ISC Stormcast For Thursday, July 27th 2017 https://isc.sans.edu/podcastdetail.html?id=5600, (Thu, Jul 27th)

July 27th, 2017
by The Feeder
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted in Uncategorized | Comments (0)

How Attackers Use Machine Learning to Predict BEC Success

July 27th, 2017
by The Feeder
Researchers show how scammers defeat other machines, increase their success rate, and get more money from their targets.

Posted in Uncategorized | Comments (0)

Android Sypware Still Collects PII Despite Outcry

July 27th, 2017
by The Feeder
Spyware called Adups found on millions of low-end phones is still collecting personal identifiable information of users despite public outcry.

Posted in android, Black Hat, BLU, Cubot, malware, Mobile Security, privacy, spyware | Comments (0)

Vulnerable Radiation Monitoring Devices Won’t Be Patched

July 26th, 2017
by The Feeder
Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.

Posted in Black Hat, critical infrastructure, Digi, firmware vulnerabilities, hardware hacking, IOActive, Ludlum Portal Monitors, Mirion WRM2 protocol, nuclear power plant security, radiation monitoring devices, RF analysis, Ruben Santamarta, vulnerabilities | Comments (0)

Judge: Waymo may be in “a world of trouble” if it can’t prove actual harm by Uber

July 26th, 2017
by The Feeder

Enlarge / Autodesk VRED Design 2017. (credit: Waymo)

SAN FRANCISCO—At a court hearing on Wednesday, US District Judge William Alsup questioned whether Waymo can really show the harm from Uber's alleged trade secret theft.

Waymo has been ordered to submit a detailed description of how it has been harmed within a month. The case is rapidly moving ahead towards an October trial date. If the trial actually takes place, it will elevate what has already become the highest-profile lawsuit related to the rapidly accelerating self-driving car industry.

Google’s division sued Uber back in February, alleging that one of its own former engineers, Anthony Levandowski, stole 14,000 proprietary files and took them to his new startup, Otto (which was quickly acquired by Uber). However, Uber says it never received them and so it couldn’t have and didn’t implement them into its own products, services, or prototypes.

Read 10 remaining paragraphs | Comments

Posted in Law & Disorder, Uber, waymo | Comments (0)

Everyday Hero: 5 Questions with McAfee Labs’ Paula Greve

July 26th, 2017
by The Feeder

With cybersecurity experts taking center stage this week at the Black Hat conference in Las Vegas, the world is watching for the release of the latest breakthrough research, development, and trends. Paula Greve, a principal engineer leading the data science team within McAfee Labs, is on the front lines of cybersecurity defense. As the industry gathers at this crucial time, she answers five questions about her job.

Why did you pursue a career in data science?

Solving puzzles. Detecting patterns. I get a thrill from making sense of the seemingly unconnected.

I always wanted to do something meaningful with my Computer Science degree. And then when I was approached by a security firm out of college, I was hooked on the challenge of staying one step ahead of the attacker. Then, with the arrival of big data and the maturity of machine learning, the challenge only grew and upped the skills required. But I fell into it by accident, which is why I’m also passionate about showing young people what an impactful role they can have in cybersecurity and by pursuing a career in STEM.

Today, I can’t imagine doing anything other than searching for possible weaknesses before an attacker exploits them alongside a team of the good guys at McAfee.

What does a typical workday look like for you?

My morning kicks off with an online sync-up meeting. Unless there is a major security breach, massive new threat or other emergency, I spend some time reviewing the latest internal and external news from security researchers.

From there, the bulk of my workday is spent with other researchers investigating whether product features and capabilities are staying ahead of the cybersecurity threats. These meetings are also when we plan for the future, answering questions such as how do we scale the system to handle the new amount of needed data (which is always growing!), how do we ensure our data is protected, what missing data from our point products or from our threat intelligence sharing activities do we need to collect, and how should our products and technologies evolve to address the new threats?

But if a major incident breaks out, such as with Petya or a WannaCry, it is all hands on deck. We immediately work the problem as a greater team. One team assembles the kill chain of the attack. They feed their data into my team and we validate what we see and its relation to the kill chain. What geographies are experiencing this outbreak? When was the first evidence? What was our protection capabilities on day zero as it relates to the kill chain? Is the attack evolving or resolved? We work quickly with our product, sales and marketing teams to make sure our customers are protected or know what they need to do to get back to what we call a “known good state” as quickly as possible.

