Tysons Corner: the latest from CyberTech Fairfax
A Global View from a Local Window (The CyberWire) CyberTech, in partnership with the Fairfax County (Virginia) Economic Development Authority, met Tuesday, June 13th at Capital One headquarters in Tysons Corner, Virginia, to discuss "changing the global cyber landscape." Speakers from various sectors (financial services, transportation, utilities, aerospace and defense, communications, law, and government) covered trends, emerging technologies, and continuing challenges in cyber security. The conference featured significant international participation, with practitioners from Germany, the Netherlands, and, especially, Israel represented.
Fake news and free speech: a different look. (The CyberWire) Michael Chertoff, former US Secretary of Homeland Security, delivered the conference's morning keynote. He offered a general look at trends and challenges in cybersecurity, and in particular the value of framing cybersecurity in terms of analogies drawn from biological immunity. He also addressed the challenge of "fake news."
Former DHS Secretary Chertoff: 'Is Your Company Cyber-Immunized?' (In Homeland Security) Cyber-immunized? Michael Chertoff advises leaders to take a risk management and immunization approach for effective systems security and cyber security.
Innovation and technology transition. (The CyberWire) Representatives of government and industry shared their perspectives on how innovation might be fostered for both public goods and economic development.
Compliance, cooperation, standards of care, and cybersecurity momentum. (The CyberWire) The conference's morning CISO panel expressed clear consensus on the value of cooperation and collaboration in cybersecurity, even among businesses that in the ordinary course of things compete. The CISOs agreed that cybersecurity shouldn't be a competitive differentiator.
Cyber Attacks, Threats, and Vulnerabilities
US cyber weapons disappoint against ISIS (Fifth Domain | Cyber) Cyber Command's fight against ISIS has proven to be much more difficult than previous operations.
Terror Finance in the Age of Bitcoin (The Cipher Brief) Terrorists’ tactics evolve with the times. Just as we have seen an adaption of terrorist methods for sowing fear and distrust, so, too, we have seen their propaganda machines evolve to inspire audiences globally. Gone are the days of printed manifestos, pamphlets, or fuzzy VHS tapes.
Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known (Bloomberg) Attackers said to take measure of voting systems, databases. A ‘red phone’ warning to the Kremlin from Obama White House.
Russia's cyber attack on 39 states could jeopardize future US elections (CNBC) Russia's cyberattack on the U.S. electoral system was much more widespread than people realize, Bloomberg reports.
InfoSec 2017: What are Fancy Bears and why it matters, even for SMEs (SC Media UK) SC spoke to Adam Meyers, VP of intelligence at Crowdstrike at this year's InfoSec Europe 2017 about attribution and why it could be useful even for smaller businesses.
Fake-News Services Make Propaganda Distribution Point-and-Click (eWEEK) The emergence of online fake news distribution services prompted security firm Trend Micro to issue a report on June 13 that explains how they work and suggests counter measures.
Here's how much it costs to buy 'fake news' online (WIRED UK) The 'public opinion cycle' can be manipulated if you've got enough money
ESET detects Industroyer, biggest threat to industrial control systems since Stuxnet (aptantech) The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of…
Is Industroyer the biggest security threat to critical infrastructure since Stuxnet? (Computing) Industroyer malware trialed in attack on Ukrainian power grid in 2016.
Five cybersecurity experts about CrashOverride malware: main dangers and lessons for IIoT (IIoT World) As reported by ESET and Dragos, the CrashOverride malware is an extensible platform that could be used to target critical infrastructure sectors.
Kaspersky Lab Recommends Industries to Audit Security (Sputnik) Kaspersky Lab IT company has called on industrial companies to conduct security audit and increase the level of security following reports of new malware dubbed CrashOverride, which can reportedly disrupt energy systems, the company’s representative told Sputnik on Tuesday.
N. Korean cyber attacks targeting “critical infrastructure”, finance: U.S. (North Korea News) The U.S. government on Tuesday warned that a North Korean cyber attack group is targeting "media, aerospace, financial, and critical infrastructure sectors", in a rare alert issued by the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS). The North Korean-linked group is referred to by the U.S. government as "Hidden Cobra", and has been involved in malicious activities since 2009 to "advance their government’s military and strategic objectives", the report says. The FBI and DHS said they had identified several IP addresses associated with the distribution of a malware variant known as Delta Charlie, a distributed denial-of-service (DDoS) bot, and that “Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims” since 2009. “Some intrusions have resulted in the exfiltration of data while others have been disruptive in nature,” the joint Technical Alert (TA) said. While the report said that Novetta, a security
Threat Spotlight: Breaking Down FF-Rat Malware (Cylance) FF-RAT is an effective, proxy-aware RAT that has been in use for at least the last five years. It has been observed being used in targeted attacks against many industries, including government, aerospace, gaming, IT, and telecommunications.
