Washington, DC: the latest from DCOi
DCOi 2016 (INSS) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization t that aims towards enhancing collaboration between the United-States and Israel in cybersecurity. The summit is supported by Israel state agencies alongside companies and corporation across the United-States and Israel and is free of charge for registrants. DCOI 2016 will present best technological and creative skills, industry leaders and some of the most innovative entrepreneurs in the world
US-Israel Cyber Cooperation: The US brings information; Israel brings agility of innovation. (The CyberWIre) Organized by the Institute for National Security Studies (INSS, based at Tel Aviv University), DCOi featured high-level participation by both Israeli and US officials engaged in various aspects of cyber security. It also served as an opportunity for Israeli security companies to introduce themselves to the US market. Two overarching themes emerged: the centrality of rapid cyber intelligence development and sharing to security, and the importance of agility in developing and deploying security solutions
Cyber Attacks, Threats, and Vulnerabilities
New Cyber-Espionage Campaign Targets Pro-Russian Separatists in Ukraine (Softpedia) ESET claims the attackers are Ukrainian-based. A cyber-espionage campaign named Operation Groundbait has been targeting members of the Ukrainian government and the Russian-backed separatists with clever spear-phishing emails and a custom malware family
Meet the Chinese Trolls Pumping Out 488 Million Fake Social Media Posts (Foreign Policy) New research exposes a "massive secretive operation" to fill China’s internet with propaganda
Catalan Police Union Server Destroyed, Data Leaked Against Police Brutality (HackRead) A couple of hours ago HackRead reported on a robin hood hacker going with the handles “Phineas Phisher” “Hack Back!” and “@GammaGroupPR” stealing Bitcoins and donating them to Kurdish groups. Yes, the same hacker who previously hacked Hacking Team and the developers of FinFisher malware. Now, he’s back with another hack and this time the target is the official website of Sindicat De Mossos d’Esquadra (SME) or the Catalan Police Union
Phineas Fisher records, publishes latest attack (Help Net Security) Phineas Fisher, the hacker behing the Gamma International and Hacking Team breaches and data leaks, is at it again
TeslaCrypt ransomware gang shuts up shop, reveals master key (Naked Security) Articles about ransomware often don’t make terribly happy reading, especially if you’re looking at a “pay page”
Bangladesh Official’s Computer Hacked To Carry Out $81 Million Theft (Dark Reading) Bangladeshi diplomat shares FBI report with Philippine inquiry panel on Bangladesh Bank theft
Android Qualcomm Vulnerability Impacts 60 Percent of Devices (Threatpost) A flaw in Qualcomm’s mobile processor, used in 60 percent of Android devices, allows attackers to take control over a targeted phone or tablet under specific conditions. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver, coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE)
An eight-year-old virus is still infecting thousands of PCs (ZDNet) The malware [Conficker] accounted for more than one-in-six recognized attacks in April
Android Pay may, er, pay... providing it gets over security hurdle (Register) Electro-wallet hit by malware worries
The gravest dangers for CMS-based websites (Help Net Security) Over a third of all websites on the Internet are powered by one of these four key open source platforms: WordPress, Joomla!, Drupal and Magento
A Quarter of All Hacked WordPress Sites Can Be Attributed to Three Plugins (Softpedia) WordPress was the most targeted CMS of Q1 2016. Security firm Sucuri says that, during the first three months of 2016, the company saw a large number of attacks targeting websites running on the WordPress CMS platform
Ubiquiti routers hit by backdoor-generating worm (Help Net Security) A worm targeting wireless network equipment developed by US-based Ubiquiti Networks has already managed to compromise thousands of routers across the world
SOURCE Boston: Medical devices still vulnerable, but things may be changing (CSO) Most connected medical devices contain multiple flaws that make them vulnerable to hacks
Noodles & Company Probes Breach Claims (KrebsOnSecurity) Noodles & Company [NASDAQ: NDLS], a fast-casual restaurant chain with more than 500 stores in 35 U.S. states, says it has hired outside investigators to probe reports of a credit card breach at some locations
Milwaukee Bucks victim of email spoofing attack (WISN ABC 12) Scammer posed as Bucks President Peter Feigin
Grindr Promises Privacy, But It Still Leaks Your Exact Location (Wired) A few days ago, I warned my wife that the experiment I was about to engage in was entirely non-sexual, lest she glance over my shoulder at my iPhone
Security Patches, Mitigations, and Software Updates
Bank of England orders UK banks to upgrade cyber security after second SWIFT attack (Computer Business Review) UK banks have been ordered to step up their security by the Bank of England (BoE), after the second attack on a major financial institution this year
