Welcome to Cyber News Tidbits 4​U​ !

Here are updated news compilations from the Cyber Security Community

Topic headers (+++):

1 – Security news you can likely use (re: management / opportunity items)

2 – Other items of general FYI / FYSA level interest

3 – Threats / bad news stuff / etc.. 


4 – SD/SoCAL items of interest / opportunities   (send me your SD meetings!) 

A couple of Highlights  (A couple of items of potentially notable interest / high utility &  value… your mileage will vary….)

(Lots happening,  so LOTs to be aware of. Takes 5 min to skim…then pick out a topic or two..)

 ( some great topics / meetings here in SD … scroll to bottom and get engaged)


+ Verizon Data Breach Investigations Report (DBIR ) Says Mobile Malware Not Important – Yet

According to Verizon’s 2015 DBIR, the threat landscape has not changed much since last year’s report. The leading causes of data breaches last year include web application attacks, point-of-sale intrusions, cyber espionage, and crimeware. The report also says that the majority of mobile malware infections are adware and other annoyances rather than something truly malicious.  SO FAR!

[Note If you read only one security report this year, read the Verizon’s 2015 Data Breach Investigations Report (DBIR). It provides good data and insights on incidents provided by many contributors around the world…)

AND… 2015 DBIR and the Human Attack Surface – minimize the cause of 90% of the breaches

AND –  ITRC’s Findings from the 2015 Data Breach Incident Report

Estimated that the financial loss from data breaches covered in the DBIR was $400 million

The ratio of internal to external threats remains relatively static with more than 80% of threats being external rather than internal.

ONE hour is all it took for nearly 50% of the recipients to open an email and click on phishing links



+ IBM’s X-Force Exchange to make decades worth of cyber-threat data public

IBM has announced it will make its huge store of about two-decades worth of security and cyber-threat data available to private and public companies. Through what IBM is calling its new X-Force Exchange, the company said Thursday it will offer its massive 700-terabyte (and growing) database of raw cyber-threat data and intelligence to companies who want it. That also includes malware threat data from 270 million computers and devices, as well as from 25 billion web pages and images, and spam and phishing attack emails.



+ Why corporate cybersecurity teams are going anonymous

Paul Kurtz, a former cybersecurity advisor to Presidents Obama and Bush, is a successful entrepreneur. His company, CyberPoint, reportedly offers security consulting services to the United States government, the United Arab Emirates, and a variety of domestic and overseas customers. Now his new startup, TruStar, is venturing into uncharted waters: anonymous sharing of cyberattack information by some of the world’s largest corporations. When I spoke with Kurtz on the phone, he described his new company (cofounded with former eBay chief security officer Dave Cullinane) as an anonymous cyberattack report sharing platform. Cybersecurity teams at corporate or government clients fill out reports of attacks against their organization—anything from emails that attempt to “spearphish” information from executives to sophisticated attacks on servers—which are then stripped of identifying information by TruStar’s platform and re-sent to clients on an inbox-like dashboard.



+ Pentagon eyes recruiting cyber talent through National Guard

The Defense Department still doesn’t have the capabilities and resources needed to defend against a major cyberattack from another nation or other tech-savvy criminals, Pentagon officials told members of a Senate panel Tuesday. But officials said they are looking for more creative ways to attract high-tech experts into the military and the department, including beefed up National Guard and Reserve recruiting in places like California’s Silicon Valley. Eric Rosenbach, the principle cyber adviser to Defense Secretary Ash Carter, told senators that the Pentagon wants to find ways to bring talent into the department without individuals having to go through one of the military services.



+ Nearly 1 million new malware threats released every day

New reports from the Internet security teams at Symantec and Verizon provide an alarming picture of how difficult it’s becoming for computer users to stay safe online Last year was a big one for high-profile cybercrime, from the Heartbleed bug to major corporate attacks, and Sony’s embarrassing hack. Symantec’s analysis of security threats in 2014 revealed thieves are working faster than companies can defend themselves, and launching more malicious attacks than in previous years. More than 317 million new pieces of malware — computer viruses or other malicious software — were created last year. That means nearly one million new threats were released each day.



+ BYOD employees ‘indifferent’ to enterprise security

Businesses are ill-prepared for the attitude of next generation employees who own mobile devices, and may be placed at risk as the BYOD trend causes fractures in security enforcement. Bring-your-own-device (BYOD) is a corporate trend which has become firmly entrenched in the business world. Most employees in the West own personal devices — whether they be tablets or smartphones — and companies can cut costs by allowing staff to use their own devices to connect to corporate networks. While this permission may be convenient for employees, improve workflows and save the enterprise from facing the cost of outfitting their staff with suitable mobile devices, BYOD can also be a headache for IT and security departments.



+ A global consensus on cyber security is gaining momentum

Cybersecurity developments grab headlines. Everyone wants to know the tales of treachery and intrigue, who hacked who, and what was stolen or broken. Interest wanes, however, when the conversation switches to the drudgery of what is to be done, especially capacity building, which generally involves transferring knowledge and good practices to countries in the developing world so that they can improve their cybersecurity and participate on a more equitable basis in the digital economy. While it may be tedious work, it is critically important because the next billion Internet users will be from the developing world.



+ New cyberthreat information-sharing bill may be more friendly to privacy

A new bill designed to encourage businesses and government agencies to share information about cyberthreats with each other may go farther in protecting the privacy of Internet users than other recent legislation in Congress. The National Cybersecurity Protection Advancement NCPA Act, introduced Monday in the House of Representatives by two Texas Republicans, appears to do a “much better job” at protecting privacy than two bills that have passed through the House and Senate Intelligence Committees, said Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute.



+ IBM wants your smartwatch to talk to your doctor

It may finally be time for your smartwatch to talk to your doctor. Plenty of people wear fitness trackers. And plenty of doctors use electronic data to help with patient care. But it’s also true that these silos of data often never meet, arguably limiting how useful any of it could be to patients. IBM is aiming to change that, saying Monday that it’s striking deals with Apple, Johnson & Johnson and Medtronic to collect and use more information from personal medical devices to help with patients’ clinical care.  Using its Watson supercomputer — yes, of “Jeopardy!” fame — IBM said that it will also be launching a whole Watson Health unit.



+ Pentagon weapons guide adds cybersecurity  (really.. finally making it a formal requirement….)

Cybersecurity is now a core consideration for all weapons purchases at the Defense Department. The Pentagon released its new buying guide, Better Buying Power 3.0, late Thursday. For the first time, it discusses cybersecurity. “Cybersecurity is a pervasive problem for the department,” said acquisition chief Frank Kendall during a press conference. “It’s a pervasive problem in the sense that it affects and is a danger, if you will, a source of risk for our programs from inception all the way through retirement.”



+ Wall St. is told to tighten digital security of partners

Wall Street’s oversight of cybersecurity measures at outside firms it does business with remains a work in progress, according to a review by New York State’s top financial regulator. A survey of 40 banks found that only about a third require their outside vendors to notify them of any breach to their own networks, which could in turn compromise confidential information of the bank and its customers. Fewer than half the banks surveyed said they conducted regular on-site inspections to make sure the vendors they hire – like data providers, check-processing firms, accounting firms, law firms and even janitorial companies – are using adequate security measures.



