Warfare Center participates in first Ventura County education summit, reinforces commitment to educators

VENTURA, Calif.- The Ventura County P-20 Council hosted the first-ever Ventura County Education Summit to strengthen existing ties, and establish new ones, between educators and businesses at the Ventura County Office of Education (VCOE) Conference and Educational ServicesCenter building, Nov. 26. Vance Brahosky, Deputy Technical Director,Naval Surface Warfare Center, Port Hueneme Division, was among four business sector representatives, including Haas Automation, Corwin Press and The Trade Desk, who participated on a special panel to discuss strides taken to bridge the gap between education and business.

“We don’t have as strong of service as we require if we’re not reaching out to the community in events like this,” said Brahosky. “We will not miss opportunities to do that.”

Source: DVIDS – News – Warfare Center participates in first Ventura County education summit, reinforces commitment to educators

Command leverages @CSUCI partnership to hire future engineering graduates

Naval Surface Warfare Center, Port Hueneme Division (NSWC PHD) hosted representatives from California State University, Channel Islands (CSUCI) Feb. 28 to discuss collaboration opportunities, utilizing the Educational Partnership Agreement originally established in 2014.

The local university is set to launch its Mechatronics Engineering program in fall 2018 with acceptance of 24 students. Not shy about its intentions, NSWC PHD wants to be on the receiving end for hiring come graduation time in the year 2020.

“In advance of that graduation,” said Vance Brahosky, NSWC PHD deputy technical director, “there are opportunities for us to work with the university through internships, rotations, and engagement with faculty so that through this partnership, we can access some of your best and brightest before they get pulled away to everyone else out there searching through the thin layer of engineering talent available to the U.S. industry.

”Mechatronics is a quickly-growing area of engineering that includes aspects of control theory, computer science, electronics, and mechanics―an area of expertise conducive to NSWC PHD.

The purpose of the educational partnership is to help augment engineering education for CSUCI students by providing a mechanism by which students can benefit from the command’s expertise, unique facilities and equipment related to their academic discipline.

“Community engagement, working with the industry and intentionally working with you, the Navy, is what we are all about,” said Michael Soltys, CSUCI Computer Science program chair. The meeting served as the start of many areas where the university and station will collaborate over the coming years, introducing and integrating naval knowledge wherever applicable.

Part of NSWC PHD’s mission is to nurture and develop its future workforce through Science, Technology, Engineering, and Mathematics programs.

Currently, the command holds two Educational Partnership Agreements with Southern Californian universities, ensuring its legacy of outstanding fleet support to the world’s greatest Navy.

Source: DVIDS – News – Command leverages CSUCI partnership to hire future engineering graduates

SQI partners with McMaster to co-develop ’instant immunoassay’ testing technology

TORONTO, July 24, 2017 /PRNewswire/ – SQI Diagnostics (TSX-V: SQD; OTCQX: SQIDF), today announced a technology development partnership and licensing agreement with the McMaster University Department of Engineering to develop chip technology for use in multi-array disease testing.

SQI is a Toronto-based life sciences and diagnostics company that develops and commercializes proprietary technologies and products for advanced multiplexed diagnostics. SQI’s existing proprietary technology enables global pharmaceutical and diagnostic testing companies to perform highly complex multiplex tests much faster, more accurately and at a lower cost.

Source: SQI partners with McMaster to co-develop ’instant immunoassay’ testing technology

WannaCry

Researchers urge Windows admins to apply MS17-010 before the next attack using the EternalBlue NSA exploit deploys a worse payload than WannaCry ransomware.

No one should be letting their guard down now that the WannaCry ransomware attacks have been relatively contained. Experts intimately involved with analyzing the malware and worldwide attacks urge quite the opposite, warning today that there’s nothing stopping attackers from using the available NSA exploits to drop more destructive malware.

The key is to patch vulnerable Windows machines while there is a downtime, ensure offline backups are secure and available, and that antimalware protection is running and current.

Kaspersky Lab researcher Juan Andres Guerrero-Saade and Comae Technologies’ Matt Suiche said today during a webinar, below, that the EternalBlue exploit targeting a SMBv1 flaw could be fitted with payloads ranging from banking Trojans to wiper malware that destroys a computer’s hard disk.

