SOUTHFIELD – The Michigan Chapter of Women in Defense, an organization for women in the defense industry, announces applications are being accepted for the 2017 Women in Defense Horizons – Michigan Scholarship.

The scholarship is available to women who are United States citizens, residents of Michigan, enrolled at an accredited Michigan college or university, have at least junior academic status, and have a minimum grade point average of 3.25.

Applicants should also demonstrate an interest in pursuing a career related to national security and defense. Preferred fields of study include security studies, military history, government relations, engineering, computer science, physics, mathematics, business (as it relates to national security or defense), law (as it relates to national security or defense), international relations, political science, economics. Others will be considered if the applicant can successfully demonstrate relevance to a career in the areas of national security or defense.

Since the scholarship was established in 2009, 28 women have received more than $100,000 in educational funding under the program.

For more information about the program, visit http://www.wid-mi.org/programs/horizons-scholarship. The deadline to apply with supporting materials is May 12. For further information contact the WID-MI scholarship director at scholarships@wid-mi.org.

The post Applications Now Open For Women In Defense Horizons – Michigan Scholarships appeared first on MITechNews.

ANN ARBOR- A sweeping study of an internet communication mechanism common in mobile devices has revealed that so-called ‘open ports’ are much more vulnerable to security breaches than previously thought.

The vulnerability the University of Michigan researchers highlighted is most pronounced in Android apps that let users share data across devices and connect to their phones from their computers. One app, called Wifi File Transfer, has been downloaded more than 10 million times.

Open port backdoors could be exploited to steal private information such as contacts, security credentials and photos; to remotely control a device; to perform a denial of service attack; or to inject malicious code that could jumpstart widespread, virus-like attacks, the researchers say.

How to protect yourself

They have some advice for Android users: Update AirDroid to the latest patched version (AirDroid is pre-installed on some devices). Don’t use the default passcodes. Only launch vulnerable open port apps when you need them, and after using them, be sure to exit them fully through the task manager.

“When choosing an app whose functionality is data sharing across devices, proxy/VPN, or enabling the user to control a phone remotely—without physically accessing it—we recommend being extra careful. Consider using only those created by developers with good reputations,” said Yunhan Jia, a doctoral student in computer science and engineering who is involved in the research.

The team identified 410 apps with dangerous insecurities, and 956 different individual ways those insecurities could be exploited. Beyond these figures, they manually confirmed vulnerabilities in 57 applications, including popular file transfer mobile apps with 10-to-50 million downloads. Overall, the number of mobile devices at risk could turn out to be higher, as the researchers continue to investigate how open ports are used in mobile devices.

Open ports and their history

Open ports are integral pieces of internet infrastructure that allow computer programs to accept packets of information from remote servers. These communication mechanisms are routinely used in traditional computers, where they’re secure in part because computers’ Internet Protocol addresses don’t change. An IP address identifies a connected device.

Smartphones also rely on open ports to receive certain types of information. But because of the way mobile networks are structured, phones’ IP addresses can change as they move through the world. This and other factors relating to mobile architecture lead to these vulnerabilities, the researchers say.

The U-M team isn’t the first to identify that open ports on mobile devices could be susceptible to hacking. But their systematic study has shown how widespread the problem is.

Open ports were implicated in the November 2015 “wormhole” vulnerability in a software development kit made by Baidu, a Chinese internet services company. The issue affected thousands of Android apps and at least 100 million devices. While the number of devices affected was high, the U-M researchers say this represents just one usage of open ports.

“Even though the security community has been aware of that specific instance in which an open port served as a backdoor, it remained unclear how general the problem is—and what the fundamental causes are,” said Z. Morley Mao, U-M professor of computer science and engineering and the Morris Wellman Faculty Development Professor.

“We are the first to show that this is actually a widespread problem for mobile apps using open ports. We systematically detected a large number of such threats in the wild.”

How they did it

To arrive at their findings, they designed and implemented a tool called OPAnalyzer that  can identify and characterize vulnerable open port usage in Android apps. They analyzed 24,000 popular mobiles apps.

