Cyber Oregon https://cyberoregon.com Keeping Oregon Safe Online Fri, 22 Nov 2019 22:14:11 -0800 en-US hourly 1 https://wordpress.org/?v=5.3 Cyber News Roundup: Give the Gift of Encryption and Two-Factor Authentication https://cyberoregon.com/2019/11/22/cyber-news-roundup-give-the-gift-of-encryption-and-two-factor-authentication/ Fri, 22 Nov 2019 15:00:13 +0000 https://cyberoregon.com/?p=6110 ‘Tis the season for shopping. Alas, ‘tis the season for cybercriminals. In his Dark Reading article, Jai Vijayan writes that criminals have begun ramping up their efforts to divert dollars their way via malicious domains, coupons, gift card scams, and counterfeit goods. “Domain-based attacks top the list of threat that retailers face this shopping season,”…

The post Cyber News Roundup: Give the Gift of Encryption and Two-Factor Authentication appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

‘Tis the season for shopping. Alas, ‘tis the season for cybercriminals. In his Dark Reading article, Jai Vijayan writes that criminals have begun ramping up their efforts to divert dollars their way via malicious domains, coupons, gift card scams, and counterfeit goods. “Domain-based attacks top the list of threat that retailers face this shopping season,” writes Vijayan. Brand impersonation is another big issue, often used to promote phishing campaigns to direct users to sites that download malware, according to Ashlee Benge, a threat researcher at ZeroFox.

As we are headed into the holiday shopping blitz, it’s not all baubles and glitz. Major retailer, Macy’s, has already experienced a data breach, exposing customer credit card information. According to the TechRepublic article, hackers injected malicious card-skimming code into Macy’s website, resulting in criminals accessing thousands of customer names, credit card information, and addresses. Criminals may have used the information themselves or sold it on the dark web, according to the article. “These types of attacks, called Magecart, are becoming increasingly common as more people open small online businesses and fail to encrypt their sites while recording customer information,” writes reporter Jonathan Greig.

What’s the one thing that retailers can do? Encrypt. Says Charity Wright, cyber threat intelligence advisor, “So many retailers don’t have their point-of-sale processors encrypted and they’re storing credit card data unencrypted, which we can guarantee is the source of most of these breaches.” The article cites experts’ tips for retailers to protect themselves from data breaches:

  1. Widespread encryption
  2. Have an SSL certificate installed to protect consumers
  3. Do frequent audits of their security systems, websites, content management systems, and software
  4. Establish policies and procedures to verify that Internet-facing infrastructure is securely configured
  5. Restrict third-party vendors’ access to sensitive data

Retailers, banks, even Disney

If it’s not retailers, it’s banks. In the CSO article, “How a bank got hacked (a study in how not to secure your networks), reporter J.M. Porup covers the vigilante hacker Phineas Phisher and the intrusion of Cayman National Bank. The article is a study in how vulnerable our financial institutions are to attackers. Phisher boasts, “Give a person an exploit and they’ll have access for a day, teach them to phish and they’ll have access the rest of their lives.” The heist involved hacking tools – off-the-shelf penetration testing tools, in fact – phishing, malware, and a malicious email. It turns out that Phisher was in the bank’s networks for five months, without being discovered.

Just as soon as Disney Plus, the new streaming service, was rolled out, hackers were busy hacking. Thousands of Disney Plus accounts were hacked and sold online for as little as $3, reports Washington Post. “It’s no surprise that cybercriminals jump on the same bandwagon as everyone else when there’s a big consumer launch,” says Niels Schweisshelm, technical program manager at HackerOne. The article states that other streaming services including Amazon Prime, Hulu, and Netflix have faced similar struggles with hackers. “One thing Disney+ could do to help users would be to roll out support for multi-factor authentication, a simple solution that would prevent attacks relying on password reuse,” states Catalin Cimpanu in his ZDNet article.

Cyber Oregon in the news

In Cyber Oregon-related news, the Oregon State University Security Club (OSUSEC) completed in the U.S. Department of Energy (DOE)’s CyberForce Competition. The team, which includes Zander Work, placed first regionally for the third time in a row — and sixth nationwide.

In other news, Peggy Miller, CEO of PacStar, a cybersecurity pioneer with the company’s advanced communications solutions for the U.S. Department of Defense and a Cyber Oregon sponsor, wins Gold Stevie Award for Executive of the Year. News release here.

Cyber Oregon partner news of interest and a special shoutout to Charlie Kawasaki, Oregon Cybersecurity Advisory Council leader, who is the first inventor of this new cybersecurity patent: PacStar Awarded Patent for IQ-Core Crypto Manager Encryption Management and Setup Software

The post Cyber News Roundup: Give the Gift of Encryption and Two-Factor Authentication appeared first on Cyber Oregon.

]]>
Cyber Oregon News Roundup: Scariest hacks, tips to manage phishing, extending cybersecurity to vendors https://cyberoregon.com/2019/11/01/cyber-oregon-news-roundup-scariest-hacks-tips-to-manage-phishing-extending-cybersecurity-to-vendors/ Fri, 01 Nov 2019 14:00:44 +0000 https://cyberoregon.com/?p=6082 What are some of the top hacks and vulnerabilities in 2019? Taking a look back at cybersecurity this year – eek! It has been a banner year for cybersecurity threats and hacks with exploits, backdoor hacks, and data breaches affecting users, companies, and governments around the world. There have been supply-chain attacks, corporate ransomware, and…

The post Cyber Oregon News Roundup: Scariest hacks, tips to manage phishing, extending cybersecurity to vendors appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

What are some of the top hacks and vulnerabilities in 2019? Taking a look back at cybersecurity this year – eek! It has been a banner year for cybersecurity threats and hacks with exploits, backdoor hacks, and data breaches affecting users, companies, and governments around the world. There have been supply-chain attacks, corporate ransomware, and high-profile government hacks, as well as hacks and malware on our devices, in our applications, at our gas station, on our planes. In his ZDNet article, The Scariest Hacks and Vulnerabilities of 2019, reporter Catalin Cimpanu gives a complete rundown of the past 10 months of security disasters that would scare anyone. Cyber threats abound. Here’s a snapshot:

