{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

12/11/2019
linkedin facebook twitter instagram
WorkScoop
The bizarre case of an accused CIA leaker is scheduled to go to trial in February after a series of confounding delays. An Amazon-owned camera carries some big flaws. And the "Going Dark" debate seems like it will outlive us all. (Editor's note: We're going to be taking a quick hiatus for the rest of the week. We will be back with all the latest and greatest cybersecurity news on Monday.) This is CyberScoop for Wednesday, December 11.

It looks like the Vault 7 judge is out of patience

Judge Paul Crotty of the U.S. Southern District of New York declared the trial of Joshua Schulte will begin on Feb. 3, 2020, nearly a month after the anticipated Jan. 12 trial start and three months after the previously scheduled date of Nov. 4, 2019. The decision comes after a long series of delays from Schulte’s defense attorneys, who have argued they needed the court to add another lawyer to the defense, and that they failed to understand some of the government’s allegations against Schulte despite repeated explanations from prosecutors. The 31-year-old former CIA software engineer has been held in Manhattan’s Metropolitan Correctional Center on charges that he stole national defense information and sent it to WikiLeaks, which then published a trove of CIA hacking tools known as the Vault 7 files. Jeff Stone is on the case.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


A Russian ransomware is repurposed

BlackBerry Cylance researchers have uncovered the a new variant of Vega, or VegaLocker, a ransomware strain that's been targeting Russian-speaking users since early this year. The new campaign, which researchers dubbed Zeppelin, has shifted its target base, however, to go after technology and healthcare companies in Europe and the U.S. It specifically relies on binaries that don’t work in Russia or other countries formerly of the Soviet Union. “The major shift in targeting from Russian-speaking to Western countries, as well as differences in victim selection and malware deployment methods, suggest that this new variant of Vega ransomware ended up in the hands of different threat actors — either used by them as a service, or redeveloped from bought/stolen/leaked sources,” researchers wrote. Read the research here.


You've been...PLUNDERSTRUCK

Academic researchers in Europe have discovered a flaw in Intel’s computer processors that could allow an attacker to alter the chip’s voltage, tricking it into spilling sensitive data. By corrupting the integrity of code on the Intel Core processors, the researchers showed how even the encryption and authentication technology built into the processor could be defeated. The flaw, dubbed Plundervolt, found by specialists at the University of Birmingham, Graz University of Technology, and KU Leuven is the latest work in a burgeoning field of hardware hacking. Intel issued a patch for the flaw but, don't worry, there will be more to come in this sort of research. Find the details here.


Blink if you can see your camera getting hacked

The ubiquity of insecure smart home devices is a hacker’s dream, and new findings from Tenable are a reminder why. Researchers at the company found no less than seven vulnerabilities in a popular Amazon-owned home security camera that would give an attacker plenty of ways to disrupt data on the device. Tenable’s CTO said it's the “obligation” of devicemakers to build security into their products. The abundance of research into vulnerable devices is proof that mentality isn't as common as many would have you believe. Sean Lyngaas has the report.


Google expands Chrome's anti-phishing tools

Google says it will expand “predictive phishing protection” in the Chrome browser. The goal is to check in real-time if scammers are leveraging websites, advertisements, chat apps or other channels to try to steal Chrome users’ credentials. It also announced the Password Checkup extension, which warns users when they’ve entered credentials that previously were made public in prior data breaches, will become part of the Chrome browser. This is the latest example of a tech firm trying to mitigate the risks associated with usernames and passwords as means of validating a user’s identity. Jeff has more context.


Aviation is flying blind on cyber

The aviation industry has gradually awoken to the fact that cyberthreats aren’t confined to traditional IT networks. But a report published Wednesday by the Atlantic Council shows that the sector has a lot work to do in addressing hacking threats in the same way it considers issues like flight safety and physical security. Supply-chain practices need more attention and cybersecurity standards in the sector need to be made much clearer and more effective, the study concludes. “The digital attack surface of the aviation sector has never been larger than it is today,” the report said. “Understanding how to manage and protect this burgeoning attack surface, while building in resiliency, is arguably the most pressing security challenge facing the aviation sector.” Dig in here.


Senators threaten encryption legislation

Sens. Lindsey Graham, R-S.C., Joni Ernst, R-Iowa, and Dianne Feinstein, D-Calif., expressed interest Tuesday in putting forward a bill on encryption if Silicon Valley guarantee a way for police to access communications. “You’re going to find a way to do this or we’re going to do it for you,” Graham, chair of the Senate Judiciary Committee, told representatives of Apple and Facebook in yesterday’s hearing. Afterward, Feinstein told Shannon Vavra her “sense is to do a bill in a limited form,” indicating she is more interested in access to devices found at crime scenes or somehow implicated in crimes than dealing with gaining access to online communications software. When asked what kind of a timeline she was operating on, she demurred. Facebook and Apple both emphasized that an encryption backdoor that allows access just for the good guys or that does not weaken security for everyone does not currently exist. Shannon was in the room.


Tweet Of The Day

Image

Never gets old, does it?


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}