Baltimore: the latest from CyberMaryland
CyberMaryland 2015: Collaborate, Educate, Innovate (National Cyber Security Hall of Fame and the Federal Business Council) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations
Cyber Moves from the Server Room to the Board Room (The CyberWire) The CyberWire spoke with the Federal Business Council's David Powell who's co-chair of the CyberMaryland conference. We asked him for a look at what we might expect of this year's conference, opening today in Baltimore. He ranged over technological innovation, cyber security as an ecosystem, the proper subsidiarity with which communities in that ecosystem flourish, and, above all, development of a strong, well-trained cyber labor force. Here's what he had to say
NSA "Day of Cyber," a National Initiative, to be unveiled at CyberMaryland 2015 (PRNewswire) Day of Cyber provides schools, colleges/universities, and organizations a powerful online tool to introduce Cybersecurity directly into the classroom
Venture funding in focus at CyberMaryland 2015 (Daily Record) The CyberMaryland Conference scheduled for Oct. 28-29 at the Baltimore Convention Center will host two sessions focused on securing venture funding for startup and late stage cyber security companies
Hexis Cyber Solutions to Attend the Upcoming CyberMaryland 2015 Conference (Nasdaq) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, will be participating in this year's annual CyberMaryland Conference 2015, taking place on Wednesday, October 28 and Thursday, October 29 at the Baltimore Convention Center
How to Use Risk Intelligence: Cyber Maryland Session on Oct 29 (PRWeb) To defend against cyber-attacks, most organizations look within their own networks for possible intruders and ways to layer defenses
Damballa CTO Stephen Newman to Present on How to Stop Data Theft by Removing Network Blind Spots at CyberMaryland 2015 (BusinessWire) Damballa, the experts in network security monitoring, today announced that Stephen Newman, Chief Technology Officer, will speak on how to alter the skyrocketing breach trajectory by changing the way cyber threats are viewed in a presentation titled, "Removing Blind Spots in Your Network Visibility to Stop Data Theft," at the upcoming CyberMaryland 2015 conference, taking place October 28 and 29th at the Baltimore Convention Center
Cyber Attacks, Threats, and Vulnerabilities
Did China Just Hack the International Court Adjudicating Its South China Sea Territorial Claims? (The Diplomat) Sometimes context and timing can be damning evidence
China, Russia involved in state-sponsored data theft (Business Insurance) Any discussion of state-sponsored data theft "has to start with China," a cyber security expert said Tuesday
TalkTalk hack: Boy at centre of national cyber attack probe returns to his home in Ballymena (Belfast Telegraph) The Northern Ireland teenager has been arrested over one of Britain's biggest-ever cyber crimes
Less TalkTalk, more ActionAction (MicroScope) As the 15-year old alleged to have been behind the attack on TalkTalk is released on bail, MicroScope picks through the debris left in the wake of the hacking scandal
CIA Director Says Hack of His Email Epitomizes Cyber Threat (ABC News) CIA Director John Brennan says the hack of his personal email account underscores that everyone is vulnerable to the compromise of personal information on the Internet
Security Alert: Dridex malware creators deceive victims with fake IKEA receipt (Heimdal) The malicious actors behind the Dridex malware strain seem to be going out of their way to prove authorities that their takedown attempts were futile
Fake UPS tracking notification email carries malware (Graham Cluley) Windows users are advised to be on their guard, after a new malware campaign was spammed out posing as an email from UPS
Fax notification email aims to infect your PC (Hot for Security) Computer users have often been warned to be wary of opening unsolicited email attachments because of the risk of malware infection, and yet many continue to be infected via precisely this method
Neither Snow Nor Rain Nor MITM…An Empirical Analysis of Email Delivery Security (IMC'15) The SMTP protocol is responsible for carrying some of users' most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC
Cyber hackers often target equipment, systems that are never checked (Business Insurance) Cyber attacks are increasing every day and can emanate from sources that the information technology department never checks, an expert said Tuesday
