Washington, DC: the 10th Annual Billington CyberSecurity Summit
Top NSA cyber official points to ransomware attacks as key threat to 2020 elections (TheHill) Anne Neuberger, director of the newly formed Cybersecurity Directorate at the National Security Agency (NSA), on Wednesday pointed to ransomware attacks as a key danger to the 2020 elections.
AI, Cybersecurity, & The Data Trap: You Don’t Know Normal (Breaking Defense) "How do I even know what’s normal and what’s abnormal so I can detect anomalies? We simply don’t know," says Dean Souleles, chief technology advisor for the Director of National Intelligence.
Pentagon, NSA Prepare to Train AI-Powered Cyber Defenses (Defense One) The giant effort starts by trying to standardize data across the Defense Department's sprawling IT ecosystem.
CISO Schneider: OMB Focused on ‘Maximum Support’ for Agency Cyber (MeriTalk) Grant Schneider, the Federal government’s chief information security officer, said the Office of Management and Budget (OMB) is aiming to provide “maximum support” to Federal agencies as they work to improve network security.
DHS Cyber Chief Chris Krebs and New NSA Cybersecurity Director Anne Neuberger Join Israel and UK Cyber Leaders for 10th Annual Billington CyberSecurity Summit - Executive Gov (Executive Gov) Christopher Krebs, the first director of the Department of Homeland Security's Cybersecurity and
OMB's CyberStat program is 'evolving' (FCW) Following an audit that found the Office of Management and Budget could be making better use of the cybersecurity reviews, Federal CISO Grant Schneider said agency is looking at revamping the program ahead of next fiscal year.
A FedRAMP plan to strengthen cloud security (Federal Times) The Federal Risk and Authorization Management Program wants threat intelligence reports to make its audit process smarter.
NSA Reportedly Developing Quantum-Resistant 'Crypto' (CoinDesk) The National Security Agency's new Cybersecurity Directorate may be working to develop its own, uncrackable "crypto." But which crypto?
ISARA Leads Discussion to Keep Government Data Safe from Looming Quantum Threat (Yahoo) As governments increasingly recognize the coming threat that quantum computers pose to the encryption that protects everything from military secrets to tax records, ISARA Corp., the world's leading provider of quantum-safe and crypto-agile security, will
Cyber Attacks, Threats, and Vulnerabilities
Iran-led state-sponsored attacks remain a major threat to Middle East stability (The National) Microsoft linked Iranian hackers to cyber attacks that targeted thousands of people in more than 200 companies
A huge database of Facebook users’ phone numbers found online (TechCrunch) Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K…
Forget Politics. For Now, Deepfakes Are for Bullies (Wired) The surging popularity of Chinese app Zao has reignited concern that deepfakes could influence an election. Researchers say that's not likely.
An artificial-intelligence first: Voice-mimicking software reportedly used in a major theft (Washington Post) Once the realm of science fiction, voice-mimicking software is now "well within the range of any lay criminal who's got creativity to spare,” one cybersecurity expert said.
Hackers exploiting popular social engineering 'toolkits' to refine cyber attacks (IT PRO) Victims are being asked to download malware through visually compelling fake update prompts
SalesPharce: Hackers Exploit Salesforce, Phish Partners and Customers (Avanan) A new attack uses a compromised Salesforce account to send phishing invoices that bypass Office 365 security checks.
Ransomware wreaks havoc in the South, generates $1 million for hackers (Emsisoft | Security Blog) Hackers have combined three deadly malware strains to carry out devastating ransomware attacks on cities across the southern states in the US. Learn how these attacks work.
Why phones that secretly listen to us are a myth (BBC News) A mobile security firm carries out a research investigation to test the popular conspiracy theory.
Hackers selling stolen personal details for less than Dh200 (The National) Companies can spend a fortune on sophisticated cyber security but they will still be vulnerable if employees use weak passwords
Security Patches, Mitigations, and Software Updates
Twitter disables tweeting via SMS after CEO gets hacked (The Verge) Twitter says it’s making the change "to protect people’s accounts."
Cyber Trends
Blevene/Crimeware-In-The-Modern-Era (GitHub) Paper and Links to Crimeware in the Modern Era. Contribute to Blevene/Crimeware-In-The-Modern-Era development by creating an account on GitHub.
The ‘weaponisation’ of vulnerabilities (ITWeb) Cyber criminals are exploiting vulnerabilities to launch co-ordinated attacks against individuals, businesses and specific groups, says Craig Jett, VP, Global Security Consulting at Dimension Data.
Marketplace
Splunk buys SaaS startup Omnition (ZDNet) Splunk said the Omnition team brings more than a dozen engineers with significant expertise in tracing and observability.
Splunk Buys Omnition, Its Second Acquisition in Two Weeks (SDxCentral) Splunk today said it acquired Omnition, a startup developing a observability platform for cloud-native, microservices-based applications.
