Thursday, March 28, 2019

Australia's Intelligence Agency Publishes its Vulnerability Disclosure Process

A stolen Picasso vanished for 20 years. Then the art world's 'Indiana ...


Exploring Berlin with Lynette Wood, Australia's ambassador to ...



Electrical lock system suspected of trapping Mosque shooting victims


When the gunman began to attack the Al Noor mosque, Ahmed Alayedy scrambled to get to the nearest emergency exit. But the door was locked.



Who's who of Liberals kick up their heels at Sydney Institute dinner


If Saturday at the Sofitel, Sunday at the CBD Hotel and Monday at the Terminus was not enough, the Liberal Party faithful always had the Sydney Institute’s annual dinner to satisfy.

Marina Butina: The Russian in the NRA

US pro-gun advocate Maria Butina has been charged in the US for conspiracy. (Facebook)RUSSIA, IF YOU'RE LISTENING
Marina Butina is the only Russian secret agent behind bars for meddling in the US election.

Tiny Asian nation to punish gay sex and adultery with death by stoning

Beginning next week, adultery and gay sex will be punishable by death in the tiny Asian nation just north of Australia.

Chinese officials issue stark warning about South China Sea confrontation

Two senior officials speak up to threaten "more countermeasures" against the United States in the contested waterway.


Consumer Data Protection: Consumer reporting agencies are companies that collect, maintain, and sell vast amounts of sensitive data. GAO-19-469T: Published: Mar 26, 2019. Publicly Released: Mar 26, 2019.

“In 2017, a breach at Equifax, one of the largest companies, compromised at least 145.5 million consumers’ data. “Consumers have little control over what information these companies have, so federal oversight is important—and it could be improved. For example, the Consumer Financial Protection Bureau doesn’t routinely consider data security risk when prioritizing its company examinations. This testimony is based on a report in which we recommended improving federal enforcement of data safeguards and oversight of company security practices.”



How the Press That Sold the Iraq War Got Away With It Matt Taibbi, Rolling Stone


Should Grindr users worry about what China will do with their data?




Meet the ex-cop behind China’s largest Grindr-style gay dating app



Executives in custody as China chemical plant explosion death toll reaches 47, with 640 injured South China Morning Post. Oddly, or not, there seems to be no talk of arresting the executives responsible for the petrochemical fire in Houston.
Gangs using dead rats to smuggle drugs into Dorset prison Guardian



FCW

March 22, 2019

A Department of Homeland Security official said there are still "a handful" of federal agencies left who have yet to fully comply with a January 2019 emergency directive on DNS tampering and provided further insight on a budget request for technology to provide earlier detection of such threats in the future. At a Mar. 21 meeting of the Information Security and Privacy Advisory Board, Michael Duffy, Acting Deputy Director of the Federal Network Resilience Division, briefed members on the federal government's response to a two-year global DNS tampering campaign.



Fifth Domain

March 22, 2019

Maj. Gen. John Morrison has been selected as the next chief of staff at U.S. Cyber Command, according to a March 21 announcement from the Department of Defense. Currently, Morrison is the commanding general of Fort Gordon and the Army’s Cyber Center of Excellence. In this role, Morrison has overseen the development of new doctrine and capabilities for the Army in the cyber and electronic warfare domains. The Army has been making a rapid series of changes to stay ahead of threats (in the cyber domain) and catch up to others (in electronic warfare). “When it comes to electronic warfare, we are outgunned … We are plain outgunned by peer and near-peer competitors,” he said in 2017. Under Morrison’s leadership, the Army developed a new approach it calls cyberspace and electromagnetic activities (CEMA), fusing cyber and electronic warfare capabilities at the tactical and operational level of war.



