RSA conference app leaks user data
Here's a new adage for 2018: It's not a true security conference until someone discovers a flaw in the technology used by the conference's event staff.
Trump sends cyberwar strategy to Congress
The document outlines how the Trump administration will tackle some of the field’s most vexing issues – including launching hacking operations and deterring adversaries.
A cybersecurity power struggle is brewing at the National Security Council
The arrival of national security adviser John Bolton has prompted an attempted power grab by a junior member of the National Security Council, four current officials with knowledge of the matter told CyberScoop.
Manfra: Private sector on board with more robust DHS cyber strategy
Private firms won’t have any reservations about supporting the more robust cybersecurity strategy that the Department of Homeland Security will soon release, according to the department’s top cyber official.
48 million profiles left exposed by data scraping firm, report says
The exposed data includes detailed information scraped from Facebook, Twitter, LinkedIn and Zillow.
Nation-state hackers attempted to use Equifax vulnerability against DoD, NSA official says
An NSA official says 24 hours after Equifax's breach was made public, a nation-state was scanning DoD for unpatched Apache Struts instances.
DHS prepares cross-sector strategy to limit domino effects from big cyberattacks
A forthcoming cybersecurity strategy from the Department of Homeland Security will seek to curb “systemic risk” to critical infrastructure by helping to secure digital tools used across sectors, DHS Secretary Kirstjen Nielsen said.
Microsoft-led industry group pledges to not assist government cyberattacks
The participant companies' principles include not helping any government mount a cyberattack against "innocent civilians and enterprises."
NIST releases updated cybersecurity framework
The new version updates the federal agency's guidelines in several areas, including authentication and identity; cyber risk self-assessments; managing supply chain cybersecurity; and vulnerability disclosure.
Yubico CEO: Two-factor authentication should mirror seat belt's history
Yubico CEO Stina Ehrensvard believes the right path for increasing adoption of the security practice is to follow the rise of seat belts in automobiles.
DOD official: Automation can save Pentagon from drowning in data
The Defense Department must do more to take advantage of automation tools to avoid drowning in a sea of network data and risk missing cyber threats, according to a top department official.
Bolton will lead charge to replace cybersecurity coordinator, DHS secretary says
The new national security adviser will restructure aspects of the coordinator job, Secretary of Homeland Security Kirstjen Nielsen said.
Supply-chain vulnerabilities are a 'digital public health crisis,' says DHS's Manfra
Persistent supply chain vulnerabilities such as hardware and software bugs “amount to a digital public health crisis” that the government and private sector must work together to resolve, according to the Department of Homeland Security’s top cybersecurity official.
Companies are stopping more cyberattacks, but have room to improve defenses, survey shows
An Accenture survey found that 87 percent of focused cyberattacks are prevented, compared to 70 percent reported in a similar study a year ago. Those numbers could easily be even higher, the consultancy said.
Hamas-linked spyware targeting Palestinians removed from Google Play store
The group has been tied to the 2017 campaign, known as Frozen Cell, by using of the same social media profiles to promote the malware.
ViperRAT spyware resurfaces in Google Play Store
ViperRAT made waves last year after a wave of IDF personnel fell victim to social engineering attacks from hackers posing as young women.
Respiratory device maker Inogen says breach exposed customer data
Inogen says hackers obtained unauthorized access to customer data through an employee's email.
Ukrainian accused in cybercrime wave is considering trial in U.S., lawyer says
Mikhail Rytikov can't leave his home country of because he would risk becoming the latest Eastern European snatched up by Western law enforcement. He vehemently maintains his innocence.
As DDoS attacks increase in power, Cloudflare expands its offerings
"It’s DDoS protection for any box, container or VM that connects to the internet," the company announced on Thurday. "Whether it runs email, file transfer or a custom protocol, it can now get the full benefits of Cloudflare."
Extradited Russian explores plea deal for massive LinkedIn breach
"The likelihood of a trial is not very high," his lawyer said. "The district has over a 99 percent conviction rate. We are not throwing clients under the bus."