Washington, DC, the latest from AUSA
Speed up information sharing to outmatch enemy, says acting U.S. Army secretary (Defense News) Near-peer competitors are going to school on the U.S. military's capabilities, warns acting Army Secretary Ryan McCarthy, and the service needs to find a balance where it can invest in countering irregular warfare but also supporting conventional efforts.
Interview: Joe Billingsley, founder of the Military Cyber Professionals Association (Defense News) The founder of the Military Cyber Professionals Association discusses the military's challenges attracting and retaining enough skilled people to its cyber billets.
How the US Army is Preparing to Fight Hybrid War in 2030 (Defense One) The future is little teams operating on land, in the air, and online, taking on enemies that haven’t declared themselves.
Hodges: Russian electronic warfare capability 'really effective' (Defense News) According to Lt. Gen. Ben Hodges, the commander of U.S. Army Europe, the Russian military demonstrated an
Eyeing Russia, lawmakers aim to boost Army electronic warfare (C4ISRNET) Worried the U.S. Army is unprepared to take on Russia in Europe, U.S. lawmakers have advanced legislative language to pressure the Pentagon to catch up on electronic warfare, long-range missiles and countering drones.
Russia remains the greatest near-term threat to the US, intel official says (Army Times) Russia remains the greatest near-term threat to the United States, said the U.S. Army assistant deputy chief of staff for Intelligence on Monday.
4 areas where military cyber forces should focus in cyberspace (C4ISRNET) Given the vastness of cyberspace, one academic offers his view of the areas within cyber on which the DoD must focus its resources to be most effective.
Here’s how the Army’s Rapid Capabilities Office is working cyber (C4ISRNET) The RCO is currently working three areas of cyber, Doug Wiltsie, RCO director, told C4ISRNET Oct. 9 during the annual Association of the United States Army conference.
User feedback critical for the Army’s Rapid Capabilities Office (C4ISRNET) Hearing from operators allows the Army RCO to successfully reconfigure the first-look solutions it field tests.
Army consolidates network portfolio (C4ISRNET) The Army has taken a one network approach to its communications and network portfolio, consolidating related programs into a single project manager office.
The Army's network is 'fragile' and 'vulnerable' (C4ISRNET) Space is congested and contested, and the Army's partnership with industry must give the service the ability and endurance to fight in any domain of warfare in any environment, says Col. Enrique Costas, the project manager of defense communications and transmission systems for the Army's Program Executive Office for Enterprise Information Systems.
The Army is creating a modernization command to keep projects on track (Defense News) The Army is establishing a new organization to ensure its modernization programs get the attention, thought and forward movement needed to maintain overmatch against potential adversaries in the future.
A device for every soldier? The Army is considering it (C4ISRNET) Between the hours soldiers have to spend online for professional military education and the possibilities a handheld, touchscreen device could hold downrange, the Army is taking a step toward developing a standard-issue device for every soldier.
The Army’s combat training centers must adapt more quickly to real-time battlefield threats (Defense News) The Army’s combat training centers must implement real-time battlefield threats into pre-deployment training more quickly and cheaply, senior leaders said.
Cyber Attacks, Threats, and Vulnerabilities
Israel hacked Kaspersky, then tipped the NSA that its tools had been breached (Washington Post) The Russian cybersecurity firm is in the spotlight because of suspicions its products facilitate espionage.
How Israel Caught Russian Hackers Scouring the World for U.S. Secrets (New York Times) Exploiting the popular Kaspersky antivirus software, Russian hackers searched millions of computers for American intelligence keywords. Israeli intelligence tipped off American officials.
Kaspersky's U.S. spat a sign of Balkanisation in cyber world: Interpol (Reuters) Divisions along national lines, including actions taken by the United States against Russia's Kaspersky Lab, are making it harder to effectively fight cross-border cyber crime, a senior Interpol official told Reuters on Tuesday.
North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker Says (New York Times) Among the data stolen in a hack last year was a plan to remove the North Korean leader Kim Jong-un, referred to as a “decapitation” plan.
North Korea Has Cyber Capabilities, But What Are They? (CyberDB) As of late, there has been indications that North Korea has been fosuing its cyber powers on stealing data, disseminating influence campaigns
Hacking North Korea Is Easy. Its Nukes? Not So Much (WIRED) Security researchers say penetrating North Korea's hacking operations and even its domestic intranet is possible. But not enough to stop its nuclear threat.
How the Chinese cyberthreat has evolved [Commentary] (Fifth Domain) With more than half of its 1.4 billion people online, the world’s most populous country is home to a slew of cyberspies and hackers. Indeed, China has likely stolen more secrets from businesses and governments than any other country.
Google uncovers Russian-bought ads on YouTube, Gmail and other platforms (Washington Post) The problem of Russian meddling on Google and Facebook is much greater than has been previously revealed.
Hacker study: Russia could get into U.S. voting machines (POLITICO) American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future.
Accenture inadvertently exposes highly sensitive corporate, client data online (Help Net Security) Corporate consulting giant Accenture left bucketloads of sensitive corporate and client data exposed online for anyone to access.