“Absolutely,” Guerrero-Saade said when asked if this could have been a wiper attack rather than ransomware. “We’re talking ring0 access (via the DoublePulsar rootkitinstalled by the EternalBlue exploit). It would have just come down to a matter of implementation at that point.”

Accelerating the researchers’ anxiety about what could be next was yesterday’s ShadowBrokers announcement that it would begin in June a monthly dump of new exploits—including Windows 10 attacks—and stolen data. The ShadowBrokers’ leak in April of EternalBlue and other Windows attacks handed attackers not only the exploits but also documentation that lowered any barrier to entry for using these attacks.

“This is really worrying because we’ve seen the impact of what those files out in the wild can do,” Suiche said.

The attacks also exposed the shortcomings associated with patching, despite experts for more than a decade stressing the importance of keeping operating systems, browsers and third-party software up to date. MS17-010, the patch that addressed the SMB vulnerabilities leaked by the ShadowBrokers in April, has been available since March. Microsoft rated the security bulletin as critical and experts cautioned that this patch was to be prioritized, and that SMB port 445 on Windows machines should not be exposed to the internet. Yet, Rapid7 today said its scans have found more than 1 million internet-connected devices exposing SMB over 445 with more than 800,000 of those devices running Windows. Rapid7 said it’s likely that a large percentage of that number includes vulnerable versions of Windows with SMBv1 enabled.

“Beyond the prevalence of what these exploits might be, but it really has been a test on the industry and defenders as well,” Guerrero-Saade said. “What we saw here was not the super secret zero-day situation you can’t save yourself from. It was a test of how well we’re implementing the solutions and recommendations that have been out there a very long time that everybody touts every single day. We were asked to put our money where our mouth is with this WannaCry infection.”

The biggest mitigating factor in slowing down the WannaCry outbreak was the discovery of a so-called killswitch that was likely an evasion technique by the malware to check whether it was running in a sandbox. The malware called out to a hard-coded URL, and if it responded, the malware would not execute. The speculation is that getting a response back from the killswitch domain indicated the malware might be executing instead in a sandbox.

Researcher Marcus Hutchins of the MalwareTech blog registered the domain coded into last Friday’s version of WannaCry while Suiche registered a second and third killswitch domain found in subsequent variants, shutting down most infections in the wild.

Guerrero-Saade said his concern is that the next version likely won’t have a killswitch, and could contain a more dangerous and costly payload.

“We have essentially bought time with the killswitches. That’s something where we got incredibly lucky that was even involved in the development of the malware,” Guerrero-Saade said.

They also touched on the shared code between an early WannaCry version found in February and a sample from the Lazarus APT from February 2015. Lazarus is the North Korean group alleged to be behind the Sony hack, which featured wiper malware and damaging data leaks, as well as the SWIFT attacks against banks in Bangladesh, Poland and Mexico. The attacks against financial organizations, experts said during the Kaspersky Lab Security Analyst Summit, were performed by an internal Lazarus splinter group called Bluenoroff in an attempt to help fund the APT’s other activities.

Google’s Neel Mehta found the same code in both samples, which was confirmed by Kaspersky Lab and Suiche later. Guerrero-Saade, who worked on the Lazarus research and on separate research on APTs and their use of false flags, said today that this was not an attribution claim that Lazarus was behind WannaCry, but instead a clustering claim.

“What we’re talking about is what cluster of activity this fits into, what threat actor fits the bill for this,” he said. The linkage between the SWIFT attacks and Lazarus, made by BAE Systems researchers, was based off similar code re-use of a wiper function in a Lazarus attack and the Bangladeshi attack. “The amount of proof grew over times and we laid to rest the concerns about whether the SWIFT attackers are actually part of the Lazarus group.

“Having only had WannaCry for five days, I think it’s important to understand that this is only a lead, and not a simple lead,” Guerrero-Saade said. “It’s not necessarily easy to just replicate a very specific function of code from a very obscure piece of malware from two years ago that you only put into version 1.0 and then removed. That’s not a false flag, that’s too subtle. No one would have noticed it if not for Neel Mehta doing fantastic work.

