Washington, DC: the latest from the 3rd Annual Billington International CyberSecurity Summit
Common risks, common responses, and the ambivalence of innovation. (The CyberWire) The remarks of policy leaders who spoke at the third annual Billington CyberSecurity Summit, held March 21st, 2018, in Washington, DC, exhibited in both content and tone a striking agreement on the normalization of cyberspace, more evidence of the domain's having become a regular part of government and industry planning and operations.
Cyber security essential to Singapore's survival: CSA chief David Koh (The Straits Times) As a gateway to South-east Asia and the larger Asia-Pacific region, Singapore is a small but highly connected nation-state, and cyber security is essential to the Republic’s continued prosperity and survival, Cyber Security Agency chief David Koh said on Wednesday (March 21). . Read more at straitstimes.com.
CSA chief David Koh recognised for contributions to Singapore's cybersecurity prowess (Security Brief) “It shows that Singapore’s cybersecurity efforts have not gone unnoticed. I look forward to growing and strengthening the cyberspace together."
Cyber Attacks, Threats, and Vulnerabilities
Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation (Cyberscoop) CyberScoop has learned that Kaspersky's 'Slingshot' is an active, U.S.-led counterterrorism cyber-espionage operation used to target ISIS and Al-Qaeda.
US officials: Kaspersky “Slingshot” report burned anti-terror operation (Ars Technica) Joint Special Operations Command ran campaign against ISIS, Al Qaeda for at least 6 years.
Report unveils Muslim Cyber Army’s modus, purpose (The Jakarta Post) While recent arrests of alleged Muslim Cyber Army (MCA) members has shed light on the group’s network and online operations, several questions remain: what is this organization and how does it operate?
Fake news will lead to cyber war (SecurityInfoWatch.com) To put it bluntly, fake news is a form of cyber attack and will only grow significantly in 2018 and beyond
The next major DDoS battleground: DNSSEC a 'significant new risk' (Security Brief) "Improperly configured DNSSEC-enabled nameservers may be a new plague for unprepared teams," comments Nexusguard's chief technology officer.
Bitcoin’s blockchain tainted with links to child abuse imagery (Naked Security) Are there legal landmines engraved into the Bitcoin blockchain?
TrickBot Banking Trojan Gets Screenlocker Component (BleepingComputer) The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware's operators might soon start holding victims for ransom if infected targets don't appear to be e-banking users.
Digital Defense, Inc. Issues Disclosure of Zero-Day Vulnerabilities Identified in ManageEngine Products (Benzinga) Digital Defense, Inc. Vulnerability Research Team uncovers six previously undisclosed vulnerabilities affecting three ManageEngine products.
Can you buy chemical weapons on the dark web? (Sky News) Drugs, guns and stolen financial information are all available on criminal sites - so what about nerve agents?
Why the military needs to take 3-D printer cybersecurity seriously (Fifth Domain) If a 3-D printer is hacked or infected with a virus, it could be programmed to add imperfections to weapons or vehicles, imperfections that could have dangerous consequences.
Security Patches, Mitigations, and Software Updates
Introducing new ways to protect and control your GCP services and data (Google Cloud Platform Blog) They say security is a process, not a destination, and that cert...
ISTR 23: Insights into the Cyber Security Threat Landscape (Symantec) Coin mining, ransomware, targeted attacks, mobile security, and attacks leveraging the software supply chain. These are just some of the topics that made headlines in infosec in 2017 and which are covered in ISTR 23, your comprehensive guide to the cyber security threat landscape...
Excessive alerts, outdated metrics, lead to over-taxed security operations centers (Help Net Security) A report from Dr. Chenxi Wang finds that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers.
Global WAN survey highlights the importance of network simplification (Help Net Security) Cato Networks, provider of the global SD-WAN as a service Cato Cloud, released the findings of its enterprise WAN market study. The report, “State of WAN 2018: Too Complex to Ignore,” predicts SD-WAN will grow 200% year-over-year. At the same time, the additional abstraction layer that is SD-WAN and its impact on the
True data scientists don't exist, says EE's head of data and insight (Computing) Analysts are either good with data or good at storytelling, but very rarely both says Richard Tate
Supo: Cyber and traditional espionage more common than before in Finland (Helsinki Times) The Finnish Security Intelligence Service (Supo) says it detected a number of state-backed cyber espionage campaigns in Finland in 2017.