FCW


Getting cybersecurity and tech talent into government has been a top management priority spanning administrations, but there remain fundamental challenges in selling government as an employer. The U.S. Cyber Challenge, launched by former Federal CIO Karen Evans in 2010, holds camps and competitions around the country and helps students burnish their resumes and introduces them to recruiters. USCCC leaders and participants said at a March 21 event that the government faces marketing and process challenges when it comes to attracting young cyber talent. Doug Logan, USCC's chief technologist, said that for all the focus on government's inability to compete with private-sector pay, the exact dollar figure, while important, isn't disqualifying. "The first reason why everyone tells me they don't want to work for the federal government is they think it's boring," he said.



Nextgov

March 21, 2019

The priorities and efforts of the Energy Department’s nascent Office of Cybersecurity, Energy Security, and Emergency Response, or CESER, were laid out by its first acting Principal Deputy Assistant Secretary Adrienne Lotto Thursday. “We all see the magnitude and sophistication of the threats facing our energy infrastructure. Our nation’s electricity, fuel and delivery systems have become more complex and even more interdependent,” Lotto told attendees of the Association for Federal Information Resources Management’s Cybersecurity Summit in Washington. “As a result, the threat against the sector has become even more frequent and more sophisticated.” In response, she said Energy Secretary Rick Perry created the new office in February 2018 to elevate the threats to the public and private sectors and allocate resources and a workforce to address those threats head-on. The president included $96 million in the fiscal 2019 budget request to stand up the office. Lotto said CESER leads the department’s efforts to secure the nation’s energy infrastructure against all hazards, reduce both the risks and impacts of cyber and other disruptive events, and assist in restoration when disruptions do happen—because they inevitably will.



Gov Info Security

March 21, 2019

A North Carolina county is recovering from the third ransomware attack that has hit its IT systems in the last six years. However, a spokesman says that no data has been lost or stolen. The ransomware attack against Orange County, North Carolina, was first detected by the government's IT staff on Monday. Some of the areas affected by the incident include the computers at the local library, the tax department, the planning board and the county register of deeds, which means real estate closings and marriage licenses could not be processed. The county's sheriff's department was also disrupted and deputies could not access criminal records or other information, officials say. It's the third time in six years that this one county has been hit by ransomware, local CBS affiliate WNCN reports.



FCW

March 20, 2019

The National Institute of Standards and Technology is inching closer to developing two new encryption standards designed to protect the federal government from new and emerging cybersecurity threats. Many experts believe the advanced computing capabilities of quantum computers will render most traditional encryption protocols used today obsolete. While true quantum computing is still decades away, the federal government is already preparing contingencies for how to defend its current IT assets and equipment from the threat. In a March 20 briefing to the Information Security and Privacy Advisory Board, Matthew Scholl, Chief of the Computer Security Division at NIST, said the agency spent much of the past year evaluating 69 algorithms for its Post Quantum Cryptography Standardization project, a 2016 project designed to protect the machines used by federal agencies today from the encryption-breaking tools of tomorrow.



Gov Info Security


The Food and Drug Administration is generally on the right track in updating guidance for the cybersecurity of premarket medical devices. But various changes are needed, according to some of the three dozen-plus healthcare sector companies and groups recently submitting feedback to the agency. Some of the associations submitting comments on FDA's draft guidance suggested modifications to the agency's call for a "cybersecurity bill of materials," or CBOM, that medical device makers would need to submit to the FDA for premarket review. Some also critiqued FDA's proposal to define two tiers of medical devices based on their cybersecurity risk. The FDA had requested comment by March 18 on its "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices," which was issued last October. That draft premarket guidance is a significant refresh of FDA's 2014 guidance, the agency noted last fall.