Peter Cochrane: WannaCry? I wanna understand what's going on (Computing) Peter Cochrane examines the common problem between the WannaCry outbreak, the BA breakdown and the NSA malware tools leakage
HHS center for cyber threat sharing helped lead response to malware attack (Health Data Management) The Health Cybersecurity and Communications Integration Center was an integral part of the agency’s coordinated response to the recent WannaCry ransomware attack.
WiMax routers from Huawei, ZyXEL and ZTE are vulnerable to authentication bypass attacks | V3 (V3) Access all areas for users of legacy WiMax routers from Huawei, ZTE and ZyXEL,Security ,Hacking,Huawei,security,computer security,ZTE,SEC Consult
When sysadmins attack: how to delete an entire company (Naked Security) Nothing can stand in the way of malice and incompetence
A behind-the-scenes look at how cybercriminals carry out attacks inside enterprise networks (Vectra Networks) Vectra Networks last week published the 2017 Post-Intrusion Report, which covers the period from January through March. While there are plenty of threat research reports out there, this one offers unique insights about real-world cyber attacks against actual enterprise networks.
Hackers Can Spoof Phone Numbers, Track Users via 4G VoLTE Mobile Technology (BleepingComputer) A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries.
The race for N-days: Why millions of us are still vulnerable to known exploits (ZDNet) Here's why known bugs can still cause chaos in the mobile ecosystem.
Questions and answers on the Cowboy's Casino cyber attack (CBC News) Customers and staff of Cowboy's Casino in Calgary who have had their personal information leaked online probably have a lot of questions. David Gerhard, a computer science professor at the University of Regina, sheds some light.
Security Patches, Mitigations, and Software Updates
Microsoft, Adobe Ship Critical Fixes (KrebsOnSecurity) Microsoft today released security updates to fix almost a hundred flaws in its various Windows operating systems and related software.
Microsoft Patches 96 Security Vulnerabilties in June Patch Update (eWEEK) Patch Tuesday update takes the unusual step of releasing security patches for the unsupported Windows XP operating system.
Microsoft rushes out patch for Windows XP to prevent another WannaCry attack via a Shadow Brokers release (Computing) 'INCOMING!' warns Microsoft as it issues new critical patch for Windows XP.
Microsoft releases new Windows XP security patches, warns of state-sponsored cyberattacks (The Verge) Microsoft issued a "highly unusual" patch for Windows XP last month to help prevent the spread of the massive WannaCry malware. At least 75,000 computers in 99 countries were affected by the...
Cyber Trends
Flashpoint - Business Risk Intelligence Decision Report: 2017 Mid-Year Update (Flashpoint) This mid-year update to our Business Risk Intelligence Decision Report examines trends in the cyber and geopolitical landscape from the first half of 2017.
New Ponemon Study Finds Traditional Endpoint Security Approaches Are Ineffective, Costing the Average Enterprise $6 Million+ Per Year (Absolute) With the cost and complexity of endpoint security at an all-time high, Ponemon’s research reveals 63 percent of enterprises cannot monitor at-risk, dark endpoints, leaving more than 50 percent of endpoints vulnerable to a costly data breach
Veracode AppSec and DevOps Trends Report (Veracode) The increase of major cyber-attacks in the last few years has demonstrated to developers that no organization or application is immune. Veracode commissioned Enterprise Strategy Group (ESG) to conduct a survey of 400 IT, cybersecurity, and developer professionals to evaluate the benefits of AppSec for contemporary software development and deployment.
Wombat Study Reveals Personal Security Habits of 2,000 US, UK Workers (PRNewswire) Wombat Security Technologies (Wombat), the leading provider of cyber...
Just 26% of Organizations are Ready to Handle IT Risks, Reveals Netwrix Survey (Netwrix) Organizations are moving toward a more comprehensive approach to cyber risk management, but most still lack visibility into user activity and manipulations of their sensitive data.
Research: Legacy systems the biggest challenge in digital transformation (Computing) New research from Computing reveals that IT leaders are most concerned with integrating legacy applications into new digital initiatives, with cultural change coming a close second.
'BYOD has given way to the IoT' says ForeScout (Computing) CEO Mike DeCesare says that old methods of protecting cyber assets are not relevant in a connected world.