Worldwide IoT security spending to reach $1.5 billion in 2018 (Help Net Security) To protect against those threats Gartner forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion.
Facebook picked mid-level staffers to face angry US lawmakers over Cambridge Analytica (Quartz) Meanwhile, Mark Zuckerberg and Sheryl Sandberg have been silent.
Facebook "made mistakes": Mark Zuckerberg speaks out on massive data breach (CRN Australia) 50 million Facebook users' data allegedly accessed by Cambridge Analytica.
Advertisers threaten to quit Facebook over Cambridge Analytica scandal (Times) Advertisers threatened to abandon Facebook last night as Mark Zuckerberg apologised for mistakes it made over the Cambridge Analytica scandal. Mr Zuckerberg, co-founder and chief executive of the...
Scoop: In blow to Huawei, Best Buy will stop selling its smartphones (CNET) The Chinese company, the world's third-largest smartphone maker, is already shut out of US carriers.
No, Trump killing Qualcomm takeover won’t stall tech M&A (Washington Examiner) The scuttled tech deal was a special case, and could actually encourage more deals
Tenable hires Morgan Stanley to prepare for IPO-sources (Reuters) Cybersecurity software maker Tenable Network Security Inc has hired investment bank Morgan Stanley to lead an initial public offering (IPO) that could come as early as this fall, according to people familiar with the matter.
NTS founders return with new security VAR (CRN) Jonathan Lassman and Phillip Dick form new security partner four years after selling NTS to Capita
AT&T Won Secret $3.3 Billion NSA Contract Despite More Expensive Bid (Nextgov.com) Legal documents shed light on one of NSA's most important tech contracts.
Saudi Cyber Security and Programming Federation Signs MoU with Booz Allen Hamilton (الشرق الأوسط) The Saudi Cyber Security and Programming Federation signed on Wednesday a Memorandum of Understanding (MoU) with Booz Allen Hamilton company, in a move that aims to exchange knowledge, transfer technology and localize capabilities, reported the Saudi
RSA Conference Announces Finalists for 2018 Innovation Sandbox Contest (BusinessWire) RSA® Conference, the world’s leading information security conferences and expositions, today announces the 10 finalists for its annual RSAC Innovation
For Second Consecutive Year, DataTribe-Backed Startup Is Named Finalist in RSA Conference Innovation Sandbox Competition (PR Newswire) DataTribe --a cybersecurity and data science startup studio that invests...
Fortanix Selected as Finalist for 2018 RSA Conference Innovation Sandbox Contest (BusinessWIre) Fortanix® Inc., the leader in Runtime Encryption, today announced that it has been named one of 10 finalists for the 2018 RSA® Conference Innovation S
Averon Closes New Funding Round Bringing Raise to $13.3 Million (PR Newswire) Averon, developer of the world's first mobile identity verification...
US endpoint security vendor Ziften enters Australian market with Insentra partnership (CRN Australia) Company will be led by Greg Kieser.
Deloitte Hires Head of Intelligence Agency to Help Run Booming Cyber Business (Bloomberg.com) Europol Executive Director Rob Wainwright is leaving the EU intelligence agency he’s led for almost a decade to help run Deloitte LLP’s cybersecurity practice, as companies wake up to the growing “systemic” threat of cyber crime.
Colorado cybersecurity company CEO leaving, COO promoted to role (Denver Business Journal) Colorado cybersecurity company Coalfire named a new CEO on Wednesday and announced the departure of the executive who led the company since 2015.
Benchmark Executive Search Names New Members to its Cybersecurity & National Security Advisory Board (BusinessWire) Benchmark Executive Search Names New Members to its Cybersecurity & National Security Advisory Board
Products, Services, and Solutions
QuintessenceLabs qStream 100P PCIe card integrates high-entropy, quantum-based true random numbers to servers (GlobeNewswire News Room) Small form factor delivers full-entropy random numbers at 1Gb/s
Launching the Netflix Public Bug Bounty Program (Medium) Netflix’s goal is to deliver joy to our 117+ million members around the world, and it’s the security team’s job to keep our members, partners and employees secure.
