Mountain View, California: the latest from SINET ITSEF 2016
SINET IT Security Entrepreneurs Forum (ITSEF) 2016: "Bridging the Gap Between Silicon Valley and the Beltway" (SINET) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge
SINET ITSEF 2016: Finding Ground Truth in the Security Ecosystem (The CyberWire) The sessions on ITSEF's first day explored topics of close interest to security entrepreneurs: how to quantify cyber risk, how to use adversary modeling to organize defenses, how to design products for integration into customer enterprises, and how (or whether) the concept of an OODA loop can be appliced to cyber defense. Rick Geritz, founder and CEO of LifeJourney, opened the conference with welcoming remarks that drew attention to the way in which ITSEF’s history has paralleled the emergence of the Chief Information Security Officer’s role in government and industry
Minister Sajjan to deliver keynote address at the 2016 SINET IT Security Entrepreneurs Forum (Government of Canada | Gouvernement de Canada) Defence Minister Harjit S. Sajjan will deliver a keynote address at the 2016 SINET IT Security Entrepreneurs Forum to discuss how the Communications Security Establishment (CSE) is approaching evolving challenges in cyber security
Cyber Attacks, Threats, and Vulnerabilities
Brussels Attacks Led to Cyber-Attack Increases (Infosecurity Magazine) March saw heightened cyber activity worldwide, with terrorist attacks impacting cyber-attacks on a global basis
Stepping over the cyber line (C4ISR & Networks) The recent cyberattack on the Ukraine’s power grid has caused several organizations to rethink the threats posed to the U.S. power grid
UN Energy Tsar Warns UK of Cyber Threat (Infosecurity Magazine) The UK’s energy sector is at serious risk of a crippling cyber attack on its infrastructure, the head of the World Energy Council has claimed
Security Firm Discovers Secret Plan to Hack Numerous Websites and Forums (Softpedia) Security researchers from SurfWatch Labs have shut down a secret plan to hack and infect hundreds or possibly thousands of forums and websites hosted on the infrastructure of Invision Power Services, who are the makers of the IP.Board forum platform, now known as the IPS Community Suite
Outdated Git version in OS X puts developers at risk (IDG via CSO) The Git version shipped with Apple's command line developer tools is vulnerable to remote code execution attacks
Blue Screen of Death meets cybercrime – true or false? (Naked Security) Over the past week or so, an intriguing story has appeared around and about the web. It falls short of a meme, but sits higher than a rumour, and it’s attracted attention because it deals with an increasingly-endangered event: a BSoD
Web host 123-reg accidentally slaughters customers’ sites (Naked Security) Customers of the web host 123-reg are frantically trying to rebuild their online businesses after the host accidentally erased an unknown number of their virtual private servers (VPS) during a clean-up
Hacking Team postmortem is something all security leaders should read (CSO) Hacking Team is back in the news again. Last weekend, the person responsible for Hacking Team's meltdown posted a recap of the incident, including a detailed overview of how they hacked the Italian firm
Security Patches, Mitigations, and Software Updates
Google: Android security is stronger than ever (CSO) The company scanned 6 billion apps per day in the last year as part of its effort to secure Android's far-flung landscape
Cyber Trends
Most Businesses Have no Cyberattack Response Capability (Channel Partners) Less than one-quarter (23 percent) of organizations are capable of responding effectively to a cyberincident, while 77 percent have no capability to respond to critical incidents and often buy support services only after an incident
Research identifies organised cyber threat to Australia (Computerweekly) Researchers have identified the profiles of cyber criminals and identified the one that is the biggest threat to Australian organisations
Governments vulnerable to attack, says Palo Alto Networks (IT Brief) Governments need to reassess how they’re handling cyber attacks, according to Palo Alto Networks
Marketplace
Huge data breaches have been good for security stocks (CNBC) IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday
SIM Market Insights 2015 (SIMalliance) SIMalliance is the global, non-profit industry association which simplifies aspects of hardware-based device security to drive the creation, deployment and management of secure mobile services
