Manafort hit with new charges moments after 7.5-year prison term imposed
From a wheelchair, Paul Manafort apologised to a judge as he faced sentencing for conspiracy to defraud the United States by illegally lobbying in Ukraine.
The Hill
March 7,
2019
An
institutional neglect toward cybersecurity contributed to the massive 2017 data
breach at Equifax that compromised sensitive information for more than 145
million Americans, a Senate panel alleged in a new report. The Senate Homeland
Security and Governmental Affairs Committee’s Permanent Subcommittee on
Investigations on Wednesday night released its conclusions from a probe into
the incident and said Equifax failed to take basic steps to protect its
security system from vulnerabilities. “Based on this investigation, the
Subcommittee concludes that Equifax’s response to the March 2017 cybersecurity
vulnerability that facilitated the breach was inadequate and hampered by
Equifax’s neglect of cybersecurity,” the panel wrote in its report. “Equifax’s
shortcomings are long-standing and reflect a broader culture of complacency
toward cybersecurity preparedness.” The report was released the night before
Equifax CEO Mark Begor, who joined the company after the data breach, testified
before the subcommittee. He apologized to the panel for the incident but took
issue with the report’s findings.
FCW
March 6,
2019
The Trump
administration's national cybersecurity strategy is a good start but more
accountability is needed, the head of the Government Accountability Office told
two congressional panels on March 6. Comptroller General Gene Dodaro was on
Capitol Hill to present the biennial High Risk List of 35 areas in the federal
government vulnerable to fraud, waste, abuse or mismanagement. Cybersecurity
across the federal government, remains a critical concern, even with the
administration's National Cyber Strategy released last September. The security
of critical infrastructure is also an issue. "I give the administration
credit for its cybersecurity plan, but there is no implementation plan,
definition of responsibilities, or metrics," Dodaro said during the Senate
hearing. "There's not enough of a sense of urgency to correct
[cybersecurity] problems at agencies or across government," he told the
Senate panel. He singled out the elimination of the White House cybersecurity
coordinator post at the National Security Council as an area of concern.
Health
IT Security
March 4,
2019
The College
of Healthcare Information Management Executives recently sent a list of
recommendations to the Senate Committee on Health, Education, Labor, and
Pensions (HELP), outlining the need to include cybersecurity in policies
designed to address the rise in healthcare costs. The Senate HELP committee
recently released a request for information to address rising costs to
healthcare. CHIME included the need for cybersecurity measures and regulatory
changes to support providers in addressing threats to patient data, in its list
of recommendations for reducing those costs. For CHIME, while technology and
data sharing are “vital to enhancing” care quality and efficiency, any policies
to support those digital changes must include cybersecurity measures to protect
patient data.
CyberScoop
March 8,
2019
The
Democratic National Committee is striving to “make it more expensive for
attackers to do their work” as it prepares for a 2020 election, Bob Lord, the
committee’s chief security officer, told CyberScoop. It is a simple but proven
principle of cybersecurity: Make it harder for hackers to succeed by
implementing time-tested basics like two-factor authentication. The question
for the DNC is: How do you aggressively broaden adoption of such practices for
campaigns and state parties scattered across the country, many which have very
limited budgets? That far-flung apparatus is not the chain of command that Lord
was used to when he was a cybersecurity executive at companies like Yahoo and
Rapid7. “Because we’re a decentralized ecosystem, it presents a number of
interesting challenges,” he said in an interview. “I don’t have the ability to
order people to do things. Nor can I practically manage all of their systems.
But what I can do is try to be a voice that they might not have heard before.”
Defense
One
March 7,
2019
The
commander of the nation’s top military cybersecurity organizations, the National
Security Agency and U.S. Cyber Command, has recommended they split from each
other next year, Defense One has confirmed. That’s another delay for an
organizational change first planned for in 2016 and since slowed to allow
officials time to sort out the authorities for the civilian agency and military
command and ensure that both entities can perform well independently. Gen. Paul
Nakasone, who leads NSA and CYBERCOM, recommended to former Defense Secretary
James Mattis last August that the split be put off until 2020, current and
former intelligence officials told Defense One this week. Those officials
believe the general’s recommendation will be accepted by Pentagon leaders,
though Acting Defense Secretary Patrick Shanahan’s views are not known. A Pentagon
spokesman said no official decision has been made.
