New York: news from the Cyber Investing Summit
A CISO's perspective on defending a large enterprise (The CyberWire) A talk with Rich Baich, Chief Information Security Officer, Wells Fargo, in which he discussed a CISO's due diligence with vendors, the use of cyber ranges, incident response drills, and some unexpected benefits of years of FUD.
Trends and advice for start-ups (The CyberWire) Panels throughout the day addressed various aspects of the start-up market. If one theme ran throughout the conference, it was the centrality of a start-up's team to its evaluation by prospective investors.
Cybers Investing Summit 2018: Cybersecurity Sector Patnerships [Video] (Cyber Investing Summit) Cybersecurity experts and investors discuss partnership opportunities in the cybersecurity sector at the 2018 Cyber Invest Summit in NYC
Cybersecurity Investing Summit 2018: Cybersecurity Equity Analysis [Video] (Cyber Investing Summit) Cyber Investing Summit 2018 panelists discuss cybersecurity equity valuations, investments, performance, and trends
Cyber Investing Summit 2018: Where Do We Go Now? Moving Forward After the Equifax Hack [Video] (Cyber Investing Summit) Panelists at the Cyber Investing Summit 2018 discuss life after a major breach. Lessons learned, trends moving forward
Cyber Investing Summit 2018: Around the World: International Cybersecurity Investing (Cyber Investing Summit) Speakers at the 2018 Cyber Investing Summit Discuss International Cybersecurity Investment Opportunities, Strategies & Trends
Cyber Investing Summit 2018: Cryptocurrency Breach Protection Panel (Cyber Investing Summit) Keiser Report Co-Hosts lead a panel at the 2018 Cyber Investing Summit about Digital Currency Breach Protection
Cyber Attacks, Threats, and Vulnerabilities
North Korea's cyber attacks on the South have continued despite warmer ties, says expert (Straits Times) Inter-Korea ties may have warmed in recent months after Pyongyang's friendly overtures, but attacks from the regime's cyber army have shown no signs of abating, according to a South Korean expert who tracks their activities.
"Wicked" Variant of Mirai Botnet Emerges (SecurityWeek) A new variant of the Mirai Internet of Things (IoT) botnet has emerged, which features new exploits in its arsenal and distributing a new bot.
This cryptocurrency phishing attack uses new trick to drain wallets (ZDNet) Campaign uses automation to empty cryptocurrency wallets and produce lucrative returns.
Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site (KrebsOnSecurity) LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization...
CryptoMiner, WinstarNssmMiner, Has Made a Fortune By Brutally Hijacking Computers (360 Total Security Blog) Recently, 360 Security Center has found that a new CryptoMiner is spreading fast. The distributor has made tremendous profit via mining Monero on infected computers....
Railway systems could be hackers' next big target — and derailing trains wouldn't be that hard (Business Insider) Experts say future malicious capabilities will continue to become more complex over time, and may target critical infrastructure like railway systems, electrical networks, and water companies.
Vulnerable connected devices posing immense security risk to organisations (SC Media UK) Many organisations do not have security policies for connected devices, or their employees do not follow existing policies by the book.
How can Office 365 phishing threats be addressed? (Help Net Security) The frequency of phishing within Office 365 is estimated to cost the average organization 1.3 compromised accounts each month via unauthorized, third-party login using stolen credentials.
Buyer Beware: Hundreds of Bitcoin Wannabes Show Hallmarks of Fraud (Wall Street Journal) A Wall Street Journal analysis of 1,450 cryptocurrency offerings reveals rampant plagiarism, identity theft and promises of improbable returns.
Facebook crushes 583 million fake accounts in 3 months (Naked Security) On a daily basis, it disables millions of fake accounts before they ever hatch.
Aussie school networks are open slather for cyber attackers: Dimension Data (CRN Australia) Dimension Data shares insights into cybersecurity landscape.
Are Meltdown and Spectre real vulnerabilities or mere flaws? (SearchSecurity) Are Meltdown and Spectre real vulnerabilities, or are they only features that have been exploited? Learn why there's a debate around this subject and what qualifies as a true vulnerability.
How Hoosiers can protect their accounts from 'shimming' (WISH) If you thought that chip in your credit card protected you from hackers, think again. Scammers have a new way around the security measure called 'shimming.'
