{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
U.S. Attorney General William Barr's plan to undercut encryption would result in unintended consequences for American soldiers. Opening statements in the trial of an accused CIA leaker. And researchers find five zero-days in Cisco's corporate tech. This is CyberScoop for Wednesday, February 5.

Op-ed: Weak encryption is bad for U.S. soldiers

While U.S. Attorney General William Barr continues to push for a broad mandate for backdoors for law enforcement, those on the front lines of protecting America have decided on a notably different approach. In this op-ed, former NSC official Ari Schwartz says weakening encryption means putting our military service members at risk. He lays out how the argument is not cut-and-dry, but any effort to stop encryption across all devices and services is a bad one. Read more here.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

The Vault 7 trial is underway

So many people had access to the computer network used by CIA software engineers that U.S. officials still don’t know who is actually behind the leak of the agency’s hacking tools, according to the defense attorney for an accused leaker. The lawyer for Joshua Schulte, a former CIA employee on trial for allegedly providing the tools to WikiLeaks, told the jury Tuesday that the government networks their client worked on were so insecure that investigators will never know if Schulte, or some other intruder, carried out the theft. Prosecutors have alleged Schulte stole the files in order to cause as much harm as possible to the agency in retaliation for a workplace dispute. Jeff Stone was in the courtroom.

Don’t look at us, election officials say

Don’t equate what happened in the Iowa caucuses Monday night with what’s happening in your own jurisdiction. That’s the message from election officials around the country, who are taking pains to explain the distance between the meltdown of Iowa Democrats’ tallying app and the work that goes on within state and local governments to secure official elections. The app by Shadow Inc. was supposed to give Democrats a clean and modern way to report the results of presidential-nomination caucuses around the state, but a coding error and other problems bungled the process. Iowa Secretary of State Paul Pate put it clearly: His office wasn’t involved. “Although the caucuses are the kickoff of the presidential nominating process, they are not elections,” he said. It’s valid to question the security of election technology, the experts say, but it’s important to note that Shadow Inc.’s app won’t be in the mix anywhere else. Here’s the latest from StateScoop’s Benjamin Freed.

When good protocols go bad

Cisco gear that's ubiquitous in Fortune 500 companies — routers, switches, and VOIP phones — are vulnerable to an array of data-stealing attacks, researchers said Wednesday. The five bugs that Armis researchers found in the Cisco Discovery Protocol reflect an intractable challenge that organizations have in defending themselves: cordoning off vulnerable devices from the rest of the network. The zero-day bugs affect the many voice-over-IP phones, routers, and switches at corporations around the world that use the protocol for communications. A hacker with enough skill and motivation to exploit the vulnerabilities could gain access to a company’s network and then, for example, take over the VOIP phones on the network to steal data or eavesdrop on calls. Sean Lyngaas has more details.

Scammers are hiding powerful malware in plain sight

In recent months, hackers have deployed seven types of malware, including ransomware, against some 500,000 targets to try stealing as much money as possible, according to new research from Cybereason. The various kinds of of hacking tools, deployed by an unidentified group, allow scammers to steal browser data, cookies, system information and tokens that allow hackers to bypass two-factor authentication. By exploiting BitBucket, a code repository platform, attackers disperse the various malware types to victim machines by promoting them side-by-side with free commercial product downloads. Dig in with Shannon Vavra.

Misconfiguration, not hacking, is the most urgent cloud threat

Forty-three percent of cloud databases are not encrypted, and 60% of cloud storage services have storage logging disabled, making it incredibly difficult to assess the true damage when breaches occur, according to new Palo Alto Networks Unit 42 research in its Cloud Threat Report. “When storage logging is disabled, malicious actors from CloudHopper to Fancy Bear could enter the storage system and no one would ever know,” researchers wrote. Unit 42 also found more than 199,000 insecure Infrastructure as Code templates in use. “This can lead to misconfigurations, which is the leading cause for cloud data breaches,” the researchers write. But there’s good news, too: only 27% of organizations are using outdated Transport Layer Security versions, down 34% from last July. Read the report here.

The BOD process needs help

An important tool for cybersecurity in the federal government is the publication of binding operational directives (BODs) — the commands that the Department of Homeland Security issues to civilian agencies to shore up their digital defenses. The BOD process needs some help, though, according to the Government Accountability Office, which examined compliance of the five directives issued through December 2018. (DHS has issued eight overall since a 2014 law created the process.) GAO says DHS should coordinate better with stakeholders — including the National Institute of Standards and Technology — in writing the BODs, and the department also must do more to validate what agencies report when it comes to their own compliance. Dave Nyczepir has the report at FedScoop.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}