The researchers found that more than half of the usage of open ports in the apps they studied is unprotected. While not all of those instances could be exploited to do harm, the researchers say their unprotected nature demonstrates a general lack of awareness of the problem.

The researchers also investigated the fundamental causes behind this general vulnerability, and they found that it is exposed by popular ways open ports are used in the smartphone ecosystem, rather than poor implementation of apps.

The researchers identified certain steps app developers can take to mitigate the vulnerability. More information can be found on their Mobile Open Port Security website.

The team has reported vulnerabilities to affected app developers. Their website includes videos of threat model demos, defense demos, and app manufacturer responses.

In addition to Mao and Jia, the research team includes Qi Alfred Chen and Yikai Lin, doctoral students in computer science and engineering; and Chao Kong, a master’s student in computer science and engineering.

Study

Mobile Open Port Security website (with demo videos)

The post Smartphone Security Hole: ‘Open Port’ Backdoors Widespread appeared first on MITechNews.

WASHINGTON DC – It was a bombshell. Operatives from two Russian spy agencies had infiltrated computers of the Democratic National Committee, months before the US national election.

One agency — nicknamed Cozy Bear by cybersecurity company CrowdStrike — used a tool that was “ingenious in its simplicity and power” to insert malicious code into the DNC’s computers, CrowdStrike’s Chief Technology Officer Dmitri Alperovitch wrote in a June blog post. The other group, nicknamed Fancy Bear, remotely grabbed control of the DNC’s computers.

By October, the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security agreed that Russia was behind the DNC hack. On Dec. 29, those agencies, together with the FBI, issued a joint statement reaffirming that conclusion.

And a week later, the Office of the Director of National Intelligence summarized its findings (PDF)in a declassified (read: scrubbed) report. Even President Donald Trump acknowledged, “It was Russia,” a few days later — although he told “Face the Nation” earlier this week it “could’ve been China.”

On Tuesday, the House Intelligence Committee heard testimony from top intelligence officials, including FBI Director James Comey and NSA Director Mike Rogers. But the hearing was closed to the public, and new details on the hacking attacks haven’t emerged from either the House or the Senate’s investigations into Russia’s alleged attempt to influence the election.

However, during the Senate Judiciary Committee’s open hearing on Wednesday, Comey agreed that the Russian government was still influencing American politics.

To read the rest of this story, click on https://www.cnet.com/news/how-experts-decided-russia-hacked-dnc-election/?ftag=CAD2e9d5b9&bhid=20102274281679224800074149012732

The post How Cybersleuths Decided Russian Hacked The DNC And Impacted US Election appeared first on MITechNews.

MOUNTAIN VIEW – Google shut down a massive phishing scam that targeted users of its Google Docs service. You know, basically everyone.

The sophisticated phishing scam spread across the web on Wednesday afternoon, tricking people into giving up access to their Google accounts. Some people, like Reddit user JakeSteam, said the scam is so sophisticated it’s virtually undetectable.

After offering some obvious advice — don’t click on the link — Google tweeted it had wrestled the situation under control.

Phishing, of course, is nothing new and Google users get targeted often. In 2014, a similar scam targeted Docs and Drive users. The current ruse appears to have targeted journalists and educators, according to reports.

This scheme is different because it focuses on stealing access to your account rather than stealing your username and password. The attacker created a rogue app made to look like Google Docs, which unsuspecting victims would grant permission to.

The post Google Shuts Down Massive Google Docs Phishing Scam appeared first on MITechNews.

DETROIT – Richard Stiennon is an internationally recognized security analyst and author with a sharp eye for security weaknesses and trends. He is the Chief Strategy Officer at Blancco Technology Group, former industry analyst and author of There Will Be Cyberwar, a Washington Post Bestseller. He joined the Internet Advisor gang to talk about the biggest cyber security threats today.

