The CyberWire Daily Briefing 03.04.16

San Francisco: the latest from RSA

Photo gallery: RSA Conference 2016 Expo – Moscone South (Help Net Security) Here are a few photos from the Expo floor of Moscone South

Former US intelligence director backs end-to-end encryption (Irish Times) Introducing weakened iOS code would be like ‘creating a bacterial biological weapon’

Former Top Government Officials Side With Apple In FBI Legal Battle (Fortune) It’s not just technology companies and privacy groups that are siding with Apple in its legal battle with the FBI over a locked iPhone used by a terrorist during the San Bernardino attacks

RSA Conference 2016: A chat with the UK’s cyber envoy to the U.S. (Stack) Over at RSA Conference 2016, The Stack’s security editor, Richard Morrell, meets and talks with the British Cyber Envoy to the United States, and takes a deeper look at one of the most interesting British companies making an impression at San Francisco this week

Threat Intelligence: Humans turning data into actionable intelligence (CSO) It takes a human element to make real-world judgement calls on threat data

Authentication: One Size Does Not FIt All (RSA Blogs) I’ve been coming to the RSA conference on and off (mostly on) for more than 15 years, and each year there seems to be more strong authentication vendors demonstrating new and interesting approaches to authenticating end users

Researcher demonstrates hijacking of police drone (Help Net Security) A security researcher has demonstrated to the RSA Conference crowd how he – or anyone, for that matter – can take over control of a drone used by the Dutch police and make it do anything the rightful owner can

Cybercrime trends point to growing sophistication (TechTarget) Cybercrime trends point to an alarming increase in advanced social engineering techniques and customized, targeted document-based malware attacks in 2016, according to Sophos research

RSA 2016: Malware Still Prevalent on Corporate Network, Proofpoint Warns (SC Magazine) RSA 2016: Malware Still Prevalent on Corporate Network, Proofpoint Warns

Security is ‘easy': Just ask someone at RSA (We Live Security) It might seem cliché but the biggest vulnerability companies face today is not technological; it's human. Unfortunately, not much has changed in the past half-century

RSA 2016: Vendor badge scanning apps contain security bypass vulnerability (SC Magazine) Bluebox Security researchers spotted a security bypass vulnerability in the kiosk management application used on the RSA Conference 2016 vendor badge scanning devices

The Irony of Poor Security at RSA 2016 (Bluebox) “If you develop an app, it’s usually a best practice to not leave a hardcoded password in your code"

Hewlett Packard Enterprise Tech Chief Talks Up 'the Machine' (Fortune) The company’s secret cybersecurity weapon

CloudLock Launches Industry's First Adaptive CASB Security Platform (MarketWired) CloudLock unveils largest cloud security orchestration ecosystem to deliver rxpanded native CASB multi-mode offering

Trend Micro Cloud App Security integrates with Box, Dropbox and Google Drive (Help Net Security) Trend Micro announced the expansion of its Cloud App Security at the RSA Conference

Secure passwords for privileged accounts with Bomgar Vault (Help Net Security) At RSA Conference 2016 Bomgar announced the new Bomgar Vault, which helps companies secure, manage, and administer shared credentials for privileged users and IT vendors

Digital Identity Graph helps detect fraud, cyberattacks (Help Net Security) ThreatMetrix announced at RSA Conference the newest innovation in the fight against global cybercrime – the Digital Identity Graph, a framework for anonymized global digital identities on the internet

RSA: Dell SecureWorks DCEPT Delivers Honey Tokens to Hackers (eSecurity Planet) Dell launches new open source tool that uses Docker containers to help organizations identity credential thefts from memory

Graham Cluley wins top blogging award at RSA Conference (Graham Cluley) "Unaccustomed as I am to writing headlines about myself in the third person"

Comilion Selected as Hot Company for Security Collaboration by Cyber Defense Magazine (BusinessWire) Annual CDM Infosec Awards were presented at RSA Conference 2016

Cyber Attacks, Threats, and Vulnerabilities

Cyberespionage group that hit PH and Southeast Asia ‘disappears’ (Inquirer) From 2009 up to 2015, a single group of people has successfully hacked into computers of various government agencies of Southeast Asian countries and steal data without being caught

