{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
A longtime drill meant to test utility security has some new additions this year, as threats get more complicated. Proofpoint unveils a fraud campaign that impersonates the U.S. Postal Service. And Congress learns how U.S. veterans are particularly vulnerable online. This is CyberScoop for Thursday, November 14.

Why a continent-wide grid security drill is different this year

The fifth GridEx, a large-scale cybersecurity drill hosted by North American power regulators, will focus more than ever on supply-chain threats and have greater participation from smaller power providers that are often the soft underbelly of grid security. Exercise planners and participants say they understand the threats facing grid operators, and are watching as the sector’s security matures. In the last four years, hackers have cut power for hundreds of thousands of people in Ukraine and caused a petrochemical plant to shut down in Saudi Arabia. GridEx is part of U.S. power companies’ preparation to keep those types of attacks from hitting them at home. Sean Lyngaas has the exclusive look.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

There's a new tax cheat in town

Hackers have been impersonating the United States Postal Service and tax entities in recent weeks to get victims in the U.S., Italy and Germany to download and install malware, according to new research from Proofpoint. The scheme involves tricking people into clicking through spearphishing emails that contain ransomware — and sometimes banking trojans — by sending alerts that appear to require urgent action related to tax information. Of course, what's really taking place is a moneymaking ploy, according to Proofpoint researchers. It's unclear whether it's being carried out by one person or a group, but there are some clues in the attackers’ infrastructure, says Proofpoint Threat Intelligence Lead Christopher Dawson. Shannon Vavra has more context.

A big day for cyber financing

Toronto-based password management company 1Password announced Thursday that it's raised $200 million in a Series A funding round led by the venture firm Accel. That's a lot of money for 1Password, which has never gone through an external round of funding, and it represents a validation for a firm that already works with enterprise customers like Slack and IBM. In an unrelated disclosure, the encrypted messaging service Wire confirmed it raised $8.2 million from Morpheus Ventures and others back in February. It's also changed its management structure, apparently without notifying users, and shifted its operations to the U.S. from Switzerland, attracting skepticism from people like Edward Snowden. Here's a good breakdown.

Is there a better target than a U.S. veteran?

Veterans wield considerable influence in our communities, Rep. Mark Takano, D-Calif., said during a House Committee on Veterans Affairs hearing Wednesday. “But that esteemed trust is being hijacked by foreign imposters online." A businessman from North Macedonia hijacked a Facebook page, “Vets for Trump,” with more than 100,000 followers to request donations from unwitting users and distribute racist political propaganda, while Nigerian fraudsters also have impersonated veterans to carry out romance scams. Since January, Twitter has removed 335,000 accounts for “for engaging in scamming behavior,” of which veteran’s scams were just one issue, Kevin Kane, the public policy manager at Twitter said. Facebook removed roughly 1.7 billion accounts in the last quarter, said Nathaniel Gleicher, head of security policy. The whole hearing is on YouTube.

Speaking of romance scams...

U.S. prosecutors have charged 10 people with fraud-related crimes as part of a global romance scam in which people assume fake identities on dating websites to ask victims for money. Beginning in 2017, prosecutors say, the defendants in this case worked with other conspirators who posed as U.S. residents working abroad. The scammers would at first would ask for small gifts, like gift cards or cell phones, and then ask for larger payments as the relationships evolved, all while sitting in Nigeria. The arrests in Oklahoma, New York and California nabbed suspects who moved money between banks accounts and protected the fake identities, prosecutors said. Jeff Stone has the indictment.

A “secure world”? Holes in Qualcomm’s virtual processor

Researchers at Check Point spent four months dissecting a popular virtual processor used by Qualcomm used to store sensitive data like credit card information on mobile phones. They reverse-engineered the “Secure World” operating system and uncovered a vulnerability that, if exploited, could leak sensitive financial data. Qualcomm has patched the flaw, but it’s a reminder that no section of a mobile phone is impenetrable. Find the details here.

Behind the scenes at CyberTalks

We spoke to a number of top cybersecurity experts on the sidelines of CyberTalks about a number of trends: cloud security, zero-trust networks, third-party risks and more. Check them out: IBM's Joe Hamblin World Wide Technology's Shawn Rodriguez World Wide Technology's John Evans Google Cloud's Chris Johnson has more.

That CrowdStrike conspiracy just won't die

Top diplomat George Kent testified in the first open impeachment hearing on Wednesday that he had not heard of cybersecurity firm CrowdStrike until he read the memo on President Donald Trump's July call with Ukrainian President Volodymyr Zelenskiy. During that call Trump asked Zelenskiy help him out by locating a server linked with CrowdStrike and its investigation into the Democratic National Committee breach of 2016. Trump also raised unsubstantiated concerns about Ukrainian connections to the breach at the DNC, according to a whistleblower complaint filed this August that’s roiled Washington in an impeachment inquiry. Kent, the deputy assistant secretary of State for European and Eurasian affairs, told lawmakers: "I’m not aware of any Ukrainian connection to the company." Here's why everyone seems so suspicious.

Check your spreadsheets for APTs

Microsoft just pushed out security update for a vulnerability in Excel that could allow hackers to install new programs or change or delete data. All kinds of hackers have exploited Microsoft Office products that users inherently trust to slip their malicious code onto machines. In April, security researchers documented how a Russian group targeted embassies around the world with malicious Excel files. “Anytime we see code execution issues in widespread products, like Office products, we have concerns due to the ease of forwarding exploits to unsuspecting victims,” Craig Williams, director of outreach at Talos, told CyberScoop. More on what Talos found.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}