IMCNCRProfessionalDevelopmentProgram- May12,2016

MarcM.Kolenko703.638.5977

kolenko1@comcast.net

ThingstoWatch….Consider…1. Perimeterless networking– doesn’tmeanabandondefenseindepth2. CloudMigration– quicklybecomingasignificantextensionofthe

enterprise.Howdomyinternalsecuritycontrolstranslateinamanagedservicesenvironment?

3. Mobile– accessanywhereanytime– securityimplicationsoffederatedidentityaccessmanagement(60Minutessegment)

4. SoftwareDefinedNetworking,Everything…- securityimplicationsthereof

5. IPv6 – again,securityimplications6. IoT – billionsofIPaddresses…carhacking7. HumanCyberBehavioralAnalysis– canweshape/predictbehavior

online8. ContinuousDiagnosticsandMitigation– automatedremedialactions

– SANS20CAGCONTROLS:https://www.sans.org/media/critical-security-controls/CSC-5.pdf

OODA Loop - Intelligence | Analysis | Insight - loop@ooda.com; https://www.oodaloop.com/

Contents:•Yellow fever outbreak in DRC and Angola could spread: WHO warns

•Congo captures senior commander of Rwandan genocide-linked rebels•The Transfer of Mexican Drug Boss ‘El Chapo’ to a Less-Secure Prison Raises Concerns•Somalia: 4 Killed as Extremists Attack Police Headquarters

•Libya premier urges lifting of arms embargo, asset freeze•Multiple attacks in, around Baghdad kill at least 12 people

•Iran says tested mid-range ballistic missile two weeks ago•Taliban attacks end lull in combat in Afghan province of Helmand•Ayman al Zawahiri discusses al Qaeda’s goal of building an Islamic emirate in Syria

•Syrian warplanes counter-attack rebels near Aleppo•Tajikistan Detains Four Alleged Islamic State Supporters

•Al Qaeda chief tells jihadist fighters in Syria: Unite or die•US struggles to convince Iraqis it doesn’t support IS•Ecclestone’s daughter’s home targeted in petrol bomb attack

•Simultaneous FBI, DHS, and DoD Cyber Espionage Alerts Issued

Having trouble viewing this e-mail? Click here to view as a Web page.

Add WT@1105Newsletters.com to your contacts/whitelist to insure delivery. SPONSOR: Visual Studio Live! Boston: Better Code for All

3/30/2016

F E A T U R E D

• What's driving cyber spending in the federal market?To take advantage of the growing cybersecurity opportunities, you first need to understand what is driving agency buying decisions. ImmixGroup analyst Lloyd McCoy offers his exclusive insights.• Protests add twists, turns and oversightGAO denied a protest by American Systems Corp. and showed how large a role bid protests play in regulating the government procurement process.

From:WashingtonTechnologyDaily[mailto:WT@1105Newsletters.com]Sent:Wednesday,March30,20168:32AMTo: MarcKolenko<mkolenko@iiinfo.com>Subject:What'sdrivingcyberspendinginthefederalmarket?

LatestTechnologyNewsandExpertAdvice

Aroundupofnewsandtipsonthetopicsyou'reinterestedin |March31,2016

ISSUEHIGHLIGHTS

BradfordNAC:Networksecurityproductoverview

Hownewtechnologies are reshapingMiTMattacks

ForeScoutNAC:Networksecurityproductoverview

CiscoIdentityServicesEngine:Securityproductoverview

Fiveessential networksecurity topicsandtrendstowatch

From: TechTarget [mailto:no_reply@techtarget.com]Sent: Thursday,March31,20167:27AMTo: MarcKolenko<mkolenko@iiinfo.com>Subject: BradfordNAC:Networksecurityproductoverview

http://searchnetworking.techtarget.com/

1.SUPPORTISESSENTIAL:Securityawarenessteams arenotgettingthesupporttheyneedtobesuccessful.Over50%ofawarenesspersonnelsurveyedhaveabudgetof$5,000orlessordon’tknowwhattheirbudgetis.Lessthan15%ofawarenesspersonnelarededicatedfull-timetotheirjob.Whilethis isanimprovementfromlastyear ’s10%,weareconcernedthatisstilltoolow.Infact,64%ofpeoplereportedspendinglessthanaquarteroftheirtimeonawareness.Finally,35%reportnothavingtheexecutivesupporttheyneed.Whyisallofthisimportant?Becausethedatashowsastrongrelationshipbetween theamountofsupportyouhaveandthematurityofyoursecurityawarenessprogram.Weneedtodoabetter jobofeducatingleadershipthatsecuritycannotbesolvedbytechnologyalone; itmustalsoaddressthehumanfactor.Keystepstoachievingthisincludedemonstratingtoleadershipthatyouhaveaprovenroadmaptocreatingasecurecultureandthemetricstoshowleadershiptheimpactyourprogramishaving.

