CEO sleepouts and charity stunts can make managers better people
CASE STUDIES: Thousands of CEOs across the country will sleep “rough” tonight to raise money for homelessness. But is it just a self-serving PR stunt?
*The secret information hidden in your hair The Conversation
This nation faces a DNA dilemma: Whether to notify people carrying cancer genes McClatchy
Hands off my data! 15 more default privacy settings you should change on your TV, cellphone plan, LinkedIn and more. WaPo
The Administration of Mayor Rahm Emanuel Keeps Monitoring Protesters ProPublica
ABC funding: Cheers as Tony Jones hit back at funding question
ABC presenter Tony Jones hit back at a Liberal Senator in a fiery on-air spat over the future of the organisation's funding.
Footage from Liberal Party meeting reveals who voted to sell the ABC
The
divisive Liberal Party vote to privatise the ABC was backed by at least
four of the party's top federal officials, according to footage that
also shows the idea ...
FCW
June 14,
2018
The House
Appropriations Committee approved a bill that would provide $150 million for
the centralized fund created by the Modernizing Government Technology Act. The
committee approved the Financial Services and General Government Appropriations
bill by a 28 to 20 vote June 13.
Gov Info
Security
June 14,
2018
The House
Energy and Commerce Committee, which asked the healthcare sector for feedback
on how to improve the cybersecurity of legacy medical devices, has received
some very strong opinions on the subject. For example, the College of
Healthcare Information and Management Executives and its subgroup, the
Association of Executives in Healthcare Information Security, stress that
healthcare provider organizations generally believe they are carrying a
"disproportionate" burden of the risks involved with legacy devices,
compared with the manufacturers of these products.
FOX News
June 14,
2018
“Foreign
actors” obtained access to some of former Secretary of State Hillary Clinton’s
emails -- including at least one email classified as “secret” -- according to a
new memo from two GOP-led House committees and an internal FBI email. Fox News
obtained the memo prepared by the House Judiciary and Oversight committees,
which lays out key interim findings ahead of next week’s hearing with Justice
Department Inspector General Michael Horowitz.
FCW
June 13,
2018
He's not
sworn in yet, but Christopher Krebs was confirmed by the Senate on June 12 to
lead the cybersecurity threat assessment agency at the Department of Homeland
Security. Krebs has effectively been in the top job for a while as the
"senior official performing the duties of" the head of the National
Protection and Programs Directorate.
The Hill
June 12,
2018
A group of
Democratic senators is introducing a bill aimed at securing U.S. elections from
hacking efforts, the latest response to attempted Russian interference in the
2016 presidential vote. The bill introduced Tuesday is specifically designed to
ensure the integrity of and bolster confidence in the federal vote count. It
would require state and local governments to take two steps to ensure that
votes are counted correctly. Under the legislation, states would have to use
voting systems that use voter-verified paper ballots that could be audited in
the event a result is called into question
Nextgov
June 11,
2018
Senate
lawmakers are taking another stab at shaping the Trump administration’s cyber
policy, piling cyber amendments that failed in the House onto the Senate
version of the National Defense Authorization Act. One such amendment, authored
by Sen. Martin Heinrich, D-N.M., would require President Donald Trump to
appoint a White House cybersecurity coordinator, reversing a move by
CyberScoop
June 11,
2018
A prominent
lawmaker wants to draw a line in the sand to discourage hackers from targeting
U.S. election systems. Sen. Mark Warner, D-Va., proposed Monday that the United
States formally declare it will respond in cyberspace to any foreign
interference in American elections
ADMINISTRATION
CyberScoop
June 14,
2018
Days after
the historic United States-North Korea summit, the Department of Homeland
Security and FBI have warned U.S. industry about a malware variant tied to
North Korean government hackers. The DHS-FBI report released Thursday on the
malware, dubbed Typeframe, analyzes 11 samples, including infected Windows
files and a malicious Microsoft Word document.
Politico
Former FBI
Director James Comey should not have suggested that hackers could have
compromised Hillary Clinton’s private email server, the Justice Department’s
inspector general said in a report published today. In his July 5, 2016,
statement on the FBI’s investigation into the server that Clinton used while
secretary of state, Comey said it was “possible that hostile actors gained
access to Secretary Clinton’s personal e-mail account.”
Fifth
Domain
June 14,
2018
The federal
government released new guidelines June 13 for companies to assess if they
comply with requirements to handle controlled but unclassified information.
FCW
June 14,
2018
The Office
of Personnel Management wants to know exactly what cybersecurity positions
agencies need to fill to protect themselves and carry out their missions.
Nextgov
June 14,
2018
A Homeland
Security Department dashboard designed to collect and analyze cybersecurity
information from across the government is now receiving data from 20 out of 23
major civilian agencies, a department official said Wednesday. The final three
agencies will be plugged into the dashboard by the end of July, said Kevin Cox,
who leads Homeland Security’s continuous diagnostics and mitigation program.
CyberScoop
June 13,
2018
The
government is currently planning a cybersecurity program that would allow
federally funded national scientific laboratories to privately probe and then
document security flaws existing in U.S. election technology, most of which is
developed and sold by private companies, according to a senior U.S. official.
