Laurel and Baltimore: the latest from Cyber 6.0 and the Second Annual Executive Cyber Security Conference
Cyber 6.0 (GovConnects) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure
Cloud Security: Challenges and Problems, Opportunities and Solutions (The CyberWire) Thought leaders from the cyber security industry convened in Howard County on September 10, 2015, to consider the rapidly evolving nature of the cloud, and the way it's shaping cyber security
2nd Annual Senior Executive Cyber Security Conference (Johns Hopkins Whiting School of Engineering) Is information sharing an invitation for governments to siphon data that is meant to be private, or can effective limitations be enforced so that the private sector and the government can work together to combat data breaches and other attacks? In this one-day event, we will explore these questions in depth, with presentations from government officials, representatives from industry, and academicians. We will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business, legal, legislative, and regulatory points of view
"The Quandary of Information-Sharing and Data Privacy": Report from the Johns Hopkins University (The CyberWire) The Senior Executive Cyber Security Conference took up questions raised by information sharing measures currently under consideration by the US Congress. Not only did the conference organizers see the tension between information sharing and privacy as a "quandary," but the symposiasts also looked at other implications of information sharing, including its prerequisite: collection
Cyber Attacks, Threats, and Vulnerabilities
Islamic State Publishes 'Prisoner for Sale' Messages (Newsweek) The Islamic State is apparently aiming to sell two hostages via its propaganda magazine
Pakistani Taliban spokesman says reports of joining Islamic State are 'lies' (Long War Journal) There are frequent rumors that various jihadist groups are going to defect from the Taliban-al Qaeda axis and join the Islamic State
North Korea may have used unpatched word processor bug to attack South Korea (Daily Dot) North Korea might have exploited a popular word processor to attack South Korea
With latest BlueCross breach, a whopping 102.6 million records stolen (FierceITSecurity) Yes, it's true. There has been another major breach at a BlueCross BlueShield health insurer. This time it's Rochester, NY-based Excellus BCBS and its affiliate Lifetime Healthcare Companies
Report: Healthcare accounts for 21 percent of data breaches worldwide (FierceHealthIT) In the first half of 2015, there were more than 245.9 million records breached worldwide — with the largest impacting consumers of health insurance company Anthem
DoE Cyber Attacks Not Surprising, Experts Say (Homeland Security Today) The revelation this week that the Department of Energy (DoE) Joint Cybersecurity Coordination Center recorded more than 1,000 hacks into department computer systems from 2010 to 2014, including more than 150 successful intrusions into systems containing sensitive data about the nation's electric power grid, cybersecurity experts said they aren't at all surprised
Another OPM-like breach 'inevitable,' says DHS cyber response director (FierceITSecurity) The Office of Personnel Management data breaches that affected 21.5 million people and left federal agencies searching for answers may not be the last of their kind
Chinese and Russian Cyber Espionage: the Kaiser Would be Jealous (War on the Rocks) After the OPM hack, there were suggestions that the Chinese might be building digital dossiers on every U.S. government official, or even on all Americans. More recent reports have the Russian and Chinese intelligence services exploiting personally identifiable information about Americans from security clearance databases, airline records, medical records and many other sources on a massive scale
Newest cyber threat will be data manipulation, US intelligence chief says (Guardian) James Clapper calls data deletion or manipulation 'next push of the envelope'
Lockerpin ransomware steals PINs, locks Android devices permenantly (ZDNet) Researchers have discovered what is believed to be the first example of ransomware capable of truly locking an Android mobile device
Aggressive Android ransomware spreading in the USA (We Live Security) We have been following the evolution and mass spreading of Android ransomware for a while now
Android's Stagefright is back! Here’s what you need to know (Naked Security) The Android vulnerability known as Stagefright is back in the limelight
Security Alert: Antivirus Detection Low on New Spam Campaign that Infects PC with CryptoWall 3.0 (Heimdal) It's only been 2 months since the latest CryptoWall 3.0 spam campaign, which used Google Drive to in a drive-by campaign to abuse vulnerabilities in various popular third-party products and encrypt the victim's data, holding is hostage for ransom
Series of Buffer Overflows Plague Many Yokogawa ICS Products (Threatpost) There is a series of stack buffer overflows in nearly 20 ICS products manufactured by Japanese vendor Yokogawa that can lead to remote code execution
Ashley Madison data breach escalates with password encryption failure (ComputerWeekly) At least 15 million improperly encrypted Ashley Madison passwords are reported crackable, with enormous implications for members and their employers
Finance firms targeted by cyber extortion gang (BBC) Banks, media groups and gaming firms are being hit with extortion demands by a cyber gang who threaten to knock them offline unless they pay up
