Thursday, August 17, 2017

VRBoV CyberPlatform for Change


JI ImrichJI Imrich and OBummer (Barack tends to name drop, as you do,
the names of the rich MEdia Dragons
or those who are married to Kenyan born girls ;-)
1m
Replying to @BarackObama

Indeedy, 'No one's born hating another person' The important thing in this life is to link your sadness to the sadness of others...
   
Drone enthusiast ‘amazed’ as he lands device on deck of £3bn HMS Queen Elizabeth without being detected Yahoo


ia LLRX.com – Even When Big Data Favors Your Clients, Doesn’t Mean You’ll Sleep at NightAttorney Carolyn Elefant discusses what she has learned from her recent experience with data-driven decision making – specifically, although data improves the accuracy of predictions, it doesn’t remove all risk.

A push to investigate a trail of government IT blunders has won the backing of the main public service union, building momentum for a probe that could uncover the causes of failures in the Coalition's multibillion-dollar tech spend.

But the Community and Public Sector Union has warned that a Senate inquiry into the government's troubled roll-out of digital services should not become a forum for public service bashing or scapegoating.

Calls for Govt IT spend inquiry to look at "over-reliance" on external providers ...

Management of risk in public sector entities

Thoughts after taking the Deeplearning.ai courses – Towards Data

The ABS prostituting its reputation with marriage survey 

No Game of Thrones in new HBO hacker leak













 10,000 employees. No managers. Great results.


AgileAus17 keynote speaker and Workshop leader Sami Honkonen (CEO, Tomorrow Labs) discusses a unique example of distributed leadership: the Buurtzorg phenomenon. Buurtzorg is one of the companies studied for Fredrik Laloux’s book Reinventing Organizations. I and Panu Liira visited Buurtzorg in November 2015 to see what it was all about. Buurtzorg was born nine years ago  in 2006 ...


AgileAus17 Coaches’ Clinic

In today’s blog, Chris Chan introduces this year’s AgileAus17 Coaches’ Clinic. Do you need help with specific challenges you have encountered on your Agile journey? Speak one-on-one with an experienced practitioner or an Agile Coach. The Agile Australia Coaches’ Clinic is a unique and free service designed to help you with challenges you’ve encountered on…
Right for the job? ATO spend on external recruitment contractors ...


The Canberra Times

The Tax Office has outsourced its hunt for new employees to the tune of $6 million last year despite complaints that external recruitment ...



Meet my Vrbov born Praha based oldest sister Eva, the Workplace Robot That Won't Necessarily Steal Your Job

Marcus Hutchins: cybersecurity experts rally around arrested WannaCry 'hero'

When Marcus Hutchins appears in court in Milwaukee on Monday, it will be almost three months to the day since the young British cybersecurity researcher halted the spread of a malicious software that crippled Britain’s National Health Service as well as companies such as FedEx and Telefonica. In the days that followed, Hutchins was hailed as an “accidental hero” for his discovery of the “kill switch” that stopped the WannaCry ransomware and worked with GCHQ’s National Cyber Security Center (NCSC) to mitigate the threat. It has been a precipitous fall from grace for the 23-year-old, who now finds himself battling allegations of his involvement in a separate piece of malware called Kronos, which targeted bank accounts – charges that could result in 40-year prison sentence.



The U.S. cannot fall into the trap of focusing on warfighting domains when debating responses to an adversary, said Gen. John Hyten, the head of United States Strategic Command. “There’s no such thing as war in space; there’s just war. There’s no such thing as war in cyber; there’s just war,” Hyten said




After witnessing the raw power of a machine that can fix its own software security flaws at DEF CON 24 more than one year ago, the Pentagon has officially purchased the revolutionary technology from a small, Pittsburgh-based firm.




With a December deadline fast approaching to recode IT, cybersecurity and other cyber-related positions as required under the Federal Cybersecurity Workforce Assessment Act of 2015, agencies now have a key piece to that effort.



When people in several North Carolina precincts showed up to vote last November, weird things started to happen with the electronic systems used to check them in. "Voters were going in and being told that they had already voted — and they hadn't," recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice. The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not. Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack. There is no evidence the two incidents are linked, but the episode has revealed serious gaps in U.S. efforts to secure elections. Nine months later, officials are still trying to sort out the details.





