{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
The U.S. Department of Homeland Security published an update on medical security. Investigators found a trove of classified NSA documents in a storage locker. And an ongoing phishing campaign strikes financial firms. This is CyberScoop for Tuesday, May 5.

Spies are still trying to steal COVID-19 research

Months into the coronavirus pandemic, American and British cybersecurity authorities have issued a fresh warning about foreign governments trying to spy on health care bodies, or to steal research. The Department of Homeland Security’s cybersecurity wing and the U.K’s National Cyber Security Centre said they are investigating “a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organizations, and universities.” They did not point fingers at any specific governments, but there is plenty of private-sector reporting on recent nation-state activity. Sean Lyngaas has more context.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Charges over top-secret NSA files

A West Virginia woman has been charged in federal court with unlawfully keeping top secret documents belonging to the National Security Agency in a storage unit. The documents, which she held between 1999 and August 2019, contained “intelligence information regarding a foreign government’s military and political issues,” according to the charging document. The woman, Elizabeth Jo Shirley, has also been accused of kidnapping her daughter and taking her outside of the country last year. The NSA declined to comment. Read more via the Associated Press.

FINRA warns of 'widespread' email attack

The Financial Industry Regulatory Authority, which oversees brokers and exchange markets, published an alert about an “ongoing” phishing campaign in which attackers are posing as FINRA executives. The messages typically include the name of the target organization in the subject line, and encourage recipients to download an attachment that requires “immediate attention.” In fact, the attachment may direct a user to a website that prompts them to enter their credentials for Microsoft Office or SharePoint. The notice did not cite any specific security incidents that may have inspired the bulletin. Jeff Stone has more.

Stop if you've heard this one before

Days after researchers warned about critical vulnerabilities in a popular data-management software known as the Salt framework, it looks like hackers exploited the issues to infiltrate two organizations that rely on the technology. LineageOS, a free Android-based operating system, and Ghost, a nonprofit behind widely used blogging software, reported that unidentified hackers had breached their systems. The disruptions are an example of how bugs found in widely used code often end up being exploited maliciously — even when software updates are available. Sean has more details.

Five years strong

A 5-year-old bug bounty program is ancient in the cybersecurity world, but with age comes wisdom. In this op-ed Shopify's Senior Application Security Engineer Pete Yaworski details how the company's bug bounty program has helped its overall security mission. Yaworski details how the program has built trust with the hacker community and helped with recruiting talent. And, to be honest, the high baseline payouts don't hurt. Read the op-ed here.

European police bust credit card forum

Police in Poland and Switzerland say they've dismantled a cybercrime ring that used hacking tools to steal user credentials, then sell those usernames and passwords on two unnamed forums. Law enforcement arrested five people accused of being members of a group called InfinityBlack, which cops say controlled cryptocurrency wallets containing €100,000 ($108,000) in illicit funds. "The hacking group’s main source of revenue came from stealing loyalty scheme login credentials and selling them on to other, less technical criminal gangs," Europol said in an announcement. "These gangs would then exchange the loyalty points for expensive electronic devices." Here's the announcement.

Where is the weak link?

In this episode of Securiosity, CyberScoop Editor-in-Chief Greg Otto talks with AppOmni CEO Brendan O'Connor on how enterprises are dealing with application security. Sometimes security teams just click the wrong box or grant the wrong permission, and O'Connor talks about how to fold that into a organization's overall security strategy. Listen here.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}