Rob Karas, director of the National Cybersecurity Assessments and Technical
Service team at the Homeland Security Department, said that multiple election
technology vendors had already shown an interest in engaging on the effort.
FCW
Karen
Evans, former e-government administrator under President George W. Bush, was
named to head the Department of Energy's new cybersecurity office. Evans is a
longtime player in the federal technology space. For six years in the Bush
administration she held the position that was essentially the forerunner of the
federal CIO job.
Nextgov
June 12,
2018
Homeland
Security Department inspectors aren’t turning up anything shocking when they
assess state and local election systems for cybersecurity vulnerabilities in
advance of the 2018 midterms, an official said Tuesday.
Politico
June 11,
2018
The
Treasury Department on Monday added five Russian companies and three Russian
individuals to its sanctions list for supporting Moscow’s global campaign of
cyberattacks. The sanctioned firms provided “material and technological
support” to the FSB, Russia’s main security agency, according to the
department.
The Hill
June 11,
2018
Federal
authorities have arrested dozens of people for allegedly hijacking or
intercepting wire transfers through sophisticated email scams, the Department
of Justice (DOJ) announced Monday. Law enforcement officials arrested 74 people
for allegedly carrying out business email compromise (BEC) schemes, or
“cyber-enabled financial fraud" as part of Operation Wire Wire, according
to a DOJ press release. Hackers execute BEC scams by impersonating employees or
business executives after gaining access to their email accounts. These types
of attacks use social engineering tactics to trick unsuspecting employees and
business executives into making wire transfers to bank accounts that are
controlled by the criminals. The elderly are particularly targeted in BEC schemes.
The Justice Department coordinated with the Department of Homeland
Security (DHS), the Treasury Department and the U.S. Postal Inspection Service
to track the suspected cyber crooks, which ultimately resulted in the arrest of
42 alleged fraudsters in the United States and 29 in Nigeria.
Nextgov
June 11,
2018
Two
companies were awarded spots on a $45 million contract to secure the nation’s
dams from cyberattacks: federal contracting giant Booz Allen Hamilton and
Virginia-based small business Spry Methods. The Interior Department’s Bureau of
Reclamation awarded winners on its five-year indefinite-delivery,
indefinite-quantity contract for IT risk management services on June 5.
AP
June 10,
2018
The head of
the Marine Corps says it’s time the U.S. military branch known for its fierce,
young warriors becomes a little more mature. The Marine Corps is considering
offering bonuses and other perks to entice older, more experienced Marines to
re-enlist as it builds up its cyber operations to defend the nation, especially
against cyberattacks from Russia and China.
INDUSTRY
Vice
Motherboard
June 14,
2018
Apple
confirmed to The New York Times Wednesday it was going to introduce a new
security feature, first reported by Motherboard. USB Restricted Mode, as the
new feature is called, essentially turns the iPhone’s lightning cable port into
a charge-only interface if someone hasn’t unlocked the device with its passcode
within the last hour, meaning phone forensic tools shouldn’t be able to unlock
phones.
Reuters
June 13,
2018
British
mobile phone and electricals retailer Dixons Carphone has become the victim of
a major cyber attack for the second time in three years after discovering
unauthorized access to its payment card data. Shares in Dixons Carphone, which
issued a profit warning last month, fell as much as 6.4 percent on Wednesday,
taking year-on-year losses to 37 percent. “We have taken action to close off
this access and have no evidence it is continuing.
ZDNet
June 13,
2018
Microsoft
has published a new draft document clarifying which security bugs will get a
rapid fix and which it will let stew for a later release. The document outlines
the criteria the Microsoft Security Response Center uses to decide whether a
reported vulnerability gets fixed swiftly, usually in a Patch Tuesday security
update, or left for a later version update.
Ars
Technica
June 12,
2018
For almost
11 years, hackers have had an easy way to get macOS malware past the scrutiny
of a host of third-party security tools by tricking them into believing the
malicious wares were signed by Apple, researchers said Tuesday.
Wired
June 12,
2018
Last
summer, a sign appeared on the door to a stuffy, windowless room at the office
of Manhattan artificial-intelligence startup Clarifai. “Chamber of secrets,” it
read, according to three people who saw it. The notice was a joking reference
to how the small team working inside was not permitted to discuss its work with
others at Clarifai. Former and current employees say the group was working on a
controversial Pentagon project using machine-learning algorithms to interpret
drone-surveillance imagery—and that Clarifai’s secrets were less safe than they
should have been.
Reuters
Claroty, a
maker of software to defend factories and industrial plants from cyber attacks,
said on Monday it has raised $60 million from investors including Rockwell
Automation, Schneider Electric and Siemens AG. Other investors include
Singapore's state-run Temasek Holdings and several firms that participated in
the company's previous $32 million, Series A funding.
Wired
June 10,
2018
One of them
jailbroke Nintendo handhelds in a former life. Another has more than one
zero-day exploit to his name. A third signed on just prior to the devastating
Shadow Brokers leak. These are a few of the members of the Windows red team, a
group of hackers inside Microsoft who spend their days finding holes in the
world’s most popular operating system.
