We continuously monitor the cyber, Gen AI landscape and its impact on us all. We help you stay up to speed with this collection of useful threat intelligence and News, Events, Jobs, & Innovators.
Mark your calendars for ATARC’s government-only Zero Trust Lab Phase 2 Demonstration on December 6, 2024, from 12:00 to 3:00 PM ET! This exclusive event features Available Networks, Darktrace Federal, and Walacor Corporation, showcasing a fully integrated solution addressing all thirteen ATARC-defined Zero Trust use cases. Aligned with NIST, CISA, and DoD standards, the demonstration highlights advanced AI/ML-driven detection and response within a national security-grade private network.
This event is open to government personnel only—register with your .gov or .mil email to secure your spot! Register here:
7:30 AM - 9:00 AM Central A CISO Panel discussion. contact dan.piercy@cyberbuyer.io to RSVP….
*Wednesday December 18 (AM via zoom & PM in person)
The Cyber Breakfast Club – **Boston, DC & Georgia combined** Monthly Meeting
7:45 AM - 9:00 AM Eastern
Virtual Meeting: 4 Tips For Communicating Cyber Risk to a Business Audience.Jeffrey Wheatman, SVP Cyber Risk Strategy at Black Kite https://www.linkedin.com/in/jnwheatman/ Jeff is with a cybersecurity veteran and a lot of fun. Catch him here as he speaks on many cyber panels at conferences across the US!
*Wednesday, 18 December, 4-6pm. For those in the DC Area! Reston, VA. DC Chapter Holiday Party.
Dr. David A. Bray is a distinguished expert in technology leadership, organizational transformation, and cybersecurity. His extensive experience includes roles such as Chief Information Officer at the Federal Communications Commission, where he led significant IT transformations, and leadership positions in bioterrorism preparedness and response.
*Thursday December 19
The Cyber Breakfast Club – Carolinas Monthly Meeting
7:30 AM - 9:00 AM Eastern
Virtual and In-Person Meeting
SEC Cyber Regulations and the Year End Race to the Finish Line, with Christopher Hetner presenting.
Cyber Risk Advisor at NACD (National Association of Corporate Directors)
Please join our partner on Fri, 6 December, 2024 for Super Cyber Friday. Register here
Our topic of discussion will be “Hacking the AI Supply Chain: An hour of critical thinking about what's new and familiar about securing the foundations of your AI applications.”
1. CMMC Cybersecurity Assessor: Kieri Solutions is a leading authorized Certified Third-Party Assessment Organization (C3PAO) that focuses on third party assessments for CMMC compliance in the Government contracting space.
2.CISO Carta develops purpose-built software that transforms traditional accounting into a powerful growth engine. Carta’s world-class fund administration platform supports nearly 7,000 funds and SPVs, and represents nearly $130B in assets under management in venture capital and private equity. $273,750 - $365,000 in San Francisco, CA; Santa Clara, CA; or New York City, NY and $260,063 - $346,750 in Seattle, WA
3. CISO Sempra Infrastructure, a leading energy infrastructure company, is seeking an experienced and strategic Chief Information Security Officer (CISO) to join their mission-driven and innovative organization. The CISO will be responsible for creating and managing an enterprise-wide cybersecurity program which will play a crucial role in safeguarding Sempra Infrastructure's critical information assets and infrastructure as well as enabling secure digital transformation. Houston, TX
4. VP Cybersecurity Strategy Darktrace Founded by mathematicians and cyber defense experts in 2013, Darktrace is a global leader in cyber security AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption. They protect more than 9,000 customers from the world’s most complex threats, including ransomware, cloud, and SaaS attacks.
FED:
MITRE, Software Systems Engineer, Offutt AFB, NB MITRE’s Nuclear Enterprise Programs Division has an excellent opportunity supporting the modernization of our nation’s strategic deterrence through continuous improvement of our sponsors software development capabilities and system architecture.
****************************************************************************************************…………………….GEN AI: Big Thinker on Applied Engineering for GenAI: Timothy Rohrbaugh: https://www.linkedin.com/in/timrohrbaugh/ ”We need a new crop of applied engineers. IT was the label we provided to people who in essence found ways to utilize compute technology to the benefit of business and humanity. Since we now have technology that is different and will be at every step, we should have applied engineers who bridge the gap between what businesses and society need to thrive. I do think IT people can embrace this role but here is the real opportunity for those who have not fully benefited from the last 30 years to be included. Applied Engineering in GenAI to start benefits from an understanding of organizational psychology, processing engineering, … along with the traditional aspects of computer sciences. Being multi-dimensional with an eye on human condition and nature provides the diverse prospectives that business will need in this nascent field.” Read more at https://www.linkedin.com/posts/timrohrbaugh_applied-engineering-for-genai-and-each-additional-activity-7266830674345521152-EX7D
………………LATEST NEWS & UPDATES
Chinese Cyber Espionage on Telecommunications
U.S. federal authorities have urged telecommunications companies to bolster their network security following a significant hacking campaign attributed to Chinese state-sponsored actors. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued technical recommendations, including the implementation of encryption and continuous network monitoring, to prevent unauthorized access to sensitive communications.
