Hobson’s choice: corporate reputation, secrecy and identity theft
Communist China Could Have the World’s Most Powerful Naval Gun by 2025
CyberScoop -June 28,
2018
During a
time of rapid change for the U.S. military’s top cyberwarfare teams, the
current version of the 2019 defense bill is challenging the president’s ability
to exert his authority with regards to those units. The White House is
protesting a series of measures in the newly Senate-approved 2019 National
Defense Authorization Act that seek to legislate how and when President Donald
Trump can direct generals to launch cyberattacks.
The Hill -June 28,
2018
The House
Foreign Affairs Committee has approved a bill designed to call out and punish
foreign actors for executing nation-state-sponsored cyberattacks that threaten
U.S. national or economic security. The legislation, offered by Rep. Ted Yoho
(R-Fla.), would direct President Trump to sanction designated “critical cyber
threat actors” who help carry out foreign-sponsored attacks, though it offers
him the power to waive sanctions if doing so is in the best interest of the
United States.
Nextgov -June 27,
2018
More than
two years after Congress passed a landmark bill incentivizing companies to
share with the government how and when malicious hackers are trying to
penetrate their computer networks, only six companies and other non-federal
entities are sharing that data, according to figures provided to Nextgov.
That’s compared with about 190 such entities and about 60 federal departments
and agencies that are receiving cyber threat data from Homeland Security’s
automated indicator sharing program, a Homeland Security official told Nextgov.
Nextgov -June 27,
2018
Democratic
lawmakers are demanding answers about how Americans might have used personal
information that was compromised in the 2015 hack of the Office of Personnel
Management, after two people pleaded guilty to charges related to a bank fraud
conspiracy.
FCW - June 26,
2018
Lawmakers
are closing in on an effort to reverse a Trump administration move to sideline
a cyber diplomacy function at the State Department. The Senate Foreign
Relations committee voted to advance the Cyber Diplomacy Act on June 26, which
includes a plan to restore the functions of the former cybersecurity office
under a new name. Chairman Bob Corker (R-Tenn.) released a statement saying the
U.S. is increasingly reliant on allies and partners "to maintain a secure,
reliable and open internet."
The Hill -June 26,
2018
President
Trump's nominee to lead a new office at the Department of Energy agreed Tuesday
to urge the administration to develop a cyber deterrence strategy. Sen. Angus
King (I-Maine) asked Karen Evans, Trump's pick to lead a new energy
cybersecurity office, to prod the administration to develop a cyber doctrine
and select “one point of authority” at the White House to coordinate
cybersecurity efforts if she is confirmed to the position.
FCW-June 26,
2018
There's
concern among sponsors that the Technology Modernization Fund might not get new
money in fiscal year 2019. Funding for the program, which is tabbed at $150
million by House appropriators, is eliminated in a Senate bill currently moving
thorough the appropriations process.
Federal
News Radio - June 26,
2018
Glaring
security differences between civilian and defense networks were on full display
at the nomination hearing for Lt. Gen. Stephen Lyons to take over as U.S.
Transportation Command chief.
The Hill
June 25,
2018
House
lawmakers approved legislation Monday aimed at securing technology used to
power critical infrastructure from cyberattacks. The bill offered by Rep. Don
Bacon (R-Neb.) would codify work the Department of Homeland Security is
currently doing to identify cyber threats to industrial control systems and
mitigate them.
ADMINISTRATION
You
Should Be ‘Significantly Concerned’ There’s No White House Cyber Coordinator,
Policy Experts Say
Nextgov
June 29,
2018
How
concerned should Americans be about a White House shuffle that removed the
cybersecurity coordinator position? Significantly concerned, according to a
collection of top cybersecurity policy experts gathered by the Atlantic Council
think tank.
FCW
Two tech
advisory bodies to the government have developed a new guidebook to train and
educate federal cybersecurity professionals. The CISO Handbook, released June
26, is an outgrowth of the recently released President's Management Agenda and
its call for agencies to tackle their tech and cybersecurity workforce
challenges. Drafted by the CIO and Chief Information Security Officer Councils,
it was designed to appeal both to the C-Suite executive as well as the
rank-and-file fed, according to Trey Kennedy, an analyst at the General
Services Administration and advisor to the CIO Council.
Nextgov
June 28,
2018
The federal
government can’t legislate or mandate its way out of the risk of foreign
hackers compromising its networks, the top tech official in the government’s
nuclear security agency said Tuesday. Instead of banning software with a
connection to China or other U.S. cyber adversaries, government tech shops
should focus on installing safeguards that mitigate any risk the software poses
for foreign spying or sabotage, said Wayne Jones, chief information officer at
the National Nuclear Security Administration. “You can’t think about it: ‘Well,
I’m not going to use that product because it came from China.’ You have to
figure out: ‘How do I use that product so it’s going to protect my
information,’” Jones said during a panel discussion hosted by the Armed Forces
Communications and Electronics Association, a professional association.