IoT Pose A Threat To Anything And Everyone Connected (ITSP Magazine) Loosely defined, the Internet of Things (IoT) refers to the general idea of things that are readable, recognizable, locatable, addressable, and/or controllable via the Internet. It encompasses devices, sensors, people, data, and machines.
Cyber Innovation Is Elementary (SIGNAL Magazine) Cyber is one domain that could benefit from lessons taught in kindergarten.
Marketplace
Yahoo sale to Verizon finally completed after 323 days and revelations over major security breaches | V3 (V3) 2,000+ pink slips being prepped by Verizon for Yahoo staff
Instant Analysis: Microsoft Confirms Hexadite Acquisition (Madison.com) What happened?
Prevalent Acquires Datum Security for SMB Third-Party Risk Management Platform (Marketwired) Acquisition of Datum Security solution helps close dangerous gap in SMB third-party risk exposure
Delta Risk LLC Completes Growth Capital Financing to Support Strategic Growth and Expansion (PRNewswire) Delta Risk LLC, a global provider of cyber security and risk management...
GSA Awards Delta Risk LLC All Four Cyber Security Services SINS to Contract with U.S. Government Agencies (PRNewswire) Delta Risk LLC, a global provider of cyber security and risk management...
Trusona snaps up $10 mln Series B from Microsoft Ventures and KPCB (PE Hub) Trusona, a Scottsdale, Arizona-based identity and authentication platform, has secured $10 million in Series B funding. Microsoft Ventures led the round with participation from existing backer Kleiner Perkins Caufield & Byers.
Why Proofpoint Keeps Shaking FireEye (Seeking Alpha) FireEye is sleeping on a cash cow hidden in its EX series of email security solutions. Sustainable double-digit growth in cloud security will provide the needed
2 Cybersecurity Stocks I'd Never Buy, and 1 I'll Consider (The Motley Fool) Investors should avoid Palo Alto Networks and FireEye, but Check Point deserves a closer look.
Raytheon to showcase cyberwarfare at Paris Air Show (New Atlas) Raytheon will use the 2017 Paris Air Show to showcase the technologies it is developing to provide defenses and countermeasures in the new battleground of cyberspace.
Inside Symantec’s bid to build the Amazon of cybersecurity tools (CIO) Symantec CIO Sheila Jordan is orchestrating a major shift toward one-stop cloud subscription services on the back of the company’s recent Blue Coat and LifeLock acquisitions.
Net Neutrality should not apply to content delivery networks: Akamai's McConnell (ETtech.com) Rick McConnell talks about their security play, why net neutrality should not apply to CDN players, how they re-skill people and accelerating mobile l..
Alert Logic Top Cited Cloud Infrastructure Security Vendor for Second Year (GlobeNewswire News Room) IT Decision Makers Give Alert Logic Top Rankings in New 451 Research Information Security Report
Telstra flags 1400 job cuts (CRN Australia) Staff will be informed today.
CRN Exclusive: Optiv Security Adds Former SecureWorks, D&H, Symantec Execs To Lead Strategic Business Areas (CRN) Optiv Security has added former Symantec exec Anirban Chakravartti, former SecureWorks CISO Doug Steelman, and former D&H CISO Michael Lines as it focuses on key business areas, including managed services and risk and compliance.
Exabeam Adds Former FireEye EVP Tony Kolish to Executive Team (Marketwired) 25-year leading industry veteran will drive Exabeam's services offerings globally
Cylance Loses Worldwide Head Of Sales To Endpoint Competitor SentinelOne (CRN) SentinelOne has landed one of its competitor's top executives, luring away Cylance head of worldwide sales Nicholas Warner as its new chief revenue officer.
Cavirin Establishes Security Advisory Board with Industry Luminaries (BusinessWIre) Cavirin Systems, Inc., offering continuous security assessment and remediation for hybrid clouds, announced a security advisory board.
Products, Services, and Solutions
tCell Production Deployments Yield New Insights About Application Risks and Attacks (Marketwired) Self-defending cloud applications gain traction and new features
Guidance Software Incorporates Webroot Threat Intelligence into EnCase Endpoint Security (BusinessWire) Guidance Software will provide Webroot threat intelligence to Guidance customers via a direct integration with EnCase Endpoint Security
DSM Announces New Features to Its DRaaS Solution (PRNewswire) DSM Technology Consultants, a leading Managed Cloud provider and Zerto...
