Washington, DC: the news from the SINET Showcase
The SINET Showcase 2017: Innovation in an Environment of Risk and Opportunity (The CyberWire) The 2017 edition of the SINET Showcase in Washington, DC, offered workshops and presentations that continued SINET's mission of serving, as CEO Robert Rodriguez put it, as a "superconnector" for the cybersecurity sector.
Regulatory risk: "high-impact, low-probability" (but really high-impact if the improbable happens). (The CyberWire) If regulatory risk is generally underestimated risk, what can be done to, first, raise awareness, and second, mitigate it? Some strategic and tactical reflections.
Threats, resilience, and a place for innovation. (The CyberWire) If we've reached a level of digitalization from which we can't retreat, what does that say about the future of security? Some thoughts about innovation and resiliency.
Challenges for innovators, courtesy of the Intelligence Community (The CyberWire) What the CIA's Deputy Director for Science and Technology would like to see you work on.
The SINET 16's Class of 2017 (The CyberWire) Meet the SINET 16. The Class of 2017 seems every bit as interesting as those that have come before.
Deterring adversaries and mitigating risks in cyberspace. (The CyberWire) So how might enterprises move from resilience to active defense? Here's one way not to do it, according to panelist Richard Baich: don't listen to all the Jason Bourne wannabes running loose in the commercial sector.
Cyber Attacks, Threats, and Vulnerabilities
Hamza bin Laden lionizes his father and incites 'rebellion' in new audio message (FDD's Long War Journal) In a newly released audio message, Hamza bin Laden praises his father for spreading jihadism and attacking the US. Hamza calls on Muslims to rise up against "tyrant" rulers and wage jihad until sharia is imposed. The message was posted online just days after the CIA released a video from Hamza's wedding. The video was recovered in Osama bin Laden's Abbottabad compound.
Cause for concern? Pro-ISIS hacking group targets 800 US school websites (Fox News) The latest target of pro-ISIS hackers is none other than 800 school websites across the United States.
UK spymasters raise suspicions over Kaspersky software’s Russia links (Financial Times) GCHQ concerned by snooping potential of anti-virus product used by 2m Barclays clients
WikiLeaks Releases Source Code of CIA Cyber-Weapon (BleepingComputer) WikiLeaks published the first-ever batch of source code for CIA cyber-weapons. The source code released today is for a toolkit named Hive, a so-called implant framework, a system that allows CIA operatives to control the malware it deploys on infected computers.
WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools (Motherboard) The secret-spilling organization launches a new series where it will release the source code of alleged CIA tools from the Vault 7 series.
What Was Russia's Role In 2016 U.S. Election? 2 Former KGB Officials Weigh In (NPR) "What we're talking about is the new concept of so-called hybrid war, which a government wages but won't admit to," Gennady Gudkov, a retired KGB colonel, tells NPR. "It's extremely hard to prove."
Beware North Korea's most powerful weapon (hint: it's not a nuclear arsenal) (CSO) With all the talk associated with North Korea's prospects of launching a nuclear attack, there is often an overlooked, existential threat that continues to fly under the radar - cyber attacks.
What a cyberwar with North Korea could look like, according to a cybersecurity expert (Business Insider) We're technically already in a cyberwar with North Korea.
Defense chief discusses NK's cyber threats with US commander (Korea Herald) South Korean Defense Minister Song Young-moo met the head of US Cyber Command in Seoul on Thursday for discussions on North Korea, his ministry said.Song and Adm. Michael S. Rogers, who doubles as director of the National Security Agency, agreed on the importance of close coordination between the allies in the cybersecurity sector based on mutual trust and a close bond, according to the ministry.Song pointed out that...
Selfies and surveillance: North Korea's new connectivity (Panama City News Herald) There are very few actual sites on the network. An official at the Sci-Tech Center said they number 168.
North Korea 'to launch more cyber attacks on Britain' (The Sun) North Korea will bid to hurt Britain with more cyber attacks in the next year, experts have warned. Kim Jong-un’s regime was blamed by Britain’s Security Minister for the ‘WannaCry’ cyber-att…
India in the web of N Korean cyberwar (The Pioneer) Around one-fifth of North Korea’s cyber attacks originate from India, and this should set alarm bells ringing in the corridors of security establishments as well as the strategic community,
“Well-Resourced” Cyber Spies Are Reportedly Targeting South America, Asia (Fast Company) Hackers are using sophisticated malware to hunt down files relating to international relations, according to security firm Symantec.
