Cyber Attacks, Threats, and Vulnerabilities
Cyber attack on New York Blues plan Excellus affects 10 million (Business Insurance) Excellus BlueCross BlueShield, a Rochester, New York-based insurer, disclosed Wednesday afternoon that it was the victim of a sophisticated cyber attack by hackers who may have gained access to over 10 million personal records
Excellus BlueCross BlueShield hack puts 10M records at risk (FierceHealthPayer) Insurer says it discovered breach in early August
Records: Energy Department struck by cyber attacks (USA TODAY) Attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, a review of federal records obtained by USA TODAY finds
Zimperium unleashes Android Stagefright exploit code on world (Register) BOO! Now giddyup and get testing
Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware (Palo Alto Networks) The Gh0st malware is a widely used remote administration tool (RAT) that originated in China in the early 2000s
10 Reasons Why Your Traditional Antivirus Can't Detect Second Generation Malware (Heimdal) As exposed in an article published a short while ago, on the 6 need-to-know attributes of advanced cyber attacks, one of the main ways in which second generation malware is challenging the security industry is its capacity to evade detection
Google Chrome reportedly bypassing Adblock, forces users to watch full-length video ads [Update] (Neowin) Twitter is alit today, it seems, with news of Google neutralising AdBlock Plus. The popular extension, originally created by Wladimir Palant in 2006, is used by many to bypass ads hosted on the internet, including the video ads served by Google's video streaming site
Hack attack at Cal State campuses exposes data on 80,000 students (LA.com) A data breach at eight Cal State campuses — including three in Los Angeles County — has exposed the personal information of nearly 80,000 students enrolled in an online sexual violence prevention course
11 million Ashley Madison passwords cracked in 10 days (Naked Security) Regular readers know we like silver linings here at Naked Security
Social engineering scammers exploit people's inborn desire to help others (Graham Cluley) Phone Have you ever received a phone call at work by a person who is looking for someone else?
Security pros acknowledge risks from untrusted certificates but take no action (Help Net Security) A Venafi survey of 300 Black Hat USA 2015 attendees reveals that most IT security professionals understand and acknowledge the risks associated with untrustworthy certificates and keys, but take no action
Cyber Trends
How the Internet of Things is Transforming Manufacturing Today (Supply Chain 24/7) A new study finds the manufacturing industry is ready for the Internet of Things, with 83% of surveyed manufacturers either already using IoT technologies or planning to deploy within a year
How the Internet of Things Is Improving Transportation and Logistics (Supply Chain 24/7) From passenger security and fleet management to assembly processes and delivery times, the transportation and logistics industry needs solutions that move its people and cargo safely and efficiently
Mid-Sized Organizations More Likely Targets for Cyberattackers (Legaltech News) New study finds medium-sized businesses tend to be more lax with security practices than enterprises
Cloud security challenges prevent greater federal adoption, new survey finds (FierceGovernmentIT) The vast majority of federal IT workers value security over employee convenience, and even though many believe cloud computing improves employee productivity, it's not enough of a benefit to trump the related security challenges
A necessary oath: maintaining ethics in today's cyber world (SC Magazine) Given the far-reaching implications of their work, it's time for cyber-security professionals to consider creating an oath to uphold ethical standards, says Stephen Cox
UK tops global cyber crime hit list (ComputerWeekly) UK based criminals were the second highest originators of cyber crime attacks after the US in the second quarter, according to ThreatMetrix
Marketplace
Ways to Engage Executives in Cyber Risk (Wall Street Journal) A survey of retail executives shows many retailers making progress toward strengthening their cyber risk management programs
Are Your Directors Talking Enough About Privacy and Data Security? (JDSupra) The number of companies suffering data breaches, and the average cost associated with each incident, continues to rise
