{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
Google and Samsung both say they're patching flaws that can let users access your mobile devices when they shouldn't. Rick Perry's cyber legacy. And make room on your schedule for CyberWeek. This is CyberScoop for Friday, October 18.

Samsung scrambles to fix flaw that showed how biometrics can go wrong

If you use a fingerprint or facial scan to unlock your smart phone, you might want to pay attention to this one. Samsung and Google have both acknowledged flaws in the biometrics tech they use to unlock certain smart phone models. For Samsung, the flaw is in the Galaxy S10 or Note 10 phone, which a British couple discovered could be unlocked with anyone’s fingerprint when a certain screen protector is in place. Google’s Pixel 4, meanwhile, has a facial recognition system that can be unlocked with one’s eyes closed.  The great new frontier of security promised by biometrics is still a work in progress. Sean Lyngaas is following the news.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

CyberWeek gets underway Monday

If you're in the Washington, D.C. area next week then come say hello at CyberWeek, the annual series of events focused on topics like ransomware, industrial security, cyber vendor overload and, oh yeah, zero days. Things kick off with a party Monday night at CyberScoop's HQ, then spread through the area in the following days. Greg Otto is hosting morning panels at the mothership, while Jeff Stone, Shannon Vavra and Joe Warminsky will be mingling over coffee and happy hours. CyberTalks,  our big event Thursday, will feature Sean Lyngaas interviewing Assistant Attorney General John Demers onstage, along with appearances from leaders at NSA, DHS, Uber, Google and others. So if you see us, don't be shy. (This newsletter will keep chugging along the whole time.) Come hang out.

A trojan Tor is a boon for criminals

Thieves are using a fake version of Tor to pilfer bitcoin from Russian-speaking users on the dark web, ESET researchers said Friday. They’ve only managed to steal $40,000 in bitcoin but the number could be higher. The targets are a smattering of Russian dark-web users: people looking for drugs, cryptocurrencies, and information on Russian opposition politicians. Instead of altering the Tor browser’s binary components, attackers are changing settings to the browser and its HTTPS Everywhere extension — a stealthy move that has allowed them to go unnoticed for years. Sean spoke with ESET.

Data breach drama on the docket

A Pennsylvania law firm this week filed a class action suit against Hy-Vee, alleging the supermarket chain failed to adequately secure payment processing systems before a breach this year. Hackers spent six months lurking in point-of-sale systems at Hy-Vee's gas pumps, restaurants and drive-thru coffee shops. While Hy-Vee notified customers about the incident, the suit alleges the company should do more. Meanwhile, an unrelated class action stemming from a 2012 breach at Zappos is resolved, resulting in a 10% discount for customers (!?!?) and more than $1.6 million in payments for the attorneys (!?!!?!?). Cyber suits are getting messy, aren't they?

Rick Perry resigns, leaving a new cyber office behind

Energy Secretary Rick Perry said Thursday that he will step down later this year, wrapping up a tenure that has included multiple  initiatives related to grid cybersecurity. The former Texas governor set up a new office of cybersecurity at DOE and spoke candidly about the threat of foreign hackers to U.S. electric infrastructure. “The sustained and growing threat of cyberattacks to our energy infrastructure requires us to think differently, to act proactively,” Perry said in a speech last year. Earlier this month, Perry was in Lithuania to pledge American support to the Baltic States as they decouple their grid infrastructure from Russia. In recent weeks, Perry’s name has been entangled in the scandal involving the White House’s solicitation of information on Joe Biden from the Ukrainian president. Perry said this week he contacted President Trump’s personal lawyer, Rudy Giuliani, at Trump’s direction to address alleged corruption in Ukraine. Here's the news.

Training fail results in data exposure

Convoluted software applications at the Consumer Product Safety Commission are ultimately to blame for the agency’s unauthorized disclosure of the personally identifiable information of roughly 30,000 consumers. A report released Thursday by the Senate Commerce Committee expands on information about the breach, which was first reported in a recent audit by the CPSC’s inspector general. Sometime between December of 2017 and March 22, 2019, the report states, the CPSC clearinghouse released data on reported injuries or deaths associated with consumer products to various outside entities, including the publication Consumer Reports and “a Researcher at Texas A&M University.” The problem? PII on manufacturers and consumers had not been redacted from the data before release, as required by law. Tajha Chappellet-Lanier has more at FedScoop.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}