To listen, click on http://internetadvisor.net/2017/05/the-cheapskate-is-in-the-house-sat-may-6-2017-5-7-pm-wjr-760-am-detroit/

The post CyberSecurity Headlines: French Election Email Bomb…Computer Apps Eavesdropping…Two Factor Banking Hacked appeared first on MITechNews.

WASHINGTON DC – President Donald Trump signed an executive order on Thursday to bolster the government’s cyber security and protect critical infrastructure from cyber attacks, marking his first significant action to address what he has called a top priority.

The order seeks to improve the often-maligned network security of U.S. government agencies, from which foreign governments and other hackers have pilfered millions of personal records and other forms of sensitive data in recent years.

The White House said the order also aimed to enhance protection of infrastructure such as the energy grid and financial sector from sophisticated attacks that officials have warned could pose a national security threat or cripple parts of the economy.

The directive, which drew largely favorable reviews from cyber experts and industry groups, also lays out goals to develop a more robust cyber deterrence strategy, in part by forging strong cooperation with U.S. allies in cyberspace.

White House homeland security adviser Tom Bossert said the order sought to build on efforts undertaken by the former Obama administration.

Among the notable changes, heads of federal agencies must use a framework developed by the National Institute of Standards and Technology to assess and manage cyber risk, and prepare a report within 90 days documenting how they will implement it.

The Obama administration had encouraged the private sector to adopt the voluntary NIST framework. But it did not require government agencies to do so, which opened it up to criticism as it frequently scrambled to respond to major hacks, such as the theft of more than 20 million personnel records from the Office of Personnel Management.

Government agencies would now “practice what they preach,” Bossert told reporters during a White House briefing. “A lot of progress was made in the last administration, but not nearly enough.”

Michael Daniel, who served as White House cyber security coordinator under former Democratic President Barack Obama, generally praised the order but said it was largely “a plan for a plan.”

Trump, a Republican, has also asked agencies to review their federal workforce’s cyber talent, an area where the government has faced a growing shortfall of qualified personnel in recent years.

The order calls for an examination of the impact of moving agencies toward a shared information technology environment, such as through cloud computing services. It also urges voluntary cooperation with the private sector to develop better strategies to fend off and reduce attacks from botnets, or networks of infected devices.

Trump nearly signed a cyber security measure just days into his presidency in January, but it was pulled back to allow for more input from federal agencies and consultation with experts.

Before taking office, Trump said he intended to make cyber security a priority of his administration. But he has raised alarm among cyber security experts by frequently using a personal Twitter that could be hacked by an adversary. His skepticism of the conclusion by U.S. intelligence agencies that Russia hacked Democratic emails during the election to help him win has drawn criticism.

Russia has repeatedly denied assertions it used cyber means to meddle in the U.S. election.

Bossert said Russia’s alleged hacks were not a motivation for the order, adding that “the Russians are not our only adversary on the internet.”

Cybersecurity expert Dan Lohrmann will appear on M2 Techcast Monday May 15 to discuss the Trump Executive Order. M2 Techcast airs live from 3 to 4 pm on www.podcastdetroit.com. You also can live on-demand at https://mitechnews.com/category/m2-techcast/

The post Trump Signs Order To Bolster U.S. Cybersecurity, Protect Critical Infrastructure appeared first on MITechNews.

NOVI – Can you ensure your data is secure while your workforce is on the go? Red Level will show you how to make your workforce mobile, and secure, during a free webinar May 24 at 1 pm.

In this webinar, Red Level will discuss how Microsoft’s cloud-based security solutions (including Office 365, Enterprise Mobility + Security, and Windows 10 Enterprise) provide businesses of all sizes a simple and cost-effective option to empower the modern worker while protecting corporate assets and data.

According to IDC, by 2020 mobile workers will account for nearly three-quarters (72.3 percent) of the U.S. workforce. Today, mobile devices outnumber the entire human population. How do you keep your business data secure in a “work anywhere at any time from any device” world. 

Attend for your chance to win the new Surface Laptop, a Microsoft Cloud Security workshop or an American Express gift card.

