Washington, DC: the latest from the Intelligence and National Security Summit
It's all cyber, everywhere and all the time. (The CyberWire) The Intelligence and National Security Summit was held in Washington, DC, this week. Sponsored jointly by AFCEA and INSA, the annual two-day conference affords the US Intelligence Community an opportunity to exchange ideas in a public, unclassified forum. One clear theme emerging from the Summit on the state of intelligence is this: it's all cyber, all the time and everywhere. No traditional intelligence discipline exists without significant activity in cyberspace.
Spy chiefs set sights on AI and cyber (FCW) Harnessing data and disruptive technology, such as artificial intelligence, to detect and thwart cyber threats is the IC’s top challenge.
The Robots Will Run the CIA, Too (Foreign Policy) The U.S. agency is very interested in artificial intelligence.
NBIB testing e-QIP replacement this fall as National Counterintelligence Executive plans 'Stand Down Day' (FederalNewsRadio.com) The National Background Investigations Bureau plans 'human testing' this fall to improve the federal security clearance process.
The intel community still doesn't know how it should fix the security clearance problem (FederalNewsRadio.com) Leaders in the intelligence community are still performing a balancing act between employee freedom and security issues when it comes to security clearance.
Leadership Vacancies Have Slowed Security Clearance Reform, Officials Say (Government Executive) To cope with delays, the Pentagon issues risky interim clearances, resulting in “rapists and pedophiles” having access to classified information.
Undersea mission is a top intelligence priority for the Navy (C4ISRNET) The top intelligence concern for the Navy's top intelligence officer lies beneath the surface of the ocean.
Cyber Attacks, Threats, and Vulnerabilities
Protego -- CIA's "Missile Control System" Exposed By Wikileaks, Not A Malware (Fossbytes) Protego is a missile control system Wikileaks claims was developed by Raytheon. The project was maintained under CIA's roof between 2014 and 2015.
ShadowBrokers accelerating NSA leaks to twice a month (TheHill) The ShadowBrokers, a group that for more than a year has been leaking documents they claim were taken from the National Security Agency, have resurfaced once again.
Equifax Announces Cybersecurity Incident Involving Consumer Information (Equifax) No evidence of unauthorized access to core consumer or commercial credit reporting databases. Company to offer free identity theft protection and credit file monitoring to all U.S. consumers
Why the Equifax breach is very possibly the worst leak of personal info ever (Ars Technica) Consumers' most sensitive data is now in the open and will remain so for years to come.
Breach at Equifax May Impact 143M Americans (KrebsOnSecurity) Equifax, one of the “big-three” U.S. credit bureaus, said today a data breach at the company may have affected 143 million Americans, jeopardizing consumer Social Security numbers, birth dates, addresses and some driver’s license numbers.
Credit Reporting Firm Equifax Hacked; SSNs of 143M Americans Stolen (HackRead) Another day, another data breach but this one will haunt the targeted customers for a long time. Equifax, a consumer credit reporting agency in the United
Firm Hired to Monitor Data Breaches Is Hacked, 143 Million Social Security Numbers Stolen (Motherboard) Equifax reveals hackers recently stole all kinds of sensitive data from its servers.
Want to Know If Your SSN Was Included in the Equifax Breach? Good Luck! (Motherboard) There's no good way to know if your data was compromised in the Equifax hack.
How to Protect Yourself From That Massive Equifax Breach (WIRED) Don't panic, but start watching your credit report and financial accounts very closely.
Equifax shares tumble after data hack news (USA TODAY) Data on 143 million consumers in the U.S. was compromised in a series of cyberbreach.
Equifax executives sold stock after data breach, before informing public (MarketWatch) After Equifax Inc. discovered a massive data breach that may have endangered the personal information of up to two-thirds of Americans, but before the company divulged the information, three executives sold their Equifax stock, according to Securities and Exchange Commission filings.
The Social Security Number Is Basically Dead Now (Motherboard) BURN THE SSN.
Mexican VAT Refund Giant Exposes Half-Million Passports, Credit Cards Online (Infosecurity Magazine) MoneyBack left a misconfigured database open, with passport info, credit card numbers, travel tickets and other credentials.