Four senior cybersecurity officials are stepping down from their US government positions, raising concerns that an exodus of top leaders may make the federal government more vulnerable to hacking. Two of those resigning – Sean Kelley, the chief information security officer for the Environmental Protection Agency, and Richard Staropoli, the chief information officer for the Department of Homeland Security – had been in their jobs for just a few months. The other two, Rob Foster, the Navy's chief information officer, and Dave DeVries, the director of information security and privacy at the Office of Personnel Management, are departing agencies for which computer security is a top priority. DeVries assumed his job shortly after the OPM suffered the largest known cyberattack in federal government history, and Foster had served in similar positions at the Department of Health and Human Services and Immigration and Customs Enforcement.






Foreign and domestic hackers probed hundreds of security holes in critical Air Force networks for weeks in late spring, and the Pentagon knew all about it. But instead of getting punished, the hackers got paid. The Defense Department’s third and most successful bug bounty program, Hack the Air Force, uncovered a record 207 vulnerabilities in the branch’s major online systems. The department’s previous initiatives, Hack the Pentagon and Hack the Army, found 138 and 118 security gaps, respectively.





The Pacer court document service used by more than a million journalists and lawyers has raked in more than $1 billion since it was established in 1995, but a new report questions whether its administrators have put enough of that windfall into securing the system. Hanging in the balance is the reliability of a service that's crucial for the smooth functioning of the entire US federal court system. Until Wednesday, Pacer suffered from a vulnerability that made it possible for hackers to charge download and search-query fees to other users, as long as those users visited a booby-trapped webpage while logged in to a Pacer website.





The Army is beginning to implement recommendations from a cyber and electronic warfare doctrine released in April. Maj. Gen. John B. Morrison Jr., commander of the Army Cyber Center of Excellence and Fort Gordon said that the doctrine is the first of its kind to include standards and guidelines for electronic warfare and is now being integrated into the center's training for officers as well as enlisted soldiers. One of the key contributions of the doctrine  was to push for a uniform set of guidelines and end the decentralized and stove-piped nature of the Army's cyber and electronic warfare trainings, Morrison said at a press briefing Thursday at TechNet in Augusta, Ga. "Previously we've had [separate] doctrines for our communicators -- doctrines for electronic warfare professionals … doctrines for our cyber professionals," Morrison said.  "There was no means to bring mutual disciplines together."



When it comes to enterprise risk management, federal chief information officers and chief information security officers have gotten the memo from President Donald Trump. But some cybersecurity officials within the upper echelons of the defense community worry that the rank-and-file may be too preoccupied with the nuts and bolts of compliance. Since the president’s cybersecurity executive order in May, federal CIOs and CISOs have received several deadlines aimed at adopting an enterprise approach to cyber risk assessment and mitigation.




U.S. Cyber Command will host its first-ever industry day to canvass with the broader cybersecurity community on Oct. 27. The move is part of the command's efforts to begin flexing its newly increased acquisition authority after Congress last year appropriated $75 million in annual funding through 2021 for cyber operations hardware, software and services. Speaking at FCW's Aug. \



A government-friendly website building tool is the first target for a General Services Administration program that recruits freelance cybersecurity researchers to root out vulnerabilities in government tech systems. GSA’s Technology Transformation Service loosed a select group of invite-only ethical hackers on its Federalist web building platform earlier this year and later opened it up to all the hackers registered in TTS’s bug bounty program, TTS Technical Lead Laura Gerhardt said Wednesday.





Grant Schneider, the acting federal CISO who has been running the shop since his boss left just before the inauguration, is getting a second role within the White House as a senior director for cybersecurity at the National Security Council, an administration official tells CyberScoop. Schneider will take over one of the “recently vacated senior director positions within the cybersecurity directorate on the NSC led by Rob Joyce,” the official said in an email. Schneider is the deputy CISO, but has been acting since federal CISO Gregory Touhill departed in mid-January.


Here’s the downside to all the job-easing and time-saving technologies proliferating across government, industry and commerce: There aren’t nearly enough skilled workers to make sure that technology is secure. The U.S. is facing a shortfall of nearly 300,000 cybersecurity workers, according to government funded research.




With all of the rising concerns about the future of cyber diplomacy at the State Department, there is new hope that the agency is finally getting its internal IT security processes aligned to be more effective. State quietly launched a new Cyber and Technology Security (CTS) directorate, which falls within the Diplomatic Security Service. “CTS facilitates the conduct of global diplomacy by protecting life, property, and information with advanced cybersecurity programs and risk-managed technology innovation”



Kaspersky Withdraws Antitrust Complaints Against Microsoft

Kaspersky Lab says it will withdraw antitrust complaints it filed in Europe against Microsoft over how Windows handles third-party security products, defusing a barbed yearlong dispute between the companies. Microsoft, likely unenthusiastic about a fresh battle with antitrust authorities, says it will make several changes to an upcoming update to its Windows operating system, due to be released later this year. The modifications include giving anti-virus developers more leverage to use their own style of notification that subscriptions are expiring. Microsoft also pledged to give vendors more information about upcoming changes to Windows. "We appreciate the feedback and continued dialogue with our partners and are pleased to have found common ground with Kaspersky Lab on the complaints raised in Russia and Europe," writes Rob Lefferts, partner director for Windows Enterprise and Security, in a blog post.