Gemalto Simplifies and Secures Access to Cloud Applications with New Access Management Service (Gemalto) SafeNet Trusted Access helps companies mitigate risk with integrated single sign-on, multi-factor authentication and risk-based analytics
Rohde & Schwarz Cybersecurity and Arkessa launch solution for IoT connectivity and security (Rohde & Schwarz) The multi-level IoT platform solution provides full visibility and control of enterprises’ IoT operations with secure, backdoor-free, globally managed IP connectivity.
Palo Alto Networks Expands Security Platform With New Application Framework, GlobalProtect Offerings (CRN) Palo Alto Networks is adding to its security platform with the launch of a new Application Framework and Global Protect cloud services, the company announced Tuesday at its Ignite 2017 event in Vancouver.
ERPScan Announces Threat Map to Simplify Protection of SAP Systems at the Gartner Security & Risk Management Summit (PRNewswire) ERPScan announced updates to its flagship product for securing...
Spirent's CyberFlood Release Extends Security Coverage, Including WannaCry, IoT, Industrial Controls and DDoS Attacks (BusinessWire) The latest version of CyberFlood features the industry’s first means to validate exposure to WannaCry ransomware, plus stronger fuzzing capabili
BitSight and Telefónica Deliver Enhanced Visibility into Supply Chain Risk with Continuous Monitoring (IT Briefing) BitSight, the Standard in Security Ratings and ElevenPaths, Telefónica Cybersecurity Unit specializing in the development of innovative security solutions, today announced a new alliance that will enhance visibility into supply chain risk for Telefónica customers worldwide.
Whitewood Showcases Entropy-as-a-Service for Windows (Cloud Computing) The cloud-based service delivers pure quantum entropy – the foundation of randomness – to generate truly random numbers for creating cryptographic keys that are impossible to guess.
Sonus Redefines Enterprise Communications Security (PRNewswire) Sonus introduces an initiative...
Proofpoint Wins Best Fraud Prevention with Email Fraud Defense and Best SME Solution for Proofpoint Essentials at SC Awards Europe 2017 - NASDAQ.com (NASDAQ.com) Cybersecurity leader recognised for email fraud prevention and its SME solution, Proofpoint Essentials
IBM Extends Cloud Identity-as-a-Service to Hybrid Cloud Environments (eWEEK) New Cloud Identity Connect services aim to make it easier for organizations to connect identities both on-premises and in the cloud.
Leidos Cyber Launches MDR for Early Detect & Proactive IR (Learn More) - American Security Today (American Security Today) Leidos Cyber, has unveiled it’s Managed Detection and Response (MDR) service that goes beyond traditional Managed Security Service Providers (MSSP) or Incident Response (IR) services. MDR is a continuous, end-to-end service that detects malicious threats earlier, provides comprehensive analysis of intrusions, and delivers immediately actionable guidance for future prevention based on intelligence gained. Every breach starts with …
BT, Intercede and Imagination collaborate on IoT security (Totaltelecom) Global technology company Imagination and digital identity and credentials expert Intercede are showcasing a solution for enhanced Internet of Things (IoT) security at BT’s bi-annual Innovation 2017 event today.
Intercede launches projects with VMWare, Imagination (BOLSAMANIA) Digital identity, credential management and secure mobility specialist Intercede announced on Tuesday that it was collaborating with VMWare and Imagination on two “separate, significant” projects utilising Intercede's MyID and MyTAM software.
Intercede introduces cloud-based strong credentials enterprise service MyIDaaS (Bankless Times) Digital identity and credentials company Intercede has released its new, cloud-based “strong credentials” enterprise service. MyID as a Service (MyIDaaS) replaces passwords with …
Technologies, Techniques, and Standards
Facing limits of remote hacking, Army cybers up the battlefield (Ars Technica) Army prepares for a less friendly electronic battlespace, embeds cyber in units.
Making Beat Cops Out of Cyber Warriors (SIGNAL Magazine) In cyber, the U.S. Defense Department might have its SWAT team, but it is missing the beat cop.
How the channel is preparing for the data breach notification scheme (CRN Australia) Sententia, Diversus Group and Geek explain how they will help customers.
Is agile cloud DevOps feasible for hypersecure .GOVs? (SiliconANGLE) Is agile cloud DevOps feasible for hypersecure .GOVs? - SiliconANGLE
App Security: Breaking Bad Habits (BankInfo Security) Bad security habits of consumers whose use of apps is skyrocketing is leading to increased risks for businesses as they ramp up their use of apps as well, says Neil
Former NSA Security Architect Fills in Encryption Gaps (Meritalk) Citizens shouldn’t rely only on the law to protect their data, according to Will Ackerly, co-founder and chief technology officer at Virtru and former cloud security architect at the National Security Agency.
