{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

05/13/2022
linkedin facebook twitter instagram
WorkScoop
SecureWorks breaks down the evolving operations of Iranian hackers. Industry and the Biden administration team up on open-source software defenses. And the president is readying his signature on a cyber workforce bill. This is CyberScoop for May 13.

It's (more) about the money for this Iranian hacking group

A long-running Iranian hacking group traditionally known for blurring the line between espionage and extortion may be adding more purely financial operations to its plate, researchers with Secureworks Counter Threat Unit said in research published Thursday. The findings come based on Secureworks' experience with two incident response engagements in January and March of this year. The hacking group — known variously as Cobalt Mirage, Phosphorous, Charming Kitten or TunnelVision — hit one unnamed U.S. philanthropic organization as part of a seemingly opportunistic ransomware attack, while hitting a separate unnamed U.S. local government in a narrow, targeted data exfiltration operation. But the same hackers behind the data exfiltration may be trying their hands at ransomware, the researchers wrote. AJ Vicens has the story.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


$150M over two years pledged to enhance open-source software security

More than 90 executives from 37 companies along with government leaders from the National Security Council, the Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency met in Washington Thursday to discuss their plans for improving open-source software supply chain security and to announce $150 million in funding to tackle the problem across the next two years. The announcement comes five months after a significant vulnerability was found to be affecting products with the Log4j software library, a ubiquitous open-source logging utility which tracks software activity in cloud and enterprise apps such as Minecraft, Apple, iCloud and Twitter, among others. Industry committed $30 million of the $150 million, with Amazon alone giving $10 million to the effort. Check out the report here.


Ukrainian cybercriminal gets 4 years in U.S. prison

Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old Ukrainian accused of trafficking in stolen username and password credentials, was sentenced to four years in federal prison Thursday, the U.S. Department of Justice said. Polish authorities arrested Ivanov-Tolpintsev in October 2020, he was extradited to the U.S. in September 2021, where he pleaded guilty to the charges on Feb. 22, 2022. Prosecutors say that between 2017 and 2019 he listed thousands of login credentials for sale on a dark web marketplace, and boasted of controlling a botnet that could crack up to 2,000 username/password combinations per day. The scheme allegedly netted Ivanov-Tolpintsev about $80,000, which he was also ordered to forfeit to the U.S. government in restitution. AJ has this one, too.


Biden to sign bill to create rotational program for federal cybersecurity workforce

President Biden is preparing to sign into a law a bill that would create a civilian personnel rotation program for cybersecurity professionals working at federal agencies. Once enacted, the Federal Rotational Cyber Workforce Program Act will establish a formal mechanism to allow staff to spend time working at different government agencies to gain experience beyond their primary assignments. It is one of a raft of measures that government departments are hoping will lure top technology talent from the private sector, where compensation can be as much as ten times higher for analogous positions at federal agencies. Other measures being considered include greater use of direct-hire authority and increasing salaries. Read the full story from John Hewitt Jones at FedScoop.


Tweet Of The Day

Image

Life is full of contradictions.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}