  • Severe vulnerabilities in Apple FaceTime
  • Hackers steal data from South Korea’s Defense Ministry
  • Oklahoma data leak exposes FBI investigation records
  • Iranian hackers suspected in worldwide DNS hijacking campaign
  • Websites can steal browser data via extensions APIs
  • Malware found preinstalled on Android devices
  • New malware can make ATMs spit out cash
  • Hiding malware using the CPU
  • Hackers take tornado sirens offline before major storm
  • Chrome zero-day under active attacks
  • Hacks at French gas stations
  • Smartphone unlocking
  • United Airlines covers up seat cameras
  • Tens of thousands of cars left exposed to thieves
  • The Weather Channel goes off the air for 90 minutes after ransomware infection
  • Facebook admits to storing plaintext passwords for millions of Instagram users
  • Indian government agency left details of millions of pregnant women exposed online
  • Unsecured server exposes data for 85% of all Panama citizens
  • Google replaces faulty Titan security keys
  • London Underground to begin tracking passengers through Wi-Fi hotspots
  • Hackers breached 10 telecom providers
  • NASA hacked because of unauthorized Raspberry Pi connected to its network
  • Hackers put patient data for sale online
  • Vulnerabilities found in GE anesthesia machines
  • Louisiana governor declares state emergency after local ransomware outbreak
  • Employees connect nuclear plant to the internet so they can mine cryptocurrency
  • Moscow’s blockchain voting system cracked a month before election
  • U.S. military purchased $32.8M worth of electronics with known security risks
  • Database leaks data on most of Ecuador’s citizens
  • Massive wave of account hijacks hits YouTube creators
  • Ransomware incident to cost company a whopping $95 million
  • Alexa and Google Home devices leveraged to phish and eavesdrop on users

Phishing attacks on the rise; how to protect your business

One attack method that continues to gain momentum is phishing. Nearly one third of all data breaches involve phishing, according to Verizon’s 2019 Data Breach Investigations Report. And phishing is not just hitting companies. Research indicates that phishing was present in 78% of cyber espionage incidents and the installation and use of backdoors. Lance Whitney explains in his TechRepublic article that cybercriminals who employ phishing as their attack method use various tricks and techniques to lure their victims into divulging private information. He says, “Cybercriminals are leveraging some of the world’s largest tech companies to trap users.” A recent report, Akamai 2019 State of the Internet/Security Phishing: Bating the Hook, states that criminals are exploiting top global brands and their users through highly organized and sophisticated phishing operations, with users of Microsoft, PayPal, DHL, and Dropbox as the biggest targets for phishing attacks. Akamai offers these tips for businesses to protect themselves against phishing attacks:

  1. Awareness training. You can and should train your employees to spot and report basic and generic phishing attacks. Cybercriminals have learned to adapt to basic awareness training models. In fact, targeting the natural workflow of an intended victim is how phishers have been able to launch more business email compromise attacks.
  2. Phishing simulations. A good defense requires a good offense. As such, phishing simulations can help organizations better protect themselves and decrease the odds of a security incident. However, such simulations should be customized to the individual or business unit. For example, a phishing simulation sent to people in human resources could spoof resumes for a recent job posting. A simulation sent to sales employees could spoof lead generation responses following a recent event.
  3. Endpoint protection. Beyond training and simulations, protecting your endpoints is another way for you to stay ahead of the phishing game.

What about your vendors’ cybersecurity practices?

While you have been focused on implement cybersecurity practices within your organization, have you considered your third parties that you do business with? Any organization outside of your company that provides a product or service and has access to your system could put you at risk: cloud providers, professional services, payment processor, payroll, etc. If cybersecurity incidents occur as a result of these third-party relationships, it’s the companies themselves that are on the hook for regulatory fines, penalties, and reputation, according to ZDNet article, Extending cybersecurity awareness of the third-party ecosystem. Alla Valente, an analyst at Forrester, recommends that organizations:

  1. Create and maintain a central repository for third-party relationships.You can’t manage what you can’t measure and won’t be able to thoroughly assess the risk of each relationship if you don’t know how many third-parties you have or who those third-parties are. More than half of all organizations don’t keep an active catalog of third-parties.
  2. Think beyond outdated nomenclature that limits your scope and creates blind spots.Third-parties go by many names: vendor, supplier, IT service provider, affiliate, associate, consultant, etc. Don’t limit cybersecurity assessment to software vendors alone. With digital transformation and IoT, almost every single third-party relationship involves storing, processing, or transmitting sensitive data.  Think of every relationship as a link along the value chain, including your HVAC repair technician.
  3. Take cybersecurity precautions at the end of the relationship.For many organizations, one critical step is missing from their third-party cybersecurity process. Very often, they overlook or forget to terminate the third-parties access to critical systems when a contract is completed. The offboarding process is essential for mitigating downstream risks. Create a process whereby the owner of the third-party relationship notifies the proper channels before announcing contract termination, this way, security can monitor for irregular access – in case the third-party wants to take any souvenirs at your expense — and ensure access has been terminated at the end of the contractual period.

Cyber Oregon partner blog of interest

The post Cyber Oregon News Roundup: Scariest hacks, tips to manage phishing, extending cybersecurity to vendors appeared first on Cyber Oregon.

]]>
Cyber Oregon Annual Cybersecurity Summit: November 8 https://cyberoregon.com/2019/10/21/cyber-oregon-annual-cybersecurity-summit-november-8/ Mon, 21 Oct 2019 14:00:35 +0000 https://cyberoregon.com/?p=6024 Cybersecurity threats are here, there, and everywhere – no organization is safe from threats, but there are prevention and defense strategies and best practices to implement. Whether your organization is an enterprise, small business, school, government, healthcare, or financial institution, you can learn from some of the great cybersecurity minds across the state, who will…

The post Cyber Oregon Annual Cybersecurity Summit: November 8 appeared first on Cyber Oregon.

