3 Days Left! iPad Pro w/ Smart Keyboard, $400 Off, or ASUS Chromebook w/ Online Training!

Newsletters: Newsbites


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XIX - Issue #91

November 17, 2017


The cyber skills pipeline problem may be starting to wind down as the UK's remarkable program for finding and nurturing talent spreads to the U.S. and to the rest of the developed world.

See the first story in Top of the News.

                                       Alan

****************************************************************************

SANS NewsBites               November 17, 2017                Vol. 19, Num. 091

****************************************************************************

TOP OF THE NEWS

British Government Launches + Million CyberDiscovery Programme: The Nationwide Talent Identification and Cyber Career Launching Program

White House Discloses Vulnerabilities Equity Process

REST OF THE WEEK'S NEWS

Amazon Key Service Camera Vulnerability

Oracle Patches Critical Flaws in Tuxedo

US-CERT Warns North Korea is Using Fallchill Remote Administration Tool

Colorado Adopts Risk Limiting Audits for Elections

Forever 21 Breach

Schneier: IoT Security Needs Government Regulation

Proposed Legislation Would Restore State Dept. Cyber Office

OnePlus Phones Have Backdoor

Adobe Patch Tuesday

Microsoft Patch Tuesday

Firefox Quantum

INTERNET STORM CENTER TECH CORNER

 

***************************  Sponsored By Splunk  ***************************


Avoid the Legacy SIEM Death Trap and Keep Your Organization Alive With Splunk.  The consequences of failing to understand the limitations and pitfalls of a legacy SIEM can be dire for an organization that suffers a breach. Join this webinar to have experienced Splunk security practitioners walk you through identifying what should be migrated and what should be replaced from your existing SIEM. We will also share how companies have successfully migrated from their legacy SIEM to Splunk. http://www.sans.org/info/199850


*****************************************************************************

TRAINING UPDATE


-- SANS Cyber Defense Initiative 2017 | Washington, DC | December 12-19 | https://www.sans.org/event/cyber-defense-initiative-2017


-- SANS San Francisco Winter 2017 | November 27-December 2 | https://www.sans.org/event/san-francisco-winter-2017


-- SANS London November 2017 | November 27-December 2 | https://www.sans.org/event/london-november-2017


-- SIEM & Tactical Analytics Summit & Training | Scottsdale, AZ | November 28-December 5 | https://www.sans.org/event/siem-tactical-analytics-summit-2017


-- SANS Security East 2018 | New Orleans, LA | January 8-13 | https://www.sans.org/event/security-east-2018


-- SANS Amsterdam January 2018 | January 15-20 | https://www.sans.org/event/amsterdam-january-2018


-- Cyber Threat Intelligence Summit | Bethesda, MD | January 29-February 5 | https://www.sans.org/event/cyber-threat-intelligence-summit-2018


-- SANS Secure Japan 2018 | February 19-March 3 | https://www.sans.org/event/sans-secure-japan-2018


-- SANS Secure Singapore 2018 | March 12-24 | https://www.sans.org/event/secure-singapore-2018


-- SANS OnDemand and vLive Training | Receive a 12.9" iPad Pro, Surface Pro 4 or take $400 Off your OnDemand or vLive course when you register by November 22nd. The SANS Training you want with the flexibility you need. https://www.sans.org/online-security-training/specials/


-- Can't travel? SANS offers online instruction for maximum flexibility


-- Live Daytime training with Simulcast - https://www.sans.org/simulcast


-- Evening training 2x per week for 6 weeks with vLive - https://www.sans.org/vlive


-- Anywhere, Anytime access for 4 months with OnDemand format -https://www.sans.org/ondemand/


-- Single Course Training

SANS Mentor https://www.sans.org/mentor/about

Community SANS https://www.sans.org/community/

View the full SANS course catalog https://www.sans.org/security-training/by-location/all


*****************************************************************************

TOP OF THE NEWS 

 --British Government Launches $25+ Million CyberDiscovery Programme: The Nationwide Talent Identification and Cyber Career Launching Program

(November 15, 2017)

Every student in grades 10-13 in the United Kingdom now has access to CyberStart as part of the UK CyberDiscovery Programme launched this week. CyberStart demonstrated remarkable effectiveness in finding people who have both the aptitude and attitude required for success in cybersecurity and teaching them foundational knowledge.  Under CyberDiscovery, the UK will support each talented student identified by CyberStart with free CyberEssentials training, followed by scholarships and internships (for those who excel in the training). According to Chris Ensor, head of the UK National Cyber Security Center, these programs will "find and support motivated, high performers from all backgrounds who want to make a positive impact on the world."