FCW

March 19, 2019

The latest budget request for the Cybersecurity and Infrastructure Security Agency would continue funding core federal cybersecurity programs while exploring new tech programs around DNS threats, botnet detection and malware analysis. The budget overview for CISA seeks $1.1 billion for cybersecurity operations. About half of that covers the National Cybersecurity Protection System (NCPS), which includes Einstein ($405 million) and the Continuous Diagnostics and Mitigation program ($232 million). The budget document includes targets for both programs: CISA hopes to have 63 percent of agencies sharing user activity data via the DHS-managed federal dashboard under CDM by the end of fiscal year 2020. DHS spent the past year helping agencies hook up to a federal reporting dashboard and tinkering with the program and procurement structure, shifting from tracking individual agency progress by phases to capabilities and rolling out CDM DEFEND, a new contracting vehicle. The shift from phases to capabilities came after Congress complained the old approach prevented agencies from implementing multiple phases of the program at the same time.



CyberScoop

March 19, 2019

Department of Homeland Security officials plan to visit European allies to share lessons learned from defending the 2018 U.S. midterm elections, a top DHS official said Tuesday. “What we’re doing is taking some of the ’16 and ’18 lessons learned, packaging them together, and then doing a bit of a roadshow,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, told reporters. Details of the trip are still being finalized, but Krebs said it also would offer CISA officials an update from the field on adversary activity ahead of the 2020 U.S. presidential election. Many millions of Europeans are expected to head to the polls in late May to choose new representatives in the European Union parliament. European officials have issued a series of warnings that Russia is likely to interfere in the vote, including an assessment last week from Estonia’s foreign intelligence agency. In another key election, Ukrainians will choose a president later this month. The Ukrainian president has already accused the Russian government of conducting distributed denial-of-service attacks on Ukraine’s election commission website. All of those threats matter to the CISA teams charged with protecting the 2020 vote in the U.S.



The New York Times

March 18, 2019

Kirstjen Nielsen, the homeland security secretary, said on Monday that cyberthreats against the United States were a national security crisis that she described as her top priority — not the situation for which President Trump last month declared a national emergency. “On top of my list of threats, that many of you can guess, the word ‘cyber’ is circled, highlighted and underlined,” Ms. Nielsen said in a speech outlining her department’s focus in the coming year. “The cyberdomain is a target, a weapon and a threat vector all at the same time.” Mr. Trump has called the increasing flow of immigrants to the southern border one of the most urgent national security issues threatening the United States. Last week, issuing his first veto against legislation that would have blocked him from diverting Defense Department funds to build a border wall, the president described a recent spike in migrants crossing the border as an “invasion.” Ms. Nielsen did dedicate a portion of her speech on Monday to what she called a “humanitarian and security catastrophe” of Central American families traveling to the border. But mentions of digital threats were dispersed throughout her approximately 35-minute address to an auditorium of various Department of Homeland Security officials.



Nextgov

March 18, 2019

The Trump administration intends to allocate more than $17.4 billion to cybersecurity efforts across federal agencies in fiscal 2020, with the Pentagon and Homeland Security Department receiving the lion’s share of the funds. The White House on Monday published a breakdown of the president’s 2020 budget request, building on the broad spending outline officials released last week. The administration said it opted to exclude some funds from the release, citing “the sensitive nature of some operations.” While the proposal would increase overall federal spending on cybersecurity by about $790 million from 2019, funding for cyber programs at civilian agencies dropped about $120 million. Under the president’s request, the Defense Department would receive some $9.6 billion—roughly 55 percent of the government’s total cyber spend—to bolster its digital defenses and expand offensive operations in cyberspace. The figure marked a $1 billion increase from administration’s 2019 request and came as one of the proposal’s most significant provisions.



ZDNet

March 18, 2019

A hacker set off the tornado emergency sirens in the middle of the night last week across two North Texas towns. Following the unauthorized intrusion, city authorities had to shut down their emergency warning system a day before major storms and potential tornados were set to hit the area. The incident impacted DeSoto and Lancaster, two cities in Dallas County, Texas --both suburbs located south of the main Dallas metropolitan area. On the night of March 12, between 02:30 and 04:00 AM (local time), a hacker set off the two cities' tornado sirens, waking locals in the middle of the night.