Unsecured databases are (still) the low-hanging fruit of the internet (Naked Security) We’ve written about way too many of these incidents – make sure your database isn’t spilling data too
5,400 customers hit in cyber attack on AXA's Health Portal (The Straits Times) The personal data of about 5,400 past and present customers of AXA Insurance in Singapore has been stolen in a cyber attack..
Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim (Threatpost) Researchers say a 18-year-old programming error by Microsoft is creating a kernel bug that can be abused by an attacker.
Researchers Reveal New Toast Overlay Attack on Android Devices (BleepingComputer) Mobile security experts from Palo Alto Networks have detailed a new attack on Android devices that uses "Toast" notifications to help malware in obtaining admin rights or access to Android's Accessibility service — often used to take over users' smartphones.
Alexa, Cortana, Google, Siri user? Watch out for these inaudible command attacks (ZDNet) For as little as $3, an attacker can silently tell any voice assistant to open up a malicious webpage.
Russian Hackers Used 9000 computers to Mine Monero, Zcash, Other Cryptocurrencies (Cointelegraph) A group of hackers installed cryptocurrency mining malware on 9000 computers over two years.
Merkel loses backing of Germany’s 2m Russian voters (Times) The Kremlin’s claim to Crimea has become part of the German election campaign in the battle for the votes of two million Russian-Germans who are turning away from Angela Merkel towards populists...
Facebook May Have More Russian Troll Farms to Worry About (WIRED) The Internet Research Agency, which appears to have purchased thousands of bogus political ads on Facebook, may be defunct, but its work may not be done.
Election officials criticize Harvard study of voter registration vulnerabilities (Cyberscoop) Election officials are pushing back against a new Harvard study saying hackers could disenfranchise Americans in 35 states and the District of Columbia by exploiting vulnerabilities in online voter registration systems.
'Nation-state' hackers increase sabotage attempts aimed at Western energy companies (Cyberscoop) Researchers for Symantec say "the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so."
Smart tea kettle leaves your home Wi-Fi security in hot water (CNET) When a connected tea kettle has an unchangeable password of only six characters, maybe it’s not so smart.
Thought you’d blocked a Twitter user? Here’s how they can still dogpile you (Naked Security) A bug means someone you’d rather avoid on Twitter can still view and retweet your posts, even if you’ve blocked them
Phishing Alert: Police Warn UK Students of Loans Company Scam (Infosecurity Magazine) Phishing Alert: Police Warn UK Students of Loans Company Scam. Identity theft campaign designed to coincide with start of academic year
Householders warned about fake Irish Water emails (Irish Examiner) Householders have been warned to remain vigilant as cybercriminals aim to steal from bank accounts via another wave of fraudulent emails claiming to come from Irish Water.
Security Patches, Mitigations, and Software Updates
Apple and Google Fix Browser Bug. Microsoft Does Not. (BleepingComputer) Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively.
Microsoft won't patch Edge browser content security bypass (Register) Tells Cisco's Talos it's a feature, not a bug. Apple and Google disagree and fixed it
Verizon Moto Z Play, Z2 Play Updated With August Security Patch (Droid Life) Verizon is rolling out the August security patch to owners of the Moto Z Play and Moto Z2 Play. Aside from the bump in security, there doesn’t seem to be anything else inside of these updates. The updates are labeled as NDNS26.118-23-1 for the Z Play and NDSS26.118-23-4 for the Z2 Play. Go grab it, Z Play and …
Cyber Trends
A Sputnik Moment for Artificial Intelligence Geopolitics (Council on Foreign Relations) The following is a guest post by Kyle Evanoff, research associate, international economics and U.S. foreign policy, and Megan Roberts, associate dire…
Artificial Intelligence Fuels New Global Arms Race (WIRED) Russia, China, US rush to weaponize artificial intelligence.
The Cyber Security Mega Cycle Aftermath (Optiv) During the past decade, we have witnessed a virtual explosion in the cyber security world. While serving as CEO of McAfee and FireEye, and a U.S. Army commander and CIA director, respectively, we have lived through and witnessed first-hand exponential growth in: threats, threat actors, reported breaches, security vendors, investments in security companies and probably most significantly, private and public sector security spending.
