A new foreign investment bill will impact venture capital and the U.S. startup ecosystem

More posts by this contributor

President Trump’s time in office has been punctuated by rising tension with China on a host of economic issues. He’s received bipartisan criticism for the impact of tariffs on Chinese goods and the resulting retaliation against American exports.

How to Email Someone You Haven’t Talked to in Forever

Executive Summary

It can feel really awkward to reach out to someone you haven’t spoken to in 10 years. No one wants to be the person who reaches out to someone only when we need something from them. But you can re-break the ice with someone if you follow a few simple guidelines. Send them an email with a clear subject line, like “re-connecting.” Acknowledge that you haven’t been in touch. Be friendly, and let them know why you’re re-establishing contact now. Ask them for the favor, but give them an easy out and make sure you offer to reciprocate. Then, regardless of whether they help you or not, stay in touch. That way, it won’t be awkward the next time you want to say hello.

How to automate the import of third-party threat intelligence feeds into Amazon GuardDuty

Amazon GuardDuty is an AWS threat detection service that helps protect your AWS accounts and workloads by continuously monitoring them for malicious and unauthorized behavior. You can enable Amazon GuardDuty through the AWS Management Console with one click. It analyzes billions of events across your AWS accounts and uses machine learning to detect anomalies in account and workload activity. Then it references integrated threat intelligence feeds to identify suspected attackers. Within an AWS region, GuardDuty processes data from AWS CloudTrail Logs, Amazon Virtual Private Cloud (VPC) Flow Logs, and Domain Name System (DNS) Logs. All log data is encrypted in transit. GuardDuty extracts various fields from the logs for profiling and anomaly detection and then discards the logs. GuardDuty’s threat intelligence findings are based on ingested threat feeds from AWS threat intelligence and from third-party vendors CrowdStrike and Proofpoint.

Criminals Extort Internet Users With Threat Of Compromising Videos

Earlier this month bleeping computer reported on an ongoing extortion email campaign that emailed recipients their password and stated hackers had recorded the them over their webcam while they visited adult sites. Over the past week, scammers are now utilizing a new extortion email campaign that claims the recipient’s phone was hacked, includes a partial phone number of the recipient, and further states that they created videos using the recipient’s webcam. It then demands $1,000 USD in bitcoins or the hacker will release the video and other information. This new campaign was brought to their attention last week by security researcher SecGuru who has seen thousands of these email being distributed.

The 5 Big Takeaways From Our House Forecast

Democrats are favored to gain control of the House of Representatives in this year’s midterm elections, according to the FiveThirtyEight forecast model. But — a very FiveThirtyEight-ish sentence follows — the range of possible outcomes is wide and Democrats’ prospects are far from certain. Relatively small shifts could allow Republicans to keep control of the House, or could turn a blue wave into a tsunami.

32,000 smart homes and businesses at risk of leaking data

New research from Avast (LSE: AVST), the global leader in cybersecurity products, found more than 49,000 Message Queuing Telemetry Transport (MQTT) servers publicly visible on the internet due to a misconfigured MQTT protocol. This includes more than 32,000 servers with no password protection, putting them at risk of leaking data. The MQTT protocol is used to interconnect and control smart home devices, via smart home hubs. When implementing the MQTT protocol, users set up a server. In the case of consumers, the server usually lives on a PC or some mini computer such as Raspberry Pi, to which devices can connect to and communicate with.

Chatbots Say Plenty About New Threats to Data

By Amina Bashir and Mike Mimoso, Flashpoint

Chatbots are becoming a useful customer interaction and support tool for businesses. These bots are powered by an artificial intelligence that allows customers to ask simple questions, pay bills, or resolve conflicts over transactions; they’re cheaper than hiring more call centre personnel, and they’re popping up everywhere.

FCA lays out new rules for banks on reporting operational and security incidents to customers

On Wednesday 15th August, the Financial Conduct Authority (FCA) enforced new rules requiring providers of personal and business accounts to publish information that will help current customers to compare bank accounts from different providers. Banks will have to report major operational and security incidents that have taken place and disclose whether 24-hour customer helplines are available.

Weekly Update 100

Made it to 100! And by pure coincidence, it aligned with the week where I’ve tuned out more than I ever have since gaining my independence which means there’s really not much to talk about. But I did want to share a little about the snow in Australia (turns out it’s not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week.

Hackers Can Falsify Patient’s Vitals In Real Time

Reports have surfaced detailing that hackers can falsify patients’ vitals by emulating data sent from medical equipment clients to central monitoring systems. The research, available here, takes advantage of a weak communications protocol used by some patient monitoring equipment to send data to a central monitoring station. The protocol is used in some of the most critical systems in hospitals, according to McAfee researchers. Even more concerning, McAfee was able to modify the vital sign data in real time, providing false information to medical personnel to make it look like a patient was flatlining. They were able to switch the display of a patient’s heartbeat from 80 beats a second to zero within five seconds.

Much More Than Just Security – The Future Of Identity And Access Management

As more organisations embark on the journey that is digital transformation, the ability to manage the digital identities is becoming more crucial — especially at a time when the Internet of Things (IoT) is redefining the concept of identity and access management (IAM). While traditional IAM was designed to manage employees’ information access authorisation, organisations soon began to use IAM to understand the interactions between their customers or employees and the company.

The Real Risk Of Reputational Damage

There is no ‘one-size-fits-all’ when it comes to compliance. Each regulation has a different focus, with different rules aligned to its individual purpose, sometimes with conflicting requirements. For example, financial institutions must comply with anti-money laundering (AML) and fraud regulations involving strict controls on transaction reporting. Yet AML compliance must be in line with GDPR which focuses on the capture, using, securing and discarding of customer personal data.