AP
Among the
subjects President Donald Trump apparently didn’t discuss with North Korean
leader Kim Jong Un in Singapore — the regime’s human rights abuses, its exports
of missile technology and its mistreatment of U.S. prisoners — there’s one
more: its long record of dangerous cyberattacks against sensitive targets in
the U.S. and allied nations. Experts warn that the country’s hacking skills
have become increasingly sophisticated and dangerous in recent years. North
Korean exploits have included the damaging 2017 WannaCry ransomware attacks,
intrusions into banks in more than a dozen countries to heist millions of
dollars over the last few years, and continually brazen cyberattacks on South
Korean computer networks.
Reuters
Cyber
attacks from China on Taiwan’s government computers are becoming more difficult
to detect, a source close to government discussions said, as hackers
increasingly use online platforms such as search engines to break into systems.
While the frequency of attacks by China’s cyber army has declined, the success
rate of such incursions is rising, the source said.
Gov Info Security
June 15,
2018
The anti-Kaspersky Lab rhetoric continues to heat up in Europe, with the
European Parliament passing a motion branding the Moscow-based anti-virus
firm's software as being "confirmed as malicious." In response,
Russia-based Kaspersky Lab says it's halted all work with European
institutions, including Europol - the EU's law enforcement intelligence agency
- until it receives clarification from the European Parliament. The company
says it's also paused its work with the No More Ransom project, which provides
free decryption tools to ransomware victims.
Infosecurity
Magazine
The UK’s
traffic control and transport systems are the latest piece of critical
infrastructure (CNI) experts are warning could be sabotaged by nation state
hackers. The comments came initially from Christopher Deverell, the commander
of Britain’s Joint Forces Command, on BBC Radio 4’s Today program. “There are
many potential angles of attack on our systems. A lot of our capabilities in
society depend on our control systems which are accessible by cyber-space,” he
argued. "So you can imagine threats to power stations, threats to air
traffic control, threats to transport systems. We need to be able to defend ourselves
against them.”
EURActiv
EU
countries have been encouraged to name and shame foreign states that sponsor
cybersecurity attacks, in an unusually outspoken announcement from the European
Commission. The EU executive called for governments to publicly attribute blame
for attacks, in a bid to discourage criminals. “The EU and its Member States
need to improve their capacity to attribute cyber-attacks, not the least
through enhanced intelligence sharing.
Gov Info Security
June 13,
2018
A common
hacker tactic is to deploy destructive malware to distract defenders from a
separate, full-on attack that targets an organization's crown jewels. Call it
the electronic version of a smash-and-grab attack, but without breaking
windows. This "smokescreen" style of attack was most recently used
against Banco de Chile, the country's second largest bank, which on May 24 lost
about $10 million due to fraudulent SWIFT wire transfers.
Reuters
The website
of a Mexican political opposition party was hit by a cyber attack during
Tuesday’s final television debate between presidential candidates ahead of the
July 1 vote, after the site had published documents critical of the leading
candidate. The National Action Party (PAN) said that its website, targeting
front-runner Andres Manuel Lopez Obrador, likely suffered a distributed denial
of service (DDoS) cyber attack with the bulk of traffic to the site nominally
coming from Russia and China.
The
Canadian Press
The federal
government unveiled its plan to bolster Canada's defences against nefarious
online attacks and crime Tuesday, even as it acknowledged a shortage of skilled
cyber-warriors to meet the country's needs. Backstopped by more than $500
million in new funding over the next five years, Ottawa's newly released
cybersecurity strategy lays out a range of initiatives to help Canadians,
business and the government better protect against cyberthreats.
AP
June 12,
2018
Vietnamese
legislators on Tuesday passed a contentious cybersecurity law, which critics
say will hurt the economy and further restrict freedom of expression. Critics
include the U.S. Embassy, which said last week it found the draft of the law
containing “serious obstacles to Vietnam’s cybersecurity and digital innovation
future, and may not be consistent with Vietnam’s international trade
commitments.”
Reuters
The top
U.S. counterintelligence official is advising Americans traveling to Russia for
football’s World Cup beginning this week that they should not take electronic
devices because they are likely to be hacked by criminals or the Russian
government. In a statement to Reuters on Tuesday, William Evanina, an FBI agent
and the director of the U.S. National Counterintelligence and Security Center,
warned World Cup travelers that even if they think they are insignificant,
hackers could still target them.
Reuters
Australia
has established a security task force to guard against cyber attacks and
interference in elections, the government said on Saturday, amid concerns
foreign powers are meddling in domestic affairs and ahead of five elections
next month. The newly-created Electoral Integrity Task Force will identify and
address risks to Australia's electoral process, a Department of Home Affairs
spokesperson told Reuters by email.
Ars Technica
June 13,
2018
A single
person or group may have made as much as $90,000 over 10 months by spreading 17
malicious images that were downloaded more than 5 million times from Docker
Hub, researchers said Wednesday. The repository finally removed the submissions
in May, more than eight months after receiving the first complaint. Docker
images are packages that typically include a pre-configured application running
on top of an operating system.