CyberScoop
Don’t
expect U.S. officials to produce a “smoking gun” of public evidence that the
Chinese government might be using telecommunications giant Huawei to further
its interests in cyberspace, a senior National Security Agency official told
CyberScoop. “Everybody is anxious for that smoking gun,” Rob Joyce, senior
cybersecurity adviser at NSA, said in an interview. “It is not the case that
you’re going to see people bring out and drop that smoking gun on the table …
for all sorts of reasons about the way we understand the threat, the way we
deal with the Chinese, the way we have to protect the ability to see and maybe
defeat or deny that capability going forward.” U.S. officials have long accused
Chinese tech companies Huawei and ZTE of being potential vessels for spying.
One reason is that under Chinese law, companies are required to cooperate with
national intelligence activities. Huawei and ZTE strenuously deny the
allegations, saying they operate as competitive companies in the global economy.
Nextgov
March 7,
2019
The Defense
Department’s cyber warrior teams are struggling to maintain readiness,
according to a congressional auditor. In 2013, the Defense Department began a
years-long process to stand up 133 Cyber Mission Force teams of military
personnel with elite cyber training to defend critical information networks.
The department reached full operating capability before its deadline, but a
Government Accountability Office audit released Wednesday found the Cyber
Mission Force began experiencing training and readiness issues last year. “As
of November 2018, many of the 133 CMF teams that initially reported achieving
full operational capability no longer had the full complement of trained
personnel, and therefore did not meet Cyber Command’s readiness standards,” the
audit said.
AP
March 6,
2019
Time and
money are running short for states to replace aging or inadequate voting
machines before the 2020 presidential primaries, according to a report released
Tuesday. State and local election officials in 31 states say they want to
replace their voting equipment before the elections, but the vast majority said
they don't have enough money to do so, according to The Brennan Center for
Justice at NYU's School of Law. "We basically have this year and then it's
too late," said Lawrence Norden, deputy director of the center's Democracy
Program and author of the report. It can take months to decide on replacement
machines, secure the funding, develop security protocols, train workers and
test the equipment. States received $380 million in election security grants
from Congress last year, but experts have said that's merely a down payment on
what is needed.
FCW
March 6,
2019
Less than a
year before the 2020 population count officially begins, the Census Bureau
knows it'll be a prime target for cyberattacks. Public perceptions around data
confidentiality and the security of a trove of sensitive information have
consistently topped the bureau's major risk areas in the decade leading up
to an online census. And with that change in medium -- the bureau expects
about 60 percent of responses to be submitted online -- comes novel risks,
Census CIO Kevin Smith told FCW at an event hosted by the Poynter Institute and
Georgetown University March 5. Because the information, for the first time,
will be coming in digitally rather than on paper, Census is now making sure
data is encrypted both in transit from respondents and once it's been received
by the bureau, he said. And the bureau isn't taking on the cybersecurity lift
alone. "We're going through the steps right now with [the Department of
Homeland Security] to involve the intelligence community to determine what to
put in place," he said. "They offered to provide us with support
similar to the 2018 midterm elections."
Wired
The
National Security Agency develops advanced hacking tools in-house for both
offense and defense—which you could probably guess even if some notable
examples hadn't leaked in recent years. But on Tuesday at the RSA security
conference in San Francisco, the agency demonstrated Ghidra, a refined internal
tool that it has chosen to open source. And while NSA cybersecurity adviser Rob
Joyce called the tool a "contribution to the nation’s cybersecurity
community" in announcing it at RSA, it will no doubt be used far beyond
the United States. You can't use Ghidra to hack devices; it's instead a
reverse-engineering platform used to take "compiled," deployed
software and "decompile" it. In other words, it transforms the ones
and zeros that computers understand back into a human-readable structure,
logic, and set of commands that reveal what the software you churn through it
does. Reverse engineering is a crucial process for malware analysts and threat
intelligence researchers, because it allows them to work backward from software
they discover in the wild—like malware being used to carry out attacks—to
understand how it works, what its capabilities are, and who wrote it or where
it came from. Reverse engineering is also an important way for defenders to check
their own code for weaknesses and confirm that it works as intended.
