― Nassim Nicholas Taleb, Skin in the Game: The Hidden Asymmetries in Daily Life
“It would be an act of wisdom to depart immediately… but wisdom is itself the product of knowledge; and knowledge, unfortunately, is generally the product of foolish doings. So, to add to my own knowledge and to enhance my wisdom I shall remain another day, to see what occurs.”
― Roger Zelazny, Creatures of Light and Darkness
“If you walk in with the cocky attitude, big chances that you will walk out quickly with out golden ticket. It's ok to have confidence, not so ok to be full of yourself.”
― Aireen Pontillo
~MEdia Dragons with mighty NikesThe ones who say you can’t are too afraid you will.
R U OK co-founder shares his suicide note and dissects the language of depression
Hoping to spark a conversation that could ultimately save lives, R U OK co-founder Graeme Cowan this week shared a suicide note he wrote in the depths of his depression 15 years ago. The response, he says, has been overwhelming.
How a prison economy works
Anxiety rising as law firms confirm cyber breaches - The Australian
Gov Info
Security
September
6, 2019
Bills now
being considered in the Congress would make the Department of Homeland
Security's Continuous Diagnostics and Mitigation Program available to all
federal agencies and provide services to state and local governments to help
them address cybersecurity challenges. The House version of the bill introduced
this week, Advancing Cybersecurity Diagnostics and Mitigation Act, is sponsored
by John Ratcliffe, R-Texas, and Ro Khanna, D-Calif. Senators John Cornyn,
R-Texas, and Maggie Hassan, D-N.H., introduced a similar bill in July. The
legislation would codify into law the Department of Homeland Security's
Continuous Diagnostics and Mitigation Program and would make it more broadly
available to units of government at all levels. When DHS first introduced the
program in 2013, some agencies, such as the U.S. Department of Defense, and the
intelligence community joined to help develop its capabilities, but the program
was not widely deployed across the federal government.
The Hill
September
5, 2019
The leaders
of the House Blue Dog Coalition and the House Blue Dog Task Force on National
Security on Thursday sent a letter to House and Senate leaders calling for
action to prevent foreign interference in U.S. elections and to secure election
systems. The House Blue Dog Coalition, a group of 26 moderate Democrats, urged
congressional leaders to “put politics aside and pursue bipartisan solutions”
to bolster election security ahead of 2020. “We are calling on Congress to take
further action to secure our elections, punish Russia for its attempts to
meddle in the 2016 and 2018 elections, and deter our adversaries from meddling
in future U.S. elections,” the leaders of the Blue Dog Coalition and the Task
Force wrote. “The threat to our national security could not be more clear.” The
letter was sent to Speaker Nancy Pelosi (D-Calif.), House Majority Leader Steny
Hoyer (D-Md.), Minority Leader Kevin McCarthy (R-Calif.), Senate Majority
Leader Mitch McConnell (R-Ky.) and Senate Minority Leader Charles Schumer
(D-N.Y.). The House has passed two major election security bills earlier this
year, both along party lines.
ADMINISTRATION
CyberScoop
September
6, 2019
A key
component of the Pentagon’s effort to defend the 2018 midterm elections from
foreign interference was its collaboration with the Department of Justice to
disrupt operations from overseas, Gen. Paul Nakasone, director of the National
Security Agency, said Thursday. It’s the kind of interagency effort American
officials are trying to achieve again before the 2020 presidential election.
The NSA and U.S. Cyber Command, a unified combatant command at the Pentagon
dedicated to running cyber-operations, worked with the FBI’s Foreign Influence
Task Force in 2018 as part of an effort to avoid the kind of Russian meddling
that occurred in 2016, Nakasone said. The effort to protect the 2018 midterm
elections, collectively known as Synthetic Theology, resulted in disrupting the
internet access of Russia’s social media troll farm, the Internet Research
Agency. The effort represented the first cyber-operations abroad to protect
U.S. elections, and it’s helping inform the intelligence community’s approach
to the 2020 voting process. Last year also marked the first time NSA and Cyber
Command leveraged new authorities to run offensive cyber campaigns abroad
following legal approval from the White House and Congress.
Nextgov
September
6, 2019
The Trump
administration has appealed a federal court decision granting former and
current federal employees standing to sue the government over its inability to
protect their personal information, arguing the hackers responsible for the
breach want to spy on the more than 20 million impacted individuals, but not
commit identity theft. A panel of the U.S. Court of Appeals for the D.C.
Circuit erred when it largely sided with two federal employee unions in their
lawsuit against the Office of Personnel Management and a federal contractor for
their roles in the hacks that led to mass disclosures of personal records, the
Justice Department said in an appeal filed late Wednesday. The government is
seeking a review by the entire appellate court in hopes it will kill the
lawsuit. While the appeals court panel found the plaintiffs faced a plausible
risk of future harm following the breach, the Trump administration argued that
risk was not substantial. Former and current federal employees caught up in the
breach “could” become the victims of identity theft, the court ruled, but the
government attorneys said it was “implausible” to assume they would.
The
Oklahoman
September 6,
2019
The FBI is
investigating a cybertheft of $4.2 million from the state's pension fund for
retired Oklahoma Highway troopers, state agents, park rangers and other law
enforcement officers. The Oklahoma Law Enforcement Retirement System (OLERS)
posted an announcement online about the investigation Thursday, 10 days after
the money went missing. "We are certain the stolen funds will be
recovered," the state agency said. "Most importantly, no pension
benefits to members or beneficiaries have been impacted or put at risk. All
benefits will continue to be paid in a timely fashion as always." The
state agency made the announcement only after being contacted by The Oklahoman
about the cybercrime. "The total diversion was $4.2 million," OLERS
executive director, Duane A. Michael, told The Oklahoman on Thursday. "Of
that, we've recovered $477,000."
FCW
September
6, 2019
A senior
Department of Homeland Security official said a flagging cybersecurity
information sharing program will be getting a facelift to improve quality and
facilitate more complex defensive actions. The Automated Indicator Sharing
program, which facilitates the sharing of threat indicators between the federal
government and private sector, was originally envisioned as a crucial tool to
achieve broader visibility around malicious cyber activity and more quickly
respond to emerging threats. However, the program has never gained the level of
traction with private sector groups that policymakers in Congress and at DHS
originally hoped for. In particular, while many companies are happy to receive
information from DHS, only a handful were actually sharing information back
with the government as of last year, per reporting from Nextgov. Jeanette
Manfra, the assistant director for cybersecurity and communications at the
Cybersecurity and Infrastructure Security Agency at DHS, said her agency has
been able to make significant progress in recent years to increase
collaboration with companies and other federal agencies through more analog
means -- such as conversation and relationship building. However, when it comes
to automated programs like AIS, it's "going to take a lot more work to
build trust into the system," she said.
The
Denver Post
September
6, 2019
Two weeks
before a “malicious threat” crippled Regis University’s information technology
services — rendering the Denver campus’s phones, email and internet useless
just as summer courses ended and the fall semester began — Bob Bowles was
teaching students how to respond to a cyberattack. “Once an incident happens,
the first thing you want to do is contain the damage, stop the bleeding,” said
Bowles, a cybersecurity professional of more than 20 years who is now the
director of Regis’ Center for Information Assurance Studies. “Go into
ratification and recovery phase — determining how it happened, patching the
weakness and trying to put controls in place.” Bowles and the rest of Regis’s
cybersecurity faculty have witnessed their lesson plans come to life since the
attack two weeks ago that continues to wreak havoc on campus technology
services. Although the academics aren’t on the frontlines fighting the
intrusion, leaving that job to IT services and forensic investigators, the
educators are taking notes. They plan to use the attack as a case study in
their own classrooms and as a lesson for others in the community.
The
Atlantic
September
5, 2019
It’s the
eve of Election Day 2020, and political reporters have just received an
incendiary email. Donald Trump’s campaign has sent out grainy cellphone footage
of his Democratic challenger, Joe Biden, at a private meeting with wealthy
donors, ridiculing Americans who voted for the president in 2016 and plotting
how to trick them into backing him instead. Except Biden never made the remarks
and Trump never shared them. A few overeager journalists post the video on
Twitter before fully investigating its authenticity, causing the clip to spread
on social media faster than the presidential campaigns and the press can expose
it as a fraud. U.S. authorities will eventually attribute the deception to
North Korean hackers, impersonating the Trump campaign’s domain name and
deploying deepfake technology to keep their preferred nuclear-talks counterpart
in office. But that won’t happen for weeks, well after Americans have chosen
their next leader. Such a hypothetical scenario isn’t implausible. In fact,
it’s a type of threat that the email-security firm Agari flagged in a recent
report. hree and a half years have passed since John Podesta, the chairman of
Hillary Clinton’s presidential campaign, fell for a phishing email—granting
Russian hackers, and thereby the world, access to his Gmail account and coming
to embody the devastating ways foreign governments can meddle in democratic
politics.
