New York: the latest from the 2017 SINET Innovation Summit
Hiring the right people. And what vendor approaches don't work. (The CyberWire) Don't pester prospective customers with cold calls when they're in the throes of incident response. But stay engaged and helpful with your existing customers.
How and why enterprise website security fails. (The CyberWire) There are two trends affecting enterprise website security: the emergence of the browser as the basic tool of data access and collaboration in the workplace, and the rapid disappearance of lines between business and personal accounts.
SINET Thinks Forward: "Fundamentals for the Future of Successful Security Programs" (The CyberWire) The conference's second "SINET Thinks Forward" talk was given by Roland Cloutier (Senior Vice President and Chief Security Officer, ADP). Cloutier outlined five fundamentals: a successful program should be converged, by design, with active decisioning, transparent integration, and ubiquitous ecosystem defense.
Cyber Attacks, Threats, and Vulnerabilities
The Microsoft security hole at the heart of Russian election hacking (Computerworld) We’re reliving the Visual Basic-spawned bad times of 1999.
A Change in Diplomacy with the Click of a Mouse (LookingGlass Cyber Solutions Inc.) US officials believe that Russian hackers planted a fake news story in Qatar’s state news agency, contributing to tensions among key US allies in the Gulf.
How intelligence data leaks caused collateral damage for infosec (SearchSecurity) Intelligence data leaks, like the recent ones at the NSA and CIA, can cause serious damage for cybersecurity. Here's how.
Valerie Plame warns of increased nation-state cyberattacks (SearchSecurity) Former CIA officer Valerie Plame spoke at the 2017 Cloud Identity Summit about the growing threat of nation-state cyberattacks.
Muslims fast in Ramadan to practice compassion and self-restraint. Terrorists see it as a time to step up violence (Los Angeles Times) Islamic State terrorists have skewed the meaning of Ramadan to justify violence and killing of civilians, the majority of whom have been Muslims. Here’s why jihadists politicize Islam's holiest month
CENTCOM confirms Islamic State’s ‘Grand Mufti’ killed in airstrike | FDD's Long War Journal (FDD's Long War Journal) US Central Command (CENTCOM) confirmed today that the Islamic State's Turki al-Bin’ali was killed in a May 31 airstrike in Mayadin, Syria.
Mexico accused of spying on journalists and activists using cellphone malware (Guardian) Targets received SMS messages with links which installed software that recorded keystrokes and compromised contact lists
SophosLabs analysis: why the surge in Word docs hiding ransomware? (Naked Security) The bad guys are using old tricks to hide very modern nasty surprises in Word documents. We take a look at how they’re doing that
Cybercriminals targeting Apple’s Mac users with malware attacks (ETCIO.com) Apple devices no longer safe against security breaches as new attack opportunities and threat vectors make Macs an easier target, according to Fortine..
Stack Clash bug could give root privileges to attackers on Unix, Linux systems (Help Net Security) Qualys researchers have unearthed Stack Clash, a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems.
NSA Malware Used to Infect Windows PCs with Cryptocurrency Miner (BleepingComputer) Windows computers are being targeted with a new cryptocurrency miner that uses an NSA hacking tool to infect users' PCs. Detected under the generic name of Trojan.BtcMine.1259, this trojan was first spotted last week by Russian antivirus vendor Dr.Web.
Phishing – how this troublesome crime is evolving [Security SOS Week] (Naked Security) Join us today to learn from Sophos expert Peter Mackenzie how to keep your organisation safe from the pernicious problem of phishing.
Hackers extorted a cool $1 million from South Korean web hosting provider (Help Net Security) Hackers extorted 1 million after using Erebus ransomware to infect 153 Linux servers, which were hosting the websites of some 3,400 businesses.
Harare Institute of Technology allegedly hit with cyber attack (Techzim) Harare Institute of Technology university website may have been hacked. Here are the details of what the attacker is demanding.
New ‘Orange is the New Black’ season leaked by hackers targeting Windows 7 (Digital Trends) Post-production company Larson Studios was hacked by a group targeting Windows 7, and the new Orange Is The New Black season was leaked.
When Hiring and Firing Puts Your IP at Risk (Cylance) Employees aren’t permanent fixtures. They come and they go. When employees arrive or leave, you need to have in place capabilities to protect against intellectual property theft.
