{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

11/07/2019
linkedin facebook twitter instagram
WorkScoop
Amazon's Ring patched a security flaw that could have spilled Wi-Fi credentials to all your neighbors. U.S. prosecutors say Twitter employees abused their access on behalf of Saudi Arabia. And mobile security vendors are trying to help clean up the Play Store. This is CyberScoop for Thursday, November 7.

Make sure your Ring doorbell isn't providing a new way in to your house

Internet-connected doorbells sold by Amazon’s Ring service contained a security vulnerability that would have made it possible for hackers to intercept a customer’s Wi-Fi username and password, then launch a larger attack on the network, according to Bitdefender. Researchers figured out that when a user first configured their Ring doorbell app, it accepted credentials in an insecure format as it created a new digital access point. Then, when that network went live, the Ring app automatically obtained the Wi-Fi credentials and sent them to the local network. The issue is fixed now, but it's another reminder that connected home technology actually can make life easier for intruders. Jeff Stone has the details.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


How Twitter employees turned into spies for Saudi Arabia

The Department of Justice charged two former Twitter employees for allegedly conducting espionage at the behest the Saudi Arabian government, according to charges unsealed Wednesday. The employees were spying on Saudi dissidents at times, including those close with Washington Post columnist Jamal Khashoggi, whose murder the CIA says was ordered by Saudi Crown Prince Mohammed bin Salman. Twitter staffers accessed personal data including email addresses, phone numbers, and IP addresses that could reveal user location. Just one of the former employees was charged with accessing data on nearly 6,000 Twitter accounts. The charges raise questions about whether Twitter — and other social media companies, too — are equipped to protect user information from insider threats and spying. Dive in with Shannon Vavra


Google asks cleaners to help scrub the Play Store

For years, Google has been playing Whac-A-Mole with hackers who slip malicious apps into its Play Store. Acknowledging it was fighting an uphill battle, Google on Wednesday announced it would partner with ESET, Lookout, and Zimperium to flag malware before it ends up in the app marketplace. The three mobile security firms will plug their antivirus scanning engines into store to add an extra layer of security vetting. The App Defense Alliance, as the partnership is called, will help make some of the 2.5 billion Android devices more secure, but it won’t be a panacea for the problem. Sean Lyngaas explains why it's so complex.


About that NSA warning...

The National Security Agency’s warning last week about nation-state actors exploiting a vulnerability affecting Confluence was more than a delayed confirmation of something cyber pros were already tracking. It also seems to indicate hackers have been dramatically stepping up the pace and persistence of their attacks on the popular workplace collaboration software in recent weeks. The attackers are using a vulnerability that Confluence warned about this spring, according to data from Trend Micro’s TippingPoint technology. Shannon broke it down.


Backstage at CyberTalks

We spoke to a number of top cybersecurity experts on the sidelines of CyberTalks about a number of trends: cloud security, zero-trust networks, third-party risks, and more. Check them out:

Check out all the videos from CyberTalks on our YouTube channel.


As if the DMV wasn't bad enough already

More than 3,000 California residents had their personal information, including Social Security and driver’s license information, improperly accessed by seven other agencies as part of a data breach announced by the state’s department of motor vehicles. Over the last four years, federal agencies, including the Internal Revenue Service, U.S. Department of Homeland Security and Small Business Administration, as well as the district attorneys offices in Santa Clara and San Diego counties, were granted access to the Social Security information of 3,200 people who were under investigation or serving as witnesses in criminal cases. Ryan Johnston has more at StateScoop.


National Guard tests its ransomware response

A pair of ransomware attacks in Texas earlier this year weren’t just early tests of the state’s recent decision to include cybersecurity incidents in its emergency response protocols, they also left the state National Guard with a playbook to use the next time it responds to a similar event. Maj. Gen. Tracy Norris, the adjutant general of the Texas National Guard, told reporters how cybersecurity experts among the 24,000-person force she leads were dispatched within half a day of receiving reports that local government networks were under attack. The first event came in late May when the top official in Jackson County — a community of about 15,000 residents 100 miles southwest of Houston — reported to Gov. Greg Abbott’s office that several of her government’s systems had been compromised by malware demanding a ransom. Benjamin Freed has the StateScoop story.


Tweet Of The Day

Image

The replies are just as funny.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}