SecureWorks Goes Big As First Major Tech IPO Of 2016 (Seekihg Alpha) Deal set to price this Thursday evening, 4.21.2016. Enormous team of underwriters includes BofA, Goldman, JPM, Morgan Stanley, Barclays, Citi, UBS, and many others. We strongly suggest obtaining an allocation. While peers Rapid7 and FireEye have struggled post-IPO, the excitement surrounding the deal could boost it to early success
Strategic Cyber Ventures Invests in Deception Technology Vendor TrapX (eWeek) Tom Kellermann, former CSO of Trend Micro, started Strategic Cyber Ventures three months ago, and now he's ready to announce his first investment
Cyber security co TrapX raises $14m (Globes) Sales of the company's DeceptionGrid software tripled in 2015
LANDESK completes Appsense acquisition (ARN) Merger strengthens unified endpoint management capabilities and security offerings
Experian to buy Austin tech firm for $360M (Austin Business Journal) Technology security company CSID Corp. has agreed to be sold for $360 million to credit report specialist Experian PLC
Thycotic Continues Momentum as Fastest Growing Provider of Privileged Account Management Solutions (BWW) Thycotic, a provider of privileged account management (PAM) solutions for more than 3,500 organizations worldwide, continues its record trajectory with a 77 percent compound annual growth rate (CAGR) in Q1 of 2016
IBM's Earnings Show Smooth Sailing For Its Cloud, Mobile And Security Businesses (Forbes) The numbers are in for IBM Corp.’s first quarter of 2016 and they are continuing to bulk up in next generation segments including cloud, mobility, and security
Here's Why Shares of IBM Are Sinking Today (Fortune) Investors are not impressed with its latest results
Is Verizon reinventing itself by shedding its legacy business? (Philly.com) As recently as 2000, Verizon Communications boasted the nation's largest local phone network with more than 60 million phone lines in 40 states from New York, New Jersey, and Pennsylvania to Florida and California
Intel announces “evolution” away from PC industry, “up to 12,000” layoffs (Ars Technica) Confirms 11 percent shave of Intel's global workforce, reduced revenue projection
Colorado wants to duplicate Israel's success in cybersecurity (Denver Post) University of Denver's first Cybersecurity Summit brings politics, educators, startups, cybersecurity firms together with Israel
DigiCert CEO Nicholas Hales Named 2016 EY Entrepreneur Of The Year® Utah Region Finalist (PRNewswire) Hales' leadership has guided DigiCert to become the world's second-largest issuer of high-assurance digital certificates for retail, enterprise and the IoT
Products, Services, and Solutions
IKANOW 1.5 Release – Giving Information Security Analysts Lightning Fast Search (IKANOW) IKANOW today released Information Security Analytics (ISA) 1.5. The release includes several new features and some of the most powerful are designed to give information security analysts contextualized search capabilities that can reduce the investigation time between identified incident and confirmed intrusion
vArmour Announces the Industry's Most Simple, Scalable and Economical Data Center and Cloud Security Architecture, "Project Ice Cream" (MarketWired) vArmour takes a non-cloudwashing approach to securing clouds
VASCO Launches FIDO U2F Certified Authenticator for Use with Popular Online Applications (PRNewswire) DIGIPASS SecureClick one-button authenticator allows users to easily add the enhanced security of two-factor authentication to common applications
ThreatTrack Enhances Its Advanced Threat Protection Platform to Better Secure Distributed Networks (PRNewsire) ThreatSecure® Network 2.2 offers a hub-sensor architecture that delivers greater visibility and scale to accelerate malware detection and response across global networks
Another Big Messaging App Joins the End-to-End Encryption Party (Fortune) No self-respecting messaging service wants to be seen without end-to-end encryption this season, and Viber has become the latest to don the garb most recently flaunted by the scene’s biggest star, WhatsApp
Verizon looks at the emergence of software-defined networking (The Stack) SDN is not a new technology as such, but uses for it are. Businesses are finding novel and exciting ways to leverage SDN to improve performance, reinvent business processes and compete more effectively
Kaspersky Announces Antivirus for Industrial Control Systems (ICS) (Softpedia) With the number of attacks on industrial systems growing at a rapid pace, Kaspersky announced last week the launch of a new cyber-security solution aimed at Industrial Control Systems (ICS)
Symantec releases beta for Norton Security Premium 2017 (Neowin) The American tech company Symantec has made a beta version of Norton Security Premium 2017 available to the public. The virus protection software will be available to users during a 14-day trial period after its installation. The suite will improve upon the currently available Norton Security and Antivirus software