[Editor Comments]

[Paller] Seven US Governors, one community college and one high school Cyber Patriot team leader, are pilot testing the UK tools with remarkable results: See cyberstart.us for the seven governors' reports; look at the back covers of each of the seven reports where you will see, in their own words, how this program impacts young people. 


CyberDiscovery Talent Identification: 

https://www.gov.uk/government/news/new-online-challenge-will-test-teenagers-cyber-security-skills 

  https://www.joincyberdiscovery.com/ 

  https://twitter.com/DCMS/status/930748716889276417 

Scholarships: https://www.ncsc.gov.uk/articles/cyber-first-bursary-scheme 

Internships: https://www.gchq-careers.co.uk/early-careers/cyberfirst.html


--

White House Discloses Vulnerabilities Equity Process

(November 15, 2017)

The White House has disclosed its Vulnerabilities Equity Policy and Process (VEP), the guidelines it follows when deciding whether to notify vendors of vulnerabilities in their products or to keep them secret for use in US intelligence operations. Legislators, private sector companies, and citizen advocates have been pushing for increased transparency regarding VEP.  


[Editor Comments]

[Pescatore] The actual percentage of vulnerabilities found only by government agencies is very low. But, a study by Rand of a small database of such undisclosed vulnerabilities showed they often remained undiscovered for by public researchers for years. Transparency in this VEP process is needed to assure that the decision points have a default of "make the world safer, notify the vendor" requires demonstration of near term national safety intelligence value to override the default.


Read more in:

Nextgov: White House Discloses Rules on Weaponizing Software Vulnerabilities

http://www.nextgov.com/cybersecurity/2017/11/white-house-discloses-rules-weaponizing-software-vulnerabilities/142554/?oref=ng-channeltopstory

Fifth Domain: White House calls for greater transparency in cyber Vulnerability Equities Process

https://www.fifthdomain.com/civilian/2017/11/15/white-house-calls-for-greater-transparency-in-cyber-vulnerabilities-equities-process/

The Register: The four problems with the US government's latest rulebook on security bug disclosures

http://www.theregister.co.uk/2017/11/15/us_governments_vulnerability_disclosure_policy/

CNET: How the US decides which security flaws to keep secret

https://www.cnet.com/news/white-house-trump-administration-hacking-security-flaws-vulnerabilities/

The Hill: House discloses secretive decision process for growing hacking toolkit

http://thehill.com/policy/cybersecurity/360447-white-house-makes-decision-process-for-stockpiling-hacking-tools

White House: Vulnerabilities Equities Policy and Process for the United States Government (PDF)

https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF


**************************  SPONSORED LINKS  ********************************


1) Join Lance Spitzner and Brian Honan for the 'GDPR: What to Train Your Workforce' Webcast: http://www.sans.org/info/199855


2) Intezer Analyze and SANS' Jake Williams demonstrate how finding code reuse of known malware enables you to improve and accelerate incident response plans.http://www.sans.org/info/199860


3) In case you missed it: "Breaking Down the Data: How Secure Are You and Your Supply Chain?" Register: http://www.sans.org/info/199865


*****************************************************************************

THE REST OF THE WEEK'S NEWS  

--

Amazon Key Service Camera Vulnerability

(November 16, 2017)

A vulnerability in the software for the cameras designed to be used with Amazon Key, the company's new service that allows deliveries to be made inside customers' homes when they are not there, could be exploited to allow unscrupulous individuals to enter customers' homes. The flaw can be exploited by sending deauthorization commands to the camera, which will not go dark, but will continue to display the last frame before it received the command. Amazon says it plans to push out a software update for the issue.


Read more in:

Wired: Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera

https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/

Ars Technica: Amazon Key flaw makes entering your home undetected a possibility

https://arstechnica.com/gadgets/2017/11/amazon-key-flaw-makes-entering-your-home-undetected-a-possibility/

 

--

Oracle Patches Critical Flaws in Tuxedo

(November 16, 2017)

Oracle has pushed out fixes for critical vulnerabilities in its Tuxedo application server software. The updates address five flaws; two of which have been rated critical. One of the critical flaws is a Heartbleed-like memory leak issue that affects the Jolt protocol.  The second critical flaw could be exploited to fully compromise PeopleSoft systems.


