Wednesday, September 05, 2018

Critical Cyber Threat Actors



This is the fourth video of this five-part blog series with Step Change. Here I share what I have learned about failure and why it is necessary for growth. The key is to adapt a new formula and way of thinking: fail fast, learn fast, and fix fast. This correlates to Business IQ and is what leaders need to be mindful of. To win, you should never be afraid of failing fast. In fact, fail all you want. But only make the same mistake once.  How to Achieve Growth through Failing Fast
https://vimeo.com/281204377

Psychic Nikki Haley: If There Is A Future Chemical Weapons Attack, Assad Did It Caitlin Johnstone 
The baroness, the ICO fiasco, and enter Steve Wozniak FT Alphaville. Also entertaining. First sentence: “Earlier this year, we brought you news that Scottish lingerie entrepreneur-turned Conservative peer Michelle Mone and her businessman boyfriend Doug Barrowman were launching an initial coin offering (ICO).”

Teachers moonlighting on Instagram


Ralph Waldo Emerson: “Envy is the tax which all distinction must pay.”

Maybe it’s because I’m part of the cassette generation, but I’m just charmed byIBM researcher Mark Lantz’s ode to that great innovation in data storage, magnetic tape. What could be seen as an intermediate but mostly dead technology is actually quite alive and thriving.
Indeed, much of the world’s data is still kept on tape, including data for basic science, such as particle physics and radio astronomy, human heritage and national archives, major motion pictures, banking, insurance, oil exploration, and more. There is even a cadre of people (including me, trained in materials science, engineering, or physics) whose job it is to keep improving tape storage…

The theft of rare books from libraries has long been so easy that it makes even the least talented thief think he's a criminal mastermind Book thieves 



China and Russia still harbor many of the same ambitions they held during the Cold War, only having dropped all the Communist ideological window dressing. That one simple trick seems to have blinded our foreign policy establishment for the last couple of decades.










Fukuyama: What Happened After The End Of History


“It began to unfold back in the ’60s and ’70s, when identity came to the forefront. People felt unfulfilled. They felt they had these true selves that weren’t being recognized. In the absence of a common cultural framework previously set by religion, people were at a loss. Psychology and psychiatry stepped into that breach. In the medical profession, treating mental health has a therapeutic mission, and it became legitimate to say the objective of society ought to be improving people’s sense of self-esteem. This became part of the mission of universities, which made it difficult to set educational criteria as opposed to therapeutic criteria aimed at making students feel good about themselves. This is what led to many of the conflicts over multiculturalism.”

 Stay tuned for the next part of this video series with Step Change.




CyberScoop

August 27, 2018

The industrywide program for documenting hardware and software vulnerabilities suffers from fluctuating funding and insufficient oversight, according to a more than yearlong investigation by the House Energy and Commerce Committee. “The historical practices for managing the … program are clearly insufficient,” members of the committee wrote in letters Monday to the Department of Homeland Security, which sponsors the program, and the not-for-profit MITRE Corp., which maintains it. “


Nextgov
August 27, 2018
Shortly before Gen. Keith Alexander’s April 2010 hearing to be the first chief of U.S. Cyber Command, Sen. John McCain, R-Ariz., approached the general with a question. During the 2008 presidential contest, when McCain was the Republican nominee, hackers rumored to be from China had breached his campaign’s computers.

AP
August 26, 2018
Caught in one of the toughest campaign fights in his lengthy political career, U.S. Sen. Bill Nelson's recent comments that Russians are meddling in Florida's election system have triggered a firestorm for the mild-mannered politician.


ADMINISTRATION

Vice Motherboard
August 30, 2018
After more than a decade of headlines about the vulnerability of US voting machines to hacking, it turns out the federal government says it may not be able to prosecute election hacking under the federal law that currently governs computer intrusions. Per a Justice Department report issued in July from the Attorney General's Cyber Digital Task Force, electronic voting machines may not qualify as "protected computers" under the Computer Fraud and Abuse Act, the 1986 law that prohibits unauthorized access to protected computers and networks or access that exceeds authorization (such as an insider breach).

Federal News Radio
The ability to answer the 2020 decennial count online has the Government Accountability Office taking a hard look at how the Census Bureau plans to safeguard the personally identifiable information (PII) of hundreds of millions of households from cyber attacks. In its latest review, GAO found that Census, as of June, had reported 3,100 security weaknesses “that need to be addressed in the coming months.” “Because the 2020 Census involves collecting personal information from over a hundred million households across the country, it will be important that the Bureau addresses system security weaknesses in a timely manner and ensures that risks are at an acceptable level before systems are deployed,” GAO wrote in the report it released Thursday. Of those, Census considers 43 of those vulnerabilities “very high risk” or “high risk” weaknesses.  In addition, the agency told GAO that 2,700 of those weaknesses were linked to IT infrastructure components being developed by its technical integration contractor, T-Rex Solutions.

The Washington Post
August 29, 2018
The FBI on Wednesday pushed back on an unfounded claim by President Trump that Hillary Clinton’s emails were hacked by China, saying it had found no evidence that the private servers she used while secretary of state had been compromised.

