Washington, DC: the latest from the 9th Annual Billington Cybersecurity Summit
Gen. Paul Nakasone and GCHQ Director Jeremy Fleming to Keynote at 9th Billington CyberSecurity Summit Sept. 6 (PRNewswire) Five Cyber Commanders and CIOs of DOD and DHS to Speak at 9th Annual Summit Sept. 6, Walter Washington Convention Center
ISARA Corp. to Present Quantum-Safe Readiness at 9th Annual Billington CyberSecurity Summit (GlobeNewswire News Room) Global Leader in Quantum-Safe Security Presents How Crypto-Agility Helps Organizations Integrate Encryption Resistant to Quantum Attack Today
Cyber Attacks, Threats, and Vulnerabilities
GOBLIN PANDA Targets Vietnam Again (SecurityWeek) CrowdStrike security researchers have observed renewed activity associated with GOBLIN PANDA, a threat actor mainly targeting entities in Southeast Asia.
Iranian Hackers Improve Recently Used Cyber Weapon (SecurityWeek) The Iran-linked cyberespionage group OilRig was recently observed using a variant of the OopsIE Trojan that was updated with new evasion capabilities, Palo Alto Networks reports.
'Our House Is on Fire.' Elections Officials Worry About Midterms Security (Time) "This is an all-hands-on-deck moment for American democracy."
Phishing for political secrets: Hackers take aim at midterm campaigns (CBS News) How hackers target political campaigns with simple but sophisticated email attacks
Understanding the Chinese Communist Party’s Approach to Cyber-Enabled Economic Warfare (Foundation for Defense of Democracies) American prosperity and security are challenged by an economic competition playing out in a broader strategic context …
U.S.' top spy-catcher: China brings "ungodly resources" to espionage (CBS News) On "Intelligence Matters" this week, William Evanina talks with host Michael Morell about espionage threats to U.S.
Unpatched routers being used to build vast proxy army, spy on networks (Ars Technica) Multiple malware campaigns are spreading hacks of MikroTik gear, including failed Monero miners.
Windows Zero-Day Exploited in Targeted Attacks by 'PowerPool' Group (SecurityWeek) Windows zero-day vulnerability exploited by a group dubbed 'PowerPool' in targeted attacks. Flaw leveraged to elevate privileges of second-stage malware
Misconfigured Tor sites using SSL certificates exposing public IP addresses (HackRead) Follow us on Twitter @HackRead
Researcher unsure if Apple has acted to curb malware (iTWire) A researcher based in the United Arab Emirates says he notified Apple about an attack group known as WindShift that had been using vulnerabilities in...
Browser Extensions: Are They Worth the Risk? (KrebsOnSecurity) Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine.
Security Patches, Mitigations, and Software Updates
Latest Version of Chrome Improves Password Management, Patches 40 Flaws (SecurityWeek) Google celebrates 10 years of its Chrome web browser with the release of a new version that provides users with security improvements, new features, and patches for 40 vulnerabilities.
Critical Start's Section 8 Researchers Identify Vulnerabilities In Cisco Umbrella (PRNewswire) Threat intelligence and penetration testing team finds local privilege escalation issues in cloud-based secure internet gateway product; Cisco issues security advisory
Opsview Monitor Multiple Vulnerabilities (Core Security) Opsview Monitor Multiple Vulnerabilities
Cyber Trends
Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey (SecurityWeek) Concerns about endpoint security in industrial environments, especially among OT personnel, are being driven by the demise of the traditional air gapping of OT infrastructures.
Smart Home Users Failing on Security Basics (Infosecurity Magazine) Bitdefender report claims many don’t patch firmware
Think You Have Cybersecurity Taken Care Of? Think Again (Forbes) You know what they say: The first step is admitting you have a problem.
Are we heading towards cybersecurity Armageddon in SA? (News24) One of the biggest cybersecurity problems in South Africa is a feeble awareness among our workforce, including all level managers, and citizens.
Marketplace
Silicon Valley at war: Palantir, Microsoft workers divided over defence contracts (Financial Review) Silicon Valley workforces are agitating with their multinational employers to stop co-operating with government on defence.
44 Percent of Americans 18-27 Have Deleted the Facebook App This Year, Poll Finds (Motherboard) A new study shows that young people are moving away from the Facebook app and, at the very least, are changing their privacy settings.
Meeting of executive committee marks important step in Commonwealth Cyber Initiative (VT News) The state asked Virginia Tech to lead the initiative because of the university’s strengths in science and engineering, existing expertise in cybersecurity research and education, and its significant research presence in Northern Virginia.