+ GAO Report Urges FAA to Address Wi-Fi Security Concerns

According to a report from the US Government Accountability Office (GAO), on certain aircraft, passenger Wi-Fi networks use the same networks as the plane’s avionics systems, putting the aircraft at risk of attacks from passengers and even from people on the ground. The report, titled “FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen,” was requested by the House Transportation and Infrastructure Committee.

[Note: This Forbes article argues that many of the findings in the GAO report are misleading or incorrect.

The Forbes article asserts that GAO’s report “was put together by people who didn’t understand how modern aircraft actually work.” I would normally reject that type of argument as light-weight whining, but in GAO’s case I would be making an error. GAO staffers have demonstrated repeatedly that they do not understand how attacks and networks and operating systems work – at the deep technical level. That means their reports have been forcing government agencies to spend money in precisely the wrong ways – so much so that a close analysis will show that GAO is culpable in enabling the deep and pervasive cyber penetration that has occurred across many elements of the federal government…;-((


+ Dell Report Notes Increase in Attacks Against Industrial Control Systems

According to the 2015 Dell Security Annual Threat Report, attacks against Industrial Control Systems rose nearly fourfold last year. Most of those attacks were against systems in Finland, the UK, and the US.

The report also noted an increase in HTTPS traffic last year. Dell says that may not be good news because it could be used to hide malware.



+ China Suspends Stringent Tech Rules

China has temporarily suspended implementation of rules that would make it nearly impossible for foreign technology companies to offer products to the country’s financial sector. The rules would require tech companies that sell to Chinese financial institutions to provide access to source code. Following a meeting with Chinese officials last month, US officials said that the rules would be suspended, but earlier this week, trade groups in Japan, Europe, and the US said the rules were still being enforced. A letter from the Chinese government letter makes the temporary change official.

[Note: Many  thought this would be the case; some companies would simply cease to do business with China. It also leaves the IBM Apple agreement team to earn enterprise class business decision revenue subject to further scrutiny. Reportedly, they agreed to do this. Also, rumor has it China will demand back doors in some of the products:



+How Ionic Says It Makes Data Breaches Irrelevant

Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key!



+ Youth, Apathy, And Salary Dictate Mobile Threats To Business

Mobile cyberattacks may not be a thing today, but a new study shows how vulnerable businesses are via user smartphones and tablets.



+ Federal Trade Commission released the agency’s 2014 Annual Highlights

Emphasizing the agency’s work to protect consumers and promote competition during the past calendar year. “With over 150 law enforcement actions taken and $640 million in consumer redress ordered, we marked the FTC’s centennial year..



+ PCI DSS 3.1 debuts, requires detailed new SSL security management plan

PCI DSS 3.1 grants merchants about 14 months to nix flawed SSL and TLS protocols, but demands they quickly provide detailed new documentation on how they plan to make the transition.



+ Verizon launches security certificate service for IoT

Great service….  It will help make IoT security work. The End device’s will need the capability affordably built in to make it cheap to use.



+ New Dark-Web Market Is Selling Zero-Day Exploits to Hackers



+ The Cybersecurity Risk That Dwarfs All Others (windows server 2003)



+ Getting a Sense of IoT in Asia




2  +++++++


+ Hackers could commandeer new planes through passenger Wi-Fi

Seven years after the Federal Aviation Administration first warned Boeing that its new Dreamliner aircraft had a Wi-Fi design that made it vulnerable to hacking, a new government report suggests the passenger jets might still be vulnerable. Boeing 787 Dreamliner jets, as well as Airbus A350 and A380 aircraft, have Wi-Fi passenger networks that use the same network as the avionics systems of the planes, raising the possibility that a hacker could hijack the navigation system or commandeer the plane through the in-plane network, according to the US Government Accountability Office, which released a report about the planes today.



+ Federal cyber workforce woefully inadequate,

Says Rigid hiring processes and low pay for specialized employees have kept the U.S. government from developing the type of cyber workforce it needs to keep up with growing attacks, according to an independent analysis. The Partnership for Public Service released a report on Tuesday saying the federal government has positioned itself poorly for recruiting cybersecurity personnel at a time when the nation as a whole is already facing a shortage. Aside from non-competitive pay and strict hiring practices, other causes of the deficiency include weak talent pipelines and the lack of a government-wide strategy for hiring and retaining talent, according to the group.



+ Pentagon to release cyber strategy

In his two months on the job, Defense Secretary Ashton Carter has made building out the Pentagon’s capabilities in cyberspace a priority. That work will cross a threshold next week when the Pentagon releases a multi-year cyber strategy. Eric Rosenbach, Carter’s top cyber adviser, on April 14 told a Senate Armed Services Subcommittee on Emerging Threats and Capabilities that the strategy would be out next week, and would include projects and benchmarks for measuring progress, but didn’t elaborated much beyond that.



+ DHS defends FY 2016 cyber budget before Senate committee

The Homeland Security Department is asking Senate appropriators for budget increases to bolster its cybersecurity programs, including the Federal Risk and Authorization Management Program (FedRAMP). The total request for cyber programs at DHS add up to $1.4 billion. That’s just part of the total White House budget request for cybersecurity programs, which is up 11 percent for FY 2016, or $13.9 billion. “These are ballpark figures, but my idea here is to give you a sense of the magnitude and relative effort that should be expended,” said Andy Ozment, assistant secretary for cybersecurity and communications, before the Senate Appropriations Subcommittee on Homeland Security today.



+ Former FBI director talks cybersecurity

From hammering out new cybersecurity responsibilities to successfully transitioning thousands of case files over to a digital system, it was the delegation of responsibility – not the technology itself – that posed a major challenge to former FBI Director Robert Mueller, he said in a recent keynote. During a government IT conference in Washington, Mueller discussed organizational missteps and lessons learned during his time as head of the FBI between 2001 and 2013.



+ House panel passes cyberthreat sharing bill

After beating back amendments by Democratic members to limit liability protections for businesses, the House Homeland Security Committee on April 14 unanimously approved cyberthreat information sharing legislation on a voice vote. The bill, sponsored by Committee Chairman Mike McCaul, R-Texas, now goes to the full House, where differences with another cyberthreat information sharing measure approved by the House Intelligence Committee last month will be worked out. House leaders indicated that the full House could vote on the cyberthreat information sharing legislation as early as next week.



+ Pilot union highlights cybersecurity concerns for air-traffic control

Europe’s largest pilot union is expected to release a report Saturday highlighting the hazards of potential cyberattacks on future air-traffic control systems. Prepared by the European Cockpit Association, which represents some 38,000 commercial aviators, the study spells out the stark consequences if a hacker were to disrupt such vital communication links. Security and safety experts have been studying the topic for many years, and development work under way on both sides of the Atlantic seeks to incorporate measures to reduce cyber vulnerabilities.



