Dallas, Texas: the latest from Women in Cybersecurity (WiCyS)
Join Women in Cybersecurity This Week in Dallas (CTOvision) Women in Cybersecurity (WiCyS) is hosting its third annual Women in Cybersecurity event on March 31 through April 2 at the Hyatt Regency DFW International Airport. WiCyS continues to innovatively expand its mission to bring together women in cybersecurity from academia, research and industry. This event is designed as a forum for speakers and guests to exchange knowledge, experience, networking, and mentoring, with the ultimate goal of raising interest in the important, fascinating and lucrative field of cybersecurity. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate
Cyber Attacks, Threats, and Vulnerabilities
MedStar still dealing with problems from cyber attack (WTOP) Days after MedStar was hit with a crippling cyber attack, hospitals across the D.C. area are still struggling to get back to normal
MedStar says it is working to restore its systems; newspaper gets ransomware demand (FierceITSecurity) Report of a patient lost for days, emergency rooms without functioning computers
Samas ransomware enters hospitals through vulnerable servers (Help Net Security) There’s hardly a day anymore that we don’t hear about a hospital being hit with ransomware
Alert (TA16-091A) Ransomware and Recent Variants (US-CERT) In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it
SideStepper vulnerability can be used to install malicious apps on iOS (Help Net Security) Check Point researchers have identified SideStepper, a vulnerability that can be used to install malicious apps on iPhones and iPads to steal login credentials and sensitive data
iOS SideStepper Vulnerability Undermines MDM Services: Check Point (InformationWeek) Security researchers from Check Point plan to disclose a flaw at the Black Hat Asia conference which they claim endangers the way mobile device management software interacts with iPhones and iPads. Check Point calls the vulnerability "SideStepper" because it sidesteps the normal app approval process
Hackers can abuse the iOS mobile device management protocol to deliver malware (IDG via CSO) The attack bypasses the restrictions for enterprise app deployment introduced in iOS 9, Check Point researchers said
Linux security isn’t enough to stop data breaches (Help Net Security) There is a difference between the security of an operating system and the security of the data created, which is edited and manipulated by people and saved on the operating system
Malvertising Thrives in 'Shady' Parts of Highly-Automated Ad Networks (eWeek) Attacks on highly-automated ad networks serving major Websites demonstrate that attackers are finding ways to exploit the poorly-defended online ad market
Adwind at centre of cyber attack on Singapore bank (ComputerWeekly) Kaspersky Lab has revealed that the Adwind malware-as-a-service platform was at the centre of an attack on a Singapore bank
Brazilian and Russian cybercrooks collaborating to create more potent threats (Register) Borrowed technologies, code obfuscation, and a lot more in their bag of tricks
In Brief: The Unusual Suspects -- DeMystifying Attack Groups (Dark Reading) Colin McKinty, vice president of cybersecurity strategy, Americas, for BAE Systems joins Brian Gillooly at the RSA Conference to talk about how knowledge of your adversary--and knowing that they are, after all, just fallible human beings -- can be used to fight back
Islamic State urges attacks on German chancellery, Bonn airport: SITE group (Reuters) Islamic State posted pictures on the Internet calling on German Muslims to carry out Brussels-style attacks in Germany, singling out Chancellor Angela Merkel's offices and the Cologne-Bonn airport as targets, the SITE intelligence group reported
ISIS Turns Saudis Against the Kingdom, and Families Against Their Own (New York Times) The men were not hardened militants. One was a pharmacist, another a heating and cooling technician. One was a high school student
How hackers are targeting title and settlement companies (Housing Wire) Wire transfers in the crosshairs
Law Firm Data Breaches Besiege Client Confidentiality (Legaltech News) Big Law is struggling to protect privileged and sensitive information among the onslaught of breaches, an ever-demanding workload, and their own human errors
Security Patches, Mitigations, and Software Updates
Apple releases iOS 9.3.1 with fix for link bug (Ars Technica) Poorly behaved apps unmasked bug that could cause crashes and unresponsive news
Patch out for 'ridiculous' Trend Micro command execution vuln (Register) Password Manager, Maximum Security and Premium Security are all at risk
CloudFlare aims to block fewer legitimate Tor users (IDG via CSO) A mix of short-term fixes and long-term ideas intends to make Tor browsing less cumbersome
Cyber Trends
Symantec: Financial Trojans Declined By 73% In 2015 (Dark Reading) Symantec detected far fewer financial Trojans in 2015 and saw cybercriminals focus more of their efforts directly on financial institutions
What Is Preventing Companies from Adopting Better Data Security? (Legaltech News) 64 percent of Vormetric survey respondents viewed compliance requirements as either ‘very effective’ or ‘extremely effective’ in preventing data breaches