Security Patches, Mitigations, and Software Updates
Critical Flaws in Cisco DNA Center Allow Unauthorized Access (SecurityWeek) Cisco has found and patched three critical unauthorized access vulnerabilities in Digital Network Architecture (DNA) Center
Google Chrome to Remove “Secure” Indicator From HTTPS Pages in September (BleepingComputer) Google announced earlier today plans to drop the "Secure" indicator from the Chrome URL address bar and only show a lock icon when the user is navigating to an HTTPS-secured website.
Cyber Trends
One Year After WannaCry: A Fundamentally Changed Threat Landscape (Threatpost) Threatpost talked to several security researchers about what's changed in the past year.
New Threat Intelligence Reveals That Simple Cyberthreats Remain Successful (Security Intelligence) According to new threat intelligence data, simple threats, such as phishing and drive-by downloads, remain popular among cybercriminals.
Security vendors need to stop doing more harm than good (ZDNet) Opinion: What if the security industry operated under a basic tenet: "First, do no harm?"
Most Companies Willing to Spend More on App Security Only After a Breach, Ponemon Study Shows (Security Boulevard) Most companies admit they don't invest enough in application security until after they've suffered a breach, and almost half lack clear visibility into their business-critical apps, according to new data sourced by Ponemon Institute.
Despite advances, Artificial Intelligence still faces critics (CGTN America) More nations are banking on AI technologies, but critics say not so fast. Many fear AI could take over jobs, others are also worried AI threatens humanity.
CLTC Research: American Companies Struggle to Meet GDPR's Data Breach Notification Rules - CLTC (CLTC) On May 25, 2018, Europe’s General Data Protection Regulation (GDPR) will come into effect following a two-year implementation period.
iTWire - Eight days before GDPR, Australian firms seem unprepared (ITWire) More than 90% of Australian IT decision-makers, who took part in a survey that looked at their readiness to meet the standards of the EU General Data...
Marketplace
Cybersecurity the latest battleground for MSPs (MicroscopeUK) SolarWinds MSP says relationships with customers will suffer if channel doesn’t get security offerings right
Siemens and partners sign joint charter on cybersecurity (Siemens) At the Munich Security Conference 2018, Siemens and eight partners from industry signed the first joint charter for greater cybersecurity. Initiated by Siemens, the Charter of Trust calls for binding rules and standards to build trust in cybersecurity and further advance digitalization.
Conditions Could Get Choppy When SailPoint Lockup Expires (Seeking Alpha) When the IPO lockup for SAIL expires on May 29th, pre-IPO shareholders and company insiders will be able to sell more than 60 million shares of currently-restri
WannaCry fever pays off for cyber security giant Sophos (The Telegraph) The ransomware attack on the NHS and new data protection laws helped cap a buoyant year for cybersecurity company Sophos.
Cisco's In-Line Guidance Isn't Good Enough (US News & World Report) The market was looking for more from Cisco's earnings report.
Is Symantec a Broken Company or a Broken Stock? (The Motley Fool) The cybersecurity company posted soft guidance and disclosed an internal audit.
Cambridge tech's £2.4bn contribution to the UK economy (Cambridge News) Our companies are *very* productive
How the Army is equipping cyber warriors in (near) real time (Fifth Domain) The Army is leveraging an acquisition vehicle as a means of getting capability in the field faster.
IBM assigns patents to cybersecurity company Finjan (World Intellectual Property Review) IBM has assigned 41 patents and one pending application to Finjan Blue, a subsidiary of cybersecurity company Finjan Holdings, which owns IP covering cybersecurity.
BitSight to Move Global Headquarters to Boston's Back Bay (PR Newswire) BitSight, the Standard in Security Ratings, today announced plans to...
Products, Services, and Solutions
Tenable Launches New Cyber Exposure Certification Program for Partners (PR Newswire) Tenable®, Inc., the Cyber Exposure company, today announced a new Cyber...
tCell Joins Splunk Adaptive Response Initiative (PR Newswire) tCell, the leading provider of web application threat defense and...
USO Uses Cylance’s AI Powered Endpoint Solution To Protect Donors, Along with Service Members and Their Families from Information Theft (WV News) Cylance® Inc., the company that revolutionized endpoint security with true AI powered threat prevention, is pleased to highlight the proactive efforts of the United Service Organizations,
Hack the DHS Bill: Marten Mickos Interview on NBC (HackerOne) See how HackerOne helps you tap into a global community of hackers to find critical vulnerabilities before they can be exploited.