Is Public Sector Cybersecurity Adequate? (Dark Reading) Many governmental organizations are unstaffed, underfunded, and unprepared to fight common attacks, and they could learn a thing or two from the private sector.
Emerging threats fuel public threat intelligence sharing (Help Net Security) This changing threat landscape has fueled a significant increase in the public sharing of threat intelligence over the past two years.
Marketplace
Cyberattacks outpacing security industry's growth, says Centrify CEO (SiliconANGLE) Cyberattacks outpacing security industry's growth, says Centrify CEO - SiliconANGLE
Darrell Stein out at Reckitt Benckiser (Computing) Reckitt Benckiser CIO Stein carries the can for July's NotPetya outbreak
Security Startup ForgeRock Brings In $88 Million (NewsCenter.io) ForgeRock announced it has secured $88 million in Series D financing. Accel Partners led the round, with participation from KKR, Meritech Capital Partners, and Foundation Capital. ForgeRock is a digital identity management company with a mission to transform the way organizations interact securely with customers, …
Sydney IBM, Okta partner Decipher Works acquired for $5 million (CRN Australia) Decipher Works partners with Okta, IBM, SailPoint and Quest.
Plurilock Ramps Up Market Footprint as Demand for its 'Proof of Presence' Cybersecurity Solution Grows (PRNewswire) Spurred by fast-growing demand for its real-time behavioral...
Is Symantec getting ready to buy Splunk? (TechCrunch) Yesterday, Symantec CEO Greg Clark flexed his M&A biceps, saying that Splunk could be an attractive target. Clark definitely plans to go whale hunting to..
Sorry Investors, MIT Can't Save IBM From Secular Decline (Forbes) IBM has suffered 21 consecutive quarters of declining revenues. Since Ginni Rometty took over on October 25, 2011, its shares have lost 22% of their value while the S&P 500 is up 99%, according to Morningstar.
Darktrace in UK’s top three fastest-growing tech companies (Business Weekly) Cambridge cyber security specialist Darktrace has roared into the UK’s fastest-growing technology company elite for the first time – charging straight into the top three.
Can Qualcomm Become a Big Name in Artificial Intelligence? (The Motley Fool) Qualcomm has designs on the AI space, but rivals already have an advantage.
Secure Octane's Mahendra Ramsinghani Talks Cybersecurity, Venture Investment (International Business Times) International Business Times talked with Secure Octane's Mahendra Ramsinghani about cybersecurity and seed investments.
Salient CRGT Awarded $11.5M Prime Contract to Support Defense Commissary Agency's Enterprise Data Warehouse (Business Insider) Salient CRGT, Inc., a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions has been awarded a prime contract from the Defense Commissary Agency (DeCA).
Three Contract Protests Lodged Against NSA! (Breaking Defense) The National Security Agency, which can go for ten years without a contract protest, currently faces three, slowing the agency’s ability to issue new contracts.
Siemens: Neues „Silicon Valley“ im Fernen Osten Russlands möglich (Sputnik Deutschland) Europäische Unternehmen zeigen Interesse an der russischen fernöstlichen Region Primorje. Das hat sich auf dem 3. Östlichen Wirtschaftsforum in Wladiwostok am 6. und 7. September gezeigt. Siemens-Vertreter Dietrich Möller sieht gute Entwicklungschancen. Im Sputnik-Interview erklärt er, warum.
Marine Corps Seeks Applicants for Prestigious Cyber Internship (DVIDS) The Marine Corps is seeking qualified applicants for the Joint Cyber Development Program (JCDP) class of 2021 via MARADMIN 439/17.
Cloud Security Expert John Hawley Joins Delta Risk LLC as Vice President of Product Strategy (PRNewswire) Delta Risk LLC, a global provider of cyber security and risk management...
Mike Potts Named as Webroot CEO; Dick Williams to Retire (Webroot) Leadership transition follows 14 consecutive quarters of double-digit growth for cybersecurity and threat intelligence provider.