Security Patches, Mitigations, and Software Updates
Did you know? Mac Office 2011 support conks out on Oct. 10 (Computerworld) Companies with employees running Office for Mac 2011 have until Oct. 10 to replace the suite's applications with those from Office for Mac 2016.
Automation 'big as the introduction of nuclear weapons,' says intel official (C4ISRNET) Automation and algorithms will open up previously unperceived possibilities for the Defense Department.
2017 Trustwave Global Report Reveals Cybersecurity Trends (Trustwave) Trustwave today released the 2017 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2016. The report demonstrates both good and bad news in the world of cybersecurity as intrusion detection and breach containment times were relatively better, but other threats like malvertisements became cheaper and malicious spam saw increases.
Gains, losses in efforts to combat cyber crime in 2016: Trustwave (Canadian Underwriter) The fight against cyber crime showed both advances and retreats in 2016, with improvements on the intrusion detection and breach containment fronts matched by cyber crime increasingly being treated as a business, suggests a Trustwave report released Tuesday. Findings in…
Organizations Are Detecting Intrusions More Quickly (Dark Reading) But almost every other metric in Trustwave's 2017 global cybersecurity report card is headed in the wrong direction.
IBM & Ponemon Institute Study: Cost of a Data Breach (IBM) IBM Security & Ponemon Institute study shows that the average cost of a data breach is $3.62M globally. Check out the full results to see what factors increased or decreased the cost of a breach across industries.
IoT malware doubled in 2016, according to Kaspersky (Internet of Business) The amount of malware targeting IoT devices has more than double in 2016, according to a report by It security company Kaspersky.
How GDPR will affect marketing (Computing) DLA Piper's Rachel DeSouza explains what marketers need to consider with GDPR on the horizon
Public Anxiety Over Internet Security is on the Rise, Unisys Finds (Meritalk) The Unisys 2017 Security Index found that public concern over Internet security has increased more than any other security concern since their 2014 survey.
The cybersecurity landscape according to Carbon Black's CEO (ZDNet) How does 'next-generation' antivirus software improve on the traditional variety? How can the IoT be made more secure? These are just some of the questions we put to Carbon Black's Patrick Morley.
Cybereason security firm wins $100m SoftBank backing (Financial Times) Latest funding is part of a surge in VC support for online security companies
How Palo Alto Networks, Inc. Makes Most of Its Money (The Motley Fool) Here are the key contributors to this fast-growing cybersecurity business.
Akamai Technologies' CEO Is Buying Stock - Should You? (Seeking Alpha) Shares of Akamai Technologies have trended lower after the company beat both its Q1’17 earnings and revenue estimates but offered disappointing Q2’17 guidance.
Email Security Firm 'Matches Wits with Bad Guys' (CFO) Email security firm Proofpoint, aiming to double in size within three years, leverages innovation and luck on the way there, its finance chief says.
Building a Threat Intelligence Company (Recorded Future) In this episode, we’ll talk about how Recorded Future made its transition from the virtual garage to an international company with offices around the world.
Cisco hopes artificial intelligence and subscription pricing can make it cool again (MarketWatch) Cisco Systems Inc. says it has figured out how to transform its sales to the new age, and believes it can do the same with intelligent networks.
Security startup confessions: Attending industry events (Help Net Security) Kai Roer, CEO of security startup CLTRe, talks about attending industry events. Learn how to organize, what to do, and most importantly, what not to do.
Comodo and Servertastic Announce New Strategic Partnership (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions...
Fort Gordon garrison commander says cyber growth will spur growth in other areas (Augusta Chronicle) Fort Gordon’s garrison commander said Tuesday that the projected growth of the U.S. Army Cyber Center of Excellence will touch several areas of business and economic growth.
Cybersecurity firm Infoblox to hire up to 100 more in Tacoma (The Suburban Times) Infoblox Inc., the Silicon Valley-based network control and security company, has designated its Tacoma, WA office as a “Center of Excellence for Technology Innovation” and a “Hiring Hub.” The comp…
MKACyber, Inc. Bolsters Team with New Key Executives (MKA Cyber) MKACyber, a rapidly expanding Managed Security Operations Services Provider (MSSP) and security consulting firm with elite SOC expertise, today announced the addition of Cindy Gagliano as president. Teaming with MKACyber Founder...