2.SOFTSKILLS ARELACKING:Lastyear,wereportedthatsoftskillsarelackinginsecurityawarenesspersonnel.Bysoftskills,wemeanskillssuchascommunications, changemanagement,learningtheory,andbehaviormodeling.Thedatatoldthesamestorythisyear:over80%ofsecurityawarenesspersonnelhaveatechnical background,withskillssuchasdebuggingnetworktraffic,buildingwebsites, orsecuringaserver.However,thisalsomeans thatmanysecurityawarenessteamsdon’tunderstandtheprovenconceptsandtechniquesinchangingbehaviorandculture.Inaddition,weidentifiedcommunicationsasoneofthekeysoftskillslacking…

https://securingthehuman.sans.org/security-awareness-training/enduser/

Global Threat Report Reveals New Botnethttps://go.forcepoint.com/

READ THE REPORT

Forcepoint™SecurityLabs™hasproducedtheirannualGlobalThreatReport,themust-readanalysisofwhat’sreallyhappeninginthecyber landscape. Thehumanandtechnicalaspectsofcyberthreatschangeddramaticallyinthepastyearandnewdevelopmentshaveemergedtopresentcompletelynewinfrastructurechallenges.Nowmorethanever,decision-makersmustunderstandandrespondtothemostprevalentattackssobusinesscancontinueto evolve.The2016GlobalThreatReportrevealsanever-before identified, powerfulbotnet thatcancausefar-reaching technical,operationalandfinancialcomplicationsforyour organization.Forcepoint givesexpertguidanceonprotectingagainstthisandotherthreats,keepingyourbusinessmoving forward.Gainactionableinsightstoprepareyourdefenses forthecomingyearofthreatsbydownloading aFREEcopyofthefull2016GlobalThreatReport now.Forcepoint

© 2016 Forcepoint. All right reserved.

-----BEGINPGP SIGNEDMESSAGE-----Hash:SHA1

=============================================================@RISK:TheConsensusSecurityVulnerability Alert

Vol.16,Num.18

Providingareliable, weekly summaryofnewlydiscoveredattackvectors,vulnerabilities withactiveexploits, andexplanations ofhowrecentattacksworked

Archivedissuesmaybefoundathttp://www.sans.org/newsletters/at-risk

=============================================================

CONTENTS:NOTABLERECENTSECURITYISSUESINTERESTINGNEWSFROMAROUNDTHESECURITYCOMMUNITYVULNERABILITIESFORWHICHEXPLOITSAREAVAILABLEMOSTPREVALENTMALWAREFILES2016-04-26- 2016-05-03============================================================

TOPVULNERABILITYTHISWEEK: MajorVulnerability inImageMagick LibraryPotentially Leading toRemoteCodeExecutionDisclosed

Newsletters: @RISK

http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

-----BEGINPGP SIGNEDMESSAGE-----Hash:SHA1

Weareexcitedtoannounce theMayissueofOUCH!Thismonth,ledbytheinfamousJamesLyne,wefocusontheInternetofThings(IoT).Specifically,wediscusswhatIoTis,howIoTimpactsourpersonallives,andwhatwecandotoprotectIoTdevices. Assuch,weaskyoushareOUCH!withyourfamily,friends,andcoworkers.

EnglishVersion(PDF)https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201605_en.pdf

Translations&Archiveshttps://securingthehuman.sans.org/ouch/archives

OUCH!LICENSE=============SomeofyouhaveaskedabouttheOUCH!license;specifically,ifyoucandistributeOUCH!aspartofyour securityawarenessprogramtoemployees,staff,customers,orstudents. YouarewelcomedandencouragedtodistributeOUCH!,evenfromyourownwebsite. TheonlylimitationisyoucannotmodifyorsellOUCH!

