• News

California Cyber News

The state wants to add every city and county government to its automated threat feed program in the next three to four years.

The California Cybersecurity Integration Center alerted its partners to the Thomas Fire along Interstate 5, before the largest wildfire in the state’s modern history was phoned in last December.

Someone had taken to Twitter to first report the blaze, and Cal-CSIC’s media scrapers—which plug into its automated threat feed—noticed.

Cal-CSIC, pronounced “cal-sick,” was created by Gov. Jerry Brown’s executive order in August 2015 to prioritize cyber threats to public sector agencies and expand into the private sector.

Read more: How California Is Improving Cyber Threat Information Sharing

Study documents growing need for qualified cybersecurity workers in the marketplace.

Sacramento, Calif. – Today, the Governor’s Office of Business and Economic Development (GO-Biz), in conjunction with the Governor’s Office of Planning and Research (OPR), released the results of a California Cybersecurity Labor Market Analysis and Statewide Survey. This document details the findings of a study done by the California Community Colleges Centers of Excellence for Labor Market Research and demonstrates that there is much work to be done in order to adequately prepare Californians for the demands of the digital and cyber economy.

Conducted as part of the California Advanced Supply Chain Analysis & Diversification Effort (CASCADE) initiative funded by the U.S. Department of Defense, the study gathered information about workforce needs in California and the scope of training being provided by educational providers across the state. It found an alarming gap in the supply of qualified cybersecurity workers prepared to fill the 35,000 cybersecurity-related annual job openings that exist in California.

Read more: GO-Biz Releases Cybersecurity Labor Market Study

GenCyber Camp Brings Technology to Underserved Groups

Carrie Raleigh didn’t know the first thing about cybersecurity when she started working for the Girl Scouts of San Gorgonio Council. And, who could blame her? It’s a far cry from the things traditionally associated with the scouting program.

Over the past three years, Raleigh and colleague Knea Hawley brought the GenCyber program under the Girl Scouts umbrella and opened the doors for even more young women to learn about cybersecurity.

“I’ve learned so much and it’s been an amazing journey. Now it’s one of those things I talk about all the time,” Raleigh said. “It’s been so eye opening to me realizing the potential in the field for these girls. We can connect them with the training they need for this large opportunity in front of them.”

GenCyber is a nationwide program with camps in nearly all 50 states. The San Bernardino camps were held June 18-22 at CSU San Bernardino. The program was funded by a National Science Foundation grant received by CSUSB that made it free to all attendees. CSUSB has invited the Girl Scouts of San Gorgonio Council to participate in their GenCyber camp since 2015.

Beyond learning the basics of cybersecurity, girls had the opportunity to meet with industry professionals from Google, Facebook and Bank of America just to name a few. While it took a lot of coordination from the GenCyber planning team, Raleigh said it was worth it for the students and the employers.

Read more: Cyber Heroes Carrie Raleigh and Knea Hawley Empower Middle and High School Girls Through...

Original article posted on CompTIA

Stackable certifications demonstrate that you’ve earned multiple CompTIA certifications and have the knowledge and experience needed to grow your IT career. They validate the skills of various IT roles and show a deeper mastery, opening up more job opportunities for you. Stackable certifications require active CE certifications. Good-for-life certification holders may earn these stackable certifications by re-certifying and validating that their skills are up to date.

Read more: Stackable Certifications

CompTIA Career Pathway

CompTIA certifications align with IT infrastructure and cybersecurity career paths, with each added certification representing a deepening of your expertise. Core certifications, like CompTIA A+, lay the groundwork for the specialized pathway certifications, and additional professional certifications cover necessary IT skills like project management.

For more information visit CompTIA IT Certifications

For the first time, DOJ describes how it will respond to influence plots like Russia’s interference in the 2016 presidential race.

Original article posted on Politico.com by ERIC GELLER 07/19/2018 08:57 PM EDT

“That policy reflects an effort to articulate neutral principles so that when the issue that the government confronted in 2016 arises again — as it surely will — there will be a framework to address it," said Deputy Attorney General Rod Rosenstein.