To register, click on http://www.redlevelnetworks.com/mobile-workforce-webinar

The post Red Level Free Webinar May 24 Will Show Businesses How To Make Workforce Mobile, And Secure appeared first on MITechNews.

Click Here to Listen to The Bridge By Coca Cola

The post The Bridge – Unique Commercialization Program For Startups appeared first on MITechNews.

ROYAL OAK – Justin Coffey, the Red Level Microsoft Solutions Manager, asked the questions: “How Mobile is Your Workforce?” In light of the Ransomeware attack earlier this month that swept through Europe and Asia, he also asks how secure is your network.

Both of these questions also will be dealt with on May 24 when Red Level hosts a free online webinar to discuss how Microsoft’s cloud-based security solutions (including Office 365, Enterprise Mobility + Security, and Windows 10 Enterprise) provide businesses of all sizes a simple and cost-effective option to empower the modern worker while protecting corporate assets and data.

According to IDC, by 2020 mobile workers will account for nearly three-quarters (72.3 percent) of the U.S. workforce. Today, mobile devices outnumber the entire human population. How do you keep your business data secure in a “work anywhere at any time from any device” world. 

Attend for your chance to win the new Surface Laptop, a Microsoft Cloud Security workshop or an American Express gift card.

To register, click on http://www.redlevelnetworks.com/mobile-workforce-webinar

To listen to this podcast, and get all the details about the WannaCry ransomware attack, click on https://soundcloud.com/podcastdetroit/m2-techcast-episode-82-red-level-justin-coffey

The post How Mobile Is Your Workforce? How Secure Is Your Network? Red Level’s Coffey Answers Both Questions appeared first on MITechNews.

FLINT — Baker College will launch two graduate degrees fall 2017 for those wishing to enter or advance in the cybersecurity field: an MBA in cloud security risk management and a Master of Science in information systems (MSIS) in cloud security risk management. Enrollment is now open for courses that begin Aug. 28.

“These new graduate degrees will help address the critical need for cyber and cloud security professionals in the U.S. as cyberattacks, security breaches, compliance challenges and new technologies fuel demand for qualified workers,” said Jill Langen, president of Baker College Online and its Center for Graduate Studies.

Courses in the concentration of cloud security risk management will be provided through a partnership with Mission Critical Institute (MCI) of Reston, Va. MCI is a developer of cybersecurity education programs recognized by the Department of Homeland Security.

“Baker College stood out as an excellent partner because its online programs are rated among the top in the nation, and it offers strong undergraduate cyber defense programs,” said V. N. Berlin, Ph.D., MCI president. “The two organizations are also aligned in focusing on career education that meets workforce needs by preparing students to be job-ready at graduation.”

Baker College appoints MCI-certified expert practicing cybersecurity faculty to teach and mentor students through practitioner-oriented cybersecurity curriculum. Major courses will include in-depth exam preparation for certifications needed for cybersecurity employment in business and government.

The curriculum is based on the U.S. government’s recommended set of industry standards and best practices developed by the Department of Commerce’s National Institute of Standards and Technology to help organizations manage cybersecurity risks.

For more information about the two new degrees in cloud security risk management, contact Christine Olyer, MCI program manager, at colyer@mci-cyber.org.

Baker College is a not-for-profit higher education institution accredited by the Higher Learning Commission. Founded in 1911, Baker grants doctoral, master’s, bachelor’s and associate degrees, as well as certificates in diverse academic fields including applied technology, business, education, engineering, health science, information technology and social science. There are Baker campuses in Allen Park, Auburn Hills, Cadillac, Cass City, Clinton Township, Coldwater, Flint, Fremont, Jackson, NMuskegon, Owosso and Port Huron in Michigan, and in Reading, Pa.  that can be completed 100 percent online without ever visiting a campus. For information, visit http://www.baker.edu.

The post Baker College Adds Online Graduate Degrees In Cloud Security Risk Management appeared first on MITechNews.