The New York Times

March 17, 2019

The Trump administration’s aggressive campaign to prevent countries from using Huawei and other Chinese telecommunications equipment in their next-generation wireless networks has faltered, with even some of America’s closest allies rejecting the United States’ argument that the companies pose a security threat. Over the past several months, American officials have tried to pressure, scold and, increasingly, threaten other nations that are considering using Huawei in building fifth-generation, or 5G, wireless networks. Mike Pompeo, the secretary of state, has pledged to withhold intelligence from nations that continue to use Chinese telecom equipment. The American ambassador to Germany cautioned Berlin this month that the United States would curtail intelligence sharing if that country used Huawei. But the campaign has run aground. Britain, Germany, India and the United Arab Emirates are among the countries signaling they are unlikely to back the American effort to entirely ban Huawei from building their 5G networks. While some countries like Britain share the United States’ concerns, they argue that the security risks can be managed by closely scrutinizing the company and its software.



INDUSTRY



Ars Technica

March 22, 2019

Attackers have been actively exploiting serious vulnerabilities in two widely used WordPress plugins to compromise websites that run the extensions on top of the content management system. The two affected plugins are Easy WP SMTP with 300,000 active installations and Social Warfare, which has about 70,000 active installations. While developers have released patches for both exploited flaws, download figures indicate many vulnerable websites have yet to install the fixes. Figures for Easy WP SMTP, which was fixed five days ago, show the plugin has just short of 135,000 downloads in the past seven days. Figures for Social Warfare show it has been downloaded fewer than 20,000 times since a patch was published on WordPress on Friday.



CyberScoop

March 22, 2019

The first day of this year’s Pwn2Own competition featured successful zero-day exploits on a popular web browser, and day two was no different, with the “Fluoroacetate” duo of Amat Cama and Richard Zhu turning their attention to Mozilla’s Firefox and Microsoft’s Edge. The team took home another $180,000 for their attacks, bringing their overall winnings to $340,000 for the competition, which highlights critical bugs in widely distributed software. Thursday’s winners also included Niklas Baumstark, who won $40,000 for a Firefox attack, and Arthur Gerkis of Exodus Intelligence, who won $50,000 for successfully targeting Edge. Competitors spend months preparing for the annual Pwn2Own hacking contest in Vancouver, which takes place during the CanSecWest security conference.



Ars Technica

March 21, 2019

The federal government on Thursday warned of a serious flaw in Medtronic cardio defibrillators that allows attackers to use radio communications to surreptitiously take full control of the lifesaving devices after they are implanted in a patient. Defibrillators are small, surgically implanted devices that deliver electrical shocks to treat potentially fatal irregular heart rhythms. In recent decades, doctors have increasingly used radios to monitor and adjust the devices once they're implanted rather than using older, costlier, and more invasive means. An array of implanted cardio defibrillators made by Medtronic rely on two types of radio-based consoles for initial setup, periodic maintenance, and regular monitoring. Doctors use the company's CareLink Programmer in clinics, while patients use the MyCareLink Monitor in homes to regularly ensure the defibrillators are working properly.



The Washington Post

March 21, 2019

Facebook on Thursday said that it had left “hundreds of millions” of users’ passwords exposed in plain text, potentially visible to the company’s employees, marking another major privacy and security headache for a tech giant already under fire for mishandling people’s personal information. Facebook said it believed the passwords were not visible to anyone outside the company and had no evidence that its employees “internally abused or improperly accessed them.” But it said it would notify users of Facebook as well as its photo-sharing site, Instagram, that they had been affected. The incident was first revealed by the Krebs on Security blog, which estimated the total number of affected users ranged between 200 million and 600 million. Facebook declined Thursday to confirm the estimate.