SANSEVENTS===========Nowistheperfecttimetotakethenextstepinyourcareer,ascybersecurity ismorevitalandcrucialforprotectingyourorganizationthaneverbefore. Learntheskills,tips,andtricksfromtheexpertssoyoucanwinthebattleagainstthewiderangeofcyberadversariesthatwanttoharmyourenvironment.Nomatterwhatyourrole,SANShasacourseandlocationthat'srightforyou.CheckouttrainingopportunitiesatSANSFIRE (DC),SaltLakeCity,andRockyMountainathttps://www.sans.org/u/dzY.Unabletotravel?Learnonlinehttps://www.sans.org/u/dA3.

SECURITYAWARENESSSUMMIT=========================Thefullagendahasbeenpostedforthe2016SecurityAwarenessSummitbeingheldfrom3/4AuginSanFrancisco. Wecan'twait,aswehaveextended ittotwodaysandaddedallsortsofnewactivities,including360Lightningtalks,videowars,groupcasestudyprojects,andlotsofnewnetworkingactivities. Learnwhatalltheexcitementisaboutathttps://sans.org/SecAwareSummit.

VIDEOOFTHEMONTH==================TomorrowisWorldPasswordDay.Assuch,wearekeepingoursecurityawarenessvideoofthemonthongoodpasswords/passphrasestopromotegoodpassworduse.Viewthevideoathttps://www.securingthehuman.org/u/8x9.

Thanks!

LanceSpitznerDirector,SANSSecuringTheHumanEmail: lspitzner@sans.orgTwitter:@lspitzner

ABOUTSANSSECURINGTHEHUMAN=============================SANSSecuringTheHumanprovidesorganizationswithacompleteandcomprehensivesecurityawarenesssolutionenablingthemtoeasilyandeffectivelymanagetheirhumancybersecurity risk.Sendusanoteatsecuringthehuman@sans.org formoreinformation.

These trending threat intelligence topics are automatically analyzed from the Web over the last 24 hours. Invite two friends and get double the indicators.The Community Edition of the Cyber Daily is freely available to security practitioners.

Cyber News

Attacking cybercrime through infrastructure, not individualsMichigan electricity utility downed by ransomware attackLinux Kernel up to 4.5.0 USB Descriptor Handler digi_acceleport.c digi_port_init denial of service

Targeted Industries

SoftwareHits: 239 | Related: Spotify, Google, GitHub, Baidu, YahooMedia and EntertainmentHits: 143 | Related: Spotify, British Broadcasting Corporation, Sony Corp, China Central Television, NetflixInformation TechnologyHits: 115 | Related: Google, Apple, Baidu, Yahoo, Check Point Software Technologies LtdBankingHits: 100 | Related: Qatar National Bank, Central Bank of Bangladesh, ANZ, Industrial And Commercial Bank of China LimitedTelecommunicationsHits: 86 | Related: Google, Verizon, SWIFT, Cisco Systems Inc, TalkTalk Telecom Group

Hackers

AnonymousHits: 383 | Related: iPhone, Google, Apple, DDOS, FacebookSyrian Electronic ArmyHits: 14 | Related: Crimeware, Facebook, Pro, Forbes, British Broadcasting Corporation

Exploited Vulnerabilities

CVE-2016-2107Hits: 41 | Related: OpenSSL, CVE-2014-0160 (Heartbleed), CBC, CVE-2016-2108CVE-2016-2445Hits: 30 | Related: CVE-2016-2444, CVE-2016-2446, Privilege Escalation, Google, NVIDIA

Recorded Future continuously analyzes the Web to identify the emerging threat indicators and trends presented above. For real-time threat intelligence tailored to your industry or organization, please request a demo.

https://www.recordedfuture.com/live/

A Note of ThanksWe want to thank you for your continued support of the newly named Center for Cyber Safety and Education. As a member of (ISC)², you have been an integral part of the creation, nurturing and growth of our programs. Please note that although our name has changed our vision of making the cyber world a safer place for all has not.

As members of (ISC)², you can continue to count on the Center as a resource for educational tools, information security industry studies and studies showing the impact the internet has on people in your community. You can also count on us to seek and reward highly motivated individuals in information security education through our scholarship programs.

Because of your continued support and conviction in our vision, the Center has established itself as the global authority on internet safety education and the leading source of research and information on information security workforce.

(ISC)² Foundation, currently doing business as Center for Cyber Safety and Education, is a charitable trust under Section 501(c)3 of the United States Internal Revenue Code. EIN: 45-2405127.