Optiv Security Appoints Dave DeWalt and General (Ret.) David Petraeus to Board of Directors (Optiv) Optiv Security today announced two new appointments to its Board of Directors: Dave DeWalt, former FireEye and McAfee chief executive officer, who will serve as vice chairman of the board, and retired United States Army General David Petraeus.
Kenna Security Adds Security Industry Marketing Veteran (Benzinga) Tamir Hardof joins Kenna Security's leadership team
Balabit Focuses on Accelerating Growth in North America with New Executive Hires (BusinessWire) Balabit, a leading provider of Privileged Access Management solutions, today announced two executive hires.
LI firm announces death of board chairman (Newsday) Verint Systems Inc., a Melville-based maker of software used in managing call centers and tracking criminal and terrorist networks, Wednesday announced the death of Victor
Products, Services, and Solutions
ContentKeeper announces Cylance partnership (ContentKeeper) ContentKeeper Technologies and Cylance® Inc. have signed an original equipment manufacturer (OEM) agreement to embed the Cylance OEM Engine into ContentKeeper’s Multi-layered Gateway Security Platform.
KB Kookmin applies Trustonic tech to protect new messaging app (Finextra Research) Korea’s largest bank, KB Kookmin Bank, has worked with Trustonic and ATsolutions to secure its new peer-to-peer (P2P) payment and messaging app, Liiv TalkTalk.
Core Security Brings Consumer Grade User Experience to Access Assurance Suite (PRNewswire) ATLANTA, Sept. 7, 2017 /PRNewswire/ -- Core Security, a leader in Identity and Access Management, Vulnerability...
KnowBe4 Releases Email Exposure Check Pro to Help Organizations Identify At-Risk Users (PRWeb) Revamped tool identifies at-risk users through deep web searches and hundreds of breach databases for no-charge.
EY and Guardtime team up to launch marine shipping insurance blockchain (SiliconANGLE) EY and Guardtime team up to launch marine shipping insurance blockchain - SiliconANGLE
What’s under the hood of the new Brave browser? (Naked Security) There’s a new kid on the browser block based on Ethereum – but what’s its business model and what’s in it for users?
Comodo Giving Away a Year of Free 24/7 Help Desk to MSPs (MSP Mentor) Talk about disruptive! Security software vendor Comodo today announced it is literally giving away a year of help desk service to managed service providers (MSPs) – free of charge.
Cybersecurity Executive Order 13800: More than a Risk Assessment? (Akamai) Most folks around the Washington DC beltway have heard the cybersecurity Executive Order (EO 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure) referred to as a simple risk assessment.
Microsoft slings bulked-up Windows Defender preview at world+dog (Register) Security tool slated for Creators Update promises to rat on misbehaving apps, bad staff
Atomicorp Releases Atomic Secured IoT Kernel - the Fastest and Most Robust Method to Implement IoT Security (Benzinga) Atomicorp introduces first secure Linux kernel designed for IoT cybersecurity use cases and requirements.
Avast launches new security solution for SMBs and MSPs (BetaNews) Following Avast's acquisition of rival firm AVG last year the two companies' products have largely continued side by side.
Proofpoint Launches Domain Discover to Stop Fraudulent Lookalike Domain Attacks Before They Strike (GlobeNewswire News Room) Cybersecurity Leader Integrates Proactive Fraudulent Domain Scanning with the Email Security Gateway
Indian State, WISeKey Partner to Secure Citizen Data with Blockchain (Block Tribune) The Government of Andhra Pradesh is collaborating with Swiss cybersecurity company WISeKey to secure citizen data with blockchain technology.
CyberArk and Ansible Automate Security Best Practices in DevOps Pipelines (BusinessWire) CyberArk integrates the CyberArk Conjur secrets management solution with Ansible to automate privileged account security best practices across DevOps
Lieberman Software Helps US Federal Agencies Achieve Continuous Diagnostics and Mitigation (CDM) Standards (Marketwired) Lieberman RED Suite provides automated countermeasures against cyber attacks that help secure sensitive government systems and reduce IT costs
Technologies, Techniques, and Standards
EU tests cyber defences with fake attack (Computing) Simulation involved drone hijacking, network viruses and a total loss of communications with naval forces
A threat intelligence program: the challenges and advantages (Information Age) Security is the name of the game, and a well thought-out threat intelligence program can help organisations win
Design and Innovation
Agile Software Development Will Be Key for the Military (SIGNAL Magazine) Military commanders have to contend with a new cyber domain that calls for responsive, “agile” software development.