Nextgov
August 29, 2018
The State Department’s consular division isn’t sufficiently protecting the data on a computer system it uses to analyze whether people seeking U.S. visas are being forthright about who they are and where they’ve traveled, according to an audit released Tuesday

KABC
August 29, 2018
Secretary of State Alex Padilla says there is no evidence the 2016 California state elections were compromised in any way by the Russians.  

Nextgov
August 28, 2018
Changes are coming to how agencies report on their cybersecurity posture as FISMA guidelines are updated to better reflect the administration’s focus and priorities, a top tech official said.

FCW
August 28, 2018
When the Department of Homeland Security announced the formation of a new National Risk Management Center in July to handle cybersecurity threats and engage with the private sector, some wondered how the center's mission would overlap or conflict with another DHS organ, the National Cybersecurity and Communications Integration Center.

CNN
August 27, 2018
The Democratic National Committee announced last Wednesday that it had thwarted what it believed was a sophisticated attempt to hack into its voter database. But everything wasn't what it seemed. The DNC later learned the attempt wasn't the work of an adversary, but had come from within.


INDUSTRY

CyberScoop
August 30, 2018
While there are a number of companies that build and sell election-related technology, ES&S has been the most notable as of late. The company’s CEO released a letter last week that took issue with calls from lawmakers to work with anonymous researchers, like those at the DEF CON Voting Village that uncovered various vulnerabilities in election-related hardware and software.

Wired
August 29, 2018
It might feel like there's always a new smartphone on the market with next-generation features that make yours obsolete. But no matter how many iterations mobile devices go through, they're in many ways still based on decades-old electronics. In fact, antiquated 20th century telephone tech can be used to carry out decidedly 21st century attacks on many mainstream smartphones.

Ars Technica
August 29, 2018
A privilege escalation flaw in Windows 10 was disclosed earlier this week on Twitter. The flaw allows anyone with the ability to run code on a system to elevate their privileges to "SYSTEM" level, the level used by most parts of the operating system and the nearest thing that Windows has to an all-powerful superuser

CBC
August 29, 2018
Air Canada says the personal information for about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app, so the company has locked down all 1.7 million accounts as a precaution until customers change their passwords.and country of residence could have been accessed, if users had them saved in their profile on the app.

Gov Info Security
August 28, 2018
Spain's central bank says its website was intermittently offline on Monday as it struggled to repel a distributed denial-of-service attack. But Banco de España says the DDoS disruption didn't have any effect on the organization's operations. It said communications with the European Central Bank were unaffected and that there was no evidence that it had suffered any type of data breach.

CyberScoop
August 28, 2018
Indegy, an industrial-controls cybersecurity company, announced Tuesday that it raised $18 million in Series B investment funding. The company, based in New York with offices in Tel Aviv, Israel, provides threat detection and mitigation services for customers that operate industrial control systems (ICS).

INTERNATIONAL

The New York Times
August 31, 2018
The rulers of the United Arab Emirates had been using Israeli spyware for more than a year, secretly turning the smartphones of dissidents at home or rivals abroad into surveillance devices.

Nextgov
August 31, 2018
Homeland Security Secretary Kirstjen Nielsen joined leaders of the U.S.’s four major intelligence sharing partners Thursday in a statement urging tech companies to help law enforcement access otherwise-encrypted communications from criminals and terrorists.

CyberScoop
August 30, 2018
Germany’s federal government will launch a new cybersecurity research agency with funding of €200 million over the next five years, the country’s defense and interior ministers announced on Wednesday. The agency’s goal is to make Germany technologically independent of other powers with regards to cybersecurity.

Reuters
Russia is experimenting with more precise technology to block individual online services after an attempt to shut down banned messaging service Telegram failed, but Moscow has yet to find a way to shut it down without hitting other traffic.

Haaretz
August 29, 2018
When Israel’s cabinet approved a plan, strongly backed by Prime Minister Benjamin Netanyahu, to form a Nation Cyber Defense Authority in 2015, the idea was first and foremost to help businesses that didn’t have the financial and human resources to protect themselves.

Infosecurity Magazine
August 28, 2018
Poland's National Cybersecurity System Act, which aims to ensure an appropriate level of security of ICT systems, today enters into full effect. Originally adopted on 5 July 2018 by the Sejm, the lower house of the Parliament of Poland, the system covers a wide range of entities from operators of essential services to digital service providers and a cybersecurity council.

AP
Even men and women of the cloth aren't safe from 21st-century cyberspies. The Associated Press has found that the same hackers charged with intervening in the 2016 U.S. presidential election also spent years trying to eavesdrop on Ecumenical Patriarch Bartholomew I, often described as the first among equals of the world's Eastern Orthodox Christian leaders.
  
Dark Reading
August 27, 2018
The school year has barely begun and things are off to a rocky start for some colleges: Cobalt Dickens, a threat group linked to the Iranian government, has been spotted targeting universities worldwide in a large-scale credential theft campaign.

Ars Technica
August 28, 2018
Ever wonder what the people on the other end of a Hangouts session are really looking at on their screens? With a little help from machine learning, you might be able to take a peek over their shoulders, based on research published at the CRYPTO 2018 conference in Santa Barbara last week.

CNET
August 28, 2018
Looking to keep your bitcoin fortune safe? Here's one option: Hide your password inside a micro tube of DNA.