ISIS 'making millions' by gaming forex markets (CNBC) The militant group that calls itself Islamic State (ISIS) is exploiting national banking operations in Iraq and could be making up to $25 million a month in Middle Eastern money markets, according to experts

Is the Islamic State Hurting? The President’s Point Man on ISIS Speaks Out (New Yorker) For the first time since its blitz across Syria and Iraq, in 2014, the Islamic State is on the defensive in both countries

How hackers attacked Ukraine's power grid: Implications for Industrial IoT security (ZDNet) The December 2015 cyberattacks on Ukranian power utilities were rare in that actual damage was inflicted. But there's ample evidence of widespread infiltration into organisations' operational system

Shedding Light on BlackEnergy With Open Source Intelligence (Recorded Future) If you’re like me, you don’t have access to the malware samples that infected the Ukrainian ICS (industrial control system) networks. You also don’t have packet captures or event logs to try to recreate the series of events that lead to over 200,000 people losing power in late December of last year

Attacks are basically the same no matter the industry (CSO) In 2007, the Aurora generator test showed that a cyber attack could cause physical damage to a power grid, but January's attack in Ukraine awakened security professionals to the reality of the risks to the energy sector

How Stuxnet, the first weapons-grade malware, kicked off a cyber arms race (Digital Trends) How we view a weapon is always determined by who wields it, and where they’re pointing it

VulDB: Rockwell Automation Allen-Bradley Allen-Bradley CompactLogix 1769-L up to 28.010 cross site scripting (SCIP) vulnerability was found in Rockwell Automation Allen-Bradley Allen-Bradley CompactLogix 1769-L up to 28.010. It has been classified as problematic. This affects an unknown function. The manipulation with an unknown input leads to a cross site scripting vulnerability. This is going to have an impact on integrity

27 million online dating passwords allegedly sold on the dark web (Graham Cluley) Hacker says he removed four million fake profiles before selling the data to others

Android Triada trojan 'as complex as any Windows malware' (V3) Security firm Kaspersky has found a trojan that poses a risk to some 60 percent of Android devices

The continual evolution of mobile malware (Kaspersky Blog) Nowadays PCs are protected much better than before

Why Bitcoin is not the root cause of ransomware (CoinCenter) Ransomware has been around for a while—turns out it’s about twenty years older than Bitcoin—but it’s been in the news again recently because of a particularly upsetting case involving a Los Angeles Hospital

Two Castles apology after site hit by ‘cyber attack’ (Kenilworth Weekly) Organisers of the Two Castles 10k have apologised to runners after two days of persistent website issues and ‘a cyber attack from Eastern Europe’

Security Patches, Mitigations, and Software Updates

Cisco removes weak default static credentials from its switches (Help Net Security) Cisco has released on Wednesday a bucketload of software updates for a wide variety of its products, fixing vulnerabilities of different types and severity

Cyber Trends

IoT Security: Industry Finally Waking Up To The Dangers (InformationWeek) For the last several years, Internet of Things security has been one of the most hotly debated topics at Mobile World Congress. This year, however, IoT security took on a new sense of urgency as more devices are being connected and the technology turns mainstream

Cyber onslaught threatens to overwhelm healthcare (Help Net Security) Healthcare organizations average about one cyber attack per month, say the result of the recent Ponemon study on the state of cybersecurity in healthcare organizations

Marketplace

Cybersecurity no longer merger afterthought (CSO) As little as four years ago, only about a third of companies considered cybersecurity when planning a merger. Today, that percentage has flipped

Why Cybersecurity Vendors Are Teaming Up (Motley Fool) Although puzzling at first, the recent partnership announcements in cybersecurity is a good thing for the industry and investors

Deloitte Highlights Israel's Rise as 'Blockchain Hotspot' (CoinDesk) A new report from global professional services firm Deloitte focuses on Israel's development into a blockchain hub, outlining the work of a number of startups working on distributed ledger solutions across a variety of industries

Personnel rift: Job recruitment (SC Magazine) Corporate cybersecurity has a problem