Newsflash: Healthcare Does Not Spend Enough on IT Data Security (HIT Consultant) Mathematically, the gap between $3.6 million and $17,000 is a chasm
The Race to Cyber Attribution Needs to Stop (Cyveillance) It has become almost systemic for people to immediately question, “Who did it?” when a major breach occurs in the public or private sectors
Marketplace
Hackers Will Try to Legally Infiltrate Pentagon in DOD Competition (ABC News) Specially vetted hackers will be able to legally test one of the Pentagon's secure computer networks next month as part of the "Hack the Pentagon" initiative designed to test the security of Defense Department computers
Statement by Pentagon Press Secretary Peter Cook on DoD's Partnership with HackerOne on the "Hack the Pentagon" Security Initiative (US Department of Defense) The Department of Defense (DoD) announced today that interested participants may now register to compete in the "Hack the Pentagon" pilot
Inside the little-known firm said to be helping the FBI crack iPhones (Sydney Morning Herald) The little-known Japanese company at the centre of a legal tussle between Apple and the US government over the hacking of an iPhone built its business on pinball game machines and stumbled into the mobile phone security business almost by accident
Apple, FBI put Cellebrite in the spotlight (SC Magazine) The tentative naming of the Israeli firm Cellebrite as the muscle behind the FBI's ability to crack into unlocked the iPhone used by San Bernardino, California shooter Syed Farook without help from Apple, has brought this little known company into the spotlight
Lockheed Martin expands its data security role within VA (GCN) The Department of Veteran Affairs is working with Lockheed Martin to boost the data security of the Million Veteran Program, a voluntary research effort aimed at learning how genetics affect health
Why General Catalyst Is Bullish on Security (eWeek) Steve Herrod, managing partner at General Catalyst, discusses his current investments, and how to determine if a technology is a company or if it's just a feature
Menlo Security CTO Pitches the Benefits of Isolation (eWeek) Kowsik Guruswamy, CTO of Menlo Security, discusses his company's present and future direction
Microsoft's Bold Vision Of Pervasive Artificial Intelligence (Seeking Alpha) Microsoft's keynote for its Build 2016 developer conference contained a new vision for personal computing. Microsoft foresees natural language conversations becoming the primary user interface. To achieve this, Microsoft is putting an unprecedented array of artificial intelligence tools in the hands of developers
Cylance® Expands Executive Team to Support Rapid Company Growth (PrNewswire) Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent advanced persistent threats and malware, has announced the expansion of its senior executive team, naming veteran Silicon Valley technology and venture capital lawyer Brady Berg as its General Counsel and veteran human resources executive Vina Leite as its Chief People Officer
James Williams Named Parsons Cyber Infrastructure Protection Sector Chief (GovConWIre) James Williams, a vice president at Parsons, has been named chief of the cyber infrastructure protection sector within the company’s federal business unit
Products, Services, and Solutions
Guidance Software Speeds Time to Analyze and Respond to Cyber Threats across Mac OS, Windows and Linux Systems (BusinessWIre) New benefits include integration with STIX definitions and bulk import of YARA rules
Bitdefender releases crypto-vaccine for popular ransomware infections (ZDNet) The free tool can be used to protect systems locked by CTB-Locker, Locky and TeslaCrypt
ESET Receives VB100 Award for ESET Endpoint Antivirus (PRWire) ESET Endpoint Antivirus recorded strong detection, excellent stability and low resource requirements in the latest Virus Bulletin’s VB100 Comparative
Review
Technologies, Techniques, and Standards
European Union GDPR data rules prompt cyber security review (ComputerWeekly) Isolated legacy security systems are a big cyber security risk – but the EU General Data Protection Regulation (GDPR) could change that, says Palo Alto Networks
Reviewing Important Healthcare Cybersecurity Frameworks (HealthITSecurity) Between the HIPAA Security Rule and NIST Cybersecurity Framework, healthcare organizations have several options to guide their cybersecurity efforts
Black Hat Asia: Decentralise security, devalue cyberattacks (ZDNet) Rather than deter hackers by making it difficult and costly to launch attacks, a more effective strategy involves deflating the value of successful breaches and decentralising security
New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations (Dark Reading) The East-West Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data
When It Comes To Cyberthreat Intelligence, Sharing Is Caring (Dark Reading) Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats
NIST Releases Cryptographic Standards and Guideline Document (SC Magazine) The report acknowledges the tension between the need for strong encryption, law enforcement and national security.