Aggressive tactics from DD4BC extortionist group revealed (Help Net Security) Akamai shared details of an increase in DDoS attacks from the Bitcoin extortionist group DD4BC, based on observation of attack traffic targeted at customers from September 2014 through August 2015
Indians hit worst in HawkEye keylogger attacks: Trend Micro (Digit) More Indian businesses have fallen prey to a solo hacker's keylogger attacks than any other country, according to the report
Visual hacking and the iPhone 6s's new camera (Graham Cluley) The announcement of Apple's new iPhone 6s revealed some impressive advancements in technology for such a small device
PayPal helpfully disables two-factor authentication via Twitter DM (CSO) In screenshots posted to Imgur, a PayPal user who was having problems accessing their account had received assistance from support representatives via direct message on Twitter
GM Took 5 Years to Fix a Full-Takeover Hack in Millions of OnStar Cars (Wired) When a pair of security researchers showed they could hack a Jeep over the Internet earlier this summer to hijack its brakes and transmission, the impact was swift and explosive: Chrysler issued a software fix before the research was even made public
Security Patches, Mitigations, and Software Updates
Apple adds security features to iOS 9 that will appeal to enterprises (FierceITSecurity) Lost in the noise of Apple's launch of iPhone 6s, iPad Pro and Apple TV was the unveiling of Apple's new mobile operating system, iOS 9, which will be available as a free update on Sept. 16
Cyber Trends
Just Like Old Days: IOT Security Pits Regulators Against Market (Threatpost) Listening to today's privacy panel at the Security of Things Forum, you might have thought you were beamed back to the early 2000s: government people hinting that legislation might be the ultimate solution for security and privacy concerns when it comes to embedded computers and connected things, with enterprise security officers countering that market pressures will dictate the integrity of devices, software and data
Internet of Things: Security misconceptions, expectations, and the future (Help Net Security) What are the most significant misconceptions people have when it comes to IoT security, even in the information security community?
Continuing the march: The past, present, and future of the IoT in the military (Deloitte University Press) Military commanders have always lived and died by information — both quantity and quality. No surprise, then, that the US military has been an early adopter of the Internet of Things and is looking to expand its applications. But this new technology brings with it organizational and security challenges that present both opportunities and obstacles
Marketplace
Global cyber insurance market to grow to over $20 billion by 2025 (Help Net Security) Cyber risk is a major and fast-increasing threat to businesses with cyber-crime alone costing the global economy approximately $445 billion a year, with the world's largest 10 economies accounting for half this total and the U.S. accounting for $108 billion, according to Allianz Global Corporate & Specialty (AGCS)
AIG, Axis provided Ashley Madison insurance: Report (Business Insurance) American International Group Inc. and Axis Capital Holdings Ltd. have provided insurance coverage for the Ashley Madison website, Bloomberg reported Thursday
No Slowdown Yet For Palo Alto Networks (Seeking Alpha) Palo Alto Networks has a history of spectacular revenue growth, which has propelled the stock higher in recent years
Okta combines big data and two-factor authentication in new security product (FierceITSecurity) Company plans to use $75M in new funding to speed product development, expand globally and acquire companies
Argus Cyber Security Secures $26M Series B Funding (PRNewswire) New investors include Magna International, Allianz SE, the SBI Group, with participation of existing investors Magma Venture Partners, Vertex Venture Capital and the Co-Founder of the RAD Group, Mr. Zohar Zisapel. Funding will accelerate the development of Argus' automotive cyber security solutions
Cisco reorg consolidates IoE, cloud ops (CIO) Cisco has announced another organizational restructuring to streamline its Internet of Everything and Cloud operations, expanding the roles of two executives and reassigning another
Trust Kaspersky to Root Out Russian Spyware (BloombergView) If you think U.S. tech companies have a hard time convincing their customers that they don't pass on data to U.S. intelligence services, consider the case of Kaspersky Lab, the Moscow-based cybersecurity company
Raytheon bets big on cybersecurity as it seeks to fill 'hundreds of jobs' (Boston Business Journal) Raytheon, the Waltham-based defense contractor and technology firm, has invested $3.5 billion in cybersecurity initiatives over the past decade. It's a number that's expected to grow — rapidly — in the years ahead
NSA wants millennial talent without millennial perks (C4ISR & Networks) Got talent? The kind of whiz-kid computer skills that could help the government get ahead of hacker adversaries? The National Security Agency wants you. But you can't bring your smartphone
Soderlund: Imperva Technology 'Perfect Fit for Time and Market' (The VAR Guy) Karl Soderlund is about a month into his new job as vice president of Channels and Alliances at Imperva
Tech startups need to get serious about security (CIO) Federal Trade Commission chair takes her message about security by design to the Bay Area, urging young companies not to let the rush to market overshadow critical consumer protections
