{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

11/04/2019
linkedin facebook twitter instagram
WorkScoop
A Defense Department partnership with Montenegro on election security apparently went so well they're doing it again. Scammers are exploiting a Windows vulnerability to generate cryptocurrency. And we've got more on that CrowdStrike conspiracy the president loves so much. This is CyberScoop for Monday, November 4.

A Pentagon plan to protect 2020

The Pentagon again is sending cyber personnel overseas to gather intelligence to help protect the 2020 presidential elections against foreign interference. An undisclosed number of defensive cyber-operators are on the way to try to gain insights into Russian cyberthreats before both the U.S. and Montenegrin elections next year. The U.S. service members are specifically focused on finding new malware that could pose a threat. It’s the second time in as many years the Department of Defense is undertaking this effort with Montenegro, as part of a partnership that’s poised to provide insights on possible Russian election interference. (Montenegro and the U.S. both have been targeted by the Russian government-linked hacking outfit APT28, or Fancy Bear.) Shannon Vavra breaks it down.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Keep on BlueKeepin' on

BlueKeep, the “wormable" vulnerability comparable to the one used in WannaCry attacks, has reared its head again, but it appears to be some script kiddies trying to mine cryptocurrency rather than something more serious. Over the weekend, security researcher Kevin Beaumont reported that attackers had been hitting his BlueKeep “honeypots” in droves. But these are opportunistic and relatively unskilled attackers. That’s a far cry from the grave scenarios that security researchers warned about ever since Microsoft pushed a BlueKeep patch out in May. The real threat is when this thing gets wormable and starts moving from machine to machine. That hasn’t happened yet, but researchers still caution that it very well could. Sean Lyngaas has sums it up.


Mueller documents show Manafort's hand in Ukraine conspiracy

In an April 2018 interview with the Special Counsel’s office, Rick Gates, President Donald Trump’s former deputy campaign chairman, revealed Paul Manafort, Trump’s former campaign chairman, pushed the conspiracy theory that Ukraine and not Russia was behind the 2016 breach of the Democratic National Committee, according to new documents from the Mueller investigation. It's the same story that Trump brought up during his infamous July 2019 call with Ukraine’s president, in which he alleged U.S.-based cybersecurity company CrowdStrike was somehow involved in a coverup. From the documents, released following CNN and BuzzFeed News lawsuits: “Gates said Manafort primarily had contacts with Ukrainians. Gates recalled Manafort saying the hack was likely carried out by the Ukrainians, not the Russians, which parroted a narrative [Konstantin] Kilimnik often supported. Kilimnik also opined the hack could have been perpetrated by Russian operatives in Ukraine.” The FBI has assessed Kilimnik, a longtime business associate of Manafort’s, has ties to Russian intelligence. Shannon and Joe Warminsky explained what's going on.


Another $29 million lost to BEC fraud

Scammers fleeced the publishing conglomerate Nikkei out of $29 million by impersonating an executive at the international firm. Nikkei America, the U.S. subsidiary of the Japanese company, said on Oct. 30 that one of its employees transferred the funds, equivalent to roughly 3.2 billion Japanese yen, “based on fraudulent instructions by a malicious third party” posing as a corporate boss. It’s the latest high-profile business email compromise attack carried out by fraudsters who exploit employees’ inherent trust in other people in their organization. The company didn’t provide any specific details, saying only that it quickly realized it had been defrauded, and that the firm had notified law enforcement in the U.S. and Hong Kong. (Hackers frequently divert stolen money to accounts based in Hong Kong.) Jeff Stone has more details.


Attackers are using more third-parties to spew ransomware

In 2019 alone, 13 managed service providers, or MSPs, have been compromised by ransomware, according to Armor, which tracks ransomware occurrences across the U.S. Municipalities and small businesses often use third-party vendors to host websites or run portions of their networks. Those vendors, which aren’t necessarily held to government’s strict security standards, frequently manage the networks of multiple businesses, towns or school districts. An attack on an MSP has the potential to devastate virtually any business, from dental offices to law firms to local governments. In August, more than 20 Texas municipalities were hit by ransomware simultaneously, and officials said it could have spread from TSM Consulting services, an MSP that offered billing and scheduling services to local courts and police departments. The coordinated attack was the first of its kind, according to security researcher Allan Liska. Ryan Johnston the story at StateScoop.


Pentagon picks four bases for 5G prototypes

DOD announced Joint Base Lewis-McChord, Washington; Hill Air Force Base, Utah; Naval Base San Diego; and Marine Corps Logistics Base Albany, Georgia, as the first test sites for 5G wireless networks. Notably, there’s one base for each of the military services represented. The Pentagon previously said it would create 5G testing and experimentation pilots at the bases around three use cases: creating a “dynamic spectrum sharing testbed to demonstrate the capability to use 5G in congested environments with high-power, mid-band radars;” integrating augmented reality and virtual reality for mission planning and training; and developing smart warehouses to “leverage 5G’s ability to enhance logistics operations and maximize throughput.” Billy Mitchell has more at FedScoop.


Tweet Of The Day

Image

Security isn't supposed to be convenient!


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}