{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

11/12/2020
linkedin facebook twitter instagram
WorkScoop
A top U.S. cyber official is moving on. Why more eyes should be on the manufacturing sector's vulnerability to ransomware. And a new group of cyber mercenaries appears. This is CyberScoop for Thursday, Nov. 12, 2020.

A big departure at DHS

Bryan S. Ware is leaving the Cybersecurity and Infrastructure Security Agency to explore starting a new company. Ware pointed to work the agency has done in the last 10 months to protect vaccine research from hacking and the U.S. elections from interference. “I think against significant odds, the work we did on [protecting] elections is really a testament to what this agency can do,” Ware told CyberScoop. He came to CISA after a career as an entrepreneur. Sean Lyngaas has the scoop.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Ransomware is also a pain for manufacturers

The manufacturing sector, whose digital defenses have lagged behind those of other sectors, has endured a rash of ransomware attacks in 2020 as criminals have found ways to attack IT and OT-related processes at facilities in multiple countries. A report from Dragos released Thursday analyzes some of those incidents, and comes with a warning: Hacking groups could test out their capabilities on the manufacturing sector and use them elsewhere. More from Sean.


Another mercenary hacking shop

There’s a new cyber mercenary group on the block, and they’re going after targets in more than a dozen countries around the globe, according to BlackBerry research published Thursday. The hack-for-hire shop, which BlackBerry is calling “CostaRicto,” has largely gone after targets in South Asia, especially in India, Bangladesh and Singapore, with a custom backdoor, according to BlackBerry. The operation is part of a growing trend of hack-for-hire shops doing the bidding of malicious actors around the world documented by researchers. Shannon Vavra has more.


Implanting emails > sending emails for cybercriminals?

A cybercriminal appears to have figured out a method for implanting malicious email messages directly into mailboxes rather than sending them, Gemini Advisory researchers found. If the software dubbed "Email Appender" works — and it's gotten feedback from users suggesting it does — it could help cybercriminals bypass traditional email security tools. Multi-factor authentication is the best defense against it, Gemini Advisory said. Tim Starks explains the hack.


Restaurants, bars, hotels vulnerable to a backdoor

A point-of-sale-system widely used in the hospitality industry to process credit card payments and other transactions is vulnerable to a backdoor that allows attackers to see some of the information in the system’s databases, according to researchers at ESET. The malicious software, dubbed ModPipe by the researchers, affects the ORACLE MICROS Restaurant Enterprise Series (RES) 3700. ESET stresses that highly sensitive pieces of information — such as credit card numbers and expiration dates – do not appear to be vulnerable to the malware. But it's a potentially powerful tool for cybercriminals nonetheless. Joe Warminsky has the research.


A new CISO at the Pentagon

The Department of Defense has tapped Dave McKeown to be its next chief information security officer, a DOD official confirmed to FedScoop. McKeown, a long-time government IT and security official, will start later in November, the source said. McKeown replaces former CISO Jack Wilmer, who departed in July to lead a private security company. The job is the highest-ranking civilian cybersecurity position at the Pentagon, and it involves working closely with senior executives and military leaders to defend the DOD's networks. Jackson Barnett had the scoop.


More lessons from CyberTalks 2020

This year’s virtual CyberTalks featured a full lineup of influential cybersecurity leaders, including VIPs across government, technology and the financial sector. Experts from the private sector discussed hot topics like emerging technologies, identity controls, lessons from the shift to remote work, zero-trust architecture and expanding the cybersecurity workforce:

Watch all the CyberTalks 2020 videos here.


Tweet Of The Day

Image

There are some SRE and YAML puns in the thread, too.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}