The Justice Department on Thursday issued a wide-ranging report (Cyber Digital Task Force) describing the cyber threats facing the United States and the department’s tactics for investigating, disrupting and deterring those risks.

Most significantly, the report contains the first public description of how the DOJ will assess and respond to foreign influence operations like Russia’s 2016 election meddling.

Read more: Justice Department unveils strategy to fight election meddling, cybercrime

Original article posted on ThreatPost.com

Two vulnerabilities were discovered on Dongguan Diqee-branded vacuum cleaners, Thursday.

Researchers have uncovered vulnerabilities in an connected vacuum cleaner lineup that could allow attackers to eavesdrop, perform video surveillance and steal private data from victims.

Two vulnerabilities were discovered in Dongguan Diqee 360 vacuum cleaners, which tout Wi-Fi capabilities, a webcam with night vision, and smartphone-controlled navigation controls. These would allow control over the device as well as the ability to intercept data on a home Wi-Fi network.

“Like any other IoT device, these robot vacuum cleaners could be marshaled into a botnet for DDoS attacks, but that’s not even the worst-case scenario, at least for owners,” Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, said on Thursday.

Read more: IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims

The first member of the Proton malware family?

Original article on SecureList By Mikhail Kuzin, Sergey Zelensky on July 20, 2018. 10:00 am

An interesting aspect of studying a particular piece of malware is tracing its evolution and observing how the creators gradually add new monetization or entrenchment techniques. Also of interest are developmental prototypes that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto.

The malware was uploaded to VirusTotal way back in 2016, most likely the same year it was created. But for two whole years, until May 2018, Calisto remained off the radar of antivirus solutions, with the first detections on VT appearing only recently.

Read more: Calisto Trojan for macOS

Girl Scouts unveils 30 new STEM-related badges, including space exploration and cybersecurity

Original article posted on theverge.com

Girl Scouts of the USA announced today that it will introduce a slew of new badges that address what it called “some of society’s most pressing needs” by homing in on STEM and technology-related issues and advocacy for girls.

The 30 badges will be available exclusively for girls between the ages of five and 18 for efforts and advocacy in cybersecurity, robotics, computer science, space exploration, and the environment. The badges will be earned when girls learn how to code or design robots, take action to protect the environment, or learn how to spot crimes being committed online. The new offerings are among a number of badges the organization has introduced over the past years to boost interest and participation in fields where women are traditionally underrepresented.

In November of last year, the Girl Scouts announced that it would integrate STEM-related programs into its organization to help reduce the gender gap in those fields in the future.

Read more: Girl Scouts unveils 30 new STEM-related badges, including space exploration and cybersecurity

Original article posted on WeGoBusiness

California’s new law on consumer privacy that is scheduled to come into effect on 1st January 2020 is not compliant with the provisions of the GDPR. This is despite the fact that the law is being viewed as the US’s most aggressive and strongest step in the sphere of privacy protection.

AB-375 vs GDPR

The new law stipulates that from 1st January 2020 onwards, companies will need to inform California state residents what information they are collecting about state residents and also how they propose to use it in the future.

The law will also people to direct such companies to stop selling or delete such private information. However, neither will the statute prevent businesses from collecting information about people nor give California residents the choice to legally order a company to acquire their information.

Read more: VPN : California Online Privacy Law vs EU’s GDPR – WeGoBusiness - Top business stories from around...

A new report from Positive Technologies details the top threats facing businesses in a variety of sectors.

Original article posted on techrepublic.com

On Tuesday, Positive Technologies released a report revealing an increase in the number of cyber incidents occurring between Q1 2017 and Q1 2018. According to the report, analysts identified a 32% jump in unique cyber incidents.

While a general growth of cybersecurity issues could be considered typical, the report found that several other cybersecurity related concerns have also increased over the year as well.

Hackers, according to the report, have an increased interest in personal data such as account credentials. Data theft also makes up for a large share of the total cybersecurity threatscape— 13% more than the 2017 average.