FCW
June 28,
2018
The federal
government is moving to expand emergency procurement authority for purchases
used to respond to or recover from a cyberattack, according to a new proposed
rule in the Federal Register. The change places cyberattacks against the United
States in the same category as nuclear, biological, chemical or radiological
attacks. It would allow federal procurement officials to spend up to $20,000
for domestic purchases and $30,000 for international purchases under
micropurchasing rules, as well as $750,000 and $1.5 million for simplified
acquisition purchases, provided the work has "a clear and direct
relationship to the support of a contingency operation."
Wired
June 28,
2018
California
lawmakers unanimously passed a new privacy bill on Thursday that would give
residents of the state more control over the information businesses collect on
them and impose new penalties on businesses that don’t comply. It is the first
law of its kind in the United States. The so-called California Consumer Privacy
Act of 2018 (AB 375) was introduced late last week by state assemblymember Ed
Chau and state senator Robert Hertzberg, in a rush to defeat a stricter
privacy-focused ballot initiative that had garnered more than 600,000
signatures from Californians.
CyberScoop
June 27,
2018
Last year
was a “seminal year” for nation-state-backed cyberattacks from American
adversaries, a top Department of Homeland Security official said Wednesday,
adding that companies may need U.S. government support to cope with such
advanced threats. “We’ve known for years that there are primarily four
nation-state actors that are most active in the cybersecurity space, but push
really came to shove” in 2017, Christopher Krebs said Wednesday, referring to
China, Iran, North Korea, and Russia. American companies can handle most
cyberthreats through their own security investments, but a “military-grade
level of investment” is needed to cope with nation-state hackers, Krebs, DHS’s
top infrastructure security official, said at a conference in Washington, D.C.
Fifth
Domain
June 27,
2018
Air Force
Brig. Gen. Timothy Haugh has assumed command of U.S. Cyber Command’s Cyber
National Mission Force. As one of CYBERCOM’s four main headquarters elements,
the CNMF is in charge of deterring and disrupting cyberspace operations to
defend the nation. CNMF components include cyber support teams that provide
intelligence support, cyber protection teams that specialize in defending the
Department of Defense Information Network, and national mission teams that help
protect the DoDIN and, when ordered, other U.S. cyberspace.
CyberScoop
Eight men
across the U.S. and Ghana have been arrested and charged with a $15 million
hacking and fraud scheme. The indictments against the group are noticeably
short on details, but do provide some small insight into how U.S. law
enforcement says these schemes unfold. Prosecutors allege the conspiracy worked
when the accused used virtual private networks to mask their locations in
Africa, spoof identities to send emails and open fraudulent bank accounts to
handle the funds.
Motherboard
June 25,
2018
Earlier
this month, Apple confirmed it was introducing a new security feature that
could make hacking iPhones harder, especially for companies such as Grayshift
that unlock devices for law enforcement. USB Restricted Mode, as the feature is
called, will turn an iPhone’s lightning port into simply a ‘dumb’ charging
interface if the phone has not been unlocked within the last hour. That ticking
clock is causing law enforcement officials to at least explore the possibility
of using warrantless unlocks to more quickly download data from a device,
although they may then obtain a warrant to examine the data itself, according
to a document obtained by Motherboard.
INDUSTRY
Gov Info
Security
June 29,
2018
An Equifax
software engineer has settled an insider trading charge with the U.S.
Securities and Exchange Commission, after he allegedly earned more than $75,000
after he made a securities transaction based on his suspicion that the credit
bureau had suffered a data breach. Sudhakar Reddy Bonthu, 44, of Cumming,
Georgia, was a product development manager of software engineering within
Equifax's Global Consumer Solutions business unit. Equifax fired Bonthu on
March 12 after he refused to cooperate with internal investigation into
violations of the company's insider trading policies.
CyberScoop
June 28,
2018
BitSight, a
company that provides cybersecurity ratings for other companies, announced on
Thursday that it has raised $60 million in its Series D funding round. The
company provides a platform that evaluates customers’ cybersecurity posture.
The service comes in handy as companies look for ways to manage risk,
underwrite cyber insurance policies and conduct due diligence when doing
business with third parties. Customers can use the platform gain a window into
the cybersecurity posture of potential partners along with their own
Fifth
Domain
June 28,
2018
When the
cybersecurity firm Mandiant detected Chinese hackers were infiltrating networks
of their clients sometime around 2013, the company did not stand idly by,
according to a new book by David Sanger. In “The Perfect Weapon,” released June
19, the national security correspondent at The New York Times describes how
Mandiant’s investigators “reached back through the network to activate the cameras
on the hackers’ own laptops.” Sitting with the Mandiant investigators, Sanger
watched how the Chinese hackers “carried on like a lot of young guys around the
world.” They wore leather jackets, Sanger wrote. They checked sports scores.
The Hill
June 28,
2018
Athletic-wear
maker Adidas is alerting some U.S. customers that hackers may have accessed
their information, including usernames and encrypted passwords. The statement
did not specify the number of customers affected by the breach, though a
spokesperson later told The Hill that “a few million" consumers
could be affected.
