Tag: Cisco

DHS opens new cybersecurity center to protect infrastructure, Amazon works issues of Rekognition, self-assessment to help against data breaches, Samsung’s IoT hub open to attacks

The following are some of the cybersecurity topics we are tracking:

At DHS Announcement, Pence Blames Russia for 2016 Election Interference, Vows to Tighten Cybersecurity

The United States government is preparing a major cybersecurity rehaul to protect key public infrastructure. US Department of Homeland Security announced on Tuesday the creation of a new center aimed at guarding the nation’s banks, energy companies, and other industries from major cyber attacks that could cripple critical infrastructure. In a government-hosted cybersecurity summit in New York, DHS announced that the center would aim to protect US key sectors from cyber attacks. Read more on Wall Street Journal.

Digital resilience – a step up from cybersecurity

We are living in an increasingly digital world, but many organizations are still unaware of the extent to which they rely on digital technology and the risks that come with it. As we head towards a digitally dependent future, the need for digital resilience has never been greater. Read Debbie Garside's article about how digital resilience is a step up from cybersecurity on CSO Online.

Amazon quietly invited Congress to 'weigh in' on facial recognition

Ever since its launch, Amazon's AI-driven Rekognition tool has been under fire from privacy groups. In fact, the premier US privacy rights association, ACLU came out with a number of tests to show how Amazon's Rekognition tool can be abused by authorities to snoop on private citizens. Amazon, on the other hand, has taken exception to ACLU's test and said that it is for US government to decide how to use the tech. In other words, Amazon has put the ball in US government's court regarding the abuse of its Rekognition tool. Read more on CNet.

How Self-Assessment Can Help You Avoid a Data Breach

Each new data breach that makes headlines causes companies to grow more and more concerned about cybersecurity. In response, businesses are upping their investments in cybersecurity with the hopes of shielding their systems from cybercriminals, protecting their data and keeping their names out of the news. However, Ravi Srinivasan says companies are better off self-assessing their cybersecurity strategy and needs. Read how self-assessment can help companies avoid costly data breaches on Security Intelligence. Before doing a self assessment, we recommend reviewing best practices. We capture some here at Crucial Point LLC Cybersecurity Best Practices.

Bugs in Samsung IoT Hub Leave Smart Home Open To Attack

Samsung's SmartThings Internet of Things Hub made headlines a couple of weeks back when researchers from CISCO Talos found that anyone running simple scripts can hack into connected devices. The researchers found no less than 20 bugs in Samsung's SmartThings Hub. These vulnerabilities allowed unknown hackers to gain remote control of smart locks, security cameras and other things connected to the Hub. Samsung has separately released a firmware advisory for Hub V2 devices on July 9. Read more about how Samsung's SmartThings Hub is vulnerable to multiple hacking threats on Threat Post.

Scary Words For Anyone: Microsoft and Amazon Are Entering Your Market

These are some of the enterprise IT stories we are following:

Microsoft’s GitHub takeover sends shockwaves through the open-source developer ecosystem

The worlds largest git repository is getting a second lease of life. GitHub has been struggling with revenues even as it is facing new rivals. The knight in shining armor for GitHub is none other than tech giant Microsoft who has taken control of the world's top git repository. However, Microsoft is bound to face new hurdles if devs move to rival services like GitLab, BitBucket because of the fear of Microsoft moving the open-source system into a closeted one. Read more about Microsoft's takeover of GitHub on Silicon Angle. Also see: What The Enterprise IT Professional Needs To Know About Git and GitHub.

Apple, Pixar and Adobe back a standardized AR file format

Apple, Pixar, and Adobe are collaborating on a standardized AR file format called the Universal Scene Description file, or USDZ. This was Apple announced by Apple at WWDC 2018 keynote in San Jose on Monday. The new standard will make sharing AR files across will be much easier under iOS12 thanks to a new file format the company has developed in conjunction with Pixar. The Universal Scene Description file, or USDZ for short, will offer the ability to display 3D rendered AR objects within a single "zero compression, unencrypted zip archive" file, optimized for sharing. Source: Engadget.

Google's Hangouts Meet to work with other video conferencing systems

For those who thought that Google Hangouts is dead are in for a surprise. The search giant unveiled an all-new G Suite with interoperability between Hangouts Meet and other video conferencing systems like select Skype, Cisco, Polycom products. The new features are Google's attempt to make Google Hangout or G Suite more of a productivity tool rather than a social media network. Read about the new G Suite features on ZDNet.

