeks. Here's more context.

Who needs a snow day when you have ransomware?

A recent ransomware infection at Richmond Community Schools in Michigan caused administrators to extend winter break through the week as district personnel work to remedy the issue and bring all services back online. The malware was discovered Dec. 27 while IT staff conducted routine computer updates, district Superintendent Brian Walmsley told EdScoop, and was found to have entered systems through a network connection with the district’s heating and cooling service provider. All systems were immediately shut down and the district’s backup server was disconnected to contain the virus, said Walmsley. EdScoop's Betsy Foresman is watching for updates.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}