Defense Market Primed for M&A Activity (DefenseNews) While the defense industry is ripe for significant M&A activity, a combination of complicating factors, including the appreciation of the US dollar, makes valuation difficult, a panel of analysts told the audience at the ComDef 2015 conference
Proofpoint CEO — Cybersecurity Needs Trump Market Volatility (TheStreet) Proofpoint's cybersecurity solutions may be able to review more than 600 million emails a day, but even they aren't powerful enough to fully shield the company's stock from the market's recent turbulence, said CEO Gary Steele
Palo Alto up 5.4% on results, guidance, billings; CyberArk up 2.1% (Seeking Alpha) Palo Alto Networks (NYSE:PANW) has risen to $174.00 after hours after beating FQ4 estimates (strongly on revenue), issuing solid FQ1 guidance, and reporting billings rose 69% Y/Y to $393.6M
Palo Alto Networks, Inc. (PANW — $165.17) Company Update: Another Rock-Solid, Cespedes-Like Performance — Major Momentum Heading into FY16--Maintain OP (FBR Capital) Last night, Palo Alto Networks reported another rock-solid quarter with F4Q15 (July) results coming in ahead of expectations on the top line, bottom line, and billings, while delivering an F1Q16 (October) outlook that also came in above the Street
Ironnet Cybersecurity $25.00 million Financing (Octa Finance) Ironnet Cybersecurity, Inc., Corporation just submitted form D about $25.00 million equity financing
FireEye dispute with security researcher raises questions (IT World Canada) The question of whether software companies should pay bounties to people who discover bugs has been a sticky one. It has again been raised by a security researcher who is demanding a reward from network security vendor FireEye for his efforts
Lockheed Martin to cut 500 information systems jobs (Denver Post) Reductions come amid shifting government business, contracts
MSSPs, The Preferred Route to Skills Challenge (InfoRiskToday) Gartner's Rajpreet Kaur on the growing dependence on MSSPs in India
HP, Symantec security vet takes over as CEO at hot Mountain View startup (Silicon Valley Business Journal) Now we know what job Art Gilliland quit for when he resigned as the head of Hewlett-Packard's security software business in June
U.S. Cyber Command Officer to Lead Cyber Division for MetroStar Systems (PRNewswire) MetroStar Systems, Inc. (MetroStar), the leading provider of IT, Web, and Creative solutions for the federal and commercial sectors has announced the appointment of Joseph "J" Kinder to the position of General Manager of Cyber Operations and Tactics
Products, Services, and Solutions
Law enforcement fights major US gang with big data (FierceBigData) Law enforcement is using advanced crime analytics, and specifically data visualization, to fight crime
Booz Allen, Triumfant Offer Combined Predictive Intell, Cyber Analytics Under Partnership (ExecutiveBiz) cyber security imageBooz Allen Hamilton and Triumfant have entered into a strategic partnership to deliver an endpoint security offering that leverages predictive intelligence and reverse engineering functions to identify potential risk areas
Wandera uses machine learning to protect against new mobile security threats (Computing) Mobile security firm Wandera is harnessing the power of automated machine learning to ensure its customers are protected against as many security vulnerabilities as possible, even those that were previously unknown
Technologies, Techniques, and Standards
Mobile data security creates big governance challenges (TechTarget) As devices are used for increasingly complex processes, data becomes more vulnerable to loss
More to Metadata Management than Cleaning (Legaltech News) Rather than a laundry list of metadata types to be cleaned, metadata management needs a unified approach to protect all users on all devices
Why Security Experts Are Using an Ancient Email Format in 2015 (Motherboard) A quarter of a century ago, checking your email meant logging onto a mainframe and using a command-line email program like elm or pine. Today, many security experts continue to use and recommend mutt, elm's bastard love child
How Do You Solve a Problem Like Attribution? (Team Cymru) There was an advert for weed-killer a while back
Using Security Metrics to Drive Action (CIO) Benjamin Franklin famously said, "An ounce of prevention is worth a pound of cure"
6 Principles of a Resilient Digital World (InfoRiskToday) Gartner's Iyengar on new strategies to Manage and Mitigate Risks
'Discovery and hygiene' is the key to IT security (ITWire) If you don't know what you've got and you don't attend to the routine chores, how can you expect to keep your IT environment secure?