CrowdStrike Offers Cyber Risk Assessment Program Targeted at M&A Process (BusinessWire) New security assessment practice determines readiness for safe integration and identifies cyber risks to consider during M&A transactions
FireEye Introduces Cybersecurity Risk Assessment for Mergers & Acquisitions (CSO) FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today announced the launch of Mandiant® Mergers & Acquisitions (M&A) Risk Assessment, a new rapid service offering cybersecurity assessment as to the level of cyber security risk present in the acquisition that could drive decisions
Dome9 triple protects AWS infrastructure, but is it necessary? (Network World) That old "is the cloud secure?" discussion has been reopened, and another vendor hopes to plug the gaps
Permit the Application, but Manage the Behavior -- Netskope Selects Infoblox to Protect Data and Ensure Compliance (MarketWired) nfoblox Inc. (NYSE: BLOX), the network control company, today announced that Netskope has deployed Infoblox solutions to achieve its mission of delivering secure cloud-based services to its customers
ThreatTrack Enhances Its Advanced Threat Protection Platform to Better Secure Distributed Networks (PRNewswire) ThreatSecure® Network 2.2 offers a hub-sensor architecture that delivers greater visibility and scale to accelerate malware detection and response across global networks
Anonabox’ Devices Keep Identity Anonymous Using Tor and VPN (HackRead) Anonabox, a hardware company focused on providing internet security and privacy for users has announced the launch of an array of innovative, small-sized new devices, which have been designed primarily to help internet users remain anonymous while surfing the net. These devices have been produced by Sochule, which recently acquired Anonabox
Technologies, Techniques, and Standards
DHS is busy sharing threat info with the private sector (FCW) The Automated Indicator Sharing system, which facilitates machine-to-machine sharing of cyber threat indicators between the federal government and the private sector, is busy
Making Ethically Based Decisions: Lessons from MedStar Health Cyber Attack (Physicians Money Digest) There has been an increasing number of cyber threats and “ransomware” attacks on healthcare information systems
Crisis Communication After an Attack (MIT Technology Review) Here’s an increasingly common scenario: You’re a business or IT leader, and you learn—quite possibly from sources outside your company—that cyberattackers have compromised your organization’s systems. You don’t know yet how serious a breach you’re facing, but it’s clearly time to activate your crisis-communication plan
5 Steps to Protect Against Ransomware (Above Security) Ransomware is a type of malware that attacks your computer and usually threatens to encrypt all your data and files unless a fee is paid within a certain time limit in order to decrypt your information
Design and Innovation
Microsoft and Google Want to Let Artificial Intelligence Loose on Our Most Private Data (MIT Technology Review) The recent emergence of a powerful machine-learning technique known as deep learning has made computing giants such as Google, Facebook, and Microsoft even hungrier for data. It’s what lets software learn to do things like recognize images or understand language
How machine learning in the cloud can help enterprise security (Tech Target) There's a growing trend of machine learning in the cloud and security should take advantage of it. Expert Dave Shackleford discusses machine learning and its benefits to security
Research and Development
Vencore to support DARPA cybersecurity (C4ISR & Networks) Vencore Labs has been awarded a $7.7 million DARPA cybersecurity contract
DARPA could double wireless capacity (C4ISR & Networks) A DARPA-funded team has been able to produce electronic circuits that could double capacity for wireless communications. Researchers at Columbia University, funded under DARPA's Arrays at Commercial Timescales (ACT) program, were able to make miniaturized circulators that ensure that radio frequency signals
The Military Wants a Privacy Firewall for Disaster Response (Defense One) A new tool to strip personal information from tweets and social media could help troops zero in on trouble spots
Academia
Liberty University Shines in Raytheon Cyber Tournament (DCInno) A group of seven students from rural Lynchburg, Va.-based Liberty University are making a name for themselves in a high-profile national collegiate cybersecurity competition
