{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

03/11/2020
linkedin facebook twitter instagram
WorkScoop
Republicans and Democrats agree on recommendations that might help stop a digital catastrophe. Microsoft stifles Necurs activity. And details on another "wormable" flaw that's not fixed. This is CyberScoop for Wednesday, March 11.

Congress urges drastic action to protect U.S. security

A bipartisan congressional committee is pressing the federal government to enact 75 cybersecurity upgrades to change the way they deal with crucial security issues that, if unaddressed, may jeopardize U.S. national security. The CyberSpace Solarium Commission recommends establishing a Senate-confirmed White House role on cybersecurity and new cybersecurity committees in the House and Senate, both of which may be difficult to achieve. The commission also wants to elevate the State Department's cybersecurity role, have Cyber Command assess if its 6,200-person cyber mission force is large enough, and establish that manufacturers be held liable if they don’t fix known vulnerabilities. “We want this to be the 9/11 Commission Report without the 9/11,” said Sen. Angus King. “We are trying to urge and foment change without a catastrophic event.” Shannon Vavra broke it down.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Microsoft kneecaps a key tool for cybercriminals

Microsoft announced on Tuesday that it has moved to disrupt the Necurs botnet, a network of more than 9 million computers that had been surreptitiously infected with malware and then used by hackers to carry out various schemes. Attackers, likely in Russia, according to Microsoft, used Necurs to distribute pharmaceutical spam, facilitate ransomware attacks and infect victims with numerous types of malicious software, such as the GameOver Zeus malware that is blamed for $100 million in losses. A judge in the Eastern District of New York on March 5 authorized Microsoft to seize control of the American computers under Necurs’ control. Jeff Stone has the details.


Another wormable Windows vulnerability?

Microsoft on Tuesday issued a short security advisory on a vulnerability in the popular Server Message Block (SMB) protocol used in Windows operating systems. There’s no patch available yet, but the vulnerability could be serious: it allows an attacker to execute code remotely on a target machine. Microsoft recommended ways of mitigating the issue until the tech giant has a patch ready. Some security analysts initially suggested Tuesday that the vulnerability could be wormable, meaning exploits for it could spread from machine to machine. Regardless, this is one to watch. The 2017 WannaCry ransomware epidemic also exploited an SMB vulnerability. Here's the news.


RSA attendees confirm coronavirus infections

Two Exabeam employees who attended the RSA Conference last month have tested positive for the coronavirus. While it remains unclear when the employees began developing symptoms, Exabeam is asking anyone who came into contact with its personnel to “please be vigilant in monitoring yourself for symptoms and follow recommended guidelines to prevent possible infection.” A 45-year-old man working for Exabeam began experiencing symptoms upon his return home to Connecticut, Bloomberg first reported Tuesday. The man, who was predisposed for pneumonia because of a pre-existing heart condition, was hospitalized for respiratory distress on March 6. He is now on a ventilator in a “guarded condition." RSA attracted some 36,000 people this year. Jeff had the statement.


House bill would require cybersecurity training for lawmakers

The House of Representatives on Tuesday passed a measure that would require lawmakers to get smarter on protecting their devices from hackers. The provision would require all new House members to receive cybersecurity training from an in-house expert within 30 days of taking office. “Members of Congress are prime targets for hackers and foreign adversaries,” Rep. Kathleen Rice, D-N.Y., the measure’s sponsor, said in a statement. The threat is real. In September 2018, Sen. Ron Wyden, D-Ore., revealed that a major tech company had told senators that foreign government hackers had targeted their personal email accounts. Here’s the full text.


Governments fail to keep pace with ransomware attacks

The ransomware attacks that have plagued state and local governments for the past several years continue to grow more frequent and sophisticated, while government organizations struggle to be prepared for and resilient against these incidents, a new study by the consulting firm Deloitte argues. The study comes after the end of a year that saw an agonizing spike in attacks against U.S. public-sector organizations — 163 by Deloitte’s count — with more than $1.8 million paid out to hackers and tens of millions of dollars more spent on recovering or replacing damaged IT infrastructure. The pace of attacks has also accelerated in part due to the increasing availability of ransomware as an off-the-shelf service, as other analysts have warned. Benjamin Freed has more at StateScoop.


Tweet Of The Day

Image

At least it's not the middle seat.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}