Pages

Thursday, June 21, 2018

Australia Forms Task Force to Guard Elections From Cyber Attacks



CEO sleepouts and charity stunts can make managers better people
CASE STUDIES: Thousands of CEOs across the country will sleep “rough” tonight to raise money for homelessness. But is it just a self-serving PR stunt?

*The secret information hidden in your hair The Conversation

This nation faces a DNA dilemma: Whether to notify people carrying cancer genes McClatchy

Hands off my data! 15 more default privacy settings you should change on your TV, cellphone plan, LinkedIn and more. WaPo

The Administration of Mayor Rahm Emanuel Keeps Monitoring Protesters ProPublica

ABC funding: Cheers as Tony Jones hit back at funding question
ABC presenter Tony Jones hit back at a Liberal Senator in a fiery on-air spat over the future of the organisation's funding.





FCW
June 14, 2018
The House Appropriations Committee approved a bill that would provide $150 million for the centralized fund created by the Modernizing Government Technology Act. The committee approved the Financial Services and General Government Appropriations bill by a 28 to 20 vote June 13.

Gov Info Security
June 14, 2018
The House Energy and Commerce Committee, which asked the healthcare sector for feedback on how to improve the cybersecurity of legacy medical devices, has received some very strong opinions on the subject. For example, the College of Healthcare Information and Management Executives and its subgroup, the Association of Executives in Healthcare Information Security, stress that healthcare provider organizations generally believe they are carrying a "disproportionate" burden of the risks involved with legacy devices, compared with the manufacturers of these products.

FOX News
June 14, 2018
“Foreign actors” obtained access to some of former Secretary of State Hillary Clinton’s emails -- including at least one email classified as “secret” -- according to a new memo from two GOP-led House committees and an internal FBI email. Fox News obtained the memo prepared by the House Judiciary and Oversight committees, which lays out key interim findings ahead of next week’s hearing with Justice Department Inspector General Michael Horowitz.

FCW
June 13, 2018
He's not sworn in yet, but Christopher Krebs was confirmed by the Senate on June 12 to lead the cybersecurity threat assessment agency at the Department of Homeland Security. Krebs has effectively been in the top job for a while as the "senior official performing the duties of" the head of the National Protection and Programs Directorate.

The Hill
June 12, 2018
A group of Democratic senators is introducing a bill aimed at securing U.S. elections from hacking efforts, the latest response to attempted Russian interference in the 2016 presidential vote. The bill introduced Tuesday is specifically designed to ensure the integrity of and bolster confidence in the federal vote count. It would require state and local governments to take two steps to ensure that votes are counted correctly. Under the legislation, states would have to use voting systems that use voter-verified paper ballots that could be audited in the event a result is called into question

Nextgov
June 11, 2018
Senate lawmakers are taking another stab at shaping the Trump administration’s cyber policy, piling cyber amendments that failed in the House onto the Senate version of the National Defense Authorization Act. One such amendment, authored by Sen. Martin Heinrich, D-N.M., would require President Donald Trump to appoint a White House cybersecurity coordinator, reversing a move by

CyberScoop
June 11, 2018
A prominent lawmaker wants to draw a line in the sand to discourage hackers from targeting U.S. election systems. Sen. Mark Warner, D-Va., proposed Monday that the United States formally declare it will respond in cyberspace to any foreign interference in American elections


ADMINISTRATION

CyberScoop
June 14, 2018
Days after the historic United States-North Korea summit, the Department of Homeland Security and FBI have warned U.S. industry about a malware variant tied to North Korean government hackers. The DHS-FBI report released Thursday on the malware, dubbed Typeframe, analyzes 11 samples, including infected Windows files and a malicious Microsoft Word document.

Politico
Former FBI Director James Comey should not have suggested that hackers could have compromised Hillary Clinton’s private email server, the Justice Department’s inspector general said in a report published today. In his July 5, 2016, statement on the FBI’s investigation into the server that Clinton used while secretary of state, Comey said it was “possible that hostile actors gained access to Secretary Clinton’s personal e-mail account.”

Fifth Domain
June 14, 2018
The federal government released new guidelines June 13 for companies to assess if they comply with requirements to handle controlled but unclassified information.

FCW
June 14, 2018
The Office of Personnel Management wants to know exactly what cybersecurity positions agencies need to fill to protect themselves and carry out their missions.

Nextgov
June 14, 2018
A Homeland Security Department dashboard designed to collect and analyze cybersecurity information from across the government is now receiving data from 20 out of 23 major civilian agencies, a department official said Wednesday. The final three agencies will be plugged into the dashboard by the end of July, said Kevin Cox, who leads Homeland Security’s continuous diagnostics and mitigation program.