]]>
Cybersecurity threats are here, there, and everywhere – no organization is safe from threats, but there are prevention and defense strategies and best practices to implement. Whether your organization is an enterprise, small business, school, government, healthcare, or financial institution, you can learn from some of the great cybersecurity minds across the state, who will share their insight and expertise to navigate today’s cyber challenges. The Cyber Oregon Annual Cybersecurity Summit, taking place November 8, 2019 in Bend. For more information and to register: http://www.techoregon.org/events/oregon-annual-cybersecurity-summit

TAO and Oregon Cybersecurity Advisory Council (OCAC) present this year’s Cyber Oregon Annual Cybersecurity Summit that will feature government leaders, CISOs from Oregon’s largest healthcare providers, and executives from regional community banks. The day will include a keynote and a lunch panel for all attendees focused on the global cyber landscape and the components of a cybersecurity plan that are often overlooked – including cyber insurance and crisis communication – in the event of a data breach.

There will be two tracks with multiple sessions: Technical Track for cyber practitioners and Business Track leaders to learn best practices. Who should attend? Corporate legal teams, data privacy professionals, business owners, C-Suite executives, and technology managers from all industries.

Here is the schedule:

9:00 a.m. – Opening Keynote

SCHEDULE

Phil R. Slinkard, Special Agent, Federal Bureau of Investigation, Cyber Division

10:30 a.m. – Track Sessions 1

TECHNICAL

Pragmatic Security Addressing INTERNAL Risks

Ryan Comingdeer, chief technology officer, Five Talent Software

BUSINESS

Healthcare and Privacy

MODERATOR: Leslie Golden, president, Instill Security LLC

PANEL

Ron Buchannan, CISO, St. Charles  

Brian Hole, cyber-security program manager and deputy CISO, Legacy Health        

Steve Person, CISO, Cambia Health Solutions

11:45 a.m. – Lunch Panel

Ancillary Services Critical to Your Cybersecurity Strategy

MODERATOR: Stephanie Hooper, senior account manager, 52 Limited

PANEL

Vic Martinez, commercial account executive, PayneWest              

Lora Haddock, founder & CEO, Lora DiCarlo            

Brian Ventura, information security architect, City of Portland

1:00 – Track Sessions 2

TECHNICAL

Pragmatic Security Addressing EXTERNAL Risks

Ryan Comingdeer, chief technology officer, Five Talent Software

BUSINESS

Best Privacy Practices by Community Banks

MODERATOR: Ben Gallo, president, Redhawk Network Security

PANEL

Nikki Hoffman, VP IT Manager, People’s Bank of Commerce          

Gary Propheter, COO, Bank of Eastern Oregon

 

The Cyber Oregon Cybersecurity Summit will take place at OSU-Cascades Graduate & Research Center, 650 SW Columbia Street, Room 209 and 110, in Bend, Oregon. Register today to secure your spot!

Sponsors for this Summit include Fortinet, McAfee, PayneWest, and PKI Solutions.

The post Cyber Oregon Annual Cybersecurity Summit: November 8 appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Cyber tips for small businesses, employee cyber training, and ‘hacking back’ on the dark web https://cyberoregon.com/2019/10/18/cyber-news-roundup-cyber-tips-for-small-businesses-employee-cyber-training-and-hacking-back-on-the-dark-web/ Fri, 18 Oct 2019 14:00:01 +0000 https://cyberoregon.com/?p=6016 Own IT. Secure IT. Protect IT. That’s this year’s overarching message for National Cybersecurity Awareness Month (NCSAM), focusing on key areas including citizen privacy, consumer devices, and e-commerce security. The Department of Homeland Security in conjunction with the National Initiative for Cybersecurity Careers and Studies (NICCS) has extensive information for individuals, organizations, and businesses. Everything…

The post Cyber News Roundup: Cyber tips for small businesses, employee cyber training, and ‘hacking back’ on the dark web appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Own IT. Secure IT. Protect IT. That’s this year’s overarching message for National Cybersecurity Awareness Month (NCSAM), focusing on key areas including citizen privacy, consumer devices, and e-commerce security. The Department of Homeland Security in conjunction with the National Initiative for Cybersecurity Careers and Studies (NICCS) has extensive information for individuals, organizations, and businesses. Everything from social media tips, to keeping your work secure, to thefts and scams — available to all: https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019

We know that all businesses large and small are at risk for cyber-attack. As cybersecurity threats continue to escalate, 43% of cyber breaches claim small businesses, according to the Verizon 2019 Data Breach Investigations Report. It is time for small businesses to prioritize cybersecurity, according to Forbes author, Frank Sorrentino. In his article, small businesses are the lifeblood of our nation’s economy, making up nearly 44% of our national GDP. He contends that small businesses make the mistake of assuming it won’t happen to them, so they forget basic preventative measures and often fail to invest in reliable security solutions. According to the article, common mistakes small businesses make are:

  • Wire transfer issues. Small businesses have continually fallen victim to those requesting fraudulent wire transfers in recent years. This can be avoided easily by carefully reviewing all payments before they are sent and verifying payee details – specifically, location and account information. One incorrect number could result in that wire winding up in the wrong hands.
  • Overlooking admin account access. Small businesses often give too many employees access to vital services and hardware through admin accounts. These accounts can be easily hacked, however, and are favorite targets of many cyber criminals. Consider dialing back the number of admin accounts your company has and make sure only necessary people are granted access.
  • Smart phone vulnerabilities. Despite what employees may think, their work phone or tablet are high risk targets. Conducting business or making purchases while using public Wi-Fi could put an individual, and the business they work for, at risk. Malware threats also lurk in third-party app sites as cyber criminals find it easy to trick people into downloading spoof apps.
  • Ransomware attacks. In recent years, ransomware threats have skyrocketed by nearly 350 percent. These attacks often appear as emails or mobile notifications denying access to an employees’ computer. If you receive a foreign email, don’t be so eager to open it.