+ Companies, seeking common ground on cybersecurity, turn to insurers

A relentless barrage of cyberattacks has left many corporate security officers searching for a clearer, common understanding of what constitutes good security strategy, and looking to the insurance industry for answers. Beyond a few regulated industries such as health care, most companies get relatively little official guidance on security, and ideas about best practices tend to be fragmented. Government and industry groups provide some help, but most companies are more or less free to chart their own course through the hazards of the digital era. While that can have advantages, fostering flexibility and innovation, some companies would like clearer standards. That might help strengthen defenses, improve risk management, and make it easier to defend against accusations of negligence in the event of a major breach.



+ Blend of old and new technique help attackers dodge detection

A clever mix of new and old techniques were combined to create “highly evasive attacks” in 2014, according to the Websense 2015 Threat Report. The report, which zeroes in on eight behavioral and technique-based trends regarding cybercrime, found that cybercrime has become easier as threat actors can rent exploit kits, take advantage of malware-as-a-service (MaaS) and even use subcontractors to create and execute attacks aimed at stealing data. In fact, 99.3 percent of malicious files in 2014 used an existing command-and-control URL used by other malware. And the bulk of malware authors-98.2 percent-used C&Cs that were traced to five other malware types.



+ Coast Guard IT security gaps cited

Although the Coast Guard has taken substantial steps in protecting its IT operations from insider threats, a few nagging gaps remain in its internal cyber armor, according to a recent Department of Homeland Inspector General report. The Coast Guard is in the process of establishing an Insider Threat Working Group that will be charged with implementing a “holistic” program focused on identifying and counteracting insider threat risks. It has also implemented a process to verify system administrators’ level of access to IT systems and networks, and set up a Cyber Security Operations Center to monitor and respond to potential insider threat risks and incidents.



+ Tokenization would not have prevented most retail breaches

Tokenization, where credit card numbers and other sensitive data is replaced by random characters, can be a secure alternative to encryption in many cases — but would not have helped in the majority of retail breaches over the past two years. The Payment Card Industry released guidance last week about how technology vendors and retailers can use tokenization to reduce the amount of card data they store in their systems. “Tokenization is one way organizations can limit the locations of cardholder data,” said PCI SSC Chief Technology Officer Troy Leach. in a statement. “A smaller subset of systems to protect should improve the focus and overall security of those systems, and better security will lead to simpler compliance efforts.”



+ Wanted: Ten million Chinese students to “civilize” the Internet

China wants to recruit 10 million young people, mostly university students belonging to the Communist Party’s youth wing, to “spread positive energy” on the Internet – in other words, to use social media to praise and defend the government. Web users recently posted a document issued by the China Communist Youth League dated Feb. 13 that asks for no less than 20 percent of its members to be recruited as “cyber civilization volunteers”, who would be expected to become “good Chinese Netizens” and promote the “voice of good youth.”



+ Think Tank Says Iran Gathering Information About US Grid

According to a report from a Washington think tank, Iranian cyber attackers are looking for information online to identify systems that control elements of the US’s critical infrastructure. The researchers say that current sanctions against Iran have not diminished its espionage and cyber warfare capability.

[Note: Iran and China and Russian….oh my!  This has been happening for years, by Iran, other nation states, and, increasingly, terrorist organizations.  Adversaries will constantly look for vulnerabilities to exploit, and critical infrastructure is at the top of the list.  Good to see Norse incorporate SCADA port information into its sensor nets and resulting analysis. However, it’s no surprise that Iranians — and those of other nationalities with interest in “cyber” – are examining what’s on the Net. …).   There is no excuse for any of these controls to be visible to the public networks. They should be hidden behind VPNs and strong authentication.  If the control itself does not support this, a $50 proxy will hide it from Iran and other prying eyes.]



+ ICO Investigated Law Firms Over Reported Breaches

According to data obtained through a Freedom of Information request, the UK’s Information Commissioner’s Office (ICO) investigated 173 law firms in that country regarding reports of Data Protection Act (DPA) breaches.

Following a series of breaches, the Information Commissioner last summer issued a warning that law firms need to do more to make sure that client data are secure. In addition, the Law Society, a professional organization, issued a practice notice last year warning that using cloud services could violate the DPA.

[Note: Law Firms aggregate the most sensitive data from many of their clients…IP, Patent, Merger and Acquisitions, etc.  Their networks historically have not been well protected, and law firms are increasingly suffering serious breaches in the US. This is an important area that needs to be addressed.  Law firms and accountancy practices are prime targets for criminals. Not only do they contain a lot of personal data but many of these firms work on behalf of their corporate clients to help them file patents etc. So if your organization relies on these services of these firms make sure you check their security before criminals do.  Don’t accept their assurances that their systems are protected.]



+ Millions of Health Records Compromised Over Past Four Years

A study published in the Journal of the American Medical Association (JAMA) says that between 2010 and 2013, data breaches compromised more than 29 million health records. The information was drawn from a government database of breaches that included unencrypted health data. The researchers looked at 949 breaches that occurred during that period; they did not include incidents that affected fewer than 500 people.

[Note: This report does not even cover the large number of records that remain on paper because of the perverse effects of HIPAA.  These records are not covered by HIPAA and we may never know about breaches of these records.]



+ Why Standardized Threat Data Will Help Stop the Next Big Breach

Adopting industry standards for threat intelligence will reduce a lot of the heavy lifting and free cyber security first responders to focus on what they do best….  The good news is that there are emerging standards out there. Two of the best known standards are protocols developed with MITRE and the US Department of Homeland Security to improve how cyber threat information is handled: STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indication Information). By using data converted to standardized STIX and TAXII formats, security practitioners can rapidly answer questions around current threats, how they act, who is responsible and the course of action based on standard categorie



+ Special Report: 50 Years of Moore’s Law

Though Gordon Moore didn’t descend from a mountain 50 years ago with a tablet in each hand, his prophecies about the future of electronics have most definitely become canonical. The ideas that were later distilled into what we now refer to as Moore’s Law presaged the breakneck pace of advancement that lets us do more with today’s tablets than could be done with a room-size mainframe. In this special report, we look at Moore’s organizing principle from several angles, delving into why the streak has endured and what we’ll do when it ends.



+ RTF and DOC Files Used in Majority of Targeted

Analysis of attack trends in 2014 reveals that tainted .RTF and .DOC files were employed in the majority of email-based targeted attacks, for a combined 46% of malicious doc types, according to a new study. 2014 also saw further refinements in…



+ 5 Cyberwar Threats Worth Watching



+ (ISC)² Workforce Study: As Threats Evolve, Security Professionals are Concerned About

Full report



+ Dell report revealed attacks on SCADA system are doubled



+ SDN is tailor-made for the consolidation, automation and security needs of the DoD



+ While cyberwarfare on a large scale favors a nation on the attack,

it also carries the risk of unintended consequences, the former U.S. director of National Intelligence said



+ How to mitigate VPN security issues in the cloud



+ Cisco Survey Sees Evolving Security Threats

IT infrastructure and the applications they deliver along with emerging open-source web frameworks remain the most attractive targets for hackers and cyber-criminals, according to new web security research data.