Ars Technica

March 21, 2019

Microsoft is bringing its Windows Defender anti-malware application to macOS—and more platforms in the future—as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. To reflect the new cross-platform nature, the suite is also being renamed to Microsoft Defender ATP, with the individual clients being labelled "for Mac" or "for Windows." macOS malware is still something of a rarity, but it's not completely unheard of. Ransomware for the platform was found in 2016, and in-the-wild outbreaks of other malicious software continue to be found. Apple has integrated some malware protection into macOS, but we've heard from developers on the platform that Mac users aren't always very good at keeping their systems on the latest point release. This situation is particularly acute in corporate environments; while Windows has a range of tools to ensure that systems are kept up-to-date and alert administrators if they fall behind, a similar ecosystem hasn't been developed for macOS.



Gov Info Security

March 21, 2019

Script-based payment card malware continues its successful run, impacting a range of e-commerce sites, researchers at two security firms warn. RiskIQ and Group-IB have described a series of attacks whose victims include shoe manufacturer Fila, two bedding-related sites – Mypillow [DOT] com and Amerisleep [DOT] com - and others. Countering card-sniffing malware has proved to be tricky, as the sign of an infection may be just a single line of code. Nor have large enterprises been immune: Big players such as British Airways, Ticketmaster and Newegg have all been struck over the past year.



Reuters

March 20, 2019

Norsk Hydro, one of the world's largest aluminum producers, has made some progress restoring operations but is not yet back to normal after it was hit by a ransomware cyber attack, the company said on Wednesday. After the attack late on Monday, the company had to shut several plants that transform aluminum ingots into components for car makers, builders and other industries, while its smelters in Norway were largely operating on a manual basis. "Hydro still does not have the full overview of the timeline toward normal operations, and it is still (too) early to estimate the exact operational and financial impact," the company said in a statement. But Hydro said its technical team, with external support, had detected the root cause of the problems and was working to restart the company's IT systems. "Progress has been made, with the expectation to restart certain systems during Wednesday, which would allow for continued deliveries to customers," Hydro said of its Extruded Solutions unit as well as of Rolled Products.



Wired

March 20, 2019

With more than 2 billion users, Android has a staggering number of devices to protect. But a "high-severity" bug that went undetected for more than five years—that attackers could exploit to spy on a user and gain access to their accounts—serves as a reminder that Android's impressive open source reach also creates challenges for defending a decentralized ecosystem. Discovered by Sergey Toshin, a mobile security researcher at the threat detection firm Positive Technologies, the bug originated in Chromium, the open-source project that underlies Chrome and many other browsers. As a result, an attacker could target not only mobile Chrome, but other popular mobile browsers built on Chromium. Even more specifically, Chromium powers an Android has a feature called WebView, which works behind the scenes when you click a link in a game or a social network; it's what lets those webpages load in a sort of mini-browser without having to leave the app. Using the Chromium vulnerability, hackers can use WebView to grab user data and gain broad device access. "An attacker could launch an assault on any Chromium-based mobile browser on an Android device, including Google Chrome, Samsung Internet Browser, and Yandex Browser, and retrieve data from its WebView," Toshin says.



CyberScoop

March 19, 2019

A good chunk of the cybersecurity industry is “smoke and mirrors,” with companies hawking shiny products that aren’t needed to block most hacks, Tenable CEO Amit Yoran said in an interview with CyberScoop earlier this month. “It’s an industry that has fed and continues to feed, to a large extent, off of fearmongering,” Yoran said on the sidelines of the vendor-happy RSA Conference in San Francisco. The RSA Conference is a feeding frenzy for companies pushing products on the trade-show floor. Vendors spend big on things like booths, parties, and hotel suites to woo potential clients. (Tenable had a booth demonstrating some of its technology.) In a blunt interview, Yoran reflected on where the “hype-driven” side of the business, as he called it, had gotten the cybersecurity industry. “The millions of dollars that people are spending, all the hype and the sexy marketing and the AI and the anomaly-behavioral…whatever buzzword you want to use, it’s a bunch of smoke and mirrors,” Yoran said. “And I won’t call it useless, but it’s on the periphery of the issue when people still aren’t doing the basics.”