Read more: Why cybersecurity incidents are up 32% from last year

In an age where businesses falling victim to cyberattacks is a daily occurrence, it’s essential that firms have proactive incident response teams that can help to lessen the threat to reputation.

Original article on itproportal.com

We live and do business in a world fraught with cyber risks. Every day, companies and consumers are targeted with attacks of varying sophistication, and it has become increasingly apparent that everyone is considered fair game. Organisations of all sizes and industries are falling victim, and the cyber risk is quickly becoming one of the most prevalent threats.

When disruptions do occur from cyberattacks or other data incidents they not only have a direct financial impact, but an ongoing effect on reputation. For example, Carphone Warehouse fell victim to a cyberattack in 2015, which resulted in the compromising of data belonging to more than three million customers and 1,000 employees. While it suffered financial losses from the remedial costs, which included a £400,000 fine from the Information Commissioner’s Office (ICO), it also led to consumers questioning whether their data was truly secure with the retailer and if it was simply safer to shop elsewhere. That loss in consumer confidence is incredibly difficult to claw back, particularly at a time when grievances can be aired on social media and be shared hundreds or thousands of times.

Read more: The cybersecurity incident response team: the new vital business team

Article originally posted on https://apnews.com/

SACRAMENTO, Calif. (AP) — Journalists, researchers and political campaigns that receive voter data must tell California officials if it may have been stolen under a new law Gov. Jerry Brown announced he signed Monday.

It requires people and organizations that have California voter registration data to report security breaches affecting the storage of that information, which can include names, birth dates and addresses.

Counties and the secretary of state’s office provide voter registration information to people and organizations who agree to use the data only for journalistic, scholarly, political or government purposes.

The new law directs the secretary of state to develop guidelines for how such information should be securely stored.

Read more: New California law requires voter data breach reporting

A consortium of local community colleges is going into overdrive with its award-winning programs to train students in San Bernardino and Riverside counties with the workforce-ready skills needed for careers protecting data from online thieves.

The need is profound. More than 300,000 unfilled cybersecurity jobs are currently available across the country, including 35,000 in California and close to 700 in the Inland Empire.

At the core of the new partnership is the Inland Empire CyberHub centers, a regional cyber security support network charged with strengthening existing programs at various colleges, embarking on new initiatives and building stronger cyber security career pathways for students in middle and high school. Chaffey College, College of the Desert, Moreno Valley College, Mt. San Jacinto College, Riverside City College, and San Bernardino Valley College are among those signing on so far.

Read more: New CyberHub Centers Aimed at Filling Skills Gaps in Data Protection Careers

MORENO VALLEY COLLEGE / POSTED IN: COMMUNITY, CURRICULUM, IMPACT, NEWS, STUDENTS / JUL 10, 2018

On June 25, 2018, more than 117 participants joined 2018 Cyber Camp at Moreno Valley College. Middle and high school students from Moreno Valley, Temecula, Riverside, Rancho Cucamonga and Perris Unified School Districts gathered in teams to learn and practice in cybersecurity and coding topics. On June 29, 2018, Cyber Camp and Cyber Olympics concluded the training sessions with two competitions, Cyber Challenges in Windows 10 and Ubuntu 16 and Coding Olympics Team Challenge. Cyber Challenges entailed required students to solve system security issues based on knowledge and skills gained during the Beginner and Advanced Cyber Camp training sessions. One team from Beginner and Advanced camp earned top scores in this competition. Students were individually recognized for their dedication, team work and effort in the award ceremony, in which they received Air Force Association’s Cyber Camp certificates and small prizes.

Read more: Creating a Culture of Cyber Security Awareness

Twenty high school teams competed in simulated cybersecurity challenges during annual statewide competition

SAN LUIS OBISPO — After successfully blocking a mock ransomware attack on a medical facility, North Hollywood High School’s “Truman” team took first place in the annual California Cyber Innovation Challenge, hosted June 23-25 at Cal Poly.