CyberScoop
June 13, 2018
The government is currently planning a cybersecurity program that would allow federally funded national scientific laboratories to privately probe and then document security flaws existing in U.S. election technology, most of which is developed and sold by private companies, according to a senior U.S. official. Rob Karas, director of the National Cybersecurity Assessments and Technical Service team at the Homeland Security Department, said that multiple election technology vendors had already shown an interest in engaging on the effort.

FCW
Karen Evans, former e-government administrator under President George W. Bush, was named to head the Department of Energy's new cybersecurity office. Evans is a longtime player in the federal technology space. For six years in the Bush administration she held the position that was essentially the forerunner of the federal CIO job.

Nextgov
June 12, 2018
Homeland Security Department inspectors aren’t turning up anything shocking when they assess state and local election systems for cybersecurity vulnerabilities in advance of the 2018 midterms, an official said Tuesday.

Politico
June 11, 2018
The Treasury Department on Monday added five Russian companies and three Russian individuals to its sanctions list for supporting Moscow’s global campaign of cyberattacks. The sanctioned firms provided “material and technological support” to the FSB, Russia’s main security agency, according to the department.

The Hill
June 11, 2018
Federal authorities have arrested dozens of people for allegedly hijacking or intercepting wire transfers through sophisticated email scams, the Department of Justice (DOJ) announced Monday. Law enforcement officials arrested 74 people for allegedly carrying out business email compromise (BEC) schemes, or “cyber-enabled financial fraud" as part of Operation Wire Wire, according to a DOJ press release. Hackers execute BEC scams by impersonating employees or business executives after gaining access to their email accounts. These types of attacks use social engineering tactics to trick unsuspecting employees and business executives into making wire transfers to bank accounts that are controlled by the criminals. The elderly are particularly targeted in BEC schemes.  The Justice Department coordinated with the Department of Homeland Security (DHS), the Treasury Department and the U.S. Postal Inspection Service to track the suspected cyber crooks, which ultimately resulted in the arrest of 42 alleged fraudsters in the United States and 29 in Nigeria.

Nextgov
June 11, 2018
Two companies were awarded spots on a $45 million contract to secure the nation’s dams from cyberattacks: federal contracting giant Booz Allen Hamilton and Virginia-based small business Spry Methods. The Interior Department’s Bureau of Reclamation awarded winners on its five-year indefinite-delivery, indefinite-quantity contract for IT risk management services on June 5.

AP
June 10, 2018
The head of the Marine Corps says it’s time the U.S. military branch known for its fierce, young warriors becomes a little more mature. The Marine Corps is considering offering bonuses and other perks to entice older, more experienced Marines to re-enlist as it builds up its cyber operations to defend the nation, especially against cyberattacks from Russia and China.


INDUSTRY

Vice Motherboard
June 14, 2018
Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone’s lightning cable port into a charge-only interface if someone hasn’t unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn’t be able to unlock phones.

Reuters
June 13, 2018
British mobile phone and electricals retailer Dixons Carphone has become the victim of a major cyber attack for the second time in three years after discovering unauthorized access to its payment card data. Shares in Dixons Carphone, which issued a profit warning last month, fell as much as 6.4 percent on Wednesday, taking year-on-year losses to 37 percent. “We have taken action to close off this access and have no evidence it is continuing.

ZDNet
June 13, 2018
Microsoft has published a new draft document clarifying which security bugs will get a rapid fix and which it will let stew for a later release. The document outlines the criteria the Microsoft Security Response Center uses to decide whether a reported vulnerability gets fixed swiftly, usually in a Patch Tuesday security update, or left for a later version update.

Ars Technica
June 12, 2018
For almost 11 years, hackers have had an easy way to get macOS malware past the scrutiny of a host of third-party security tools by tricking them into believing the malicious wares were signed by Apple, researchers said Tuesday.

Wired
June 12, 2018
Last summer, a sign appeared on the door to a stuffy, windowless room at the office of Manhattan artificial-intelligence startup Clarifai. “Chamber of secrets,” it read, according to three people who saw it. The notice was a joking reference to how the small team working inside was not permitted to discuss its work with others at Clarifai. Former and current employees say the group was working on a controversial Pentagon project using machine-learning algorithms to interpret drone-surveillance imagery—and that Clarifai’s secrets were less safe than they should have been.

Reuters
Claroty, a maker of software to defend factories and industrial plants from cyber attacks, said on Monday it has raised $60 million from investors including Rockwell Automation, Schneider Electric and Siemens AG. Other investors include Singapore's state-run Temasek Holdings and several firms that participated in the company's previous $32 million, Series A funding.

Wired
June 10, 2018
One of them jailbroke Nintendo handhelds in a former life. Another has more than one zero-day exploit to his name. A third signed on just prior to the devastating Shadow Brokers leak. These are a few of the members of the Windows red team, a group of hackers inside Microsoft who spend their days finding holes in the world’s most popular operating system.



