Cyber Connections News Roundup: October 8

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 8, 2019

UMGC Celebrates Cybersecurity Awareness Month with Activities and Information Aimed at Helping You Stay and Secure Online

National Cybersecurity Awareness Month, which takes place every October, is a great time to review online security habits at home and at work. At University of Maryland Global Campus (UMGC), we will be busy this month getting information out on a variety of topics, including cyber hygiene, cyber careers and more. Check out what’s happening this month:

  • This year’s National Cybersecurity Awareness Month theme emphasizes personal accountability and stresses the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. The overarching message – Own IT. Secure IT. Protect IT. – focuses on three key areas including citizen privacy, consumer devices, and ecommerce security. This month, UMGC cyber faculty, students and alumni have joined together for a video series that kicks off on Wednesday, October 8 on the UMGC Global Media Center. Faculty and students will share their insights into each of the NCSAM themes and offer tips on understanding and securing your digital profile at home and at work.
  • Earlier this month we teamed up with the Community College of Baltimore County (CCBC) to present “Decoding Your Cyber Career,” a one-day informational networking event on Oct. 2 to promote careers in cybersecurity. Attendees heard from cyber experts and educators about the demand for cybersecurity professionals, the latest trends within the industry, and the ways to best leverage knowledge, skills, and certifications for career success. Check out our coverage of the event, which featured keynote speaker Matt Dunlop, vice president and chief information security officer of Under Armour, Mike Janke, CEO and co-founder of DataTribe, as well as a panel of cybersecurity employers and students who shared their insights.
  • Finally, be sure to visit the Cyber Connections blog on Oct. 15 for a post from Balakrishnan Dasarathy, UMGC professor and program chair, cyber operations & information assurance, in which he discusses a state-wide effort in Maryland to convert its voice network-based 911 systems to IP and digital-based 911 systems. Dasarathy is involved in this effort and will share his insights into the associated cybersecurity challenges, such as ransom ware and denial of service attacks.

Happy National Cybersecurity Awareness Month. Stay safe and stay tuned!

Cyber Connections News Roundup: September 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 24, 2019

Microsoft to Offer Free Security Support for Windows 7 Ahead of 2020 Election

According to a recent report on www.cyberscoop.com, Microsoft Corp. will offer state and local election officials free security support for Windows 7 operating systems used in voting systems through 2020. Microsoft has long planned to stop providing security updates for Windows 7 users in general in January 2020, but was allowing users to pay for those updates through January 2023. The offer of free services through next year’s U.S. presidential election represents an additional effort to make it easier to update operating software used in voting systems, such as the election management systems that format ballots. Read more.

Are Recent Saudi Oil Attacks a Sign of More Cyber Warfare to Come?

The recent attack against Saudi Aramco, claimed by U.S intelligence and the Saudi government to be the work of Iran, is a continuation of a long-simmering cyber war between the two countries, according to an article on www.cnbc.com. In recent years, Iran has deployed destructive computer viruses against Saudi Arabia, which has been slow to strengthen its defenses. The report warns that investors should expect long-term cyber espionage and flare-ups of malicious activity, including the potential for destructive attacks that hurt companies in the region beyond Aramco. Read more.

Los Angeles Becomes First City in Nation to Offer Public Threat-Sharing Platform

According to a recent article on www.lasentinel.net, the city of Los Angeles has unveiled the Threat Intelligence Sharing Platform, as well as a free mobile app that will help people detect malicious email. This, according to Mayor Eric Garcetti, makes Los Angeles the first city in the nation to release a publicly available threat-sharing platform and cybersecurity app. The platform is the creation of the LA Cyber Lab, a nonprofit organization dedicated to protecting the public and businesses from cyber threats by facilitating and promoting innovation, education and information sharing between public and private sectors. Read more.

Citing Cybersecurity Concerns, Colorado Bans QR Codes on Ballots

Colorado has become the first state in the U.S. to ban the use of QR codes on ballots, according to a recent article on www.thehill.com. In announcing the change, Colorado Secretary of State Jena Griswold (D) said that cybersecurity experts have raised concerns around the security of using the QR codes on ballots. Griswold also cited findings by U.S. intelligence that Russian operatives attempted to interfere in the 2016 presidential election as a reason to enhance cybersecurity of elections. Colorado will now require that votes only be counted based on human-verifiable information, specifically the marked ovals on the printed ballot, and not based on the counting of votes embedded in QR codes. Read more.

Cyber Attacks Exploit People and Not Technology According to Proofpoint Report

According to the results of Proofpoint’s 2019 Annual Human Factor Report, virtually all successful email-based cyber attacks require the target to open files, click on links, or carry out some other action. Although a small fraction of attacks rely on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run. A recent article about the report on www.zdnet.com notes how increasingly difficult it is to distinguish a malicious email from a regular one, mainly because tailored attacks look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss. Read more.

Cyber Connections News Roundup: September 10

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 10, 2019

U.S. CISO Schneider: Federal Government Must Lead on Cybersecurity

U.S. Chief Information Security Officer (CISO) Grant Schneider, speaking at the recent Billington Cybersecurity Summit (Sept. 4-5 in Washington, D.C.), said that the federal government must lead by example for the private sector and American citizens in how to properly manage cybersecurity. In a recent conference summary on www.fedscoop.com, Schneider’s argument for a U.S. leadership role stems from the federal government’s efforts to set cybersecurity policies and requirements and develop tools that bring agencies together in a unified posture against threats. “Private entities look at the requirements that we put upon federal agencies,” Schneider said. “Government agencies can also serve as an example for how you can best protect your information as a citizen or as a corporation,” he added. Read more.

Flagstaff Schools Close Due to Ransomware Attack

Flagstaff Unified School District officials worked over the weekend of Sept. 7-8 to resolve a cybersecurity issue that forced closures of all schools on September 5-6. According to a report on www.usnews.com, officials from the school district said they were working to secure critical internet-based systems while investigating the origin and possible damage resulting from the ransomware in the district’s computer system discovered on Sept. 4. Officials cut off access to the internet and hundreds of teachers and other district employees on Friday turned in their Windows devices at a nearby middle school so they could be scanned for contamination and have new malware protection installed. Read more.

New Online Training Game Brings Cybersecurity to Life

According to a report on www.khq.com, ​ThreatGEN, a cybersecurity training and services company based in Houston, Texas, released what it claims to be the world’s first online multiplayer computer game designed to teach cybersecurity. Titled ThreatGEN®: Red vs. Blue, the game aims to create an immersive cybersecurity experience that teaches practical applications of cybersecurity concepts that have traditionally been more strategic or abstract, such as building a cybersecurity program and managing a budget. Read more.

Proliferation of Augmented Reality Applications Exposes Security Risks

A recent article on www.forbes.com examines the cybersecurity implications of augmented reality (AR), a technology that enhances objects that reside in the real world through computer-generated information. AR technology is advancing rapidly as commercial applications are being implemented in manufacturing, industry, shipping and logistics. But the growth of AR applications brings with it an expanding landscape of new cybersecurity vulnerabilities as adoption often outpaces a thorough vetting of any associated security risks, particularly as it involves wearable or tablet-based AR applications that require Wi-Fi. Read more.

Nearly 40% of Enterprises Lose Business Due to Cybersecurity Performance

According to a new commissioned study conducted by Forrester Consulting on behalf of BitSight, titled “Better Security And Business Outcomes With Security Performance Management,” nearly two in five enterprises admit that they have lost business due to either a real or perceived lack of security performance within their organization. The study, based on a survey of 207 security decision makers, evaluates how executives understand and effectively measure their cybersecurity performance and adequately communicate it to the board, senior executives, customers, and critical stakeholders. Read more.

 

Cyber Connections News Roundup: August 27

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 27, 2019

How Do You Measure Cybersecurity Effectiveness?

A recent blog post on www.lawfareblog.com examines the lack of universally recognized metrics to measure cybersecurity improvements. As a result, decision-makers “are left to make choices about cybersecurity implementation based on qualitative measures rather than quantitative ones.” The article seeks to understand the importance of a balance between quantitative and qualitative metrics in order to also address role of processes and procedures. “Cybersecurity is a matter not just of the equipment and tools in place but also of how the equipment and tools are used by people.” Read more.

Microsoft Leads All Brands in Phishing Attacks

A recent article on www.forbes.com estimates that phishing attacks account for up to 90% of cyberattacks by volume. And the Microsoft brand has a clear lead when it comes to these attacks. According to a recent Vade Secure survey based on its AI engine activity, more than 20,000 unique Microsoft phishing URLs were detected for an average of more than 222 per day. The 180 million Office 365 business users provide a playing field rife for attack. And once an attacker steals Office 365 credentials the whole world of a Microsoft user’s account opens up. PayPal occupies the second spot. Read more.

More than Half of Industrial Cybersecurity Incidents Caused by Human Error

A recent Kaspersky report titled “State of Industrial Cybersecurity 2019” found that errors or unintentional actions were behind 52% of incidents affecting operational technology and industrial control system (OT/ICS) networks in 2018. An article about the report on www.securitymagazine.com cites the top five most common types of vulnerabilities within industrial control systems as: misconfigurations (34.7 percent); vulnerabilities, patches and updates (26.7 percent); identity and access management (12.9 percent); insecure services enabled (7.9 percent); architecture and network segmentation (7.9 percent). Read more.

Nearly One Third of Healthcare Employees Have Never Received Cybersecurity Training

Employees of healthcare organizations in the U.S. and Canada are lacking cybersecurity education and awareness in three main areas: regulation, policy and training, according to a new report from Kaspersky titled “Cyber Pulse: The State of Cybersecurity in Healthcare Part 2.” According to an article on www.healthcarefinance.com, the report established several findings that correlate to the increasing number of hacking and IT-related incidents occurring in healthcare organizations across North America. For example, nearly a fifth of U.S. respondents to the survey (18%) reported they didn’t know what the HIPAA security rule meant. In Canada, nearly half of respondents (49%) said they didn’t know if Canadian PHI needed to stay in Canada. Read more.

Reformed Con Man Frank Abagnale Offers Tips on Preventing Identity Theft

Frank Abagnale, the subject of the movie “Catch Me If You Can” starring Leonardo DiCaprio, sat down recently with TechRepublic to offer his tips on avoiding identity theft. First, he advises to freeze your credit, which reduces the ability for someone to create a fraudulent credit account in your name. Abagnale also advises to avoid writing checks because most often they include your name, address, and phone number, as well as your bank’s name and address, account number, routing number and signature. Moreover, everyone can see your physical check, which exposes it to more risk. Read more.

 

Cyber Connections News Roundup: August 13

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 13, 2019

New Symantec Report Highlights Challenges in Cloud Security

A new report from cybersecurity firm, Symantec, titled “Adapting to the New Reality of Evolving Cloud Threats,” says that enterprises that are in the process of transitioning to the cloud must realign or reinvent their security programs. Symantec talked to 1,250 security decision makers from 11 countries to understand the changing cloud security landscape and to gauge the maturity of security practices. Software-as-a-Service (SaaS) application usage is proliferating, the report says, and workloads are increasingly migrating to IaaS platforms like AWS and Azure, on-premises applications, storage, and private clouds persist. The resulting hybrid IT environment, according to the report, is leaving organizations scrambling to keep up. Read more.

NCC Group Researchers Determine that Office Printers Are Cybersecurity Risk

A recent article on www.forbes.com highlights the research findings of Daniel Romero Pérez and Mario Rivas Vivar of the NCC Group, who have discovered vulnerabilities in name-brand printers that could create long-term backdoor access into companies’ data. Rivas and Romero conducted a six-month project to identity vulnerabilities and exploitations relating to devices made by six of the largest enterprise printer makers in the world. Their efforts uncovered weaknesses that opened devices to Denial of Service (DoS) attacks, but of much more concern is the potential for those devices to be used as entry points into corporate networks. Read more.

New Synopsis Report Highlights Security Challenges in the Financial Services Industry

A new report commissioned by the Synopsys Cybersecurity Research Center (CyRC) and conducted by the Ponemon Institute called “The State of Software Security in the Financial Services Industry” highlights the financial services industry’s security posture and its ability to address security-related issues. The study found that more than half of the surveyed organizations have experienced theft of sensitive customer data or system failure and downtime because of insecure software or technology. The study also found that many organizations are struggling to manage cybersecurity risk in their supply chain and are failing to assess their software for security vulnerabilities before release. Read more.

Lessons Learned from the Capital One Breach

A recent article on www.cyberscoop.com takes a look back on the Capital One breach, disclosed on July 29, and examines what went wrong, but also notes that things could have been worse. “When taken at face value, the Capital One breach looks awfully similar to other massive security failures. But there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident,” the article says. Some security experts believe that while the breach was severe, actions taken by the bank prevented this breach from becoming another example of extreme corporate cybersecurity negligence. Read more.

How AI Can Help with Cybersecurity

To keep up with the bad guys, companies will need to employ advanced tools, like artificial intelligence (AI), to prevent, detect and remedy potential threats, according to a recent report on www.forbes.com. For example, AI can be used to combat malware. Over time, artificial intelligence should be able to learn and automatically detect unusual patterns in web-traffic environments in an encrypted way, therefore providing a decisive help to all network security defenses. AI can improve efficiency by freeing up time for IT professionals to focus on more high-level tasks. Read more.

 

 

 

Cyber Connections News Roundup: July 30

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 30, 2019

New Orleans Governor Issues First Ever Statewide Cybersecurity Emergency

Governor John Bel Edwards has issued a statewide emergency declaration following a cybersecurity attack on several school systems in North Louisiana, according to a recent report on wwl.radio.com. This is the first activation of Louisiana’s emergency support function relating to cybersecurity. Kenneth Donnelly, senior coordinating official for the Louisiana Cybersecurity Commission, said the state was first made aware of a malware attack on July 23. The New Orleans Office of Homeland Security and Emergency Preparedness, along with Information Technology and Innovation, is monitoring the situation and is in close contact with the Governor’s Office of Homeland Security and Emergency Preparedness and law enforcement partners at the local, state and federal level. Read more.

