{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
An update from U.S. Cyber Command sheds light on how hackers working on Kim Jong-un's behalf used malicious software to scam the global financial system. Reports of a cyberattack on Jeremy Corbyn's political party don't bode well for Americans. And Saudi Aramco says breaches are a concern. This is CyberScoop for Tuesday, November 12.

Cyber Command details how North Korean malware aids bank heists

The Department of Defense has again exposed North Korean hackers by detailing malware samples researchers say are linked to financial heists, including past attacks on the interbank messaging system known as SWIFT. Cyber Command assessed that the malware, which it posted to the information sharing platform VirusTotal, is being used in ongoing cyberattacks aimed at the financial sector. It’s a rare statement from the Pentagon’s cyber-operations division on the intent and capabilities of adversary-linked malware in what appears to be an expansion of the command’s willingness and ability to discuss the intelligence behind its VirusTotal effort. Shannon Vavra has more details.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

For Microsoft, California privacy measure is law of the land

Declaring privacy a “fundamental human right,” Microsoft said Monday it would apply the privacy measures in a California law across the country. Julie Brill, a former FTC commissioner who is now chief privacy officer Microsoft, cast the announcement as a push for other states to adopt similar measures. The California Consumer Privacy Act, set to take effect in January, gives state residents the right to know the personal data companies are collecting on them. (It doesn't hurt that Microsoft collects less user data than social media companies.) Sean Lyngaas examines the ramifications.

We found the cyber angle in Aramco's IPO filing

Saudi Aramco, the world’s most profitable company, has listed cybersecurity concerns as among the risks facing it as the oil giant prepares to go public. Buried in a 658-page prospectus, Aramco said that determined attackers with enough resources could are a threat. “The company’s systems are a high-profile target for sophisticated cyberattacks by nation states, criminal hackers and competitors, and the company routinely fends off malicious attempts to gain unauthorized systems access,” the prospectus states. It's an acknowledgement that state-sponsored hackers are increasingly going after valuable national assets like energy companies. Aramco was famously the victim of the Shamoon malware in 2012, which wiped or destroyed tens of thousands of company computers. Read it here.

Across the pond: Labour Party repels DDoS attack

The United Kingdom’s Labour Party on Tuesday said it had fended of a large-scale DDoS attack, but also warned the attack could portend more digital mischief ahead of a general election next month. Labour leader Jeremy Corbyn called the attack “very serious” and said an investigation was ongoing. It was not immediately clear who was responsible for the attack. Election officials around the world will have to be mindful of DDoS attacks as they look to keep digital platforms that inform voters online. Sean has more context.

Websites taken hostage after hosting provider is infected by ransomware

SmarterASP.NET, a popular web-hosting provider, has told customers it is grappling with a ransomware infection. The company, which boasts over 440,000 customers, announced Monday that it was working with security experts to decrypt customer data and get websites back online. For relatively cheap, SmarterASP.NET lets organizations or individuals host an unlimited number of websites per month. This is reportedly the third ransomware attack on a web-hosting provider this year. Sean has more.

The big-dollar deals are still going

OpenText, a Canadian software and technology service company, announced Monday its agreed to spend $1.42 billion to acquire the cloud security vendor Carbonite. The $1.42 billion values Carbonite at a price of $23 per share, a 25% premium to the price at the close of market on Nov. 8. The deal follows Carbonite’s February acquisition of Webroot for $618.5 million in cash, and comes amid tech giants’ ongoing shopping spree for known security vendors. Word of the acquisition follows two unrelated deals announced last week: Proofpoint’s $225 million acquisition of ObserveIT, an insider threat company, and Sumo Logic’s purchase of the analytics provider Jask for an undisclosed sum. Jeff Stone has the news.

Securiosity: What a week for insider threats

So much for Twitter’s good couple of weeks — we break down the insider threat case that shocked everyone this week. And, believe it or not, it wasn’t the only insider threat story to make news! In our interview, we talk with Casey Ellis, CTO and Founder of Bugcrowd. Casey, Greg and Jen talk about election security, vulnerability disclosure programs, and the meme sweeping the nation: ‘ok boomer.’ Listen here.

Raytheon's Teresa Shea on zero-trust security

We spoke to a number of top cybersecurity experts on the sidelines of CyberTalks about a number of trends: cloud security, zero-trust networks, third-party risks, and more. Check them out:

Check out all the videos from CyberTalks.

No timeline on an Apple Mail fix

A database in Apple’s MacOS stores encrypted email messages in a plain text format, according to a researcher who says he reported the problem to the company months ago. Bob Gendler, a Mac expert and an IT specialist at the National Institute of Standards and Technology, detailed how, if a customer sends encrypted emails via Apple Mail, an outsider could access some of the text. The bug likely only affects a fraction of macOS users: Hackers would need to access specific Apple system files from a victim who sent an encrypted message from Apple Mail through a macOS without FileVault encryption. Gendler classified the issue as an “inadvertent information exposure.” Apple is aware of the issue and said it intends to fix the problem in a forthcoming software update. Jeff has more.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}