Internet Bug Bounty Helps Secure Open Source and the Internet [VIDEO] (eSecurity Planet) HackerOne co-founder and CTO Alex Rice discusses what the Internet Bug Bounty is all about
Products, Services, and Solutions
Palo Alto Networks Aims to Sharpen Security with AutoFocus (Enterprise Networking Planet) AutoFocus and Aperture technologies expected to drive future growth as Palo Alto Networks FY2014 revenue tops $928 million
Next-generation device protects plants against cyber-attacks (Drives and Controls) Eaton has announced a new generation of the Tofino industrial security technology that it sells under its MTL brand
Fortinet Earns Numerous Department of Defense Cybersecurity Certifications (MarketWatch) Fortinet delivers broad cybersecurity solutions for critical defense infrastructures
RiskVision Helps Retailers Minimize Cyber Risk Exposure (BusinessWire) New PCI DSS 3.1 content pack tightens controls around secure communications
DEFCON CYBER Scores YOUR Risk Posture based on NIST Cybersecurity Framework (IT Business Net) Rofori Corporation is announcing the availability of its DEFCON CYBER software solution based on the NIST Cybersecurity Framework (CSF). DEFCON CYBER enables an organization to significantly reduce incident response times and measure its cybersecurity risk posture through the execution of its cybersecurity risk management strateg
Fama Helps Businesses Find Social Media “Red Flags” Before Hiring Someone (TechCrunch) Fama Technologies aims to help companies screen potential employees by analyzing their social media posts
Technologies, Techniques, and Standards
Cybersecurity experts: 'Brittle' security systems need overhaul (TechTarget) Cybersecurity experts urge enterprises to embrace new tools, including micro-virtualization and intelligence-led security
Where are you reading this? Can anyone else see your screen? (Dealer) If you travel by train or sometimes work from a coffee shop, is there any chance someone could have overlooked your on-screen information, whether on your laptop, tablet or smartphone?
Michelin Stars and Cybersecurity Intelligence (IBM Security Intelligence) One of the terms that is very current in the industry is security intelligence. There are many pseudo-definitions communicated to clients, but the true meaning of this term often remains vague
Design and Innovation
Xerox PARC's self-destructing chip explodes on demand (IDG via CSO) A new chip developed by Xerox PARC under a DARPA program can self-destruct on command
Research and Development
Why We Must Build an 'Immune System' to Ward Off Cyber Threats (Op-Ed) (LiveScience) People work best when they talk to each other. So do information systems and modern infrastructures
Government-backed IoTUK programme launches (ComputerWeekly) IoTUK programme is backed by £40m of government funding and will explore how the internet of things can be used to enable growth and improve quality of life
Academia
This Could Be The Year Of The University Hack (TechCrunch) You're a college freshman relishing your newfound freedom
MIT, Cambridge, Other Universities Get D's In Internet Security (Dark Reading) Colleges — especially large, high-profile institutions — are facing more cybercrime and nation-state activity
Georgia Tech: Fighting Cyber terrorism (Atlanta Journal Constitution) Georgia Tech plays a critical role in efforts to combat cyber terrorism
Legislation, Policy, and Regulation
International governance of the Internet urged to promote resilience (Business Insurance) A strong and resilient Internet will be governed by the private sector and supported by governments when needed, says a report issued Thursday by Zurich Insurance Group Ltd. and the Washington-based Atlantic Council think tank
Clapper: US Must Prepare for 'A Large, Armageddon-Scale' Cyber Attack (Washington Free Beacon) Director of National Intelligence James Clapper said the U.S. must be prepared for a "large, Armageddon-scale" cyber attack during remarks Thursday at an annual conference of U.S. intelligence community members, but he said that was not likely
Intelligence chief: Little penalty for cyber attacks (Military Times) Cyber attacks against American interests are likely to continue and grow more damaging, in part because hackers face a low risk of consequences, the director of national intelligence told Congress Thursday
U.S. urged to tighten cyber security to counter Chinese hacking (Reuters) The United States must beef up cyber security against Chinese hackers targeting a broad range of U.S. interests to raise the cost to China of engaging in such activities, America's top intelligence official said on Thursday
China tells U.S. to stop 'groundless' hacking accusations (Reuters) China reacted angrily on Friday following a call by America's top intelligence official for cyber security against China to be stepped up, and said the United States should stop "groundless accusations"
China, US can cooperate on cybersecurity, says Chinese top diplomat, amid hacking claims (South China Morning Post) China and the United States can cooperate on cybersecurity and could work together with other countries on rules governing the issue in a spirit of respect, China's top diplomat was quoted on Friday as saying
US braces for WW3 with Cyber Command 'Vision' of integrated cyberops (Register) No mention of Skynet or WOPR as yet