Hacker Mines Data from South American, South East Asian Diplomatic Targets (Telesur) Based on Symantec findings, the hackers reportedly used fake, malicious software updates of Windows or Adobe Reader.
Experts discuss implications of massive Paradise Papers leak (Security Brief) The recent news about the huge leak of financial documents has caused waves around the world.
Google just can not get rid of BankBot malware from Play Store (Pro Defence) Google is trying its best to “make Chrome secure again,” but when it comes to Play Store and protecting Android devices, the tech giant is failing miserably.
Vietnamese Firm Bkav Claims to Have Beaten Apple Face ID With an Elaborate Mask (Gizmodo) Apple’s new Face ID security for the iPhone X has sparked a number of concerns, with the biggest being how secure the biometric system really is.
Hack Cost Equifax Only $87.5 Million — for Now (BleepingComputer) During an earnings call detailing the Q3 2017 financial results, Equifax execs said the company incurred $87.5 million in expenses related to the massive data breach it suffered earlier in the year and which it publicly disclosed in September 2017.
Outage downs OVH, world's third-largest hosting firm (CRN Australia) Updated: two separate faults knock out European websites.
University of East Anglia investigates another data leak (ComputerWeekly.com) University is investigating a second leak in six months, illustrating that data breaches are often caused by non-malicious insiders and that organisations are not getting to grips with the problem.
Security Patches, Mitigations, and Software Updates
Amazon moves to stop S3 buckets leaking business data (Security Boulevard) A long line of very public data breaches have made clear that businesses don’t need to be targeted by sophisticated hackers to have private and sensitive data splashed across the newspaper headlines.
November Patch Tuesday forecast: .NET, Adobe, Firefox and more (Help Net Security) Fall is upon us and the holidays are right around the corner! But before we continue shopping, we need to cover a few security topics for this month. KRACK
Cyber Trends
Future of intel will change with cyber, former MI5 head says (The National) Dame Stella Rimington spoke at a security conference in Abu Dhabi this week
Australia vulnerable to cyber attack and economic blackmail, report argues (The Mandarin) Australia faces "almost insurmountable" challenges in protecting itself against cyber attack and is underestimating China's capacity to use money to get what it wants, argues a CEDA report.
Marketplace
2017 Technology Fast 500 award winners | Deloitte US (Deloitte United States) Presenting the 2017 Technology Fast 500 award winners.
Cybersecurity: The Main Players in the $6 Trillion Cybercrime Market (PRNewswire) The Equifax breach exposed the credit of nearly 150 million people, almost...
Exclusive: ThreatQuotient just raised $30M — and one investor is also a potential acquirer (Washington Business Journal) Reston threat intelligence platform ThreatQuotient has raised another $30 million to expand — and one if its new strategic investors is technology giant and voracious acquirer Cisco Systems Inc. (NASDAQ: CSCO).
Enveil Raises $4 Million in Strategic Funding (BusinessWire) Enveil today announced it has secured $4 million in strategic funding with investment from key partners.
Amsterdam-based EclecticIQ secures €14 million to further expand with its Cyber Threat Intelligence solution (EU Startups) EclecticIQ, the global provider of Cyber Threat Intelligence technology solutions and Fusion Center operator today announced a Series B investment of €14 million.
SailPoint Technologies Holdings (SAIL) to Raise $200 Million in IPO (Stock News Times) SailPoint Technologies Holdings (SAIL) expects to raise $200 million in an IPO on Friday, November 17th, IPO Scoop reports. The company will be issuing 20,000,000 shares at a price of $9.00-$11.00 per share.
Departing NSA veterans catch the eye of Silicon Valley investors (Washington Post) Some see opportunity to build cyber businesses near the intelligence agency.
Why cybersecurity workers are some of the hardest to retain (VentureBeat) Cybersecurity workers are in high demand, and the security industry may face a shortage of close to two million qualified personnel by 2022.
Israel's CyberGym opens global HQ in Melbourne (Technology Decisions) Cybersecurity training company CyberGym has launched its new global headquarters and cybersecurity training arena in Melbourne.
Interview: Stu Sjouwerman, Founder and CEO, KnowBe4 (Infosecurity Magazine) Interview: Stu Sjouwerman, Founder and CEO, KnowBe4
Adam Cecil Joins ProtectWise As Chief Financial Officer (PRNewswire) Security leader ProtectWiseTM today announced Adam Cecil has joined the company...
