How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
October 23, 2019.
SecurityWeek's 2019 ICS Cyber Security Conference
The conference program this morning took up the difficulties of "blindness" with respect to both programs and supply chains. Eric Byres, CEO of aDolus, offered a moderately encouraging view of the challenges of developing a software bill of materials suitable for securing the supply chain. Robert Dyson, Global OT Security Services Business Leader at IBM, delivered a plea for attention to detail in the OT space, and for applying the security lessons learned in IT environments to control systems.
Our coverage of SecurityWeek's 2019 ICS Cyber Security Conference will continue through the week. An account of a fireside chat with Admiral (retired) Rogers, former Director, US National Security Agency, is available here.
By the CyberWire staff
Malwarebytes reports on the relationship between Magecart (specifically Magecart Group 5), the Dridex banking Trojan, and the Carbanak crime gang that seems to be behind both of them. Magecart Group 5 represents an advance in sophistication over its predecessors in that it compromises third-party suppliers the better to propagate itself downstream.
VPNMentor discovered data exposed by Best Western's recently-acquired Autoclerk reservation system. US Government personnel travel itineraries were among the information open to inspection.
Pradeo warns that it's found Joker malware in another app that's been offered in Google Play. The app in question is Int App Lock, which is intended to enable users to lock certain data behind a PIN.
The UK's National Cyber Security Centre (NCSC), a GCHQ unit, has released its 2019 Annual Report. The NCSC says it handled six-hundred-fifty-eight cyber incidents over the past twelve months. The most attackers sectors were, in order, government, universities, technology companies, and managed service providers, with healthcare and transportation sharing fifth place in a dead heat. The report's tone is modestly proud and customer-friendly, featuring easily grasped case studies in the explanatory framework it offers.
Fan of celebrity news? McAfee offers its annual study of the most dangerous celebrities to search online, the ones for whom search results are likeliest to send the curious to malicious sites. This year the shiniest lure in the hackers' tackle box is Alexis Bledel, formerly of the Gilmore Girls, now of the Handmaid's Tale. Stick to the tabloids in the supermarket checkout line, fans.
Today's issue includes events affecting China, Denmark, Japan, Nigeria, Norway, Sweden, United Kingdom, United States.
Bring your own context.
If the data are anomymized, then no big privacy deal, right? Not necessarily.
"It's fairly trivial to reidentify people from an anonymized data set. First off, let's explain why we have these things called anonymized data sets, particularly in the field of health care. A lot of times, we need these data sets in order to perform research, right? But there are regulations. There are HIPAA regulations, and there might be some internal IRB regulations that say if you're going to store this kind of information, you have to store it in an anonymized fashion. Which means that all of the personal identifiable information has been stripped from the data set and replaced with tokens. But there is some information that can't be stripped because it's important to the research, and those things happen to be demographic pointers, like your age, your gender, whatever."
—Joe Carrigan, from the Johns Hopkins University Information Security Institute, on the CyberWire Daily Podcast, 10.21.19.
The data aren't collected for frivolous reasons, but it's possible to put enough of them together to build up an identity.
The modern workplace is infiltrated everyday — bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their networks? Join LookingGlass’ Eric Olson & James Carnall for a webinar discussing best practices and war stories at 1 pm ET October 31, 2019.
And Recorded Future's latest podcast, produced in partnership with the CyberWire, is also up. In this episode, "Strategy and Focus Protect New York City," the guest this week is Quiessence Phillips, deputy CISO and head of threat management for New York City Cyber Command. She’s one of the leaders of a team of cybersecurity professionals working to strengthen and coordinate the cyber defenses of one of the largest and most important cities in the world.
Georgetown University Programs in Cybersecurity Webinar(Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
Cyber Security Summits: November 6 in Boston and November 21 in Houston(Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Forescout Joins Global Cyber Security Alliance for Operational Technology(Forescout) New Cyber Security Alliance will develop comprehensive cyber security guidelines for operational technology infrastructure SAN JOSE, Calif., October 22, 2019 – Forescout Technologies, Inc. (NASDAQ: FSCT), the leader in device visibility and control, today announced that it has joined a new alliance to provide a technical and organizational framework for safe and secure operational technology …
Here's what the NordVPN hack means(Tech Advisor) With news of a serious security breach on one of its severs, you’d be forgiven for wondering whether NordVPN is safe to use. We explain what you need to know.
Schneider Electric ProClima(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Vulnerabilities: Code Injection, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Search Path Element
Vulnerability Summary for the Week of October 14, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Ransomware Attacks Map(StateScoop) Innovative Digital Reference Tool Provides Up-to-Date View of Ransomware Attacks Against State and Local Governments, K-12 Districts, Higher Education Institutions in the U.S.
The Internet and the Third Estate(Stratechery by Ben Thompson) Mark Zuckerberg suggested that social media is a “Fifth Estate”; in fact, social media is a means by which the Third Estate — commoners — can seize political power. Here history matters…
Former Gov. McAuliffe Joins Hunton Andrews Kurth Industries(Virginia Business) Former Virginia Gov. Terry McAuliffe has joined Hunton Andrews Kurth LLP, Virginia's second-largest law firm, as the global strategy advisor for the Centre for Information Policy Leadership (CIPL), the firm's Washington, D.C.-based global privacy and cybersecurity think tank.
Understanding How Your Networked Enterprise Behaves Under a Cyber Attack(JSA - Jaymie Scotto & Associates) What are Cyber Attacks? A cyber attack is a deliberate attempt, using malicious software, to degrade or disable the target network’s operations or to steal or corrupt sensitive data. No organization is safe from cyber attacks on its infrastructure. Former Cisco CEO John Chambers once said, “There are two types of companies: those that have been …
Amazon joins Facebook and Microsoft to fight deepfakes(The Next Web) Deepfakes have come across as serious problems this year and big companies are now paying attention. Amazon announced today it’s joining the DeepFake Detection challenge (DFDC) driven by major corporations such as Facebook and Microsoft to boost efforts to identify manipulated content. The company is going to contribute $1 million in AWS credits over the …
CISO/Thought Leader Napkin Sketch Challenge(LinkedIn) Sometimes the best ideas come from sketches done on cocktail napkins. I’ve been in the cyber security industry for several years and have been searching for a meaningful, comprehensive (and usable) depiction of the architecture desired by thought leaders in the CISO world.
Cyber Defense Correlation Cell for Space stands up(DVIDS) The Cyber Defense Correlation Cell for Space stood up Oct. 18 at Schriever Air Force Base, Colorado, and will operate at the enterprise level by detecting and responding to cyber threats against Air Force Space Command mission systems.
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze...
PCI SSC 2019 Europe Community Meeting(Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort...
Omaha Cybersecurity Conference(Omaha, Nebraska, USA, October 24, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Florida Cyber Conference 2019(Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...
National Security Leaders Symposium(Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.