CyberScoop

March 19, 2019

For a moment, look past Russian cybercriminals, North Korean cryptocurrency scams and the idea that election infrastructure used by democracies around the world lacks meaningful digital safeguards. While those issues are significant, people in charge of information security at large U.S. companies spend the majority of their time assessing whether their firm is likely to experience a data breach that begins outside of their own proprietary network. That assessment goes beyond the deluge of obfuscated code, technical jargon or marketing pitches. It’s rooted in crunching numbers in Excel spreadsheets and other measuring strategies that can quantify whether their partners and vendors are prepared to keep hackers out.



Ars Technica

March 18, 2019

One of the more notable features of Google Project Zero's (GPZ) security research has been its 90-day disclosure policy. In general, vendors are given 90 days to address issues found by GPZ, after which the flaws will be publicly disclosed. But sometimes understanding a flaw and developing fixes for it takes longer than 90 days—sometimes, much longer, such as when a new class of vulnerability is found. That's what happened last year with the Spectre and Meltdown processor issues, and it has happened again with a new Windows issue. Google researcher James Forshaw first grasped that there might be a problem a couple of years ago when he was investigating the exploitability of another Windows issue published three years ago. In so doing, he discovered the complicated way in which Windows performs permissions checks when opening files or other secured objects. A closer look at the involved parts showed that there were all the basic elements to create a significant elevation of privilege attack, enabling any user program to open any file on the system, regardless of whether the user should have permission to do so. The big question was, could these elements be assembled in just the right way to cause a problem, or would good fortune render the issue merely theoretical?



CNBC

March 18, 2019

The cybersecurity vendor marketplace is growing so crowded that some companies have been resorting to extreme tactics to get security executives on the phone to pitch their products, including lying about security emergencies and threatening to expose insignificant breaches to the media. The aggressive tactics come as the cybersecurity market expands dramatically, with a "long tail" of thousands of vendors with niche specialties. These sales tactics can make it harder for overworked cybersecurity execs to find and stop real threats. It can also result in overhyped publicity about breaches and hacks that are actually minor, which confuses customers and consumers. CNBC spoke with four top cybersecurity executives at Fortune 500 finance, health care and payments firms about unsavory practices from vendors. These executives all said they have been pressured by vendors and researchers who claimed — rightly or not — to have found a cybersecurity problem at their company. Some hinted at the possibility of negative news coverage if the executive did not listen to the vendor's full pitch.



Tech Crunch

March 17, 2019

Slack announced today that it is launching Enterprise Key Management (EKM) for Slack, a new tool that enables customers to control their encryption keys in the enterprise version of the communications app. The keys are managed in the AWS KMS key management tool. Geoff Belknap, chief security officer (CSO) at Slack, says the new tool should appeal to customers in regulated industries who might need tighter control over security. “Markets like financial services, healthcare and government are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs,” Belknap told TechCrunch. Slack currently encrypts data in transit and at rest, but the new tool augments this by giving customers greater control over the encryption keys that Slack uses to encrypt messages and files being shared inside the app.



INTERNATIONAL



Reuters

March 22, 2019

The European Commission will next week urge EU countries to share more data to tackle cybersecurity risks related to 5G networks but will ignore U.S. calls to ban Huawei Technologies, four people familiar with the matter said on Friday. European digital chief Andrus Ansip will present the recommendation on Tuesday. While the guidance does not have legal force, it will carry political weight which can eventually lead to national legislation in European Union countries. The United States has lobbied Europe to shut out Huawei, saying its equipment could be used by the Chinese government for espionage. Huawei has strongly rejected the allegations and earlier this month sued the U.S. government over the issue. Ansip will tell EU countries to use tools set out under the EU directive on security of network and information systems, or NIS directive, adopted in 2016 and the recently approved Cybersecurity Act, the people said.