Lacework Names Stefan Dyckerhoff Chief Executive Officer (PRNewswire) Lacework™, the industry's first solution to bring automation,...
Products, Services, and Solutions
New infosec products of the week: November 10, 2017 (Help Net Security) New infosec products for this week include releases from the following vendors: Coolfire Solutions, Distil Networks, Expel, Ixia, Nexus Group, WatchGuard.
This Baltimore company is gamifying cybersecurity training (Technical.ly Baltimore) Point3 Security created Escalate to provide education in cybersecurity with challenges. The ETC-based company is partnering with Maryland's Cybrary as it launches.
Comodo launches free cWatch Web website malware checker (Enterprise Times) Comodo launches cWatch Web and offers website owners a free security check to identify and remediate any security related issues with their sites.
Microsoft offers mitigation advice for DDE attacks scenarios (Help Net Security) Microsoft has published a security advisorty containing DDE attack mitigation instructions for both users and admins.
Technologies, Techniques, and Standards
Scrambling to Track Islamic State Terrorists, Coalition Turns to Biometrics (VOA) US-backed forces in Syria and Iraq are collecting DNA, fingerprints and retinal scans of Islamic State fighters, followers and collaborators
Is your CCTV system GDPR compliant? (Help Net Security) Organisations are putting themselves at risk of breaching the GDPR not realising that the regulation covers their CCTV systems and the data they collect.
Academia
New Academic Partnership Could Help Gemalto to Strengthen Government Ties (FindBiometrics) Gemalto has entered into an official partnership with the University of Texas at Austin's Center for Identity (UTCID). The academic institution was first...
UNK adds new cybersecurity major (Kearney Hub) Cybersecurity experts are in demand.
CyberPatriot competition engages youth in STEM learning (Silicon Prairie News) Cybersecurity has become one of the most critical issues throughout the world. Building interest and skills among young people in cybersecurity as well as science, technology, engineering and math (STEM) is the focus of the Air Force CyberPatriot competition. “It’s interesting to the kids and they feel like they’re accomplishing something,” said Brad White, an... Read More
Legislation, Policy, and Regulation
NATO just added cyber weapons to its armoury (ZDNet) Military alliance wants to encompass member countries' cyberwarfare capabilities into its options.
Why Satya Nadella thinks it is time for a digital version of the Geneva Convention (The Indian Express) Microsoft is pushing for global cyber rules to protect individual Internet users and civilian infrastructure from cyber attacks by nation states during peacetime. But govts may not be willing to limit their strategic options.
Microsoft’s Brad Smith: Tech giants must be the first line of defense in cyberspace arms race (GeekWire) Cyberspace has become our generation’s battlefield, replacing gunfights with hacks, and it’s up to tech companies and governments to come together and combat rampant cyberattacks, Microsoft’s…
The UAE’s Tech Scene is Drowning Out Massive Human Rights Abuses (Al Bawaba) The UAE’s Tech Scene is Drowning Out Massive Human Rights Abuses
Singapore to refine upcoming cybersecurity bill following public feedback (ZDNet) Government says it will clarify the definition of critical information infrastructures and duties of such operators as well as licensing requirements of service providers, in the new bill slated to be introduced in early-2018.
()
US House panel passes legislation aimed at overhauling certain aspects of NSA's internet surveillance programme (Tech2) Section 702 of the Foreign Intelligence Surveillance Act allows the NSA to collect digital communications from foreign suspects living outside the US.
How this Congress could rack up the most wins on cyber issues (Washington Examiner) The 115th Congress — widely derided for a lack of accomplishment — could actually ring up cybersecurity successes by early 2018 that go beyo...
Getting 'Cyber' Right for the Department of Defense (War on the Rocks) “Cyber” is getting a lot of press these days. The problems seem endless, from nuisances, to hacks involving major corporations, to interference in democrat
Joyce: Civilian cyber could use more discipline (FCW) The top White House cybersecurity adviser suggests civilian agencies could take a page from the Pentagon's handbook.
Many Top Cybersecurity Posts Remain Empty — And Not On Purpose (Defense One) Filling various CIO and CISO jobs is taking a temporary backseat to more senior appointments, the White House cybersecurity coordinator says.