PC
Magazine
March 5,
2019
The US
government came to this year's RSA cybersecurity show with a key message: Be on
guard against China. On Tuesday, officials at the FBI, the NSA and the
Department of Homeland Security spoke at the show, and specifically called out
China as a major hacking threat that needs to be on the radar of every US
business. "I would argue for too long that this country (the US) has
actually been under-focused on the counterintelligence threat … that China
poses," FBI director Christopher Wray said during his talk at RSA.
According to Wray, the US has long been "underfocused" on the Chinese
hacking threat, which has sought to steal sensitive intellectual property from
US companies. "We have economic espionage investigations in basically all
56 field offices, almost all of which lead back to China. It covers every
sector of the economy. It covers academia," he added. Sure, Russia may be
getting most of the headlines for hacking crimes, but China may end up becoming
the larger problem, according to NSA cybersecurity senior advisor Rob Joyce.
That's because the country is focused on building up its capabilities to
surpass the US, whereas the Kremlin has focused more on sowing chaos. "You
can kind of look at Russia like it's a hurricane: It's fast and hard. And China
is like climate change: Long, slow and pervasive," Joyce said during a
separate talk with journalists at RSA.
CyberScoop
March 5,
2019
When it
comes to protecting the federal government from cyberattacks, simplicity is not
that simple. That was the underlying message Monday during multiple panels at
RSA Public Sector conference in San Francisco, where government cybersecurity
experts and the federal contractors that carry out the government’s
cybersecurity operations discussed why things are currently complicated and
what it will take to make things easier. The government’s ongoing embrace of
the cloud is helping move things in the right direction, but because agencies
often follow a hybrid cloud model, watching over a government enterprise is
still a highly complex task. Kevin Cox, the program manager for the Department
of Homeland Security’s Continuous Diagnostics and Monitoring program, said
Monday that it’s a challenge to ascertain exactly how each agency has its
enterprise configured.
FCW
March 4,
2019
A Trump
administration initiative to retrain federal workers for cybersecurity jobs
received more than 1,500 applications, according to the government's top IT
official. On March 1, Federal CIO Suzette Kent tweeted out statistics related
to the first round of applicants for the government's new Cyber Reskilling
Academy. Among the findings: nearly half of the 1,500 applicants were
lower-level feds between GS-5 and GS-11 on the government pay scale. Those
applicants just completed aptitude assessments, and the Office of Management
and Budget is expected to select finalists for the first 25-person cohort April
1 before kicking off a three-month curriculum starting April 15. The pilot is
envisioned as a vehicle for transitioning parts of the federal workforce toward
high-level cybersecurity work greatly needed in the federal government and
countering the looming prospect of automation that could lead to the
elimination of lower level, manual-driven data entry and analysis positions.
INDUSTRY
CyberScoop
March 8,
2019
Citrix, a
VPN service widely used in the corporate world, revealed Friday that the FBI is
investigating a breach to its internal network by “international cyber
criminals.” The hackers appear to have “accessed and downloaded business
documents,” the company said in a blog post, adding that it doesn’t know
specifically what was accessed. There is no sign that the breach has
compromised any Citrix product or service, the Florida-based company said.
“While not confirmed, the FBI has advised that the hackers likely used a tactic
known as password spraying, a technique that exploits weak passwords,” Citrix
said. “Once they gained a foothold with limited access, they worked to
circumvent additional layers of security.”
Ars
Technica
March 7,
2019
Google
security officials are advising Windows users to ensure they’re using the
latest version 10 of the Microsoft operating system to protect themselves
against a “serious” unpatched vulnerability that attackers have been actively
exploiting in the wild. Unidentified attackers have been combining an exploit
for the unpatched local privilege escalation in Windows with one for a separate
security flaw in the Chrome browser that Google fixed last Friday. While that
specific exploit combination won’t be effective against Chrome users who are
running the latest browser version, the Windows exploit could still be used
against people running older versions of Windows. Google researchers privately
reported the vulnerability to Microsoft, in keeping with its vulnerability
disclosure policy.