JASK Unveils ‘Special Ops’ Professional Service to Support Customers with an Elite Cyber Threat Hunting Team (BusinessWire) Former Splunk, RSA FirstWatch and Palo Alto Networks Threat Researchers Lead Service that Reduces Time-to-Value and Provides Access to the Latest Counter-Adversary Intelligence
Technologies, Techniques, and Standards
(Guide) Uninstall StalinLocker Screenlocker from Windows PC or Apple MacOS / OS X (CyberByte Blog) Observed by using MalwareHunterTeam, StalinLocker is a newly-found malware that stealthily infiltrates the device and locks the pc screen. After doing so, Stali
Confessions of a Risk Assessor: 6 Things to Know Before a Cyber Security Assessment (Security Boulevard) The post Confessions of a Risk Assessor: 6 Things to Know Before a Cyber Security Assessment appeared first on Delta Risk.
Protection from ransomware requires layered backup, DR (SearchDisasterRecovery) Protection from ransomware continues to be an important part of the overall backup and disaster recovery strategy. Advice, like ransomware, is constantly evolving.
The Army is grooming an elite tier of electronic warriors (C4ISRNET) The service wants its approach to a cyber/EW workforce to mirror the relationship between special operations forces and the high-end special operators in Joint Special Operations Command.
Co-Ed Cyber Teams Optimize Talents (SIGNAL) More women are needed to balance and enhance cyber workforce.
With electronic warfare, the Army needs to move fast, even with broken things (C4ISRNET) Given the rapidly evolving pace of electronic warfare, it's more important to field flawed equipment that the Army can learn from and iterate upon than it is to wait for a perfect tool that will be impossible to make.
Leadership, culture key to surviving a cybersecurity crisis (Healthcare IT News) Retired Navy Commander Kirk Lippold will share his vision for leadership within an organization, including creating a culture of integrity and personal accountability, at the HIMSS Security Forum in June.
Design and Innovation
Why Isn't Integrity Getting the Attention It Deserves? (Dark Reading) A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
How IBM is using Latin flowers to help companies comply with GDPR (CIO Dive) The engine converts names, birthdays, addresses and other types of personally identifiable information into a series of random identifiers.
JP Morgan Tests Blockchain’s Capital Markets Potential (Wall Street Journal) JP Morgan Chase & Co. demonstrated a prototype of its blockchain-based platform for capital markets, called Dromaius, on Wednesday at the Consensus 2018 conference. A team of employees will work this year on overcoming challenges related to integrating and scaling the technology before deploying it to customers.
How gaming can help solve cybersecurity woes (The Next Web) Capture the Flag (CTF) tournaments in which participants compete to solve security problems or to attack and defend computer systems are a perfect example of how gaming can get more people involved in cybersecurity jobs,
Research and Development
Cybersecurity ‘Moonshot’ Plan to Head to Trump in November (Nextgov) An advisory group shared broad principles of the moonshot plan, but no details, Thursday.
Army surveys industry for the latest artificial intelligence research for cyber and electronic warfare (Military Aerospace) U.S. Army researchers are surveying industry to determine the state of the art in artificial intelligence technologies for electronic warfare, cyber warfare, signals intelligence, and big-data analytics.
Academia
Florida Center for Cybersecurity Announces 13 New Capacity Building Award Projects (University of South Florida) The Florida Center for Cybersecurity, hosted at the University of South Florida, has awarded more than $700,000 in funds to 13 projects across the State University System of Florida (SUS) through its Capacity Building Award program, implemented to enhance the state's cybersecurity education and research capabilities.
NCSC to offer fresh CyberFirst courses to 14-to-17-year-olds (TEISS) Following on the success of the Cyber Discovery programme, the government has now launched a new CyberFirst programme to help 14-to-17-year-olds in the UK choose cyber security careers in the future.
Legislation, Policy, and Regulation
Denmark Unveils $240M Cyber Defence Plan (Defense World) Defense, aerospace, news, exhibitions, C4ISR, aircraft, procurement, pentagon, contracts, companies, categories, events, interviews.
Senate confirms Haspel to head CIA (TheHill) The Senate on Thursday confirmed Gina Haspel to lead the CIA despite engrained opposition over her involvement in the George W. Bush-era interrogation program.
DHS cybersecurity strategy keys in on risk, vulnerability management (SC Media US) The DHS Cybersecurity Strategy may have been delivered late, but it's on point, cybersecurity pros said.
