{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
A camouflaging tactic is catching on with hacking groups. ESET names a new APT. And the U.S. indicts three people in connection with a video game piracy business. This is CyberScoop for Monday, October 5.

Why foreign hackers pose as boring tech firms

Professional hackers who already try to hide their activity through an array of technical means now seem to be trying on more corporate disguises, by creating front companies or working as government contractors to boost their legitimacy. Hackers in China and Iran are using that kind of camouflage to increase their reach, the Justice Department said in recent indictments. It’s an old tactic pioneered by FIN7, a hacking crew previously blamed for more $1 billion in theft. Jeff Stone has the story.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Eastern European espionage uncovered

Meet XDSpy, a newly christened advanced persistent threat (APT). The hacking group has been active for nearly a decade, hitting targets in Ukraine, Russia and elsewhere behind the old Iron Curtain, but it was just exposed Friday by security firm ESET. The mysterious hackers have been on the hunt for sensitive government documents, and they may even have teamed up with a private exploit broker. The findings show how, despite the explosion of security firms that track hackers, a significant amount of that activity goes unnoticed. Sean Lyngaas on why it matters.

Foreign hacking suspects nabbed; this time it's piracy

The Department of Justice says arrests have been made in a bust of Team Xecuter, a group that sold openly tools allowing users of the Nintendo Switch and other devices to play pirated versions of games. A federal indictment published Friday accused three men of helping to run the international piracy ring, which developed multiple ways to hack the Switch and other consoles. Prosecutors say one of the suspects is in federal custody in the U.S., and they are seeking extradition of another who was apprehended overseas. A third man remains at large, according to prosecutors. The arrests come as the feds continue to keep the pressure on foreign hacking groups for financial fraud, espionage and other crimes. Joe Warminsky has the indictment.

Iowa has a VDP for election security and more

The state of Iowa is launching a new vulnerability disclosure program allowing outside security experts to find weaknesses in its websites — including those related to elections. Iowa becomes the second state, following Ohio, to give legal liability protections to cybersecurity researchers who probe its technology in good faith. Secretary of State Paul Pate announced Thursday that his office is working with ethical-hacking company Bugcrowd to help crowdsource the search for flaws in Iowa government systems. “We already have a strong infrastructure in place, but election cybersecurity is a race without a finish line,” Pate said. StateScoop's Benjamin Freed explains the program.

Senators: Agencies must think about risk first

Federal agencies should spend their limited cybersecurity funds better by prioritizing tools that address the most pressing threats, say two senators who have introduced new legislation on the topic. The Risk-Informed Spending for Cybersecurity (RISC) Act by Rob Portman, R-Ohio, and Gary Peters, D-Mich., is their response to a 2019 report revealing that most agencies lack comprehensive cyber risk frameworks. “It is crucial that federal agencies know the return on investment for each cybersecurity capability acquired and whether those capabilities address existing security vulnerabilities,” Portman said. It currently isn't mandatory for agencies to use risk-based budgeting for cybersecurity tools. Dave Nyczepir has more at FedScoop.

Google debuts new program to report Android bugs

Google on Friday announced a new project to find and fix vulnerabilities in software made by Android manufacturers. Until recently, the tech giant hasn’t had a clear process for handling certain security issues outside of its Android open-source project that are “unique to a much smaller set of specific Android” original equipment manufacturers, Google said in a blog post. Credential leaks and code execution in the kernel are some of the issues that have already been addressed by the program. More from Google.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}