Cyber Weekly Roundup – January 26, 2018

Weekly Roundup

Cyber Weekly Roundup – January 26, 2018

By Colby Proffitt

1.) New global cybersecurity center announced at Davos (January 24, 2018)

https://www.cyberscoop.com/new-global-cybersecurity-center-announced-davos/

Summary: The World Economic Forum announced plans Wednesday to launch a new coordinating group to counter emerging cybersecurity threats and help connect leaders from business and government to collaborate on various security issues as well as share best practices.

Why it matters: The good guys might just be on to something here – collaboratively developing solutions apart from regulations to create stronger defenses, much in the way that hackers collaborate to develop intricate code and launch economically and politically devastating attacks. What will be interesting to watch is whether regulation remains truly absent, or if it is instituted after or due to suspicion of malicious activity amongst the members.

2.) Facebook hires first ever head of cybersecurity policy (January 23, 2018)

https://www.cyberscoop.com/facebook-cybersecurity-policy-nathaniel-gleicher/

Summary: Facebook has hired its first ever director of cybersecurity policy.

Why it matters: This announcement is important for several reasons. First, although a leading social media platform, Facebook was falling behind in terms of cybersecurity. From trusted contact hacks to the fake Americans Russia created to influence the election, Facebook has fallen victim to attack more than once. In its defense, it is a big target, but it will be interesting to see how this new hire shapes the cyber future of the company, especially with the newly released cyber policies of 2017.

3.) Alphabet launches new cybersecurity company, Chronicle, out of its X moonshot factory (January 24, 2018)

https://techcrunch.com/2018/01/24/alphabet-launches-new-cybersecurity-company-chronicle-out-of-its-x-moonshot-factory/

Summary: Alphabet, the company you probably still wrongly refer to as “Google,” today announced the launch of Chronicle, a new cybersecurity company that aims to give companies a better chance at detecting and fighting off hackers. Chronicle is graduating out of Alphabet’s X moonshot group and is now a standalone company under the Alphabet umbrella, just like Google.

Why it matters: This is a catchy headline, but it’s not the first time we’ve seen this approach, and there just aren’t enough details to indicate any groundbreaking advances. Advances in security must be either faster, better, or more efficient (cheaper). Otherwise, the tools are simply competitors. This story is worth following, especially if Alphabet has a cyber game changer up its sleeve.

4.) Free Linux Tool Monitors Systems for Meltdown Attacks (January 27, 2018)

https://www.technewsworld.com/story/85094.html

Summary: SentinelOne this week released Blacksmith, a free Linux tool that can detect Meltdown vulnerability exploitation attempts, so system administrators can stop attacks before they take root.

Why it matters: Following up on last week’s roundup, this article will bring you up to speed. What’s been interesting to watch is the effort hurled towards resolving this issue, with most solutions made available for free. Such competition is a commentary on not just the immensity of attacks and opportunity for defense solutions and creativity, but also the selection challenges for the end user. Increasingly, the onus of personal cyber protection is falling to end users. The days of buying a simple AV program are over. Now, end users must consider a host of options, their assets and habits, and choose the protection that best suits their needs, and budget.

5.) ATM makers warn of ‘jackpotting’ hacks on U.S. machines (January 27, 2018)

https://www.cnbc.com/2018/01/18/intel-patches-are-causing-computers-to-randomly-restart.html

Summary: (Reuters) – Diebold Nixdorf Inc. and NCR Corp, two of the world’s largest ATM makers, have warned that cyber criminals are targeting U.S. cash machines with tools that force them to spit out cash in hacking schemes known as “jackpotting.”

Why it matters: More recently, much of the cyber focus has fallen to nation-state attacks and widespread ransomware attacks, but this article highlights another attack that doesn’t appear to be nation-state sponsored; in-fact, it appears to be sponsored and targeted by region. Nation-state attacks are one thing, but even at home, users aren’t safe. ATM users are best served by performing transactions with a bank teller directly.