{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
We go behind the scenes at an old-school security conference where organizers combine 0Day IPAs with technical talks on pressing cyber issues. Scammers are exploiting the attention around an iOS jailbreak. And a bug bounty contest finds big vulnerabilities at Cyber Command. This is CyberScoop for Tuesday, October 15.

Into the Beer SCIF we go

As cybersecurity conferences have gotten bigger, louder, and more vendor-driven, one event has tried to stay grounded in its roots. The annual Jailbreak Security Summit convenes about 150 federal contractors and private-sector specialists to trade notes on digital forensics. While previous summits focused on SCADA systems or Internet of Things devices, this year’s theme was reverse-engineering malware. The talks were highly technical, and the camaraderie on display a bit more tangible (perhaps because it was held at Jailbreak Brewery). Sean Lyngaas had a highly-coveted ticket.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

An iOS jailbreak is bait for a malicious app

Last month, a researcher known as @axi0mx published checkm8, a series of technical instructions that enable users to remove restrictions imposed on their iPhone by Apple or telecommunication companies. Now, attackers have launched a malicious website that masquerades as a legitimate page, only to launch a hacking tool that tries to take over an affected device. Cisco’s Talos threat intelligence crew found checkrain[.]com, a site meant to look like an offshoot of checkra1n, a legitimate project that researchers can use to modify their iPhone’s processes and jailbreak their device. Instead, the malicious checkrain site encourages visitors to download an application that clicks on risky advertisements and installs iOS video games. All the while, it looks like the true checkra1n installation process is underway. Jeff Stone has the news.

Ethical hacking is in, haven’t you heard?

Cyber Command recently sponsored a bug bounty program, “Hack the Proxy,” which enlisted 81 hackers from around the world to search for Defense Department vulnerabilities that could enable outsiders to watch internal affairs at the Pentagon. They have found nine “high severity” vulnerabilities, one “critical” vulnerability, and 21 “medium” or “low severity” vulnerabilities across Pentagon proxies, virtual private networks, and virtual desktops, the DOD’s Defense Digital Service and HackerOne announced Monday. (It wasn’t clear what exactly defines a “high severity” vulnerability, but HackerOne’s program with Verizon could offer some clues.) The top bug hunter, based in the U.S., received an award of $16,000. In all, hackers involved in the effort were awarded $33,750. Shannon Vavra has more details.

"JMT Trading" was a front for North Korean bitcoin thieves

North Korean government-backed hackers are targeting cryptocurrency exchanges to try to steal financial resources as Pyongyang searches for ways to fund its regime, two researchers discovered within the past week. Lazarus Group, also known as APT38, has carried out hacks against central banks and exploited monetary exchanges as part of an effort to boost Kim Jong-un’s financial and military goals.  The United Nations revealed in August North Korea had gained approximately $2 billion from hacking banks and cryptocurrency companies. This time, they’re using a front company to do it. Shannon is on it.

Wannabe cybercriminals aren't relying on the dark web to buy and sell hacking tools

The selection and prices of malicious software offerings on well known dark web markets has remained mostly unchanged since 2017, according to findings published Tuesday by the risk intelligence firm Flashpoint. The mostly stagnant prices on these forums, which are most frequently used to buy and sell narcotics, is the latest proof that, even as cybercriminals continue to harass victims, skilled hackers are moving to more private channels to trade the most valuable techniques, suggested Ian Gray, Flashpoint’s director of analysis and research. The quality of the tools, like commodity malware and distributed denial-of-service rental services, also has remained steady, even as defenses have improved. Jeff spoke to the researchers.

Wait, what does cyber insurance do?

There is a very interesting case going on in New York that could shape the future of cyber insurance. We will dive into the ramifications. In our interview, we talk to Jason Soroko, CTO of IoT at Sectigo If you are a PKI nerd, you are going to want to listen to this one. Listen to the latest Securiosity.

How Texas applied its disaster playbook to ransomware

Texas CIO Todd Kimbriel said that when ransomware a outbreak struck the Lone Star state on Aug. 16 the first municipality to detect something wrong with its systems called its managed service provider in the early morning hours. By 8:46 a.m., the Department of Information Resources had been alerted that several local governments around the state had been hit with ransomware, with more reports pouring in. By noon, the state operations center in Austin was up and running, coordinating several different agencies to begin responding to the attack, he said. But the speedy coordination between DIR, the Texas Department of Emergency Management, the state National Guard, Texas A&M University and several other statewide organizations was only possible because of a 2017 law that extended the governor’s power to issue disaster declarations to cover cyberattacks, Kimbriel said. StateScoop's Benjamin Freed has more.

Thoma Bravo bags another security vendor as consolidation continues

Thoma Bravo will acquire British network security firm Sophos for $3.8 billion in cash, the firms announced Monday, marking another major deal that could reshape a decades-old security vendor. The deal is a win for Sophos investors, who will be paid $7.40 per share, up from the Oct. 11 closing price of $4.86. Chicago-based Thoma Bravo, a private equity firm, has acquired more than 200 technology companies over the past 40 years, and recently targeted security firms. Thoma Bravo had been in talks to acquire Symantec, a Sophos competitor, before that company sold much of its business to Broadcom. There has been more than 80 mergers or acquisitions by August this year, up from 54 deals over the same period in 2018, as industry leaders seek to incorporate a suit of products into a single portfolio. Jeff has the context.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}