The United Kingdom is experiencing an increase in cyberattacks targeting its digitized service economy and supply chains. The National Cyber Security Centre (NCSC) reported a threefold increase in nationally significant incidents over the past year, with adversaries ranging from rogue individuals to state actors from nations like Russia and China. The NCSC emphasizes the need for rapid action to enhance cyber defenses.
Dark Web Trade of Stolen Streaming Service Accounts
Cybercriminals are actively selling stolen Netflix and Amazon Prime Video accounts on the dark web for as little as £4. These illicit activities often involve phishing scams to harvest user credentials, leading to unauthorized access and potential financial loss. Users are advised to remain vigilant against unsolicited messages and to verify the legitimacy of communications purportedly from service providers.
A report by the Environmental Protection Agency (EPA) reveals that the drinking water systems serving approximately 193 million Americans are susceptible to cyberattacks. The analysis identified critical vulnerabilities in numerous water systems, underscoring the potential for significant economic and public health impacts if these systems were compromised. The EPA is urged to develop a comprehensive national cybersecurity strategy to protect this critical infrastructure.
Potential Changes to U.S. Cybersecurity Leadership
President-elect Donald Trump's upcoming term is expected to bring significant changes to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Anticipated reforms may include restructuring the agency to enhance its capacity to detect and respond to cyber threats, as well as improving coordination with state and local governments. These changes come at a critical time, given the evolving cyber threat landscape.
Telecommunications Security: Ensure that your organization's communications are encrypted and that network monitoring is robust to detect and prevent unauthorized access.
Supply Chain Vigilance: Assess and strengthen the cybersecurity posture of your supply chain partners to mitigate risks from potential vulnerabilities.
User Account Protection: Implement multi-factor authentication and educate employees about phishing scams to protect against unauthorized access to corporate accounts.
Critical Infrastructure Safeguards: If your operations involve critical infrastructure, conduct thorough cybersecurity assessments and develop incident response plans to address potential vulnerabilities.
Regulatory Awareness: Stay informed about potential changes in cybersecurity leadership and regulations that may impact compliance requirements and strategic planning.
****************************************************************************************Potential returning officials for a second Trump administration include:
Pedro Allende, former Department of Homeland Security cyber official, now secretary of the Florida Department of Management Services;
Nick Andersen, former White House and Energy Department cyber official, now with Invictus International Consulting;
Michael Ellis, former NSC and National Security Agency official, who is now a fellow at the Heritage Foundation think tank;
Karen Evans, former DHS chief information officer and Energy Department cyber lead, now managing director of the Cyber Readiness Institute;
Brian Harrell, former CISA assistant secretary, now vice president and chief security officer with the Avangrid energy services company;
Matt Hayden, former CISA assistant secretary, now vice president at General Dynamics Information Technology;
Sam Kaplan, former DHS cyber official, now at Palo Alto Networks;
Mike Klipstein, former NSC official, now an adviser at tech company SMX among other roles;
Blake Moore, former Defense Department cyber official, now with Amazon Web Services;
Lucian Niemeyer, former DOD official, now with the Building Cyber Security nonprofit;
Sean Plankey, former NSC and Energy Department cyber official, now at the global cybersecurity advisory company WTW;
Alexandra Seymour, former DOD and NSC official, now staff director of the House Homeland Security subcommittee on cyber;
Steinman, who now serves as CEO of Galvanick, a cybersecurity company that specializes in industrial systems;
Rob Strayer, former State Department cyber official, now president of the Critical Minerals Forum.
………TRIVIA TIME:
In cryptographic terms, what does the acronym "RSA" stand for, and what are the last names of the three individuals who developed it?
Bonus points: In what year was it first publicly described?
submit answers to info@fedsbd.io. Points for correct answer and for the most creatively wrong….
…………..VULNERABILITIES TO FOCUS ON:
Here are the top vulnerabilities that we found for you to focus on
1. Cisco ASA WebVPN Vulnerability (CVE-2014-3393): Cisco has issued a warning regarding the active exploitation of a decade-old vulnerability in its Adaptive Security Appliance (ASA) WebVPN feature. This flaw allows attackers to execute arbitrary code or cause a denial of service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate remediation.
2. Top Routinely Exploited Vulnerabilities in 2023: A joint advisory from CISA, the FBI, NSA, and international partners has identified the most exploited vulnerabilities in 2023. Notable among them are:
CVE-2023-3519: A code injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway.
CVE-2023-34362: An SQL injection flaw in Progress MOVEit Transfer.
