{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
Two years after Equifax, companies still aren't patching enough known vulnerabilities. A White House plan to combat foreign espionage hits on familiar talking points. And Google's plan to help secure campaigns. This is CyberScoop for Tuesday, February 11.

Where are the lessons learned?

We know now that Chinese military personnel allegedly exploited a known security flaw in Equifax’s systems to steal data on roughly 145 million Americans. The vulnerability, an issue in the software framework called Apache Struts, had been solved with a patch some two months before, though the credit processing company had failed to install the proper fix. That incident looks to be reflective of what happens across the country. Now, an IBM analysis of 70 billion security incidents in 130 countries over the past year has determined that attackers typically used known vulnerabilities or stolen credentials to break into a victims’ networks. By combining purloined usernames and passwords — typically captured via phishing emails, with malicious attachments — hackers are able to break into networks much in the same way they have for a generation, according to the report released Tuesday. Jeff Stone has more numbers.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Changing the narrative

The Trump administration’s new counterintelligence strategy pushes for stronger collaboration between the intelligence community and the private sector in detecting and stopping foreign intelligence threats to U.S. entities, emphasizing a longstanding government argument that the private sector must do more to prevent foreign espionage. The strategy, the first update since 2015, broadly outlines ways the private sector can help combat disinformation, hacking against critical infrastructure and key U.S. supply chains, as well as operations that may impact the U.S. economy. The Director of the National Counterintelligence and Security Center, Bill Evanina, told reporters at a briefing Monday that his one measure of success for the plan would be if Americans generally understood that “a hostile nation state attack on a private U.S. company,” such as Equifax, “is a counterintelligence attack on our nation.” Shannon Vavra was there.

Google initiative aims to secure political accounts

Google announced Tuesday it's working with Defending Digital Campaigns, a nonpartisan nonprofit, to distribute free security keys to U.S. political campaigns before the 2020 election. The physical security keys are meant to help campaign staffers lock down their accounts, and avoid the kind of phishing attacks that resulted in Russian hackers stealing the Democrats' communications and strategies in 2016. DDC also will send consultants to campaigns to help them set up the technology. This comes after a Democratic candidate running for the House of Representatives said she was breached this year. Wired explains what's going on here.

Here’s “the cyber angle” in the White House budget

President Donald Trump’s $4.8 trillion budget proposal, released Monday, requests nearly $10 billion in 2021 to boost the military’s cyber budget. The proposal is intended to “grow the capacity” of Cyber Command, alongside other traditional military needs. For 2020, Trump requested $9.6 billion for the military cyber budget. The proposal also requests $1.1 billion for the Department of Homeland Security’s cyber efforts, some of which would go to election security initiatives. "These resources would increase the number of DHS-led network risk assessments from 1,800 to more than 6,500 — including assessments of State and local electoral systems,” it says. The full proposal is here.

Behind the scenes at the Zero Trust Security Summit

We picked the brains of the experts that graced the stage at Duo Security's Zero Trust Security Summit last month. Check out videos from Marine Corps Cyber Command CTO Renata Spinks, Department of Education CISO Steven Hernandez, and Department of State's Director of Enterprise Network Management Gerald Caron. Or you can check out all the content from the summit on FedScoop.

Apple joins a club trying to kill passwords

Apple just joined the Fast Identity Online Alliance, better known as FIDO. It's a technology industry dedicated to reducing the internet's reliance on passwords. Instead, FIDO argues, tech services should move toward new authentication standards, like the Universal 2nd Factor standard, which relies on a USB drive or near-field communication protocol in mobile smart cards to ensure users are who they claim. That's a complicated way of saying Apple, like Amazon, Intel, Google and other existing members, may soon take steps to support better forms of identity management. Find more context here.

Lawmakers: Your state deserves cybersecurity money

A new grant program proposed in the U.S. House would award a total of $400 million annually to states to improve the cybersecurity of their networks as well as those of their local governments. The bill by Rep. Cedric Richmond, D-La., would require states to develop cybersecurity plans and submit them to the Department of Homeland Security to qualify for the grants. The idea matches up with legislation that the Senate passed in November, but that chamber didn’t attach a dollar figure. State and local officials have been clamoring for this kind of cybersecurity assistance from the federal government for years. StateScoop’s Benjamin Freed breaks down the bill.

An oops at IU

A couple of big things went wrong for a grade-collection system used at several Indiana University campuses: The tool was supposed to be for faculty and staff only, but students were able to access it. And then students discovered that once they were logged in, they could use it to see the grades of at least 100,000 students who had attended the school back to 2015. The university says it is still investigating what happened. The Family Educational Rights and Privacy Act prohibits schools from disclosing a student’s grades to another student without written prior consent of the student or a parent. Colin Wood explains the data exposure at EdScoop.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}