AP
Among the subjects President Donald Trump apparently didn’t discuss with North Korean leader Kim Jong Un in Singapore — the regime’s human rights abuses, its exports of missile technology and its mistreatment of U.S. prisoners — there’s one more: its long record of dangerous cyberattacks against sensitive targets in the U.S. and allied nations. Experts warn that the country’s hacking skills have become increasingly sophisticated and dangerous in recent years. North Korean exploits have included the damaging 2017 WannaCry ransomware attacks, intrusions into banks in more than a dozen countries to heist millions of dollars over the last few years, and continually brazen cyberattacks on South Korean computer networks.

Reuters
Cyber attacks from China on Taiwan’s government computers are becoming more difficult to detect, a source close to government discussions said, as hackers increasingly use online platforms such as search engines to break into systems. While the frequency of attacks by China’s cyber army has declined, the success rate of such incursions is rising, the source said.

Gov Info Security
June 15, 2018
The anti-Kaspersky Lab rhetoric continues to heat up in Europe, with the European Parliament passing a motion branding the Moscow-based anti-virus firm's software as being "confirmed as malicious." In response, Russia-based Kaspersky Lab says it's halted all work with European institutions, including Europol - the EU's law enforcement intelligence agency - until it receives clarification from the European Parliament. The company says it's also paused its work with the No More Ransom project, which provides free decryption tools to ransomware victims.

Infosecurity Magazine
The UK’s traffic control and transport systems are the latest piece of critical infrastructure (CNI) experts are warning could be sabotaged by nation state hackers. The comments came initially from Christopher Deverell, the commander of Britain’s Joint Forces Command, on BBC Radio 4’s Today program. “There are many potential angles of attack on our systems. A lot of our capabilities in society depend on our control systems which are accessible by cyber-space,” he argued. "So you can imagine threats to power stations, threats to air traffic control, threats to transport systems. We need to be able to defend ourselves against them.”

EURActiv
EU countries have been encouraged to name and shame foreign states that sponsor cybersecurity attacks, in an unusually outspoken announcement from the European Commission. The EU executive called for governments to publicly attribute blame for attacks, in a bid to discourage criminals. “The EU and its Member States need to improve their capacity to attribute cyber-attacks, not the least through enhanced intelligence sharing.

Gov Info Security
June 13, 2018
A common hacker tactic is to deploy destructive malware to distract defenders from a separate, full-on attack that targets an organization's crown jewels. Call it the electronic version of a smash-and-grab attack, but without breaking windows. This "smokescreen" style of attack was most recently used against Banco de Chile, the country's second largest bank, which on May 24 lost about $10 million due to fraudulent SWIFT wire transfers.

Reuters
The website of a Mexican political opposition party was hit by a cyber attack during Tuesday’s final television debate between presidential candidates ahead of the July 1 vote, after the site had published documents critical of the leading candidate. The National Action Party (PAN) said that its website, targeting front-runner Andres Manuel Lopez Obrador, likely suffered a distributed denial of service (DDoS) cyber attack with the bulk of traffic to the site nominally coming from Russia and China.

The Canadian Press
The federal government unveiled its plan to bolster Canada's defences against nefarious online attacks and crime Tuesday, even as it acknowledged a shortage of skilled cyber-warriors to meet the country's needs. Backstopped by more than $500 million in new funding over the next five years, Ottawa's newly released cybersecurity strategy lays out a range of initiatives to help Canadians, business and the government better protect against cyberthreats.

AP
June 12, 2018
Vietnamese legislators on Tuesday passed a contentious cybersecurity law, which critics say will hurt the economy and further restrict freedom of expression. Critics include the U.S. Embassy, which said last week it found the draft of the law containing “serious obstacles to Vietnam’s cybersecurity and digital innovation future, and may not be consistent with Vietnam’s international trade commitments.”

Reuters
The top U.S. counterintelligence official is advising Americans traveling to Russia for football’s World Cup beginning this week that they should not take electronic devices because they are likely to be hacked by criminals or the Russian government. In a statement to Reuters on Tuesday, William Evanina, an FBI agent and the director of the U.S. National Counterintelligence and Security Center, warned World Cup travelers that even if they think they are insignificant, hackers could still target them.

Reuters
Australia has established a security task force to guard against cyber attacks and interference in elections, the government said on Saturday, amid concerns foreign powers are meddling in domestic affairs and ahead of five elections next month. The newly-created Electoral Integrity Task Force will identify and address risks to Australia's electoral process, a Department of Home Affairs spokesperson told Reuters by email.


Ars Technica
June 13, 2018
A single person or group may have made as much as $90,000 over 10 months by spreading 17 malicious images that were downloaded more than 5 million times from Docker Hub, researchers said Wednesday. The repository finally removed the submissions in May, more than eight months after receiving the first complaint. Docker images are packages that typically include a pre-configured application running on top of an operating system.