Thursday, August 16, 2018

DMARC deadline looms for federal agencies


This Google manager shares his secrets of Project Aristotle for building an effective team * MEdia Dragon --- Matt Sakaguchi (he even remembers Keiko"s and Jeff"' wedding anniversaries)


To Catch A Robber, The FBI Attempted An Unprecedented Grab For Google Location Data ...


Two New South Wales men have been sentenced for their role in a significant money laundering and tax evasion scheme after an investigation by the Serious Financial Crime Taskforce (SFCT). Anthony Castagna (70) from Gordon was sentenced to seven years' imprisonment, with a non-parole period of four years and Robert Agius (68) from Sydney was sentenced to seven years' imprisonment. …

 The IRS Has Rehired Hundreds of Fired Employees. Congress Should Step In.


Reuters: “Three of every 10 candidates running for the U.S. House of Representatives have significant security problems with their websites, according to a new study by independent researchers that underscores the threat hackers pose to the November elections…A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua Franklin concluded that the websites of nearly one-third of U.S. House candidates, Democrats and Republicans alike, are vulnerable to attacks. NIST is a U.S. Commerce Department laboratory that provides advice on technical issues, including cyber security. Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation. The warnings about the midterm elections, which are less than three months away, come after Democrats have spent more than a year working to bolster cyber defenses of the party’s national, state and campaign operations





CyberScoop

August 10, 2018

A bipartisan group of House lawmakers introduced a bill Friday that aims to assist state governments in their election security efforts and boost cooperation between the federal and state officials on the issue. The bill shares the name of a companion bill in the Senate, the Secure Elections Act, which senators from both major parties have been pushing along for months.




The Hill

August 9, 2018

Democrats on the House Oversight and Government Reform Committee are urging its Republican chairman to subpoena the State Department for documents related to former Secretary Rex Tillerson’s move to close an office responsible for advancing U.S. interests in cyberspace. The letter, sent Thursday to Chairman Trey Gowdy (R-S.C.), says the State Department has not provided the necessary documents stemming from a bipartisan request almost a year ago after Tillerson disclosed to Congress his broader plan to reorganize the department.




BuzzFeed

August 8, 2018

Florida Sen. Bill Nelson claimed Wednesday that Russian hackers “right now” are “in [the] records” of county election offices, prompting confusion from Florida state and county officials who said they are unaware of such an attack. Speaking to the Tampa Bay Times, Nelson said that the hackers “have already penetrated certain counties in the state and they now have free rein to move about.”



The Hill
August 8, 2018
House Homeland Security Committee Chairman Michael McCaul (R-Texas) on Wednesday again urged the Senate to pass legislation that would rename and reorganize the Department of Homeland Security’s cyber wing, citing compounding threats to U.S. interests in cyberspace.”

The Hill
August 7, 2018
Maryland Sens. Ben Cardin and Chris Van Hollen, both Democrats, asked Treasury Secretary Steven Mnuchin on Tuesday to review a Russian oligarch’s investment in a company that runs part of the state’s election system.

Business Insider
August 4, 2018
Tabitha Isner, the Democratic candidate running in Alabama's 2nd Congressional District in this year's midterm elections, claims Russians attempted to hack her campaign's website in mid-July and that she has received little assistance from law enforcement — and even her own party — in the aftermath.


ADMINISTRATION

GCN
August 10, 2018
When it comes to cyber intrusions, email is the by far the biggest attack vector. One recent study found that phishing accounts for more than 90 percent of all successful attacks worldwide.

The Washington Post
A federal judge has dismissed a lawsuit brought by a prominent Republican fundraiser alleging the Qatari government orchestrated the hacking of his emails, saying the sovereign nation could not be sued for an overseas cyberattack.

Fifth Domain
August 9, 2018
Research conducted by the National Security Agency has found that after five hours of cyber operations, performance drops and frustration begins to increase among staffers.

FCW
August 9, 2018
The National Archives and Records Administration is (possibly) a model for federal agencies looking to comply with a binding operational directive issued by the Department of Homeland Security last year to boost security of federal websites and email.

The Washington Post
August 8, 2018
The White House is drafting an executive order that would authorize President Trump to sanction foreigners who interfere in U.S. elections, the administration’s latest effort to demonstrate it is serious about combating Russian disinformation and hacking.

Ars Technica
August 8, 2018
The Federal Communications Commission lied to members of Congress multiple times in a letter that answered questions about a "DDoS attack" that never happened, an internal investigation found. The FCC made false statements in response to a May 2017 letter sent to FCC Chairman Ajit Pai by Sens. Ron Wyden (D-Ore.) and Brian Schatz (D-Hawaii).