Oregon’s Small Business Development Center network can provide helpful cybersecurity tips to small business owners: https://bizcenter.org/cybersecurity/.

Investing in your employee cyber training

How well is your employee equipped against malicious hackers that aim to steal data? An Entrepreneur article states that with the current IT infrastructure, most hackers can easily manipulate systems and use social engineering to outsmart companies’ employees. Studies indicate that the majority of cyber-attacks are caused by human error – almost 90%, in fact – reinforcing the need for continuous employee education on cybersecurity. CISO and ethical hacker, Remesh Ramachandran, recommends covering these security awareness topics in organizations’ employee training:

  • Different forms of cybersecurity threats: To effectively identify and prevent potential security breaches, employees will need an elementary enlightenment of the various ways that a threat can present itself.
  • Importance of password security: Explain to your employees that passwords are the first line of protection to protect your sensitive and valuable information from hackers.
  • How to identify and report cybersecurity threats: Employees are the eyes and ears of an organization on the ground. Every device they use or emails they receive may contain clues about a lurking malware, virus, password hack or a phishing scam.
  • Email, internet and social media policies: Emailing and browsing habits of an employee can expose the company to attacks. Therefore, it is crucial to include policies and guidelines in your training for using email, Internet and social media platforms.

The main purpose of the training process, according to Ramachandran, is to create a sense of shared responsibility and accountability for cyber hygiene so that everyone can keep update on ever-evolving cyber threats.

Underground store selling stolen credit cards hacked

Your organization may be doing all the right things, when it comes to investing in cybersecurity. Even those who do illegal business on the Dark Web get hacked. BriansClub, one of the largest underground stores for buying stolen credit card data, was hacked, as reported by Brian Krebs. In his article, Krebs states that more than 26 million credit and debit card records taken from hacked retailers over the past few years – approximately $414 million worth of stolen credit cards for sale. The Justice Department estimates the losses to be upwards of $4 billion, figuring that each stolen card record is valued at $500 apiece. According to Allison Nixon, director of security research for Flashpoint, a security intelligence firm, breaches of criminal website databases often lead not just to prevented cybercrimes, but also to arrests and prosecutions.

“When people talk about ‘hacking back,’ they’re talking about stuff like this,” Nixon said. “As long as our government is hacking into all these foreign government resources, they should be hacking into these carding sites as well. There’s a lot of attention being paid to this data now and people are remediating and working on it.”

Does this mean an end to the bad guys? Not at all. “Since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalize on the disappearance of the top player,” says Andrei Barysevich, co-founder and Co at Gemini Advisory, a New York-based company that works with financial institutions to monitor dozens of underground markets trafficking in stolen card data.

Cyber Oregon partner blog of interest

The post Cyber News Roundup: Cyber tips for small businesses, employee cyber training, and ‘hacking back’ on the dark web appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Cyber Risks in Our Elections, Our Work, Even Our Games https://cyberoregon.com/2019/10/04/cyber-oregon-news-roundup-cyber-risks-in-our-elections-our-work-even-our-games/ Fri, 04 Oct 2019 15:00:11 +0000 https://cyberoregon.com/?p=5997 October is National Cybersecurity Awareness Month (NCSAM), an effort to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. Yet, every month should be cybersecurity awareness month, every day, even. Not a day goes by when we aren’t faced with cyber risks in our…

The post Cyber News Roundup: Cyber Risks in Our Elections, Our Work, Even Our Games appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

October is National Cybersecurity Awareness Month (NCSAM), an effort to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. Yet, every month should be cybersecurity awareness month, every day, even. Not a day goes by when we aren’t faced with cyber risks in our daily lives – whether voting in the upcoming elections, playing Words with Friends, sending emails at work…and the future of technology holds greater vulnerabilities.

With elections around the corner, experts suggest that voting machines pose a greater threat to our elections than foreign agents. Recent findings indicate significant security flaws in our country’s voting equipment that increase the vulnerabilities of our elections. An article in The Hill asks the question “How did the security bar get set so low?” Senator Ron Wyden (D-Oregon) says “right now there are no mandatory federal cybersecurity standards for elections. It is perfectly legal for the biggest voting machine company in America…to sell a small county equipment that every cybersecurity expert in America knows is insecure.”

Researchers continue to find ongoing security issues with the voting machine industry, including poor internal company security. The article says that in 2017, the largest U.S. voting machine vendor exposed encrypted employee passwords online. What could happen? “Using those passwords, hackers could have planted malware on the company’s servers, and that malware could then be delivered to voting systems across the country with official updates.” Author Lulu Friesdat suggests that these insecure voting systems are actually leading to incorrect election results. She cites data that more than 100,000 votes could be missing from a Georgia election held last year. According to cyber risk analyst Chris Vickery, “This is the type of stuff that leads to a complete compromise.”

From voting to gaming, cyber risks continue to plague us every day. More than 200 million players of the popular mobile games Words with Friends and Draw Something had their login information stolen, according to a CBS News report. Zynga, the publisher of the games, announced there was a data breach on September 12, 2019. According to the article, the hack exposed users’ names, email addresses, login IDs, some Facebook IDs, some phone numbers and Zynga account IDs. A CNET article reports that the hacker that goes by the name Gnosticplayers accessed a database that included data from Android and iOS players who installed the game before September 2.

Emerging technologies: cyber friend or foe?