Rivetz Partners with Enrich Media Group to Provide Advanced Security Capabilities (PR Newswire) Decentralized mobile security solutions provider Rivetz...
Qualys Integrates with Security Command Center for Google Cloud Platform (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of...
RedLock Announces Support for New Security Command Center for Google Cloud Platform, Helps Enterprises Mitigate Threats to Cloud Environment (BusinessWire) Cloud Threat Defense company, RedLock, announces technology integration with Cloud Security Command Center for Google Cloud Platform.
New CompTIA Network+ Certification Focuses on Key Concepts in Cloud Computing, Cybersecurity, Virtualization and More (PR Newswire) CompTIA, the leading provider of vendor-neutral,...
Bridging the Gap between the Centralized and Decentralized Worlds (DNotes Global) DNotes Global, Inc. today announced the release of the DNotes white paper, which provides a comprehensive examination of the digital currency’s purpose, objectives, and strategy.
Introducing Fortigis - The Ultimate AI-Driven Security Router for Protecting a User's Connected Home Network, Devices, Data and Privacy (PR Newswire) Fortigis Inc., today announced the launch of Fortigis, a cloud-enabled...
Technologies, Techniques, and Standards
Microsoft and OCP Friends Push Open Hardware Security Standard (SDxCentral) Microsoft and other Open Compute Project (OCP) members are working to implement Project Cerberus forward, the company's open hardware security initiative. A
8 security tools and tips for journalists (CSO Online) Journalists have a giant red target on their backs. How can we defend ourselves?
Facebook fallout: How to protect your data (Naked Security) Is it time to end your Facebook life? At the very least, it’s time to check Facebook privacy settings/audit apps/turn off API sharing.
7 Ways to Protect Against Cryptomining Attacks (Dark Reading) Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
The Case for Integrating Physical Security & Cybersecurity (Dark Reading) Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.
Building Up Hospitals’ Immunity To Cyber Security Breaches (University of Cinncinati) As healthcare cyber attacks become more frequent, here’s how hospitals can build immunity for stronger cyber security.
US anti-terror training abroad includes K-9, cybersecurity (Defense News) A U.S. State Department program is helping countries with anti-terrorism efforts through K-9 and police training, cybersecurity, call centers, drones, and surveillance.
Research and Development
Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory (Science Direct) A solution for trusted detection of unknown ransomware in VMs is proposed.
The US Military Is Making Lasers That Create Voices out of Thin Air (Defense One) Within three years, the Pentagon's non-lethal weapons lab hopes to have a direct energy weapon that can produce an effect like a haunted walkie-talkie or the biblical burning bush.
IBM thinks its 1mm² computer could lead to smart everything (Computing) The salt-grain-sized chip could support AI programs on just about any device
Physicists Reveal Material for High-Speed Quantum Internet (Research & Development) Industry giants, such as Google, IBM, and Microsoft, and leading international research centers and universities are involved in the global effort to build a quantum computer.
The cyber warriors (The Hindu) IIS trains students in cyber security systems through practical exercises
Legislation, Policy, and Regulation
Jean-Claude Juncker faces criticism for ‘nauseating’ letter to Vladimir Putin (Times) Jean-Claude Juncker threatened to scupper British efforts to establish a Europe-wide alliance against Russia yesterday by congratulating Vladimir Putin and urging closer ties. Mr Juncker, president...
Russia attacks ‘poisoned’ Boris Johnson over comparison with Hitler (Times) Russia claimed that Boris Johnson was “poisoned with hate and boorishness” last night after he compared President Putin hosting the World Cup to Adolf Hitler staging the Olympics. The foreign...
Facebook Just Blocked This Cambridge Analytica Affiliate. Why Does It Still Have a State Department Contract? (Defense One) Strategic Communications Laboratories worked with Cambridge Analytica, which reportedly used social-media data to target likely Trump voters.
