{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
Duo's boss delves into his mentality around data protection. Google paid researchers more than ever for vulnerability submissions. And the chief information security officer at DHS uses 'Have I Been Pwned?' to monitor recent breaches. This is CyberScoop for Wednesday, January 29.

Why the Interior Department grounded its drone fleet

The Secretary of the Interior issued an order Wednesday grounding all non-emergency drones so that the Department of Interior can assess potential cybersecurity concerns before operating the devices any further. The order, which will be temporary, “is intended to better ensure the cybersecurity and supply of American technology of unmanned aircraft systems,” according to the order. Part of the DOI’s concern is that information on American energy, transportation, and defense infrastructure collected by DOI drones “has the potential to be valuable to foreign entities, organizations, and governments,” the order says. While DOI grounded a fleet of approximately 800 Chinese-made drones last October, this order is intended to formalize and expand that grounding, said a senior Interior official. Shannon Vavra has the story.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

This doesn't have to be hard

Duo Security CEO Dug Song kept it simple Tuesday when he described the last decade in cybersecurity. "It sucked," Song told the crowd at the Zero Trust Security Summit presented by Duo and produced by FedScoop and CyberScoop. The next decade doesn't have to be that way, he says, because the technology ecosystem has the tools it needs to make security as seamless and easy to use as possible. In a sit-down with CyberScoop on the sidelines of the summit, Song talked about the evolution of zero trust, how the cybersecurity market is changing, and how cybersecurity can be better woven into campaign operations. Check Out Greg Otto's conversation with Song.

Google paid $6.5 million to bug hunters last year

Researchers who reported security flaws to Google through the company's vulnerability reward program in 2019 earned payments totaling $6.5 million for their submissions, the company said Tuesday. That's almost twice the $3.4 million paid in 2018. One researcher, Guang Gong, of Alpha Lab, took home $201,337 for a remote code execution exploit chain on Pixel 3 phones, while another 460 researchers earned at least $100 for their submissions. The uptick in rewards comes after Google expanded the program to include third-party apps on the Google Play store. Find more details here.

DHS CISO asks himself, ‘Have I Been Pwned?’

“Have I Been Pwned?” the website that alerts members if their email addresses have been swept up in a data breach, illustrates the risks of password-based security, and reinforces the need for two-factor authentication. Department of Homeland Security CISO Paul Beckman has both his government and personal email address registered on the site, and is regularly informed that his credentials are at risk. At a CyberScoop-hosted event Tuesday in Washington, D.C., Beckman used the anecdote to explain why stronger layers of security authentication are imperative. He touted standards like WebAuthn and FIDO2, which allow users to easily authenticate to services on their mobile and laptop devices. Sean Lyngaas has more.

Zoom fixes flaw that could have allowed outsiders into meetings

Check Point said Tuesday it uncovered the security vulnerability last year and alerted Zoom, which fixed the issue in an August software update. Attackers could have exploited the bug by creating a list of nine, 10 or 11-digit meeting identification numbers, then entering any meeting in those sessions, as long as the meetings weren't protected by a password. If a user had failed to require a password to their conference, the meeting ID number would have been the only thing safeguarding the conversation from eavesdroppers, Check Point said. This issue is distinct from another flaw detailed by a security researcher last year that would have made it possible for a hacker to activate a Zoom user’s camera or disrupt their connection with a denial-of-service attack. Jeff Stone has more context.

Pentagon's plan on cyber contracting moves ahead

The Department of Defense’s new cybersecurity certification standards for contractors are officially arriving later this week, and the plan is to have about 1,500 companies certified by next year as the requirements start to pop up in contracts, officials said Tuesday. For now, the program’s new certification board is preparing to train and certify assessors, but it does not have a projection as to how many of the cybersecurity specialists will initially be available and when, board member Mark Berman said. The program is replacing the DOD’s current reference document — the National Institute of Science and Technology’s standards for cybersecurity — with a five-level rating system. FedScoop's Jackson Barnett is watching.

Three companies win NYC's cyber competition

New York City officials selected the winners of the NYCx Cybersecurity Moonshot Challenge, a competition meant to help small businesses find affordable data protection. All winners will be eligible to join the public-private cybersecurity startup accelerator being built by the Israeli venture-capital firm Jerusalem Venture Partners. At least one winner will also receive a $1 million investment from JVP, which sponsored the competition along with other venture-capital firms from Japan, South Korea, Singapore, Berlin, Helsinki, London and Paris. Of the three winners, INKY is the only startup marketed to businesses as a specialized service to detect phishing threats. Paladin Cyber and SKOUT Cybersecurity, the other two winners, offer additional services like endpoint protection, browser protection and, in SKOUT’s case, cyber insurance. Ryan Johnston has more at StateScoop.

Marine Corps is adopting that 'zero trust' mindset

As the Department of Defense tries to be more proactive about preventing hackers from gaining access to its networks, the Marine Corps is working to implement zero-trust security, the cyber technology officer for the Marine Corps Forces Cyberspace Command, Renata Spinks, said Tuesday. The approach, in which a network never trusts users or devices automatically, and requires those devices to must meet certain security standards before connecting, is being wrapped into DOD work in its new “Comply to Connect” pathfinder program, Spinks said. But Spinks warned that simply creating standards won’t cut it. Network defenders need to think about how outsiders may try to outsmart zero-trust frameworks, for instance by aggregated data on government employees from breaches and social media to infiltrate their devices. Shannon Vavra was there.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}