‘Incredibly Damaging’: US Cyber Security Ranks Vacant After Massive Hacks (Sputnik News) Many top cybersecurity top posts remain empty, according to White House cybersecurity coordinator Rob Joyce, as the NSA reports disastrous leaks of key assets.
Homeland Security Pick Defends Her Experience Amid Democrats’ Questions (New York Times) Kirstjen Nielsen, President Trump’s choice to run the Department of Homeland Security, has not led a large organization but is likely to be easily confirmed.
MHA Sets up New Divisions to Check Radicalisation, Cyber Fraud (The Quint) The CTCR wing will focus on tracking and assessing the online reach of global terrorist outfits.
Litigation, Investigation, and Law Enforcement
Prosecutor’s investigative net closing around Lee Myung-bak (Hankyoreh) Political meddling, cultural blacklists, and BKK investigations are all catching up to the former president
Lee says probes are ‘retaliation’ (Korea JoongAng Daily) Former President Lee Myung-bak criticized the probes into allegations that the National Intelligence Service and military meddled in political affairs under his administration as “political retaliation” on Sunday, one day after the arrest of his form
Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core (New York Times) A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide.
Equifax And Yahoo Complain They Are Helpless Against State-Sponsored Hacks (Gizmodo Australia) Former and current Equifax and Yahoo executives appeared on Capitol Hill on Wednesday to testify about the major consumer data breaches that occurred...
Former Yahoo CEO still does not know how breach was 'perpetrated,' blames Russia (CIO Dive) The interim CEO of Equifax, also present at the congressional hearing, discussed the company's post-breach efforts, including data security improvements.
Trump backs intel agencies after raising doubts over Russian meddling (NBC News) President Trump said on Sunday that "I believe [Putin] believes that" Russia didn't meddle but "I'm with our agencies" that have concluded there was an effort.
Pompeo backs report on Russian meddling after Trump recounts Putin denials (Kansas) CIA director Mike Pompeo backs an intelligence assessment that found Russia tried to influence 2016 election. President Donald Trump has been critical of the agency in the past.
Trump careens off script on Russia after Putin meeting (POLITICO) After a week of delicate diplomacy in Asia, the president again dismissed Russian election meddling and lashed out at critics on Twitter.
Top Intel Dem blasts Trump for accepting Putin's word over intelligence agencies (TheHill) Rep. Adam Schiff (D-Calif.), the top Democrat on the House Intelligence Committee, ripped President Trump in a statement Saturday for suggesting he accepted Russian President Vladimir Putin’s denial that Russia did not interfere in the 2016 election.
CrowdStrike analyst who responded to DNC hack hasn’t spoken with Russia investigators: Report (The Washington Times) A cybersecurity professional hired by the Democratic National Committee during the 2016 presidential election cycle and credited with discovering a major breach blamed on Russian state-sponsored hackers said he’s never been interviewed by federal investigators probing Moscow’s role in the race.
The first person to investigate the DNC hacks said Russia wouldn't do anything with the stolen emails — now he's kicking himself (Business Insider) A cybersecurity expert who was the first to uncover Russia's hacks into the DNC in 2016 regrets telling Democratic officials the data wouldn't be leaked.
This timeline paints the clearest picture we have yet of Russia's meddling in the US election — and how the Trump campaign reacted (Business Insider) This interactive graphic timeline outlines all the known ties we know so far between members of President Donald Trump's campaign and Russia.
Mueller probing pre-election Flynn meeting with pro-Russia congressman (NBC News) The special counsel is investigating an alleged Sept. 2016 meeting between Mike Flynn and Rep. Dana Rohrabacher.
Boris Johnson pictured with ‘London professor’ from FBI Russia probe (POLITICO) The Foreign Office said Johnson had no recollection of meeting Joseph Mifsud.
Byron York: Did dossier trigger the Trump-Russia probe? (Washington Examiner) What is absolutely clear is that, beyond any investigation, the dossier has proven enormously useful politically to the president's adversar...
Enigma Software Group's Battle with Malwarebytes Headed to the Court of Appeals to Protect Consumers' Rights (PRNewswire) Enigma Software Group pressing its claims against Malwarebytes for predatory business practices on appeal. Enigma...
Hackers hired for year-long DDoS attack against man’s former employer (Naked Security) Using a paid service meant he couldn’t be traced but the FBI tracked him down
No jail time for botnet creator who promises to go straight (Naked Security) Tiernan was involved in the development of the botnet for 14 months until he was raided by the FBI