All donations are tax deductible to the full extent of the law.311 Park Place Blvd. Suite 400, Clearwater, FL 33759, United States · www.isc2cares.org

© 1996–2016. (ISC)², Inc. All rights reserved.

foundation@isc2.org

Popular discussions in:Cyber Intelligence Network

2016UndergroundHackerMarketplaceReport

KevinJordanDellSecureWorks - CyberSecurity Specialist

REPORTS 2016UndergroundHackerMarketplaceReportCustomerservice isthemotto.Hackersarenowextending their servicehours,guaranteeing theirwork,and

expanding theirofferingstokeepcustomerscomingback.

What's new in your groups

Removalof.locky ransomware?

ByParamdeep Singh

HiEveryone,Iamlookingforawaytoremove.locky ransomware fromasystem.Ifanyoneknowsthewaytoremoveit,kindlysharetherequired...

https://www.sans.org/newsletters/newsbites/

-----BEGINPGP SIGNEDMESSAGE-----Hash:SHA1

Althoughnot"TopoftheNews,"thetwostoriesonBugBountiesilluminatethevaluethatorganizationsareseeinginwell-managedbugbountyprogramsandthegrowingacceptanceofthisapproachasafarmoreeffectivewaytofindcriticalvulnerabilitiesthanrelyingexclusivelyoncommercialsoftwareand/orredteamservices. Alan

****************************************************************************SANSNewsBites April26,2016 Vol.18,Num.033****************************************************************************TOPOFTHENEWSFBI:ResponseTakes PrecedenceOverAttributionDHSRedTeamsConductPenetrationTestsonGovernmentAgenciesUSCyberCommandUsingCyberCapabilitiesAgainstISISMoreBadNewsforNASACybersecurityTHERESTOFTHEWEEK'SNEWSMITBugBountyProgramFacebookBugBountyHunterFoundEvidenceofEarlierIntrusionCropDatabasesFaceCyberthreatsUSMilitaryWantsSecureMessagingPlatformTwoPleadGuiltyinConnectionwithIRS"GetTranscript"FraudBangladeshBankBreachFactorsCiscoReleasesUpdatestoFixDenial-of-ServiceFlawsDHSWantstoImprovePrivateCompanyCriticalInfrastructureDataStorageJudyNovak'sPCAP RiddleContest- InnovativeSolutionsOpenToAll

STORMCENTERTECHCORNER

************************ SponsoredBySplunk ***************************

OnAWS,youcan'tsecurewhatyoucan'tsee.That'swhereSplunkcanhelp.Splunkofferssolutionsthatdeliverend-to-endvisibilityonAWS.Registerforourupcomingwebinartohearfromaleadingcustomer,AWS,andSplunkabouthowtobettersecureandmanageyourAWSenvironment.

http://www.sans.org/info/185222

WASHINGTONCYBERROUNDTABLE

http://cognitiocorp.com/

ThreatBrief.comThe Threat Brief

The Daily Threat Brief by Cognitio provides open source situational awareness. Reply with any comments or suggestions for us, we value your feedback.

Contents:• New ransomware modifications increase 14%

• Stronger Together: How Sharing Orchestration Models Makes for Better Cyber Defense

• Employers vicariously liable for data breaches caused by rogue employees

• Are You Getting the Most from Your Threat Intelligence Subscription?

• Incident Response: What is the Point of Analysis Anyway?

• Why the IoT Creates an Internet of Uncertainty

• Nuclear terror threat: Enough highly enriched uranium to build 5,000 bombs

• Encryption battle between police and tech giants heats up

• Homeland Security warns of agricultural terror threat

• Tracking the most significant cyber threat: Ransomware

• Report Offers Road Map for Cyberthreat Information Sharing

• ‘Cyber hygiene’ tips can protect from online theft, hacking

• Digital Vulnerability: Can hackers turn your vehicle into a remote control car?

RSSFeeds• KrebsonSecurity-http://krebsonsecurity.com/tag/safari-rss/

• RecordedFuture• SANSInternetStormCenter-https://isc.sans.edu/dailypodcast.xml

• TheGuardian/Technology• Slashdot• DarkReading–• http://www.darkreading.com/rss_feeds.asp• InformationWeek-http://www.informationweek.com/rss_feeds.asp