More than 100 high school students from around the state took part in the two-day competition, designed to replicate the many different threats that cybersecurity professionals face. This year’s challenge transformed Cal Poly’s California Cybersecurity Institute (CCI) into a military hospital so students could immerse themselves in a real-world scenario using state-of-the-art forensics tools.

"I found this year’s California Cyber Innovation Challenge both creative and challenging,” said Jillian Kusch, a member of the North Hollywood High team. “It tested the limits of what I thought I knew about digital forensics and required me to work diligently within my team to thwart a life-threatening malware attack.”

Read more: North Hollywood High School Wins Title at California Cyber Innovation Challenge at Cal Poly

Liz Fraumann found her way into an IT focus more than a decade ago and hasn’t looked back since. Along the way, she’s helped make cyber security a priority in San Diego and fostered a love of the field in countless students thanks to programs like the SoCal Cyber Cup Challenge and SOeC Cyber Boot Camp.

Fraumann is the executive director of the Securing Our eCity Foundation, an organization that was formally incorporated in 2011 to increase cyber security awareness, education, and prepredness in the San Diego region by focusing on the human element in education and outreach. Prior to this time the program was an initiative fostered by ESET North America.

Read more: Cyber Hero Liz Fraumann Shows that Cyber Security is not all Doom and Gloom

FOR IMMEDIATE RELEASE
Contact: Teana Fredeen
(805) 235-3361 
[email protected]

Students, parents, teachers invited to join by attending a cyber camp or competition
Riverside, Calif. — What’s the best part about winning a competition? The trophy, of course. But in the case of the California Mayors Cyber Cup Challenge, the winning team took just as much pride in giving the trophy as it did in receiving one.

A team of Navy JROTC students from Martin Luther King High School in Riverside won the Inland Empire California Mayors Cyber Cup Challenge in April; another team from the school took second place in the competition. On June 19, the winning team presented the perpetual cyber cup trophy to Riverside Mayor Rusty Bailey.

Read more: Challenge brings education, government, industry together to build a strong cybersecurity workforce

What comes to mind when you picture an apprentice? Maybe a plumber, welder, or some other type of trade. But what about someone at a computer learning about information technology?

Ticket Into Tech, a new apprenticeship program in San Luis Obispo, is connecting students with businesses to learn the tools of the IT trade in a real-world setting. In the process, the program is revitalizing a centuries-old concept to train workers in the local community and creating a whole new model for how businesses can engage in the educational process.

Ticket Into Tech allows students to gain experience for their resumes while working alongside cybersecurity and other IT professionals.

“Apprenticeship is the gateway to getting the experience that’s necessary to landing a job in technology,” said SLO Partners Executive Director Michael Speccierla “It provides businesses with a way to hire skilled local talent that can keep pace with the rapid changes in technology.”

Read more: SLO Partners: Letting Businesses Drive IT Apprenticeships

High school senior Christian Pinkston was nervous before an exam he took recently, but not in the way you might expect. Rather than studying for history or chemistry, he was preparing to take a CompTIA IT Fundamentals certification exam.

“It was a lot of focused studying in class, in groups, and long nights staying up so when the day came it was going to pay off,” Pinkston said. “The test itself was very nerve-wracking and in some ways scary, but the feeling you get when you pass is amazing.”

As anyone who has worked in IT knows, certifications are key to a successful career. The earlier someone can obtain them, the better equipped they’ll be to meet the demands of the cybersecurity workforce. In fact, they are a natural next step from cyber competitions — turning that experience into real-world skills that can be applied in a variety of fields.

However, certifications are expensive and the process to earn them is complicated. A new partnership between the California Cyberhub and the Computing Technology Industry Association (CompTIA) is already streamlining the process and opening up certifications to middle and high students across California.

The vouchers allow students to obtain CompTIA IT Fundamentals certification by watching free video training on ITProTV and completing exercises on virtual machines through Practice Labs. The entire program is free to schools and other organizations that apply exam proctors through the California Cyberhub, thanks to funding from the California Community Colleges Information Communication Technologies and Digital Media sector.

Read more: Voucher Program Prepares Students for a Career Where Certifications are Crucial

Copyright 2016 SynED