New York: the latest from the 2017 SINET Innovation Summit
The CISO's art of communicating with a board of directors (a live demonstration). (The CyberWire) What does a board do? Fundamentally, it's responsible for the health of the business. The CISO should help the board members understand how information security affects that health.
What CEOs should know about privacy. (Here's one big thing: GDPR will affect you.) (The CyberWire) You may not be interested in the GDPR, but the GDPR is interested in you.
Transitioning research to the market. (The CyberWire) One of the things the US Department of Homeland Security's Science and Technology Directorate takes to heart is transitioning the results of research to products and solutions. Dr. Douglas Maughan talked about how the S&T Directorate works to move research across the proverbial "valley of death" and into the hands of practitioners and operators. (And, of course, into the market.)
Cyber Attacks, Threats, and Vulnerabilities
American and Australian captives are seen in newly released Taliban video (Military Times) The Taliban released a new video on Wednesday showing an American and an Australian captive they abducted last August, the second such footage of the hostages.
Honda Forced to Shut Plant After WannaCry Returns (Infosecurity Magazine) Honda Forced to Shut Plant After WannaCry Returns. Carmaker tried to secure systems in mid-May
One Month Later, WannaCry Ransomware Is Still Shutting Down Factories (BleepingComputer) On Monday, Honda was forced to temporarily shut down its car plant in Sayama, Japan, after some of its computer systems were infected with the infamous WannaCry ransomware.
Traffic cameras in Victoria infected by WannaCry ransomware (The Guardian) State government says 55 cameras were affected after a contractor introduced the virus to the system by mistake
A quarter of enterprises worldwide affected by Wannacry or Fireball, Check Point report (SC Media US) The top three malware families in May impacted a quarter of the globe's organizations with zero-day attacks, according to Check Point's latest Global Threat Impact Index.
Half of industrial control systems suffered cyberattack last year, says Kaspersky survey (Fifth Domain | Cyber) A new survey from cybersecurity firm Kaspersky Lab and Business Advantage looks at the observed and perceived threats impacting the cybersecurity of critical industrial systems, as well as the challenges organizations face to mitigate financial and material damages.
Malware piggybacks on IoT devices from Vietnam and Taiwan - Kaspersky (SC Media UK) In Vietnam and Taiwan, malware is being mass produced alongside cheap web cameras, DVRs and other IoT devices, according to a report from Kaspersky Lab.
A Diabolical Way of Hacking a Chip with a Wave of Your Hand (WIRED) When you think of a standard hacker toolkit, software vulnerabilities and malware come to mind. But a pair of researchers are testing a different type of instrument: a physical tool that can break into devices with a wave of your hand.
Protecting corporate data in the age of point-and-click malware begins with a healthy dose of realism (TechRepublic) The tools for creating malware are getting easier to use as are the ways of buying and selling it. Terbium Labs' Emily Wilson discusses the evolving malware threat with TechRepublic.
'Stack Clash' Smashed Security Fix in Linux (Dark Reading) Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
Breach at UK.gov's Cyber Essentials scheme exposes users to phishing attacks (Register) How does that rank on the Morissette Scale?
Largest US voter data leak shines light on many problems (Help Net Security) Successfully suing Deep Root Analytics, the company that inadvertently leaked US voter data, will likely be difficult, if not impossible.
SSH Key Misuse: Why Aren't We Protecting Our Machine Identities? (Newsfactor) Chris Vickery, a cyber risk analyst for UpGuard, recently revealed that a cache of documents related to a National Geospatial-Intelligence Agency (NGA) military project were left unprotected on an Amazon cloud storage server.
NY Supreme Court Judge Loses Over $1 Million in Email Scam (BleepingComputer) Acting New York State Supreme Court Justice Lori Sattler has lost over one million dollars after falling victim of an email scam, NY Daily News reports.
()
Social engineering… again? (CSO) Headline-grabbing hacks of email accounts belonging to celebrities, businesses and government officials are commonplace.