Cisco patches high-severity flaws in its Web Security Appliance (Computerworld) The flaws can be exploited with specifically crafted HTTP requests to cause denial-of-service conditions
Cyber Trends
Microsoft: U.S., Italy and Canada Are Top Ransomware Targets (eWeek) The Microsoft Malware Protection Center tracks the spread of ransomware and offers tips on how to avoid it in observance of Ransomware Info Day
There Is No Peacetime in Security: Juniper's Paul (InfoRisk Today) Juniper's CTO on Asian security, virtualized security
Marketplace
Security Products Shield Cisco From Weak Networking Market (CFO) A 17% gain in revenue from the security business helped offset weak demand for Cisco's network and routing systems in the third quarter
These 4 Megatrends Should Benefit FireEye (Motley Fool) Increasingly prevalent cyber crime could lift demand for the cybersecurity company's services for many years
Activist Focus: Is It Time To Get Long Infoblox? (Seeking Alpha) Starboard Value filed a 13D on April 22, 2016, disclosing a 7.1% stake. The activist fund is nominating directors to the Infoblox board. A possible sale of the company will likely emerge in the coming months after the Thoma Bravo’s takeover offer
Hewlett Packard Enterprise Makes $100 Million Bet on Startups (Indsutry Week) Putting money into startups is a way for the company to contend with new technologies from rivals like Amazon and Google. It’s also an effort to end a checkered spending pattern on acquisitions in the past decade
INSIDE Secure to Sell Its Semiconductor Business to Swiss Cybersecurity Expert WISeKey (BusinessWire) Exit from semiconductor to complete repositioning of INSIDE Secure as a software security and technology licensing company for mobile and IoT applications
KEYW Agrees To Sell Last Of Commercial Cyber Security Product Business (Defense Daily) KEYW Corp. [KEYW] on Wednesday said it has agreed to sell the remaining product line of its commercial cyber security business, Hexis Cyber Solutions, to an undisclosed private equity firm.Terms of the deal were not disclosed.KEYW said its Hexis HawkEye G product
Juniper Networks CFO: The First 100 Days (Wall Street Journal) Ken Miller has more than a decade of experience at Juniper Networks Inc. Yet the first 100 days of his tenure as finance chief have been a lesson in strategic planning
Greg Kushto: Agencies could be facing a cyber brain drain (Federal News Radio) For a variety of reasons, a large number of people seem to be leaving government for the private sector. Greg Kushto, a former cyber official at the Department of Agriculture and now the director of the Security Practice at Force 3, tells Federal Drive with Tom Temin this could mean a brain drain in crucial cybersecurity skills
Closing the Gender Gap in Cybersecurity: 3 Critical Steps (Dark Reading) Women in security need to step up as industry role models and set the example for future generations. Here's how
CyberArk Named a 2016 Best Place to Work in Massachusetts (Yahoo! Finance) CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, has been named one of Boston Business Journal’s 2016 Best Places to Work
Products, Services, and Solutions
Easy Solutions Selected as UK Government G-Cloud Approved Supplier (BusinessWIre) Easy Solutions, the Total Fraud Protection® company, today announced it has been registered as an approved supplier for the UK Government’s latest G-Cloud Digital Marketplace framework, G-Cloud 7
Hillstone Networks Partners With Mirantis to Deliver a Firewall as a Service Solution at Scale (BusinessWire) Joint security solution provides protection for OpenStack-based public and private clouds
Observable Networks Announces Integration with Amazon Inspector Service (Benzinga) Observable Networks Inc., an emerging leader of advanced threat detection services, is proud to announce the integration between its Dynamic Endpoint Modeling solution and Amazon Inspector, an automated security assessment service that helps improve the security and compliance of applications deployed on the Amazon Web Services (AWS) Cloud
Unisys (UIS) Launches USP: A Secure Digital Banking Platform (Zacks) Information technology firm, Unisys Corporation (UIS - Analyst Report), recently announced that it would be launching a new digital banking platform in collaboration with Sandstone Technology and Payment Card Technologies (PCT)
Rapid7 Earns CREST Certification for Penetration Testing Services (Globe Newswire) Rapid7, Inc. (NASDAQ:RPD), a leading provider of security data and analytics solutions, has been awarded CREST membership, which recognizes the consistently high standard of service provided by Rapid7
Deloitte Team Launches Custom Blockchain Solution Rubix Core (Bitcoin Magazine) Earlier this month, the Rubix by Deloitte team started rolling out their beta product, Rubix Core, with an early release to a group of selected clients in preparation for an upcoming broader release
Duo Security Brings Accessibility to User Authentication (PRNewswire) Duo Security, a cloud-based trusted access provider protecting the world's largest and fastest-growing companies, today announces accessibility enhancements for end-users with limited vision and motor skills.