Vanity Fair
August 7, 2018
Almost a year ago, the Department of Homeland Security alerted roughly half of all U.S. states that their election systems had been the targets of hackers linked to Russia. Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, later confirmed the attacks. “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated,” she told NBC News in February. Even worse, experts have warned that Russia’s attempts at meddling did not end in 2016.

Gov Info Security
August 6, 2018
The cost of the city of Atlanta's mitigation and subsequent IT overhaul following a massive SamSam ransomware infection earlier this year could reach $17 million. 

FCW
August 6, 2018
As head of Army Cyber Command, Lt. Gen. Stephen Fogarty seeks to expand the command’s role beyond cyberspace to include electronic and information warfare. “We have to be careful about boxing ourselves in with the word cyber,” Fogartysaid during an Aug. 2 event hosted by the Association of the Army. environment.”

NPR
August 4, 2018
States across the country are in the process of receiving grants from the federal government to secure their voting systems. Earlier this year Congress approved $380 million in grants for states to improve election technology and "make certain election security improvements."


INDUSTRY

Wired
August 10, 2018
Security meltdowns on your smartphone are often self-inflicted: You clicked the wrong link, or installed the wrong app. But for millions of Android devices, the vulnerabilities have been baked in ahead of time, deep in the firmware, just waiting to be exploited. Who put them there? Some combination of the manufacturer that made it, and the carrier that sold it to you.

CyberScoop
August 10, 2018
The world’s most popular game just arrived on Android in an unusual and potentially dangerous way. Fortnite is a cash cow of a video game. The free-to-play, first-person-shooter contest takes in hundreds of millions of dollars every month across computers, consoles and iPhones as users make a mountain of small purchases like new clothes or dance moves for their characters.

Wired
August 10, 2018
The connected devices you think about the least are sometimes the most insecure. That's the takeaway from new research to be presented at the DefCon hacking conference Friday by Ricky Lawshae, an offensive security researcher at Trend Micro.

Ars Technica
August 10, 2018
Hackers have been exploiting a vulnerability in DLink modem routers to send people to a fake banking website that attempts to steal their login credentials, a security researcher said Friday.

Wired
August 9, 2018
The first pacemaker hacks emerged about a decade ago. But the latest variation on the terrifying theme depends not on manipulating radio commands, as many previous attacks have, but on malware installed directly on an implanted pacemaker.

Gov Info Security
August 9, 2018
Nearly two dozen security weaknesses in OpenEMR - open source electronic medical record and practice management software - left patient data vulnerable to cyberattacks before most were patched, according to the London-based security research firm Project Insecurity. "I believe, by definition, open source software is more prone to coding risks and inconsistencies than 'closed source' code'" software, says former healthcare CIO David Finn, executive vice president of security consultancy CynergisTek. "That said, plenty of bad code comes out of proprietary software developers, too." In its Aug. 7 report, Project Insecurity says researchers determined that attackers could bypass patient portal authentication, wage SQL injection attacks, complete remote code execution, gain information disclosure without authentication, upload files without restrictions, wage cross-site request forgery attacks and complete unauthenticated administrative actions.

Wired
Apple's supply chain is one of the most closely monitored and analyzed in the world, both because of the control the company exerts and keen interest from third parties. But there's still never a guarantee that a mass-produced product will come out of the box totally pristine.

Vice Motherboard
August 9, 2018
Hacking is getting harder and harder. Today, to gain meaningful, remote access to an iPhone requires a string of several different exploits, likely developed by a team of individuals focused on different parts of the operating system.

BBC
August 9, 2018
Security flaws have been found in major city infrastructure such as flood defences, radiation detection and traffic monitoring systems. A team of researchers found 17 vulnerabilities, eight of which it described as "critical". The researchers warned of so-called "panic attacks", where an attacker could manipulate emergency systems to create chaos in communities. The specific flaws uncovered by the team have been patched.

Wired
August 9, 2018
The tiny, portable credit card readers you use to pay at farmer's markets, bake sales, and smoothie shops are convenient for consumers and merchants alike.

CNet
August 8, 2018
Your safety online shouldn't be your problem -- it should be the tech giants'. Parisa Tabriz, nicknamed "Google's Security Princess" and the company's director of engineering, delivered the keynote speech at the Black Hat cybersecurity conference Wednesday in Las Vegas, where she discussed issues with the state of cybersecurity.