Read more in:

Ars Technica: Oracle rushes out 5 patches for huge vulnerabilities in PeopleSoft app server

https://arstechnica.com/information-technology/2017/11/oracle-patches-5-major-holes-in-peoplesoft-apps-similar-to-heartbleed/

The Register: Oracle scrambles to sew up horrid security holes in PeopleSoft's Tuxedo

http://www.theregister.co.uk/2017/11/16/oracle_peoplesoft_tuxedo_security_vulnerabilities/

ZDNet: Oracle pushes emergency patch for critical Tuxedo server vulnerabilities

http://www.zdnet.com/article/oracle-pushes-second-emergency-patch-this-month-for-critical-server-vulnerability/

Oracle: Oracle Security Alert Advisory - CVE-2017-10269

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html

  

--

US-CERT Warns North Korea is Using Fallchill Remote Administration Tool

(November 15, 2017)

The US Department of Homeland Security (DHS) and the FBI have released a joint technical alert through US-CERT warning of a remote administration tool (RAT) known as Fallchill. The malware appears to be the work of the North Korean hacking group known as Hidden Cobra.


Read more in:

FCW: New threats from North Korean malware

https://fcw.com/articles/2017/11/15/dprk-malware-rockwell.aspx

The Register: Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

http://www.theregister.co.uk/2017/11/15/hidden_cobra_north_korea_malware_fallchill/

US-CERT: HIDDEN COBRA - North Korean Remote Administration Tool: FALLCHILL

https://www.us-cert.gov/ncas/alerts/TA17-318A

 

--

Colorado Adopts Risk Limiting Audits for Elections

(November 7 & 15, 2017)

The US state of Colorado is implementing a risk-limiting audit process to help verify and increase confidence in election results. The system enables auditors to determine sample size of audits based on the vote count margin and other factors. New Mexico has already implemented a similar measure, and the Rhode Island legislature has just passed a law that calls for "develop[ing] a voter-verified audit system."


[Editor Comments]

[Henry] I'm very happy to see individual states identifying this issue as a legitimate threat.  While I have a full recognition of and appreciation for states' rights, the risk to our electoral process is too substantial to have 50 different systems and levels of capability.  There needs to be a coordinated effort at the federal level, which is respectful of the sovereignty of the states but ensures consistent and formidable security standards.

 

[Murray] Early audits will disclose that many of our systems are fundamentally unauditable, that either by accident or intent, they do not preserve enough information.  


Read more in:

SC Magazine: Colorado implements Risk-Limiting Audit process to verify election results

https://www.scmagazine.com/colorado-officials-discuss-implementation-of-risk-limiting-audit-process/article/707718/

CSM: Securing the vote: How 'paper' can protect US elections from foreign invaders

https://www.csmonitor.com/USA/Politics/2017/1107/Securing-the-vote-How-paper-can-protect-US-elections-from-foreign-invaders

EAC: State of Colorado Risk-Limiting Audit - Final Report (PDF)

https://www.eac.gov/assets/1/28/Risk-Limiting%20Audit%20Report%20-%20Final%20.CO.pdf

 

--

Forever 21 Breach

(November 15, 2017)

Los Angeles-based clothing retailer Forever 21 has acknowledged that a data security breach led to the exposure of some customer payment card information. The incident affects certain point-of-sale payment systems on which encryption was not operational. The affected systems' data were compromised between March and October 2017.


Read more in:

SC Magazine: Forever 21 reports data breach, failed to turn on POS encryption

https://www.scmagazine.com/forever-21-reports-data-breach-failed-to-turn-on-pos-encryption/article/707520/

ZDNet: Forever 21 investigating possible data breach

http://www.zdnet.com/article/forever-21-reveals-potential-data-breach/

CNET: Forever 21 hack reveals payment card data

https://www.cnet.com/news/forever-21-hack-reveals-payment-card-data/

Cyberscoop: Forever 21 announces payment card data breach

https://www.cyberscoop.com/forever-21-data-breach/?category_news=technology

 

--

Schneier: IoT Security Needs Government Regulation

(November 15, 2017)

In a keynote speech at the Sec Tor security conference in Toronto, Bruce Schneier said that it's time for governments to regulate the security of the Internet of Things (IoT). Schneier says that the industry alone cannot adequately address IoT security issues and many companies that make IoT devices lack dedicated security teams.


