{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

10/24/2019
linkedin facebook twitter instagram
WorkScoop
The Department of Homeland Security could soon make vulnerability disclosure programs mandatory amid frustration about slow cybersecurity progress. Joker's Stash, a market for stolen financial information, diversifies its offerings. And a former FBI general counsel reconsiders the Going Dark debate. This is October 24, 2019.

First on CyberScoop: DHS considers mandatory vulnerability disclosure

Concerned by the lack of federal progress on vulnerability disclosure programs, DHS officials are considering ordering agencies to set them up. Multiple officials said a draft Binding Operational Directive has long been in the works, and could be issued within the next few months. BODs typically are a tool of last resort when other means of prodding agencies to clean up their cybersecurity aren’t working. Fewer than 10 civilian agencies have vulnerability disclosure programs to receive software bug reports from independent researchers, according to DHS. (Vulnerability disclosure efforts typically serve as prerequisites for bug bounty programs.) Sean Lyngaas has the news.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Big breaches yield growth for scammer market

If it’s possible to describe a cybercriminal marketplace as “reputable” while maintaining a straight face, then Joker’s Stash fits the description as well as any other. The site has emerged in recent years as a destination for scammers who buy and sell credit card information stolen after data breaches from victims including the Hy-Vee supermarket chain, Sonic Drive-In and others. Now, Joker's Stash has expanded to include an array of personal information on high-value targets, including members of the Trump administration, as part of an evolution toward making illicit transactions more user friendly, according to research published Thursday by threat intelligence firm Recorded Future. Jeff Stone has more on what they found.


Dozens more Play Store apps used for fraud

Forty-two apps in the Google Play Store that were been downloaded more than 8 million times since July 2018 contained malicious functions that covertly leveraged users' phones to conduct advertising fraud, ESET researchers discovered. Lukas Stefano, a malware researcher, on Thursday detailed how the apps seemed harmless by posing as innocuous programs like free video downloaders or basketball games. The apps did what they promised. But they also sent users' device information back to a server which used details like the operating system, amount of storage space, and whether Facebook is installed to relay shady advertisements. Some apps continued to run even after it looked like they had been deleted. They've all been deleted.


SPONSORED BY SPLUNK

Reducing cybersecurity risk with data collected by CDM tools

CIOs at federal agencies know that the Continuous Diagnostics and Mitigation program is a requirement to improve their security posture across .gov domains. Splunk’s Adilson Jardim shares that agencies can gain important insights from this data for real-time intelligence about their IT operations. He offers recommendations to agency leaders as they continue investing in CDM solutions beyond just improving their security posture Listen to the interview.


Ex-FBI attorney, a Comey ally, backs stronger encryption

Former FBI general counsel Jim Baker argued that the U.S. law enforcement community should embrace encryption in an editorial published this week the national security blog Lawfare. Rather than interpreting the widespread implementation of end-to-end encryption, which renders communications indecipherable, as an impediment to investigative work, U.S. authorities should view the technology as tool for protecting society, he wrote. "All public safety officials should think of protecting the cybersecurity of the United States as an essential part of their core mission to protect the American people and uphold the Constitution," Baker wrote. "And they should be doing so even if there will be real and painful costs associated with such a cybersecurity-forward orientation." Read the whole thing.


Tweet Of The Day

Image

Tell it to the judge.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}