{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
What exactly is the security issue surrounding the Ukrainian company tied to the Trump impeachment? Amnesty International's case against NSO Group is going to court. And $20 million goes to a company developing "password-less" tech. This is CyberScoop for Tuesday, January 14.

Setting the Burisma story straight

Hackers linked to the Russian government have been targeting Burisma, a Ukrainian company tied to the impeachment trial against President Donald Trump, with a wide-ranging phishing campaign, according to California-based anti-phishing firm Area 1 Security. The campaign, which started in November, came as Congress was holding hearings tied to efforts by Trump to have Ukrainian President Volodymyr Zelenskiy investigate Vice President Joe Biden and his son, Hunter Biden, who served on the board of Burisma. The hackers, which Area 1 says work on behalf of Russia’s Main Intelligence Directorate, created fake websites designed to look like legitimate Burisma subsidiary websites and login pages. They then sent Burisma employees emails that looked to be authentic internal company emails with links to illegitimate login pages designed to steal login credentials. Shannon Vavra is all over it.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

No more license to hack?

The U.K.-based human rights group on Tuesday published a statement encouraging Tel Aviv’s District Court to revoke NSO Group’s export license, a move that would effectively prohibit the company from providing foreign clients with its technology. NSO Group sells Pegasus, hacking software which allows clients to monitor targets’ emails, text messages, collect passwords and gather other valuable personal information. Government critics and journalists in Mexico, Saudi Arabia and the United Arab Emirates have been targeted with Pegasus, Amnesty said. Jeff Stone has more details.

Another $20 million to tech that kills passwords

Trusona, founded in 2015, describes itself as an enterprise authentication company that helps customers abandon passwords in favor of QR codes. By using their phone to scan a QR code on their desktop, the idea goes, users can log-in to their accounts without a username and password, just as long as that service also is using Trusona. Along with physical security keys, password management tools and biometrics, it’s the latest emerging technology that is challenging traditional sign-on techniques. Georgian Partners led the most recent funding round with additional funding from the cloud security company Akamai Technologies. Jeff has the larger context.

BEC goes to school

The scam marks the most costly recorded attack of its type against a K-12 school district, dethroning an incident in 2018 against Crowley ISD near Dallas, Texas, which resulted in the loss of nearly $2 million. There were three fraudulent transactions made as part of the scam, Manor Police Department Det. Anne Lopez told CNN. Though no other information was provided, the initial description is consistent with a type of scam using phishing emails known as a “business email compromise,” in which a fraudulent actor fools someone with access to an organization’s finances to route payments to a new account under the guise of paying for services under an existing and legitimate contract. Betsy Foresman has more at EdScoop.

Pioneering blog Boing Boing talks about its hack

Boing Boing, an irreverent blog and news aggregator with deep roots on the internet, said Thursday that an attacker had managed to circumvent two-factor authentication to break into the account of a Boing Boing team member. From there, the unnamed hacker planted malware on the Boing Boing server that could infect visitors to the website. “From a systems security perspective, this is an excellent cautionary tale of the importance of individual user security,” the site’s leadership said. Sean Lyngaas has the story.

CrowdStrike says ransomware gangs are working together

The company found that the five most common malware infections it helped its clients with last year — Trickbot, Emotet, Ryuk, Dridex and BitPaymer — came from criminal groups, some of which appear to be collaborating with each other. The CrowdStrike report includes descriptions of hacker groups that use techniques seen in many ransomware attacks last year against U.S. cities, some of which elicited six-figure payments by governments desperate to regain control of their networks and applications. CrowdStrike’s researchers say there’s been a rise in such “big-game hunting,” attacks that target large organizations that are “especially sensitive to downtime,” raising the temptation for victims to cede to financial demand. Benjamin Freed has more at StateScoop.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}