Legislation, Policy, and Regulation
President Xi calls for cyberspace security, technological breakthroughs (China.org) Chinese President Xi Jinping on Tuesday called for coordinated development of cyberspace security and informatization as well as breakthroughs in core Internet technology
A New Generation of Unrestricted Warfare (War on the Rocks) In 1999, two Chinese colonels wrote a book called Unrestricted Warfare, about warfare in the age of globalization. Their main argument: Warfare in the modern world will no longer be primarily a struggle defined by military means — or even involve the military at all. They were about a decade and a half before their time
Netanyahu scraps plans to regulate cyber security cos (Globes) Israel will comply with the Wassenaar Arrangement, an international convention regulating cyber exports
Lawmakers call for middle ground on law enforcement access to encryption (IDG via CSO) Tech companies and law enforcement agencies need to find a compromise, House members say
Lawmakers Struggle for Answers on Encryption (Wall Street Journal) Congress offers few ideas on how to find a middle road between security and privacy
The dumb, delusional US Senate encryption bill is everything wrong with tech politics (Quartz) There is much I could write about this week: Intel’s rumored layoffs in Oregon just ahead of its quarterly earnings release, president Obama’s support of the FCC’s open cable box proposal, Motor Trend’s shameless attempt to design the putative Apple Car by committee (with the regrettable participation of an otherwise-serious Apple blog), or rumors of an Apple App Store reorganization (about time) and paid-search app promotion (what?). Exciting as these all are, we have a more pressing matter before us: The just-released draft of the Compliance with Court Orders Act of 2016, an anti-encryption bill co-authored by Senate Select Committee on Intelligence chairman Richard Burr (North Carolina Republican) and vice chairman Dianne Feinstein (California Democrat)
Cyber Threats: Only Getting Worse (Cipher Brief) Former CIA Acting Director and Deputy Director Michael Morell spoke with The Cipher Brief about his assessment of the growing cyber-threat, as well as a potential solution to increasingly contentious discord between government and the tech industry on the topic of encryption
House Bill Would Limit DoD Silicon Valley Outreach Fund (DefenseNews) A House subcommittee wants to withhold 20 percent of the funds for the expansion of the Pentagon’s key Silicon Valley outreach effort until the defense secretary provides a detailed plan to Congress
Three Ways to Judge the Pentagon’s Tech-Sector Outreach (Defense One) Hint: it’s not about how many zeroes are on the first checks
Litigation, Investigation, and Law Enforcement
Secret spy court scolded NSA, FBI for not deleting data (The Hill) Analysts within the National Security Agency “potentially” violated the law by improperly failing to delete information collected about people on the Internet, the federal court overseeing U.S. intelligence agencies declared in an opinion declassified on Tuesday
U.S. spy court judge dismissed privacy advocate's concerns about data use (Los Angeles Times) An independent lawyer assigned to represent Americans’ privacy interests before the nation’s top-secret spy court failed to persuade a judge to block FBI agents from searching intelligence databases to hunt for evidence of traditional crimes rather than restricting them to national security probes, according to a newly declassified court opinion
EFF sues to uncover government demands to decrypt communications (IDG via CSO) The group says the USA Freedom Act compels the DOJ to publish significant decisions of the secret FISC court
FBI: Using Third Parties To Break Encryption Is Not the Only Answer (Time) It was also said there was no "one-size-fits-all" approach to recovering evidence
UPDATE 1-Apple refused China request for source code in last two years -lawyer (CNBC) Apple has been asked by Chinese authorities within the last two years to hand over its source code but refused to do so, the company's top lawyer told U.S. lawmakers at a hearing on Tuesday
China Sentences Man to Death for Espionage, Saying He Sold Secrets (New York Times) In a sign of China’s increasingly aggressive efforts to combat espionage and other security threats, the government said it had sentenced a former computer technician to death for selling 150,000 classified documents to foreign spies, according to state media reports on Tuesday
Want to sue Ashley Madison over data breach? You must use your real name (Ars Technica) Judge weighing if data hacked from the cheating site may be used at trial