What’s on the horizon? When it comes to hacks and cyber risks, hackers are becoming increasingly innovative with the techniques they use to access sensitive data, according to the article, “Cybersecurity experts warn that these 7 emerging technologies could put your online security at risk,” in Business insider, stating that new technologies are boons to hackers, who capitalize on people’s lack of understanding of how those technologies work, as well as undiscovered holes in new systems’ security. Here’s a list of the emerging technologies that present both great opportunities and great risks – with experts raising concerns:

  • AI-generated “deepfake” audio and video can help hackers scam people. Cybersecurity experts worry that hackers could use the technology for phishing scams.
  • Quantum computing could easily crack encryption. Experts worry that the technology could threaten encrypted data sets that organizations, such as banks, protect for decades.
  • 5G networks will bring faster speeds, and new vulnerabilities. Security pundits warn that the increased speed could make 5G devices more susceptible to DDoS attacks.
  • The Internet of Things (IoT) creates new threats to security infrastructure. Hackers are increasingly finding vulnerabilities in IoT networks and using them to compromise companies’ operations.
  • Hackers are using artificial intelligence (AI) to outsmart cybersecurity systems. Hackers can use AI-driven programs to quickly scan networks to find weak points, or predictive text functions to impersonate insiders and trick targets into handing over sensitive information.
  • Outsourcing high-tech functions to third parties, supply-chain hacks proliferate. Third parties increase vulnerabilities.
  • More operational functions are moving online. This expands the “attack surface.”

Cyber Oregon partner blog of interest

The post Cyber News Roundup: Cyber Risks in Our Elections, Our Work, Even Our Games appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Cyber Threats Are Here, There, Everywhere – Including the Cloud https://cyberoregon.com/2019/09/20/cyber-news-roundup-cyber-threats-are-here-there-everywhere-including-the-cloud/ Fri, 20 Sep 2019 14:00:12 +0000 https://cyberoregon.com/?p=5960 It’s a big world. A world full of big cyber threats. Whether it’s a breach of every citizen in Ecuador, or millions of Americans’ medical images and data available on the Internet for all to see, or new hacking groups – the latest cyber threats are real and big, and happening everywhere. The latest news reports…

The post Cyber News Roundup: Cyber Threats Are Here, There, Everywhere – Including the Cloud appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

It’s a big world. A world full of big cyber threats. Whether it’s a breach of every citizen in Ecuador, or millions of Americans’ medical images and data available on the Internet for all to see, or new hacking groups – the latest cyber threats are real and big, and happening everywhere.

The latest news reports that personal data about almost every Ecuadorean citizen has been exposed online. According to an article on BBC, names, financial information, and civil data of about 20 million people was found on an unsecured cloud server, available for all to see. The exposed files include official government ID numbers, phone numbers, family records, marriage dates, education histories, work records – a wealth of personally identifiable information (PII). Reporter Catalin Cimpanu, a ZD Net reporter who broke the story, said the information is “as valuable as gold in the hands of criminal gangs.” The source of the data, a Novaestrat database, has since been secured.

Meanwhile, closer to home, millions of Americans’ medical images and data medical data – including more than 16 million scans, names, birthdates, and in some cases, Social Security numbers – are available on the Internet, for anyone to view. ProPublica reports that hundreds of computer servers worldwide that store patient X-rays and MRIs are so insecure that anyone with a web browser or a few lines of computer code can view patient records. According to the article, “the insecure servers add to a growing list of medical records systems that have been compromised in recent years. Unlike some of the more infamous recent security breaches, in which hackers circumvented a company’s cyber defenses, these records were often stored on servers that that lacked the security precautions that long ago became standard for business and government agencies.”

Under U.S. law, HIPAA, health care providers and their business associates are legally responsible and accountable for security the privacy of patient data. The consequences of unauthorized access to such information could be devastating. “Medical records are one of the most important areas for privacy because they’re so sensitive,” said Cooper Quintin, a security researcher and senior staff technologist with the Electronic Frontier Foundation, a digital-rights group.

“What we typically see in the health care industry is that there is Band-Aid upon Band-Aid applied” to legacy computer systems, said Jackie Singh, a cybersecurity expert. She contends that it’s a shared responsibility among manufacturers, standards makers, and hospitals to ensure computer servers are secured.

Take precautions with cloud security

Mark B. Cooper, president and founder of PKI Solutions – and supporter of Cyber Oregon – says, “are we asking enough questions about cloud security for organizations to make informed risk management decisions?” More than 80% of organizations store their information in the public cloud, begging the question of cloud security. Cooper believes that organizations need to proceed with caution about what they store. He says, “A clear and strong identity management process and plan is critical in this turbulent time. As hybrid enterprise solutions evolve, including cloud and on-premises software, the need for stronger identity management and identity-as-a-service (IaaS) is a must.” Cooper will present the keynote “Cloud Insecurity: The Need for Stronger Identity Management,” at the Cloud Security 2.0 eSummit on October 17, 2019. For more information and to register: https://www.cyberriskalliance.com/cloud-security-2-0-esummit-thursday-october-17-2019/

Cyber Oregon sponsors, ZScaler and CrowdStrike, both cloud-based cybersecurity companies, announced a partnership that will provide businesses with real-time security protection across their computer networks. They will offer mutual customers always-on, zero-day, and ransomware protection with real-time, immediate protection against hackers, viruses and other virtual threats.

Here, There, Everywhere

The latest hacking group is targeting IT companies, attacking heavily in Saudi Arabia and the wider Middle East. The hacking group, dubbed TortoiseShell, uses custom and off-the-shell malware to gain domain admin level access to organizations, enabling them to gain access to all the machines on the network. According to a ZDNet article, a campaign that is focused on IT companies, is the first stage of a supply chain attack looking to compromise the IT suppliers as a stepping stone to their customers’ networks. “Compromising a web server, with a likely old exploit, can be a simpler approach than using e-mail. The alternative of using a phishing e-mail to compromise the victim generally required the attacker to have at least some knowledge of the email recipient in order to customize the email to that individual,” said Gavin O’Gorman, an investigator in the Symantec security response team.

Cyber Oregon partner blog of interest

The post Cyber News Roundup: Cyber Threats Are Here, There, Everywhere – Including the Cloud appeared first on Cyber Oregon.