+ Five Hidden Risks with Public Cloud Usage



+ SANS Honors Information Security Products

That are Making a Difference by Protecting Businesses and Consumers from Cyber Attacks





3  +++++++


+ China’s hackers run 10-year spy campaign in Asia, report finds

State-sponsored hackers in China are likely behind a sophisticated, decade-long cyberespionage campaign targeting governments, companies and journalists in Southeast Asia, India and other countries, a U.S. cybersecurity company said in a report released Monday. FireEye Inc. says the attacks have been designed to glean intelligence, likely from classified government networks and other sources, pertaining to political and military issues such as disputes over the South China Sea.

APT30 Espionage Campaign Has Been Operating Since 2005

According to the FireEye Intelligence Report, an espionage campaign known as APT30, has been targeting governments and businesses for 10 years. APT30 is attributed to China, and also targets media organizations and journalists who cover information of interest to the Chinese government. FireEye says it has discovered the tools APT30 has used to steal information.



+ Russia’s cyberattacks grow more brazen

Russia has ramped up cyber attacks against the United States to an unprecedented level since President Obama imposed sanctions last year on President Putin’s government over its intervention in Ukraine. The emboldened attacks are hitting the highest levels of the U.S. government, according to reports, in what former officials call a “dramatic” shift in strategy. The efforts are also targeting a wide array of U.S. businesses, pilfering intellectual property in an attempt to level the playing field for Russian industries hurt by sanctions.



+ An Advanced Threat Protection Framework (whitepaper)

In 2015 we expect to see cyber criminals, fueled by the success of many high profile hacks, continue to innovate with an even greater focus on deceiving and evading existing security solutions. As attacks continue to become more advanced, so must the security solutions used by organizations to protect themselves. Advanced Threat Protection relies on multiple types of security technologies, products, and research — each performing a different security protection role



+ Botnet that ensaved 770,000 PCs worldwide comes crashing down

Law enforcement groups and private security companies around the world said they have taken down a botnet that enslaved more than 770,000 computers in 190 countries, stealing owners’ banking credentials and establishing a backdoor to install still more malware. Simda, as the botnet was known, infected an additional 128,000 new computers each month over the past half year, a testament to the stealth of the underlying backdoor trojan and the organization of its creators. The backdoor morphed into a new, undetectable form every few hours, allowing it to stay one step ahead of many antivirus programs. Botnet operators used a variety of methods to infect targets, including exploiting known vulnerabilities in software such as Oracle Java, Adobe Flash, and Microsoft Silverlight.



+ French network’s broadcasts hacked by group claiming IS ties

Hackers claiming allegiance to the Islamic State group simultaneously blacked out 11 channels of a French global TV network and took over its website and social media accounts on Thursday, in what appeared to be the most ambitious media attack so far by the extremist group. Anti-terror prosecutors opened an investigation into the attack that began late Wednesday and blocked TV5 Monde from functioning part of the day Thursday. Operations were fully re-established Thursday evening. France’s interior minister, while counseling caution until investigators find hard evidence, said the attack was likely a terrorist act. “Numerous elements converge to suggest the cause of this attack is, indeed, a terrorist act,” Bernard Cazeneuve said at a news conference.



+ New evasion techniques help AlienSpy RAT spread Citadel malware

Hackers have co-opted AlienSpy, a remote access tool, to deliver the Citadel banking Trojan and establish backdoors inside a number of critical infrastructure operations. AlienSpy is a descendent of the Adwind, Unrecom and Frutas Java-based remote access Trojans, according to security company Fidelis, which is owned by General Dynamics. Fidelis said today in its report that AlienSpy RAT infections have been reportedly been spreading via phishing messages, and have been discovered inside technology companies, financial services, government agencies, and energy utilities. “We believe that it benefits from unified development and support that has resulted in rapid evolution of its feature set including multiplatform support, including Android, as well as evasion techniques not present in other RATs,” Fidelis said in its report.



+ Majority of critical infrastructure firms in Americas have battled hack attempts

Cyber-attacks against critical infrastructure companies have long since moved out of the realm of science fiction and into reality, and a new report from Trend Micro and the Organization of the American States (OAS) shows just how much. In a new survey, the challenges those organizations are facing today are laid bare. Forty percent of 575 security leaders polled said they had dealt with attempts to shut down their computer networks. Forty-four percent said they had faced attempts by attackers to delete files, while 60 percent have had attackers try to steal their information. Perhaps even more ominous is the fact that 54 percent had dealt with attempts to manipulate their organization’s equipment through a control network or system.



+ Deadly combination of Upatre and Dyre Trojans still actively targeting users

Upatre (or Waski) is a downloader Trojan that has lately become the malware of choice for cyber crooks to deliver additional, more dangerous malware on users’ computers. A few weeks ago, Swiss and German users were targeted with email campaigns attempting to deliver it. Now the criminals have shifted to targeting English-speaking users in the UK, Ireland, US, Canada, Australia and New Zealand. The threat comes via a seemingly harmless email coming from an employee of a random company, usually consisting of a short line, urging recipients to download the attached ZIP or PDF file.  The attachment is actually an executable (a .exe file).



+ Advanced Persistent Threat (APT) Wars

While investigating the operations of the Naikon advanced persistent threat (APT) group, researchers at Kaspersky discovered that one of the groups phishing emails had been sent to an email address belonging to another APT group. That group, Hellsing, sent a message back to Naikon, asking if the first message was legitimate. Naikon’s response was poorly worded enough to let Hellsing know that they had been attacked, and so they retaliated by sending phishing emails to Naikon, possibly in an attempt to learn more about Naikon’s operations.

[Note: We will continue to see online criminal gangs target each other to either hijack other gangs’ infrastructure, shut down rival gangs, or simply to let people know who is boss, similar to how it happens in the physical world.]



+ “Great Cannon” Attack Tool Used in DDoS Attacks Against GreatFire and GitHub

The distributed denial-of-service (DDoS) attacks that targeted GreatFire and GitHub in March were likely launched by a Chinese attack tool called “Great Cannon.” Initially, the attacks were thought to be the work of China’s Great Firewall, but researchers at Citizen Lab say that “Great Cannon” is a new tool.



+ Insider Threats: Focus On The User, Not The Data

Global cybersecurity spending will hit almost $77 billion in 2015, so why are there more high-profile leaks than ever?



+ SANS Report Reveals One-Third of Organizations Powerless Against Insider Threats



+ Police Pay Off Ransomware Operators, Again

Law enforcement agencies are proving to be easy marks — but are they any worse than the rest of us?



+ Popular Home Automation System Backdoored Via Unpatched Flaw

Malicious firmware update could lead to device, full home network 0wnage, researcher will show at the RSA Conference.—threats/popular-home-automation-system-backdoored-via-unpatched-flaw/d/d-id/1320004?_mc=NL_DR_EDT_DR_daily_20150417



+ Microsoft Zero-Day Bug Being Exploited In The Wild

As attacks mount, and over 70 million websites remain vulnerable, advice is “fix now.”—threats/microsoft-zero-day-bug-being-exploited-in-the-wild/d/d-id/1319988?_mc=NL_DR_EDT_DR_daily_20150417



+ Thieves using a $17 device to break into cars with keyless systems



+  Simple steps to secure your PC (bet you are not doing most of them…;-((





+++  SD/SoCAL security events / opportunities +++


+ CyberTECH events / networking / startups / etc  —  THE cyber happening place in SD!!! 