Oddly Named App Makes Sharing Your Location Less Creepy (Wired) Parents see an obvious benefit to location-sharing mobile apps—keeping track of their kids. Almost everyone else considers broadcasting your location 24/7 a pointless threat to privacy that quickly drains your battery
Company Update (NASDAQ:FEYE): FireEye Inc Announces iSIGHT Partners Threat Intelligence Integration Into the FireEye Global Threat Management Platform (Smarter Analyst) FireEye Inc (NASDAQ:FEYE), the leader in stopping today’s advanced cyber attacks, today announced the integration of iSIGHT Partners threat intelligence into the FireEye® Global Threat Management Platform — enhancing customers’ abilities to proactively anticipate, detect, and respond to cyber threats
Tenable Network Security Delivers Actionable Security Intelligence Based on Verizon 2016 Data Breach Investigations Report (BusinessWire) Comprehensive dashboards and report cards help customers adopt DBIR recommendations and best practices for better protection against new and emerging cyber threats
Technologies, Techniques, and Standards
Singapore Issues Guidance for Cloud Outage Threats (Inforisk Today) New guidelines meant to enhance business resiliency
Vendors must collaborate to solve Infosec insecurities (Gigaom) IT security has become one of the most complex elements of a modern IT environment, requiring layers of protection, along with advanced analytics to block attacks, halt intruders and secure data
Why Security Investigators Should Care About Forensic Research (Dark Reading) Despite the promise of expanded visibility into the user trail behind a data breach, the security industry has largely ignored the meticulous advances of forensic researchers. Privacy is just one reason for the snub
Experian offers 12 tips to safeguard security from the Internet of Things (PRNewswire) The benefits of Internet of Things are only as strong as the weakest connected point
The Tiny Town Where Air Force Cadets Learn to Drop ‘Cyber Bombs’ (Defense One) The future of cyber warfare training looks like a model railroad where network security majors take turns turning off the lights
Research and Development
Cybersecurity breakthrough: Computer scientists figure out how to produce truly random numbers (International Business Times) Computer scientists in the US have made a cybersecurity breakthrough by developing a new method for producing truly random numbers, which could be used to greatly improve data encryption and improve security for everything from consumer credit card transactions to electronic voting to military communications
New Surveillance System May Let Cops Use All of the Cameras (Wired) The 30 million or so surveillance cameras peering into nearly every corner of American life might freak you out a bit, but you could always tell yourself that no one can access them all. Until now
Academia
TCC named National Center of Academic Excellence in Cyber Defense (Inside Business) Gov. Terry McAuliffe announced Thursday that Tidewater Community College is the latest Virginia institution to be named a National Center of Academic Excellence in Cyber Defense by the United States National Security Agency and the Department of Homeland Security
SWAMP Partners With Bowie State To Tackle Cybersecurity Skills Gap (Homeland Security Today) The global shortage of cybersecurity professionals with the skills necessary to combat the ever-evolving threats facing the United States has left the nation increasingly vulnerable to attack
Raytheon partners with American University's Kogod Cybersecurity Governance Center (PRNewswire) Company joins in efforts to advance cybersecurity research and education
Legislation, Policy, and Regulation
G-7 Nations Race to Bolster Security Against Cyberattacks in Finance (Wall Street Journal) Group of Seven officials meeting in Japan discuss ways to coordinate efforts to fend off hackers
China Subjects Tech Imports to Heavy Security Scrutiny Print Email (eCommerce Times) China is investigating the encryption and data storage features of technology products sold there by large foreign companies such as Apple, The New York Times reported this week
