{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

10/23/2019
linkedin facebook twitter instagram
WorkScoop
First on CyberScoop: Cyber Command was scheduled to go public with North Korean malware samples, then it didn't. What's up? Internet gambling players are thinking cyber. And high school students hacked their teacher to get an edge in a water gun game. This is CyberScoop for Wednesday, October 23.

Cyber Command changes its plans

U.S. Cyber Command was on the verge of again publicly calling out North Korean hackers known as Lazarus Group for targeting the financial sector and ATM transactions in late September, but ultimately backed off the plan by early October, according to multiple sources. The announcement was supposed to be part of a Cyber Command effort to share malware samples on VirusTotal, an effort intended to call out adversary-linked hacking in order to deter hacks in the future. It wasn’t clear why the decision was made to refrain from publicly posting malware samples this time around, despite the fact that Cyber Command has done so numerous times in recent months. It certainly didn’t appear to be an issue of accuracy (the Pentagon outfit still decided to share private advisories with threat intelligence companies and the financial sector). Go behind the scenes with Shannon Vavra.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


The House always wins (as long as the doors are locked)

Security seems to be an afterthought for internet gaming companies as they scramble to cash-in on legalized internet sports betting in the U.S. Speaking at a CyberScoop panel this morning, Gus Fritschie, vice president of IT security at Bulletproof, said many firms would not include security measures like distributed denial-of-service protection in their services if not for regulation in states like New Jersey. Falling prey to a DDoS attack on Super Bowl Sunday, for instance, or a prolonged ransomware attack could undercut trust in the $75 billion gaming industry. Still, he said, firms only now are starting to conduct dynamic security tests with the realization that, if they don't protect the integrity of their games, that could mean bigger losses than they intend. Stream the talk here.


“With ransomware, I’m getting my money.”

The reason ransomware is so prevalent is simple, according to Allan Liska, a threat intelligence analyst at Recorded Future. Right now, it represents the easiest way for cybercriminals to make buck. Liska, speaking at a StateScoop event Tuesday afternoon, reminded the audience that credit card scammers need to steal victims’ information, make sure it works, and then re-sell that. Ransomware is more clear cut: Victims will either pay, or not. And there’s now a complex underground market where attackers can invest in new tools to defeat the latest digital defenses. “It took the Target hackers almost a year to make any money from that, in part because they were bungling idiots,” referring to the 2013 breach that included as many as 40 million credit and debit card numbers. Watch the whole conversation here.


Census needs a security audit ASAP

The inspector general’s office of the Department of Commerce announced last week that it will audit the IT security systems being used as part of the 2020 census. Specifically, the audit will seek to determine the “effectiveness” of certain IT security systems. It’s the latest line of inquiry into census IT, which has been under tight scrutiny by Congress and the watchdogs at the Government Accountability Office. In a letter to Census Bureau Director Steven Dillingham, the IG writes that it will begin work on the audit “immediately.” The office has also enlisted the help of the U.S. Digital Service for the project. Tajha Chappellet-Lanier is on the case.


These high school kids *really* wanted to win a water gun war

Students recently hacked a school computer system at Downingtown Area School District, a K-12 district in Eastern Pennsylvania, to uncover student addresses and gain a competitive edge in a districtwide water-gun competition. The perpetrators obtained teacher-level login credentials to access Naviance, a college and career resource website and extracted student profile information for the entirety of DASD’s student population, including identification numbers, student directory information, gender, ethnicity, academic data and household relationship information. The students claim they broke into the system to obtain the home addresses of other students participating in an off-campus game called the “senior water games.” Betsy Foresman has more.


A plan to train government employees on IoT security

Cybersecurity training would be required of all federal employees if a bill introduced in the House by Rep. Ro Khanna, D-Calif., on Monday becomes law. The Internet of Things Cybersecurity Training for Federal Employees Act specifically directs the Office of Management and Budget to ensure employees understand the vulnerabilities of IoT devices. Dave Nyczepir has the FedScoop story.


Tweet Of The Day

Image

The replies keep it going!


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}