Join their Meetup Group for the latest event information!   The definition of “Cyber KEWEL






23  – ISSA – 11:30AM – (4th Thur) –   Risk Management Framework (RMF) – How to execute a successful framework that allows for continuously monitoring in agile environments. BY Maryann Knapton





13ISC2 – 6PM –  HVAC interconnectivity and Security concerns…   BY:  Mike Schell – from Codenomics

Location – BAH (Suite 200, 4055 Hancock Street, San Diego, CA 92110 USA).


15  +++   8 – 12:30 – NDIA Small Business (Cyber) Forum

½ day on how SMBs can be cyber – safe .. PLUS learn about the FAR / DFAR cyber rules on “CUI”

Registration link is:


16 OWASP –  6PM –   (3rd ThurGabriel Lawrence =  Who’s that knocking on my door?


21  – ISACA –   noon – 2PM  –   Women in Technology – Networking Event


28  – ISSA – 11:30AM – (4th Thur) –   “TBD”




+ New crypto-ransomware “quarantines” files, downloads info-stealer

Trend Micro researchers have found and analyzed a new piece of crypto-ransomware: CryptVault encrypts files, makes them look like files quarantined by an AV solution, asks for ransom and, finally, downloads info-stealer malware. It arrives on target computers after the user has been tricked into downloading and running a malicious attachment – a Javascript file – that downloads four files: the ransomware itself, SDelete (a MS Sysinternals tool that will be used to delete files), GnuPG (legitimate open source encryption tool), and a GnuPG library file. The ransomware uses GnuPG to create an RSA-1024 public and private key pair that is used to encrypt and decrypt the files. It targets popular file types, mostly document, image, and database files.


+ InfoSec workforce continues robust growth

In the first three months of 2015, the number of information security analysts in the United States grew at a much stronger pace than other occupations within the information technology sector. According to an Information Security Media Group analysis of  the latest government data, issued last week, the number of people in the United States who consider themselves information security analysts soared by 34 percent to 74,000 during the first quarter of 2015 from 55,300 in the same quarter a year earlier. In the fourth quarter of 10`4, the IT security analysts’ workforce soared by 432 percent.


+ U.S. establishes sanctions program to combat cyberattacks, cyberspying

President Obama on Wednesday signed an executive order establishing the first sanctions program to allow the administration to impose penalties on individuals overseas who engage in destructive attacks or commercial espionage in cyberspace. In the works for two years, the order declares “significant malicious cyber-enabled activities” a “national emergency” and enables the treasury secretary to target foreign individuals and entities that take part in the illicit cyberactivity for sanctions that could include freezing their financial assets and barring commercial transactions with them.


+ Anti-hacker executive order: 5 concerns

President Barack Obama says the ongoing increase in hack attacks against U.S. businesses, government agencies, and critical infrastructure represents a “national emergency.” As a result, he signed an executive order authorizing the U.S. government to block or seize the assets of anyone – foreign or domestic – who launches or supports “significant” hack attacks. Numerous information security and legal experts agree that not only are hack attacks damaging the U.S.  economy, but they’re harder than ever to battle. But when it comes to how the new executive order will be used to battle cybercrime and online espionage, many security experts say the moves leave many unanswered questions.


+ DHS trying to smooth the integration of cloud, network security programs

In the government’s move to the cloud over the last five years, one outlying cybersecurity question no one has been able to answer well is: How does the Federal Risk Authorization and Management Program integrate with the Trusted Internet Connections (TIC) initiative? This challenge became greater as mobile devices quickly rose in prominence in the day-to-day lives of nearly every federal worker. The default approach required federal workers to go through their agency’s secure Internet gateway or TIC to get to cloud services. That approach was clunky to say the least and reduced the major benefit of cloud computing – easy access to data and apps. But now the Homeland Security Department and the FedRAMP program management office have an idea on how to fix the problem.


+ White House Data Breach

Attackers breached an unclassified White House computer system last fall. A Kremlin spokesperson has denied allegations that Russia is responsible for the attack. US legislators have requested a briefing on the incident.

How Russians hacked the White House (used spear phishing of course)


+ SANS Reveals Insider Threat Security Gaps

2/3 have no insider threat response plan..


+ Healthcare data: A hacker’s jackpot

Patient Zero: The Healthcare Security Breach Epidemic


+ Cyber threat growth ‘almost exponential,

As hackers around the world become more sophisticated, a leading expert said this week.

“As the volume of threats multiply, the likelihood that you will be confronted with a threat multiples,”


+ The Combined Power of iSIGHT Partners and Critical Intelligence (good for ICS security!)


+ The future of SDN: Agility and automation


+ FBI’s Next Generation Identification is Fully Operational


+ Want to See Domestic Spying’s Future? Follow the Drug War


+ NIST Special Publication 800-161, Supply Chain Risk Management Practices


+ Data Breaches Have Evolved And Size No Longer Matters


+ 9 biggest information security threats for the next two years (slide show)


+ Wearables in the Enterprise Take Different Path than BYOD Predecessors


+ 10 Apple Acquisitions: What Do They Mean?


2  +++++++

+ A new experiment tracks credit card data as it travels through the criminal web

What happens to a credit card number once it leaks onto the web? It’s an important question, as data breaches dump more and more personal data onto the web each month, but there’s still little understanding of how the information travels once it’s outside a company’s grasp. As security firms struggle to detect breaches earlier and faster, a new study is shedding light on how far and fast that data might travel in the wake of an intrusion.


+ HP tells cybersecurity customers to focus on people and processes

To protect themselves against cyberattacks, organizations should focus more on training their employees and improving their internal processes instead of buying new technology, according to one tech vendor. Yet, businesses and government agencies often focus on the next “silver bullet” product, unaware that most cybersecurity problems stem from flawed procedures and human error, said Art Gilliland, senior vice president and general manager for Hewlett-Packard’s software enterprise security products. “This is hard for a product guy to say out loud to an audience, but invest in your people and process,” Gilliland said at HP’s Software Government Summit in Washington, D.C. “The first thing that always gets negotiated out of every [security software] contract is the training and the services.”


+ DoD breaks mobile security roadblock

Securing smartphones and tablets is a lot easier said than done for most agencies. Federal security experts still are trying to find the right balance between mobile access and security of data and applications. The Defense Department, however, may have the answer for many of these challenges. Richard Hale, DoD’s deputy chief information officer for cybersecurity, said the military may have broken through the long-time roadblock to meet users’ needs for mobile devices and DoD’s requirements for cybersecurity. He said this new approach will continue to depend on the Common Access Card (CAC), but just in a different way.


+ NSA touts role in cyber investigations

The National Security Agency has helped investigate every major cyber intrusion in the private sector in the last six months, Director Adm. Michael Rogers said, adding that he wants that collaboration to get faster and more anticipatory. “We have got to figure out a way that we can harness the capabilities of NSA to partner with the private sector in the name of defending our nation, because NSA has some amazing technical capabilities in the information assurance arena,” Rogers said April 2 at a conference hosted by AFCEA’s Washington, D.C., chapter.