ANN ARBOR – Companies across the globe are still reeling and recovering from the global ransomware attack known as WannaCry on Friday, which took down tens of thousands of machines in 150 countries, including Britain’s National Health System. How and why did this happen?

I’ve mentioned ransomware before and how it’s distributed, how it particularly affects healthcare, and the rise of ransomware as a service. Friday’s attack was unusual in how quickly the infection spread, but it also reminded us of an age-old life lesson: It’s really important to keep your systems patched and up to date.

Prevention is the best cure

The security world has been saying it for years, but now it has another true-to-life case in point: Update your machine when it tells you to. The attack on May 12 took advantage of a zero-day vulnerability in all Microsoft systems before Windows 10. Microsoft had released a patch for it back in March (even issuing a rare patch for the now-unsupported Windows XP systems), but most people treat system updates the way they treat pre-cancer screenings: “I’m fine now, so why should I worry about it?”

Well, just like you don’t want cancer, you don’t want ransomware, either. Company-issued patches often address security vulnerabilities and keep your system better protected against ransomware and other malicious activity. For personal computers it’s a matter of dedicating the few minutes it takes to install the patch(es) and reboot. For enterprise, it’s a different story. It’s not only the time it takes to install patches on potentially hundreds of machines, but there are software compatibility and patch priority issues as well, which can turn a simple update into a much more complicated mess. It’s for these reasons that many enterprises are slow to patch their systems, and this unfortunately leaves them as prime targets for malicious actors to take advantage of.

How does WannaCry work?

WannaCry (and now new variants) are exploiting a vulnerability in Windows known as SMBv1 and SMBv2. SMB , known as Server Message Block, is a networking component of Windows that’s mainly used for providing shared access to files, printers and miscellaneous communications between nodes on a network. Security researchers believe that is how the infection has been able to spread so quickly–much more quickly than anticipated.

Why ransom payments are low

You might have noticed that while the WannaCry attack from Friday hit thousands and thousands of computers, the total ransom collected so far is just over $100,000. That’s pretty low by ransomware standards. There are a few reasons for this:

1. The ransomware gave victims 72 hours before their payment doubled, and that time window has only just passed. Security researchers expect more money to go to the Bitcoin wallets of the hackers but for now, it’s low considering the scale of the attack.
2. Despite Bitcoin’s growing popularity, most people don’t use it or know how to get it. Doing so takes some time, and determining how much to pay based on how many computers were infected will also take time.
3. The hackers, by all accounts, seem to be rather unsophisticated. The original payment asked for $300, which is absurdly reasonable compared to the average payment of $1,000 or more. Then there’s the problem of WannaCry’s decryption process, or lack thereof. According to a blog post from cybersecurity firm Check Point, “WannaCry doesn’t seem to have a way of associating a payment to the person making it.” For now, victims just have to pay, and wait. Most security researchers and governments have urged victims not to pay the ransom, and it appears that most victims haven’t–yet. In fact, there are reports of people getting their data back even if they haven’t paid the ransom.

What’s next

A security researcher going by the name Malware Tech accidentally stumbled upon a killswitch built into the malware, which stopped the infection from spreading. However, new variants of the malware have been released, known as Uiwix and EternalRocks. These new variants are believed to no longer have the killswitch built in, which means the only way of stopping a new infection is to patch the SMB vulnerability in Windows. Information can be found for Microsoft here for WannaCry support, as well as direct downloads to patch each version of Windows with the SMB vulnerability. Be sure you’re also running a robust antivirus that can check for new malware strains as they appear.

This column was written by Nick Lumsden, Vice President of Product Strategy and Technology, at Online Tech. To email Nick, click on nlumsden@onlinetech.com

The post Breaking Down The WannaCry Ransomware Attack appeared first on MITechNews.

INDIANAPOLIS – Online Tech has been selected as the disaster recovery provider of choice for Milhaus, a mixed-use housing developer. One of the fastest growing companies in Indianapolis, Milhaus designs, builds and manages luxury apartments in urban areas across the U.S.

Milhaus was looking to protect its critical telecommunications, file and accounting services with a disaster recovery solution. According to Steve Werner, Director of Technology at Milhaus, they wanted a local provider who could reduce their recovery time from a week to less than 24 hours and had the technical expertise to implement that solution. Werner solved both problems with Online Tech and their Disaster Recovery as a Service solution (OT DRaaS).

The combination of Online Tech’s experience and expertise with data replication service provider Zerto has worked well for Milhaus.

“I think Online Tech has a great platform,” Werner said. “I just have a few clicks of a button, and I can access my server and get it up and running. It’s hard for a lot of other providers to say, ‘We’ll get your servers back in an hour.’ Zerto and Online Tech can do that.”

Online Tech will host Milhaus’s disaster-recovery-as-a-service environment at their secure, compliant data centers, along with file-level and image backup services. Werner added that Online Tech’s geographical diversity with seven data centers in three states was an important factor when deciding on a service provider.

“Milhaus is a forward-thinking company that is making a real positive impact in our communities and we are thrilled to be able to help them protect their mission,” said Ruth Miles, General Manager of Indiana Region.

Online Tech has provided expert cloud hosting, disaster recovery, backup and support services for more than 20 years. Their locations throughout Michigan, Indiana and Missouri specifically have focused on secure, compliant hybrid cloud and disaster recovery services.

For more information about OT DRaaS, visit www.onlinetech.com/draas. To read the full case study, visit http://www.onlinetech.com/resources/case-studies/milhaus-a-disaster-recovery-as-a-service-case-study.

For more information about Online Tech, call (877) 740-5028, email solutions@onlinetech.com or visit www.onlinetech.com.

The post Milhaus Partners With Online Tech For Its Disaster Recovery As A Service Solution appeared first on MITechNews.

MOUNTAIN VIEW – Gmail is hoping to prevent phishing with machine learning, like its early phishing detection. If an email looks suspicious and heads to a person’s inbox, Gmail will delay it and analyze the message to make sure it’s not a phishing attempt.

Google said the delay would account for less than 0.05 percent of emails. Considering Gmail’s scale, even a small percentage means it will affect millions of people. The massive Google Docs phishing attack only affected 0.1 percent of Gmail’s users, but it meant at least 1 million people were still briefly breached before Google shut down the OAuth hack.

The automated malware search uses machine learning from Google’s Safe Browsing, which warns people when they’re heading onto an insecure website or a page with malware. In Gmail, it will warn about phishy URLs and links that lead to cyberattacks.

The Sans Institute estimates that 95 percent of cyberattacks starting with spear phishing, in which a specific individual is targeted. Google hopes it’s automated system will close off that breaking-in point.

Google is one of the top three spoofed companies in phishing attempts, according to Ironscales, which specializes in anti-email phishing. The company looked at more than 8,500 phishing attacks over the last year, and found that for every five malware-infested emails that spam filters pick up, there are about 20 spear phishing attacks that sneak past.

Thanks to the millions of spam emails that get sent through Gmail, Google has been able to build artificial intelligence that quickly recognizes malware and ransomware messages and blocks them automatically. Think of it like how your immune system gets stronger with germs that it’s seen before and recognizes.

Gmail will also be adding in warnings for companies when staffers are about to send emails to people outside the company. The feature hopes to prevent accidentally CC’ing strangers on work-sensitive emails. Gmail’s warnings also use machine learning and understand who you frequently email, so the alerts won’t pop up before every message.

This last feature is only available for Gmail’s enterprise customers. Administrators will have the option to turn off this warning, as well as the early phishing detection, but a Google spokeswoman said that would be “highly discouraged.”

The post Gmail Uses Machine Learning To Prevent Phishing appeared first on MITechNews.

ROYAL OAK – What was the WannaCry ransomware attack all about? What impact did it have? Red Level’s Justin Coffey, its Microsoft Solutions Manager, explains all and how to defend against ransomeware attacks in this interview on M2 TechCast.

To listen, click on https://soundcloud.com/podcastdetroit/m2-techcast-episode-82-red-level-justin-coffey

The post WannaCry Ransomware Attack Explained By Red Level’s Coffey appeared first on MITechNews.

LANSING – David Behen, who has served as Director of the Department of Technology, Management and Budget, as well as the state’s Chief Information Officer for the past six years, will step down from his post on June 16 to pursue an opportunity with a global company headquartered in Michigan.

Current Chief Deputy Director Brom Stibitz will serve as the interim director until a permanent replacement is named.

“David has been a champion for the residents of Michigan and how they interact digitally with their government,” Gov. Rick Snyder said. “His passion for customer service and technology has changed the way government services are delivered to be more effective, efficient, and accountable. David has been a great leader, innovator and public servant for Michiganders and I wish him well in his new endeavor.”

Behen began at DTMB as state CIO in February 2011, a cabinet-level position, and added department director to his title in March 2014. During his tenure, Michigan has become a national leader in cybersecurity, earning numerous awards and recognitions. His passion for customer service has fundamentally changed the culture at DTMB and has led to breakthroughs in government efficiency.

“Public service is one of the most fulfilling things you can do in life and I’m grateful for the opportunity I’ve had to make a difference for this great state,” said Behen. “Through the great leadership of Governor Snyder, and working alongside my fellow public servants at DTMB and throughout state government, we were able to accomplish some amazing feats that have improved the lives of Michiganders. I know that more great things are in store and I’m proud of the role that I’ve been able play.”

DTMB provides financial, administrative and technology services and information to Michigan’s state agencies, residents, businesses, local governments and universities. With about 3,000 employees, DTMB is responsible for 41 managed facilities, 5.4 million square feet of leased space, 1,525 information technology applications, almost 55,000 desktop, laptop and tablet computers, as well as five retirement systems that serve one in nine Michigan households. DTMB also is responsible for state government’s procurement portfolio of about 900 contracts worth billions of dollars.

Behen, who became director of the state’s Department of Technology, Management and Budget (DTMB) in 2014 upon then-director John Nixon’s departure, has made a significant impact on Michigan IT since stepping on board.

When he took the CIO post, a decade of economic turmoil left the state with many ancient systems in need of upgrade, so his first few years were spent creating a new strategic technology plan and identifying nearly 20 projects in need of replacement and enhanced automation — needs that were matched to multiyear tech funding in the state budget.

Over the years, Behen has led efforts to move email into the cloud, embark upon data center modernization, overhaul procurement and deploy a new statewide ERP system.

The post Michigan CIO Behen To Take Private Sector Job After Departure On June 16 appeared first on MITechNews.

ROYAL OAK – The WannaCry ransomware attack in May targeted hundreds of thousands of computers primarily in Europe running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. Nick Lumsden, an Online Tech Vice President, explains what the attack was about and how his managed service provider dealt with it.

For more on Online Tech, click on http://www.onlinetech.com/

To listen to his analysis, click on https://soundcloud.com/podcastdetroit/m2-techcast-episode-83-ransomeware-nick-lumsden-online-tech

The post Online Tech’s Lumsden Explains Why The WannaCry Ransomware Attack Worked appeared first on MITechNews.

WASHINGTON DC – On Monday, the National Security Agency contractor was charged in a Georgia court with releasing classified material to a news outlet. The top-secret information was an NSA report from May 5, which was first released to The Intercept, detailing Russian hackers trying to compromise US officials less than two weeks before Election Day in November.

It was yet another twist on the trail of Russian meddling in US politics that stretches back well into last year, from the controversy over leaked emails from Hillary Clinton’s campaign to ongoing investigations into meetings involving President Trump’s advisers. Trump has disputed reports of Russian interference on his behalf.

The NSA leak came just three days ahead of former FBI director James Comey’s expected testimony before a Senate committee looking into the matter.

A trail of printing slipups led the FBI on Saturday to Winner’s home, where they arrested the former Air Force linguist. In the Department of Justice’s criminal complaint, prosecutors said they saw the leaked documents had been printed, given folds and creases on the page. But it’s what wasn’t seen that outed Winner as the alleged leaker.

The pages from the NSA’s printers came with invisible tracking dots. This is a common feature in modern printers for forensics investigations, according to the Electronic Frontier Foundation. They’re nearly invisible to the naked eye, but if you invert the colors, like Rob Graham from Errata Security did, they’re a lot more obvious. Take a look by following this link: https://www.cnet.com/news/reality-winner-nsa-leak-russian-hacking-printer-tracking-dots/?ftag=CAD2e9d5b9&bhid=20102274281679224800074149012732

The post NSA’s Alleged Leaker Got Tripped Up By A Secret Printer Feature appeared first on MITechNews.

ROYAL OAK – Cybersecurity expert Dan Lohrmann discusses physical attacks, including Manchester, England, where 22 people were killed by a terror attack. From the good to the bad to the ugly, stories poured in regarding developments.

To read Lohrmann’s column on this subject, click on https://mitechnews.com/guest-columns/manchester-bombing-good-bad-ugly-online/

To listen to Lohrmann’s analysis, click on https://soundcloud.com/podcastdetroit/m2-techcast-episode-84-dan-lohrmann

The post The Good, The Bad, The Ugly – Internet Coverage Of Terror Attacks appeared first on MITechNews.

TEL AVIV, Israel – Cyber Week 2017, one of the most important annual cyber events in the world, will be held at Tel Aviv International University June 25-29 and MITechNews.Com Editor and Publisher Mike Brennan will be there to provide complete coverage in text, audio and video.

The conference will include speakers and delegations from both Israel and abroad who will share their insights on the most recent developments in cybersecurity and discuss key dilemmas and opportunities arising from the evolving technologies.

“What an honor it is for me to be a guest of the Israeli government to provide my readers, listeners and viewers with stories from this important cyber security event,” Brennan said. “Israel, known as the start-up nation, is now becoming a cyber-nation, one which combines high-end technology, innovation and talented innovators. And MITechNews.Com will tell its story during Cyber Week.”

The last conference enjoyed the presence of more than 5,000 attendees from 48 countries. Delegates included: decision makers, diplomats, academics, respected members of the defense industry and intelligence units, Israeli and international students, hi-tech entrepreneurs, leading experts from the cyber industry, cyber professionals, corporate C-suite executives and senior decision makers representing policy circles, private sector and defense in Israel and abroad.  

Brennan will provide complete coverage on MITechNews.Com, plus a wrap up in next week’s eNewsletter.

Brennan also will phone in from Israel to do a live interview on WJR 760 AM’s Internet Advisor June 24 at 5:05 PM eastern time. He will follow up on Monday June 25 with another live interview on M2 TechCast with co-host Matt Roush. That interview will air at 3 pm Eastern on the PodcastDetroit Network. 

To learn more about Cyber Week 2017, click on https://icrc.tau.ac.il/ICRC/events/CyberWeek2017_1954

The post MITechNews.Com To Provide Complete Coverage Of Cyber Week 2017 In Israel appeared first on MITechNews.

ANN ARBOR TOWNSHIP – Washtenaw Community College this fall will offer an associate degree in cybersecurity in coordination with Eastern Michigan University. Upon completion, graduates can transfer to EMU’s Information Assurance & Cyber Defense bachelor’s degree program.

Students will learn network security skills while working in Linux operating systems, Cisco infrastructure and perimeter devices and Microsoft operating systems, according to WCC.

The new program was approved by the WCC Board of Trustees at its May 2017 meeting and by the Higher Learning Commission last week.

The new WCC program requires the completion of 63-64 credit hours, with a number of courses available as online classes.

The post Washtenaw Community College Offers Cyber Degree In Partnership With Eastern Michigan University appeared first on MITechNews.