NIST security standard to protect credit cards, health information (Help Net Security) For many years, when you swiped your credit card, your number would be stored on the card reader, making encryption difficult to implement. Now, after nearly a decade of collaboration with industry, a new computer security standard published by the National Institute of Standards and Technology (NIST) not only will support sound methods that vendors have introduced to protect your card number, but the method could help keep your personal health information secure as well
6 Ways to Make IAM Work for Third-Party Organizations (eSecurity Planet) Identity and access management (IAM) for third-party organizations is a tough security challenge. Gartner's Felix Gaehtgens offers tips that will help
5 things you should know about two-factor authentication (IDG via CSO) Here are the basics to help you stay secure online
Design and Innovation
Microsoft Plans Army of Artificial Intelligence Bots (Newsweek) Microsoft's chatbot Tay may have backfired but the tech giant is planning many more
Why firms are piling into artificial intelligence (Economist) Sometimes it is perceived as a figment of the far future. But artificial intelligence (AI) is today’s great obsession in Silicon Valley
Forget About Big Data: Teaching Computers to Think Just Like Humans Is the New Big Thing (Haaretz) Deep learning, the technology that gets computers to mimic the process occurring in the human brain, is the newest buzzword in the high-tech world
Before robots can take over they need better security against hackers (Naked Security) Today’s robots are far smarter and more capable than the clumsy and awkward robots of the 1980s and 1990s
Meeting cybersecurity challenges through gamification (TechCrunch) When it comes to cybersecurity issues, we always seem to be dealing with either shortages or excess
The Artist Using Museums to Amplify Tor’s Anonymity Network (Wired) For the past few years, Trevor Paglen has been at the vanguard of a movement of fine artists who have led gallery-goers to grapple with the realities of online privacy and government spying
Google reverses Gmail April 1 prank after users mistakently put GIFs into important emails (TechCrunch) Google has reversed one of its April Fools’ Day pranks after it caused a number Gmail users to unwittingly insert GIFs into business emails and other important communications
Research and Development
Innovative cybersecurity research lands UAH doctoral student best poster award (UAH News) UAH computer engineering doctoral student Vahid Heydari's poster on "Preventing Remote Cyber Attacks against Aircraft Avionics Systems" was recently named the best poster at the 11th International Conference on Cyber Warfare and Security in Boston
Legislation, Policy, and Regulation
William Hague declares crypto enemy no.1 (SC Magazine) In an opinion piece for The Telegraph newspaper, William Hague, the Conservative former Foreign Secretary in the UK, says the latest Brussels terrorist attacks shows the need to crack terrorist communications
U.S.-China still at odds on cybersecurity issues (FCW) President Barack Obama said he will continue to discuss matters of cybersecurity with the Chinese president on the sidelines of the Nuclear Security Summit in Washington. But some lawmakers and experts think he should be doing more
Key proposal dropped from India-US homeland security dialogue (ZeeNews) An ambitious plan for exchange of information on terrorists on a real time basis between India and the US has been dropped from the proposed Homeland Security Dialogue to be held in June
Ukraine approves new cyber-security strategy (SC Magazine) New standards and cyber-security strategy approved in Ukraine to thwart Russians hacking infrastructure as Russian software purchases halted
US Marines ramp up cyber warfare support (ZDNet) The military group is expanding to train marines in cyber warfare and defence
Litigation, Investigation, and Law Enforcement
UK cops tell suspect to hand over crypto keys in US hacking case (Ars Technica) Lauri Love faces extradition to US over hitting Federal Reserve, among others
Father begs Apple CEO to help unlock his dead 13-year-old son’s iPhone (Ars Technica) "I think Apple should offer solutions for exceptional cases like mine"
Why Do the Feds Usually Try to Unlock Phones? It’s Drugs, Not Terrorism (Wired) Until the FBI backed down from its battle with Apple over accessing the iPhone 5c of San Bernardino shooter Syed Rizwan Farook, it seemed the agency had chosen a near-perfect case on which to make its stand against encryption
Epic battle of privacy versus justice ends with a whimper (FierceITSecurity) Well, it looks like the dispute between the FBI and Apple over access to encrypted data on the iPhone used by the San Bernardino shooter Syed Farook has been resolved by technology
FBI agrees to help Arkansas prosecutors open iPhone after hack of San Bernardino device (Los Angeles Times) The FBI has agreed to help prosecutors gain access to an iPhone 6 and an iPod that might hold evidence in an Arkansas murder trial, just days after the agency managed to hack an iPhone linked to the San Bernardino terror attacks, a local prosecutor said Wednesday
FBI Tests Technique’s Ability to Unlock More Versions of iPhone (Wall Street Journal) Government is likely to take months to decide whether to give Apple details of security flaw exploited to decipher encrypted data
Inside the FBI Investigation of Hillary Clinton’s E-Mail (Time) FBI director Jim Comey first investigated the Clintons 20 years ago
Law enforcement requests for customer data continue upward climb, says Microsoft (FierceITSecurity) Law enforcement requests for customer information jumped 11 percent in the second half of 2015, the second straight substantial increase, according to Microsoft's latest transparency report
Reddit deletes surveillance 'warrant canary' in transparency report (Reuters) Social networking forum reddit on Thursday removed a section from its site used to tacitly inform users it had never received a certain type of U.S. government surveillance request, suggesting the platform is now being asked to hand over customer data under a secretive law enforcement authority
Reddit’s missing ‘warrant canary’ suggests classified data requests from feds (TechCrunch) Reddit issued its annual transparency report Thursday morning, listing the amount and type of data requested by various authorities
How Barbie-doll maker Mattel clawed back $3m from cyberthieves (Naked Security) Barbie may well be a pinch-waisted physiological phantasy, but her maker, Los Angeles-based toymaker Mattel, is anything but
The Twitter jihadi: Man admits encouraging support for Islamic State by sending 8,000 tweets (Telegraph) n Islamic State fanatic has admitted sending thousands of tweets encouraging terrorism