+ Navy finalizing strategy to begin moving cyber to warfighter domain

The Department of Navy’s Cyber Command is finalizing a new strategy as part of its five-year anniversary. That new document outlines the concept of integrating cyber into the broader warfighter domain. The first of the DoN’s five tenets outlined in the forthcoming strategy is to operate the network as a warfighting platform. This is a distinctly different approach to cyber than the Navy and, for that matter the Defense Department, has taken before.


+ US Drug Enforcement Agency Collected Call Metadata for More Than 20 Years

The US Drug Enforcement Agency (DEA) amassed a database of phone call metadata from all calls made from the US to countries that the DEA had identified as being linked to drug trafficking between 1992 and 2013. AT the program’s peak, it harvested metadata from calls made to 116 countries. The program stopped after the leak that disclosed the NSA’s own database, which was a separate program. The Electronic Frontier Foundation, representing the Human Rights Watch advocacy group, is suing the DEA to make sure the program does not start up again, and that all records pertaining to Human Rights Watch that were illegally collected be expunged from all government systems.


+ US Technology Companies Wary of Data Sharing

Technology companies in the US are wary of sharing threat information with the federal government, according to a Department of Homeland Security (DHS) official. Phyllis Schneck, Deputy Under Secretary for Cybersecurity and Communications for the National protection and Programs Directorate says that her “top priority is building that trust.” Technology companies are reluctant to be seen to be working too closely with the government because they want to assure their customers that their personal data are safe and their privacy protected. Schneck says that companies are more likely to warm to the idea when the government can prove the value of sharing such information to fight cyber crimes while protecting citizens’ privacy.


+  Premera Data Security Audit Report: Another Case Study in What Not-to-Do!!!  

Premera has paid, and will continue to pay a steep price for running unsupported or out-of-date software:

Hackers stole PII (personally identifiable information) for 11 million current and former Premera customers, including names, dates of birth, Social Security numbers, addresses, banking information, claim information, and clinical information.

Premera customers are now at risk of identity theft, bank fraud, tax fraud and medical-identity fraud.

Premera is currently involved in five class-action lawsuits.

Several states are investigating Permera’s activities surrounding the data breach, including whether it failed to disclose the data breach to customers in a timely fashion, and the federal investigators can’t be too far behind.

The federal government audit report came several weeks before the data breach occurred, and Premera didn’t discover the breach for several months thereafter, which could subject Premera to punitive damages and statutory penalties for willful/reckless disregard for the privacy rights of its customers.


+ The 2015 National CyberTalent Fair (in May)

will attract thousands of online attendees seeking opportunities in cybersecurity. Employers such as Deloitte, the US Army’s INSCOM, United Health Group, MSSP leader Solutionary, Next Jump, Workday, and more have already signed up. visit   for more information


+ Stuxnet Five Years Later: Did We Learn The Right Lesson?

No! That’s despite an abundance of best practices and standards that are shining light into the dark corners of industrial control system security.


+ Diving into the Dark Web: Where does your stolen data go?


+ Infographic: How to secure the unwired workplace


+ Internet of Things (I0T) devices lack fundamental security,

A Guide to The Internet of Things

The Internet of Things will aid criminals and burglars

IBM Launches Major Internet Of Things Offensive


+ A CISO reveals why the cloud is your secret weapon for faster, better, and cheaper PCI audits


+ The experts’ step-by-step guide to cyber security


+ 9 Free Encryption Software Tools To Protect Your Data


+ Vulnerability management: A step-by-step strategic guide…


3  +++++++

+ Drug Pump Vulnerability Could be Exploited to Alter Dosage Limits

Some drug-infusion pumps do not use authentication for internal drug libraries, which establish upper and lower limits for dosages. This means that anyone with access to the hospital’s network could load a new library with changed limits. The actual dosage for each pump could not be changed, but because the upper and lower limits, a caregiver could accidentally set the pump to provide an incorrect dose. Other pumps examined last year were found to have web interfaces that could be used by attackers to change actual dosages.


+ Public WiFi, location data, and privacy anxiety

WiFi has become so ubiquitous: It’s at airports, libraries, department stores, hotels, hospitals, and of course coffee shops. All this public WiFi is incredibly convenient, but raises privacy issues for users and potential backlash for WiFi providers. With retailers and other WiFi providers gathering mobile location data, consumers are being tracked, oftentimes without ever knowing it. And there’s very little in the way of any regulatory framework for these data collection activities, experts say.


+ IBM uncovers new, sophisticated bank transfer cyber scam

run by a well- funded Eastern European gang of cyber criminals that uses a combination of phishing, malware and phone calls that the technology company says has netted more than $1 million from large and medium-sized U.S. companies. The scheme, which IBM security researchers have dubbed “The Dyre Wolf,” is small in comparison with more recent widespread online fraud schemes but represents a new level of sophistication.


+ Bogus Hillary Clinton website highlights online perils for 2016 candidates bears the likely Democratic presidential candidate’s name, but she would not want supporters to go there: some cyber security experts said this week the site contains malicious software. The site is registered, not to Clinton, but to an administrator in the Cayman Islands. Its existence underscores the challenge 2016 U.S. presidential hopefuls will face in trying to control their digital brands, more important than ever before as voters increasingly turn to the Internet to learn more about candidates. An examination by Reuters of domains including the full names of eight Republican and four Democratic hopefuls, ending in .com, .org, .net and .info, showed that only a few of those sites appear to be under the control of the candidates.


+ Critical Infrastructure Systems are Often Targets of Destructive Cyber Attacks

According to a survey conducted by the Organization of American States, destructive attacks happen more often than expected at organizations that operate elements of national critical infrastructure in both North and South America. While 60 percent of the 575 responding organizations said that they had detected attacks that tried to steal data, 54 percent said that they had detected attacks that attempted to manipulate equipment. The organizations also reported attempts to delete files and to shut down networks.


+ Solving the Right Problem: Stop Adversaries, Not Just Their Tools—threats/solving-the-right-problem-stop-adversaries-not-just-their-tools/a/d-id/1319840


+ The 10 Most Common Application Attacks in Action


+++ HTTPS Everywhere Updates to Keep You Secure on Thousands More Sites
+++  SD/SoCAL security events / opportunities +++

+ CyberTECH events / networking / startups / etc  —  THE cyber happening place in SD!!! 

Join their Meetup Group for the latest event information!  The definition of“Cyber KEWEL




16 – OWASP –  6PM –   (3rd Thur improving Application Security & Penetration testing,


16  – ISACA –   6-7 PM –   Navigating the Internet of Things (IoT) Privacy Challenges- Doron M. Rotman

23  – ISSA – 11:30AM – (4th Thur) –   Risk Management Framework (RMF) – How to execute a successful framework that allows for continuously monitoring in agile environments. BY Maryann Knapton


– 13 – ISC2 – 6PM –  HVAC interconnectivity and Security concerns…   BY:  Mike Schell – from Codenomics

Location – BAH (Suite 200, 4055 Hancock Street, San Diego, CA 92110 USA

– NDIA Small Business (Cyber) Forum – 5/15/2015

? day on how SMBs can be cyber – safe .. PLUS learn about the FAR / DFAR cyber rules on “CUI”

Registration link is:



“Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities”

Executive order – I, BARACK OBAMA, President of the United States of America, find that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. I hereby declare a national emergency to deal with this threat.