Fifth
Domain
September
5, 2019
The Army
has discovered that one of the keys to success in cyber operations is to embed
tool developers and coders alongside operators. The military has long relied
upon contractor support for coding and software development. However, in an
operational environment that can change in milliseconds, forces need coders
that can adjust to these changes in real time. “When we built the mission force
initially, it was this idea that we would pool the developers at a very central
location. If you’re on a team, you conduct an operation, you would send a
problem up, they would work it and they would send it down,” Lt. Gen. Stephen
Fogarty, commander of Army Cyber Command, said Sept. 4 at the Billington
cybersecurity conference in Washington. “In practice, that just doesn’t work.”
Now, these coders, who are uniformed and civilian, will help build operational
infrastructure, tools and applications, Fogarty said.
Federal
News Network
September 5,
2019
The Defense
Department sees its new certification model, which it unveiled to the public
this week, as a way to more quickly bring its entire industrial base up to date
with best cybersecurity practices. But the Pentagon also sees this new model as
a means to set the stage for a broader, more complex journey to better
understand the defense supply chain. On Wednesday, DoD released a new draft of
the Cybersecurity Maturity Model Certification (CMMC), the Pentagon’s most
recent to attempt to create a simpler, more consistent framework for the cyber
demands it imposes on its contractors and subcontractors. The department will
accept public comment on the certification model through Sept. 25. “Every
company within the DoD supply chain — not just the defense industrial
base, but the 300,000 contractors — are going to have to get certified to
do work with the Department of Defense,” Katie Arrington, chief information
security officer for DoD’s Office of the Assistant Secretary of Defense for
Acquisition, said Wednesday at the Intelligence and National Security Summit
co-hosted by AFCEA and the Intelligence and National Security Alliance.
AP
September 5,
2019
Texas
authorities say they aren't aware of any money paid to hackers who used
ransomware to target more than 20 communities last month. The Texas Department
of Information Resources said in a statement Thursday that more than half of
the local governments hit by ransomware in August have returned to normal
operations. The department didn't detail what the remaining governments are
doing to recover from the attacks. Federal authorities are still investigating.
The statement didn't provide any information about the hackers' demands or
explain how the local governments were compromised.
CyberScoop
September
5, 2019
The
National Security Agency’s new Cybersecurity Directorate wants to more quickly
share threat data in response to private sector criticism that the agency has
been slow to provide key information that companies need to protect themselves,
the head of the new foreign intelligence and digital defense outfit said
Wednesday. The NSA’s impetus for creating the Cybersecurity Directorate, set to
launch Oct. 1, was to address complaints that context is lacking in U.S.
intelligence community’s threat reports that are issued to private companies.
By sharing data such as malicious domain names or IP addresses long after
hackers have abandoned them, NSA is not providing the real-time information
corporate security teams need to block attacks. Now, the directorate will
provide additional context to help sectors like the defense industrial base and
election technology providers “prevent and eradicate” intruders, according to
Anne Neuberger, director of the NSA’s Cybersecurity Directorate. The goal for
the directorate, which was announced in July, is to try to preventing attacks
before they start. “Clearly from the government, there’s some insights and
information that we should share, particularly the tradecraft of how those
entities are doing that, and enable [organizations] to look for that
information on their platforms,” she said during an appearance at the
Billington Cybersecurity Summit.
Ars
Technica
September
5, 2019
As students
returned to school across the country over the past two weeks, school districts
are facing an unprecedented wave of ransomware attacks. In the past month,
dozens of districts nationwide have been affected by ransomware attacks, in
some cases taking entire school systems' networks down in the process. All
classes were cancelled September 5 at Flagstaff Unified School District schools
in Arizona after the discovery of a ransomware attack against the district's
servers on Wednesday, September 4. All Internet services were taken down by the
school district's information technology team at about 3pm local time on
Wednesday, when the ransomware was discovered during what district officials
said was routine maintenance. "We have had to break the connection from
the Internet to our school sites while we work with Internet security experts
to contain and mitigate the issue," FUSD spokesman Zachery Fountain said
in a statement to press. No further details on the ransomware were released,
and district officials are not sure whether any personal identifying
information has been exposed.
FCW
September
5, 2019
The NSA is
taking a strong stance against hacking back. If an organization should see
evidence of an ongoing cyberattack, it should alert the FBI or Homeland
Security, Glenn Gerstell, the National Security Agency's chief counsel, told
reporters at the 2019 Intelligence and National Security Summit. "Both are
in a position through their interagency task force to summon whatever resources
of government are appropriate at that time," he said. At a Sept. 5 panel
discussion on hacking back, Gerstell did not directly address concerns that
former intelligence officers entering the private sector overseas engaging in
hacking-back efforts, but he said "they are free to undertake whatever
private-sector activities they want to take" but are "responsible for
protecting the secrets of the federal government for their life." Gerstell
also touted the NSA's new Cybersecurity Directorate, led by Anne Neuberger,
that's set to launch Oct. 1 and will help streamline information sharing.
Gov Info
Security
September 5,
2019
The mayor
of New Bedford, Massachusetts, took the unusual step this week of holding a
press conference to describe a recent ransomware attack and explain why the
city decided not to pay the $5.3 million ransom that was demanded. Mayor Jon
Mitchell described how the attackers first demanded $5.3 million in ransom, and
the city countered with a $400,000 payment that its insurer had agreed to pay.
When attackers did not respond to that offer, the city decided to continue
moving forward with restoring systems and data through backups, the mayor said.
Mitchell said the city decided to negotiate with the attackers to give its IT
department enough time to see if it could restore systems on its own. Mitchell
revealed that New Bedford was hit with a variation of the Ryuk ransomware
strain, which has appeared in other attacks, including some of those that have
targeted local and state governments.
Nextgov
September
4, 2019
The
Pentagon’s newly minted artificial intelligence center is creating a framework
for the military’s cybersecurity data, which will lay the foundation for AI-powered
cyber defense tools. The Joint Artificial Intelligence Center is partnering
with the National Security Agency, U.S. Cyber Command and dozens of Defense
Department cybersecurity vendors to standardize data collection across the
Pentagon’s sprawling IT ecosystem, according to Lt. Gen. Jack Shanahan, who
leads the JAIC. By creating a consistent process for curating, describing,
sharing and storing information, the JAIC intends to create a trove of cyber
data that could ultimately be used to train AI to monitor military networks for
potential threats, Shanahan said Wednesday at the Billington Cybersecurity
Summit. Tech leaders in government and industry have long touted AI’s ability
to monitor networks and detect suspicious behavior. But building those tools
requires a lot of consistent training data, Shanahan said, and at least in the
Defense Department, that data is hard to come by.
FCW
September
4, 2019
The Office
of Management and Budget's process for reviewing the cybersecurity postures of
federal agencies is "evolving," Federal Chief Information Security
Officer Grant Schneider told FCW on the sidelines of the Billington
Cybersecurity Summit in Washington, D.C. The reviews, dubbed CyberStat, are
meant to function as one-on-one, in-depth analyses between OMB, which sets civilian
governmentwide policy under the Federal Information Security Management Act,
and federal agencies that may be struggling with compliance to identify root
causes of security vulnerabilities and correct course. The number of such
reviews jumped as high as 24 per year in 2016 under the Obama administration,
but a Government Accountability Office report this year found that reviews have
plummeted since then, with just eight being conducted in the past three years
and zero so far in 2019. Schneider told FCW that his agency is taking "a
hard look" at the current program with the aim of revamping the process
ahead of next fiscal year. "What do we want the CyberStat program to look
like and achieve," he asked, "and what are those numbers going to
be?"
The
Atlanta Journal Constitution
September
4, 2019
The 2,271
people eligible to vote in Chattahoochee Hills may feel like they’re stepping
back in time whenever they cast a ballot for the City Council or mayor. In much
of the rest of the state, electronic voting machines are standard for each and
every election. But in Chattahoochee Hills and about 70 other cities, residents
vote using paper ballots. In many of those cities, the votes are even tallied
by hand. As the debate rages over whether Georgia’s new
touchscreen-and-printed-ballot voting system is secure, voters in cities across
the state will continue to fill out their ballots with pens this November. They
won’t use any modern technology during their municipal elections. State law
exempts cities from having to use the uniform voting system mandated for
county, state and federal elections.