NSA Creates New Cybersecurity Arm to Combat Foreign Threats

According to a report on www.nextgov.com, the National Security Agency (NSA) will create a new cybersecurity “directorate” to unify NSA’s foreign intelligence and cyber defense missions, and prevent and eradicate threats to national security systems and the defense industrial base. Anne Neuberger, who has been leading the NSA’s Russia Small Group, has been tapped to lead the new directorate, which will become operational on Oct. 1. Neuberger led the NSA’s election security efforts for the 2018 midterms, having served as the NSA’s first chief risk officer. Read more.

IoT Cybersecurity Improvement Act Calls for Deployment Standards

The IoT Cybersecurity Improvement Act of 2019, co-sponsored by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas), would require the National Institute of Standards and Technology (NIST) to issue guidelines for the secure development, configuration and management of IoT devices, according to a recent article on www.techtarget.com. It would also require the federal government to comply with these NIST standards. Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance at the Graduate School at the University of Maryland University College, was quoted in the article in support of the bill. “We need government intervention,” he said. Dasarathy said that the bill would provide appropriate IoT security guidance to chief information security officers (CISOs) and other organizational executives. “Right now many CISOs struggle to determine adequate security,” he said. Read more.

Industrial Cybersecurity Emerging as Frontline of Cyber Attacks

According to a report on www.businesswire.com, the number of cybersecurity-related incidents occurring around industrial systems and operational technology is on the rise. Industrial cybersecurity is therefore emerging as the frontline defense to address such threats. Urmez Daver, vice president and global head of Industrial Cybersecurity, TÜV Rheinland Group, speaking at the recent Secure Summit APAC 2019 in Hong Kong on July 11, said that emerging cybersecurity standards will provide the right level of guidance to enterprises to manage cyber risk, which is often best achieved when safety, security and privacy are engineered by design. Read more.

Israel to Provide Cybersecurity Training to Students with Autism

A first of its kind cybersecurity training course for people with disabilities has opened in Israel, led and financed by the National Cyber Directorate and the Welfare and Social Services Ministry, according to a report on www.timesofisrael.com. In an effort to expand the pool of talent in the industry, Ram Levy, CEO of cybersecurity company Konfidas, initiated the training to enable people with disabilities to integrate into the cybersecurity field. The first cohort of the course will include 16 students on the autism spectrum, aged 21 and up. Read more.

 

 

Cyber Connections News Roundup: July 16

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 16, 2019

New ISA Cybersecurity Alliance Established to Accelerate Education, Readiness, and Knowledge Sharing

The International Society of Automation (ISA) has created an open, collaborative forum to advance cybersecurity awareness, readiness, and knowledge sharing. According to a recent report on Yahoo Finance, the ISA Global Cybersecurity Alliance will bring together a global group of stakeholders from end-user companies, control system vendors, IT and OT infrastructure providers, system integrators, and others affiliated with global industry to benefit everyone, especially the communities in which we operate and serve. Read more.

Artificial Intelligence in Cybersecurity Expected to Surpass $38 Billion

A recent report from Markets and Markets predicts that the artificial intelligence (AI) in cybersecurity market will reach USD 38.2 billion by 2026 from USD 8.8 billion in 2019, at the highest CAGR of 23.3%. Major drivers for the market’s growth include: the growing adoption of IoT and increasing number of connected devices; rising instances of cyber threats; growing concerns of data privacy; and an increasing vulnerability of Wi-Fi networks to security threats. Read more.

New Indiana University Cyber Clinic to Serve as Mid-West Hub for Training

According to an article on https://meritalkslg.com/, Indiana University (IU) will establish the IU Cybersecurity Clinic to address cyber threats on the state and local level. IU said the clinic would serve as a Midwest hub for cyber training. Funding for the new clinic comes from a $340,000 grant from the William and Flora Hewlett Foundation and matching funds up to $225,000 from the Indiana Economic Development Corp. Read more.

U.S. Coast Responds to Recent Safety Alert With Cybersecurity Recommendations

On July 8, the U.S. Coast Guard issued a safety alert to report an incident in February whereby a deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that it was experiencing a significant cyber incident impacting its shipboard network, according to a recent report on www.marinelog.com. The Coast Guard responded to the incident by establishing a set of recommendations for vessels and facility owners to improve cybersecurity. Read more.

Maryland Department of Labor Reports Cybersecurity Incident

A recent report on https://www.nbcwashington.com/ details efforts by the Maryland Department of Labor to notify roughly 78,000 customers about potential unauthorized activity in two of its database systems. On July 5, the department reported that some personal information might have been accessed without authorization, but that an investigation by the department has not found any misuse of data. Read more.