]]>
Cyber News Roundup: 80% of Businesses Experienced a Cybersecurity Incident, What to Do https://cyberoregon.com/2019/09/06/cyber-news-roundup-80-of-businesses-experienced-a-cybersecurity-incident-what-to-do/ Fri, 06 Sep 2019 14:20:41 +0000 https://cyberoregon.com/?p=5926 If your organization has suffered a cybersecurity incident, you are not alone. In fact, 80% of businesses experienced a cybersecurity incident this past year, according to the latest report from Forrester Consulting. An article in Security Magazine, highlights the key – and very real – findings, including the fact that security incidents put customer privacy…

The post Cyber News Roundup: 80% of Businesses Experienced a Cybersecurity Incident, What to Do appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

If your organization has suffered a cybersecurity incident, you are not alone. In fact, 80% of businesses experienced a cybersecurity incident this past year, according to the latest report from Forrester Consulting. An article in Security Magazine, highlights the key – and very real – findings, including the fact that security incidents put customer privacy and safety at risk. With legal and compliance regulations hitting harder, the demands for cybersecurity reporting have intensified in recent years, and now, more than one-third of companies agree that they have lost business due to either a real or perceived lack of security. Increasingly C-level decision makers understand the value of effective security, and 82 % of decision makers agree that the way customers and partners perceive security is increasingly important to the way their firms make decisions.

Cybersecurity attacks can cripple small businesses that aren’t prepared. In a TechRepublic interview with security export Scott Logan, reporter Karen Roby outlines how cybersecurity is a big problem for small businesses who often don’t have adequate IT defense plans in place including infrastructure, services, solutions, and the right trained staff who can manage everything correctly. Logan outlines these inexpensive options for small companies to implement:

  • Invest in user training. A good social security awareness platform in place is key.
  • Disaster recovery plan in place. Logan says, “before [companies] start investing in a ton of security controls, make sure that you can recover from a threat. Make sure your backups are tested, and make sure that your disaster recovery policies and procedures are exercised so that you can recover.”
  • Understand your risks. Instituting a risk analysis program, including a risk assessment with a vulnerability assessment, will help you to understand where the weaknesses are.

What about your vendors?

Another level of cybersecurity organizations need to be concerned about – even small businesses — is your vendors. Do your vendors have a cybersecurity strategy in place? According to attorneys at Berman-Fink-Van Horn, an often-overlooked step in a company’s cybersecurity strategy is the failure to manage third party risks. In a Mondaq article, Jeffrey N. Berman recommends that a vendor’s cybersecurity strategy should address:

  • What steps does the vendor take to train its employees on cyber risks?
  • A description of its security program, including appropriate policies and procedures.
  • The administrative, physical and technical safeguards used and how they are maintained.
  • The vendor’s security breach procedures and incident response plan. For instance, how quickly will your company be notified of a data breach?
  • A representation that the vendor has cyber liability insurance.
  • A description of independent third-party assessments, audits or certifications.
  • Will the vendor subcontract any services or use other vendors? What data security steps will be taken?
  • Certification that the vendor complies with all applicable laws, regulations and industry standards.
  • Indemnification provisions in the event of a data breach.
  • An adequate definition of a security breach (this is often overlooked).

From small business, to enterprise, to government

Don’t take it personally. Every entity, whether it’s small business, large enterprise, or national government is at risk for cybersecurity incidents and attacks. With 4,000 ransomware attacks a day, “is certainly something that would be a key concern for the elections,” stated Anne Neuberger, director of the newly formed Cybersecurity Directorate at the national Security Agency (NSA), pointing to a key danger to the 2020 elections. In an article in The Hill, ransomware attacks have become a key issue over the past few months as various entities, including cities and school districts, have been hit by ransomware attacks, “in which the attacker encrypts an IT system and demands payment before allowing the user access again.

Neuberger emphasizes that the Cybersecurity Directorate will zero in on cyber and national security threats from countries including Russia, China, Iran, and North Korea. “We’re taking the same three-part approach: ensure there is threat intelligence, gain those insights, share that intelligence and be prepared to impose costs on an adversary when they attempt to influence our elections,” Neuberger said. 

Cyber Oregon partner blog of interest

The post Cyber News Roundup: 80% of Businesses Experienced a Cybersecurity Incident, What to Do appeared first on Cyber Oregon.

]]>
Cyber Oregon Expert Offers Insight on PPS Fraud Attempt https://cyberoregon.com/2019/08/21/cyber-oregon-expert-offers-insight-on-pps-fraud-attempt/ Wed, 21 Aug 2019 20:01:45 +0000 https://cyberoregon.com/?p=5785 In yet another example of the impact cyber criminals can have on our lives, Portland Public Schools nearly transferred $2.9 million to the account of a scammer posing as a legitimate contractor. This incident had a fortunate ending when the fraudulent transaction was discovered by Wells Fargo and the money returned to PPS. In reporting…

The post Cyber Oregon Expert Offers Insight on PPS Fraud Attempt appeared first on Cyber Oregon.

]]>
In yet another example of the impact cyber criminals can have on our lives, Portland Public Schools nearly transferred $2.9 million to the account of a scammer posing as a legitimate contractor. This incident had a fortunate ending when the fraudulent transaction was discovered by Wells Fargo and the money returned to PPS.

In reporting on the incident, KOIN 6 News tapped Charlie Kawasaki, CTO of PacStar and vice chair of the Oregon Cybersecurity Advisory Council to lend his insights into what happened, and how organizations can prepare themselves to avert such incidents.

Here’s what he had to say to the news organization:

“There are the more sophisticated scams which are really just fraud using computers, where a criminal organization might do a bit of research and send you an email that looks like it’s coming from your boss to an accounting department. It can say ‘Hey, can you very quickly perform a wire transfer for us? We forgot to pay our bill’ and so someone in a hurry in the middle of the day or the middle of the week might then fall for that when it looks like it’s coming from your boss.”

Watch the full news report below, or head over to KOIN 6 here.

The post Cyber Oregon Expert Offers Insight on PPS Fraud Attempt appeared first on Cyber Oregon.