Unpatched PCs attract hackers in their droves — with Apple in front (ITWire) Private PCs are rife with unpatched vulnerable applications from vendors like Apple, Adobe and Oracle, according to a new research report which reveals the state of security for PC users in a total of 14 countries, including the US
Cybercriminals Look for a World Series Home Run (Infosecurity Magazine) Will you be watching the World Series this week, as the Kansas City Royals take on the New York Mets in what many see as a match-up for the ages? Cyber-criminals sure hope so, and plan on scoring big off unsuspecting victims
Microsoft's advice: Hang up on tech support scammers (Computerworld) 'We've got to put somebody in jail for these folks to take us seriously,' counters Sen. McCaskill (D-Missouri)
Security Patches, Mitigations, and Software Updates
Security update available for Adobe Shockwave Player (Adobe Security Bulletin) Adobe has released a security update for Adobe Shockwave Player. This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system
Cyber Trends
Cybersecurity Then and Now: Perspectives from DHS Cyber Trailblazer John Felker (In Homeland Security) Leading cybersecurity expert John Felker is at the national forefront of raising public awareness to address the escalating cyber threats and mitigate the damage they pose to countless organizations and citizens worldwide. Felker honed his expertise over decades of leading the U.S. Coast Guard's strategic cyber program, building leadership coalitions, and developing critical intelligence and cybersecurity policy
Legacy technology makes government less secure, less innovative, say federal IT leaders (FierceGovernmentIT) Legacy systems impair the government's ability to secure its information technology, said Federal Chief Information Officer Tony Scott
Are Banks Failing To Keep Customers Safe Online? (TechWeek Europe) Kaspersky Labs survey finds that a third of banks aren't providing a secure connection for their customer's transactions
What Will We Do About the Cybersecurity Pearl Harbor? (EnterpriseTech) When I first started to equate the massive and consequential breaches suffered during the recent past with multiple Pearl Harbors, a few people thought I was over dramatic and asked me to tone it down
Marketplace
Cyber insurance uptake nearly triples: Survey (Business Insurance) The number of companies buying cyber insurance has nearly tripled this year compared with last year, according to a boards of directors survey that was released Tuesday
Millennials and Cybersecurity Careers (Data Center Journal) Technology companies are increasingly prone to fishing for government assistance in producing potential employees with certain skills
Intel buys cognitive computing startup Saffron with eye on Internet of Things (FierceCIO) Intel announced Monday its acquisition of cognitive computing startup Saffron to help push new use cases to the tech giant's catalog, including new devices, big data, cybersecurity, healthcare and IoT
Cisco Bolsters Security Portfolio With Lancope Acquisition (eWeek) Cisco officials say the $452.5 million deal for the network security vendor will add to their larger Security Everywhere initiative
Cisco just spent millions on this hot security company (Fortune) The networking giant plans to buy security company Lancope for $453 million, marking just the latest addition to its security business
Welcome Back Symantec (Forbes) It has been a long road but it appears that Symantec has finally re-focused on its core business of securing its customers
ARM Rebranded As Credence Security (Zaywa) ARM, the leading speciality distributor of cyber security and digital forensics solutions, announced yesterday that effective immediately, it will be rebranded as Credence Security
Exostar Receives Additional $10 Million Investment from Merck Global Health Innovation Fund (MarketWatch) Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and healthcare mitigate risk and solve their identity and access challenges, today announced an additional $10 million investment in its life science and healthcare business from the Merck Global Health Innovation Fund
Cato Networks gets their heads into the clouds with $20 million round (Geektime) The Israeli company wants to simplify network security with its solution hitting the market in 2016
ViaSat Secures Air Force Manufacturing Dev't Support Contract for Cryptographic Module (ExecutiveBiz) ViaSat has received a potential five-year, $13 million contract to provide manufacturing and engineering support for the U.S. Air Force's Mini Crypto program