Why you need more than money to get top security talent (CSO) David Darrow from CSID explains how to attract and retain security talent in highly competitive markets with something other than money

Scrambling for Cybersecurity Leaders is Big Business for Recruiters (Executive Search Review) In the mid-1990s, when Joyce Brocaglia took on her first assignment to help build an information security operation for Citibank, it was a very different world

Winners Announced for Duo's Women in Security Awards 2016 (PRNewswire) Recognizing the women who are transforming the security industry

CACI makes U.K. cyber deal (Washington Technology) While CACI International may be digesting its largest acquisition ever – the $550 million purchase of L-3 national security business – its U.K. subsidiary has shown the copy is always on the look out for another deal

Q&A: Bruce Schneier on joining IBM, IoT woes, and Apple v the FBI (Register) It's going to get worse before it gets better

Finland's F-Secure looks for cyber growth, acquisitions (Reuters) Finnish data security company F-Secure (FSC1V.HE) is seeking to grow in the European cyber security market with the help of acquisitions, its chief executive said

OATI Counsel Jerrod Montoya Elected President of InfraGard Minnesota Members Alliance (PRWeb) Open Access Technology International, Inc. proudly announces the election of Jerrod Montoya to lead InfraGard Minnesota Members Alliance

Engility appoints former Raytheon executive Lynn Dugle as CEO (Lawyer Herald) Engility Holdings Inc. has announced its new CEO after Tony Smeraglinolo stepped down. It declared former Raytheon Intelligence, Information and Services president Lynn Dugle for the job aiming for organic growth and repayment of debt

Products, Services, and Solutions

Check Point Unveils Powerful New Management Platform, Simplifying Complexity of Security through Consolidation (CSO) Built from the ground-up, the new R80 security platform revolutionises the way IT leaders can better consolidate processes, policies and technology for smarter, more proactive protection

FireEye Unveils Mandiant Cyber Assessment Service for Industrial Control Systems (GovConWire) FireEye (Nasdaq: FEYE) will offer a new cybersecurity assessment service to help operators of industrial control systems determine risks in their network environments, ExecutiveBiz reported Tuesday

Technologies, Techniques, and Standards

Five things to consider before building a threat intelligence program (CSO) Threat intelligence isn't easy, but there are some things and organization can do to get a program started

Make threat intelligence meaningful: A 4-point plan (InfoWorld) Threat intelligence is a hot topic, but it requires a ton of work to be operational and effective. Here's how to steer clear of the traps

Panda Security Guide Helps Businesses Avoid Cyber-Extortion (eWeek) The report defines cyber extortion as a form of blackmail in which victims of an IT attack are forced to pay to avoid its effects

4 healthcare data breach lessons to take to heart (Becker's Health IT and CIO Review) Hospitals, health systems, payers and any organization with stewardship of healthcare data are prime targets for cyberattacks

HIMSS16: Cybersecurity success hinges on strength of CISO-CMIO relationship (FierceHealthIT) A hospital's success in cybersecurity is only as good as the relationship between its chief information security officer and its chief medical information officer, according to Hospital Corporation of America CISO Paul Connelly

10 Ways to Help Our Parents With Online Security (Heimdal) My parents are bright, intelligent people, curious to explore how modern stuff works

Design and Innovation

Is DevOps the Holy Grail for information security? (CSO) DevOps is the computing philosophy that, through unified agile software development and business operations, you can improve your products and time to market. But does it actually improve information security?

Research and Development

These engineers are developing artificially intelligent hackers (Guardian) In a sign of the autonomous security of the future, a $2m contest wants teams to build a system that can exploit rivals’ vulnerabilities while fixing its own

China's Quantum Satellite Could Change Cryptography Forever (Popular Science) Quess could hold the key to uncrackable communications

What is Quantum Cryptography? (Popular Science) And can it make codes truly unbreakable?