H1-702 2018 makes history with over $500K in bounties paid! (HackerOne) Five straight nights of hacking with over 75 hackers representing 20+ countries hacked five targets earning over $500,000. It was the largest and most successful live hacking event ever.
Arkose Labs Empowers Enterprises to Stop Online Fraud and Abuse; Secures $6M in Series A Funding (HeraldCourier.com) Sep 5, 2018--Arkose Labs, providers of online fraud prevention technology combining user risk assessment and sophisticated enforcement challenges, today announced it has successfully closed a $6 million round
Spectrum Equity Leads Investment in Offensive Security to Grow Community of Highly Skilled Penetration Testers (BusinessWire) Offensive Security, the leading provider of online penetration testing training and certification, today announced that it received a growth investmen
Former IBM Executive Joins GuardiCore as VP of Corporate Strategy (GuardiCore) Security Leader Ola Sergatchov to Drive and Execute Growth Trajectory on a Global Scale. Read More
Silverfort Expands Executive Leadership Team To Drive Accelerated Growth And Innovation (GlobeNewswire News Room) Next Generation Authentication Leader Onboards Executives to Scale Operations and Meet Growing Demand
Mozilla Appoints New Policy, Security Chief (SecurityWeek) Mozilla appoints Alan Davidson as new Vice President of Global Policy, Trust and Security. Davidson previously worked at the US Department of Commerce, New America and Google
SIMalliance Chair Re-elected as SIM Industry Commits to Champion the Importance of Security for Connected Devices (SIMalliance) Remy Cricco (IDEMIA) has been re-elected to serve a second term as the Chairman of SIMalliance, the non-profit association which represents approximately 90% of the global SIM industry.
Products, Services, and Solutions
BitSight unveils cybersecurity performance planning and analytics solution (Help Net Security) BitSight Forecasting is the analytics offering that helps customers identify the course of action to improve their cybersecurity risk posture.
Switchfast Launches MaxPro Secure for a Comprehensive Approach to SMB (PRWeb) Switchfast Technologies, the leading provider of managed IT services and security for small and mid-sized businesses in Chicago, today announced the launch of M
NTT Security to launch cloud-based threat mitigation service (Data Center Dynamics) Using new partner Symantec's software
Technologies, Techniques, and Standards
How risk-adaptive programs can boost government cybersecurity (Fifth Domain) The next steps in a critical government program will require how and when employees use data.
The Vulnerability Disclosure Process: Still Broken (Threatpost) Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits.
IoT Category Added to Pwn2Own Hacking Contest (SecurityWeek) Mobile Pwn2Own renamed Pwn2Own Tokyo after ZDI adds IoT category, which includes Apple Watch, Amazon Echo, Google Home, Nest Cam IQ Indoor and Amazon Cloud Cam
Exclusive: SailPoint CEO on why bot identities need to be scrutinised (Security Brief) Bots today have access to mission-critical systems, applications and data, just like any other user within the organisation.
Less Is More: Why CISOs Should Consolidate Their Security Tools (Security Intelligence) CISOs need a broad range of security tools to fulfill their growing list of responsibilities. The more they can consolidate these solutions, the easier they are to manage and monitor.
Teaching Old Dogs New Tricks (Infosecurity Magazine) Security teams need to gain an understanding of each application within their network and find out how it interacts with external entities.
Design and Innovation
Google wants to get rid of URLs but doesn’t know what to use instead (Ars Technica) Their complexity makes them a security hazard; their ubiquity makes replacement nigh impossible.
Blockchain And Human Rights Projects Are Growing By The Day (CoinCentral) It may be some time before blockchain technology has solved all the world's problems, yet blockchain and human rights are showing good progress.
Research and Development
China is beating the US on AI, says noted investor Kai-Fu Lee (TechCrunch) America may have created AI, but China is taking the ball and running when it comes to one of the world’s most pivotal technology innovations. That’s according to Kai-Fu Lee, a world-renowned AI expert who founded Sinovation, a China-U.S. fund that raised its fourth fund worth $1 billio…
Academia
Top bachelors and masters cybersecurity degree programs (CSO Online) These are some of the best on-campus and online cybersecurity degree programs helping to meet the cybersecurity job demand.
Legislation, Policy, and Regulation
May vows revenge on Russia over Salisbury novichok poisonings (Times) Theresa May is preparing a cyberwar against Russia’s spy network after accusing two of its agents of carrying out the Salisbury nerve agent attack. Serving notice of new covert operations against...