Nordic countries oppose EU plans for digital tax on firms' turnover

This news may be great for the US tech companies operating in Europe. Three finance ministers of Sweden, Denmark, and Finland respectively have opposed the newly announced digital tax on companies generating revenues in European Union. The proposed tax would have had a cascading effect on companies like Facebook, Google etc.  The three finance ministers announcement could further weaken the plan proposed by the European Commission in March. It has already attracted criticism from smaller EU states and a lukewarm response from Germany’s new government. Read more on Reuters.

‘You’re Stupid If You Don’t Get Scared’: When Amazon Goes From Partner to Rival

Wall Street Journal's Jay Greene and Laura Stevens take a behind the scenes look at AWS CEO Andy Jassy's strategy for expanding the cloud platform by building new features and services that sometimes compete with partners on the platform. Amazon's new push could put several of cloud services companies who use AWS to run their services in direct competition with AWS. Read  Jay Greene and Laura Stevens article on Wall Street Journal.

Nearly 500,000 routers infected by Russian malware, Apple’s privacy portal, New LocationSmart scandal

Cyber firms, Ukraine warn of planned Russian attack

Cisco's Talos cyber intelligence unit says 500K+ routers in dozens of countries have been infected by Russia-linked malware and could be used to attack Ukraine. Cisco Systems Inc warned on Wednesday that hackers have infected at least 500,000 routers and storage devices in dozens of countries with sophisticated malicious software - activity Ukraine said was preparation for a future Russian cyber attack. Read about it on Reuters.

Editor's comment: Isn't it amazing that companies like Cisco still seek to sell their technology to Russia? I wonder what support agreements American IT firms have with the GRU and how easy it is for the GRU to review source code of Cisco, Juniper and other big telecom gear players? -bg

Apple launches new privacy portal, users can download a copy of everything Apple knows about them

With Facebook under severe criticism for use of sensitive user information, another tech major, Apple, has gone an extra mile to give its users control over their data. Like Google, Apple has launched a privacy portal where users can download a copy of all data Apple associates with their account, starting in EU and rolling out worldwide later. Apple's new Data and Privacy website will allow Apple users to download everything that Apple personally associates with your account, from Apple ID info, App Store activity, AppleCare history to data stored in iCloud like photos and documents. Source: 9to5 Mac.

The Privacy Scandal That Should Be Bigger Than Cambridge Analytica

Just as Facebook - Cambridge Analytica data breach scandal is dying down, another big scandal has surfaced. Wireless carriers may be sharing your real-time location with malicious crooks.  The scandal involves LocationSmart and Securus, dealers of millions of Americans' real-time cell location data, who could be sharing real-time location-tracking data that the four largest U.S. wireless carriers collect on everyone with a mobile device. Read about this new scandal on Slate.

Amazon is selling facial recognition to law enforcement — for a fistful of dollars

How would you react if you knew your local city authorities were using facial recognition technology without proper debate or approval. Civil rights groups have claimed that this is what is happening in some United States states as authorities are using Amazon's Rekognition facial recognition tool without following due procedures and could harm the privacy of the US citizens. Read why civil rights groups may be right on Washington Post.

Comcast website bug leaks Xfinity customer data

If you are a Comcast subscriber you should worry about this news. Security researcher Karan Saini has found a bug in Comcast's website that leaks Xfinity users' info, including the user residence address where the router is located and Wi-Fi credentials. according to Saini, the website, used by customers to set up their home internet and cable service, can be tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password. Source: ZDNet.

Facebook gives sensitive user information to advertisers, White House emails not protected, Discounted cyber insurance, Intel’s unethical conduct

These are some of the cybersecurity stories CTOvision is tracking. For others see our portal into all things cybersecurity and cyberwar.

Facebook lets advertisers target users based on sensitive interests

CTOvision has been tracking the Facebook data issues for quite a while and will continued to keep you in the loop (see The Ethics Of AI and Big Data: Facebook and Cambridge Analytica Are Writing New Case Studies For Us All). One high interest piece in related to the Cambridge Analytica data breach scandal highlights how Facebook has been under vigorous scrutiny from users as well as many governments across the world. Now a new investigation will further mar Facebook's reputation. With GDPR imminent, a new Guardian investigation had found that Facebook lacks privacy controls for information inferred about users, including sensitive details used in ad targeting. Read about how Facebook may be letting ad providers access sensitive user information on The Guardian.