Academia

College Hackers Compete to Shine Spotlight on Cybersecurity (ABC News) Students from MIT and Britain's University of Cambridge will spend the weekend hacking one another's computers, with the blessing of their national leaders

Legislation, Policy, and Regulation

French parliament votes to penalise smartphone makers over encryption (Guardian) Deputies move to punish companies that refuse to hand over encrypted data in wake of US legal battle between Apple and FBI

Banks' Hands Tied as Basel Tightens Rules on Operational Risk (BloombergBusiness) Banks’ options for gauging the risk of incurring losses from events such as fraud, cybercrime and litigation are set to shrink as the Basel Committee on Banking Supervision tries to stop firms gaming the rules

US says cyber battle against ISIS will 'black these guys out' (CSO) The action against ISIS is the first time the DOD has acknowledged an active offensive cybercampaign

2013 Amendments to Wassenaar Arrangement Need Rewording, US State Dept. Concedes (The Wire) The US Department of State agreed on March 1 to renegotiate the terms of an international agreement that were found to severely impinge on software development, signalling a victory for cybersecurity researchers

US to renegotiate rules on exporting “intrusion software” (Ars Technica) Inter-agency panel decides just fixing US implementation of export controls isn't enough

Apple, FBI, Congress: 5 Burning Questions Raised (InformationWeek) As Apple and the FBI struggle over matters of encryption, privacy and security, a House Judiciary Committee hearing helped to highlight several questions in need of answers

DHS cyber official: Federal CISO needs legal authority (FedScoop) The federal CISO will elevate the voice of agency CISOs. But without legal backing, they will have trouble getting the same seat at the table that CIOs have now, DHS' Mark Kneidinger said

Integration of Cyberspace Capabilities Into Tactical Units (Military Spot) The Army’s efforts to integrate operational cyberspace capabilities into its tactical units took another big step forward during a recent training rotation at the National Training Center at Fort Irwin, California

Litigation, Investigation, and Law Enforcement

San Bernardino prosecutor raises concerns about ‘cyber pathogen’ in terrorist's iPhone (CSO) Experts are questioning whether such a thing as a 'cyber pathogen' at all exists

Op-Ed: Apple Shows Why the All Writs Act Cannot Decide The Encryption Debate (Legaltech News) Judge Pym's order could represent a disruption in Apple’s business and therefore an unreasonable burden

Rep. Issa Criticizes FBI's Strategy To Get Into Terrorist's iPhone (NPR) David Greene talks to Rep. Darrell Issa about his perspective on encryption, specifically the showdown between Apple and the FBI over unlocking the iPhone of one of the San Bernardino shooters

NSA Is Mysteriously Absent From FBI-Apple Fight (Intercept) The Federal Bureau of Investigation insisted that it was helpless

Cybersecurity and the Internet of Things (Lexology) The "Internet of Things", commonly referred to as the "IoT", is a phrase that loosely describes the growing body of Internet-connected devices, gadgets, and other items that do not fit the traditional concept of a "computer"

Report: FBI Investigating Whether Clinton Aides Retyped Classified Info Into Emails (Washington Free Beacon) In its investigation into whether classified information was sent using Hillary Clinton’s private email server, the FBI is reportedly looking at whether aides to the former secretary of state retyped information from classified sources into emails then sent to Clinton’s unsecured system

State Dept. Releases Personnel File For Hillary’s Private Server Technician (Daily Caller) The State Department has released the personnel file for Bryan Pagliano, the IT worker who managed Hillary Clinton’s private email server

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

International Academic Business Conference (New Orleans, Louisiana, USA, Mar 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are welcome to make presentations and/or to only attend sessions. The Clute Institute also seeks manuscripts for possible publication in our recently launched Journal of Cybersecurity Research

CISO Chicago Summit (Chicago, Illinois, USA, Mar 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Navigating Summit 2016 (Canberra, Australia, Mar 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy and cyber-security are the cornerstones of this strategy. The Summit will examine the implications of privacy and security in a ubiquitously connected, data driven world. Key areas of focus will include digital identity, open data and data sharing, the implications of technologies such as cloud computing, data analytics and the Internet of Things and perceived tensions between privacy and security and innovation.

CISO Atlanta Summit (Atlanta, Georgia, USA, Mar 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, Mar 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests

SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.

Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it

Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, Mar 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses

ICCWS 2016 (Boston, Massachusetts, USA, Mar 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security

CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise

Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities

Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity

Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings

SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future

Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate