Cyber Connections News Roundup: June 30

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 30, 2020

New Bipartisan Bill Aims to Establish Nation Cybersecurity Czar

According to a recent report on, a bipartisan group of six House members introduced a bill to establish a National Cyber Director in the Executive Office of the President. Three Democrats and three Republicans are sponsoring the National Cyber Director Act, which would create a Senate-confirmed director, and two deputy directors appointed by the president. The National Cyber Director would be appointed by the President subject to Senate confirmation and would head an office within the Executive Office of the President to oversee and coordinate federal government incident response activities, collaborate with private sector entities, and attend and participate in meetings of the National Security Council and Homeland Security Council. Read more.

Zoom Appoints New Cybersecurity Lead

Zoom Video Communications, Inc. has announced the addition of a new cybersecurity team leader. Jason Lee will join the company as its Chief Information Security Officer, effective June 29, 2020. Lee, most recently the Senior Vice President of Security Operations at Salesforce, will oversee the final stages of a 90-day sprint to deal with a wide range of cybersecurity and privacy issues that emerged during the national shift to work-from-home practices. Read more.

UCSF Pays $1 Million Ransom Following Cyber Attack

The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million to the criminals behind a cyber attack on its School of Medicine, according to a recent report on On June 1, hackers behind the Netwalker ransomware campaign attacked UCSF networks within the School of Medicine IT environment. While the attack did not impact patient care delivery operations or research work on a cure for COVID-19, the University did make the decision to pay some portion of the ransom, approximately $1.14 million. Read more.

Senators Demand Cybersecurity Standards for Self-Driving Vehicles

Senator Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, recently reintroduced two pieces of legislation to address cybersecurity in self-driving cars. The bill, Security and Privacy in Your Car (SPY Car) Act, directs the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to ensure cybersecurity in increasingly computerized vehicles and to protect drivers’ privacy. The bill also establishes a rating system that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards. Read more.

Microsoft Doubles Down on IoT Security with Acquisition of CyberX

According to a recent article on, Microsoft announced the acquisition of CyberX, a security startup that focuses specifically on detecting, stopping, and predicting security breaches on internet of things networks and the networks of large industrial organizations. It is expected that CyberX will complement Microsoft’s Azure IoT security capabilities, which extend to existing devices including those used in industrial IoT, Operational Technology and infrastructure scenarios. According to the article, Microsoft’s interest in the company touches on two key areas: IT services for large enterprises, and cybersecurity — specifically cybersecurity that leverages AI to identify and combat threats. Read more.


Cyber Connections News Roundup: June 16

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 16, 2020

New Verizon Report Stresses Endpoint Security

A recent analysis of Verizon’s 2020 Data Breach Investigations Report (DBIR) on makes the case that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. The report, based on an analysis of 157,525 incidents, of which 3,950 were confirmed data breaches, establishes that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain. Read more.

Recent Senate Bill to Allow National Guard to Work Across State Lines on Cybersecurity

A Senate bill introduced on Friday, June 12 aims to create a pilot program in which National Guard units would be allowed to help respond remotely to cyber attacks that occur outside their home states, according to a recent article on Introduced by Sen. Gary Peters, the ranking Democrat on the Senate Homeland Security and Governmental Affairs Committee, the National Guard Cyber Interoperability Act of 2020 would permit the secretaries of the Army and the Air Force to launch a pilot program in which one state’s National Guard could assist one of its counterparts with cybersecurity training and incident response. Read more.

Zoom to Use Google Security Service to Protect Users

According to a report on, Zoom Video Communications is in talks with Google’s cloud division to use one of its cybersecurity services as another layer of protection for its 300 million daily meeting participants. The article states that Zoom plans to use the Google security service to alerts users to the dangers of clicking on links associated with malicious websites. Zoom could use the Google service to flag links to websites that scammers send to users through Zoom’s chat function if the two companies reach a deal, the report said, citing two people with direct knowledge of the matter. As more users have flocked to Zoom this year, data privacy concerns around the easy-to-use, cloud-based platform have grown. As a result, Zoom has embarked on a 90-day security enhancement plan to boost the security of its offerings. Read more.

Healthcare and Cybersecurity Can Learn from Each Other

An article on suggests that healthcare and cybersecurity, both aimed at keeping people safe and lowering the risk of infection, can learn from each other. Both are tasked with fighting viruses and getting to the root of the problem. Critical for both industries is an emphasis on accurate diagnostics. The article goes on to focus on three preventative measures common to both cybersecurity and healthcare: using proper diagnostic tools; adopting a risk-based approach to analyzing which data or systems are the most vulnerable and/or likely to come under attack; and performing a kill chain analysis, a post mortem to figure out what went wrong and, in the case of a hacker, determine how it entered the system. Read more.

Beware of Contract Tracing Apps Posing as Malware

According to a recent report on, twelve applications posing as coronavirus contact tracing apps available outside mainstream marketplaces are designed to steal personal and financial information from unwitting Android users. Apps meant to impersonate official government tracing apps from countries including Italy, Russia and Singapore trigger malicious software capable of collecting a range of data from user’s devices, yet another example of hackers exploiting the global pandemic to steal information from users who believed they were downloading an app designed to measure the prevalence of COVID-19 in their community. Read more.

Cyber Connections News Roundup: June 2

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 2, 2020

Cyber LEAP Act Aims to Promote Innovation

The Senate Commerce Committee approved the Cybersecurity Competitions to Yield Better Efforts to Research the Latest Exceptionally Advanced Problems, or Cyber LEAP Act of 2020. Sponsored by Commerce Committee Chairman Roger Wicker (R-MS) and Senators Cory Gardner (R-CO) and Jacky Rosen (D-NV), the bill establishes a national series of Cybersecurity Grand Challenges so that the country can “achieve high-priority breakthroughs in cybersecurity by 2028.” According to an article on, the challenges six key areas, including, among others: economics of a cyber attack; cyber training; and emerging technologies. Read more.

Cloud Security at Forefront of CISA Plans

According to a report on, Bryan Ware, the new assistant director of the Cybersecurity and Infrastructure Security Agency (CISA), briefed vendors during a presentation last week on a five-year roadmap for the agency. According to the report, CISA will shift as much as possible to the cloud, Ware said. “Having worked in other parts of the US government and commercial industry before coming to CISA, we’re a bit of a slow or a late adopter of cloud,” he said. “And so we are very aggressively now working to significantly expand our cloud capabilities.” Read more.

Cyber Incidents Down in 2019

According to a recent article on, latest annual Federal Information Security Management Act (FISMA) report to Congress shows there were 8% fewer cybersecurity incidents reported in fiscal 2019 across government. The report attributes this trend to improved risk management, as 73 federal agencies now meet the highest rating of “managing risks” in their CIO -assessed FISMA posture. That’s up from 62 agencies the year prior and 33 in 2017. The report demonstrates that agencies are making significant progress in managing risk and also highlights that focused efforts to secure government mobile devices have been especially important in today’s expanded telework environment, according to a statement from FISMA. Read more.

Old Dominion University Cyber Grants Help Boost Workforce and Local Economy

According to a recent article on, in an effort to boost the cybersecurity workforce in the Hampton Roads area and spur economic development, the Coastal Virginia Center for Cyber Innovation, a cybersecurity program led by Old Dominion University, has just awarded $680,000 in research grants. Five teams comprising area researchers and private businesses received the grants. The projects include a variety of disciplines and local institutions. For example, ODU psychology professor Jeremiah Still is partnering with MI Technical Solutions in Chesapeake to teach Department of Defense personnel about the best practices for guarding against online attacks. That project received an $88,000 grant. Read more.

FBI Offers US Companies Insight into Uptick in Healthcare Hacking

A recent article on reports that criminal and state actors continue to target U.S. clinical trial data, trade secrets, and the “sensitive data and proprietary research of U.S. universities and research facilities. According to an FBI told advisory, these actions are “likely due to the current global public health crisis,” as some nation-states shifting cyber resources to collect against the health care and public health sector, while criminals are targeting similar entities for financial gain. The advisory includes multiple examples since February of state-linked hackers trying to compromise and retain access to the networks of organizations in the U.S. health care and public health sector. It is the latest in a series of warnings from U.S. officials about similar cybersecurity incidents as the race for a coronavirus vaccine intensifies. Read more.


Cyber Connections News Roundup: May 19

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 19, 2020

COVID-19 Increases Cybersecurity Challenges for Hospitals

A recent interview on with Jonathan Langer, CEO of Medigate, a provider of security for medical devices, sheds new light on the cybersecurity risks that healthcare organizations are facing as a result of the COVID-19 pandemic. Hospitals are adding dozens or even hundreds of new devices to their networks to meet the needs of increased patient care. Many also are operating field hospitals and testing sites on top of their existing environments. For example, the Cleveland Clinic saw more than 60,000 tele-medicine visits in March alone, an increase of more than 1,700% over its average. The addition of new networks, wireless access points, devices and tele-medicine capabilities brings new risks, according to Langer.  Read more.

Companies Can Employ Chatbots to Mitigate Cybersecurity Risks During Rise in Remote Working

“Chatbots,” the ubiquitous virtual agents used to field customer questions, may now help address many work-from-home cybersecurity challenges such as secure end-to-end encryption and user authentication, according to an article on The same chatbots used to answer customer questions can be used to help employees connect with security professionals to resolve issues, and also allow security teams to track logins and user activity, manage user authorization, and engage employees in security awareness training, among other tasks. Read more.

U.S. Accuses Chinese Hackers of Trying to Steal Coronavirus Research

According to a recent report on, the Department of Homeland Security and the FBI accused hackers linked with the Chinese government of attempting to steal U.S. research into a coronavirus vaccine. According to a statement from the DHS, “the FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors.” The statement goes on to say that these actors have tried to obtain public health data related to vaccines, treatments, and testing. The DHS has urged medical research organizations to be vigilant and report suspicious cyber activity. Read more.

Texas Courts Hit with Ransomware Attack

The Texas judicial system, according to a recent article on, was forced on May 15 to take some of its servers and websites offline last week after being targeted by a ransomware attack. The Texas Office of Court Administration, which provides IT services to state courts, didn’t specify what kind of ransomware was used to target the judicial servers, but reported that the ransomware was “caught” and that no ransom would be paid. Friday’s ransomware attack was the latest that Texas’ state and local agencies have faced over the past year. Last August, 23 cities and towns were simultaneously hit by a ransomware attack through a common managed service provider. Read more.

COVID-19 Puts Election Security at Risk

Russian hackers could target election officials working from home, according to an article on Some possible scenarios include: spreading rumors about coronavirus outbreaks at polling sites to deter people from showing up on Election Day or launching disinformation campaigns claiming elections have been delayed or canceled entirely because of the virus. These are two scenarios that the University of Southern California’s Election Security Initiative is tackling as it races to conduct virtual training programs for campaign and election officials across all 50 states before November. The bottom line, according to the article, is that every aspect of securing elections is now far harder during the pandemic. Read more.

Cyber Connections News Roundup: May 5

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 5, 2020

Cybersecurity Positions Shift During Pandemic

A recent article on reports that cybersecurity job functions have changed and that cyber attacks are on the rise. According to the (ISC)2 COVID-19 Cybersecurity Pulse Survey, conducted in April, found that 81% of cybersecurity professionals said their job function has changed during the COVID-19 pandemic, while at the same time, 23% reported cyber attacks at their organizations have increased since transitioning to remote work. While 81% of respondents said their organizations view security as an essential function right now, 47% said they have been taken off some or all of their typical security duties to assist with other IT-related tasks. Read more.

NSA Provides Cybersecurity Guidance, Assessments for COVID-19 Telework

The National Security Agency (NSA) recently provided guidance to help organizations select and safely use collaboration services to support the increase in remote work during the COVID-19 pandemic, according to a recent article on The guide is designed to help organizations and the workforce to make more informed decisions about choosing collaborative technologies and associated risk exposure. The guide is aimed at government employees, but healthcare providers will be able to benefit from the resources as well, as many providers have shifted to tele-health solutions. Read more.

Burden of Zoom Security Falls Largely on Users

From “Zoombombing” to sharing user information with Facebook and leaking data to LinkedIn, a recent article on highlights the flaws in the Zoom platform, which has taken off during the COVID-19 social distancing as millions are staying home for work and school, and points to users’ writing their own encryption as a major pitfall. Programmers in China, for example, wrote their own encryption code for the platform, using a security standard far more vulnerable than the widely accepted AES-256 encryption method approved by the U.S. government. The article quotes Michelle Hansen, a professor of cybersecurity at University of Maryland Global Campus, who maintained, “While Zoom has made significant improvements to secure their platform, the responsibility is at the user’s discretion.” She advised users to treat your meeting as your house. “Be a good host, manage your guest list and use settings to mitigate possible risks.” Read more.

Hackers Hit “Smart” Parking Meters

According to an article on, CivicSmart, a company that sells “smart” parking meters and technology used by parking-enforcement agencies, was recently the victim of a ransom ware attack that also exposed some of its internal files on a website maintained by the hackers responsible. The Milwaukee-based firm was hit last month with a form of ransom ware known alternatively as Sodinokibi or REvil. The incident, noticed in March by the Israeli security firm Under the Breach, suggested that attackers were preparing to publish as much as 159 gigabytes of data taken from CivicStart. Read more.

15% of Small Businesses Experienced a Cyber Threat in 2019

An article on, citing new information from The Manifest’s Data Safety for Small Businesses: 2020 Cybersecurity Statistics report, claims that nearly one-fifth of small businesses (15 percent) say they experienced either a hack (seven percent), virus (five percent), or data breach (three percent) in 2019. The Manifest surveyed 383 small business owners and managers to better understand the challenges they had with cybersecurity in 2019 and how they plan to approach cybersecurity in the future. The most popular strategies for small businesses are limiting employee access to data (46 percent) and encrypting data (44 percent). Read more.

Cyber Connections News Roundup: April 21

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 21, 2020

Key Democrats Push for Cybersecurity Funding in Next Covid-19 Relief Package

Four Democrats are urging House leadership to support additional cybersecurity funding for state and local governments in the next coronavirus relief package, according to a report on In an April 13 letter, House Homeland Security Committee Chair Bennie Thompson (D-Miss.), Cybersecurity and Infrastructure Protection Subcommittee Chair Cedric Richmond (D-La.) and Reps. Dutch Ruppersberger (D-Md.) and Derek Kilmer (D-Wash.) asked Congress for $400 million in cybersecurity grants to help state and local governments deal with escalating ransom ware, phishing and other cyber attacks during the coronavirus pandemic. Read more.

Staying Cybersafe During the Coronavirus Crisis

Faculty members from University of Maryland Global Campus School of Cybersecurity and Information Technology have offered their recommendations for staying safe during these uncertain times. Condensing their tips down to five essentials, they advise to: beware of scammers; check web addresses for authoritative sites; check and verify links to government agencies sent via email; check bank account statements frequently; beware of scam phone calls; and reach out to trusted friends and family when in doubt. Read more.

Will Virus Tracking Infringe on Privacy Rights?

According to an article on, experts are warning that increased surveillance programs used to track the Covid-19 virus may do long-term damage to U.S. privacy rights. Other nations, including South Korea and Israel, have used tracking data including cellphone location information and facial recognition tools to power their pandemic responses. But similar efforts in the United States could amount to a major erosion of civil liberties. Read more.

Accenture Makes Third Cybersecurity Acquisition of this Year

An article on reports that professional services firm Accenture has acquired Revolutionary Security for an undisclosed sum, making it the third cybersecurity purchase for the firm this year. Revolutionary Security provides cybersecurity services for critical infrastructure sectors, including financial services. The unforeseen consequence of the COVID-19 pandemic played a role in the Accenture’s decision to invest further in cybersecurity and Accenture’s desire to keep its clients safe from cyber threats. Read more.

Is the Internet Ready for Online Voting? Most Experts Say “No”

Internet technologies are set to play a critical role in the 2020 presidential election, but how? A recent article on explores to what extent the internet is ready for online voting. How each state chooses to conduct the 2020 election is now shaping up as a partisan battleground. House Speaker Rep. Nancy Pelosi, D-Calif., wants to invest in a “vote-by-mail” election in order to secure the integrity of the election. Many experts suggest that the alternative, online voting, would be too risky. Dan Guido, CEO of Trail of Bits, quoted in the article, believes that using a mobile phone to mark a ballot, for example, would mean “trusting every computer between you and the election official to correctly record your preference and there are any number of points at which remote marking of ballots could be interfered with.” Read more.

Cyber Connections News Roundup: April 7

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 7, 2020

Cybersecurity and the Coronavirus: Is there a Silver Lining?

In a recent opinion piece on, Jesse Varsalone, associate professor of Computer Networks and Cybersecurity at University of Maryland Global Campus, asks whether today’s pandemic might offer us an opportunity to take steps toward a larger solution to the nation’s cybersecurity challenges. “We now know we must always be on the offensive to prepare for and protect against the next crisis,” he said. “Hospitals will plan for greater capacity. Schools at all levels — K-12 through university — now understand that they must be able to “go virtual” overnight so that learning is not disrupted. And companies will be ready for an increase in telework with security controls already in place.” Read more.

Spread of Coronavirus Raises Data Privacy Concerns

A recent article on highlights the privacy concerns that the response to the coronavirus pandemic has raised. The outbreak has put tech and telecom companies in a position where they can disclose, without individuals’ consent, large amounts of data about them to the federal government. The Stored Communications Act, for example, includes emergency exceptions permitting companies’ release of personal data for government experimentation. The spread of the coronavirus could see data shared at an unprecedented scale. Read more.

More States to Expand Mobile Voting Against Cybersecurity Concerns

According to an article on, a number of states are planning to dramatically expand their use of mobile voting in response to the coronavirus pandemic – even as cybersecurity experts warn such systems are unproven and too vulnerable to hacking. West Virginia became the first to try statewide mobile voting for military and overseas voters in 2018 and has already announced it will expand to voters with disabilities during its upcoming primary June 9. Cybersecurity experts have warned that mobile voting lacks basic protections to ensure votes haven’t been manipulated by hackers. Read more.

Zoom Takes Front and Center During Move to Online Learning

Some school districts around the country have started to ban the use of Zoom for online learning from home during the coronavirus crisis because of growing concerns about security, according to a recent report on But in addition to the widely reported security issues, the FBI has issued a warning to the public about the “hijacking” of online classrooms and teleconferences, according to an article on “Zoombombing” doesn’t exploit software vulnerabilities in the Zoom platform, but instead takes advantage of faculty’s inexperience with the tool by taking control of calls using Zoom’s screen-sharing function. Read more.

Women Make Gains in Cybersecurity Workforce but Lag in Leadership Positions

An article on, citing the 2019 Women in Cybersecurity Study, reports that women now represent 24% of the total cybersecurity workforce, up from 11% in 2017. However, when it comes to holding leadership positions in cybersecurity, the number is significantly smaller, according to several female executives interviewed for the article. Lisa Plaggemier, chief strategist at MediaPRO, suggested, “It’s because we don’t raise our hands. We wait until we’re 100% ready to take a leadership role before we apply or make our desires known.” Read more.

Cyber Connections News Roundup: March 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 24, 2020

Bipartisan Committee Delivers Cybersecurity Roadmap

According to a recent report on, on March 11 the Cybersecurity Solarium Commission, a bipartisan committee, released a new U.S. strategy that outlines steps to reshape the U.S.’s approach to cybersecurity and prepare for resiliency and response before a major cyber incident occurs. The report focuses on action, featuring numerous recommendations addressing organizational, policy, and technical issues. A concluding appendix features draft bills that Congress can rapidly act upon to put these ideas into practice and make America more secure. Read more.