What keeps you up at night?

Knowing that if something slips through the cracks, someone else will have a very bad day. We spend every hour protecting people worldwide from over 600 million pieces of malware, seven million types of ransomware, and a wide range of other attack types. So, every day I reflect about how I can do better, how my department can do better, and how we can help our customers do better.

What’s the best part of your day at McAfee?

Working with a talented and passionate team. We all recognize how important our work is and we’re constantly sharpening our skills by sharing knowledge, exchanging insights and exploring new tactics. The pace in which technology evolves is also exciting. We’ve developed new ways to classify threats using machine learning. When a new threat comes in we can test our models against it and assess its effectiveness. Using machine learning we can enhance our models and learn quickly about the best approach.

I also enjoy carrying out my own investigations and digging into the data over the course of the day. I love working out how it all fits together, reviewing anything we may have missed, studying anomalies and collaborating with other researchers across the globe, to be able to make assessments about areas of concern. This allows our product teams to develop the tools and technologies needed to combat these threats.

In the end, the best part of my day is knowing that by applying my skills and experience, I play my part in keeping our world safe!

What behind-the-scenes insight can you share?

The threats keep coming. There is too much for any one person to keep track of. I generally collaborate with my fellow McAfee researchers –dedicated URL researchers, file researchers, threat intel researchers. But because of the changing landscape, intelligence sharing and collaboration across boundaries are now essential components of cybersecurity. McAfee has expanded the spheres of collaboration beyond just our internal team to encompass customers, external threat researchers, other security vendors, law enforcement organizations, and government agencies. More recently, we helped found the Cyber Threat Alliance, a group of cybersecurity practitioners working together to share threat information and improve defenses.

After all, Together is Power.

The post Everyday Hero: 5 Questions with McAfee Labs’ Paula Greve appeared first on McAfee Blogs.

Posted in Cybersecurity, Life at McAfee, McAfee | Comments (0)

Everyday Hero: 5 Questions with McAfee Labs’ Paula Greve

July 26th, 2017
by The Feeder

With cybersecurity experts taking center stage this week at the Black Hat conference in Las Vegas, the world is watching for the release of the latest breakthrough research, development, and trends. Paula Greve, a principal engineer leading the data science team within McAfee Labs, is on the front lines of cybersecurity defense. As the industry gathers at this crucial time, she answers five questions about her job.

Why did you pursue a career in data science?

Solving puzzles. Detecting patterns. I get a thrill from making sense of the seemingly unconnected.

I always wanted to do something meaningful with my Computer Science degree. And then when I was approached by a security firm out of college, I was hooked on the challenge of staying one step ahead of the attacker. Then, with the arrival of big data and the maturity of machine learning, the challenge only grew and upped the skills required. But I fell into it by accident, which is why I’m also passionate about showing young people what an impactful role they can have in cybersecurity and by pursuing a career in STEM.

Today, I can’t imagine doing anything other than searching for possible weaknesses before an attacker exploits them alongside a team of the good guys at McAfee.

What does a typical workday look like for you?

My morning kicks off with an online sync-up meeting. Unless there is a major security breach, massive new threat or other emergency, I spend some time reviewing the latest internal and external news from security researchers.

From there, the bulk of my workday is spent with other researchers investigating whether product features and capabilities are staying ahead of the cybersecurity threats. These meetings are also when we plan for the future, answering questions such as how do we scale the system to handle the new amount of needed data (which is always growing!), how do we ensure our data is protected, what missing data from our point products or from our threat intelligence sharing activities do we need to collect, and how should our products and technologies evolve to address the new threats?

But if a major incident breaks out, such as with Petya or a WannaCry, it is all hands on deck. We immediately work the problem as a greater team. One team assembles the kill chain of the attack. They feed their data into my team and we validate what we see and its relation to the kill chain. What geographies are experiencing this outbreak? When was the first evidence? What was our protection capabilities on day zero as it relates to the kill chain? Is the attack evolving or resolved? We work quickly with our product, sales and marketing teams to make sure our customers are protected or know what they need to do to get back to what we call a “known good state” as quickly as possible.

What keeps you up at night?

Knowing that if something slips through the cracks, someone else will have a very bad day. We spend every hour protecting people worldwide from over 600 million pieces of malware, seven million types of ransomware, and a wide range of other attack types. So, every day I reflect about how I can do better, how my department can do better, and how we can help our customers do better.