]]>
DEF CON 27 Was Hacking Airplanes, Voting Machines, Cameras, Schools https://cyberoregon.com/2019/08/13/def-con-27-was-hacking-airplanes-voting-machines-cameras-schools/ Tue, 13 Aug 2019 15:00:15 +0000 https://cyberoregon.com/?p=5747 After a full week invading Las Vegas, top security conferences Black Hat USA 2019 and DEF CON 27 have come to an end…or is just the beginning? What a week it was! The conferences proved that nearly everything is hackable: Airplanes. This year marked the first-ever aviation village at DEF CON. According to an article…

The post DEF CON 27 Was Hacking Airplanes, Voting Machines, Cameras, Schools appeared first on Cyber Oregon.

]]>
After a full week invading Las Vegas, top security conferences Black Hat USA 2019 and DEF CON 27 have come to an end…or is just the beginning? What a week it was! The conferences proved that nearly everything is hackable:

  • Airplanes. This year marked the first-ever aviation village at DEF CON. According to an article in Cyber Scoop, “when it comes to cybersecurity, the mission is never-ending for the military.” Recently, government audits found flaws in weapons systems. Shannon Vavra writes that the Department of Homeland Security issued an alert that a vulnerability in small airplanes could allow hackers to alter flight data, such as engine readings, altitude, or airspeed.
  • Voting machines. The Washington Post article is saying, ‘Please break things’: Hackers lay siege to voting systems to spot weaknesses in security. Sen. Ron Wyden (D-Ore.) toured the Voting Village to see hackers working to expose weaknesses that could be exploited by attackers trying to interfere with elections. Most machines that are still used in elections across the country have well-known vulnerabilities.
  • DSLR cameras. Multiple vulnerabilities in Canon’s DSLR camera firmware could allow an attacker to plant malware on devices and ransom images from users, according to a ThreatPost recap
  • High schools. Eighteen-year-old hacker, Bill Demirkapi, presented his findings from his after-school hacking. Over the years, he has found serious bugs that would allow a hacker to gain deep access to student data, according to a Wired article.
  • Wi-Fi. We know Wi-Fi networks can be hacked, but security researcher, Mike Spicer, has been actively collecting and monitoring network traffic and web activity onsite at DEF CON for the last three years. He roams the halls with “Wi-Fi Cactus” hardware strapped to his backpack, made up of 25 Hak5 Pineapples, devices made to monitor, intercept, and manipulate network traffic. A complete write up is in C/NET’s article. It’s no wonder attendees tend to bring burner phones and leave their laptops in their hotel rooms!
  • Microsoft Azure? Microsoft is pushing for enhanced security for the Azure cloud computing service with the launch of increased bug bounty rewards, according to a ZDNet article. Financial rewards of up to $300,000 are available for Azure security challenges offered by Microsoft. In fact, Microsoft has awarded over $4.4 million in bug bounty rewards over the past 12 months. In other news, Apple has a huge bug bounty program, that will include rewards of up to $1 Million for a zero-click, full-chain kernel-code-execution attack. According to an InfoSecurity Magazine article, some security experts are concerned that these types of bounty programs could produce new exploits. Luta Security CEO Katie Moussouris says, “There is a logical limit which defensive prices cannot exceed because if you exceed them you start to see perverse incentives emerge. I think the offense market, also known as the black market, will very quickly adjust.”
It was a flurry of activity at Black Hat USA 2019.

Cyber Oregon supporters infiltrated Black Hat and DEF CON

Cyber Oregon supporters — including Crowdstrike, Eclypsium, Fidelis Cybersecurity, Fortinet, McAfee, Palo Alto Networks, PKI Solutions, Splunk, Symantec — had a strong presence at this year’s Black Hat USA, including several featured speakers and sessions, booths, and surprises. Eclypsium, Fidelis Cybersecurity, PKI Solutions, and Symantec, also had a big presence at this year’s DEF CON 27, including presentations and live-hacking demos.

Cyber Oregon sponsor, Eclypsium, saw lots of booth traffic at Black Hat USA 2019.

Cyber Oregon supporter, PKI Solutions enjoyed a lively presence onsite. Mark B. Cooper, president and founder of the company, spoke to a large crowd at DEF CON 27’s Crypto & Privacy Village, “How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem.” In an effort to put an end to the robocall problem, the Federal Communications Commission (FCC) and major telecommunications companies including Comcast, AT&T, and T-Mobile are behind a new global standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using ToKENs and Secure Telephony Identity Revisited) to combat robocalls and caller ID spoofing. Public key infrastructure (PKI) is the backbone of SHAKEN/STIR, using digital certificates based on common public key cryptography techniques to ensure the calling number of a telephone call has not been spoofed.

Mark B. Cooper of PKI Solutions (left) with a fellow attendee wear #hiptoencrypt sunglasses, a fun giveaway by PKI Solutions.

Beyond hacks: the new culture of cybersecurity

Exploiting vulnerabilities, discussions around the latest threats, and hacking everything were core themes, security transformation in organizations was also a hot and important topic, as outlined by Square’s head of security, Dino Dai Zovi’s DEF CON 27 keynote, “Every Security Team is a Software Team Now.” According to an article in Security Boulevard, the new culture of cybersecurity can be put into practice in these three ways:

1. Work Backward from the Job

This involves identifying the actual job that Dev or Ops (or whoever) is trying to do, and finding out how Security can align itself. It involves listening, cooperation, and integration, and as such it makes security an enabler that can collaborate with other groups on the achievement of shared goals.

2. Seek and Apply Leverage

Zovi’s next principle directly addresses two powerful techniques for making security work:

  • Leveraging Automation: In a world where security talent is scarce and where rapid delivery and release are priority #1, leveraging automation builds in speed, standardization, and the ability to scale securely.
  • Leveraging Feedback Loops: Using feedback loops proactively builds in observability and enables continuous, incremental improvements. Reliability is important, but without observability, its value is greatly diminished. Securing your environments without continuous monitoring is counterintuitive and counterproductive.