CACI and American Cyber Receive Department of Defense Nunn-Perry Award for Mentor-Protégé Excellence (BusinessWire) CACI International Inc (NYSE: CACI) and American Cyber, Inc. announced today that the companies have received the prestigious Nunn-Perry Award from th
Virtru's Co-Founder and CTO, Will Ackerly, Named a 2017 Washington Business Journal 40 Under 40 Honoree (BusinessWire) Virtru today announced that the company’s Co-Founder and CTO, Will Ackerly, has been named to the Washington Business Journal’s 2017 40 Under 40...
Zscaler Appoints Howard Ting as Chief Marketing Officer (MarketWired) Former Nutanix CMO Brings Track Record for Building Industry Leading Brands to Propel Zscaler's Leadership in Secure Cloud Transformation
Products, Services, and Solutions
2 handy yet hidden Chromebook security features (Computerworld) Chromebook security gets simpler with these ultra-useful but off-the-beaten-path options.
MyDigitalShield Unveils OmniWAN, a SD-WAN Solution Designed for the SMB Market (Benzinga) New solution brings the high quality and reliability of expensive MPLS networks to low-cost broadband with baked in enterprise security.
Machine learning by ESET: The road to Augur (WeLiveSecurity) Machine learning (ML) in eight blogposts!? In our last post, let’s take a peek under the hood of ESET’s cybersecurity engine and its ML gears.
Cisco creates self-learning network (Computer Dealer News) Cisco Systems latest network will be able to recognize intent. For example, it will be able to automate incoming actions
Iron Bow Adds Cisco® Hosted Collaboration Solution to its Federal Services Suite (BusinessWire) Iron Bow Technologies, a leading technology solutions provider to the government, commercial, and healthcare markets, is proud to announce it has been
Swimlane Updates Its Automated Security Platform With RSA NetWitness® Suite Interoperability (PRNewswire) Swimlane, a leader in automated incident response and security...
ShieldX Reinvents Cloud Security to Tackle Escalating Cybersecurity Threats (BusinessWire) Gartner “Cool Vendor” ShieldX Explodes into the Market with the Most Powerful Cybersecurity Innovation in the History of Cloud Computing
Contrast Brings Security into the DevOps Era (PRNewswire) Contrast Security, the first company to enable self-protecting...
InfoArmor: Operatively-sourced threat intelligence (Help Net Security) Mike Kirschner talks about InfoArmor, a dark web operatively sourced intelligence firm, focused on dark web surveillance and sourcing of breach data.
Technologies, Techniques, and Standards
Why We Need Fair and Accurate Cybersecurity Ratings (U.S. Chamber of Commerce) What is the professional standard for cybersecurity? Whose program is secure and whose isn’t? These are just two of the many questions that arise when discussing the crucial importance of a business’s
The Security Rating Services Market Pioneered by BitSight Achieves Significant Industry Milestone (PRNewswire) BitSight, the Standard in Security Ratings, today announced that a...
Mapping the Top Five CSC to Four Cybersecurity Pillars (The State of Security) Tripwire can map the top five CSC down to four cybersecurity pillars. Are you applying these basic pillars of security?
Three investments a security program should make to mitigate risk (Business Insider Australia) There is no doubt cybersecurity provides longevity to a business and can help differentiate it from its competitors — for both good and not-so-good reasons. The Australian government took important steps to help raise Australia’s cyber resilience with the release of its Cyber Security Strategy in April 2016.
3 Use Cases in Network Security for Threat Hunting (Bricata) Modern network security solutions enable advanced detection and threat hunting across three priorities: prevent known threats, detect anomalies and hunt for what is hiding.
Evaluating artificial intelligence and machine learning-based systems for cyber security (Help Net Security) All indicators suggest that 2017 is shaping up to be the year of artificial intelligence and machine learning technology for cyber security. As with most t
Research and Development
Phone home: how photon entanglement could secure our interplanetary internet (Deutsche Welle) Think we're on the back foot with cybersecurity? Well the deeper we explore space the more we are going to need an interplanetary internet, and the more we'll need it to be secure. Could photon entanglement help?
New Fortscale Patent Advances User and Entity Behavior Analytics (UEBA) Market (Benzinga) Identifies risks, without having to establish rules or thresholds.
Cloud Security Alliance Scholarship Founded at WWU (Western Today) The Cloud Security Alliance, a global cybersecurity organization based in Bellingham that focuses on ensuring a secure cloud-computing environment, has provided a gift to the Western Washington University Foundation that will award an annual $2,500 scholarship for students studying cybersecurity in the university’s Computer Science Department.
