Washington, DC: the latest from Borderless Cyber 2015
Borderless Cyber 2015 (OASIS) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools
Challenges and Opportunities: Information Sharing in a Borderless Domain (The CyberWire) Borderless Cyber 2015 convened at the World Bank in Washington, DC, yesterday. Organized by OASIS, the not-for-profit open standards organization, the conference addressed the challenges and opportunities cyber information sharing presents internationally
Cyber Attacks, Threats, and Vulnerabilities
Homeland Security websites vulnerable to cyber attack: audit (Reuters) The U.S. department charged with protecting government computers needs to secure its own information systems better, according to an audit released on Tuesday that showed lapses in internal systems used by the Secret Service and Immigration and Customs Enforcement
Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets (TrendLabs Security Intelligence Blog) Key individuals, who are believed to be part of a China-based attack group, have been stealing years of valuable government and corporate information from defense and high technology organizations in the US since 2013 and political and government-related entities in China, Hong Kong, and the Philippines since 2010
Corebot cleverly written botnet malware with growth potential (CSO) There's a new botnet malware on the loose, called Corebot, that researchers believe has the potential to develop into a significant threat
Backdoored Business Routers An Emerging Threat (Dark Reading) Discovery of malicious implants in 14 Cisco routers, "tip of iceberg" FireEye says
Hackers target Google webmaster tools to prolong website infections (FierceITSecurity) Hackers who compromise websites are using additional measures to prevent legitimate owners from detecting the presence of malicious or spam content that is inserted into their sites, according to a report by security vendor Securi
Bug in iOS and OSX Allows Writing of Arbitrary Files via Airdrop (Threatpost) There is a major vulnerability in a library in iOS that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog
Malicious spam with zip attachments containing .js files (Internet Storm Center) On 2015-07-29, the ISC published a diary covering malicious spam (malspam) with zip archives of javascript
Would your IT manager go rogue for $2,000? (FierceITSecurity) Would your IT manager become a hacker for $2,000 or less? Maybe
Cyber Trends
These Warring Security Firms Show Both Sides of the Security Vulnerability Debate (Slate) The ongoing battle between researchers and vendors over the public disclosure of security vulnerabilities in vendor products took a bizarre turn last week in a new case involving two security firms, FireEye and ERNW
Kitchen etiquette and birthdays get more attention than data security says Centrify report (SourceWire) One in three IT decision makers have to fight for stricter security protocols
Marketplace
The Carlyle Group and The Chertoff Group Acquire Majority Stake in Coalfire Systems (BusinessWire) Investment to fuel innovation and growth at cybersecurity service and technology provider
Salient Federal Solutions and CRGT Announces Closing of the Merger Transactions (PRNewswire) The combined company will benefit new and existing customers through greater technical expertise, enhanced mission capabilities, and broader resources
4 Cybersecurity Stocks That Are Good Buys Right Now (The Street) Cybersecurity stocks have taken a tumble recently on fears that the sector may have gotten ahead of itself, but analysts are seeing some good buying opportunities amidst the downturn
Six Software Picks in Cybersecurity (Barron's) CyberArk and Palo Alto stand out but Check Point, FireEye, Fortinet and Proofpoint are also rated at Outperform
Top Growth Pick: The KEYW Holding Corporation (NASDAQ:KEYW) (Enterprise Leader) The KEYW Holding Corporation (NASDAQ:KEYW) has received a top Growth Style score from Zack's Research
Ex-Spies Join Cybersecurity Fight (Wall Street Journal) Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks
L-3 Awarded Potential $193M DIA Intell Analysis Support Task Order (GovConWire) An L-3 Communications (NYSE: LLL) business segment has received a potential $193 million task order for intelligence analysis support under the Defense Intelligence Agency's Solutions for Intelligence Analysis II contract
IBM Announces the Creation of IoT Business Unit (Legaltech News) New unit will see $3 billion in investment over the next four years
IBM appoints leader for its Internet of things practice (Fortune) Harriet Green is taking on a well established collection of technologies and businesses related to connected sensors and data analytics
Products, Services, and Solutions
Helping Banks Spot Vulnerable Servers … in Seconds (American Banker) When Orion Hindawi attended a dinner with executives from a global bank that recently became a customer of the cybersecurity company he co-founded
Palo Alto launches service for protecting enterprise cloud apps (Seeking Alpha) Palo Alto Networks (PANW +2%) today announced availability of Aperture, a new security-as-a-service offering to help organizations safely enable and strengthen security for sanctioned SaaS applications, such as Box, Dropbox, Google Drive, and Salesforce
