October 11, 2016

Russian group that hacked DNC also nearly destroyed French TV channel, report says

The attackers defaced the TV5Monde website and placed an image of a disguised jihadist with a black-and-white checked keffiyah and the words “Cyber Caliphate,” a group set up by the Islamic State. “We saw this as the first foray into an active false flag operation,” Galante said, using the espionage term for one side in a conflict disguising itself as a different party. “This was not long after the Charlie Hebdo shooting in Paris, and it served as a laboratory.” Galante, who previously held posts in the State and Defense departments, said Russian President Vladimir Putin sought to regain glory for a powerful Russia and that the state-backed hacking teams sought to cause political damage and rifts between Western countries that might stymie Russian interests.


Blockchain publications that should be on your reading list - How many can you check?

Agreed that it is a powerful technology which has potential to change the end-to-end business processes, networks and trust models. Beyond that, blockchain could potentially be viewed as a design thinking paradigm because it compels one to un-learn the way things have always been done and embrace new ways in which collaboration with trust is the new normal. Blockchain is also a catalyst to re-imagine, re-define and re-create experiences for the end user as it enables peer-to-peer exchange of assets of value in a reliable, cost-effective and pragmatic manner. It is interesting to note that blockchain has applications across all industries and is at the interplay of business, process, technology and people, so it can potentially transform the current normal in more than one way.

Read more here: http://www.mcclatchydc.com/news/nation-world/national/national-security/article107321047.html#storylink=cpy

National cybersecurity strategy aims to make Smart Nation safe: PM Lee

The first pillar is meant to step up protection of the Republic’s essential services in key sectors such as emergency services, e-Government, banking and finance, utilities, transport and healthcare, according to the Cyber Security Agency of Singapore (CSA). To do so, it is looking to expand the National Cyber Incident Response Team and National Cyber Security Centre. It is also looking to equip IT security professionals by mounting multi-sector exercises to test cooperation and where the scope of responsibilities overlap. Last May, CSA held its first cybersecurity table-top exercise, CyberArk IV, for the finance and banking sector, which was witnessed by the Minister-in-Charge of Cyber Security Yaacob Ibrahim.  Additionally, there are plans to strengthen the country’s existing cybersecurity governance and legislative framework.


The two CAs will be separated and their CEO will be replaced

The company said that the decision to backdate certificates was taken to help desperate customers in China who could no longer obtain SHA-1 certificates and were having trouble supporting the millions of computers in the country that still use Windows XP with Service Pack 2. Chinese Internet security company Qihoo 360, which owns a majority stake in WoSign and implicitly in StartCom, has stepped in and decided to separate the two CAs. "360’s Corporate Development team has been notified to execute the process to legally separate Wosign and Startcom and to begin executing personnel reassignments," the company said. "StartCom’s chairman will be Xiaosheng Tan (Chief Security Officer of Qihoo 360). StartCom’s CEO will be Inigo Barreira (formerly GM of StartCom Europe). Richard Wang will be relieved of his duties as CEO of WoSign."


Shellshock Anniversary: Major Security Flaw Still Going Strong

Right at the onset, we observed a significant increase in focused attacks leveraging these vulnerabilities — over 2,000 security events within 24 hours of the Shellshock bug disclosure. To get an idea of the magnitude of this activity, there were just over 7,500 Shellshock security events for the entire month of August 2016, according to IBM MSS data. When a zero-day vulnerability surfaces, especially a high-profile one that can affect many systems, the corresponding exploit is usually disclosed promptly. With Shellshock, an exploit targeting the first vulnerability was publicly disclosed a mere 28 hours after the zero-day vulnerability emerged. As news of this vulnerability and its ease of exploitation spread, the number of attackers opting to leverage and exploit it increased tremendously.


The Impact of Smart Machines on the Workforce

Smart machines that are connected to IoT infrastructure are becoming more common in every industry. Whether we look at automated checkouts at supermarkets, self-serve check-in machines at airports and train stations, or even ATM machines, we are seeing examples of how smart machines have, at least in some part, taken over functions previously performed by human workers. Does this mean that people would naturally be accepting of an automated, machine driven future? It’s possible, but not necessarily the case. Gartner Research surveyed influential CEO’s in 2013, asking whether they considered that machines would be capable of taking over millions of jobs within the next 15 years. Surprisingly, 60% of these CEO’s said no, and referred to the situation as a ‘futurist fantasy’.


Considerations for Successful SDN Deployments

Starting with an immediate problem and looking for an SDN solution to fix it is very tempting for the resource-starved enterprise. It’s no surprise that in many organizations, SDN starts with a proof-of-concept or testing of some point solutions. For example, in a data center, microsegmentation offers a solution to the security issue of east-west traffic, which is a problem for most enterprises.Revamping an aging and old hybrid WAN infrastructure provides a compelling business use case as well. Obviously, it’s expected that businesses will address such immediate issues, and there is nothing wrong with considering SDN-based solutions. The problem is when such point SDN solutions are considered without the context of a broader IT or network strategy.


The Middle East is Waking Up to Possibilities of Fintech Market

A consensus is emerging among financial institutions and governments that nurturing fintech startups is beneficial for the region. In particular, the UAE is already showing signs of supporting fintech industry, as well as several early success stories. Abu Dhabi aims to be the Middle East’s fintech hotspot. Recently, Abu Dhabi’s Financial Services Regulatory Authority has proposed building a framework that will enable fintech startups to conduct their activities in a cost-effective and controlled environment. To encourage fintech growth, the Middle East and North Africa (MENAset up a Regulatory Laboratory(RegLab). The aim of RegLab is to cater for the unique requirements and risks of fintech companies. There are various fintech companies that have emerged in the Middle East.


Robo-advisory in banking: do you trust a robot’s financial advice?

As part of its long awaited Retail Distribution Review (RDR), the FCA approved the use of robo-advice as an alternative to costly face-to-face advisors, which help to reduce costs for investors. The desire to increase the availability of robo-advisors is part of a policy to expand the financial advice market. The view of the FCA is that the market currently delivers high-quality solutions for those investors that can afford full advice. However, not every potential investor requires or wants a personal recommendation for every decision – in this context, robo-advisors have an important role to play. Robo-advisors should be viewed as a service that compliments traditional wealth management advice rather than one that seeks to replace it – they each address different client needs and goals.


Internal Tech Conferences - How and Why

Internal tech conferences can help people to build relationships and discover more about things that are going on in a friendly environment and non-threatening context, so that they have the confidence to wholly participate and know that others will be able to get in step with them to help make new ideas happen. ... There is no ‘right way’ to run an internal tech conference - it depends on what your team, department or organisation needs. An important thing to consider early on is the audience: who should we invite? Who would benefit most from the conference? The answers to those questions should help to frame your conference planning: as the attendee list grows the focal point of discussions stretch to fit the audience, whereas a compact group allows the focus and aims of the conference to remain tight and on track.



Quote for the day:


"The greatest thing is, at any moment, to be willing to give up who we are in order to become all that we can be." -- Max de Pree