{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
A key U.S. election agency makes another hire, thanks to a higher budget from Congress. Kaspersky just found a "safety" app that looks more like a spyware tool. And the Defense Department has lessons from its red team. This is CyberScoop for Wednesday, March 18.

Election Assistance Commission hires a senior policy adviser

Maurice Turner is set to join the federal commission at the end of the month as a senior adviser to the executive director, supporting the EAC’s internal operations and programming. Externally, he says he can help the commission with an update to important guidelines for voting systems security, and in supporting states as they set up programs to find and fix software vulnerabilities. “I want election officials to expect that EAC is a place that they can go for this type of information,” Turner told CyberScoop. Turner's hire is the latest example of how the EAC is using an additional $6 million in funding authorized by Congress. Sean Lyngaas had the scoop.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Stalkerware hiding in plain sight

An app that’s marketed as a solution to keep children safe online includes such aggressive functionality that cybersecurity researchers warn it’s possible for stalkers to monitor victims in a way that is “almost impossible to detect.” Researchers from Kaspersky Lab on Monday explained that the “MonitorMinor” app bypasses so many controls meant to protect user information that it qualifies as stalkerware. Users can obtain data from apps like Gmail, Instagram, Facebook, Skype and Snapchat. The app paints a nightmare scenario for victims of stalkers or abusive partners who may suspect they are being monitored but who may not know for certain. Shannon Vavra breaks it down.

Red team tales from inside the Pentagon

The Department of Defense‘s red team hacking units lack proper training and are still not communicating vulnerabilities with the parts of the military they hack, according to a new inspector general report. The report on the DOD’s red teams — groups of hackers that have permission to use adversarial tactics to find vulnerabilities in DOD’s systems — found that when they do communicate vulnerabilities, there is little oversight to track that they are patched or otherwise remediated. There is also little oversight on the hackers themselves, who lack the needed training and expertise to carry out their jobs. Jackson Barnett has more at FedScoop.

Magecart strikes NutriBullet's website

A group of scammers using a pervasive hacking technique have spent weeks lurking on the website where NutriBullet customers entered their payment data, according to new findings from a cybersecurity vendor. RiskIQ detailed on Wednesday how a hacking group, known as Magecart Group 8, stuck malicious code onto NutriBullet’s website to collect financial information from customers who purchased blenders and other products from the company. The attack began on Feb. 20 and continues today, despite an interruption between March 1 and March 5. “Magecart” is a blanket name for a hacking technique in which attackers insert a small amount of malicious code into the e-commerce payment process. Jeff Stone has the latest.

TrickBot hacking tool aims at U.S. telecoms

Thieves behind the TrickBot banking trojan have retooled it for targeting telecommunications organizations in the U.S. and Hong Kong, according to new research from BitDefender. It’s just the latest update to TrickBot, which was designed to be enhanced over time. The developers behind the banking trojan have not rested since it sprouted up in 2016, and just earlier this year started using a new backdoor. While BitDefender found IP addresses on several targeting lists that also look to be from the education and financial sectors, a company researcher told CyberScoop that the additions of telecommunications addresses shows the use of the new TrickBot module is believed to be for espionage purposes. Shannon has more context.

Quantifying actual breach losses

For companies struck by cyberattacks, the damages depend on their size. An analysis of nearly 100,000 cyber events dating back years indicates that, for a $100 billion business, the average security incident costs $292,000, resulting in a loss of 0.000003% of annual revenue. That proportion doesn't translate to small or medium-sized businesses, though. A mom-and-pop shop that makes $100,000 in revenue is likely to lose $24,000 of their annual earnings. That's according to a new report from the Cyentia Institute, a data science firm which aims to measure cybersecurity risk based on real numbers. The team is led by Wade Baker, a professor at Virginia Tech who wrote the first generation of Verizon's Data Breach Incident Reports. Here's the full report.

It's not smart toasters and Barbie dolls

Trend Micro Senior Researcher David Sancho talks with CyberScoop Editor-in-Chief Greg Otto about his 2020 RSA Conference presentation, which looked at where criminals are infecting Internet of Things targets. "Everybody talks about the attacking smart toasters or Barbie dolls, but what we're seeing is that the bad guys are focusing mostly on webcams," Sancho told Otto at the conference. Watch here.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}