InvizBox unveils Go prototype that provides mobile users a VPN over public Wi-Fi (FierceITSecurity) A major concern of IT security folks is when an employee uses insecure public Wi-Fi to connect to the corporate network
Xerox Unveils Printed Memory Labels for Anti-Counterfeit Product Efforts (ExecuitveBiz) Xerox has launched two electronic-based printed labels the company built to store data that can be used to track the condition and verify the authenticity of a product
Technology that predicts your next security fail (Computerworld) In 2013, the IRS paid out $5.8 billion in refunds for tax filings it later realized were fraudulent
Fortinet offers up SDN security framework (ChannelLife) Fortinet has announced a new software defined network security framework, which it says is the first of its kind and provides advanced threat protection through the integration of security directly into modern data centre environments
Kaspersky: Great product, dreadful installation/upgrade process (Computerworld) All companies need to pay more attention to the experience that ordinary users have when they try to install new products and upgrades
Agari and RiskIQ Join Forces to Share Threat Data to Fight Cybercriminals (Digital Journal) Agari, the leading provider of data-driven security solutions that detect and prevent advanced email cyberthreats, and RiskIQ, the Enterprise Digital Footprint Security company, today announced a strategic partnership to exchange threat intelligence data
Technologies, Techniques, and Standards
The Network's Role as a Security Sensor and Policy Enforcer (Network World) Networks can (and should) be used to improve risk management as well as incident prevention, detection, and response
The Cyber Resilient Organization: A Q&A with Dr. Larry Ponemon (Resilient Systems) "Cyber resilience" is a relatively new term, but it seems to be here to stay. Organizations globally realize it's a critically important part of their cybersecurity strategies
Blockchain initiative backed by nine large investment banks (Financial Times) Nine of the largest investment banks, including Goldman Sachs, JPMorgan and Credit Suisse, are planning to develop common standards for blockchain technology in an effort to broaden its use across financial services
Orrstown Bank CISO finds peace after struggle with app security (FierceITSecurity) Orrstown Bank, a community bank with hundreds of applications third-party vendors had provided, needed to secure those applications in a way that would meet strict financial security regulations
Gas stations beefing up security in wake of 'skimmers' (Fox 17) Thieves stealing right from your credit card as you pump gas
Academia
NYU Launches Emerging Threats Initiative (Homeland Security Today) In today's era of cyberterrorism and human trafficking, Russia's annexation of Crimea and the black-flag legions of ISIS in Iraq and Syria
Legislation, Policy, and Regulation
Disconcerting U.S. Cyber Deterrence Troubles Continue (Lawfare) Two weeks ago the newspapers were filled with leaked threats that the U.S. government was "developing a package of unprecedented economic sanctions against Chinese companies and individuals who have benefited from their government's cyber theft of valuable U.S. trade secrets"
McCain comes out against DoD rule that requires more data from commercial contractors (FierceGovernment) Sen. John McCain (R-Ariz.) came out last week against a proposed rule that would allow Defense Department procurement officers to ask private companies for more information on costs and pricing before deciding on a contract
Senator McCain Urges Secretary Carter to Rescind Proposed Acquisition Rule (US Senate Armed Services Committee) U.S. Senator John McCain (R-AZ), Chairman of the Senate Armed Services Committee, sent a letter today to Secretary of Defense Ash Carter regarding a new proposed Defense Federal Acquisition Regulation rule on commercial item acquisition (DFARS Case 2013-D034). The new rule could effectively preclude any significant participation by commercial firms in defense programs
Defense Federal Acquisition Regulation Supplement: Evaluating Price Reasonableness for Commercial Items (DFARS Case 2013-D034) (Federal Register) A Proposed Rule by the Defense Acquisition Regulations System on 08/03/2015
Jeb Bush unveils cybersecurity plan (USA Today) Two days before the second Republican debate, Jeb Bush unveiled a cybersecurity plan Monday that he cast partly in terms of economics
Litigation, Investigation, and Law Enforcement
Twitter Hit With Class Action Lawsuit for Eavesdropping on Direct Messages (Billboard) The lawsuit targets algorithms that "intercept" and replace links
Judge certifies class action over Target data breach (Business Insurance) A U.S. judge on Tuesday certified a class action against Target Corp. brought by several banks over the retailer's massive data breach in 2013
Danish man arrested after cyber attack on Auckland girl (Aukland Now) A Danish man has been arrested and charged with hacking private computers and posting photos online