{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

01/22/2020
linkedin facebook twitter instagram
WorkScoop
Cybersecurity analysts validate the allegation that hackers targeted Amazon founder and Washington Post owner Jeff Bezos. The Secret Service wants to work with companies to figure out how to stop financial hacks. And the case of an alleged CIA leaker gets crazier, even though the trial hasn't started yet. This is CyberScoop for Wednesday, January 22.

We know how Bezos was hacked

With “medium to high confidence,” forensic investigators have concluded that Saudi Crown Prince Mohammed bin Salman was directly involved in hacking into Jeff Bezos’ phone in 2018, according to a U.N. statement released Wednesday. The hack, which allowed "intrusive surveillance" of Bezos according to the U.N., came after bin Salman and the Amazon founder met at a dinner in April 2018 while the crown prince was touring the U.S. Following an exchange of WhatsApp messages, bin Salman sent a malicious and encrypted file to Bezos. Bezos then began working with FTI Consulting to investigate whether his phone had been hacked. The interaction took place months before the murder of Washington Post columnist Jamal Khashoggi, which American intelligence has assessed to have been carried out under orders from bin Salman. Shannon Vavra has more context.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Inside a Secret Service plan to ID crooks

The Secret Service has recently hand-picked a small group of private sector cybersecurity experts to advise the agency’s investigations team on how it can better take down cybercriminals, CyberScoop has learned. The council, which will be known as the “Cyber Investigations Advisory Board," will aim to “provide Secret Service’s Office of Investigations with outside strategic input for the agency’s investigative mission, including insights on the latest trends in cybercrime, financial crime, technology, and investigative techniques,” according to an internal Secret Service Electronic Crimes Task Force Bulletin. The 16-member federal advisory committee will be the first one ever for the investigative unit, which focuses on financial crimes such as counterfeiting, card-skimming and other forms of fraud. Shannon has the exclusive.


Josh Schulte drama ramps up ahead of trial

With less than two weeks before a former CIA contractor is scheduled to strand trial for allegedly leaking classified information to WikiLeaks, U.S. prosecutors asked a judge to admit evidence detailing the defendant’s behavior behind bars, including alleged communications with reporters. Joshua Schulte has been charged with stealing national defense information and providing it to WikiLeaks, which then published a trove of CIA hacking tools known as the Vault 7 files. Schulte was arrested in August 2017 and has been awaiting his trial in Manhattan’s Metropolitan Correctional Center. While detained, Schulte sought to “drum up media attention for his case and to paint himself as an innocent man,” prosecutors said. This public relations campaign involved writing a series of articles that he sought to distribute to the media, urging family members to post his missives on a public Facebook page, and using contraband phones to communicate with people outside the jail, the government says. Jeff Stone has the court documents.


Hackers flocked to a factory's network honeypot

It doesn’t have to be real for criminals to want to pwn it. Look no further than a mock network of a factory that Trend Micro researchers set up to see what digital mischief would come their way. For seven months, the researchers watched as crooks infected the honeypot with two strains of ransomware and set up a cryptocurrency miner. The researchers had very weak security controls in place to make a point: Some small businesses, even those in critical infrastructure sectors, fail to do the basics. The manufacturing sector, which has been racked by ransomware, should pay attention. Sean Lyngaas reports from the S4 security conference.


Pajama-maker Hanna Andersson announces breach

Cybercriminals don’t care how cute your kid looks in his pajamas: They will still go after the credit card you used to pay for that onesie. Hanna Andersson, a Portland-based apparel company, recently told customers that an “unauthorized third party” may have had access to their card payment data for about two months last year. The company’s breach notice was short on details, but it's clear that the attacker was able to compromise payment data customers entered at online checkouts. That resembles a code-skimming technique that crooks have used to steal millions from the retail sector. Hanna Andersson has hired cybersecurity company Carbon Black, among others, to investigate, a spokesperson said. Sean has the story.


Welcome to the unicorn club, Snyk

Application security company Snyk said Tuesday its raised $150 million in a round of funding led by the New York private equity firm Stripes. The cash injection values Snyk at $1 billion, the company said, though it didn't share the exact value. Other investors included Salesforces Ventures, BoldStart and Amity, among others. Founded in 2015, the London-based firm aims to help developers, rather than security staffers, find and fix flaws in their source code. It also focuses on containers and Kubernetes-built applications, technologies already popular in Silicon Valley and emerging in the financial sector. Here's the news.


VA is developing its own cyber career standards

The Office of Information Security at the Department of Veterans Affairs is creating a Cyber Workforce Management program meant to recruit qualified security staffers. Ideally, the initiative will identify work roles across every single position within VA and its IT office and establish qualification requirements for each role that all of government can use, according to program manager Stephanie Keith. VA already has identified some roles — such as medical device experts — that don't fit neatly with existing cyber job frameworks. CWM is also standing up a cyber training academy pilot to teach employees baseline skills associated with the work roles. FedScoop’s Dave Nyczepir is paying attention.


Tweet Of The Day

Image

No good deed goes unpunished.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}