{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

10/07/2019
linkedin facebook twitter instagram
WorkScoop
DHS and the U.K.'s National Cyber Security Centre issued warnings about VPN vulnerabilities that could make it possible for hackers to collect sensitive intelligence from victims who might have a false sense of security. Russia is hardly the only country trying to hack the next election. And Ryuk gains steam in Canada. This is CyberScoop for Monday, October 7.

APTs are exploiting outdated VPNs for espionage

International hacking groups are exploiting vulnerabilities in VPN technologies to steal user credentials and monitor sensitive traffic, the United Kingdom’s National Cyber Security Centre said, amid recent warnings that the Chinese government has used similar tactics to collect intelligence. The NCSC, an offshoot of Britain’s GCHQ, said hackers are leveraging outdated versions of Palo Alto Networks, Fortinet and Pulse Secure products. DHS's CISA later published its own advisory on the vulnerabilities, which attackers could use to take over an affected system. Each company has released security updates for the affected products. Jeff Stone explains the alerts.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Iran signals its 2020 intentions

If you thought it was only Russia interested in meddling in the 2020 elections, you might want to refresh your browser. Microsoft on Friday revealed a concerted effort by Iranian hackers to breach the email accounts of an unnamed U.S. presidential campaign, along with current and former U.S. officials, journalists and Iranians abroad. The U.S. presidential campaign (evidence suggests it could be Donald Trump’s) was not compromised, but the attacks are a shot across the bow from an aggressive set of hackers linked with Tehran. The DNC warned candidates that the hacking group had shown a penchant for spearphishing and fake LinkedIn profiles. The attempted intrusions will likely be one of many tests for candidates’ cybersecurity on the road to 2020. Sean Lyngaas and Shannon Vavra have the report.


Hey Sephora, StreetEasy customers: Change your passwords!

Unrelated data breaches at Sephora and the real estate site StreetEasy resulted in the compromise of records about nearly 2 million customers, according to updates added to the Have I Been Pwned database over the weekend. Hackers hit StreetEasy, an online database of property listings, back in June 2016, making off with email addresses, credentials and names of some 988,000 people. The stolen data turned up for sale on the dark web in February. Meanwhile the cosmetics retailer Sephora is trying to mitigate the damage from a January 2017 breach in which data about some 780,000 people were stolen from its Southeast Asia subsidiary. Customers in that region — as well as Australia and New Zealand — are most at risk. Check if you’re affected by either incident here.


Oh, great, another round of the crypto wars

Brace yourselves, there is another round of the crypto wars coming over the horizon. We will dive into what exactly is happening this time around. In our interview, we talk to Bob Ackerman, Managing Director of Allegis Capital and founder of DataTribe, on what are the emerging areas in cyber venture capital, why NSA talent is building the next wave of cybersecurity companies, and what exactly is to come with the next DataTribe challenge. Listen here.


Ryuk ransomware spreads north

Canada's Centre for Cyber Security published a series of suggested actions last week meant to help organizations stay ahead of Ryuk, a pernicious ransomware strain that has crippled three Ontario hospitals in recent weeks. Officials advised tech teams to disable Remote Desktop services, and to improve their scanning of incoming and outgoing emails to mitigate the chances of another outbreak. Hospitals in Toronto and southwestern Ontario took their email systems offline to recover from infections, and hospital staffers had to transcribe patient information by hand. Public and private sector organizations around the world have struggled to fend off Ryuk, which has reported ties to a Russian criminal group, in recent months. Here's the latest.


Pentagon seeks a cyber babysitter to keep an eye on contractors

The Department of Defense will soon be on the hunt for a third-party accrediting organization to make sure contractors have met newly proposed cybersecurity standards. DOD issued a request for information last week asking organizations interested in serving as the accreditation body to submit feedback on the “long-term implementation, functioning, sustainment, and growth” of the process. The program will be known as the Cybersecurity Maturity Model Certification (CMMC). Ultimately, CMMC is an effort to secure DOD's extremely complicated and spiderwebbed IT supply chain from the largest contractors to the smallest. The DOD estimates that 300,000 organizations will need to meet the cybersecurity certification. FedScoop's Billy Mitchell has the details.


Tweet Of The Day

Image

Check out more cartoons here.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}