FCW
March 7,
2019
A white
paper released March 6 by the Cybersecurity Coalition, an industry group led by
former White House Senior Cybersecurity Director Ari Schwartz, recommends that
organizations and governments adopt coordinated vulnerability disclosure (CVD)
frameworks. The paper also suggests placing the Department of Homeland Security
or another civilian department in charge of developing a policy framework for
federal agencies, and it calls for more federal funding for resources like the
Common Vulnerability and Exposures and National Vulnerability Database
programs. The Cybersecurity Coalition argues that such policies should be
"a standard component" of security programs at governments and
private companies and that the U.S. government should promote and encourage
broader adoption at home and internationally. The group does not support
government bodies acting as arbiters for the private sector, however.
The Wall Street Journal
March 7,
2019
Hackers
breached the system that houses applicant information for three U.S. colleges
in recent days and demanded thousands of dollars in ransom from prospective
students for personal information they claimed to have stolen. The schools
include Oberlin College in Ohio, Grinnell College in Iowa and Hamilton College
in New York. All three use a system called Slate to track information about
students who have applied for admission. Slate is owned by Technolutions Inc.
Vice
Motherboard
March 7,
2019
On
Thursday, Crowdfense, a company that buys zero day exploits from researchers
and then sells them to government agencies, announced it is now offering a
total of $15 million to hackers who have particular exploits for sale. Zero
days are attacks which take advantage of vulnerabilities that the impacted
vendor—Apple, Google—is unaware of. The highest tier of exploit chains for
iPhones and certain Android devices can fetch $3 million each. But notably,
Crowdfense’s roster of desired hacking tools goes beyond the usual suspects of
fully up-to-date phones and desktop devices. Crowdfense is now also buying exploits
that can break into internet routers. The reason? Hacking users’ phones, and in
particular Apple’s iPhone, is becoming so difficult, and the necessary chain of
exploits needed to hack them so rare, that some vendors are starting to look
for other devices they can still break into while gathering information on a
target.
CNBC
March 5,
2019
Attempted
cyberattacks are no longer an "if," but a "when." And, for
many companies, hackers will win. In the first half of 2018 alone, more than
four billion records were compromised to data breaches. That comes at a heavy
price, according to a 2018 study by IBM and the Ponemon Institute. The average
data breach cost companies $3.86 million, the study found, and large-scale
breaches can hit $350 million. Against that backdrop, companies are eager to hire
cybersecurity experts to guard against those risks. The problem: There aren't
nearly enough people who can fill those roles. The demand for skilled security
professionals is one of the biggest challenges facing the cybersecurity
industry today, with 2.93 million positions open and unfilled around the world,
according to non-profit IT security organization (ISC)².
The New
York Times
March 4,
2019
Ten years
ago, Google was hacked by the Chinese military in one of the most startling
cyberattacks on an American company by government-affiliated agents. This week,
Chronicle, a security start-up owned by Google’s parent company, Alphabet,
plans to bring some of what it learned from that incident to other companies
through a widely anticipated new product called Backstory. The idea, company
executives said, is simple: Backstory will make Alphabet’s vast storage,
indexing and search abilities available to other companies, allowing them to
search through giant volumes of data, going years back, to trace the back story
of a malicious attack. Chronicle is hardly the only company doing this. Dozens
of companies promise so-called big data threat intelligence and storage. But
many of their customers can’t afford to pay to search through huge amounts of
information. Chronicle will charge customers by their number of employees.
Wired
March 4,
2019
When
Google's team of ninja bug-hunting researchers known as Project Zero finds a
hackable flaw in somebody else's code, they give the company responsible 90
days to fix it before going public with their findings—patched or not. So like
clockwork, 94 days after Google alerted Apple to a bug in its MacOS operating
system that could allow malware to inject data into the most privileged code
running on its computers, Mountain View's hackers are revealing that fresh
zero-day vulnerability to the world. On Friday, Google's Project Zero
researchers quietly published a forum post outlining a previously unknown
vulnerability in MacOS, which they call BuggyCow, in a piece of
proof-of-concept demonstration code. The attack takes advantage of an obscure
oversight in Apple's protections on its machines' memory to enable so-called
privilege escalation, allowing a piece of malware with limited privileges to,
in some cases, pierce into deeper, far more trusted parts of a victim's Mac.
Reuters
March 4,
2019
Firefox
browser-maker Mozilla is considering whether to block cybersecurity company
DarkMatter from serving as one of its internet security gatekeepers after a
Reuters report linked the United Arab Emirates-based firm to a cyber espionage
program. Reuters reported in January that DarkMatter provided staff for a
secret hacking operation, codenamed Project Raven, on behalf of an Emirati
intelligence agency. The unit was largely comprised of former U.S. intelligence
officials who conducted offensive cyber operations for the UAE government.