[Editor Comments]                                             

[Honan] This is already happening within Europe. ENISA is proposing a baseline security spec for IoT devices

https://www.theregister.co.uk/2017/05/23/enisa_proposes_internet_of_things_security_standards/


Read more in:

eWeek: Schneier: It's Time to Regulate IoT to Improve Cyber-Security

http://www.eweek.com/security/schneier-it-s-time-to-regulate-iot-to-improve-cyber-security

 

--

Proposed Legislation Would Restore State Dept. Cyber Office

(November 15, 2017)

The US House Foreign Affairs Committee has forwarded a bill that would restore a position of a top cyber diplomat at the State Department. The Cyber Diplomacy Act would establish an Office of Cyber Issues. The head of the office would have the standing of an ambassador. The bill also calls for "the United States to work internationally with allies and other partners to promote an open, interoperable, reliable, unfettered, and secure internet." 


[Editor Comments]

[Henry] The NewsBites edition from earlier this week addressed the need for a "Geneva Convention" to address the cyber threat.  I agree wholeheartedly with a much stronger diplomatic approach in this space, and I've worked extensively in international forums and with the State Department cyber team over the past decade.  This type of position and representation of the United States in international forums is critical to building effective relationships and solving hard problems in the digital world.  International cooperation should be a requirement, not a recommendation.


Read more in:

Fifth Domain: Bill establishing State Department cyber ambassador passes committee

https://www.fifthdomain.com/federal-oversight/congress/2017/11/15/bill-establishing-state-department-cyber-ambassador-passes-committee/

Nextgov: Bill to Restore State Department Cyber Office Advances

http://www.nextgov.com/cybersecurity/2017/11/bill-restore-state-department-cyber-office-advances/142571/?oref=ng-channeltopstory

House.gov: Cyber Diplomacy Act of 2017 (PDF)

http://docs.house.gov/meetings/FA/FA00/20171115/106637/BILLS-115-HR3776-R000487-Amdt-076.pdf

                                                                                         

--

OnePlus Phones Have Backdoor

(November 14, 15, & 16 2017)

Nearly every model of OnePlus Android phones contains a preloaded diagnostic application that acts as a backdoor. While the EngineerMode app is not readily accessible through the user interface, it is not difficult to find. It could be exploited to gain root access to the device. OnePlus says it plans to release an update that will remove the Android Debug Bridge (ADB) root function from EngineerMode.    


Read more in:

ZDNet: OnePlus: We'll fix flawed app that lets attackers root our phones

http://www.zdnet.com/article/oneplus-well-fix-flawed-app-that-lets-attackers-root-our-phones/

Wired: Hack Brief: OnePlus Phones Have an Unfortunate Backdoor Built In

https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/

Bleeping Computer: OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices

https://www.bleepingcomputer.com/news/security/oneplus-phones-come-preinstalled-with-a-factory-app-that-can-root-devices/

Motherboard: OnePlus Phones Were Shipped With a Hidden Backdoor

https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode

CNET: OnePlus backdoor means hackers could take over your phone

https://www.cnet.com/news/oneplus-backdoor-means-hackers-could-take-over-your-phone/

 

 --

Adobe Patch Tuesday

(November 14 & 15, 2017)

Adobe has released security updates for its Flash Player, Photoshop CC, Acrobat and Reader, and six other products. In all, Adobe patched 86 security issues, including five in Flash Player and 62 in Acrobat and Reader. 


Read more in:

KrebsOnSecurity: Adobe, Microsoft Patch Critical Cracks

https://krebsonsecurity.com/2017/11/adobe-microsoft-patch-critical-cracks/

V3:

Microsoft Patch Tuesday

weighs in at 53 while Adobe rushes out 83 patches to fix scores of 'critical' security flaws

https://www.v3.co.uk/v3-uk/news/3021077/microsoft-patch-tuesday-weighs-in-at-53-while-adobe-rushes-out-83-patches-to-patch-scores-of-critical-security-flaws

Bleeping Computer: Adobe Patches Security Bugs in Flash Player and Eight Other Products

https://www.bleepingcomputer.com/news/security/adobe-patches-security-bugs-in-flash-player-and-eight-other-products/

ZDNet: Adobe patches 67 vulnerabilities in Flash, Reader

http://www.zdnet.com/article/adobe-patches-67-vulnerabilities-in-flash-reader/

 

 --

Microsoft Patch Tuesday

(November 14, 2017)

Microsoft has released fixes for 53 vulnerabilities in a variety of products, including Windows, Office, Edge and Internet Explorer. Twenty of the flaws are rated critical. Four of the patched flaws were previously disclosed but do not appear to have been exploited. One of the known flaws is a remote code execution issue in the Microsoft Equation Editor executable in Office that has been around for 17 years.


