{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
An unnamed critical infrastructure operator went down for two days following an attack. The latest from the Vault 7 trial in Manhattan. And next week's big conference will soon be under new ownership. This is CyberScoop for Wednesday, February 19.

Ransomware disrupts natural gas pipeline operator

The Department of Homeland Security said Tuesday it had responded to a ransomware attack on natural gas facility that forced the victim to shut down operations for two days. The unnamed facility is back in business, but the revelation is a reminder that the specter of ransomware threatens just about ever critical infrastructure industry. DHS warned other organizations to avoid the fate of the victim company. “Gaps in cybersecurity knowledge” at the natural gas facility kept it from having an adequate response plan ready, the department said. Sean Lyngaas had the story.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Josh Schulte wants a mistrial

A former CIA employee accused of being responsible for the largest leak in agency history thinks his case should be thrown out of court. Defense attorneys for Joshua Schulte, on trial now for allegedly providing WikiLeaks with a cache of the agency’s hacking tools, filed a motion on Tuesday for a mistrial. The argument undergirding the request remains classified, though the defense says the request is “based on Brady and other violations.” The mention of “Brady” is an apparent reference to the Brady Rule, which requires prosecutors to provide any favorable evidence to a defendant that could negate the guilt of the accused. Prosecutors are scheduled to respond by the end of today. Jeff Stone is on the case.

Gambling with Chinese-linked hackers

Suspected Chinese hackers are exploiting two new backdoors to run a cyber-espionage campaign against gambling entities in Southeast Asia, according to Trend Micro research. And although the two backdoors are new, it wasn’t immediately clear if the group itself, which Trend Micro has dubbed “DRBControl,” is a newcomer. Researchers observed connections with Chinese-linked hackers APT 27, known for its aerospace, defense, government, and technology targets, and Winnti, known for its gaming targets in the past. The group is primarily trying to steal source code and data from gambling and betting companies through spearphishing schemes. Shannon Vavra breaks it down.

NSO convinces Israeli court to unblock employee’s Facebook account

An Israeli court ordered Facebook to unblock the account of an employee of NSO Group following a complaint from the surveillance vendor. It is the first of multiple rulings expected on the matter as the social networking platform and NSO Group continue to duke it out in court. It all started when Facebook filed suit against NSO Group last year for the company’s alleged role in a hack of 1,400 WhatsApp users. Sean has the update.

Iran is having a field day with VPN exploits

Months after researchers warned about gaping vulnerabilities in VPN software used at corporations around the world, evidence is mounting that hackers tied to the Iranian government are using those flaws in an expansive spying campaign against U.S., Saudi, and Israeli targets. The attackers are reusing old infrastructure and have compromised their targets in two waves of attacks in 2017 and 2019, Israeli security company ClearSky said. It is the latest evidence that Iran will use its hacking capabilities to cast a wide net to collect data that could be useful for future operations. Sean has more details.

Cyber Threat Alliance has an Olympics threat assessment

The Cyber Threat Alliance issued its first joint threat assessment Wednesday morning. The topic? The Olympics Games set to take place in Tokyo, Japan, later this year. Nation-state hackers are most likely to run targeted data leaks, disrupt events with DDoS attacks, compromise systems with ransomware, or disrupt physical infrastructure over the course of the games, according to the assessment. CTA pegs China, Russia, and North Korea as the most likely offenders, with Iran and South Korea as less likely culprits. The report, produced primarily by CTA members Cisco Talos, NEC Corporation, Palo Alto Networks, Fortinet, NTT Security, and Radware, claims anti-doping agencies and other services supporting the games are at “high risk of compromise.” Read it here.

$2 billion for the company behind that big conference next week

Dell Technologies said Tuesday it intends to sell RSA, a security vendor known for its access management, fraud prevention and threat detection offerings, to a consortium led by private equity firm Symphony Technologies Group. The two sides have entered into a “definitive agreement” for an all-cash transaction worth $2.075 billion, Dell said in a statement Tuesday. Symphony Technology Group entered the security industry last year, with its acquisition of a majority stake in the risk scoring company RedSeal for a reported $70 million. Other investors in RSA include the Ontario Teachers’ Pension Plan Board and AlpInvest Partners, another private equity asset manager. Jeff has more numbers.

A timeless firmware hacking technique

Firmware — the embedded code found on hardware — is still vulnerable to malicious tampering, despite efforts by the likes of Microsoft, the NSA, and DHS to harden defenses. Researchers from Ecylpsium used “unsigned” firmware to show how an attacker could compromise an operating system remotely in order to steal network data. The security issues affect many millions of computing devices, the researchers say, including those made by big vendors like Dell, HP, and Lenovo. Sean had the story.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}