Sanctions For Hacking: Good or Bad Idea? (TrendLabs Security Intelligence Blog) Last week, news reports said the United States government was considering enacting sanctions against individuals and organizations in China and Russia for their involvement in hacking incidents targeting US companies
Intel officials: OPM breach wasn't an attack (Washington Examiner) Intelligence officials have said that the seizing of information from the Office of Personnel Management wasn't severe enough to be considered an attack
ODNI responds to cyber hacks with new counterintelligence campaign (Federal News Radio) Responding to cyber penetrations into federal IT systems at the Office of Personnel Management and elsewhere, the Office of the Director of National Intelligence said Wednesday that it was launching a "comprehensive" and governmentwide counterintelligence campaign
FBI, intel chiefs decry "deep cynicism" over cyber spying programs (Ars Technica) Admit tough questions about things like backdoors have no easy answers
FBI director: Ability to unlock encryption is not a 'fatal' security flaw (Washington Post) In the tug of war between the government and U.S. companies over whether firms should hold a key to unlock encrypted communications, a frequent argument of technologists and privacy experts is that maintaining such a key poses a security threat
The 'Crypto Wars' of the 1990s are brewing again in Washington (Washington Post) A debate over data security is brewing in Washington. On one side, law enforcement officials warn that new deployments of encryption, the technology that protects our communications and stored data from prying eyes, is leaving the government without the insight it needs to track down criminals and terrorists
Blast from the Past: Learning Lessons from Previous Panics Over Ubiquitous Strong Encryption (Disruptive Competition Project) Over the past several months, the tech industry has been experiencing a terrible bout of déjà vu. In a campaign led by FBI Director James Comey, law enforcement and intelligence community voices have argued against the proliferation of ubiquitous strong encryption in consumer devices and communication platforms
Cybersecurity Pros Knock Congress as Security Bill Stalls (DC Inno) The Cybersecurity Information Sharing Act receives heat from the industry
Surplus lines lobbyists to keep Congress focused on cyber (Business Insurance) Congress is still trying to get a handle on cyber risk, which is going to remain a major focus at least through 2020, the year the Terrorism Risk Insurance Act comes up for reauthorization
US CIO Tony Scott: We've sometimes failed at even the most basic preventative measures (FierceCIO) U.S. CIO Tony Scott said he has seen ubiquitous problems in the way some government agencies are building their IT programs
Clapper tries to shield intelligence community workforce from sequestration (Federal News Radio) As the threat of a reignited sequestration nears, Director of National Intelligence James Clapper said his first priority is protecting the intelligence workforce
Different Intelligence Organizations Confront Varying Threats (SIGNAL) The players may be the same on each side, but their methods may not coincide
DoD Committed to Maintaining Strong Bonds with Industry (DoD News) The Defense Department is committed to maintaining the strong bonds between innovators and the department "because going forward, we need the best people, the best technology, and the best innovation to remain the world's finest fighting force," Defense Secretary Ash Carter said in St. Louis today
Litigation, Investigation, and Law Enforcement
Exclusive: Top Senators Investigating Cooked ISIS Intel (Daily Beast) The heads of the armed services and intelligence committees all pledged to get to the bottom of a ?revolt? by U.S. military analysts, uncovered by The Daily Beast
Officials deny ISIS intelligence reports were altered (C4ISR & Networks) After a damning Daily Beast report and the launch of an inspector general investigation, Pentagon officials are hitting back on implications that intelligence reports on ISIS and al Qaeda threats were skewed to favor U.S. dominance
Pentagon Intel Chief Responds to Inquiry Into Islamic State Data (Wall Street Journal) Head of Defense Intelligence Agency defends 'rough and tumble' process of collecting information
Pentagon chief demands honest war intelligence (Navy Times) Defense Secretary Ash Carter has reminded the Pentagon's senior intelligence corps that they are expected to give him their unvarnished views, amid allegations that the military command overseeing the war against the Islamic State distorted or altered intelligence assessments to exaggerate progress against the military group, officials said Thursday
FireEye takes security firm to court over vulnerability disclosure (CIO) ERNW contends it thought it had responsibly cooperated with FireEye
Security company sues to bar disclosure related to its own flaws (Ars Technica) Some vulnerabilities compounded by FireEye software running as root on Apache
Ex-Ashley Madison CTO Threatens Libel Suit (KrebsOnSecurity) Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company's former chief technology officer Raja Bhatia hacked into a rival firm in 2012. Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted
Sep 9 Old-School Law Enforcement vs The Deep Web (TrendLabs Security Intelligence Blog) The Deep Web is back in the news. Agora, one of the biggest darknet marketplaces, announced last week that it will go offline to bolster its defenses against law enforcement agencies who want to take them down