Facebook's trust crisis: Has it harmed democracy? (Help Net Security) Barraged by accusations of spreading divisive fake news and amid new allegations that it handed over personal information on up to 50 million users without their consent, Facebook is losing the faith of the Americans people.
Social media’s wild west needs to be tamed (Times) ‘There never was a king or emperor upon the earth, so cheered and followed by crowds.” Thus wrote Charles Dickens describing his reception in Boston, Massachusetts, in 1842. Yet while the author...
Inability to audit U.S. elections a 'national security concern':... (Reuters) Not having a verifiable way to audit election results in some states represents a "national security concern," the Trump administration's homeland security chief said on Wednesday, looking ahead to U.S. midterm elections in November.
Election security: Most state election officials lack clearance to learn of cyber threats (USA TODAY) Only 21 of 150 top state election officials have the security clearance to receive classified information, homeland security officials said.
Not all state election officials want the DHS' help. (CNET) Despite reports of widespread hacking efforts, only 19 states have asked Homeland Security for assistance.
Storm coming from Beijing despite calm: Taiwan spy chief (Asia Times) Taiwan’s top security official has warned that a more bellicose Beijing under “Emperor” Xi might attempt a pre-emptive strike on the island
White House will announce tariffs cracking down on Chinese theft of intellectual property (CNBC) The White House plans to announce tariffs Thursday as President Donald Trump aims to punish China for intellectual property theft.
Pakistan Is Feeling US Pressure. Now What? (The Cipher Brief) We are now witnessing the latter stages of an opening bid in a coercive negotiation with Pakistan. Washington made its move—what happens next?
New bill would prepare US for artificial intelligence threat (Defense News) Warning artificial intelligence will revolutionize warfare, a key House lawmaker has opened the pod bay doors to legislation aimed at preparing for the threat posed by intelligent machines.
Senators to colleges: Reveal foreign agents on campus (Washington Examiner) American universities need to reveal “the malign influence of foreign propaganda” on campus, according to a trio of Republican lawmakers.
GOP senator blocking Trump's Intel nominee (TheHill) Sen. Chuck Grassley (R-Iowa) is blocking President Trump's pick to be the intelligence community's top lawyer.
Litigation, Investigation, and Law Enforcement
Investors sue Facebook as data harvesting row grows (Times) Investors are suing Facebook, claiming that the company made “false and misleading statements” about its policies that failed to prevent a disgraced British firm obtaining the data of 50 million...
Germany summons Facebook over user data safety concerns: report (Reuters) Germany's justice minister Katarina Barley has asked Facebook to clarify whether the personal data of the social media site's 30 million users in the country were protected from unlawful use by third parties, according to a report in the Funke group of German regional newspapers.
Zuckerberg says he’s ‘happy’ to testify before Congress (POLITICO) In a TV interview about Cambridge Analytica, the Facebook CEO also says his company is open to ad regulation.
Mark Zuckerberg has regrets: 'I'm really sorry that this happened' (CNNMoney) "I'm really sorry that this happened," the Facebook CEO told CNN's Laurie Segall in an exclusive interview on Wednesday.
Mark Zuckerberg finally speaks out on Cambridge Analytica, forgets to apologize (Quartz) "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you."
Whistleblower Sandy Parakilas says Facebook knew risks but failed to act (Times) The Facebook leak to Cambridge Analytica was “worse than a data breach” because the company failed to safeguard users even after it understood the risks, a whistleblower said. Sandy Parakilas, 38...
Former French President Nicolas Sarkozy: 'I am accused without physical evidence' (CNN) The former French President is being questioned by police over allegations he accepted money from Libya to finance his 2007 election campaign.
Bomb hoax sent to 400 schools blamed on warring Minecraft gamers (Naked Security) The kids were just collateral damage: the real target was to discredit gaming server VeltPvP in an ongoing gamer spat.
Radio Hacker Who Interrupted Police Chase Gets 21 Months in Prison (BleepingComputer) Australian authorities have tracked down, arrested, charged, and sentenced a man who hacked a police radio system and interrupted a police chase at the end of August 2017.