Crypto Sleuthing Firm Elliptic Raises $23 Million in Fundraise Led by SBI (CoinDesk) Blockchain forensics firm Elliptic has raised $23 million in Series B round led by Tokyo-based financial institution (and XRP holder) SBI.
Deutsche Telekom Capital Partners and Salesforce invest in PerimeterX (FierceTelecom) Perimeter X has upped its Series C financing round to $57 million with an additional $14 million from DTCP and Salesforce's venture arms. The latest round brought the malware and bot protection company's funding to a total of $91.5 million
Palo Alto says on track to grow sales at double digit pace over next three years (Reuters via WTVB) Cybersecurity firm Palo Alto Networks said it expects to grow sales at a double-digit pace over the next three years and forecast robust free cash flow, sending its shares up 8% in volatile after-hours trading on Wednesday.
ZeroNorth Appoints Karen Higgins as Chief Financial Officer (ZeroNorth) Cybersecurity Industry Veteran Joins ZeroNorth to Drive Growth, Scale to Meet Demand for Risk-Based Vulnerability Orchestration Across the SDLC BOSTON – September 4, 2019 – ZeroNorth, the industry’s first provider of risk-based vulnerability orchestration across applications and infrastructure, today announced the appointment of Karen Higgins as chief financial officer (CFO). Reporting to John Worrall, chief …
Cyren Names Vice President of Sales for Americas (Yahoo) Cyren (NASDAQ:CYRN) today announced the appointment of Bruce Johnson as Vice President of Sales for the Americas. Reporting to CEO Brett Jackson, Johnson now ...
SailPoint appoints Matt Mills as Chief Revenue Officer (Help Net Security) SailPoint Technologies Holdings, the leader in enterprise identity governance, announced the appointment of Matt Mills to Chief Revenue Officer (CRO).
Products, Services, and Solutions
Zeguro Announces Cyber Safety Platform Designed to Simplify Risk Manag (PRWeb) Zeguro (https://www.zeguro.com), an end-to-end cyber safety platform and insurance provider for small to mid-sized businesses (SMBs), today announced its
Privilege Without the Pain (STEALTHbits) STEALTHbits Privileged Activity Manager (SbPAM) Significantly Reduces Attack Surface with Unique Permission Controls
New Trustwave Fusion Platform Redefines Cloud-Based Cybersecurity (Trustwave) Trustwave Fusion platform gives enterprises unprecedented visibility and control over how security resources are provisioned, monitored and managed across any environment.
Nozomi Networks Cyber Security Solution Embedded in RUGGEDCOM (Nozomi Networks) Fortinet and Nozomi Networks achieved another partnership milestone with two new integrations that deliver full security visibility and management across IT and OT environments. Now with comprehensive integrations for FortiGate, FortiNAC, and FortiSIEM, we’re helping eliminate the gap between IT and OT. Read on to learn how the integrations provide full visibility across IT and OT, allowing customers to detect and respond to threats more effectively.
CyberSaint Releases New California Consumer Privacy Act (CCPA) Framework for Rapid Assessment and Compliance Management (Yahoo) CyberSaint Security, the leading cybersecurity software firm powering automated, intelligent compliance and risk management, today announced the availability of the new California Consumer Privacy Act (CCPA) framework within the CyberStrong platform. This new release enables customers to measure, track
Darktrace Cyber AI Analyst Investigates Threats at Machine Speed (Darktrace) Augments Human Security Teams Reducing Time to Triage by 92%
Silverfort Joins RSA® Ready Technology Partner Program (Yahoo) Silverfort’s Agentless Authentication Platform enables joint customers to seamlessly extend RSA SecurID® Access to any sensitive system and apply Zero-Trust security policies acros
F-Secure Countercept continues to win trust from US enterprises (Global Security Mag Online) F-Secure Countercept, an award-winning managed detection and response (MDR) solution from cyber security provider F-Secure, has won the trust of another US-based enterprise in a new deal. The contract, valued at over one million dollars (USD) per year, affirms F-Secure Countercept’s position as a world-class solution that enterprises trust to help them contain today’s increasingly advanced threats.
Scale Computing & Acronis Partner On Data Protection, Continuity, & DR (Storage Reviews) Today Scale Computing and Acronis announced a partnership for OEMs that will offer Acronis Backup through Scale Computing channels. This can bring all of the benefits of Acronis Backup (including archiving, enhanced data protection, disaster recovery, and threat mitigation) to the Scale Computing HC3 platform.
ANSecurity strengthens New College Oxford’s network security with move to a Zero Trust model (FE News) ANSecurity delivers 6 week project to refresh college network infrastructure, improve security and reduce licensing and maintenance costs ANSecurity, a specialist in advanced network and data security, has announced the successful delivery of a project with New College Oxford to streamline its network architecture and strengthen its security by moving...