The Financial Times
August 8, 2018
Stock trading platforms such as AvaTrade and IQOption are failing to secure sensitive data including passwords, according to a report exposing significant vulnerabilities in their software.

Golfweek
August 8, 2018
It’s not just elections. Hackers are now targeting major golf tournaments too. Shadowy bandits have hijacked the PGA of America’s computer servers, locking officials out of crucial files related to this week’s PGA Championship at Bellerive Country Club and the upcoming Ryder Cup in France.

CyberScoop
August 7, 2018
While stories of nation-state backed hackers threatening the U.S. power sector garner regular headlines, a new experiment highlights the risk of unintended consequences when less-skilled adversaries target the sector. Researchers from Cybereason, a Boston-based company, set up a honeypot in mid-July that mimicked a utility substation’s network environment, drawing the attention of a determined attacker that repeatedly disabled the honeypot’s security system.

Bloomberg
August 6, 2018
Taiwan chipmaker TSMC, reeling from a computer virus that shut down several plants over the weekend, is expected to be able to fill orders on time for Apple Inc. as it gears up to release new iPhones later this year.


INTERNATIONAL

CyberScoop
August 10, 2018
Most of Pyongyang’s highest-profile cyberattacks over the past decade were cobbled together with bits of reused code, overlapping networking infrastructure and the indelible fingerprint of North Korean military hackers, a pair of researchers have found. North Korea has come a long way since it first emerged on the global stage as a nascent cyber threat.

CyberScoop
August 8, 2018
While the vast majority of Asia-focused cybersecurity research examines government-backed threats, a new report shows that the region’s dark web is becoming a fertile training ground for independent hackers to learn more skills and trade new exploits.

The Wall Street Journal
August 7, 2018
Iranian hackers are developing software attacks that render computer systems inoperable until a digital ransom is paid, a new report says, a threat that comes as the U.S. moves to reimpose tough economic sanctions on the country. Over the past two years, researchers at Accenture PLC’s iDefense cybersecurity-intelligence group have tracked five new types of so-called ransomware they say were built by hackers in Iran.

AFP
The biggest ever cyber attack to hit Singapore was carried out by highly sophisticated hackers typically linked to foreign governments, a cabinet minister said Monday, but did not give names. Hackers broke into a government database and stole the health records of 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong who was specifically targeted in the "unprecedented" hack, the government has said.

Reuters
August 4, 2018
Singapore's foreign minister said on Saturday that Southeast Asian nations "didn't get down to settling" a cyber security agreement with Russia. The draft of a communique seen by Reuters before meetings between regional leaders and other world delegates started on Thursday, spoke about strengthening cooperation with Russia, accused of meddling in U.S. elections, in the field of cybersecurity. The wording was dropped in the final communique issued on Thursday evening. Asked about the proposed agreement, Vivian Balakrishnan told reporters: "We didn't get down to settling it."


TECHNOLOGY

Wired
August 10, 2018
Researchers who study stylometry—the statistical analysis of linguistic style—have long known that writing is a unique, individualistic process. The vocabulary you select, your syntax, and your grammatical decisions leave behind a signature.

CNBC
August 9, 2018
This week in Las Vegas, some of the most talented cybersecurity minds have gathered to take part in two of the year's biggest hacker conferences, Blackhat and Defcon. The highlights of these conferences are often what can best be described as cyber magic tricks, where technicians show off their skills by proving how they can break into various devices, such as computers inside cars, voting machines and medical instruments.

CyberScoop
August 8, 2018
The delicate process for disclosing software and hardware bugs in medical devices has made important strides in recent years, according to experts, as big manufacturers have set up disclosure programs and the threat of lawsuits against security researchers has receded. =

Vice Motherboard
August 8, 2018
Hackers could mess with a city’s water supplies without attacking its critical infrastructure directly, but instead targeting its weakest link: internet-connected sprinklers, researchers warn in a new academic study.

Bleeping Computer
August 7, 2018
Let's Encrypt announced yesterday that they are now directly trusted by all major root certificate programs including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. 


  
Heavyweight operational agencies enter Thodey’s ring
VERONA BURGESS: Home Affairs and ATO advocate a far more cohesive and collaborative APS and suggest ways of removing barriers to cross-agency and whole-of-government cooperation.
  




'Blatantly political' appointments risk public trust, says Labor MP
'POLITICAL APPOINTMENTS': Australia should reconsider how it doles out senior public service jobs, argues public servant-turned-Labor backbencher Julian Hill.


  1.