{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
How a cyberattack on a hospital inspired some in the infosec community to get involved. The Russian hackers who broke into the DNC are back. And another Pwn2Own ends with big vulnerabilities. This is CyberScoop for Friday, March 20.

Security pros line up to help safeguard hospitals

After a cyberattack on a Czech hospital last week, many cybersecurity professionals said that enough is enough. They’re banding together in their spare time to send threat data to medical organizations to protect them from hackers trying to exploit the COVID-19 crisis. By day, they are cybersecurity professionals at well-known companies in Israel, Europe, and North America. By night, they’re doing what they can to help out during an unprecedented pandemic. Sean Lyngaas has the story.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Fancy Bear relies on hacked emails for new attacks

Russian hackers have long relied on zero-days to target their victims. But they have other attack methods, too. In the last year, they’ve used previously hacked email accounts from Middle Eastern defense firms to send an array of phishing attempts, according to new Trend Micro research. The group, known as Fancy Bear, has also used hacked email accounts belonging to high-profile personnel in government, as well as the financial, utilities and transportation sectors in the United Arab Emirates, India, Pakistan, Jordan and the U.S. That's a possible indication that Fancy Bear, also called APT28, has compromised plenty of email accounts that we don't even know about yet, according to Feike Hacquebord, a senior threat researcher at Trend Micro. Shannon Vavra breaks it down.

Hackers pwn macOS, Oracle machines from home

The Pwn2Own hacking contest, in which security researchers earn rewards by uncovering flaws in commercial technology, closed its spring 2020 edition Thursday after participants probed systems like the macOS and Oracle VirtualBox. It’s a premier competition that global technology firms now use to recruit bug hunters who might be able to help protect widely used products. Unlike prior contests, which have taken place in Vancouver and Miami, organizers conducted much of this tournament online. A team from Georgia Tech Systems Software & Security Lab won $70,000 for using the calculator app in a macOS to access root privileges to the machine, essentially taking control of the device from one of the most innocuous apps. Jeff Stone has more details.

CISA clarifies who needs to go to work

DHS’s cybersecurity agency issued a list of “Essential Critical Infrastructure Workers” on Thursday to guide state and local officials how to identify the personnel necessary to maintain functions critical to public health, the economy, and national security, as much of the population goes into isolation. “Promoting the ability of such workers to continue to work during periods of community restriction, access management, social distancing, or closure orders/directives is crucial to community resilience and continuity of essential functions,” the guidance says. “Certain critical infrastructure industries have a special responsibility in these times to continue operations.” Here's the whole thing.

What comes after the name-and-shame strategy?

IronNet Cybersecurity Vice President for Strategy Jamil Jaffer talks with CyberScoop Editor-in-Chief Greg Otto about the different ways the U.S. government is trying to stop nation-states from carrying out hacking attempts — and if those efforts are successful. “We need to learn how to bring companies together, industries together to really collectively defend against a cyber threat, because it’s not just enough to push back overseas,” Jaffer told Otto. “We have to fend here at home.” Watch the whole conversation.

NIST urges agencies to utilize cyber resources

Remote access technologies are, by nature, exposed to more external threats, notes a NIST Information Technology Laboratory bulletin issued to federal agencies Thursday. The advisory follows a separate guidance Wednesday by the Office of Management and Budget for agencies minimize face-to-face interactions as the coronavirus spreads. The lab’s Computer Security Division suggested limiting remote access to as few teleworkers as possible to decrease the risk of compromise. The typical civilian agency worker is accessing their agency’s network with desktops, laptops, smartphones and tablets via remote access software like virtual private networks and portals. Dave Nyczepir explains at FedScoop.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}