AlgoSec adds new features to its core Network Security Management Suite (Help Net Security) AlgoSec enhances app visibility and network auto-discovery, extends support for Cisco ACI in the new version of its Network Security Management Suite.
Darktrace launches “Cyber AI Analyst” as skills shortage intensifies (NS Tech) Darktrace has launched a "Cyber AI Analyst" that it claims can generate written reports outlining the path of complex cyber attacks. Industry researchers claim the technology could alleviate the cyber
Illumio-Made Cybersecurity Platform Certified for DoD Use (ExecutiveBiz) Information technology firm Illumio has achieved information assurance certification for the firm’s cybersecurity platform, allowing the product for use by the Department of Defense.
Technologies, Techniques, and Standards
NIST Publishes Second Draft of Cyber Resilience Guidance (MeriTalk) The National Institute of Standards and Technology (NIST) has released draft two of Special Publication (SP) 800-160 Volume 2: Developing Cyber Resilient Systems. NIST Is seeking public comments on the draft through Nov. 1.
What prevents companies from achieving effective security performance management? (Help Net Security) Study commissioned by BitSight demonstrates that effective security performance management is crucial for enterprise success in the 21st century.
Is Personality the Missing Piece of Security Awareness Training? (Security Intelligence) What if we have been approaching security awareness training all wrong? One way to start individualizing security education is by recognizing and working with personality types.
3 security strategies for charities that are more secure than passwords (Charity Digital News) Passwords alone are no longer fit for purpose in an organisation that handles sensitive data - here are three security strategies that can provide extra peace of mind.
Messaging Architects Shares Tips for Effective Cyber-Security Training (Benzinga) Messaging Architects, an eMazzanti Technologies Company and information governance consultant, discusses effective cyber-...
Design and Innovation
Splintered passwords stump hackers (Tide Foundation) Tide Foundation’s Splintering Mechanism Givens Passwords the Effective Security of Cryptographic Key
First Blockchain-Only Birth Certificates Recorded By IBM, Raising Stakes for Security (Dash News) The first blockchain-only birth certificates have been issued in Brazil through a partnership with IBM, achieving a major milestone in blockchain technology, as well as significantly raising the stakes for network security. On September 01 2019, the birth of Álvaro de Medeiros Mendonça became the first child to be registered only on the blockchain. This …
Research and Development
Military vehicles with new technology could remove the need for humans on the battlefield (CNBC) Autonomous vehicles could undertake a number of important tasks.
Legislation, Policy, and Regulation
Life in an Internet Shutdown: Crossing Borders for Email and Contraband SIM Cards (New York Times) Internet shutdowns have become one of the defining tools of government repression in the 21st century — but citizens bear the cost at work and at home.
Big Tech Companies Meeting With U.S. Officials on 2020 Election Security (New York Times) Security teams from Facebook, Google, Twitter and Microsoft met with members of the F.B.I., Department of Homeland Security and others on Wednesday.
DOD Seeks Ethicist to Guide Deployment of Artificial Intelligence (U.S. DEPARTMENT OF DEFENSE) The Joint Artificial Intelligence Center has plans to hire an ethicist to help guide the Defense Department's development and application of artificial intelligence technologies.
Coming Soon to a Battlefield: Robots That Can Kill (The Atlantic) Tomorrow’s wars will be faster, more high-tech, and less human than ever before. Welcome to a new era of machine-driven warfare.
IBM Security Study: Taxpayers Oppose Local Governments Paying Hackers in Ransomware Attacks (IBM News Room) Majority Not Willing to Pay Higher Taxes to Protect Local Resources, 63% Prefer Paying Higher Repair Cost Over Using Tax Dollars for Ransom
Litigation, Investigation, and Law Enforcement
Shocking Huawei 'Extortion And Cyberattack' Allegations In New U.S. Legal Fight (Forbes) The latest response from Huawei to reports of new U.S. legal action against the company was its hardest-hitting yet.
YouTube will pay $170 million to settle claims it violated child privacy laws (CNBC) The FTC's probe found that the company violated privacy policies aimed at protecting children.
Google accused of secretly feeding personal data to advertisers (Financial Times) Evidence to Irish regulator suggests tech company is using hidden web pages
Google could be this century's Standard Oil - will it be broken up? (The Telegraph) Fines and investigations have become a part of everyday life for Google.
Google's paid search ads are a 'shakedown,' Basecamp CEO says (CNBC) Basecamp CEO Jason Fried says Google search ads force businesses to pay just to be findable in search results.
Thai Gang Member Arrested Over Alleged $16 Million Crypto Fraud (CoinDesk) A Thai man has been arrested for alleged involvement in a crypto crime ring that fleeced investors for 500 million baht.
Newb admits he ran Satori botnet that turned thousands of hacked devices into a 100Gbps+ DDoS-for-hire cannon (Register) One moron down, two to go