Accenture left four servers of sensitive data completely unprotected (Engadget) The exposed data included passwords, decryption keys and client information.
System Shock: How A Cloud Leak Exposed Accenture's Business (UpGuard) Multiple sensitive buckets belonging to the corporation were found publicly exposed, revealing credentials, keys, and customer information.
Data Breach Exposed Medical Records, Including Blood Test Results, of Over 100 Thousand Patients (Gizmodo) In the latest leak of sensitive medical records in the United States, lab test results and other patient files belonging to an estimated 150,000 Americans were unearthed online by security researchers late last month.
Deloitte Hack Compromised Government Emails (CIO Today) The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world's biggest multinationals, the Guardian has been told.
Deloitte hack hit server containing emails from across US government (Guardian) Exclusive: Cyber-attack was far more widespread than firm admits, say sources, with data from as many as 350 clients in compromised system
Fast Flux Botnets Still Wreaking Havoc (Akama) Akamai today announced results of new research into the behavior of a malicious botnet employing Fast Flux techniques. The findings are compiled in a new white paper – Digging Deeper - An In-Depth Analysis of a Fast Flux Network.
Learning from the Disqus data breach (Naked Security) What does the Disqus data breach tell us about security?
Busted! Founder sells $51m website, hacks it, tries to sell site its own data (Naked Security) What’s worse than Dracula sucking your blood? Dracula sucking your blood and then trying to sell it back to you
Unique security challenges facing the Census Bureau (Fifth Domain) With all that public data and a huge temporary workforce coming in every 10 years, Census deals with security concerns no other agency faces.
Report: Online trolls targeting US troops, veterans (Military Times) Oxford researchers say they see patterns of foreign activists trying to confuse or upset military communities online.
Criminals stole millions from E. Europe banks with ATM “overdraft” hack (Ars Technica) Crime ring opened minimal accounts with banks, then boosted their withdrawal limits.
Hacked websites force visitors to mine cryptocurrency (IT Pro Portal) Schools and charities among those affected in mining scam.
Inside the Middle Eastern and North African cybercriminal underground (Help Net Security) An investigation of the Middle Eastern and North African cybercriminal underground found that prices for malware are more expensive than in other regions.
Four of the Five Biggest Defense Contractors in the World lack Encryption (Hashed Out) Lockheed Martin, Northrop Grumman, Boeing and Raytheon all lack basic encryption on their websites, this is not a good statement to make about security.
Millions of Pornhub users targeted in malvertising attack (Guardian) Security firm uncovers hacking group KovCoreG’s attempts to trick browsers of world’s largest adult site into installing fake updates
Security Patches, Mitigations, and Software Updates
October Patch Tuesday 2017 (Ivanti Blog) Halloween might be just around the corner, but this Patch Tuesday wasn’t scary and we didn’t see Microsoft play any
Microsoft October Patch Tuesday Fixes 62 Security Issues, Including a Zero-Day (BleepingComputer) Earlier today, Microsoft published the October 2017 Patch Tuesday, the company's monthly update train, addressing important security issues, but also some mundane bugfixes.
Bugs in Windows DNS client open millions of users to attack (Help Net Security) Microsoft has provided fixes for critical Windows DNS client bugs, which could be exploited by attackers to gain access to the target's system.
Cyber Trends
Hackers go after Australian ICT, managed services providers (Help Net Security) The Australian Cyber Security Centre (ACSC) has released its annual Threat Report, which encompasses the period between 1 July 2016 and 30 June 2017.
Why it’s time to stop calling users “n00bs” and “1d10ts” (Naked Security) We’ve tried blaming users for 30 years, and it hasn’t worked. Here’s a new way – listen to them and get them on your side…
Marketplace
Symantec Won't Allow Third-Party Government Reviews Of Its Security Software (CRN) The move comes as competitors in the security space – including Kaspersky Lab and HPE - face backlash for their reported cooperation with third-party government reviews.
Dragos to Contribute its ICS/OT Expertise as a NIST NCCoE National Cybersecurity Excellence Partner (PRNewswire) Dragos (https://dragos.com) announced today that it has become a National...
With new strategy, Dell will invest $1B into the 'internet of things' (SiliconANGLE) Dell Technologies Inc. may be late to the “internet of things” party, but it has brought plenty of friends.
Can Peter Thiel pull a rabbit from his hat with Palantir? (PE Hub) Palantir is more than one of the world’s most valuable enterprise software unicorns. It could be one of the largest enterprise IPOs of a generation. Because of its success, the involvement of [Founders Fund investor] Peter Thiel and the nature of its secret work, it has become a fascination and darling …
MACH37 Cyber Accelerator Opens Applications for Spring 2018 Session (GlobeNewswire News Room) Spring 2018 Cohort Session to Begin on March 13th
Accenture's federal arm adds Cybercom vet Franz -- Washington Technology (Washington Technology) Accenture's federal subsidiary hires retired Army Maj. Gen. and former Cyber Command official George Franz.
