{"id":28123,"date":"2016-08-10T12:30:16","date_gmt":"2016-08-10T02:30:16","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=28123"},"modified":"2016-08-10T12:13:27","modified_gmt":"2016-08-10T02:13:27","slug":"cyber-wrap-131","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyber-wrap-131\/","title":{"rendered":"Cyber wrap"},"content":{"rendered":"
<\/p>\n
Las Vegas was the place to be last week, with the world\u2019s largest annual hacker conferences, Black Hat<\/a> and Defcon<\/a>, taking over the town. The events unearthed lots of cyber gossip, but it was the world\u2019s first machine-only hacking competition that stole the show. DARPA\u2019s Cyber Grand Challenge<\/a> pitted seven \u2018cyber reasoning systems\u2019 against each other to assess their ability to detect software vulnerabilities and write new security patches without human assistance. The automated computers were confronted<\/a> with modified versions of historic bugs, including Heartbleed, Sendmail crackaddr and the Morris Worm. Carnegie Melon\u2019s \u2018Mayhem\u2019 won the US$2 million prize, and even briefly held a lead<\/a> on a human team in a separate hacking event\u2014before eventually coming last. This sort of artificial intelligence isn’t intended to replace<\/a> human analysis, but the success of the Challenge confirmed the utility of automated network defence and the assistance that such systems can offer in network protection. Other highlights from the desert include flying laptops<\/a>, the return of the Jeep hackers<\/a>, the rise of automated spear-phishing Twitter bots<\/a>, and how to hack your way into first class airline lounges<\/a>.<\/p>\n It was at the Black Hat conference that Apple announced its first ever bug bounty program<\/a>. Ivan Krstic, Apple\u2019s head of security engineering and architecture, revealed that Apple will start offering up to US$200,000<\/a> to hackers who report undiscovered security vulnerabilities in Apple\u2019s software. After years of refusing to pay<\/a> independent researchers and relying instead on internal security efforts, Apple will start the program next month on an invitation-only basis. In doing so, it joins the ranks of many other large tech companies that offer rewards for cybersecurity detective work, including<\/a> Google, Microsoft and Facebook. Fancy yourself a white hat hacker? Well, check out Bugcrowd\u2019s up-to-date inventory of live bug bounty programs<\/a>. Happy hunting!<\/p>\n Rumours are circling that the Obama administration is planning to elevate<\/a> the powers of the Pentagon\u2019s Cyber Command. There are preparations<\/a> to separate Cybercom from the NSA into a separate and more influential Unified Combatant Command. Rejigging the organisational structure appears necessary<\/a> to improve Cybercom\u2019s performance, as the shortcomings of its current online campaign against ISIS are drawing criticism from military leaders. Standby for confirmation of this change from the White House.<\/p>\n Cyber continues to bubble up in the US elections. The recent hack<\/a> of the Democratic National Committee\u2019s network has generated concerns over the security of the electronic voting technology. The Obama administration is considering<\/a> the possibility of designating the electronic ballot-casting system as \u2018critical infrastructure\u2019. Doing so would allow the Department of Homeland Security to take more robust measures<\/a> to protect the system, which Secretary Jeh Johnson described as part of the US\u2019 \u2018vital national interest\u2019. Those discussions join a long election dialogue on cybersecurity that has included Clinton\u2019s email misdemeanours<\/a>, the DNC hack, Trump inciting Russian hackers<\/a> and the respective policy positions<\/a> of both candidates. Cybersecurity expert and founder of both Black Hat and Defcon, Jeff Moss, has publicly endorsed<\/a> Clinton, despite her online blunders\u2014better the devil you know. But then again, who could go past Trump\u2019s profound value-add<\/a> last month when he announced, \u2018I am a fan of the future, and cyber is the future\u2019\u2026<\/p>\n As the host of the 2016 Summer Olympic Games, Rio has needed to up its cybersecurity game. Large scale sporting events bring with them an increased volume of online activity and are naturally attractive<\/a> to cybercriminals. A report<\/a> from security firm Fortinet reveals a spike in malicious online activity such as online payment fraud, in sync with the opening of The Games. Over the last month, Brazil has experienced an 83% rise<\/a> in the number of malicious URLs, in comparison to a 16% increase globally. The major threats<\/a> are expected to be phishing scams, unsecure public Wi-Fi connections and ATM skimmers. Luckily, US-CERT has published some handy tips<\/a> to keep you cyber secure at The Games.<\/p>\n Speaking of cybercrime, Australia has set up<\/a> a new cyber-intelligence unit to track terrorism financing, money laundering and financial fraud. Justice Minister Michael Keenan indicated that this unit would be stood up within<\/a> the Australian Transaction Reports and Analysis Centre to crack down on organised criminal activities online. The unit will tackle job recruitment scams with IDCARE<\/a> and identify criminal patterns in cooperation with ACORN<\/a>, the Australian Cybercrime Online Reporting Network.<\/p>\n The Australian Bureau of Statistics suffered an embarrassing denial of service<\/a> last night, just as millions of Australians logged on to complete the national census. This comes after widespread privacy concerns<\/a> over the increased time period that individuals\u2019 information would be stored and security worries<\/a> over the fortitude of the website\u2019s encryption. So much so, that several senators openly committed to boycotting<\/a> this week\u2019s survey, despite hefty fines. So last night\u2019s debacle is an awkward development, with questions<\/a> being raised by the media on the origin and motivation of the incident, and its implications for the integrity of personal data. While you\u2019re waiting for the census website to come back online, check out #bettercensusquestions<\/a> for some comic relief.<\/p>\n Finally, Pok\u00e9mon Go\u2019s rise to become the most successful mobile game in history<\/a> has led to the creation of malicious apps<\/a> masquerading as the real thing. These knock-off games have popped up on the Google Play store and are smuggling malware onto people\u2019s Android mobile operating systems. Check out Dell\u2019s analysis of these exploits here<\/a>. Getting ahead of the game, Iran has banned Pok\u00e9mon Go<\/a> before its even been released, on the grounds of security concerns. So, thanks to the country\u2019s High Council of Virtual Spaces, Iranians will never be able to catch \u2018em all \u2013 but at least they will be safe from cybercriminals.<\/p>\n","protected":false},"excerpt":{"rendered":" Las Vegas was the place to be last week, with the world\u2019s largest annual hacker conferences, Black Hat and Defcon, taking over the town. The events unearthed lots of cyber gossip, but it was the …<\/p>\n","protected":false},"author":390,"featured_media":28125,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,95,728,1748],"class_list":["post-28123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cyber-security","tag-hacking","tag-pokemon"],"acf":[],"yoast_head":"\n