Read more in:

KrebsOnSecurity: Adobe, Microsoft Patch Critical Cracks

https://krebsonsecurity.com/2017/11/adobe-microsoft-patch-critical-cracks/

V3:

Microsoft Patch Tuesday

weighs in at 53 while Adobe rushes out 83 patches to fix scores of 'critical' security flaws

https://www.v3.co.uk/v3-uk/news/3021077/microsoft-patch-tuesday-weighs-in-at-53-while-adobe-rushes-out-83-patches-to-patch-scores-of-critical-security-flaws

SC Magazine:

Microsoft Patch Tuesday

: 20 critical issues addressed

https://www.scmagazine.com/microsoft-patch-tuesday-20-critical-issues-addressed/article/707396/

Threatpost: Microsoft Patches 17-Year-Old Office Bug

https://threatpost.com/microsoft-patches-17-year-old-office-bug/128904/

Bleeping Computer: Office Equation Editor Security Bug Runs Malicious Code Without User Interaction

https://www.bleepingcomputer.com/news/security/office-equation-editor-security-bug-runs-malicious-code-without-user-interaction/

Microsoft: Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

 --

Firefox Quantum

(November 14, 2017)

Mozilla has released

Firefox Quantum

, otherwise known as Firefox 57. The newest version of the company's flagship browser is reportedly twice as fast as Firefox 52, which debuted in March 2017. Among the new aspects in

Firefox Quantum

are a redesigned rendering engine, a new user interface, and a return to Google as its default search engine.


[Editor Comments]

[Northcutt] Firefox has been my default browser since its initial release and I have not had any interoperability problems. A browser not tied to Google/Alphabet, Microsoft, or Apple appeals to my sense of privacy. The bad news: about 70% of the code was refactored, or at least touched, in the update. That makes security problems likely. Suggest you use it for general browsing and a different browser for banking or online commerce.


Read more in:

CNET: Firefox's big-bang update brings you speed and a new look

https://www.cnet.com/news/firefox-quantum-update-mozilla-brings-speed-and-a-new-look/

Computerworld: Mozilla seeks return to glory with release of

Firefox Quantum

https://www.computerworld.com/article/3237054/internet/mozilla-seeks-return-to-glory-with-release-of-firefox-quantum.html

 

INTERNET STORM CENTER TECH CORNER

Microsoft Patch Tuesday

Updates

https://portal.msrc.microsoft.com/en-us/security-guidance/summary


Adobe Patches

https://helpx.adobe.com/security.html


Abusing Anti-Virus Quarantine Folders for Priv. Escalation

https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

        

Malicious Document Turns Off Word Macro Protections

https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/


OnePlus Phones Found With Preinstalled Debug App 

https://twitter.com/fs0c131y

https://twitter.com/__Tux/status/754085708843786240


Blueborne Affects Amazon Echo and Google Home Devices (now patched) (PDF)

http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf


More Malicious Apps In Google's Play Store

https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/


A Domain Dashboard For Splunk

https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/


Oracle Critical PeopleSoft Patch

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW


GitHub Introducing Security Alerts for Dependencies

https://github.com/blog/2470-introducing-security-alerts-on-github


Exposing IP Addresses For Hidden Services

http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001


******************************************************************************

The Editorial Board of SANS NewsBites

 

John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service.


Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response.


Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations.


Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course.


Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries.


Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security.


Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu.


Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.


William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.


Lee Neely is a Senior Cyber Analyst at Lawrence Livermore National Laboratory, SANS Analyst and Mentor. He has worked in computer security since 1989.


Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT.


Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org).


Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded.


Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments.


Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.


Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world.


David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.


Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and non-profits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project.


Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security.


Alan Paller is director of research at the SANS Institute.


Brian Honan is an independent security consultant based in Dublin, Ireland.


David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites.


Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription visit https://www.sans.org/account/create