+ Ripple, a cryptocurrency company, wants to rewire bank authentication

Companies built around Bitcoin and other digital currencies mostly focus on storing and transferring money. But at least one company is trying to prove that some of the underlying technology can have a much wider impact on the financial industry. That startup, Ripple Labs, has already had some success persuading banks to use its Bitcoin-inspired protocol to speed up money transfers made in any currency, especially across borders. Now it is building a system that uses some similar cryptographic tricks to improve the way financial companies check the identity of their customers. The system could also provide a more secure way to log in to other online services.


+ IARPA eyes insider-threat tech

The intelligence community’s research arm wants to meet with researchers and companies to talk about advances in technologies that continuously monitor insider threats. The Intelligence Advanced Research Projects Activity (IARPA) said it will host a Proposers’ Day conference April 16 to discuss its Scientific Advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of the release of a new solicitation. The all-day conference in an as yet unspecified Washington, D.C., location will provide introductory information on SCITE and the research problems the program aims to address. The conference will also give interested parties an opportunity to ask questions, present their capabilities and identify potential partners.


+ How to stay “cyber safe” guide – effectively protect yourself and clients!

Integrating several existing security guides with very useful information; these current best practices help you build a known baseline. It’s important to use only approved cyber products (aka, “NIAP”) and never start anything in cyber from scratch, as someone has already done all the hard work.  These guides, methods and products work well becausecyber is essentially 95% the same everywhere! These are your security best practices and also apply to remote office workers, small office / home office (SOHO), small & medium businesses (SMB) – to develop your own personal security plan!

—  This in San Diego – NDIA Small Business (Cyber) Forum – 5/15/2015

½ day on how SMBs can be cyber – safe .. PLUS learn about the FAR / DFAR cyber rules on “CUI”

Registration link is:


+ Study finds lack of investment in mobile app security

A new study from the Ponemon Institute has given some quantitative figures to a trend that many information security professionals were already aware of — companies are not spending enough on mobile app security. Sponsored by IBM Security, the report, The State of Mobile Application Insecurity, shows an average of $34 million is spent on mobile app development, yet a meager 6% of this, or $2 million, is earmarked for security purposes. Perhaps even more distressing, the study found 50% of the 400 companies surveyed said they devote none of their mobile app development budget at all to security, while 40% said they weren’t scanning their mobile apps for vulnerabilities.


+ For hardware makers, sharing their secrets is now part of the business plan

Facebook showed plans last week for drone aircraft that beam lasers conveying high-speed data to remote parts of the world. As powerful as that sounds, Facebook already has something that could be even more potent: a huge sharing of its once-proprietary information, the kind of thing that would bring a traditional Silicon Valley patent lawyer to tears. Facebook is not alone. Technology for big computers, electric cars and high-technology microcontrollers to operate things like power tools and engines is now given away. These ideas used to be valued at hundreds of millions of dollars. To the new generation of technologists, however, moving projects and data fast overrides the value of making everything in secret.


+ One in three of the top million websites are ‘risky,’ researchers find

One out of three of the top one million websites ranked by Alexa are “risky,” meaning the site is compromised, or is running vulnerable software that puts it at risk of being compromised, according to new findings by Menlo Security. For its “State of the Web 2015: Vulnerability Report,” Menlo Security scanned more than 1.75 million URLs representing more than 750,000 unique domains. Researchers checked if URLs appeared on lists of known malicious sites, if IP addresses were linked to spam networks and botnets, and if the sites were running vulnerable and unpatched software.


+ A quarter of businesses have no control over network privileges

While data breaches stemming from insider privilege abuse continue to make headlines, the sad reality is that a full quarter of organizations have zero control over who accesses what in the network. A BeyondTrust survey, Privilege Gone Wild 2 shows that more than one out of four companies indicated they have no controls in place to manage privileged access. That’s even though nearly half of the survey respondents (47%) admit they have employees with access rights not necessary to their current role.


+ Best Practices for Securing Privileged Accounts


2  +++++++

+ How cyberattacks can be overlooked in America’s most critical sectors

The most critical sectors of the American economy were affected by 245 “cyberincidents” last year, according to the Department of Homeland Security. As high as that number seems, however, security experts caution the real number may be much higher. Turns out, there’s a huge gulf between the Internet-related attacks the department’s Industrial Control System Cyber Emergency Response Team recorded for the country’s critical infrastructure – important areas such as energy, manufacturing, agriculture, and healthcare – and the true number of malfunctions, technological failures, or other happenings within those sectors. The discrepancy comes down to widespread uncertainty of when something should be classified as a “cyberincident” in the first place.


+ Pentagon personnel now talking on ‘NSA-proof’ smartphones

The Defense Department has rolled out supersecret smartphones for work and maybe play, made by anti-government surveillance firm Silent Circle, according to company officials. Silent Circle, founded by a former Navy Seal and the inventor of privacy-minded PGP encryption, is known for decrying federal efforts to bug smartphones. And for its spy-resistant “blackphone.” Apparently, troops don’t like busybodies either. As part of limited trials, U.S. military personnel are using the device, encrypted with smart code down to its hardware, to communicate “for both unclassified and classified” work, Silent Circle chairman Mike Janke told Nextgov.


+ SANS Honors Information Security Products

that are Making a Difference by Protecting Businesses and Consumers from Cyber Attacks

Probably can’t go wrong using one of the top three in each category.. (well, the affordable ones for us SMBs)


+ Quantum computer this – Mathematicians build code to take on toughest of cyber attacks

Washington State University mathematicians have designed an encryption code capable of fending off the phenomenal hacking power of a quantum computer.  Using high-level number theory and cryptography, the researchers reworked an infamous old cipher called the knapsack code to create an online security system better prepared for future demands. The findings were recently published in the journal The Fibonacci Quarterly.


+ The smartest hackers in the room (Hint: They’re not the humans)

Next month, unmanned computers all over the globe will face off in a dress rehearsal for a Las Vegas hacking tournament run by the U.S. military. The $2 million “Cyber Grand Challenge” pits hacker-fighting software against malicious code programmed by Pentagon personnel. During the 2016 finals in Vegas, the humans who built these cyberbots might as well go play blackjack. At stake in the cyber challenge is a chunk of change and perhaps societal gratitude. That’s because the research and development gleaned during the two-year competition could lay the groundwork for a world where machines are in charge of cybersecurity.


+ Cybersecurity remains a weak spot, top intelligence official says

Although the possibility of a catastrophic cyberattack is remote, the unclassified information and communication technology networks that support government, military, commercial and social activities remain vulnerable despite efforts to protect them, the national intelligence director said. To that end, the chance for ongoing low- to moderate-level attacks from myriad sources is more likely, causing “cumulative costs on US economic competitiveness and national security,” James Clapper said in prepared testimony he delivered at a closed hearing of the House Appropriations Committee’s Defense Subcommittee on March 25.