McClatchy
The United
States pioneered the use of cyberweapons when it shattered Iran’s nuclear
centrifuges in 2010 but such devastating cyber tools have spread and are now
boomeranging to make industrial digital sabotage a growing concern to the
United States.
CyberScoop
June 27,
2018
San
Francisco enterprise threat management company Preempt Security earned $17.5
million in its Series B funding round, the company announced on Wednesday.
Preempt says that it uses information about identity, behavior and risk within
a company to proactively catch insider threats and prevent breaches. Management
of such threats is a constant struggle for enterprises, as they need to ensure
that employees don’t willingly or inadvertently expose sensitive information.
Reuters
Ticketmaster
UK said it had identified malicious software on a customer support product
hosted by an external supplier, and some of its customers' personal or payment
data may have been accessed by an unknown third-party. Less than 5 percent of
Ticketmaster's global customer base has been affected by the incident, while
North American customers have not been affected, it said in a statement.
INTERNATIONAL
Gov Info
Security
"This
is not a crazy state; this is a rational state pursuing rational
objectives." So said Robert Hannigan when describing North Korea's
cybercrime activities during a keynote speech at the recent Infosecurity Europe
conference in London. .
Computer
Business Review
Eight EU
member states have signed a Declaration of Intent to form a European Cyber
Rapid Response Force. Lithuania was the first to propose the initiative to
create the cyber-attack response teams, which has now been signed onto by seven
member states. Croatia, Estonia, France, Finland, Netherlands, Spain and
Romania will participate in the project which will be led by Lithuania.
SC Magazine
June 28,
2018
The Government has set out a series of minimum cyber-security standards
which will now be incorporated into the Government Functional Standard for
Security, obliging government departments and suppliers to comply. The
Standards comprise 10 sections, covering five broad categories: Identify,
Protect, Detect, Respond and Recover, and also set expectations for governance,
such as obliging government departments to create "clear lines of
responsibility and accountability to named individuals for the security of
sensitive information and key operational services".
Reuters
Hackers
from Russia are infecting Ukrainian companies with malicious software to create
“back doors” for a large, coordinated attack, Ukraine’s cyber police chief told
Reuters on Tuesday. The hackers are targeting companies, including banks and
energy infrastructure firms, in a roll out that suggests they are preparing to
activate the malware in one massive strike, cyber police chief Serhiy Demedyuk
said.
The Hill
June 26,
2018
The rapidly
expanding number of satellites transmitting GPS locations, cellphone signals
and other sensitive information is creating new opportunities for hackers. It's
a risk exacerbated by the growing number of aging satellite systems in
circulation.
Bloomberg
Cyber
attacks against Mexican financial institutions and reports of alleged election
interference around the world are fueling concerns among analysts that the
nation’s presidential vote on Sunday may become a target for hackers. While
Mexicans will cast their vote July 1 by paper ballot, electronic systems will
be used to tally and transmit the results, which the electoral authorities will
then release to trusted media outlets.
AP
Romania
faces Russian aggression on a daily basis in the Black Sea, and is fending off
a wave of cyber-attacks and political interference, the defense minister said
Monday. But even amid such uncertainty, Mihai Fifor told The Associated Press
that the country of 19 million aims to be the region’s main security provider
and early warning outpost for threats to fellow NATO allies.
TECHNOLOGY
Ars Technica
June 29,
2018
The Long
Term Evolution mobile device standard used by billions of people was designed
to fix many of the security shortcomings in the predecessor standard known as
Global System for Mobile communications. Mutual authentication between end
users and base stations and the use of proven encryption schemes were two of
the major overhauls.
AP
June 29,
2018
Is the web
browser on your phone slower than usual? It could be mining bitcoin for
criminals. As the popularity of virtual currencies has grown, hackers are
focusing on a new type of heist: putting malicious software on peoples'
handsets, TVs and smart fridges that makes them mine for digital money.
Nextgov
June 26,
2018
The federal
government doesn’t understand cybersecurity and won’t be able to respond to a
digital disaster such as a destructive hack aimed at the energy or financial
sector, according to a survey of cybersecurity researchers released Tuesday.
Only 13 percent of researchers “believe that Congress and the White House
understand cyber threats and will take steps for future defenses,” according to
the poll of attendees at the Black Hat cybersecurity conference.
Wired
June 26,
2018
There are
more Wi-Fi devices in active use around the world—roughly 9 billion—than there
are human beings. That ubiquity makes protecting Wi-Fi from hackers one of the
most important tasks in cybersecurity. Which is why the arrival of next-generation
wireless security protocol WPA3 deserves your attention: Not only is it going
to keep Wi-Fi connections safer, but also it will help save you from your own
security shortcomings.
Bloomberg Businessweek
June 25,
2018
As night
fell in Taipei on July 10, 2016, most people in the city were hunkered down to
ride out the end of a typhoon. Not Sergey Berezovsky and Vladimir Berkman.
Ars Technica
June 25,
2018
Last week,
developers on OpenBSD—the open source operating system that prioritizes
security—disabled hyperthreading on Intel processors. Project leader Theo de
Raadt said that a research paper due to be presented at Black Hat in August
prompted the change, but he would not elaborate further.