Hacking trucks: Cybersecurity and the ELD mandate (Overdrive) With hundreds of thousands of big rigs about to tack on internet-connected ELDs, some people see a major security threat.
Academia
April Boyd-Noronha: 9 takeaways from KU’s GenCyber Summer Camp (Startland News) KU is leading the education narrative as part of the solution to the nation’s shortfall of skilled cybersecurity professionals, April Boyd-Noronha says.
Legislation, Policy, and Regulation
NATO will rely on members to independently field cyber weapons but is building cyber command (IHS Jane's 360) NATO is in the process of building its own integrated cyber command structure for defensive purposes, although offensive capabilities will still reside with member nations, NATO’s Assistant Secretary General for Defense Investment said on 6 September.
President of Vietnam Calls for Harder Internet Protocols (Columnist News) President of Vietnam called last week for harder managements on the Internet in the face of protesters who are utilizing it to condemn the ruling Communist Party. The decision was also made in order to battle threats to cyber security.
EU anti-piracy plan would introduce internet surveillance and 'ancillary copyright', claim campaigners (http://www.cC) Proposals would contradict eCommerce Directive and ECJ court judgements
Survey: 78% of Security Pros Believe Election Hacks Are Acts of Cyber War (BusinessWire) 88% of security professionals say governments have not done enough to deter hackers from interfering with future elections.
Tom Kellermann on Upping the Cyber Response Ante (BankInfo Security) We all see the heightened global tensions with Russia, North Korea and China. But what’s happening below the surface, where cyber attacks originate? Tom
Congress wrestles with gaps in cyber workforce (TheHill) Members of Congress are putting the spotlight on the persistent challenges facing the government as it seeks to beef up its cybersecurity workforce.
US Senator pushes for US government wide ban on Kaspersky software (SC Media UK) US Senator Jeanne Shaheen is pushing for a federal government-wide ban of security software developed by Russian cybersecurity firm Kaspersky Lab.
FBI needs to show its Kaspersky cards or fold (Cyberscoop) The U.S. can’t argue that it’s protecting sources and methods. If they are correct about Kaspersky, Russian intelligence already knows what they know.
CISOs debate the need for shared services (Fedscoop) For agencies looking to improve their cybersecurity posture through IT modernization, CISOs say it's best to start with a strong foundation.
Modernization boosts cybersecurity anxieties, survey says (FCW) A survey of 200 federal IT leaders found that while most saw the eventual benefits of IT modernization, the process has resulted in a more challenging cybersecurity environment.
Louisiana expands secure authentication for government services (SecureIDNews) Working with CA Technologies, the state of Louisiana is pushing to bring more digital security and efficiency to 16 government agencies. Already, the secure authentication system has improved service access for some 1.5 million Medicaid recipients, while staying with the bounds of the state’s budget restraints.
Litigation, Investigation, and Law Enforcement
The Senate’s Russia Investigators Need to Slow Down (Foreign Policy) The chairman is trying to hurry to wrap things up, but there's a ton more work to do.
Eset faces a lawsuit of €15 million for patents (Slovak Spectator) The antivirus-software developer Eset is facing a lawsuit concerning patents filed by the California-based Finjan company, known for this type of disputes also from abroad.
Ex cop and child porn suspect to remain in jail until he decrypts drives (HackRead) Former Cop and Child Porn Suspect Might Remain in Jail Forever for Contempt of Court. Francis Rawls has remained in prison since 30th September 2015 for re
Another former TZ Limited director faces fraud charges (CRN Australia) Former colleague was sentenced to 10 years imprisonment.
Wynyard NZ Liquidator Still Mulling $171M Claim from Parent, Chases $5.9M from Subsidiaries (Sharechat) The liquidators of Wynyard (NZ), the local unit of the failed crime investigation software developer, are still considering a $171 million creditor claim from the parent company while pursuing $5.9 million from two other subsidiaries of the group.