Former Raven operatives told Reuters that many DarkMatter executives were
unaware of the secretive program, which operated from a converted Abu Dhabi
mansion away from DarkMatter’s headquarters. While Mozilla had been considering
whether to grant DarkMatter the authority to certify websites as safe, two
Mozilla executives said in an interview last week that Reuters’ report raised
concerns about whether DarkMatter would abuse that authority.
Gov Info
Security
March 4,
2019
Four
business sectors - hospitals, banks, securities firms and market infrastructure
providers - potentially face the most significant financial impact from
cyberattacks that could lead to a weakened credit profile, according to a new
report from Moody's Investors Service. "In our view, cyber risk is event
risk, and we see a rising tide," according to the report from Moody's, a
U.S. credit ratings agency. "Digitization continues to increase, supply
chains are becoming more complex and attacker sophistication is improving.
However, the universe of cyber threat actors remains the same: socially
motivated attackers - hacktivists - criminals and nation-states." Moody's
research assessed the inherent cyber risk exposure of 35 broad sectors based on
two factors: vulnerability to a cyber event or attack and impact in terms of
potential disruption of critical business processes, data disclosure and
reputational effects. Four sectors - banks, securities firms, market
infrastructure providers and hospitals - were classified as having the highest
overall cyber risk due to their significant reliance on technology and
confidential information for their operations, the Moody's report notes.
INTERNATIONAL
The
Washington Post
March 7, 2019
Huawei said
Thursday that it has sued the U.S. government to challenge a law that bans
federal agencies from buying its telecommunications equipment, opening a new
front in the metastasizing global contest between the Chinese technology giant
and Washington. In a lawsuit filed in U.S. District Court in Texas, Huawei
argued that a section of the 2019 National Defense Authorization Act that
prohibits federal agencies and contractors from buying Huawei equipment on
national security grounds unfairly punishes the Chinese company. The lawsuit
asserts that the prohibition was imposed without due process and with no proof
provided that Huawei poses an espionage threat to the United States. The
complaint adds a new subplot — in American courts — to the sprawling standoff
between the Trump administration and a tech firm seen as an icon of China’s
rise into a world power.
BBC
March 7, 2019
Cyber-attacks
could turn elections into "tainted exercises" that undermine Western
democracies, the foreign secretary has said. In a speech in Glasgow, Jeremy
Hunt said authoritarian regimes view democratic elections as "key vulnerabilities"
to be targeted. But he stressed there was no evidence of successful
interference in UK polls. Mr Hunt called for economic and diplomatic sanctions
to be part of the response to attacks. He added that the government was
expanding its network of "cyber attaches" - diplomats working with
governments around the world to address the problem. Russia, China, Iran and
North Korea have all been accused of being behind various hacks and online
campaigns in recent years.
The
Financial Times
March 7, 2019
The worst
cyber attack in Singapore's history, which involved the theft of medical
information linked to the prime minister as well as 1.5m patients, was executed
by a state-sponsored espionage group called Whitefly, according to Symantec.
The US cyber security group said Whitefly was backed by a nation state, but it
could not "say for certain by whom the group is funded or from whom they
take direction". Symantec's findings are in line with a report published
by the Singapore government in January, which said that hackers resembling
state-sponsored actors were responsible for the cyber attack at SingHealth, the
city state's largest healthcare group. Wednesday's report said that in the 12
months to mid-2018 Whitefly launched attacks against a number of organisations
mostly based in Singapore, including multinational corporations with operations
in the city state.
AP
March 7,
2019
German
authorities published a list of security requirements for telecoms networks
Thursday, amid concerns about the possible involvement of China’s Huawei in
future 5G infrastructure. The United States has been lobbying for allied
countries and companies to block Huawei from providing equipment for
fifth-generation cell networks, claiming it could facilitate digital espionage
by the Chinese government. Germany has made clear in recent weeks that it
doesn’t plan to pre-emptively exclude specific companies from bidding for
contracts, but instead wants to set minimum standards that all suppliers have
to meet. According to the new guidelines published by Germany’s Economic
Ministry and the Federal Network Agency, systems for networks including 5G “may
only be sourced from trustworthy suppliers whose compliance with national
security regulations and provisions for the secrecy of telecommunications and
for data protection is assured.”