Design and Innovation
Hacking a heart pacemaker isn't science fiction. See what experts are doing to prevent it (Arizona Central) More than 100 medical professionals and cybersecurity experts gathered in Phoenix to talk about protecting medical equipment and records from hackers.
Research and Development
Scientists will end delays at passport control with biometric border scanner (Times (London)) It is a tedious indignity of modern air travel but the bleary-eyed wait at passport control could soon become a thing of the past. A British company has been commissioned by one of the world’s...
Quantum Cryptography Reaches A New Milestone In Quantum Secure Direct Communication (Science Times) Quantum cryptography has reached another milestone with the success of storing and controlling data in quantum memory. Physicists from University of Science and Technology of China and Nanjing University of Posts and Telecommunications has been able to optimize the Quantum Secure Direct Communication (QSDC) protocol
Ethics And Artificial Intelligence With IBM Watson's Rob High (Forbes) Artificial intelligence seems to be popping up everywhere, and it has the potential to change nearly everything we know about data and the customer experience. However, it also brings up new issues regarding ethics and privacy.
Academia
Carnegie Mellon University names cybersecurity center director (TribLIVE.com) Carnegie Mellon University's cybersecurity rapid response team has its second new director since February, the school announced Tuesday. Roberta G. 'Bobbie' Stempfley will take over ...
Legislation, Policy, and Regulation
China’s internet watchdog rebuked for ‘lax’ control over cyberspace (South China Morning Post) Discipline inspectors say the Cyberspace Administration failed to swiftly enforce Xi Jinping’s policies to further tighten control of cyberspace on the mainland
Microsoft’s radical idea for dishing out cyberblame (Naked Security) Microsoft’s strategy for containing global cyberattacks is so crazy it just might work. Or is it just plain crazy?
Security Vs Privacy: EU to Let Cops Hop Across Borders for Data (Sputnik) The EU is planning to work out a mechanism which will allow law enforcement bodies to receive evidence directly from tech companies, such as Facebook or Google, even when stored in another European country. This has sounded alarm bells, as many see it as a threat to privacy. Sputnik discussed the issue with Nigel Hawthorne from Skyhigh Networks.
US, Europe seek measures to avert expanded airline laptop ban (The Financial Express) The US Department of Homeland Security will meet European officials this week to discuss new security measures that could prevent the U.S. government expanding a ban on laptops beyond flights from ten airports primarily in the Middle East.
Lawmakers voice fears over security of internet devices (TheHill) “Mobile devices are an attack vector that cannot be ignored," said one expert.
Hill Digs Into Innovating with IoT while Protecting Consumers (Cablefax) A pair of House Commerce subcommittee hearings on security in wireless technology and IoT devices offered a glimpse at the issues they’re most worried about.
Litigation, Investigation, and Law Enforcement
From 'caliph' to fugitive: IS leader Baghdadi's new life on the run (Reuters) Islamic State leader Abu Bakr al-Baghdadi is on the brink of losing the two main centres of his 'caliphate' but even though he is on the run, it may take years to capture or kill him, officials and experts said.
What We Know About Reality Leigh Winner, the Texan Charged Under the Espionage Act (Texas Monthly) The NSA contractor accused of leaking a classified document has South Texas roots.
The Cagey Mr. Comey (Hoover Institution) His own questionable actions might warrant an obstruction of justice charge.
CONFIRMED: Obama Had His Own ‘Back Channel’ To Moscow (The Daily Caller) The Obama administration had a "back channel" to communicate with Russian officials, according to a new report detailing Moscow's efforts to delegitimize the U.S. presidential election results. The
Distributor caught selling Apple customers’ data (Naked Security) Police have uncovered a large network of Apple distributor employees selling iPhone users’ data on the cyberunderground.
Hacker "Sagade" Extradited to the US for Role in Scareware Scheme (BleepingComputer) Peteris Sahurovs, a Latvian hacker known as "Sagade," was extradited to the US and appeared in Minneapolis court today in regards to accusations of running a scareware operation that pocketed the crook and his partners over $2 million.
The U.S. Intelligence Community Can Share Your Personal Information With Other Governments, and We’re Demanding Answers (American Civil Liberties Union) While the ACLU’s focus on foreign intelligence surveillance typically centers on the U.S. government’s National Security Agency, intelligence collection actually operates on a global scale. Our government is just one branch of an international network of intelligence services that coordinate their efforts with virtually no transparency or accountability.
Council fined £100,000 for Heartbleed security failures | TheINQUIRER (Inquirer) Gloucester City Council guilty of serious security oversight,Security ,Hacking,heartbleed