3. Understand That Culture > Strategy > Tactics 

Dai Zovi’s third principle emphasizes that “Culture is way more powerful than strategy, which is way more powerful than tactics.” If organizations get the culture part right, productive strategies and tactics will almost naturally follow suit. Dai Zovi advocates for a culture where security is pervasive and is distributed throughout the organization. This way risk and responsibility are owned by everyone in the organization and are not just the purview of security. If you give your people responsibility, you empower them to make a full commitment to security and quality. You’re also taking advantage of a major opportunity to create teamwork among everyone in the organization and to create a reality where everyone is working towards shared goals. 

Cyber Oregon partner blog of interest:

The post DEF CON 27 Was Hacking Airplanes, Voting Machines, Cameras, Schools appeared first on Cyber Oregon.

]]>
Cyber News Roundup: What to Expect at Black Hat and DEF CON https://cyberoregon.com/2019/08/02/cyber-news-roundup-what-to-expect-at-black-hat-and-def-con/ Fri, 02 Aug 2019 18:52:08 +0000 https://cyberoregon.com/?p=5721 Your phone is leaking your personally identifiable information (PII). Learn how to break modern encryption and hack into a car. Explore ways to hack physical security, including disabling alarm systems and cameras. Hear lessons learned from running a national penetration testing competition. These are just some of many topics that will be explored – and…

The post Cyber News Roundup: What to Expect at Black Hat and DEF CON appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Your phone is leaking your personally identifiable information (PII). Learn how to break modern encryption and hack into a car. Explore ways to hack physical security, including disabling alarm systems and cameras. Hear lessons learned from running a national penetration testing competition. These are just some of many topics that will be explored – and exploited – next week. As Las Vegas sizzles at 100 degrees plus, hot security technologies and cybersecurity findings will also be sizzling at this year’s Black Hat USA 2019 and DEF Con 27 conferences. Black Hat USA, one of the world’s leading information security events, paired with DEF CON, the world’s largest hacking conference, bring together top cybersecurity professionals who will discuss top trends, top threats, vulnerabilities, research – and the latest reverse engineering, attacks, and hacks. Welcome to Vegas, Baby!

Hot topics this year include:

  • New attack surfaces
  • Wireless 
  • Mobile
  • Auto and aircraft hacking
  • Social media manipulation driven by malware
  • Artificial intelligence
  • Biohacking

What are the biggest cybersecurity concerns?

A recent poll reveals that Black Hat attendees are most concerned about vulnerability management, ransomware, container security, and compliance. In his article, Black Hat 2019 Braving the Heat and Chaos in Search of Peace of Mind, Tony Bradley states that what businesses and cybersecurity professionals really want is peace of mind and less stress in their lives. With two back-to-back conferences exposing the dark side of security, there’s a lot to be worried about – and a lot to learn. Do you want to learn how to exploit rare technologies? Do you want a deep dive into the world of Linux containers? How about how to perform how to efficiently assess internal networks? Or how to attack and defend the Microsoft Cloud? Black Hat USA will offer ample technical trainings including cryptography, forensics, IoT, malware, social engineering, and pen testing.

The keynote at Black Hat, “Every Security Team is a Software Team Now,” sums everything up: how security teams are becoming increasingly focused on the software side of things, and how everything has to be secure by design from the start. According to an article in ThreatPost, does every software team have to have a security component? Security and how it fits into everything is the new normal.

The folks at McAfee weigh in on what attendees should keep an eye out for at this year’s Black Hat, offering perspectives on topics and the latest cyber concerns. Read the Q&A here.

Cyber Oregon Supporters Flood Vegas

Cyber Oregon supporters will have a big presence at this year’s Black Hat USA, including several featured speakers and sessions, booths, and surprises:

Following Black Hat USA 2019: DEF CON 27

DEF CON 27 won’t disappoint. Whether it’s exploiting Windows, embedded hacking, hacking a small aircraft, or breaking Google Home, speakers will share their latest thoughts and research and attendees will get the chance to live hack.

What does ThreatPost anticipate at DEF CON? In a podcast, editor Tom Springs outlines, “Your sort of bread and butter hardware hacking sessions, software hacking, cloud hacking stuff…stuff that you would definitely anticipate really looking forward to. And they’ve got a lot of good stuff on breaking Google Home and…doing a lot of really interesting things with a lot of the Windows cloud configurations…some really fun quirky stuff.” Quirky stuff including hacking a Roomba. Tara Seals of ThreatPost says that a hacked Roomba could use that data to map out the floor plan, to plan a physical robbery. #scary

Firmware vulnerability issues continue to be an issue. Eclypsium, enterprise firmware security company and Cyber Oregon supporter, recently issued a baseboard management controllers (BMC) vulnerabilities report finding critical vulnerabilities and weaknesses in the firmware of popular computer servers, according to a Cyberscoop article. The data has forced manufacturers to take action and mitigate the security flaws.

“Most hardware vendors do not write their own firmware and instead rely on their supply chain partners,” Eclypsium said in recently-published research. “Firmware is quite commonly licensed from a third party and used with little modification, allowing vulnerabilities to extend to many different brands and products.”

Cyber Oregon supporters will penetrate DEF CON 27 with presentations with subject matter experts and live-hacking demos:

On Friday, August 9 a DEF CON 27, cybersecurity expert Mark Cooper, president and founder of PKI Solutions and Cyber Oregon supporter, will present “How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem.” More than 48 billion robocalls were placed in 2018 and the Federal Communications Commission (FCC) estimates robocalls will constitute more than half of all phone calls placed in the U.S. this year. In an effort to put an end to this, the FCC and major telecommunications companies including Comcast, AT&T, and T-Mobile are behind a new global standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using ToKENs and Secure Telephony Identity Revisited) to combat robocalls and caller ID spoofing. Public key infrastructure (PKI) is the backbone of SHAKEN/STIR, using digital certificates based on common public key cryptography techniques to ensure the calling number of a telephone call has not been spoofed.

Cyber Oregon partner blog of interest

The post Cyber News Roundup: What to Expect at Black Hat and DEF CON appeared first on Cyber Oregon.

]]>