“I understand that while it’s important to have some healthy skepticism, in this particular case, I think we’re just catching a bit of code re-use. The claims aren’t necessarily bigger than they are, but they aren’t quite as hard to stomach when you look at the code itself.”

via Next NSA Exploit Payload Could be Much Worse Than WannaCry — Threatpost | The first stop for security news

Top Cybersecurity Boss Talks Priorities

The country’s top cybersecurity boss said the country is headed the wrong way when it comes to cybersecurity.

BOSTON–Citing Mirai and WannaCry as recent examples, Rob Joyce, special assistant to the president and cyber security coordinator for the White House, said the global landscape of cyber threats can’t be ignored and the U.S. needs to sharpen its defenses when it comes to fending off attacks.

“If you step back and look at the trend lines for cybersecurity, they are going the wrong way. You only have to look at last week at WannaCry to understand,” Joyce said during a talk sponsored by Massachusetts Technology Leadership Council.

Last week, President Donald Trump signed an executive order that prioritizes the protection of federal networks, critical industries and works to implement the NIST Framework. It’s Joyce’s job to carry it out. Joyce, former chief of the NSA’s office of Tailored Access Operations, was tapped by Trump in March for the role.

“The Trump administration signed an executive order that allows us to get our legs underneath us in terms of cybersecurity,” he said. “With this executive order we are going to step back and we are going to manage the federal government’s IT activity as a single enterprise. Even though we are talking millions-upon-millions of assets and thousands-upon-thousands of networks, we are going to step back and try to view it as a sum total of risks.”

Joyce said Trump’s cybersecurity executive order consisted of three main pillars, or priorities. One included securing the federal networks. Joyce said that pillar shared many of the same challenges of private enterprise faces, from difficulties in finding qualified cybersecurity professionals, handling risk between agencies and being able to defend against hacks and contain breaches should they happen.

“We know we aren’t going to be able to defend against all breaches. So we need to have methods for detecting early and defend against them and compartmentalize them so that breaches don’t cascade into massive data losses… We need to able to take hits and contain damage and restore capability quickly,”  he said.

The second pillar is working with private industry to make sure portions of the United States’ privately owned critical infrastructure, made of 16 sectors, can defend against attacks and rebound if it should take a hit.

“So, with those interrelated and interdependent systems, we understand our critical infrastructure is probably not in the state we need to be to survive a deliberate or natural hazard,” he said.

Part of working with private industry will include an initial focus on defending against Mirai-like DDoS attacks and mitigating against IoT botnets. “Recent events, Mirai botnet and others, showed how just how vulnerability we are to technologies that have been pushed into the ecosystem–often without really strong plans for security.”

Joyce added that much of the Trump’s cybersecurity focus would also include working with private companies to better identify APTs  and improve the amount of sharing between government and private companies.

Lastly, strengthening cyber defenses and boosting deterrence was another priority along with reaching out to other countries to fight global threats.

“It’s going to take a coalition of like-minded countries to advance the global common space we have here,” he said. “We will be looking to foster an open interoperable, reliable and secure global internet that benefits the U.S. and the rest of the world. We built the internet and gave it to the world, we think it’s very important that it continues to reflect our values.”

In his hour-long address, Joyce also touched on hot button topics such as net neutrality and recent proposed changes to the Vulnerabilities Equities Process.

“When you look at net neutrality, that is one of the sticky decisions that has to be made in the regulator space… But, we have to find a balance point between what we have today and allow some changes… If you are just are going to have a pipe that lets everything straight through, you are inviting people through your unlocked door,” Joyce said.

He said that government and private service providers can’t be hamstrung in cases where internet traffic used for malicious purposes must be left alone.

When asked about the Vulnerabilities Equities Process, Joyce said he was noncommittal about pending changes, however leaned toward the status quo.

“There is a process to legislate the VEP. We are working with Congress about that right now. I do have some concerns because legislators are talking about giving authority to a non-neutral entity. I think the processes right now gives us the balance where we don’t have the offense or the defense with too much thumb on the scale.”

via Trump’s Cybersecurity Boss Talks Priorities — Threatpost | The first stop for security news