+  Stealing data from computers using heat

Air-gapped systems, which are isolated from the Internet and are not connected to other systems that are connected to the Internet, are used in situations that demand high security because they make siphoning data from them difficult. Air-gapped systems are used in classified military networks, the payment networks that process credit and debit card transactions for retailers, and in industrial control systems that operate critical infrastructure. Even journalists use them to prevent intruders from remotely accessing sensitive data. To siphon data from an air-gapped system generally requires physical access to the machine, using removable media like a USB flash drive or a firewire cable to connect the air-gapped system directly to another computer. But security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors.


+ 2016 Chevrolet Malibu to debut new spyware targeting teen drivers

Chevrolet has announced that it will offer parents a creepy level of oversight when it comes to letting the kids borrow the family ride, and the NSA-style spying begins with the 2016 Malibu. A system dubbed Teen Driver will debut on the bow-tie brand’s newest mid-size sedan (which itself bows at the 2015 New York auto show). It allows parents to set speed alerts, limit audio volume, and even receive vehicle reports “so parents could use it as a teaching tool with their kids-they can discuss and reinforce safe driving habits.” Like Ford’s MyKey system (both current and future), Teen Driver lets parents with a Jason Bourne complex program speed warnings that flash when their child exceeds a preset velocity (from 40 to 75 mph) and set sound-system volume limits. Parents can also pull customizable reports full of juicy stuff, such as distance driven, top speed achieved, preset-speed warnings exceeded, stability-control events, anti-lock brake events, and forward-collision alerts and auto-braking events-on vehicles equipped with those systems.


+Lack of Consensus on What Constitutes a Cyber Incident Can Omit Important Data

The US Department of Homeland Security (DHS) says critical sectors of the US economy suffered 245 cyber incidents last year, but experts say the actual number is likely to be much higher. The issue lies in what criteria must be present for an attack to be deemed a cyber incident.

Non-malicious events can also provide important data. Some serious incidents were due to SCADA failure, but were not results of attacks.

[Note The European Network and Information Security Agency (ENISA) issued a whitepaper in 2013 titled “Can we learn from SCADA security incidents?”  ]


+ US House Committee Introduces Threat Information Sharing Bill

The US House Intelligence Committee has introduced a bill that would remove the threat of being sued for sharing information from companies who share cyber threat information with the government. The Protecting Cyber Networks Act also includes language explicitly forbidding intelligence agencies from using the collected information for government surveillance. Its goal is to gather shared information to understand how attacks occurred and figure out the best steps to take to protect systems from such attacks in the future. The committee is expected to vote on March 26; if it passes, it will then go to the full House for a vote late next month. A companion bill has been introduced in the Senate.


+ Firms can’t afford to fail at cybersecurity


+ An Effective Cyber Security is About Economics and Efficiency


+ CIOs – how to manage shadow IT


3  +++++++

+ Social engineering techniques are becoming harder to stop, experts say

As more personal and corporate information is shared on the Web, social engineering techniques and attacks are becoming increasingly sophisticated, forcing enterprises to adopt new awareness training methods to protect employees. While the term social engineering is relatively new, Amy Baker, vice president of marketing for Pittsburgh-based Wombat Security Technologies Inc., noted that the practice has a long history. “What I think is interesting about social engineering is that it goes back very far; we used to call them con men,” said Baker. “It just starts with the act of manipulating someone to get something that they need.”


+ Lebanese cyberespionage campaign hits defense, telecom, media firms worldwide

For the past two years, a cyberespionage group that likely operates from Lebanon has hacked into hundreds of defense contractors, telecommunications operators, media groups and educational organizations from at least 10 countries. The still-active attack campaign was uncovered and analyzed recently by security researchers from Check Point Software Technologies, who dubbed it Volatile Cedar. The company’s researchers found evidence that the attackers started their operation in late 2012, but have managed to fly under the radar until now by carefully adapting their tools to avoid being detected by antivirus programs. Unlike most cyberespionage groups, the Volatile Cedar attackers do not use spear phishing or drive-by downloads to gain a foothold into their victims’ networks. Instead they target Web servers and use them as initial entry points.


+ Big vulnerability in hotel Wi-Fi router puts guests at risk

Guests at hundreds of hotels around the world are susceptible to serious hacks because of routers that many hotel chains depend on for their Wi-Fi networks. Researchers have discovered a vulnerability in the systems, which would allow an attacker to distribute malware to guests, monitor and record data sent over the network, and even possibly gain access to the hotel’s reservation and keycard systems. The security hole involves an authentication vulnerability in the firmware of several models of InnGate routers made by ANTlabs, a Singapore firm whose products are installed in hotels in the US, Europe and elsewhere.


+ Noose around Internet’s TLS system tightens with 2 new decryption attacks

The noose around the neck of the Internet’s most widely used encryption scheme got a little tighter this month with the disclosure of two new attacks that can retrieve passwords, credit card numbers and other sensitive data from some transmissions protected by secure sockets layer and transport layer security protocols. Both attacks work against the RC4 stream cipher, which is estimated to encrypt about 30 percent of today’s TLS traffic. Cryptographers have long known that some of the pseudo-random bytes RC4 uses to encode messages were predictable, but it wasn’t until 2013 that researchers devised a practical way to exploit the shortcoming. The result was an attack that revealed small parts of the plaintext inside an HTTPS-encrypted data stream. It required attackers to view more than 17 billion (234) separate encryptions of the same data. That was a high bar, particularly given that the attack revealed only limited amounts of plaintext. Still, since the researchers demonstrated the attack could decrypt HTTPS-protected authentication cookies used to access user e-mail accounts, Google and other website operators immediately took notice.


+ Over 15,000 vulnerabilities detected in 2014

IT security solutions provider Secunia today published its annual vulnerability review. The report provides facts and details on the security flaws uncovered in 2014. According to the security firm, a total of 15,435 vulnerabilities were identified in 2014 in 3,870 applications from 500 vendors. This represents an 18 percent increase compared to the previous year, and a 55 percent increase over five years. Of the total number of flaws detected last year, 11 percent were rated “highly critical” and 0.3 percent were rated “extremely critical.” The percentage of highly critical vulnerabilities decreased compared to 2013 when more than 16 percent of issues were included in this category. A majority of the bugs had patches available on the day they were disclosed, Secunia said.


+++  SD/SoCAL security events / opportunities +++

+ CyberTECH events / networking / startups / etc  —  THE cyber happening place in SD!!! 

Join their Meetup Group for the latest event information!  The definition of“Cyber KEWEL




8  –  ISC2 –  6PM  –   “Emerging  Risks and Exploitation of a Connected Car Platform” – John Scroggins

Location – BAH (Suite 200, 4055 Hancock Street, San Diego, CA 92110 USA).


16 – OWASP –  6PM –   (3rd Thur improving Application Security & Penetration testing, through training and presentations?


16  – ISACA –   6-7 PM –   Navigating the Internet of Things (IoT) Privacy Challenges- Doron M. Rotman

23  – ISSA – 11:30AM – (4th Thur) –   NOT listed yet


– NDIA Small Business (Cyber) Forum – 5/15/2015

½ day on how SMBs can be cyber – safe .. PLUS learn about the FAR / DFAR cyber rules on “CUI”

Registration link is:

Comments are closed.