Cybersecurity Risks Increase as More Employees and Students Go Online

A recent article on highlights how the dramatic expansion of teleworking by U.S. schools, businesses and government agencies in response to the Coronavirus is raising questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data. As citizens increasingly log on from home, they are melding their personal technology with professional tools at unprecedented scale. Employers, already concerned about capacity, must now also address the issue of people introducing new potential vulnerabilities into their routines. Read more.

Cybersecurity Experts Band Together to Protect Hospitals

According to an article on, a recent attack on a hospital inspired experts in the infosec community to get involved. After a cyber attack on a Czech hospital last week, cybersecurity professionals from companies in Israel, Europe and North America banded together in their spare time to send threat data to medical organizations to protect them from hackers trying to exploit the COVID-19 crisis. “If anyone is sick enough to use this global crisis to conduct cyber attacks, we need to try to stop them,” said Ohad Zaidenberg, an Israel-based cyber threat researcher. Zaidenberg assembled the ad-hoc group of around 70 malware hunters to gather data on COVID-19-related hacking. Read more.

Can AI Bridge the Cybersecurity Skills Gap?

A recent article on considers artificial intelligence can be the cure to our cybersecurity challenges, or will it make the skills gap even worse with the changing landscape? The 2019/2020 Official Annual Cybersecurity Jobs Report sponsored by Herjavec Group estimates that there will be 3.5 million unfilled cybersecurity jobs globally by the year 2021. AI could serve as an effective way to streamline the identification, analysis, investigation, and prioritization of security alerts. Through the use of AI and analytics techniques, businesses can also create supervised learning, graph analytics, and reasoning processes, along with leveraging the power of AI to automate the data-mining process. Read more.

HHS Adopts a “People Centric” Approach to Cybersecurity

According to a recent article on, the National Institutes of Health is taking a “people-centric approach” to protecting one of the largest government bureaucracies. Through its Optimize IT Security effort, one of eight programs launched throughout Department of Health and Human Services to increase the efficiency and effectiveness of its operations, NIH aims to empower employees with the information they need to identify suspicious behavior, such as phishing emails, and make employees feel comfortable reporting these anomalous activities to cyber personnel. NIH has identified 13 different user groups across the enterprise with access its networks, and is tailoring cyber-awareness approaches to positions such as clinicians, researchers, scientists and emergency management personnel. Read more.

Cyber Connections News Roundup: March 10

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 10, 2020

UMGC Faculty Weigh in on the Challenge of Protecting Health Data Privacy

In a recent article on, faculty experts from University of Maryland Global Campus (UMGC) offered their insights into the relationship between health data and privacy, namely that with further IoT integration, the problem may be exacerbated. According to Dr. Mohammad Bajwa, program chair of the health informatics administration program at UMGC, “The security question is baked into the tech itself, as each individual device in the IoT becomes a potential point of vulnerability.” James Robertson, program director of Cyber DevOps at UMGC added, “With the right design and implementation, IoT can mitigate data interoperability and data privacy issues.” Read more.

FDA Warns of Potential Cybersecurity Risk in Certain Medical Devices

According to a March 3 news release from the Food and Drug Administration, a new set of cybersecurity vulnerabilities, referred to as “SweynTooth,” may pose a risk to certain medical devices using the wireless communication technology known as Bluetooth Low Energy (BLE). BLE allows two devices to “pair” and exchange information to perform their intended functions while preserving battery life and can be found in medical devices as well as other devices, such as consumer wearables and Internet of Things (IoT) devices. These cybersecurity vulnerabilities may allow an unauthorized user to wirelessly crash the device, stop it from working, or access device functions normally only available to the authorized user. Read more.