Hacker angered by officer's acquittal claims attack on state (Fifth Domain | Cyber) A hacker upset about last week's acquittal of a Minnesota police officer who shot and killed a black motorist claims to have stolen hundreds of email addresses from a state database.
Security Patches, Mitigations, and Software Updates
Mozilla ports simplified private browsing app to Android (Help Net Security) Less than a year since the release of Firefox Focus for iOS, Mozilla has ported the privacy-focused, tracker-stopping browser to Android.
Cyber Trends
Average data breach cost declines 10% globally (Help Net Security) This is the first time since the global study was created that there has been an overall decrease in the average data breach cost.
When it comes to trustworthy websites, banks drop the ball (Help Net Security) The percent of FDIC 100 banks making the Honor Roll saw the biggest drop in 2017, going from 55 percent in 2016 to 27 percent.
Consumer Businesses Have False Confidence in their Security: Deloitte (Dark Reading) Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
Cyber-Threats Call for a New Secure Browsing Solution, and Fast (Infosecurity Magazine) Ransomware and other malware requires enterprises to think differently about internet security.
Over Half of UK Small to Medium Sized Businesses Uncertain of Brexit Impact on GDPR (PRNewswire) Half of UK SMBs Not Confident They Can Meet GDPR Requirements
Shipowners must do more to prevent cyber attacks (Marine Electronics and Communications) Ships have multiple cyber vulnerabilities and security issues that put them at risk from hackers and malware. Delegates at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit, held in association with Norton Rose Fulbright in London, participated in an interactive presentation by DNV GL.
Lastline Survey: Nearly Half of Security Personnel Prefer Root Canal to Notifying their Board of a Data Breach - EconoTimes (EconoTimes) Lastline, Inc., the leader in advanced malware protection, today announced the results of a survey conducted at Infosecurity Europe 2017. It found that 44 percent of security...
Keeping up with the hackers’: Cybersecurity breaches bill not the only wake-up call for Australian businesses (CSO) Throughout 2017, Aussie businesses have seen the cyber security landscape shift tremendously. From the most recent WannaCry attacks, to changing legislation such as the breach notification laws, it is clear cyber security is front and centre of both government and business agendas.
Marketplace
Cyber due-diligence now forms an essential part of M&A planning (SC Media UK) As cyber-concerns make their way up the boardroom agenda, companies involved in mergers and acquisitions are increasingly conducting cyber due-diligence.
Aviation Industry Seeks to Strengthen Cybersecurity Defenses (Fox Business) Escalating concerns about cyberthreats are prompting the aviation industry to devise an unlikely new safeguard: real-time warnings to pilots about potential hacking attempts.
Inside Microsoft's AI Comeback (WIRED) Yoshua Bengio has never been one to take sides.
Microsoft Makes Edge Browser a Permanent Part of Its Bug Bounty Program (BleepingComputer) Microsoft promoted today the Edge browser to a permanent spot in its bug bounty program, in which, Edge was only part in a limited role.
Egnyte Achieves Profitability, But Growth Is Elusive (Seeking Alpha) Egnyte has managed to achieve profitability - a rare feat in its industry. Still, Egnyte needs to find some strategic levers of growth relatively soon, as it is
Palo Alto Networks Inc. in 5 Charts (The Motley Fool) Here's the cybersecurity specialist's business visualized through a few key trends investors will want to watch.
FireEye Inc. in 5 Charts (Madison) Cybersecurity software specialist FireEye (NASDAQ: FEYE) has big plans for 2017. Despite sharply slowing sales growth, the company aims to reach operating profitability while generating positive cash flow this year.
Better Buy: General Dynamics Corporation vs. Raytheon (The Motley Fool) Which defense contractor is smarter for investors right now? Find out here.
Intel Is Teaming With This Israeli Cybersecurity Incubator (Fortune) Israel is home to approximately 450 cyber startups.