What’s the best part of your day at McAfee?

Working with a talented and passionate team. We all recognize how important our work is and we’re constantly sharpening our skills by sharing knowledge, exchanging insights and exploring new tactics. The pace in which technology evolves is also exciting. We’ve developed new ways to classify threats using machine learning. When a new threat comes in we can test our models against it and assess its effectiveness. Using machine learning we can enhance our models and learn quickly about the best approach.

I also enjoy carrying out my own investigations and digging into the data over the course of the day. I love working out how it all fits together, reviewing anything we may have missed, studying anomalies and collaborating with other researchers across the globe, to be able to make assessments about areas of concern. This allows our product teams to develop the tools and technologies needed to combat these threats.

In the end, the best part of my day is knowing that by applying my skills and experience, I play my part in keeping our world safe!

What behind-the-scenes insight can you share?

The threats keep coming. There is too much for any one person to keep track of. I generally collaborate with my fellow McAfee researchers –dedicated URL researchers, file researchers, threat intel researchers. But because of the changing landscape, intelligence sharing and collaboration across boundaries are now essential components of cybersecurity. McAfee has expanded the spheres of collaboration beyond just our internal team to encompass customers, external threat researchers, other security vendors, law enforcement organizations, and government agencies. More recently, we helped found the Cyber Threat Alliance, a group of cybersecurity practitioners working together to share threat information and improve defenses.

After all, Together is Power.

The post Everyday Hero: 5 Questions with McAfee Labs’ Paula Greve appeared first on McAfee Blogs.

Posted in Cybersecurity, Life at McAfee, McAfee | Comments (0)

Adobe’s Move to Kill Flash Is Good for Security

July 26th, 2017
by The Feeder
In recent years, Flash became one of the buggiest widely used apps out there.

Posted in Uncategorized | Comments (0)

iPhone-maker Foxconn to build flat-screen display factory in Wisconsin

July 26th, 2017
by The Feeder

Enlarge / The OLED-toting Google Pixel (left) next to the iPhone 7 Plus' LCD panel. (credit: Ron Amadeo)

Foxconn, one of the electronics manufacturers that makes Apple's iPhones, revealed plans today to build a factory in Wisconsin to product flat-screen displays. Foxconn's total investment in the Wisconsin factory amounts to $10 billion, more than the original $7 billion that Foxconn had been talking about investing in US manufacturing since Donald Trump took office as President. The factory will create at least 3,000 jobs and upwards of 13,000 jobs, as well as up to 22,000 induced jobs in other parts of Wisconsin. President Trump praised the deal at the press event, claiming it was a win for anyone who "believes in the label 'Made in the USA.'"

The factory will be located in southeastern Wisconsin in House Speaker Paul Ryan's congressional district. However, it will not come for free. Wisconsin Governor Scott Walker said at the event that Foxconn will receive an incentive package $3 billion over the next few years, including state, local, and federal incentives.

Foxconn will build flat-screen LCD display panels at the new factory under the Sharp brand, which the company bought in 2016 for $1.5 billion. At the press event, Gou and Governor Walker emphasized LCD display manufacturing for the automotive, healthcare, and other industries, rather than OLED display manufacturing.

Read 2 remaining paragraphs | Comments

Posted in apple, Foxconn, Gear & Gadgets, Infinite Loop, iphone | Comments (0)

Using a blockchain doesn’t exempt you from securities regulations

July 26th, 2017
by The Feeder

Enlarge / Ethereum founder Vitalik Buterin. (credit: Techcrunch)

The DAO, a blockchain-based organization created last year, was supposed to demonstrate the potential of Bitcoin competitor Ethereum. Investors pumped $150 million of virtual currency into the project. But then in June 2016, hackers found a bug in the DAO's code that allowed them to steal $50 million from the organization, creating a crisis for the Ethereum community.

A Tuesday ruling from the Securities and Exchange Commission makes clear that security flaws were not the problem with the DAO. The agency says the DAO's creators broke the law by offering shares to the public without complying with applicable securities laws. Though luckily for the DAO's creators, the SEC isn't going to prosecute them.

"There's nothing surprising here," says Patrick Murck, a legal expert at Harvard's Berkman Klein Center. "It's very commonsensical."

Read 17 remaining paragraphs | Comments

Posted in bitcoin, Blockchain, ethereum, Law & Disorder | Comments (0)