{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
California's new labor law is going to impact bug bounty companies, but by how much is unknown. We have more clarity on why President Trump was talking about CrowdStrike. And Magecart is going after public Wi-Fi systems. This is CyberScoop for Thursday, September 26.

How AB5 is going to impact the security community

Much of the attention around California's new labor law has focused on what it might mean for Uber and Lyft drivers. But the law could also have ramifications for bug bounty firms that connect Fortune 500 companies with external researchers who identify or help mitigate software vulnerabilities, typically on a contract basis. The extent to which the law, which goes into effect Jan. 1, is applicable to bug bounty freelancers will hinge on an individual’s specific professional situation, employment attorneys said. Still, it could make it harder for companies to retain triage talent. Jeff Stone has more.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Closing the CrowdStrike loop

As Washington focuses on today's hearing with acting DNI Joseph Maguire, the House Intelligence Committee provided us with some more clarity on why President Donald Trump talked about CrowdStrike with the Ukrainian president. According to the unclassified whistleblower report released Thursday morning, President Trump requested that Ukrainian president Volodymyr Zelenskiy "locate and turn over" servers used by the DNC and examined by CrowdStrike. We covered why the president's line of thinking is completely wrong, but in case you need a refresher, check out Shannon's story from Wednesday.

The Cyber Peace Institute is now live

Microsoft announced Thursday it's launching a nonprofit, called the Cyber Peace Institute, aimed at analyzing cyberattacks, coordinating recovery efforts for cyberattack victims, and promoting responsible behavior in cyberspace, confirming Shannon Vavra’s reporting on the plans for the institute earlier this month. To analyze attacks, the nonprofit says it will coordinate “a consortium of experts from academia, industry, and civil society” to maintain “a clearinghouse of cyberattack data.” To provide assistance, the nonprofit says it will create a “CyberVolunteer Network.” The CyberPeace Institute will also be “an advocate for advancing the role of international law” and cyber norms by reviewing cyberattacks and where they fit in with existing norms. A lot of the institute’s goals appear to still be getting fleshed out - such as who will be eligible for assistance, how exactly the nonprofit will facilitate collective analysis of cyberattacks, and how it will contribute to cyber norms. Read Shannon's exclusive to catch up on the details.

The OTHER IG report out this week

The Department of Homeland Security hasn’t met congressional requirements to develop a strategy to address gaps in its cybersecurity workforce, an inspector general report has found, a striking criticism given DHS has sought to raise its profile as the federal civilian lead on cybersecurity. DHS failed to submit an annual workforce strategy for cybersecurity, as required by Congress, from 2016 to 2018, the IG said in a report released Wednesday. The watchdog concluded that the problem stemmed from a lack of data and overlapping requirements. After a 35-day government shutdown last December and January that officials worried would dent workforce morale, DHS has sought to boost its cybersecurity recruitment. A job fair was well attended at last week’s DHS Cybersecurity and Infrastructure Security Agency Summit. Read the IG report here.

GAO’s take on grid security

State-sponsored and criminal hackers are increasingly capable of going after U.S. electric infrastructure, according to a federal watchdog report released Wednesday. The Government Accountability Office report singled out the growing use of internet-of-things devices in the electric sector, along with GPS, as introducing potential vulnerabilities. GAO also found that FERC, the interstate transmission regulator, hasn’t ensured that its cybersecurity standards align with the well-regarded framework from the National Institute for Standards and Technology, the report said. Additionally, the watchdog knocked the Department of Energy for not having done a rigorous assessment of grid-related cybersecurity risk, which GAO said should be incorporated into a DOE cybersecurity strategy. Read the report here.

Seriously: Don’t make financial transactions on public WiFi.

Magecart 5, one of at least 12 groups of payment scammers, is targeting commercial layer 7 routers, routers found frequently in airports, casinos, hotels and resorts, according to IBM security researchers. While IBM says its team didn’t find any vendors that had been compromised, access to L7 routers could provide hackers with view into all the users relying on that WiFi network. It’s the latest evidence that open WiFi networks only are as trustworthy as the people who have access to them. The worst part? “Ads, JavaScript injections and a massive number of captive users who come and go would find it hard to point to where they lost their financial data,” researchers explained. Read the full research here.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}