Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
November 29, 2017.
By The CyberWire Staff
More sensitive information has sloshed from another unsecured Amazon Web Services S3 bucket. This time the exposed data belonged to the US Army's Intelligence and Security Command (INSCOM), that Service's component of the National Security Agency's Central Security Service. The exposed database was found (again) by researchers from UpGuard, which says this is the first time it's found classified information exposed by such an easily avoided configuration error. ZDNet says this latest exposure is by its reckoning the fifth case of NSA data loss in the past five years.
No one is quite sure, yet, to whom the AWS S3 bucket belonged, and it seems unlikely that this is a case of deliberate leaking as opposed to simple carelessness, but the story is likely to bring Congressional pressure for intensified mole-hunting in the Intelligence Community.
Misconfigurations haven't yet slowed the apparently inexorable move of sensitive information into cloud services. CIA continues to believe the cloud represents both cost savings and better security.
Apple is fixing a major problem with MacOS High Sierra. The recently upgraded operating system allows root access by typing "root." Mac users shouldn't delay fixing their systems.
Alleging information aggression from Washington, Moscow says it's going to build its own DNS. This is Russia's latest move in the direction of information autarky.
Russia is partnering with Venezuela to keep the Catalan independence controversy roiling.
SWIFT, the international funds transfer system, warned banks yesterday that cyberattacks on the financial systems are growing rapidly more frequent, sophisticated, and rapacious.
Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it. getleftofboom.com
Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).
Flying Blind: 2017 Cloud Configurations Gone Wrong(Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Top Secret US Army and NSA Files Left Exposed Online on Amazon S3 Server(BleepingComputer) Ten days after an Amazon S3 server exposed data from the US Army's CENTCOM and PACOM divisions, security researchers have identified another S3 server instance that leaked files from INSCOM, a joint US Army and NSA agency tasked with conducting intelligence, security, and information operations.
MacOS High Sierra Users: Change Root Password Now(KrebsOnSecurity) A newly-discovered flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password.
SWIFT warns banks on cyber heists as hack sophistication grows(Reuters) SWIFT, the global messaging system used to move trillions of dollars each day, warned banks on Wednesday that the threat of digital heists is on the rise as hackers use increasingly sophisticated tools and techniques to launch new attacks.
Differences in opinion and perspectives on control system cyber security(Control Global) James (Jim) Lewis is the Senior VP and Program Director for the Center for Strategic and International Studies - CSIS. I testified with Jim March 19, 2009 before the Senate Committee on Commerce Science and Transportation. Jim’s focus then, and continues to be, an IT focus on confidentiality of information...
Apple's High Sierra allows root with no password, there's a workaround to help(CSO Online) Earlier this afternoon on Twitter, a developer posted a screenshot and reported it was possible to obtain root access on Apple's High Sierra without a password. Several users recreated this issue on their own systems, including a staffer here at IDG. However, as problematic as this issue is, the workaround is rather easy.
The State of Cloud Storage Providers’ Security: 2017 Survey(Clutch) Small businesses remain widely confident in their cloud storage provider’s security, but many businesses are leaving sensitive data at risk by neglecting industry regulations and other additional security measures, according to our new data.
Intensifying Cybersecurity Fears Could Fuel Blackberry Rebound(Forbes) Sometimes there’s a temptation to think that cyberattacks are an unfortunate consequence of our ever-increasing interconnected digital world, which is underscored by the fact that most Americans walk around with a personal computer in their pocket.
KeyW Announces Award on GSA’s $50 Billion Alliant 2 Unrestricted GWAC (GlobeNewswire News Room) The KeyW Holding Corporation (NASDAQ: KEYW) today announced that the General Services Administration has awarded its wholly owned subsidiary, Sotera Defense Solutions, Inc. (Sotera), a contract on its $50 billion Alliant 2 Governmentwide Acquisition Contract (GWAC).
Just don't call them ethical hackers(Sydney Morning Herald) The field of cyber security has a couple of problems. First, the media insists on using headline-friendly terms like "ethical hacker" for roles that are done not by loners in hoodies, but professionals in corporate cubicles.
Friedman LLP Launches New Cyber Security Practice(CPA Practice Advisor) Top 50 accounting and advisory firm, Friedman LLP, is expanding its service offerings to include cyber security consulting with the launch of Friedman CyZen LLC ("CyZen"), a wholly owned company of Friedman. The goal of CyZen is to bring peace of mind...
Les espérances de la cryptographie quantique(Largeur.com) Alors que les systèmes de chiffrement classiques atteignent leurs limites, de nouvelles solutions proviennent de la physique des particules. Leur concrétisation à grande échelle est proche.
Cryptocurrencies Aren't 'Crypto'(Motherboard) As the price of Bitcoin and Ethereum skyrocket, and more and more people who are unfamiliar with technology join in the craze, words start to lose their original and correct meaning.
A Lasting Defeat: The Campaign to Destroy ISIS(Belfer Center) On December 11, 2016, just before my time as Secretary of Defense would end, I stepped off a C-130 transport plane onto a cold and dusty patch of northern Iraq that had been on my mind for more than a year: an Iraqi military airfield called Qayyarah West.
'Blowback': Clinton campaign planned to fire me over email probe, Obama intel watchdog says(Fox News) A government watchdog who played a central role in the Hillary Clinton email investigation during the Obama administration told Fox News that he, his family and his staffers faced an intense backlash at the time from Clinton allies – and that the campaign even put out word that it planned to fire him if the Democratic presidential nominee won the 2016 election.
US Charges Chinese Hackers In Cyberattacks(PYMNTS.com) Three individuals connected to a Chinese cybersecurity company have reportedly hacked automation company Siemens, software processing firm Trimble and bond credit rating business Moody’s Analytics in an attempt to steal business information. According to a Monday (Nov. 27) report in Reuters, which cited U.S. prosecutors via an indictment that was unsealed in federal court in […]
Chinese Firm Behind Alleged Hacking Was Disbanded This Month(Fox Business) Guangdong Bo Yu Information Technology Co., also known as Boyusec, was deregistered Nov. 17. Chinese Firm Behind Alleged Hacking Was Disbanded This Month, at 1504 GMT, incorrectly stated it was deregistered Nov. 11 in the third paragraph. (Nov. 29)
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...
Cyber Security, Oil, Gas & Power 2017(London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.
Cyber Security Summit Los Angeles(Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...
Hackers Challenge(New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.