The things end users do that drive security teams crazy (CSO) To protect users from public embarrassment their identities have been withheld in these true stories of failures to follow security protocol
Design and Innovation
The Man Who Wants To Encrypt Everything (Forbes) The Los Angeles Police Department has its own Eye of Providence, a 20-foot-long flat-screen mosaic in a windowless downtown control room fed by dozens of info-streams
Research and Development
Making the 'Internet of Things' configuration more secure and easy-to-use (Phys.org) With an ever increasing number of everyday objects from our homes, workplaces and even from our wardrobes, getting connected to the Internet, known as the 'Internet of Things' (IoT), researchers from the University of Southampton have identified easy-to-use techniques to configure IoT objects, to make them more secure and hence help protect them from online attacks
DARPA unveils anti-counterfeit electronics chiplet (C4ISR & Networks) DARPA has released photos of what its anti-counterfeit electronics chip might look like
Commerce awards $3.2M to 20 small businesses to address cybersecurity, other challenges (FierceGovernmentIT) The Commerce Department last week announced that it awarded $3.2 million in grants to 20 small businesses to help them develop new, innovative technologies that address a wide range of issues from climate change to cybersecurity
Algorithms bridge gap between digital and physical systems (FierceBigData) Just about everyone is focused on the Internet of Things these days. New devices and sensors will provide a deluge of data
Does quantum cryptology offer hack-proof security? (CIO) New quantum cryptology research could result in systems that are impossible to hack. But good luck trying to explain it to your boss
Academia
Utica College's Cybersecurity Program Recognized as Academic Center of Excellence (PRNewswire) Many areas of specialization place UC among elite group of colleges, universities
Legislation, Policy, and Regulation
The Rules of Cyberspace Just Got A Bit Clearer (DefenseOne) The UN's new recommendations guiding state activity in cyberspace break new ground in three important areas
Indian cyber experts targeting hackers behind the attacks on government and defence servers (IBN) India has declared war on terrorists in the cyberspace. Indian cyber experts are targeting hackers behind the attacks on government and defence servers
India Needs a Creative Strategy to Counter ISIS's Cyber Terror (New Indian Express) The media recently reported about showing of ISIS flag in Jammu and Kashmir and some other regions along with some youth returning from Syria and Iraq
Exclusive: 50 Spies Say ISIS Intelligence Was Cooked (Daily Beast) It's being called a 'revolt' by intelligence pros who are paid to give their honest assessment of the ISIS war — but are instead seeing their reports turned into happy talk
Is Germany Building the Next NSA? (National Journal) Berlin is fast becoming a center for European digital-privacy experts. Next year, it will also become the home of Germany's top spy agency
Top spy bemoans loss of key information-gathering program (Washington Post) One of the disclosures based on documents leaked by Edward Snowden, the former National Security Agency contractor, prompted the shutdown of a key intelligence program in Afghanistan, the nation's top spy said Wednesday
Opinion: Restraint is the best weapon against Chinese hacks (Christian Science Monitor Passcode) When Chinese President Xi visits the US this month, President Obama has a rare chance to forge a strategic deal with China to ease the growing cyberconflict between Washington and Beijing
Partnerships key to confronting cybersecurity challenges, say NSF and NIST officials (FierceGovernmentIT) The National Science Foundation and the National Institute of Standards and Technology separately have contributed much to improve the cybersecurity of federal agencies and the nation as a whole, but officials at a recent hearing say the credit and responsibility are shared
Security experts mostly critical of proposed threat intelligence sharing bill (CSO) This fall, the Senate is expected to take another look at the Cybersecurity Information Sharing Act, or CISA
New DoD Rule Might Cripple Silicon Valley Efforts: Sen. McCain (Breaking Defense) The day before Defense Secretary Ash Carter heads to St. Louis to promote outreach to the high tech communities
11 proposals for DoD's future cyber workforce (C4ISR & Networks) The Department of Defense is looking to develop a force of the future that will be able to defend and retaliate in cyberspace
The White House sprints to lock down data (Help Net Security) US government Chief Information Officer (CIO) Tony Scott has been working with federal agencies to complete 30-day "cyber sprints" to patch gaping holes in US Government security
State Department taps former assistant secretary to lead records management reform (FierceGovernentIT) A former State Department official is returning as its first transparency coordinator — a position meant to reform the way the department handles its records
Unpatients — why patients should own their medical data (Nature) For the benefits of digital medicine to be fully realized, we need not only to find a shared home for personal health data but also to give individuals the right to own them
Pennsylvania banking regulator creates Cybersecurity Task Force (Pennsylvania Business Daily) Pennsylvania Secretary of Banking and Securities Robin Wiessmann said Tuesday a Cybersecurity Task Force has been created to help financial services businesses address cybersecurity issues and oversee the state's financial marketplace security
Litigation, Investigation, and Law Enforcement
Microsoft due in court over warrant for emails stored in Irish data centre (Naked Security) Microsoft will appear in a federal appeals court today to argue against the US government's assertion that companies operating in the land of the free must hand over data stored in other countries when presented with a valid search warrant
Apple’s iMessage Defense Against Spying Has One Flaw (Wired) Yesterday, the New York Times mentioned a trend that's becoming more common: tech companies fighting back against government requests for user data, among them Microsoft and Apple
Military Services Turn Blind Eye to Ashley Madison Customers (Military.com) Three weeks after U.S. troops were told they could face disciplinary action if their official email addresses were found among those hacked from the adultery website Ashley Madison, the services appear ready to drop the affair
US cop goes wardriving to sniff out stolen gadgets by MAC address (Naked Security) When it comes to sniffing out unsecure Wi-Fi networks, you can take your pick of vehicle to drive around