Gov Info Security

March 22, 2019

The EU is looking to head off the next major cyberattack against Europe by creating rules for how member states should react and respond. The new EU protocol is meant to better coordinate the response to large-scale disruptions such as WannaCry and NotPetya. Europol, the EU's law enforcement intelligence agency, announced Monday that the EU Council - one of the EU's major decision-making bodies - has adopted the EU Law Enforcement Emergency Response Protocol. The framework is designed to help the EU more rapidly respond to cross-border cyberattacks, and ensure that agencies are cooperating and that information about attacks is shared in a timely manner. Rapid interagency coordination will be crucial for securing critical infrastructure and minimizing the impact of hack attacks, says Joseph Carson, the Estonia-based chief security scientist at security vendor Thycotic.



The New York Times

March 21, 2019

The man in charge of Saudi Arabia’s ruthless campaign to stifle dissent went searching for ways to spy on people he saw as threats to the kingdom. He knew where to go: a secretive Israeli company offering technology developed by former intelligence operatives. It was late 2017 and Saud al-Qahtani — then a top adviser to Saudi Arabia’s powerful crown prince — was tracking Saudi dissidents around the world, part of his extensive surveillance efforts that ultimately led to the killing of the journalist Jamal Khashoggi. In messages exchanged with employees from the company, NSO Group, Mr. al-Qahtani spoke of grand plans to use its surveillance tools throughout the Middle East and Europe, like Turkey and Qatar or France and Britain. The Saudi government’s reliance on a firm from Israel, an adversary for decades, offers a glimpse of a new age of digital warfare governed by few rules and of a growing economy, now valued at $12 billion, of spies for hire.



Bloomberg

March 20, 2019

Vietnamese “state-aligned” hackers are targeting foreign automotive companies in attacks that appear to support the country’s vehicle manufacturing goals, according to cyber-security provider FireEye Inc. FireEye, which designated the group as APT32 and dates its activities to 2014, said the attacks accelerated in early February. The hacking targeted companies in Southeast Asia and “the broader areas surrounding Vietnam,” said Nick Carr, a FireEye senior manager. “Beginning in February, we see this large uptick based on our product and services visibility showing us a lot of activity targeting the automotive industry,” Carr said. “It is likely to support the Vietnamese government’s publicly stated domestic manufacturing goals for automobiles.”



Reuters

March 20, 2019

Israeli Prime Minister Benjamin Netanyahu alleged on Wednesday that Iran could blackmail his main election rival, Benny Gantz, after hacking the former armed forces chief's phone, even as Tehran denied doing so. Without providing any evidence or details, Netanyahu said Iran had gleaned "sensitive information". His comments, in a brief speech broadcast online from his official residence, brought a new level of vitriol to the election race. Polls put Netanyahu's right-wing Likud and Gantz's centrist Blue and White party neck-and-neck, with election day three weeks away. Gantz has confirmed an Israeli TV report last week that the Shin Bet domestic intelligence service had detected that his cellphone had been hacked, though the agency itself has not commented. But he has not confirmed that the hackers are believed to be Iranian, as reported, and has said the phone contained no data that might compromise national security or his ability to carry out his duties if he were elected prime minister.



EURACTIV

March 20, 2019

The EU’s cybersecurity strategy is under the scrutiny of global actors, the EU’s Digital Commissioner Mariya Gabriel said on Tuesday (19 March). Her comments came as the European Court of Auditors criticised the ‘fragmented’ nature of cybersecurity policy across the continent. “We are doing no less than creating a new cybersecurity marketplace and the world is watching us,” Gabriel said on Tuesday, speaking at an anniversary event celebrating 15 years of the EU’s cybersecurity agency (ENISA). The EU’s digital chief also applauded the recent parliamentary adoption of the Cybersecurity Act, which extends ENISA’s mandate as well as establishes a cybersecurity certification scheme.