The Wall Street Journal
March 6,
2019
Cyberattacks linked to Iranian hackers have targeted thousands of people
at more than 200 companies over the past two years, Microsoft Corp. said, part
of a wave of computer intrusions from the country that researchers say has hit
businesses and government entities around the globe. The campaign, the scope of
which hadn’t previously been reported, stole corporate secrets and wiped data
from computers. It caused damages estimated at hundreds of millions of dollars
in lost productivity and affected oil-and-gas companies, heavy-machinery
manufacturers, and more.
Reuters
March 6,
2019
The Czech
cyber-security watchdog was not pressured by the United States or anyone else
into issuing its warning about the possible security risks posed by Chinese
telecoms equipment maker Huawei, Prague’s cyber attache to Washington told
Reuters. Rather, its December warning took both the United States and Huawei by
surprise, Daniel Bagge, the Washington-based representative for the NUKIB
watchdog said in an interview. The United States has urged allies not to use
products made by Huawei, the world’s biggest maker of telecoms equipment,
saying they could enable Chinese state espionage. No evidence has been produced
publicly and Huawei has repeatedly denied the allegations. But several Western
countries have restricted, or are considering restricting, the company’s access
to their markets, fueling speculation of U.S. pressure. Bagge, however, said
NUKIB reached its own conclusions on Huawei and Chinese peer ZTE based on
“information from the public domain as well as classified information and
information from partners in the intelligence community.”
The Atlantic
March 6,
2019
When
Chinese President Xi Jinping and his Czech counterpart, Miloš Zeman, raised a
beer from a terrace overlooking the spires of Prague in 2016, they were hailing
an era of deepened economic cooperation: Beijing would invest billions of
dollars in the Czech Republic, and Zeman, in turn, would tout China as a
business partner for Europe. Zeman has been a staunch supporter of Beijing ever
since, and in particular of the Chinese telecom giant Huawei Technologies,
promoting the company’s efforts to roll out across the Czech Republic
cutting-edge wireless technology known as 5G. But Huawei’s role here has come
under growing domestic scrutiny in recent months, with the country’s
cybersecurity agency labeling it a threat. That has triggered a political
dispute that is, in varying forms, playing out across Central Europe and the
wider world. It puts the Czech Republic at the center of a geopolitical
tug-of-war between the United States, its longtime ally and fellow democracy,
and the growing economic heft of China.
Reuters
March 5,
2019
Huawei, in
the spotlight over the security risks of its telecom equipment gear, urged
governments, the telecoms industry and regulators on Tuesday to work together
to create a common set of cybersecurity standards. The call by Huawei Chairman
Ken Hu came as the world’s largest telecoms equipment maker opened a cyber
security centre in Brussels, allowing its customers and governments to test
Huawei’s source code, software and product solutions. The company has similar
facilities in Britain, Bonn, Dubai, Toronto and Shenzhen. "The fact is
that both the public and private sectors lack a basic common understanding of
this issue. As a result, different stakeholders have different expectations and
there is no alignment of responsibilities," Hu told a news conference.
Reuters
March 5,
2019
Britain's
banks will have to show they could recover from a cyber attack within hours to
avoid customer payments being delayed to the next day, the Bank of England said
on Tuesday. The BoE said it would hold a pilot cyber stress test of lenders
mid-2019 but individual results won't be published. The "severe but
plausible" test will look at how banks' could withstand a cyber attack and
how quickly they would recover so that payments can continue. The pilot test
will look at the payments system of a bank going down, but future tests would
also likely include data being corrupted, the BoE's Financial Policy Committee
(FPC) said. Banks, which the BoE did not name, will have to show that payments
made on the day of the theoretical cyber attack are completed that day.