Pwnie Express GSA Award Means Threat Detection of Billions of Devices in and Around US Government Workplaces (Vision Systems Design) Pwnie Express, a company providing threat detection of the billions of devices in and around the workplace, today announced its US General Services Administration (GSA) contract award for its Pwn Pulse solution and subsequent partnership with gvTechSolutions to protect US government facilities from security threats presented by unrecognized and currently undetectable devices
Deloitte Winner of Global CyberLympics Security Challenge Because of Young Security Talent (Hague Security Delta) For the fourth time 'ethical hackers' of HSD partner Deloitte won the Global CyberLympics Security Challenge in Washington DC
SentinelOne Adds Former Palo Alto Networks VP of Marketing to Management Team (BusinessWire) Leading security marketer joins fast rising next generation endpoint protection vendor
Products, Services, and Solutions
Infoblox Bolsters Its DNS Protection System (LightReading) Infoblox Inc. (NYSE:BLOX), the network control company, today announced enhancements to its carrier-grade DNS solution portfolio to block more types of attacks against service providers and deliver a better subscriber experience
Intel Security will discontinue McAfee SaaS products (ITWorld) Some products will be replaced, but admins will need to start over for setup and configuration
CensorNet cheers end of Intel Security email protection (ChannelWeb) CensorNet CEO Ed Macnair targeting Intel Security partners in wake of end of life for Intel's SaaS email protection and archiving
PhishMe Releases Free Cybersecurity Awareness Computer-Based Training Modules (MarketWired) In response to customer demand, PhishMe Adds CBFree to help organizations meet compliance obligations
Fortinet elevates high-performance cybersecurity to the Access Layer (CSO Australia) Fortinet® (NASDAQ: FTNT) — a global leader in high-performance cybersecurity solutions — has announced details of its new Secure Access Architecture
Thycotic Offers Organizations Free Privileged Password Security Policy Template (Virtual Strategy Magazine) Thycotic, a provider of privileged account management solutions for over three thousand organizations world-wide, announced today that it has released a free privileged password security policy template for any organization seeking to implement an official privileged account management policy
Impossible to kill RATs drain bank accounts dry, says BioCatch (Times of Israel) Sophisticated socially-engineered financial hacks are driving the banking industry crazy — and an Israeli cyber-security firm says it has a solution
InfoArmor Releases Its VigilanteATI(SM) Advanced Threat Intelligence Portal (PRNewswire) InfoArmor rebrands and upgrades former IntelCrawler and PwnedList Threat Intelligence Services
LookingGlass Offers Opens Exchange to Share Threat Intelligence (The VAR Guy) Research already has shown that companies think that sharing threat intelligence is a good idea to help keep their data and assets secure
Business Offers Protection From Cyber Attack (KELO) It can be tough, if not next to impossible, for businesses and government to say ahead of hackers
Technologies, Techniques, and Standards
NIST Seeks Comments on Guide to Help Financial Services Sector Manage IT Assets (NIST) The National Cybersecurity Center of Excellence (NCCoE) invites comments on a draft practice guide designed to help financial services companies monitor and manage IT hardware and software assets more securely and efficiently
How to Fix the Internet of Broken Things (Infosecurity Magazine) The Internet of Things requires attention to security to avoid vulnerabilities. The solution may be to create open security framework
Lessons from the Experian hack (SC Magazine) Experian breach is more than just another hack as cross referencing of data sets opens up even more scope for ciminal activity says Max Vetter
Encryption is under siege. Move to SHA-2 now! (InfoWorld) Between new NSA pronouncements and poorly protected hard drives, the crypto world has been turned upside down. One certainty: Switch to SHA-2 ASAP
Officers recommend the Army utilize private sector tactics to battle cyberattacks (SC Magazine) Two U.S. Army captains are pushing for the Army, the Department of Defense and the federal government to adopt practices currently used by the private sector to help protect sensitive data
Privacy might be a 'zombie,' but it's not dead yet, says Intel privacy chief (FierceITSecurity) Following the Ashley Madison hack, Intel's human resources approached Ruby Zefo, vice president and chief privacy and security counsel at the company, to determine what its recourse should be for employees whose emails were "hypothetically" found in the cache of breached addresses