Md. Commerce, UMBC to Launch International Cybersecurity Center (Southern Maryland Online) The center will provide an executive training session, a 12-month incubator program, and other support to companies from the United Kingdom and other allied nations, to help them establish a foothold in the U.S. market.
CACI, American Cyber Win DoD Award for Mentor-Protege Program (GovCon Executive) CACI International and American Cyber have received the Defense Department’s Nunn-Perry Award for th
Silent Circle Announces Vital Leadership Team Additions to Invigorate Enterprise Growth (Telecom Reseller) Continues to advance secure business communications through a unique suite of revolutionary solutions
SentinelOne Hires Former Cylance Head of Sales for Global Sales Leadership Role (Marketwired) "Nick has a deep understanding of the endpoint market, and shares our vision to continue and shape what cyber security will look like in the future.
Comodo Announces Former White House CIO Carlos Solari as New VP of Cyber Security Services (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions and...
Products, Services, and Solutions
Darktrace AI technology now applied to M&A cyber security due diligence process (Cambridge Network) News from Cambridge businesses. Network members upload news here about their products, services and achievements.
Flawless defence – how Glasswall protected itself from a cyber attack (Information Age) How can a business protect itself from a cyber attack? In a unique case study, Glasswall Solutions may have the answer
Sophos to Secure Konica Minolta's 'Workplace Hub' (News18) Global software security firm Sophos on Wednesday announced a partnership with Japan-based Konica Minolta to secure its popular platform "Workplace Hub".
GoDaddy Launches New Website Security Products Powered By Sucuri (PRNewswire) GoDaddy Inc. (NYSE: GDDY), the world's largest technology provider...
Quick Heal Technologies’ Seqrite unveils latest version of End-Point Security (Udaipur Kiran) Quick Heal Technologies’ Seqrite has launched more refined and enriched version of Seqrite End-Point...
New Illumio Technology Offers New Encryption Options To Protect Customers' Traffic In Hybrid Cloud Environments (PRNewswire) Illumio today announced its SecureConnect policy-based IPsec...
Technologies, Techniques, and Standards
Cyber security experts team up with grid to protect Europe (Energy Live News) A cyber security organisation and power grid operators have teamed up to protect Europe against cyber attacks.
Application Security in the Cloud: Who’s Responsible? (A10 Networks) We’ve all heard about the benefits of cloud infrastructure: improved productivity, cost savings, efficiency, agility and a host of other buzzwords that paint cloud as the be all, end all for IT.
Design and Innovation
This add-on could save millions of cars from hackers (Roadshow) A cyberdefense system that protects phones, printers and routers could soon help keep cars safe.
From Yelp reviews to mango shipments: IBM's CEO on how blockchain will change the world (Business Insider) Ginni Rometty says IBM's use of blockchain goes well beyond bitcoin and cryptocurrencies.
Research and Development
KT and KIST Establish Quantum Communication Application Research Center to Quickly Catch up to Advanced Technologies (ET News) KT officially declared development of quantum cryptography communication technology which is expected to contribute in forming an ecosystem of applicable South Korean industries for quantum cryptograp
Academia
More Universities Add Blockchain Courses to Meet Market Demand (NASDAQ) In recent months, there has been a surge in the demand for blockchain professionals . Data from the professional networking site LinkedIn has shown that blockchain related job postings have tripled in the last 12 months.
Legislation, Policy, and Regulation
Trump huddles with national security staff on how to protect the electric grid (Washington Examiner) Representatives from the European Union, Mexico and Canada will address the forum, in addition to energy and utility trade groups and state...
Queen’s Speech praised for certainty on data protection (ComputerWeekly) The Queen’s Speech has been praised for removing any doubt about the UK’s commitment to data protection.
Queen's Speech: UK tech reacts to Digital Charter, Brexit & data protection (Computer Business Review) CBR has compiled a list of reactions from professionals in the tech industry to the Queen's Speech that outlined the plans and priorities of the Government.