Defence Innovation Hub keeps cyber among top investment priorities (ARN) Cyber security has been penned at the top of the list for the Department of Defence’s 2018 - 2019 investment priorities for its Defence Innovation Hub.
EU Cybersecurity Certification: a Missed Opportunity (Infosecurity Magazine) What about a standard for products, will the EU cybersecurity certification framework be a positive thing?
How election security became a Homeland Security priority (Federal Times) Election security wasn’t a mission initially envisioned for the Department of Homeland Security, the sprawling department creating after the Sept. 11 attacks. But it’s now one of the highest priorities, Secretary Kirstjen Nielsen said Wednesday.
What’s standing in the way of multidomain operations? (Defense News) Several hurdles remain for multidomain operations. So what are the U.S. armed services doing about it?
US Navy must be able to compete in ‘gray zone’ conflict, says top service officer (Defense News) China and Russia have employed tactics to harass neighbors and challenge the U.S. Navy.
Litigation, Investigation, and Law Enforcement
Novichok attack Russian 'agents' named (BBC News) Two men accused of the Salisbury poisonings are believed to be from Russia's military intelligence service.
Novichok attack: smiling Salisbury poisoning suspects take a toxic tour (Times) Walking nonchalantly down a quiet Salisbury street, two Russian military intelligence officers grin at each other after allegedly carrying out the first nerve agent attack in Europe since the...
Salisbury poisoning: Sergei Skripal had put danger and drama behind him ... or so he thought (Times) Before March of this year, few outside the inner ring of the spy world had ever heard of Sergei Skripal: a Russian former spy living in quiet anonymity in Salisbury, giving the occasional private...
Opinion | Working with Russia on cybercrime is like hiring a burglar to protect the family jewels (Washington Post) The Russians are pushing for international regulation of cyberspace — on their own terms.
West faces relentless threat to democracy, say Facebook and Twitter (Times) Western democracies face a relentless threat from hackers determined to undermine elections, social media leaders warned US senators yesterday. Senior company executives appeared before the Senate...
Google rebuked by Senate Intelligence Committee for not sending Page or Pichai to testify (TechCrunch) Alphabet’s decision to decline to send its CEO Larry Page to today’s Senate Intelligence Committee hearing — to answer questions about what social media platforms are doing to thwart foreign influence operations intended to sow political division in the U.S. — has earned it …
Facebook and Twitter's Biggest Problems Follow Them to Congress (WIRED) As Jack Dorsey and Sheryl Sandberg testified before Congress, some of Twitter and Facebook's most notorious trolls and misinformation artists watched on.
Journalists Are Not Social Media Platforms’ Unpaid Content Moderators (Motherboard) During a Senate Intelligence Committee hearing on Wednesday, Twitter CEO Jack Dorsey admitted how much the platform relies on reports from journalists on to counter offending content on the site.
Facebook COO Sheryl Sandberg: We’re Very Committed to Encryption in WhatsApp (Motherboard) During a Senate hearing, Sandberg said Facebook, which owns WhatsApp, is still using end-to-end encryption, but did leave room for potential changes.
Joe Manchin’s Suggestion of a FOSTA/SESTA Law for Drug Trafficking Is A Terrible Idea (Motherboard) The West Virginia Senator suggested the idea during the Senate Intelligence Committee hearing on social media.
Justice Department to Examine Whether Social-Media Giants Are ‘Intentionally Stifling’ Some Viewpoints (Wall Street Journal) Attorney General Jeff Sessions plans to gather state attorneys general to discuss whether social-media giants may be harming competition and “intentionally stifling” certain viewpoints, stepping up pressure on the platforms over alleged anticonservative bias.
DOJ: We will examine social media firms that “may be hurting competition” (Ars Technica) Meanwhile, Trump notes: "Maybe I did a better job because I'm good with the Twitter."
Justice Dept. says social media giants may be ‘intentionally stifling’ free speech (TechCrunch) The Justice Department has confirmed that Attorney General Jeff Sessions has expressed a “growing concern” that social media giants may be “hurting competition” and “intentionally stifling” free speech and expression. The comments come as Facebook chief operating…
Justice Department’s threat to social media giants is wrong (TechCrunch) Never has it been so clear that the attorneys charged with enforcing the laws of the country have a complete disregard for the very laws they’re meant to enforce. As executives of Twitter and Facebook took to the floor of the Senate to testify about their companies’ response to internat…