At Defcon in Las Vegas last month, word rapidly spread that two speakers—members of Salesforce's internal "red team"—had been fired by a senior executive from Salesforce "as they left the stage." Those two speakers, who presented under their Twitter handles, were Josh "FuzzyNop" Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer. Schwartz and Cramb were presenting the details of their tool, called Meatpistol.


In the ultra-competitive information security market, vendors are known to sprinkle hyperbole among their claims and sling some mud. But the strategy has backfired for Denver-based DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to a "data exfiltration botnet."




The malware entered the North Carolina transmission plant's computer network via email last August, just as the criminals wanted, spreading like a virus and threatening to lock up the production line until the company paid a ransom


Quartz
The hackers who claim to have hacked HBO’s network and stolen 1.5 terabytes of data from it are now threatening to “put an end” to the current season of Game of Thrones if the company doesn’t pay up. The hackers released a trove of data on Monday, including the script to the upcoming fifth episode of the seventh season of Thrones, as well as internal company emails and employee contracts. Last week, the same hackers released the script to the previous episode of the flagship HBO show, as well as full episodes of Ballers and Room 104 that at the time had not yet aired. Included in the latest dump was a ransom letter embedded in a video; the text scrolls down as music from Game of Thrones plays in the background. The letter, which is addressed to HBO CEO Richard Plepler, is largely incoherent but threatens to release more data unless the company pays “our 6 month salary to bitcoin.”


Demand for cyber insurance from firms in Greater China and elsewhere in Asia is poised to soar, based on enquiries received after the "WannaCry ransomware" attack earlier this year, executives at American International Group Inc said. The U.S. insurer saw an 87 percent jump in enquiries for cyber insurance policies in May compared to April for Greater China, including Hong Kong, as a direct result of the WannaCry attack, while the global increase was 38 percent, they said.



Nationwide Mutual Insurance Co. will pay a $5.5 million settlement and update its security practices as a result of an agreement with attorneys general in 32 states and the District of Columbia in the wake of a 2012 data breach affecting more than 1.2 million individuals.



Microsoft has had enough of the Chinese Certificate Authorities (CAs) WoSign and its subsidiary StartCom's poor security. Soon, neither Internet Explorer nor Edge will recognize new security certificates from either company.



The Department of Homeland Security has issued an alert warning about cyber vulnerabilities in certain Siemens medical imaging products running Windows 7 that could enable hackers to "remotely execute arbitrary code."


Appropriately paranoid travelers have always been wary of hotel Wi-Fi. Now they have a fresh justification of their worst wireless networking fears: A Russian espionage campaign has used those Wi-Fi networks to spy on high-value hotel guests, and recently started using a leaked NSA hacking tool to upgrade their attacks. Since as early as last fall, the Russian hacker group known as APT28, or Fancy Bear, has targeted victims via their connections to hacked hotel Wi-Fi networks, according to a new report from security firm FireEye, which has closely tracked the group’s intrusions, including its breach of the Democratic National Committee ahead of last year’s election.





Chinese internet giants Tencent, Baidu and Sina Weibo are under investigation for cyber-security violations, the mainland's office for cyberspace administration said on Friday.






OnionDog, an advanced hacker group a Chinese firm claimed was targeting Korean-speaking energy and transit firms, was probably just a military drill, claims a new report. Researchers at Trend Micro examined three years worth of malware from OnionDog — around 200 total samples — and found evidence that the malware was likely developed and used in joint U.S./South Korean military exercises.



Firms could face fines of up to £17m or 4% of global turnover if they fail to protect themselves from cyber-attacks, the government has warned.

A hacking group has attacked Venezuelan government websites in an operation targeting the "dictatorship" of President Nicolás Maduro. Calling itself "The Binary Guardians", the group posted messages appearing to support the actions of a group of armed men who attacked a military base in the central city of Valencia on Sunday.


Irish electricity transmission system operator EirGrid was targeted by “state sponsored” hackers leaving its network exposed to a “



When biologists synthesize DNA, they take pains not to create or spread a dangerous stretch of genetic code that could be used to create a toxin or, worse, an infectious disease.