The Hill
September 3,
2019
Former
Federal Communications Commission (FCC) Chairman Tom Wheeler stressed the need
to zero in on protecting 5G wireless networks from cyber threats in a new paper
published Tuesday by the Brookings Institution. The paper, co-authored by David
Simpson, the former chief of the FCC’s Public Safety and Homeland Security
Bureau, makes the case for putting “equivalent – if not greater – focus on the
security” of 5G networks as there is on the possibilities of the “connected
future.” “To build 5G on top of a weak cybersecurity foundation is to build on
sand,” Wheeler and Simpson wrote in the paper. “This is not just a matter of
the safety of network users, it is a matter of national security.” In an
interview with The Hill, Wheeler highlighted the threat to 5G networks posed by
the increasing amount of internet-connected devices, many of which may not be
secure against cyberattacks.
INDUSTRY
Wired
September
6, 2019
Late
Thursday, Google security researchers dropped a bombshell: Someone had launched
a sustained attack against iPhone users that compromised their devices almost
instantly when they visited certain websites. The campaign forced a fundamental
shift in how security professionals think about iOS. And now, after a week of
silence, Apple has finally given its side of the story. In a brief statement,
Apple confirmed that the attacks had targeted China's oppressed Uyghur Muslim
community, as had previously been reported. But the statement also called out
multiple points of contention with how Google characterized the attack.
"First, the sophisticated attack was narrowly focused, not a broad-based
exploit of iPhones 'en masse' as described. The attack affected fewer than a
dozen websites that focus on content related to the Uighur community," the
statement reads. "Google’s post, issued six months after iOS patches were
released, creates the false impression of 'mass exploitation' to 'monitor the
private activities of entire populations in real time,' stoking fear among all
iPhone users that their devices had been compromised. This was never the
case." The company also disputed aspects of Google's timeline, saying that
the malicious sites were operational for two months, rather than the roughly
two years Google had estimated.
Ars Technica
September
6, 2019
For months,
security practitioners have worried about the public release of attack code
exploiting BlueKeep, the critical vulnerability in older versions of Microsoft
Windows that’s “wormable,” meaning it can spread from computer to computer the
way the WannaCry worm did two years ago. On Friday, that dreaded day arrived
when the Metasploit framework—an open source tool used by white hat and black
hat hackers alike—released just such an exploit into the wild. The module,
which was published as a work in progress on Github, doesn’t yet have the
polish and reliability of the EternalBlue exploit that was developed by the NSA
and later used in WannaCry. “The release of this exploit is a big deal because
it will put a reliable exploit in the hands of both security professionals and
malicious actors,” Ryan Hanson, principal research consultant at Atredis
Partners and a developer who helped work on the release, told Ars. “I'm hoping
the exploit will be primarily used by offensive teams to demonstrate the
importance of security patches, but we will likely see criminal groups
modifying it to deliver ransomware as well.”
E&E
News
September
6, 2019
A
first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid
control center and several small power generation sites in the western United
States, according to a document posted yesterday from the North American
Electric Reliability Corp. The unprecedented cyber disruption this spring did
not cause any blackouts, and none of the signal outages at the
"low-impact" control center lasted for longer than five minutes, NERC
said in the "Lesson Learned" document posted to the grid regulator's
website. But the March 5 event was significant enough to spur the victim
utility to report it to the Department of Energy, marking the first disruptive
"cyber event" on record for the U.S. power grid. The case offered a
stark demonstration of the risks U.S. power utilities face as their critical
control networks grow more digitized and interconnected — and more exposed to
hackers. "Have as few internet facing devices as possible," NERC
urged in its report.
Ars
Technica
September
5, 2019
An
estimated 600,000 GPS trackers for monitoring the location of kids, seniors,
and pets contain vulnerabilities that open users up to a host of creepy
attacks, researchers from security firm Avast have found. The $25 to $50
devices are small enough to wear on a necklace or stash in a pocket or car dash
compartment. Many also include cameras and microphones. They’re marketed on
Amazon and other online stores as inexpensive ways to help keep kids, seniors,
and pets safe. Ignoring the ethics of attaching a spying device to the people
we love, there’s another reason for skepticism. Vulnerabilities in the T8 Mini
GPS Tracker Locator and almost 30 similar model brands from the same
manufacturer, Shenzhen i365 Tech, make users vulnerable to eavesdropping,
spying, and spoofing attacks that falsify users’ true location. Researchers at
Avast Threat Labs found that ID numbers assigned to each device were based on
its International Mobile Equipment Identity, or IMEI. Even worse, during
manufacturing, devices were assigned precisely the same default password of
123456. The design allowed the researchers to find more than 600,000 devices
actively being used in the wild with that password. As if that wasn’t bad
enough, the devices transmitted all data in plaintext using commands that were
easy to reverse engineer.
Ars
Technica
September
5, 2019
Researchers
have disclosed a zero-day vulnerability in the Android operating system that
gives a major boost to attackers who already have a toe-hold on an affected
device. The privilege-escalation flaw is located in the V4L2 driver, which
Android and other Linux-based OSes use to capture real-time video. The vulnerability
results from a "lack of validating the existence of an object prior to
performing operations on the object," researchers with Trend Micro's Zero
Day Initiative said in a blog post published Wednesday. Attackers who already
have untrusted code running with low privileges on a device can exploit the bug
to access privileged parts of the Android kernel. The severity score is rated a
7.8 out of a possible 10 points. Modern OSes have become increasingly hard to
compromise in recent years thanks to exploitation mitigations that prevent
untrusted code from interacting with hard drives, kernels, and other sensitive
resources. Hackers have responded by chaining two or more exploits together. A
buffer overflow, for instance, may allow an attacker to load malicious code
into memory, and a privilege-escalation flaw gives the code the privileges it
needs to install a persistent payload.
The New
York Times
September
4, 2019
Facebook,
Google, Twitter and Microsoft met with government officials in Silicon Valley
on Wednesday to discuss and coordinate on how best to help secure the 2020
American election, kicking off what is likely to be a marathon effort to
prevent the kind of foreign interference that roiled the 2016 election. The
daylong meeting, held at Facebook’s headquarters in Menlo Park, Calif.,
included security teams from the tech companies, as well as members of the
F.B.I., the Office of the Director of National Intelligence and the Department
of Homeland Security. The agenda was to build up discussions and strategic
collaboration ahead of the November 2020 state, federal and presidential
elections, according to Facebook. Tech company representatives and government
officials talked about potential threats, as well as how to better share
information and detect threats, the social network said. Chief executives from
the companies did not attend, said a person briefed on the meeting, who
declined to be identified for confidentiality reasons. “Improving election
security and countering information operations are complex challenges that no
organization can solve alone,” Nathaniel Gleicher, head of Facebook
cybersecurity policy, said in a statement. “Today’s meeting builds on our
continuing commitment to work with industry and government partners, as well as
with civil society and security experts, to better understand emerging threats
and prepare for future elections.”
Reuters
September
4, 2019
Cybersecurity
firm Palo Alto Networks said it expects to grow sales at a double-digit pace
over the next three years and forecast robust free cash flow, sending its
shares up 8% in volatile after-hours trading on Wednesday. Palo Alto's upbeat
forecast came as it reported better-than-expected fourth-quarter revenue and
profit, helped by strong demand for its cloud security products. The company
said the increasing popularity of its cloud security tool Prisma Access had
boosted confidence it can achieve a 20% compounded annual growth rate for
billings and revenue over the three-year period. Palo Alto competes in a tough
market dominated by traditional firewall provider Cisco Systems Inc, Check
Point Software Technologies and Juniper Networks Inc.
Wired
September
3, 2019
A lot can
go wrong with corporate network security, but hopefully at a minimum people
know not to plug strange USB sticks into network computers. But it turns out
that an attacker could exploit flaws in a type of remote management device to
plug in all the "virtual" thumb drives they want. And the same type
of attack can turn pretty much any USB device into a virtual trojan horse. In
new findings presented at the Open Source Firmware Conference in Silicon Valley
on Tuesday, though, researchers from the security firm Eclypsium are detailing
vulnerabilities in a number of Supermicro baseboard management controllers.
Those are special processors installed on server motherboards to give system
administrators hardware-level management powers from afar. That comes in handy
when admins need to do things like load old software onto a server from a CD or
upgrade an operating system from an image on an external hard drive. BMCs
facilitate that without the need to physically plug anything into the server
itself. The server will just think that a device is directly connected. The
researchers found, though, that the BMCs on Supermicro X9, X10, and X11
platforms contain flaws that can be exploited to weaponize this legitimate
function.
INTERNATIONAL
ZDNet
September 6,
2019
The federal
government wants an updated strategy to cover the current cyber threat climate,
publishing a discussion paper that seeks to gain a better understanding of the
magnitude of the threats faced by Australian businesses and families, saying
that as the threat evolves, so too must government's response. The Australian
government in April 2016 launched the country's current cybersecurity strategy,
handing over AU$230 million to the cause. "Despite making strong progress
against the goals set in 2016, the threat environment has changed significantly
and we need to adapt our approach to improve the security of business and the
community," Minister for Home Affairs Peter Dutton is attributed as saying
in the discussion paper's foreword. "Australia must position itself as a
world leader in cyber threat detection, prevention and response. This means
government and industry will need to work closer together than ever
before."