The Hill
March 4,
2019
A team of
cybersecurity researchers said Monday that they have identified a
state-sponsored Chinese hacking group that has launched cyberattacks to try to
bolster China's navy. Security firm FireEye said in a blog post that the group,
which they are calling APT40, has been carrying out cyberattacks since at least
2013 that targeted the engineering, transportation and defense industries. The
researchers said that the group is also going after traditional targets for
China, including groups tied to elections in Southeast Asia, to try to gain
intelligence about the organizations. FireEye noted that those actions are
likely linked to Chinese disputes in the South China Sea, as well as China’s
massive “Belt and Road Initiative,” which aims to make the country a global
superpower in trade. “Despite increased public attention, APT40 continues to
conduct cyber espionage operations following a regular tempo, and we anticipate
their operations will continue through at least the near and medium term,” the
post reads.
The New York Times
March 3,
2019
North
Korean hackers who have targeted American and European businesses for 18 months
kept up their attacks last week even as President Trump was meeting with North
Korea’s leader in Hanoi. The attacks, which include efforts to hack into banks,
utilities and oil and gas companies, began in 2017, according to researchers at
the cybersecurity company McAfee, a time when tensions between North Korea and
the United States were flaring. But even though both sides have toned down
their fiery threats and begun nuclear disarmament talks, the attacks persist.
TECHNOLOGY
E&E News
March 7,
2019
On Aug. 4,
2017, at 7:43 p.m., two emergency shutdown systems sprang into action as
darkness settled over the sprawling refinery along Saudi Arabia's Red Sea
coast. The systems brought part of the Petro Rabigh complex offline in a
last-gasp effort to prevent a gas release and deadly explosion. But as safety
devices took extraordinary steps, control room engineers working the weekend
shift spotted nothing out of the ordinary, either on their computer screens or
out on the plant floor. The reasons for the sudden shutdown were still buried
under zeros and ones, nestled deep within the code of the compromised Schneider
Electric safety equipment. Investigators soon discovered a dangerous hacking
tool that would usher in a new chapter in the global cyber arms race, much like
the Stuxnet worm that damaged Iranian nuclear centrifuges at the start of the
decade. The discovery of the Triton malware, named for the Triconex line of
safety systems it triggered, echoed from the ancient Saudi city of Rabigh to a
research institute in Moscow, and from California to Tokyo.
The New York Times
March 7,
2019
Going back
at least a decade, cars have been targeted by hackers, some who ended up
working with the industry, others acting maliciously. But vehicles now carry
far more electronic equipment, and autonomous driving, relying on sensors,
cameras and radar, is on the horizon, with all kinds of ripe new targets.
Concern that cars could be seriously hacked — by criminals, terrorists or even
rogue governments — has prompted a new round of security efforts on the part of
the auto industry. As far back as 2010, a disgruntled former employee at Texas
Auto Center in Austin used a co-worker’s account to log into company software
used for car repossession. He disabled over 100 cars, and owners who were up to
date on their payments suddenly found their vehicles honking furiously, and
unable to start. In 2015, a veteran hacker named Samy Kamkar built a device for
under $100 that he said could find, unlock and remotely start any General
Motors car equipped with the OnStar communications system. Luckily, Mr. Kamkar
was acting as a “white hat,” and not selling his OwnStar device to unscrupulous
hackers. “I worked with G.M. to resolve that issue,” he said, and that
particular vulnerability is gone. “Cars are getting more secure, but it’s a
long cycle to get the necessary new software and hardware installed.”
Wired
March 7,
2019
At the
endless booths of this week's RSA security trade show in San Francisco, an
overflowing industry of vendors will offer any visitor an ad nauseam array of
"threat intelligence" and "vulnerability management"
systems. But it turns out that there's already a decent, free feed of
vulnerability information that can tell systems administrators what bugs they
really need to patch, updated 24/7: Twitter. And one group of researchers has
not only measured the value of Twitter's stream of bug data but is also
building a piece of free software that automatically tracks it to pull out
hackable software flaws and rate their severity. Researchers at Ohio State
University, the security company FireEye, and research firm Leidos last week
published a paper describing a new system that reads millions of tweets for
mentions of software security vulnerabilities, and then, using their
machine-learning-trained algorithm, assessed how much of a threat they
represent based on how they're described. They found that Twitter can not only
predict the majority of security flaws that will show up days later on the
National Vulnerability Database—the official register of security
vulnerabilities tracked by the National Institute of Standards and
Technology—but that they could also use natural language processing to roughly
predict which of those vulnerabilities will be given a "high" or
"critical" severity rating with better than 80 percent accuracy.
via Nick
Leiserson