U.S. Cyber Command elevated to unified command unit, White House objects (SC Magazine) A bill cleared the House on Wednesday that establishes U.S. Cyber Command as a standalone unit
Cyberspace's invisible armies (Ecns) Military strategists believe cyberspace is the "fifth combat space" after land, sea, air and outer space
REUTERS SUMMIT-U.S. futures regulator targets cyber security, automated trading (Reuters via the Daily Mail) The U.S. Commodity Futures Trading Commission plans to finalize rules on cyber security, automated trading and position limits this year, as it tidies up final requirements related to the Dodd-Frank financial reform law, its chairman said on Thursday
Survey: OPM breach did little to raise feds' cyber posture (Federal Times) A new survey of federal cybersecurity executives and contractors shows a split opinion on whether the massive breach of Office of Personnel Management networks and subsequent Cyber Sprint did anything to improve federal cybersecurity
Survey: Federal cyber execs underwhelmed by ‘cyber sprint’ (FedScoop) The sprint is "turning into a marathon for some agencies," said one former CISO in the report
Navy will ask its workforce for help to solve legacy IT, cyber challenges (Federal News Radio) With the notion that the best cybersecurity starts with the best people, the Department of the Navy is asking its own workforce for ideas
The Navy wants to hire chiefs and captains – off the street – to fill cyber roles (Navy Times) Now hiring: Navy captain, cyber warfare expert, no previous military experience necessary
Ransomware Threat Continues to Grow as Lawmakers Take Interest (eWeek) In a Senate hearing, the chief of technology of a school district that suffered a ransomware attack tells legislators that the incident was "one of the most disruptive events in our history"
Does India's New IPR Policy Go Far Enough? (InfoRisk Today) Experts say Intellectual Property Rights Policy lacks detail
Litigation, Investigation, and Law Enforcement
French security chief warns Islamic State plans wave of attacks in France (Reuters) Islamic State militants are gearing up for a campaign of bomb attacks on large crowds in France, host to next month's Euro 2016 soccer championships, its spy chief has said
US Widens Sanctions on Islamic State, Al-Qaida Branches (ABC News) The United States expanded sanctions Thursday against affiliates of al-Qaida and the Islamic State group operating across the Middle East and North Africa, reflecting the spreading threat of extremism far beyond the groups' traditional strongholds in Iraq, Syria and Afghanistan
US adds ISIS in Yemen, Libya, Saudi to terror list (CNN) The U.S. added ISIS affiliates from Libya, Saudi Arabia and Yemen to its list of designated terrorist organizations on Thursday
NYC Man Who Joined Then Escaped ISIS Speaks Out Against 'Evil' (NBC News) He left the United States to join ISIS and then fled the group after five months. Now a New York City man is revealing the disturbing details of his journey into the heartland of terror — and warning others not to follow in his footsteps
Firefox users left feeling vulnerable as judge keeps Tor hack under wraps (Naked Security) Millions of users of Mozilla’s Firefox web browser may be at risk, thanks to a ruling handed out by a federal judge on Monday
What are 150,000 stolen press releases worth? About 20 years in prison (Naked Security) Press releases. A dime a dozen, right? What could be more worthless? Unless you break into the systems where they’re being staged for release, steal them before they go public, and then help people trade on the secrets you’ve uncovered
Chelsea Manning’s Appeal Took Three Years to File. Here’s Why (Wired) Imprisoned Wikileaks whistleblower Chelsea Manning filed an appeal this week, three years after she was sentenced to 35 years in prison for what is still considered the largest leak of classified government documents in history