Gov Info
Security
September 6,
2019
A hacking
group known as APT5 - believed to be affiliated with the Chinese government -
has been targeting serious flaws in Pulse Secure and Fortinet SSL VPNs for more
than six weeks, security experts warn. The attack alert comes in the wake of
security researchers warning of a surge in scans looking for the security
vulnerabilities. Successfully exploiting the flaws could enable attackers to
steal data on user accounts and passwords from SSL VPNs without having to first
authenticate, thus giving them full, remote access to enterprise networks.
Cyber threat intelligence analyst Troy Mursch, who tweets as @bad_packets, says
attackers in recent weeks have been probing for the existence of
vulnerabilities in both types of SSL VPNs. He says the greatest concentration
of vulnerable Pulse Secure systems are in the United States.
Reuters
September 5,
2019
Hackers
working for the Chinese government have broken into telecoms networks to track
Uighur travelers in Central and Southeast Asia, two intelligence officials and
two security consultants who investigated the attacks told Reuters. The hacks
are part of a wider cyber-espionage campaign targeting “high-value individuals”
such as diplomats and foreign military personnel, the sources said. But China
has also prioritized tracking the movements of ethnic Uighurs, a minority
mostly Muslim group considered a security threat by Beijing. China is facing
growing international criticism over its treatment of Uighurs in Xinjiang.
Members of the group have been subject to mass detentions in what China calls
“vocational training” centers and widespread state surveillance. Beijing’s
alleged cyberspace attacks against Uighurs show how it is able to pursue those
policies beyond its physical borders.
CyberScoop
September
5, 2019
A Chinese
hacking group that has been using tools linked with the National Security
Agency might have obtained at least one without breaching NSA systems,
according to researchers at cybersecurity company Check Point. The Chinese
hacking group APT3, which somehow had in its possession an NSA-linked tool in
advance of public leaks in 2016 and 2017, appears to have acquired it by
analyzing network traffic on a system that was potentially targeted by the NSA,
Check Point says. The theory is that after observing the exploit in the wild,
APT3 incorporated it into its own arsenal of attacks with some tweaks, the
researchers say. “Check Point learned that the Chinese group was monitoring
in-house machines that were compromised by the NSA, capturing the traffic of
the attack and was leveraging it to reverse engineer the software
vulnerabilities,” the researchers write. Check Point acknowledges that it
“can’t prove this beyond any doubt.” The company says it does not know for sure
that network traffic was used as a reference to build a Chinese exploit based
on the NSA-linked tool, but it points to clues in the Windows Server Message
Block (SMB) packets in the APT3 version of the tool. The Chinese possession of
NSA-linked tools in advance of the 2016 and 2017 leaks — for which a mysterious
group known as the Shadow Brokers takes the credit — was originally reported by
Symantec. But it remained unclear how the Chinese had come into possession of
the exploits.
CyberScoop
September 3,
2019
hinese
telecommunication giant Huawei has accused U.S. authorities of using
cyberattacks to interrupt its business and deploying police to harass
employees, allegations that coincide with a growing investigation into the
company’s international conduct. Huawei leveled the charges in a press release
Tuesday, offering little evidence to substantiate its claims but denying it
stole trade secrets from Rui Oliveira, a Portuguese inventor who accused Huawei
of stealing his smartphone camera technology. U.S. prosecutors are probing
Huawei for multiple instances of alleged intellectual property theft, according
to the Wall Street Journal, while the firm also has become a focal point in the
ongoing trade war between the U.S. and China. “For the past several months, the
U.S. government has been leveraging its political and diplomatic influence to
lobby other government to ban Huawei equipment,” the company said Tuesday.
“Furthermore, it has been using every tool at its disposal — including both
judicial and administrative powers, as well as a host of other unscrupulous
means — to disrupt the normal business operations of Huawei and its partners.”
Yahoo
News
September 2,
2019
For years,
an enduring mystery has surrounded the Stuxnet virus attack that targeted
Iran’s nuclear program: How did the U.S. and Israel get their malware onto
computer systems at the highly secured uranium-enrichment plant? The
first-of-its-kind virus, designed to sabotage Iran’s nuclear program,
effectively launched the era of digital warfare and was unleashed some time in
2007, after Iran began installing its first batch of centrifuges at a
controversial enrichment plant near the village of Natanz. The courier behind
that intrusion, whose existence and role has not been previously reported, was
an inside mole recruited by Dutch intelligence agents at the behest of the CIA
and the Israeli intelligence agency, the Mossad, according to sources who spoke
with Yahoo News. An Iranian engineer recruited by the Dutch intelligence agency
AIVD provided critical data that helped the U.S. developers target their code
to the systems at Natanz, according to four intelligence sources. That mole
then provided much-needed inside access when it came time to slip Stuxnet onto
those systems using a USB flash drive.
AP
September 2,
2019
The U.S.
and Poland signed an agreement Monday to cooperate on new 5G technology as
concerns grow about Chinese telecommunications giant Huawei. Vice President
Mike Pence and Polish Prime Minister Mateusz Morawiecki signed the deal in
Warsaw, where Pence is filling in for President Donald Trump, who scrapped his
trip at the last minute because of Hurricane Dorian. The signing comes during a
global battle between the U.S. and Huawei, the world's biggest maker of network
infrastructure equipment, over network security and fears of Chinese access.
The U.S.-Poland agreement states: "Protecting these next generation
communications networks from disruption or manipulation and ensuring the
privacy and individual liberties of the citizens of the United States, Poland,
and other countries is of vital importance." Both countries pledged to
endorse the principles developed by cybersecurity officials from dozens of
countries at a summit in Prague this year to counter threats and ensure the
safety of the next generation of mobile networks. Pence, speaking at a news
conference with Polish President Andrzej Duda, said he hoped the declaration
would set a "vital example for the rest of Europe on the broader question
of 5G."
Reuters
September
1, 2019
North Korea
denied on Sunday allegations that it had obtained $2 billion through
cyberattacks on banks and cryptocurrency exchanges, and accused the United
States for spreading rumors. A United Nations report seen by Reuters last month
said North Korea had used "widespread and increasingly sophisticated"
cyberattacks to steal from banks and cryptocurrency exchanges, amassing $2
billion which it used to fund weapons of mass destruction programs. "The
United States and other hostile forces are now spreading ill-hearted
rumors," North Korea's state-run KCNA news agency reported, citing a statement
from the spokesperson for the National Coordination Committee of the DPRK for
Anti-Money Laundering and Countering the Financing of Terrorism.
Bloomberg
August 31,
2019
Hong Kong
appeared to be the target of a large digital attack in recent days, with a
popular online forum used by protesters saying its servers were hit on Saturday.
Digital Attack Map, which provides information on daily cyber attacks around
the world, showed the financial hub at the center of distributed denial of
service, or DDoS, attacks. LIHKG, a forum used by demonstrators to organize
mass rallies in Hong Kong, said its servers were hit maliciously by a large
DDoS attack in a way that had never seen before. While some of LIHKG’s services
were interrupted, it was fully restored hours later, according to a post on
Twitter. This is the second large cyber attack to hit apps used this summer by
protesters to organize during unrest in Hong Kong. In June, messaging service
Telegram said it had been hit by a powerful attack coming out of China. The
protesters’ use of messaging apps and chat rooms has allowed them to quickly
change and implement plans, frustrating government efforts to control them.
TECHNOLOGY
Ars Technica
September
5, 2019
An Internet
Society-supported initiative, the Mutually Agreed Norms for Routing Security
(MANRS), has tried to coax Internet service providers into minding their
manners—particularly when it comes to how they use the Border Gateway Protocol
(BGP), the occasionally abused communications method that drives much of how
Internet traffic is routed. On August 13, the MANRS initiative launched the
MANRS Observatory, a new Web tool that provides insight into just how well
networks comply with routing security standards. The observatory provides a
semblance of transparency into a part of the Internet invisible to most users.
Last year, there were more than 12,000 routing outages or attacks, according to
the Internet Society, including the use of BGP to hijack or misdirect traffic
and internal BGP "leaks" from poorly configured routers. Deliberate
BGP attacks can be used to steal data or redirect requests to hostile
"spoofed" websites, as some state actors have been known to do. The
MANRS initiative promotes technical collaboration among network providers to
reduce the most common types of threats to routing security.
