Coronavirus Affecting Conferences; Median Dwell Time Falling; U.S. DoD DISA Breach Affects 200,000; Wyden Pushing for Release of Voting System Audit

AT&T Cybersecurity and Verizon have decided not to attend the RSA Conference in San Francisco this week, citing concerns about the coronavirus. IBM announced its decision not to attend RSA on February 15. The conference is taking place this week as scheduled. Sony and Facebook's Oculus have pulled out of the Game Developer Conference scheduled for March 16-20 in San Francisco. Coronavirus worries have already caused the cancellation of the World Mobile Congress that was to have taken place in in Barcelona February 24-27. Black Hat Asia 2020 has been postponed to fall 2020, and Cisco has cancelled its Cisco Live! Conference that was scheduled to be held in Melbourne, Australia early next month.

Read more in

According to the M-Trends 2020 Report, the global median "dwell time" - the time from initial breach to detection - fell from 78 days to 56 days in just one year. The report also found that while breaches are being detected more quickly, they are more often discovered by third parties rather than internally.

Read more in

The US Department of Defense's (DoD's) Defense Information Systems Agency (DISA) has acknowledged a network breach that compromised the personal information of at least 200,000 individuals. On February 11, 2020, DISA sent letters to the people whose data were compromised, telling them that the breach occurred between May and June 2019. DISA secures and manages White House communications.

Read more in

US Senator Ron Wyden (D-Oregon) is asking a company that conducted an audit on the Voatz mobile voting app to disclose the results. While ShiftState's audit gave Voatz "high marks," researchers at MIT recently published a paper enumerating security concerns present in Voatz. Specifically, Wyden wants to know how many "ShiftState personnel that audited Voatz [have] experience in election security, cryptographic protocol design and analysis, side channel analysis, and blockchain security;" whether ShiftState detected the same flaws the MIT researchers found; and whether the company agrees or disagrees with the MIT findings and why.

Read more in

In "a recent string of stolen Chevrolet Silverado pickups," thieves disabled the OnStar anti-theft technology almost immediately, reducing the likelihood of the vehicles' recovery. Surveillance video has shown how fast the thieves operate - pop the lock, open the hood, change the computer, and disable OnStar tracking.

Read more in

The FBI has arrested a California man for allegedly launching distributed denial-of-service (DDoS) attacks against the website of a political candidate. The suspect's wife worked as a campaign staffer for one of the victim's political opponents.

Read more in

Copenhagen-based ISS World says it is recovering from a malware attack that hit its network last week. The facilities management has more than half a million employees around the world. ISS says it has determined the "root cause" of the problem, but has not said if the malware is ransomware.

Read more in

NRC Health, a company that administers patient satisfaction surveys for hospitals across the US, has acknowledged that its systems were hit with a ransomware attack on February 11. The company shut down its "entire environment" to limit the damage. Hospitals have expressed concern about the security of patient data.

Read more in

Australian freight delivery provider Toll Group is still recovering from a ransomware attack that hit its network in late January. The company has not and does not plan to pay the ransom demand. Toll customers have expressed frustration with delays that resulted from network downtime.

Read more in

The Census Program II "identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities." The report is the work of the Linux Foundation's Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH).

Read more in

Samsung said that a data security incident last week allowed some users to view other users' information. The company says the incident was not related to the mysterious "1/1" push notifications some users reported receiving. Those notifications came from the Find My Mobile app even if the users had it disabled.

Read more in

A Tech Report from the FBI's Portland, Oregon Field Office encourages people to use passphrases of at least 15 characters rather than passwords, because the longer passphrases are more difficult to crack. The passphrases do not need to contain numbers, special characters, or a combination of upper- and lower-case letters.

Read more in

Zyxel, which makes networking devices, has released a fix for a remote code execution vulnerability affecting some of its Network Attached Storage (NAS) products. Zyxel learned of the issue nearly two weeks ago, when KrebsOnSecurity notified the company that directions for exploiting the flaw were being offered for sale online. Some of the products affected by the vulnerability are no longer supported.

Read more in