New French armed forces minister named day after Goulard's resignation (Defense News) The French president’s office has appointed a director of the state-owned SNCF railway operator as the minister of armed forces, replacing Sylvie Goulard, who unexpectedly resigned June 20.
Canada’s NSA is gaining the power to launch cyber attacks worldwide (Vice) New legislation will give CSE new powers to launch cyber attacks and tap the very core of the internet
Trump's cyber deterrence is a lot like Obama's (C4ISRNET) The Trump administration's approach to cyber deterrence closely mirrors that of the Obama administration's.
Job openings focusing on IT (Federal Times) CIO.gov has listed three available IT focused job openings.
DISA Describes Cyber Challenges, Requirements (IT Business Net) When it comes to security, a lot rides on the blossoming ecosystem known as the Internet of Things that will influence just about every part of society.
Litigation, Investigation, and Law Enforcement
Congress hears sinister tale of Russia election meddling (Fifth Domain | Cyber) Current and former government officials painted a sinister portrait Wednesday of Russian cyberattacks on the United States aimed at interfering in the U.S. presidential election last year.
DHS official: Election systems in 21 states were targeted in Russia cyber attacks (CBS News) In Senate Intel hearing, Homeland Security official says no systems targeted in the election were involved in vote tallying
US officials underscore Russia threat to 2016 elections (Military Times) U.S. officials sought Wednesday to underscore for lawmakers the threat Russia posed to the 2016 vote for the White House, outlining efforts to hack into election systems in 21 states and to fill the internet with misinformation during a divisive campaign season.
U.S. Elections Systems Vulnerable, Lawmakers Told In Dueling Hearings (NPR) Jeh Johnson, Homeland Security secretary during the 2016 election, testified before the House Intelligence Committee while the Senate Intelligence Committee heard from cybersecurity experts.
Former head of Homeland Security testifies on Russian interference in 2016 election (Los Angeles Times) Former Secretary of Homeland Security Jeh Johnson defended the Obama administration’s delay in revealing Russian attempts to interfere with the 2016 election in a Senate hearing Wednesday.
Watch: Former Homeland Security chief Jeh Johnson testifies on Russia meddling (Los Angeles Times) Update on 'Trump revels after Republicans eke out victories in Georgia and South Carolina House races'
Obama’s DHS Secretary Slams DNC Obstinance on Hacks (LifeZette) Former Secretary of Homeland Security Jeh Johnson hammered the Democratic National Committee on Wednesday for its failure to cooperate with the investigation into Russian hacking of its computer system.
Analysis | Obama’s homeland security secretary just unloaded on the DNC (Washington Post) “It would be easy for me to say that I should have bought a sleeping bag and camped out in front of the DNC in late summer,” Jeh Johnson said.
5 lessons from Senate hearing on election hacking, including whether Trump is really president (Fifth Domain | Cyber) The Senate Intelligence Committee gathered two expert panels on Thursday for a discussion of the past, present and future of Russian interference in elections
5 Questions Ahead Of The Election Hacking Hearings (NPR) Russia's efforts to interfere with last year's elections will be front and center during two hearings on Capitol Hill on Wednesday.
Microsoft admits Windows 10 disables third-party security software (ComputerWeekly) Microsoft has admitted Windows 10 disables some third-party security software, but claims this is purely because of compatibility issues.
Microsoft briefly disables anti-virus software for Windows 10 - BBC News (BBC News) The software giant responds to Kaspersky Lab's anti-trust complaint to the European Commission.
Microsoft Admits to One Kaspersky Allegation (Thurrott.com) Microsoft has posted a public response, of sorts, to recent allegations by Kaspersky Lab.
'Manufacturers must be liable for IoT data breaches', argues Malwarebytes (Computing) With IoT security still a low priority, should manufacturers change their approach?
Virginia sues Northrop Grumman for $300 million in dueling IT divorce suits (Richmond Times-Dispatch) The impending divorce between Virginia’s information technology agency and Northrop Grumman is getting more expensive, but the question is who will pay the bill.