The New York Times
September
5, 2019
When
hackers took over the Twitter account of Twitter’s chief executive, Jack
Dorsey, last week, they used an increasingly common and hard-to-stop technique
that can give them complete access to a wide array of the most sensitive
digital accounts, including social media, email and financial accounts. Called
SIM swapping, it allows hackers to take control of a victim’s phone number. In
recent months, SIM swapping has been used to hijack the online personas of
politicians, celebrities and notables like Mr. Dorsey, to steal money all over
the world and to simply harass regular people. Victims, no matter how prominent
or technically sophisticated, have been unable to protect themselves, even
after they have been hit again and again. “I’ve been looking at the criminal
underground for a long time, and SIM swapping bothers me more than anything
I’ve seen,” said Allison Nixon, the director of research at the security firm
Flashpoint. “It requires no skill, and there is literally nothing the average
person can do to stop it.”
Gov Info
Security
September
6, 2019
Bills now
being considered in the Congress would make the Department of Homeland
Security's Continuous Diagnostics and Mitigation Program available to all
federal agencies and provide services to state and local governments to help
them address cybersecurity challenges. The House version of the bill introduced
this week, Advancing Cybersecurity Diagnostics and Mitigation Act, is sponsored
by John Ratcliffe, R-Texas, and Ro Khanna, D-Calif. Senators John Cornyn,
R-Texas, and Maggie Hassan, D-N.H., introduced a similar bill in July. The
legislation would codify into law the Department of Homeland Security's
Continuous Diagnostics and Mitigation Program and would make it more broadly
available to units of government at all levels. When DHS first introduced the
program in 2013, some agencies, such as the U.S. Department of Defense, and the
intelligence community joined to help develop its capabilities, but the program
was not widely deployed across the federal government.
The Hill
September
5, 2019
The leaders
of the House Blue Dog Coalition and the House Blue Dog Task Force on National
Security on Thursday sent a letter to House and Senate leaders calling for
action to prevent foreign interference in U.S. elections and to secure election
systems. The House Blue Dog Coalition, a group of 26 moderate Democrats, urged
congressional leaders to “put politics aside and pursue bipartisan solutions”
to bolster election security ahead of 2020. “We are calling on Congress to take
further action to secure our elections, punish Russia for its attempts to
meddle in the 2016 and 2018 elections, and deter our adversaries from meddling
in future U.S. elections,” the leaders of the Blue Dog Coalition and the Task
Force wrote. “The threat to our national security could not be more clear.” The
letter was sent to Speaker Nancy Pelosi (D-Calif.), House Majority Leader Steny
Hoyer (D-Md.), Minority Leader Kevin McCarthy (R-Calif.), Senate Majority
Leader Mitch McConnell (R-Ky.) and Senate Minority Leader Charles Schumer
(D-N.Y.). The House has passed two major election security bills earlier this
year, both along party lines.
ADMINISTRATION
CyberScoop
September
6, 2019
A key
component of the Pentagon’s effort to defend the 2018 midterm elections from
foreign interference was its collaboration with the Department of Justice to
disrupt operations from overseas, Gen. Paul Nakasone, director of the National
Security Agency, said Thursday. It’s the kind of interagency effort American
officials are trying to achieve again before the 2020 presidential election.
The NSA and U.S. Cyber Command, a unified combatant command at the Pentagon
dedicated to running cyber-operations, worked with the FBI’s Foreign Influence
Task Force in 2018 as part of an effort to avoid the kind of Russian meddling
that occurred in 2016, Nakasone said. The effort to protect the 2018 midterm
elections, collectively known as Synthetic Theology, resulted in disrupting the
internet access of Russia’s social media troll farm, the Internet Research
Agency. The effort represented the first cyber-operations abroad to protect
U.S. elections, and it’s helping inform the intelligence community’s approach
to the 2020 voting process. Last year also marked the first time NSA and Cyber
Command leveraged new authorities to run offensive cyber campaigns abroad
following legal approval from the White House and Congress.
Nextgov
September
6, 2019
The Trump
administration has appealed a federal court decision granting former and
current federal employees standing to sue the government over its inability to
protect their personal information, arguing the hackers responsible for the
breach want to spy on the more than 20 million impacted individuals, but not
commit identity theft. A panel of the U.S. Court of Appeals for the D.C.
Circuit erred when it largely sided with two federal employee unions in their
lawsuit against the Office of Personnel Management and a federal contractor for
their roles in the hacks that led to mass disclosures of personal records, the
Justice Department said in an appeal filed late Wednesday. The government is
seeking a review by the entire appellate court in hopes it will kill the
lawsuit. While the appeals court panel found the plaintiffs faced a plausible
risk of future harm following the breach, the Trump administration argued that
risk was not substantial. Former and current federal employees caught up in the
breach “could” become the victims of identity theft, the court ruled, but the
government attorneys said it was “implausible” to assume they would.
The
Oklahoman
September 6,
2019
The FBI is
investigating a cybertheft of $4.2 million from the state's pension fund for
retired Oklahoma Highway troopers, state agents, park rangers and other law
enforcement officers. The Oklahoma Law Enforcement Retirement System (OLERS)
posted an announcement online about the investigation Thursday, 10 days after
the money went missing. "We are certain the stolen funds will be
recovered," the state agency said. "Most importantly, no pension
benefits to members or beneficiaries have been impacted or put at risk. All
benefits will continue to be paid in a timely fashion as always." The
state agency made the announcement only after being contacted by The Oklahoman
about the cybercrime. "The total diversion was $4.2 million," OLERS
executive director, Duane A. Michael, told The Oklahoman on Thursday. "Of
that, we've recovered $477,000."
FCW
September
6, 2019
A senior
Department of Homeland Security official said a flagging cybersecurity
information sharing program will be getting a facelift to improve quality and
facilitate more complex defensive actions. The Automated Indicator Sharing
program, which facilitates the sharing of threat indicators between the federal
government and private sector, was originally envisioned as a crucial tool to
achieve broader visibility around malicious cyber activity and more quickly
respond to emerging threats. However, the program has never gained the level of
traction with private sector groups that policymakers in Congress and at DHS
originally hoped for. In particular, while many companies are happy to receive
information from DHS, only a handful were actually sharing information back
with the government as of last year, per reporting from Nextgov. Jeanette
Manfra, the assistant director for cybersecurity and communications at the
Cybersecurity and Infrastructure Security Agency at DHS, said her agency has
been able to make significant progress in recent years to increase
collaboration with companies and other federal agencies through more analog
means -- such as conversation and relationship building. However, when it comes
to automated programs like AIS, it's "going to take a lot more work to
build trust into the system," she said.
The
Denver Post
September
6, 2019
Two weeks
before a “malicious threat” crippled Regis University’s information technology
services — rendering the Denver campus’s phones, email and internet useless
just as summer courses ended and the fall semester began — Bob Bowles was
teaching students how to respond to a cyberattack. “Once an incident happens,
the first thing you want to do is contain the damage, stop the bleeding,” said
Bowles, a cybersecurity professional of more than 20 years who is now the
director of Regis’ Center for Information Assurance Studies. “Go into
ratification and recovery phase — determining how it happened, patching the
weakness and trying to put controls in place.” Bowles and the rest of Regis’s
cybersecurity faculty have witnessed their lesson plans come to life since the
attack two weeks ago that continues to wreak havoc on campus technology
services. Although the academics aren’t on the frontlines fighting the
intrusion, leaving that job to IT services and forensic investigators, the
educators are taking notes. They plan to use the attack as a case study in
their own classrooms and as a lesson for others in the community.
The
Atlantic
September
5, 2019
It’s the
eve of Election Day 2020, and political reporters have just received an
incendiary email. Donald Trump’s campaign has sent out grainy cellphone footage
of his Democratic challenger, Joe Biden, at a private meeting with wealthy
donors, ridiculing Americans who voted for the president in 2016 and plotting
how to trick them into backing him instead. Except Biden never made the remarks
and Trump never shared them. A few overeager journalists post the video on
Twitter before fully investigating its authenticity, causing the clip to spread
on social media faster than the presidential campaigns and the press can expose
it as a fraud. U.S. authorities will eventually attribute the deception to
North Korean hackers, impersonating the Trump campaign’s domain name and
deploying deepfake technology to keep their preferred nuclear-talks counterpart
in office. But that won’t happen for weeks, well after Americans have chosen
their next leader. Such a hypothetical scenario isn’t implausible. In fact,
it’s a type of threat that the email-security firm Agari flagged in a recent
report. hree and a half years have passed since John Podesta, the chairman of
Hillary Clinton’s presidential campaign, fell for a phishing email—granting
Russian hackers, and thereby the world, access to his Gmail account and coming
to embody the devastating ways foreign governments can meddle in democratic
politics.
Fifth
Domain
September
5, 2019
The Army
has discovered that one of the keys to success in cyber operations is to embed
tool developers and coders alongside operators. The military has long relied
upon contractor support for coding and software development. However, in an
operational environment that can change in milliseconds, forces need coders
that can adjust to these changes in real time. “When we built the mission force
initially, it was this idea that we would pool the developers at a very central
location. If you’re on a team, you conduct an operation, you would send a
problem up, they would work it and they would send it down,” Lt. Gen. Stephen
Fogarty, commander of Army Cyber Command, said Sept. 4 at the Billington
cybersecurity conference in Washington. “In practice, that just doesn’t work.”