Haaretz

March 19, 2019

A proposed law that would give broad power to the National Cyber Directorate is expected to advance in the Knesset, and experts in the field are raising the alarm over its vague wording and lack of oversight mechanism, saying it would give Prime Minister Benjamin Netanyahu unprecedented power over Israel's cyber operations. The law, initiated by the prime minister, aims to provide the directorate with a legal foundation for its operations. The bill, experts say, would allow National Cyber Security Authority, and the prime minister in particular, to act without any oversight. A group of researchers from the Cyber Security Center at the Hebrew University of Jerusalem heavily criticized the bill, saying certain clauses and the powers it would grant could violate human rights – without any judicial review.



Security Week

March 18, 2019

The Australian Signals Directorate (ASD), Australia's intelligence agency responsible for foreign signals intelligence, has joined America's NSA and the UK's GCHQ in publishing an account of its vulnerabilities disclosure process. All three agencies are part of the Five Eyes western intelligence alliance -- the remaining being Canada and New Zealand. Australia's process starts with the assertion that its default position is to disclose all vulnerabilities it discovers, so that vendors can develop and issue patches. "Occasionally, however," it adds, "a security weakness will present a novel opportunity to obtain foreign intelligence that will help protect Australians. In these circumstances, the national interest might be better served by not disclosing the vulnerability." This is the same position as that taken by the NSA and the UK's GCHQ  -- if the agency believes it can make use of the vulnerability in the service of national security, it will retain it undisclosed for its own use.



TECHNOLOGY



The New York times

March 21, 2019

Last year, the Food and Drug Administration approved a device that can capture an image of your retina and automatically detect signs of diabetic blindness. This new breed of artificial intelligence technology is rapidly spreading across the medical field, as scientists develop systems that can identify signs of illness and disease in a wide variety of images, from X-rays of the lungs to C.A.T. scans of the brain. These systems promise to help doctors evaluate patients more efficiently, and less expensively, than in the past. Similar forms of artificial intelligence are likely to move beyond hospitals into the computer systems used by health care regulators, billing companies and insurance providers. Just as A.I. will help doctors check your eyes, lungs and other organs, it will help insurance providers determine reimbursement payments and policy fees. Ideally, such systems would improve the efficiency of the health care system. But they may carry unintended consequences, a group of researchers at Harvard and M.I.T. warns. In a paper published on Thursday in the journal Science, the researchers raise the prospect of “adversarial attacks” — manipulations that can change the behavior of A.I. systems using tiny pieces of digital data.



CyberScoop

March 20, 2019

More than six months after U.S. prosecutors announced the arrests of three accused hackers affiliated with a sophisticated criminal hacking group, researchers say they have new evidence the billion-dollar crime ring is still active. The Department of Justice last year said police apprehended three Ukrainian men involved in the FIN7 hacking group. The financially-motivated group may have stolen as much as one billion dollars, according to one estimate, as well as 15 million credit card numbers from U.S. businesses. Now, there is some evidence to suggest the group’s infrastructure is starting to reappear after months, according to research published Wednesday by Flashpoint. Researchers uncovered a new strain of malicious software called SQLRat, which is spread via phishing emails. The strain is especially difficult for investigators to detect because it doesn’t leave behind much evidence.



CyberScoop

March 18, 2019

A new variant of the infamous Mirai botnet is targeting embedded devices like routers and internet-connected cameras with new exploits, security researchers have concluded. By taking aim at enterprises with large network bandwidths, the Mirai offshoot could give the botnet “greater firepower” to orchestrate distributed denial-of-service attacks, said researchers at Unit 42, Palo Alto Networks’ threat intelligence unit. Operators of the new variant have gone after devices that are popular with businesses, such as wireless presentation systems, according to Unit 42. “IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both,” Ruchna Nigam, senior threat researcher at Unit 42, wrote in a blog post.