New Dept Of Energy Cybersecurity Strategy - Threat Sharing, Supply-Chain Risk Management, R&D, etc. (Information Security Buzz) The US Department of Energy has released its Multi-Year Plan for Energy Sector Cybersecurity to help make US energy systems more resilient and secure.
Leaders Push for Innovative Cyber Information Sharing (SIGNAL) As the backstop for the nation’s cyber warfare, the military should look to more partnerships to improve its defenses.
Cyber Command has a full cyber staff now (Fifth Domain) Meeting a rigorous set of criteria, Cyber Command's cyber mission force is now fully manned.
Air Force Cyber Mission Force teams reach ‘full operational capability (45th Space Wing) Air Forces Cyber announced today all Air Force Cyber Mission Force teams achieved full operational capability May 11. The 39 total force teams, comprising more than 1,700 Airmen, civilians and
House Lawmakers Introduce New Bill to Mandate White House Cyber Coordinator Role (Executive Gov) Reps. Jim Langevin (D-R.I.) and Ted Lieu (D-Calif.) have introduced a bill that would make the cyber
Litigation, Investigation, and Law Enforcement
Poland busts Russian 'hybrid warfare' ring (Deutsche Welle) The group was allegedly attempting to exacerbate tensions with Ukraine and promote the Kremlin's interests. Several Western nations have accused Russia of similar tactics.
CIA’s “Vault 7” mega-leak was an inside job, claims FBI (Naked Security) The suspect worked for a CIA group that designed hacking tools at the time the cyber-spying arsenal was given to WikiLeaks.
FBI working to soften potential blow if top-secret informant exposed: report (TheHill) The FBI has reportedly been working in recent weeks to soften the blow if the identity of a top-secret informant who fed information to investigators early on in the Russia probe is revealed.
A Year Into The Job, 3 Big Lessons About Special Counsel Robert Mueller (NPR.org) The taciturn former FBI director sits like a sphinx in the eye of a political hurricane in which he is considered both a villain and an unlikely champion.
Judge To Decide Fate Of Civil Lawsuit Alleging Trump Campaign Colluded With Russia (NPR.org) A federal judge heard arguments from three plaintiffs, who are suing the Trump campaign and Trump ally Roger Stone, about the alleged conspiracy. Stone and the campaign have denied any wrongdoing.
Poisoned Ex-Spy Skripal Released From British Hospital (RadioFreeEurope/RadioLiberty) Sergei Skripal, a Russian former double agent who was poisoned with a nerve toxin in England in March, has been released from the hospital, British health authorities said on May 18.
Hackers Steal '$15.3 Million' From Mexico Financial System (SecurityWeek) Hackers who targeted Mexico's interbank payment system made off with more than $15 million in the past several weeks, the Bank of Mexico said.
Europe continues to be a cybercrime hub (Help Net Security) Europe continues to be a cybercrime hub with 38% of all attacks originating from Europe, a significant originator of global bot attacks predominantly coming from Russia and Ukraine.
Inside the Takedown of a Notorious Malware Clearinghouse (WIRED) How security researchers caught the creators of counter antivirus services Scan4You.
Cyber-Criminal Residing in Latvia Convicted for Role in Operation of Counter Antivirus Service “Scan4you” (US Department of Justice) A federal jury today convicted a Latvian “non-citizen,” meaning a citizen of the former USSR who had been residing in Riga, Latvia, of three counts related to his operation of “Scan4you,” an online counter antivirus service that helped computer hackers to determine whether the computer viruses and other malicious software they created would be detected by antivirus software...
Metros With the Most Fraud Alerts (LendingTree) LendingTree researchers use anonymized customer data to determine where people were most likely to request that a fraud alert be placed on their credit reports.
'John Doe' sentenced for decades of identity theft, fraud (Bay Net) United States District Judge Ellen L. Hollander sentenced defendant “John Doe,” whose true identity remains unknown, to 42 months in prison, followed by three ...
Lawsuit: Baltimore Co. failed to address reported high school cyberbullying (Maryland Daily Record) The parents of an Eastern Technical High School student are suing another student for allegedly defaming their daughter in social media postings, as well as the principal and the Baltimore County …
Ecuador Reverses Assange's Extra Security at London Embassy (Telesur TV) Ecuador's President Lenin Moreno is eliminating the extra security for WikiLeaks founder Julian Assange provided by his predecessor, Rafael Correa.