Now, these coders, who are uniformed and civilian, will help build operational
infrastructure, tools and applications, Fogarty said.
Federal
News Network
September 5,
2019
The Defense
Department sees its new certification model, which it unveiled to the public
this week, as a way to more quickly bring its entire industrial base up to date
with best cybersecurity practices. But the Pentagon also sees this new model as
a means to set the stage for a broader, more complex journey to better
understand the defense supply chain. On Wednesday, DoD released a new draft of
the Cybersecurity Maturity Model Certification (CMMC), the Pentagon’s most
recent to attempt to create a simpler, more consistent framework for the cyber
demands it imposes on its contractors and subcontractors. The department will
accept public comment on the certification model through Sept. 25. “Every
company within the DoD supply chain — not just the defense industrial
base, but the 300,000 contractors — are going to have to get certified to
do work with the Department of Defense,” Katie Arrington, chief information
security officer for DoD’s Office of the Assistant Secretary of Defense for
Acquisition, said Wednesday at the Intelligence and National Security Summit
co-hosted by AFCEA and the Intelligence and National Security Alliance.
AP
September 5,
2019
Texas
authorities say they aren't aware of any money paid to hackers who used
ransomware to target more than 20 communities last month. The Texas Department
of Information Resources said in a statement Thursday that more than half of
the local governments hit by ransomware in August have returned to normal
operations. The department didn't detail what the remaining governments are
doing to recover from the attacks. Federal authorities are still investigating.
The statement didn't provide any information about the hackers' demands or
explain how the local governments were compromised.
CyberScoop
September
5, 2019
The
National Security Agency’s new Cybersecurity Directorate wants to more quickly
share threat data in response to private sector criticism that the agency has
been slow to provide key information that companies need to protect themselves,
the head of the new foreign intelligence and digital defense outfit said
Wednesday. The NSA’s impetus for creating the Cybersecurity Directorate, set to
launch Oct. 1, was to address complaints that context is lacking in U.S.
intelligence community’s threat reports that are issued to private companies.
By sharing data such as malicious domain names or IP addresses long after
hackers have abandoned them, NSA is not providing the real-time information
corporate security teams need to block attacks. Now, the directorate will
provide additional context to help sectors like the defense industrial base and
election technology providers “prevent and eradicate” intruders, according to
Anne Neuberger, director of the NSA’s Cybersecurity Directorate. The goal for
the directorate, which was announced in July, is to try to preventing attacks
before they start. “Clearly from the government, there’s some insights and
information that we should share, particularly the tradecraft of how those
entities are doing that, and enable [organizations] to look for that
information on their platforms,” she said during an appearance at the
Billington Cybersecurity Summit.
Ars
Technica
September
5, 2019
As students
returned to school across the country over the past two weeks, school districts
are facing an unprecedented wave of ransomware attacks. In the past month,
dozens of districts nationwide have been affected by ransomware attacks, in
some cases taking entire school systems' networks down in the process. All
classes were cancelled September 5 at Flagstaff Unified School District schools
in Arizona after the discovery of a ransomware attack against the district's
servers on Wednesday, September 4. All Internet services were taken down by the
school district's information technology team at about 3pm local time on
Wednesday, when the ransomware was discovered during what district officials
said was routine maintenance. "We have had to break the connection from
the Internet to our school sites while we work with Internet security experts
to contain and mitigate the issue," FUSD spokesman Zachery Fountain said
in a statement to press. No further details on the ransomware were released,
and district officials are not sure whether any personal identifying
information has been exposed.
FCW
September
5, 2019
The NSA is
taking a strong stance against hacking back. If an organization should see
evidence of an ongoing cyberattack, it should alert the FBI or Homeland
Security, Glenn Gerstell, the National Security Agency's chief counsel, told
reporters at the 2019 Intelligence and National Security Summit. "Both are
in a position through their interagency task force to summon whatever resources
of government are appropriate at that time," he said. At a Sept. 5 panel
discussion on hacking back, Gerstell did not directly address concerns that
former intelligence officers entering the private sector overseas engaging in
hacking-back efforts, but he said "they are free to undertake whatever
private-sector activities they want to take" but are "responsible for
protecting the secrets of the federal government for their life." Gerstell
also touted the NSA's new Cybersecurity Directorate, led by Anne Neuberger,
that's set to launch Oct. 1 and will help streamline information sharing.
Gov Info
Security
September 5,
2019
The mayor
of New Bedford, Massachusetts, took the unusual step this week of holding a
press conference to describe a recent ransomware attack and explain why the
city decided not to pay the $5.3 million ransom that was demanded. Mayor Jon
Mitchell described how the attackers first demanded $5.3 million in ransom, and
the city countered with a $400,000 payment that its insurer had agreed to pay.
When attackers did not respond to that offer, the city decided to continue
moving forward with restoring systems and data through backups, the mayor said.
Mitchell said the city decided to negotiate with the attackers to give its IT
department enough time to see if it could restore systems on its own. Mitchell
revealed that New Bedford was hit with a variation of the Ryuk ransomware
strain, which has appeared in other attacks, including some of those that have
targeted local and state governments.
Nextgov
September
4, 2019
The
Pentagon’s newly minted artificial intelligence center is creating a framework
for the military’s cybersecurity data, which will lay the foundation for AI-powered
cyber defense tools. The Joint Artificial Intelligence Center is partnering
with the National Security Agency, U.S. Cyber Command and dozens of Defense
Department cybersecurity vendors to standardize data collection across the
Pentagon’s sprawling IT ecosystem, according to Lt. Gen. Jack Shanahan, who
leads the JAIC. By creating a consistent process for curating, describing,
sharing and storing information, the JAIC intends to create a trove of cyber
data that could ultimately be used to train AI to monitor military networks for
potential threats, Shanahan said Wednesday at the Billington Cybersecurity
Summit. Tech leaders in government and industry have long touted AI’s ability
to monitor networks and detect suspicious behavior. But building those tools
requires a lot of consistent training data, Shanahan said, and at least in the
Defense Department, that data is hard to come by.
FCW
September
4, 2019
The Office
of Management and Budget's process for reviewing the cybersecurity postures of
federal agencies is "evolving," Federal Chief Information Security
Officer Grant Schneider told FCW on the sidelines of the Billington
Cybersecurity Summit in Washington, D.C. The reviews, dubbed CyberStat, are
meant to function as one-on-one, in-depth analyses between OMB, which sets civilian
governmentwide policy under the Federal Information Security Management Act,
and federal agencies that may be struggling with compliance to identify root
causes of security vulnerabilities and correct course. The number of such
reviews jumped as high as 24 per year in 2016 under the Obama administration,
but a Government Accountability Office report this year found that reviews have
plummeted since then, with just eight being conducted in the past three years
and zero so far in 2019. Schneider told FCW that his agency is taking "a
hard look" at the current program with the aim of revamping the process
ahead of next fiscal year. "What do we want the CyberStat program to look
like and achieve," he asked, "and what are those numbers going to
be?"
The
Atlanta Journal Constitution
September
4, 2019
The 2,271
people eligible to vote in Chattahoochee Hills may feel like they’re stepping
back in time whenever they cast a ballot for the City Council or mayor. In much
of the rest of the state, electronic voting machines are standard for each and
every election. But in Chattahoochee Hills and about 70 other cities, residents
vote using paper ballots. In many of those cities, the votes are even tallied
by hand. As the debate rages over whether Georgia’s new
touchscreen-and-printed-ballot voting system is secure, voters in cities across
the state will continue to fill out their ballots with pens this November. They
won’t use any modern technology during their municipal elections. State law
exempts cities from having to use the uniform voting system mandated for
county, state and federal elections.
The Hill
September 3,
2019
Former
Federal Communications Commission (FCC) Chairman Tom Wheeler stressed the need
to zero in on protecting 5G wireless networks from cyber threats in a new paper
published Tuesday by the Brookings Institution. The paper, co-authored by David
Simpson, the former chief of the FCC’s Public Safety and Homeland Security
Bureau, makes the case for putting “equivalent – if not greater – focus on the
security” of 5G networks as there is on the possibilities of the “connected
future.” “To build 5G on top of a weak cybersecurity foundation is to build on
sand,” Wheeler and Simpson wrote in the paper. “This is not just a matter of
the safety of network users, it is a matter of national security.” In an
interview with The Hill, Wheeler highlighted the threat to 5G networks posed by
the increasing amount of internet-connected devices, many of which may not be
secure against cyberattacks.