The Evolving Software Needs of the Compliance Consultant (Legaltech News) Replacing manual processing is now a vital step compliance consultants must take in order to keep up with regulation
Research and Development
A basis for all cryptography (MIT News) A tool that would provide a secure foundation for any cryptographic system may be close at hand
CompTIA Gets NIST Research Grant for Cyber Jobs Heat Map (ExecutiveGov) The National Institute of Standards and Technology has awarded the Computing Technology Industry Association a three-year grant to perform research and develop a tool that will help visualize the supply and demand of cybersecurity jobs in the country
Legislation, Policy, and Regulation
Is better defense the answer to the China cyber threat? (C4I@R & Networks) While the U.S. and China in September reached a "common understanding" to stem China's ongoing cyber theft of U.S. intellectual property, the deal focused on economic interests — and left unaddressed the onslaught of attacks on the government, many of which are attributed to China
An American strategy for the Internet (American Enterprise Institute) As the Senate finally prepares to vote on the Cybersecurity Information Sharing Act (CISA) legislation, it is important to keep in mind that CISA alone will not solve our problems with respect to cyberspace
Cyber info sharing bill passes Senate, heads to conference (Federal Times) After working through the last remaining amendments up for consideration, the Senate voted 74-21 to pass the Cybersecurity Information Sharing Act (CISA) on Oct. 27, moving forward on the biggest piece of cybersecurity legislation to reach the floor this year
Senate Passes Controversial Cybersecurity Act (Infosecurity Magazine) Despite its controversial nature, the US Senate has passed the Cybersecurity Information Sharing Act (CISA)
Spy heads push for stronger cyber powers as bill comes up in Senate (The Hill) Intelligence leaders called for a more secure "legal foundation" for cybersecurity on Tuesday, as the Senate began final deliberations on major cyber legislation
Facebook accused of 'secretly lobbying' for cyber bill (The Hill) Facebook is "secretly lobbying" for a major cyber bill set for a final Senate vote Tuesday despite growing opposition to the bill among tech companies, according to a digital rights advocacy group fighting against the measure
How can we decide on surveillance and privacy when we can't see the whole picture? (Help Net Security) "The surveillance of communications faces a legitimization crisis," says James Losey, a fellow with the Open Technology Institute, the technology program of the New America Foundation, and currently a PhD candidate with the School of International Studies and the Department of Media Studies at Stockholm University in Sweden
2016 Presidential Candidate Security Investigation (Infosec Institute) InfoSec Institute has assessed the security posture of 16 of the presidential candidates' websites. This is an indicator of the level of security awareness the candidate and the campaign staff has
Litigation, Investigation, and Law Enforcement
The Most Controversial Hacking Cases of the Past Decade (Wired) The Computer Fraud and Abuse Act, the law that's been at the heart of almost every controversial hacking case of the past decade, is in the news again this month
How Fintech Can Win On Financial Crime (TechCrunch) Juan Zarate, a former Treasury official and now adviser to Coinbase, writes in his book Treasury's War that "financial warfare…has started to form a central part of international security strategies." By understanding the financial networks underpinning drug cartels, terrorist organizations and rogue nations, U.S. law enforcement and the Treasury Department have been able to pursue more sophisticated strategies aimed at disrupting them
Germany investigates fresh US spying allegations (RTE News) German authorities have launched a probe into allegations of a new case of suspected spying linked to the US National Security Agency, German reports said today
IRS possessed Stingray cellphone surveillance gear, documents reveal (Guardian) Exclusive: Invoices reveal tax service, 13th federal agency to use secretive dragnet, upgraded device that pretends to be cellphone tower to gather metadata
Venezuela Accuses Website of Cyberterrorism (Courthouse News Service) Venezuela's central bank claims a website run by exiles is committing cyberterrorism by reporting a fraudulent bolivar-to-dollar exchange rate to destabilize the country's economy