Experts Sound the Alarm On 5G Security

A recent article on argues that regulation and strong proactive measures are necessary to protect 5G networks from cyber attacks, and that the responsibility falls on businesses and governments. As manufacturers such as Nokia, Samsung, and Cisco continue to develop, or plan to develop, 5G enterprise solutions, devices in the workplace already operating on a 5G network, and using IoT devices without a private 5G network or adequate technical knowledge could put organizations’ and their employees’ privacy at risk. Read more.

Rollout of Online Census Questionnaire Raises Fear of Cyber Threats

Beginning on March 12, households will participate in the once-a-decade national census by visiting to complete the online questionnaire. According to a recent report on, the Census Bureau is expecting about six out of 10 households to fill out the form online. But the planned public debut for the online census form comes amidst heightened concerns about cybersecurity risks. Lawmakers fear that a problem with the upcoming digital rollout could undermine public trust in data that carry at least a decade’s worth of implications across the U.S. Read more.

First Open Source Messaging Framework for Security Tools Launched

According to an article on, on Feb. 24, the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee announced OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework. OpenDXL Ontology aims to create a common language between cybersecurity tools and systems by removing the need for custom integrations between products that can be most effective when communicating with each other, such as endpoint systems, firewalls, and behavior monitors, but suffer from fragmentation and vendor-specific architecture. Read more.

Cyber Connections News Roundup: Feb. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 25, 2020

Data Science Tools Are Helping Cybersecurity Teams Identify Threat Patterns

A recent article on offers insight into the trend of using data science tools to help security operation centers (SOCs) identify attack patterns and increase the chances of detecting threats. The trend is driven by the increase of cheap computing power afforded by the cloud, and the need for more sophisticated defenses against breaches. SOCs are using data science tools to enhance the speed and accuracy with which companies can identify threat patterns and where they lie. Read more.

Recent Ransomware Attack on Natural Gas Facility Serves as Warning to Industrial Companies

An article on reports that the Department of Homeland Security’s cybersecurity agency recently responded to a ransomware attack on a natural gas compression facility that led the organization to shut down its operations for two days. Hackers were able to encrypt data on the unnamed facility’s IT and “operational technology” network, a broad term for a network that oversees industrial processes. As a result, the facility shut down its various assets, including its pipelines, for two days, because it was longer able to read data coming from across its enterprise. Read more.

Accenture’s Upstream Oil and Gas Digital Trends Survey Results Demonstrate Emphasis on Cybersecurity

In related news, the oil and gas sector is investing aggressively in cybersecurity in an effort to protect assets and reputations, according to the recently released results of Accenture’s 2019 Upstream Oil and Gas Digital Trends Survey. In the global survey of 255 industry professionals, cybersecurity emerged as companies’ top investment focus, and the technology driving the greatest impact on business performance. The survey was conducted in early 2019 but the results were only published this month. “As oil companies’ operations come under increasing threat, cyber resilience becomes more important to stakeholders, consumers and government,” said Rich Holsman, a managing director at Accenture who leads the digital practice in the company’s Resources operating group. Read more.

Will the 2020 Census Be the Next Big Target for Hackers?

An article on details how lawmakers are growing concerned about hacking dangers targeting the 2020 Census after a watchdog detailed a number of cybersecurity challenges that should have been addresses already. A report released by the Government Accountability Office warns that the hacking danger could be compounded by social media misinformation spread by U.S. adversaries or pranksters falsely claiming that census data is corrupted or the count is rigged. Read more.

Tripwire Survey Sheds Light What Companies Are Doing to Bridge the Cybersecurity Skills Gap

Cybersecurity firm Tripwire recently announced the results a survey that examined how organizations and security pros are experiencing skills gap issues. The survey findings, based on the responses from 342 security professionals, revealed that 83 percent of respondents feel more overworked going into 2020 than they were in 2019. Moreover, according to the survey, 85 percent of respondents acknowledged that it became more difficult over the past few years to hire skilled cybersecurity professionals. Around 46 percent stated that they plan to use more managed services in 2020, and more than 50 percent of respondents said they will invest more cybersecurity training for their staff. Read more.