INDUSTRY
Wired
September
6, 2019
Late
Thursday, Google security researchers dropped a bombshell: Someone had launched
a sustained attack against iPhone users that compromised their devices almost
instantly when they visited certain websites. The campaign forced a fundamental
shift in how security professionals think about iOS. And now, after a week of
silence, Apple has finally given its side of the story. In a brief statement,
Apple confirmed that the attacks had targeted China's oppressed Uyghur Muslim
community, as had previously been reported. But the statement also called out
multiple points of contention with how Google characterized the attack.
"First, the sophisticated attack was narrowly focused, not a broad-based
exploit of iPhones 'en masse' as described. The attack affected fewer than a
dozen websites that focus on content related to the Uighur community," the
statement reads. "Google’s post, issued six months after iOS patches were
released, creates the false impression of 'mass exploitation' to 'monitor the
private activities of entire populations in real time,' stoking fear among all
iPhone users that their devices had been compromised. This was never the
case." The company also disputed aspects of Google's timeline, saying that
the malicious sites were operational for two months, rather than the roughly
two years Google had estimated.
Ars Technica
September
6, 2019
For months,
security practitioners have worried about the public release of attack code
exploiting BlueKeep, the critical vulnerability in older versions of Microsoft
Windows that’s “wormable,” meaning it can spread from computer to computer the
way the WannaCry worm did two years ago. On Friday, that dreaded day arrived
when the Metasploit framework—an open source tool used by white hat and black
hat hackers alike—released just such an exploit into the wild. The module,
which was published as a work in progress on Github, doesn’t yet have the
polish and reliability of the EternalBlue exploit that was developed by the NSA
and later used in WannaCry. “The release of this exploit is a big deal because
it will put a reliable exploit in the hands of both security professionals and
malicious actors,” Ryan Hanson, principal research consultant at Atredis
Partners and a developer who helped work on the release, told Ars. “I'm hoping
the exploit will be primarily used by offensive teams to demonstrate the
importance of security patches, but we will likely see criminal groups
modifying it to deliver ransomware as well.”
E&E
News
September
6, 2019
A
first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid
control center and several small power generation sites in the western United
States, according to a document posted yesterday from the North American
Electric Reliability Corp. The unprecedented cyber disruption this spring did
not cause any blackouts, and none of the signal outages at the
"low-impact" control center lasted for longer than five minutes, NERC
said in the "Lesson Learned" document posted to the grid regulator's
website. But the March 5 event was significant enough to spur the victim
utility to report it to the Department of Energy, marking the first disruptive
"cyber event" on record for the U.S. power grid. The case offered a
stark demonstration of the risks U.S. power utilities face as their critical
control networks grow more digitized and interconnected — and more exposed to
hackers. "Have as few internet facing devices as possible," NERC
urged in its report.
Ars
Technica
September
5, 2019
An
estimated 600,000 GPS trackers for monitoring the location of kids, seniors,
and pets contain vulnerabilities that open users up to a host of creepy
attacks, researchers from security firm Avast have found. The $25 to $50
devices are small enough to wear on a necklace or stash in a pocket or car dash
compartment. Many also include cameras and microphones. They’re marketed on
Amazon and other online stores as inexpensive ways to help keep kids, seniors,
and pets safe. Ignoring the ethics of attaching a spying device to the people
we love, there’s another reason for skepticism. Vulnerabilities in the T8 Mini
GPS Tracker Locator and almost 30 similar model brands from the same
manufacturer, Shenzhen i365 Tech, make users vulnerable to eavesdropping,
spying, and spoofing attacks that falsify users’ true location. Researchers at
Avast Threat Labs found that ID numbers assigned to each device were based on
its International Mobile Equipment Identity, or IMEI. Even worse, during
manufacturing, devices were assigned precisely the same default password of
123456. The design allowed the researchers to find more than 600,000 devices
actively being used in the wild with that password. As if that wasn’t bad
enough, the devices transmitted all data in plaintext using commands that were
easy to reverse engineer.
Ars
Technica
September
5, 2019
Researchers
have disclosed a zero-day vulnerability in the Android operating system that
gives a major boost to attackers who already have a toe-hold on an affected
device. The privilege-escalation flaw is located in the V4L2 driver, which
Android and other Linux-based OSes use to capture real-time video. The vulnerability
results from a "lack of validating the existence of an object prior to
performing operations on the object," researchers with Trend Micro's Zero
Day Initiative said in a blog post published Wednesday. Attackers who already
have untrusted code running with low privileges on a device can exploit the bug
to access privileged parts of the Android kernel. The severity score is rated a
7.8 out of a possible 10 points. Modern OSes have become increasingly hard to
compromise in recent years thanks to exploitation mitigations that prevent
untrusted code from interacting with hard drives, kernels, and other sensitive
resources. Hackers have responded by chaining two or more exploits together. A
buffer overflow, for instance, may allow an attacker to load malicious code
into memory, and a privilege-escalation flaw gives the code the privileges it
needs to install a persistent payload.
The New
York Times
September
4, 2019
Facebook,
Google, Twitter and Microsoft met with government officials in Silicon Valley
on Wednesday to discuss and coordinate on how best to help secure the 2020
American election, kicking off what is likely to be a marathon effort to
prevent the kind of foreign interference that roiled the 2016 election. The
daylong meeting, held at Facebook’s headquarters in Menlo Park, Calif.,
included security teams from the tech companies, as well as members of the
F.B.I., the Office of the Director of National Intelligence and the Department
of Homeland Security. The agenda was to build up discussions and strategic
collaboration ahead of the November 2020 state, federal and presidential
elections, according to Facebook. Tech company representatives and government
officials talked about potential threats, as well as how to better share
information and detect threats, the social network said. Chief executives from
the companies did not attend, said a person briefed on the meeting, who
declined to be identified for confidentiality reasons. “Improving election
security and countering information operations are complex challenges that no
organization can solve alone,” Nathaniel Gleicher, head of Facebook
cybersecurity policy, said in a statement. “Today’s meeting builds on our
continuing commitment to work with industry and government partners, as well as
with civil society and security experts, to better understand emerging threats
and prepare for future elections.”
Reuters
September
4, 2019
Cybersecurity
firm Palo Alto Networks said it expects to grow sales at a double-digit pace
over the next three years and forecast robust free cash flow, sending its
shares up 8% in volatile after-hours trading on Wednesday. Palo Alto's upbeat
forecast came as it reported better-than-expected fourth-quarter revenue and
profit, helped by strong demand for its cloud security products. The company
said the increasing popularity of its cloud security tool Prisma Access had
boosted confidence it can achieve a 20% compounded annual growth rate for
billings and revenue over the three-year period. Palo Alto competes in a tough
market dominated by traditional firewall provider Cisco Systems Inc, Check
Point Software Technologies and Juniper Networks Inc.
Wired
September
3, 2019
A lot can
go wrong with corporate network security, but hopefully at a minimum people
know not to plug strange USB sticks into network computers. But it turns out
that an attacker could exploit flaws in a type of remote management device to
plug in all the "virtual" thumb drives they want. And the same type
of attack can turn pretty much any USB device into a virtual trojan horse. In
new findings presented at the Open Source Firmware Conference in Silicon Valley
on Tuesday, though, researchers from the security firm Eclypsium are detailing
vulnerabilities in a number of Supermicro baseboard management controllers.
Those are special processors installed on server motherboards to give system
administrators hardware-level management powers from afar. That comes in handy
when admins need to do things like load old software onto a server from a CD or
upgrade an operating system from an image on an external hard drive. BMCs
facilitate that without the need to physically plug anything into the server
itself. The server will just think that a device is directly connected. The
researchers found, though, that the BMCs on Supermicro X9, X10, and X11
platforms contain flaws that can be exploited to weaponize this legitimate
function.
INTERNATIONAL
ZDNet
September 6,
2019
The federal
government wants an updated strategy to cover the current cyber threat climate,
publishing a discussion paper that seeks to gain a better understanding of the
magnitude of the threats faced by Australian businesses and families, saying
that as the threat evolves, so too must government's response. The Australian
government in April 2016 launched the country's current cybersecurity strategy,
handing over AU$230 million to the cause. "Despite making strong progress
against the goals set in 2016, the threat environment has changed significantly
and we need to adapt our approach to improve the security of business and the
community," Minister for Home Affairs Peter Dutton is attributed as saying
in the discussion paper's foreword. "Australia must position itself as a
world leader in cyber threat detection, prevention and response. This means
government and industry will need to work closer together than ever
before."
Gov Info
Security
September 6,
2019
A hacking
group known as APT5 - believed to be affiliated with the Chinese government -
has been targeting serious flaws in Pulse Secure and Fortinet SSL VPNs for more
than six weeks, security experts warn. The attack alert comes in the wake of
security researchers warning of a surge in scans looking for the security
vulnerabilities. Successfully exploiting the flaws could enable attackers to
steal data on user accounts and passwords from SSL VPNs without having to first
authenticate, thus giving them full, remote access to enterprise networks.