CVE-2021-44228 (Log4Shell): A critical vulnerability in Apache's Log4j library, still being exploited due to unpatched systems.
3. RegreSSHion Vulnerability in OpenSSH (CVE-2024-6387): Discovered in July 2024, this vulnerability affects OpenSSH versions 8.5p1 through 9.7p1. It allows remote unauthenticated attackers to execute arbitrary code, potentially leading to root access on affected systems. Organizations are advised to update to OpenSSH version 9.8p1 or later to mitigate this risk.
4. XZ Utils Backdoor (CVE-2024-3094): In March 2024, a backdoor was discovered in versions 5.6.0 and 5.6.1 of XZ Utils' xz/liblzma. This backdoor could allow attackers to compromise systems, especially when combined with certain third-party patches to SSH servers. Affected organizations should downgrade to a secure version or apply available patches.
Immediate Patching: Prioritize applying patches for the vulnerabilities listed above, especially those actively exploited.
Vulnerability Management: Implement a robust vulnerability management program to identify and remediate security gaps promptly.
Employee Training: Educate staff about the importance of timely updates and the risks associated with unpatched systems.
Regular Audits: Conduct periodic security audits to ensure compliance with security policies and the effectiveness of implemented controls.
…………READ ON
Books that are noteworthy!
A CISO Guide to Cyber Resilience: A How-To Guide for Every CISO to Build a Resilient Security Program Authored by Debra Baker, this book provides a comprehensive roadmap for CISOs to develop and manage robust cybersecurity programs. It covers critical areas such as risk management, incident response, and integrating artificial intelligence into security strategies. Published in April 2024, it offers up-to-date guidance tailored for cybersecurity executives.
CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers Written by Todd Fitzgerald, this book delves into the multifaceted role of a CISO, offering strategies to align security initiatives with business objectives. It includes insights from industry pioneers, providing practical advice on leadership, governance, and building effective security teams. Recognized as a best-selling information security book from 2019 to 2022, it remains a valuable resource for cybersecurity leaders.
Attorneys on the Outlook for the SEC During the Next Trump Administration (We had Prof JW Vetter on as a guest speaker last month. I think you'll love this interview).
Securities Attorney Wallace DeWitt and George Mason University Law Professor J.W. Verret discussed the outlook for the SEC’ tentative agenda under the 2nd Trump administration. A large part of their discussion focused on cryptocurrency and the threats it could face from possible legislative proposals from the incoming 119th Congress. The reach of interim chair power, staff replacement, and the appointment process during an administration transition were also among the topics discussed. The virtual conversation was hosted by The Federalist Society in Washington, D.C https://www.c-span.org/video/?540215-1
Comprehensive Compliance Automation: Drata automates the compliance process across multiple frameworks, including SOC 2, ISO 27001, HIPAA, and GDPR. This automation reduces manual effort and ensures continuous adherence to regulatory standards.
Continuous Control Monitoring: The platform offers 24/7 monitoring of security controls, providing real-time visibility into an organization's compliance status. This proactive approach enables immediate identification and remediation of potential issues.
We had a session two weeks ago at the Cyber Breakfast Club with the founders of "SCN": Super Cloud Now, This first client for SCN has its fiscal year 2025 revenue forecast to a range of $4.66 billion! We focused on this first client/ use case for SCN emphasizing:
a. the importance of bringing value to data lakes and making them searchable and accessible.
b. integrating search functionality with AI and ML data to provide comprehensive search capabilities.
c. integrating security models (MITRE, NIST, etc.) on top.
The discussion focused on optimizing Splunk data storage and search efficiency. Initially, historical searches took 30 days, but now SCN completes in one hour!
Splunk's proprietary format poses challenges in data rehydration, leading to high storage costs of $3.6 million annually. SCN converts data to open text format, reducing storage by 70% (hence, from $3.6M down to $1M!) and reducing search times significantly.
This use case for a large client (a name that you and your team use daily) migrated 8 petabytes of data, achieving 70% storage reduction and $2.4 million in annual compute savings.
AND KUDOS TO……..
MITRE's Response to Cyber Attack on R&D Network
In April 2024, MITRE disclosed a cyber attack on its research collaboration network, NERVE, attributed to a Chinese nation-state adversary. The breach exploited two zero-day vulnerabilities in Ivanti Connect Secure, bypassing multi-factor authentication. MITRE collaborated with law enforcement and CrowdStrike to investigate and has published a three-part technical blog detailing the adversary's maneuvers and the vulnerabilities exploited.
and please take a moment to thank all Veterans and pray for those on December 7th, Pearl Harbor Day. President Franklin D. Roosevelt's address to Congress on December 8, 1941:
"Yesterday, December 7, 1941—a date which will live in infamy—the United States of America was suddenly and deliberately attacked by naval and air forces of the Empire of Japan."
Thanks for reading Daniel’s Substack! Subscribe for free to receive new posts and support my work.