What The Board Needs To Know About the GDPR

Executives in businesses around the globe have been tracking The European Union's (EU) General Data Protection Regulation (GDPR), which goes into effect 25 May 2018. Those who operate primarily in the EU have had plenty of time to focus on this and no excuses for not paying attention. Those who operate primarily elsewhere also have no excuse to not be aware of the GDPR and should have already assessed how things should change because of these new rules. We have found, however, that many firms in the EU and the US and elsewhere are still not paying enough attention to these very serious rules. Admittedly our sample size is small and this may not be reflective of the majority of firms, but we have seen indications that many firms are adopting a strategy of putting their collective head's in the sand or not really doing a serious assessment of the potential impact of GDPR on the firm. For more see: GDPR

Get DMARC Done To Help Fight Cyber Attacks

The Domain-based Message Authentication, Reporting & Conformance (DMARC) security protocol enables organizations to protect their email domains from being used by spammers and phishers to trick employees, customers and trading partners.  Without DMARC implemented, scammers and criminals can easily “spoof” an email domain to steal money, trade secrets or even jeopardize national security. DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of workers in all sectors of society.  According to the 2017 Symantec ISTR report, 1 in 131 emails contained malware, the highest rate in 5 years. One of the most helpful providers of actionable information on DMARC is the Global Cyber Alliance.

For more on DMARC see: Global Cyber Alliance Release: Perhaps the most important of the 2018 RSA Conference Season and: Government Matters TV Explores Email Security Standards, DoD IT and Cloud Security with Bob Gourley

Companies Turn to War Games to Spot Scarce Cybersecurity Talent

Companies have found a new way to tap scarce cybersecurity talent. Profile of UK government's annual Cyber Security Challenge that tests contestants' abilities during cyberwar simulations and is used by companies to hire staff — Realistic scenarios help wannabe cybersecurity experts strut their stuff — A major shipping company is under attack. Source Bloomberg.

Intel did not tell U.S. cyber officials about chip flaws until made public

A new revelation that Intel did not disclose the Spectre and Meltdown flaws even though it knew about it could mean that Intel could be fined by the US authorities. Letters from Intel, Alphabet, and Apple to Congress say Intel didn't disclose Spectre and Meltdown flaws to US cyber security officials before news leaked. Source Reuters.

There are also new reports of vulnerabilities in hardware summarized by Bloomberg here. This report features insights from Yuriy Bulygin, expert in computer vulnerabilities. He spent most of his career at Intel Corp. studying security flaws in chips, including several years as the company’s chief threat researcher, until last summer. So you can believe him when he says he’s found something new: His latest research, set to be published on May 17, shows hackers can exploit previously disclosed problems in microprocessors to access a computer’s firmware—microcode that’s stored permanently inside processors and other chips—to get to its most sensitive information. “The firmware has access to basically all the secrets that are on that physical machine,” he says.

Apple, Cisco team up with insurance companies to offer cyber policy discounts

While cyber insurance is the best way to protect your business against data breaches and hacking attacks, expensive policies deter small and medium businesses from buying cyber insurance. Apple and Cisco have decided to tap into this lucrative market in partnership with insurer Allianz and insurance broker Aon. The foursome will offer discounted cyber insurance to businesses that primarily use their equipment. Read about the discounted cyber insurance on Reuters.

Are you on distro for our Cybersecurity and Cyberwar weekly? Sign up for that one plus others at CTOvision Newsletters.

Coming Events of Interest: These are the big ones for rest of 2018

The following are some of the events we are tracking in our CTO Events Calendar. We maintain this calendar as reference for our readers and keep it up to date with events we believe to be of high value to technologists seeking to track emerging trends, learn what peers are doing and find new ways of doing things.

Events we think you should be considering for the rest of 2018 include:

Gartner Security & Risk Management Summit 2018

June 4 - June 7
National Harbor
Organizer: Gartner

SINET New York 2018

June 7
New York
Organizer: SINET

Blackhat 2018

August 4 - August 9
Las Vegas
Organizer: BlackHat

DoDIIS 2018

August 12 - August 15
Organizer: NCSI

TechNet Augusta

August 20 - August 24
Organizer: AFCEA

O’Reilly and Intel AI Artificial Intelligence Conference

September 4 - September 7
San Francisco
Organizer: O’Reilly

Intelligence and National Security Summit

September 4 - September 5
National Harbor
Organizer: AFCEA

Strata Data + Hadoop World NYC

September 11 - September 14
New York
Organizer: O’Reilly

SINET Showcase DC

November 7 - November 8
Organizer: SINET

AWS re:Invent

November 26 - November 30
Las Vegas
Organizer: Amazon


You can get the full list of events we believe CTOvision readers will take a high interest in here. Do you know of an event you believe the community would be interested in? If so, submit it here.

We are also interested in hearing about opportunities for Crucial Point or CTOvision to become a media sponsor for your event. If you are an event organizer and would like more information on media partnerships contact us here.