Chantilly Academy, Northrop Grumman, GMU to Host Cybersecurity Summer Camp (Fairfax County Public Schools) To meet the demand for cybersecurity and STEM (science, technology, engineering, and mathematics) among middle and high school students, Chantilly Academy, a Governor’s STEM Academy, is again partnering with Northrop Grumman and the Volgenau School of Engineering at George Mason University (GMU) to host its annual cybersecurity summer camp, July 31-August 4, at George Mason University.
Why Boeing revealed its cybersecurity secrets to Cal State Fullerton students (Orange County Register) When you are the Boeing Co., making airplanes on which millions of people’s lives depend, you sure don’t want a bunch of college students to hack into your computer systems. So what do you do? You …
Legislation, Policy, and Regulation
Trump meets Ukrainian leader amid Russia investigation (Military Times) President Donald Trump met with his Ukrainian counterpart Tuesday amid intensifying questions over whether his administration will step in to protect partners in the face of Russian aggression.
Goulard resigns as French armed forces minister (Defense News) That surprise resignation was in response to a French judicial inquiry that opened June 9 into the alleged payment of fictitious assistants in the European Parliament.
New national security approach lets electronic spy agency play cyber-offence (National Post) Canada is going all-in when it comes to cyberwarfare.Weeks after giving the military permission to start developing cyberweapons and other offensive capabilities, the Trudeau government…
NHS needs 'massive' spending increase to prevent another cyber attack, expert warns (HeraldScotland) A "massive" increase in spending is needed to prevent another "avoidable" cyber attack on NHS computer systems, an expert has…
Jeh Johnson: Congress, Trump must protect elections from cyber attacks (USA TODAY) Former Homeland Security secretary Jeh Johnson will testify Wednesday that the threat of cyber attacks against future U.S. elections will only get worse unless Congress and the White House take action to strengthen cybersecurity and protect democracy.
NY gov directs review of voting infrastructure cybersecurity (TheHill) Cuomo's move follows reports of Russian efforts to target election systems.
Armed Services panel aims to toughen cyber oversight in defense bill (TheHill) The House Armed Services Committee will seek to increase oversight of the military’s cyber operations and partnerships with allies on cyber capabilities in this year’s annual defense policy bill.
NSA May Finally Get Independent Internal Watchdog (US News & World Report) The president nominates Robert Storch, three years after Congress voted to require Senate confirmation for NSA inspectors general.
Litigation, Investigation, and Law Enforcement
US Election Officials, Cybersecurity Experts to Testify on Russian Hacking (VOA) US Senate panel will be probing vulnerability of election systems across America
Warner demands Homeland Security disclose 'full scope' of election interference (WJLA) Senate Intelligence Committee Vice Chairman Mark Warner is demanding the Department of Homeland Security disclose information revealing the full extent of foreign interference in the 2016 presidential election. “While I am not aware of evidence that the 20
Senator Probes Top US Defense Contractor Over Leaked Data Tied to Pentagon Project (Gizmodo) One of America’s top defense contractors is facing questions over its security practices after sensitive files tied to a Pentagon project were discovered on a publicly accessible Amazon server.
Dem senator presses intelligence contractor on breaches (TheHill) Sen. Claire McCaskill (D-Missouri) demanded one of the country's largest intelligence contractors explain how login credentials for employees with security clearance were left visible online to anyone with security clearance.
European Human Rights court rules Russian 'gay propaganda' law illegal | News | DW | 20.06.2017 (DW.COM) Europe's human rights court ruled that Russian restrictions on homosexuality violate rights to freedom of expression. Russia says it plans to appeal.
Microsoft details its security process, amid antitrust complaint filed by Kaspersky (Neowin) In a new post, Microsoft has detailed its process of ensuring that its customers stay secure when using Windows 10. The post details Defender and its relationship with third parties.
Education Goes Along With Policy on Cyber Risk (PYMNTS.com) Hitting the ground running with the next big thing in services or products or payments can be a thrill, but for startups with blinders on, ignoring cyber risk can be a lethal misstep. Lucas Morris, senior manager with Crowe Horwath’s technology risk consulting group, and Mike Neal, risk consulting manager at Crowe Horwath, weighed in on the roadmap that helps lead to an effective cyber-risk mindset.