Products, Services, and Solutions
UpGuard Automates Vendor Risk Management with New CyberRisk Product (PRWeb) Cyber resilience company unveils product to automate third party risk detection
Netwrix Becomes Oracle PartnerNetwork Silver Level Partner (Netwrix) Achieving Silver Level status enables Netwrix to empower customers to boost the security of their structured data
Corero in partnership deal with US provider (Stock Market Wire) StockMarketWire.com - Corero Network Security has signed a resell partnership agreement with a leading US-based global cloud DDoS service provider.
Carbon Black and IBM Security Deliver Increased Visibility for SOCs to Accelerate Incident Response (BusinessWire) Carbon Black, the leader in next-generation endpoint security, today announced an expansion of its collaboration with IBM Sec
Technologies, Techniques, and Standards
Massive drill validates Israel’s cyber-secure C4I network (C4ISRNET) While Israel demonstrated many of the integrated C4I capabilities in Israel’s 2014 Gaza war, the drill marked the first time the IDF could evaluate technologies, tactics and procedures on such a broad scale.
Design and Innovation
A new project that helps with DNS security (Cyberscoop) Andre Ludwig, CTO for the Global Cyber Alliance, talks with Shaun Waterman about a free DNS service his organization will be rolling out in November.
Academia
Australian university opens blockchain cryptocurrency research lab (Econo Times) Australia’s Monash University has opened a joint blockchain cryptocurrency research and development lab at its Clayton campus.
King Saud University Partners with Northrop Grumman for CyberArabia to Drive Innovation in Cyber Security Among University Students Nationwide (Northrop Grumman Newsroom) RIYADH, Oct. 9, 2017 – King Saud University and Northrop Grumman Corporation (NYSE: NOC) are joining hands for CyberArabia to foster innovation in cyber security among Saudi university students. The third annual cyber security workshop and...
Rutgers University Announces Launch of Cyber Security Certificate Program (Markets Insider) The Center for Innovation Education at Rutgers University (RIE) has partnered with Socratic Arts, Inc. to announce the launch of an intensive 24-week online Cyber Security Certificate Program beginning November 27, 2017. Development was funded by the Department of Defense, and the curriculum was developed in partnership with government-selected information security experts. The program is now being offered to the public as a non-credit certificate.
Legislation, Policy, and Regulation
Trump admin, China reaffirm commitment to 2015 cyber agreement (Fifth Domain) At the first ever U.S.-China Law Enforcement Cybersecurity Dialogue, both countries reaffirmed their commitment to the cybersecurity agreement between the Chinese and American presidents in 2015.
Russia Warns US-funded RFE/RL It May Face 'Restrictions' (VOA) Move follows Moscow’s warning it could respond tit-for-tat if Washington restricts operations of Russian state-funded RT TV, Sputnik in US
Under pressure, Western tech firms bow to Russian demands to share cyber secrets (Reuters) Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.
How does US-Japan defense agreement apply to cyberattacks? (Fifth Domain) When Secretary of Defense Jim Mattis, Secretary of State Rex Tillerson, Japanese Defense Minister Itsunori Onodera and Japanese Foreign Minister Taro Kono met at the State Department in August, it was taken as another sign that the two nations consider cybersecurity as important as land, air or sea defensive capabilities.
Rep. Bob Goodlatte: Protecting national security and securing individual liberty need not conflict (Washington Examiner) Congress has an opportunity to reform one of the intelligence community's most important national security tools to ensure it protects lives...
Will an Act of Congress Elevate Cybersecurity? (Design News) Senate takes up measure what would hold government-purchased IoT devices to security standards.
Go cyber: Airmen can earn cash and promotions, get set up for civilian life (Fifth Domain) The Air Force doesn’t want to be next on the infamous list of major cyberattacks. And that spells opportunities for airmen who are interested in scoring bonuses and retention pay, retraining opportunities, and perhaps even a better shot at getting a promotion.
Litigation, Investigation, and Law Enforcement
Suspected NYC attack plotter: Philippines 'breeding ground for terrorists' (The Japan Times) A Filipino suspect in a thwarted jihadi plot targeting New York City had boasted that his country was "a breeding ground for terrorists," the U.S. Justice
Imran Awan ‘Very Strongly’ Wants To Block Review Of Hard Drive, Was Using Alias (The Daily Caller) Lawyers for Imran Awan, an ex-aide who ran information technology (IT) for Democratic Rep. Debbie Wasserman Schultz, “feel very strongly” that data recovered from a hard drive on Capitol Hill sho
‘Dire Consequences’: Wife Of Indicted Dem IT Aide Says He ‘Threatened To Harm The Lives’ (The Daily Caller) The indicted husband-and-wife team of former IT aides to Democratic Rep. Debbie Wasserman Schultz sat directly across from each other at the defendants' table in federal court Friday in Washington,
Security concerns rise as police find surveillance device intercepted private text messages (The Globe and Mail) The findings centre on federal correctional officials who launched a surveillance effort that aimed to locate inmates’ contraband phones in an Ontario prison, but which also ended up intercepting several text messages sent by jail guards