Cyber threat intelligence analyst Troy Mursch, who tweets as @bad_packets, says
attackers in recent weeks have been probing for the existence of
vulnerabilities in both types of SSL VPNs. He says the greatest concentration
of vulnerable Pulse Secure systems are in the United States.
Reuters
September 5,
2019
Hackers
working for the Chinese government have broken into telecoms networks to track
Uighur travelers in Central and Southeast Asia, two intelligence officials and
two security consultants who investigated the attacks told Reuters. The hacks
are part of a wider cyber-espionage campaign targeting “high-value individuals”
such as diplomats and foreign military personnel, the sources said. But China
has also prioritized tracking the movements of ethnic Uighurs, a minority
mostly Muslim group considered a security threat by Beijing. China is facing
growing international criticism over its treatment of Uighurs in Xinjiang.
Members of the group have been subject to mass detentions in what China calls
“vocational training” centers and widespread state surveillance. Beijing’s
alleged cyberspace attacks against Uighurs show how it is able to pursue those
policies beyond its physical borders.
CyberScoop
September
5, 2019
A Chinese
hacking group that has been using tools linked with the National Security
Agency might have obtained at least one without breaching NSA systems,
according to researchers at cybersecurity company Check Point. The Chinese
hacking group APT3, which somehow had in its possession an NSA-linked tool in
advance of public leaks in 2016 and 2017, appears to have acquired it by
analyzing network traffic on a system that was potentially targeted by the NSA,
Check Point says. The theory is that after observing the exploit in the wild,
APT3 incorporated it into its own arsenal of attacks with some tweaks, the
researchers say. “Check Point learned that the Chinese group was monitoring
in-house machines that were compromised by the NSA, capturing the traffic of
the attack and was leveraging it to reverse engineer the software
vulnerabilities,” the researchers write. Check Point acknowledges that it
“can’t prove this beyond any doubt.” The company says it does not know for sure
that network traffic was used as a reference to build a Chinese exploit based
on the NSA-linked tool, but it points to clues in the Windows Server Message
Block (SMB) packets in the APT3 version of the tool. The Chinese possession of
NSA-linked tools in advance of the 2016 and 2017 leaks — for which a mysterious
group known as the Shadow Brokers takes the credit — was originally reported by
Symantec. But it remained unclear how the Chinese had come into possession of
the exploits.
CyberScoop
September 3,
2019
hinese
telecommunication giant Huawei has accused U.S. authorities of using
cyberattacks to interrupt its business and deploying police to harass
employees, allegations that coincide with a growing investigation into the
company’s international conduct. Huawei leveled the charges in a press release
Tuesday, offering little evidence to substantiate its claims but denying it
stole trade secrets from Rui Oliveira, a Portuguese inventor who accused Huawei
of stealing his smartphone camera technology. U.S. prosecutors are probing
Huawei for multiple instances of alleged intellectual property theft, according
to the Wall Street Journal, while the firm also has become a focal point in the
ongoing trade war between the U.S. and China. “For the past several months, the
U.S. government has been leveraging its political and diplomatic influence to
lobby other government to ban Huawei equipment,” the company said Tuesday.
“Furthermore, it has been using every tool at its disposal — including both
judicial and administrative powers, as well as a host of other unscrupulous
means — to disrupt the normal business operations of Huawei and its partners.”
Yahoo
News
September 2,
2019
For years,
an enduring mystery has surrounded the Stuxnet virus attack that targeted
Iran’s nuclear program: How did the U.S. and Israel get their malware onto
computer systems at the highly secured uranium-enrichment plant? The
first-of-its-kind virus, designed to sabotage Iran’s nuclear program,
effectively launched the era of digital warfare and was unleashed some time in
2007, after Iran began installing its first batch of centrifuges at a
controversial enrichment plant near the village of Natanz. The courier behind
that intrusion, whose existence and role has not been previously reported, was
an inside mole recruited by Dutch intelligence agents at the behest of the CIA
and the Israeli intelligence agency, the Mossad, according to sources who spoke
with Yahoo News. An Iranian engineer recruited by the Dutch intelligence agency
AIVD provided critical data that helped the U.S. developers target their code
to the systems at Natanz, according to four intelligence sources. That mole
then provided much-needed inside access when it came time to slip Stuxnet onto
those systems using a USB flash drive.
AP
September 2,
2019
The U.S.
and Poland signed an agreement Monday to cooperate on new 5G technology as
concerns grow about Chinese telecommunications giant Huawei. Vice President
Mike Pence and Polish Prime Minister Mateusz Morawiecki signed the deal in
Warsaw, where Pence is filling in for President Donald Trump, who scrapped his
trip at the last minute because of Hurricane Dorian. The signing comes during a
global battle between the U.S. and Huawei, the world's biggest maker of network
infrastructure equipment, over network security and fears of Chinese access.
The U.S.-Poland agreement states: "Protecting these next generation
communications networks from disruption or manipulation and ensuring the
privacy and individual liberties of the citizens of the United States, Poland,
and other countries is of vital importance." Both countries pledged to
endorse the principles developed by cybersecurity officials from dozens of
countries at a summit in Prague this year to counter threats and ensure the
safety of the next generation of mobile networks. Pence, speaking at a news
conference with Polish President Andrzej Duda, said he hoped the declaration
would set a "vital example for the rest of Europe on the broader question
of 5G."
Reuters
September
1, 2019
North Korea
denied on Sunday allegations that it had obtained $2 billion through
cyberattacks on banks and cryptocurrency exchanges, and accused the United
States for spreading rumors. A United Nations report seen by Reuters last month
said North Korea had used "widespread and increasingly sophisticated"
cyberattacks to steal from banks and cryptocurrency exchanges, amassing $2
billion which it used to fund weapons of mass destruction programs. "The
United States and other hostile forces are now spreading ill-hearted
rumors," North Korea's state-run KCNA news agency reported, citing a statement
from the spokesperson for the National Coordination Committee of the DPRK for
Anti-Money Laundering and Countering the Financing of Terrorism.
Bloomberg
August 31,
2019
Hong Kong
appeared to be the target of a large digital attack in recent days, with a
popular online forum used by protesters saying its servers were hit on Saturday.
Digital Attack Map, which provides information on daily cyber attacks around
the world, showed the financial hub at the center of distributed denial of
service, or DDoS, attacks. LIHKG, a forum used by demonstrators to organize
mass rallies in Hong Kong, said its servers were hit maliciously by a large
DDoS attack in a way that had never seen before. While some of LIHKG’s services
were interrupted, it was fully restored hours later, according to a post on
Twitter. This is the second large cyber attack to hit apps used this summer by
protesters to organize during unrest in Hong Kong. In June, messaging service
Telegram said it had been hit by a powerful attack coming out of China. The
protesters’ use of messaging apps and chat rooms has allowed them to quickly
change and implement plans, frustrating government efforts to control them.
TECHNOLOGY
Ars Technica
September
5, 2019
An Internet
Society-supported initiative, the Mutually Agreed Norms for Routing Security
(MANRS), has tried to coax Internet service providers into minding their
manners—particularly when it comes to how they use the Border Gateway Protocol
(BGP), the occasionally abused communications method that drives much of how
Internet traffic is routed. On August 13, the MANRS initiative launched the
MANRS Observatory, a new Web tool that provides insight into just how well
networks comply with routing security standards. The observatory provides a
semblance of transparency into a part of the Internet invisible to most users.
Last year, there were more than 12,000 routing outages or attacks, according to
the Internet Society, including the use of BGP to hijack or misdirect traffic
and internal BGP "leaks" from poorly configured routers. Deliberate
BGP attacks can be used to steal data or redirect requests to hostile
"spoofed" websites, as some state actors have been known to do. The
MANRS initiative promotes technical collaboration among network providers to
reduce the most common types of threats to routing security.
The New York Times
September
5, 2019
When
hackers took over the Twitter account of Twitter’s chief executive, Jack
Dorsey, last week, they used an increasingly common and hard-to-stop technique
that can give them complete access to a wide array of the most sensitive
digital accounts, including social media, email and financial accounts. Called
SIM swapping, it allows hackers to take control of a victim’s phone number. In
recent months, SIM swapping has been used to hijack the online personas of
politicians, celebrities and notables like Mr. Dorsey, to steal money all over
the world and to simply harass regular people. Victims, no matter how prominent
or technically sophisticated, have been unable to protect themselves, even
after they have been hit again and again. “I’ve been looking at the criminal
underground for a long time, and SIM swapping bothers me more than anything
I’ve seen,” said Allison Nixon, the director of research at the security firm
Flashpoint. “It requires no skill, and there is literally nothing the average
person can do to stop it.”
