DEARBORN – Michigan Cyber Patriot is a decade-long program founded by cybersecurity professional Tamara Shoemaker that teaches grade-school students the basics of how to stay safe on the Internet. Another element of the program does the same for senior citizens.

Part of MICyberPatriot is a competition among participants along the lines of capture the flag. This year Michigan is sending one of its team to the national finals in Maryland. Tamara will be joining her charges there.

She and her husband, Dan, also have published a manual to help grade-school teachers explain cybersecurity to students. It too is selling well on Amazon. What she needs are more sales of her manual so that she can share more of them with teachers.

She also needs donations to fund these competitions and for a summer cybersecurity camp.

Check out the program at www.micyberpatriot.com.

Email her at TamaraShoe@Gmail.com.

Watch this video interview for all the details.

The post Michigan Cyberpatriot Sends Team To National Finals, Seeks Donations appeared first on MITechNews.

WASHINGTON DC – A federal agency in charge of cybersecurity discovered it was hacked last month and was forced to take two key computer systems offline, an agency spokesperson and US officials familiar with the incident told CNN.

One of the US Cybersecurity and Infrastructure Security Agency’s affected systems runs a program that allows federal, state and local officials to share cyber and physical security assessment tools, according to the US officials briefed on the matter. The other holds information on security assessment of chemical facilities, the sources said.

A CISA spokesperson said in a statement that “there is no operational impact at this time” from the incident and that the agency continues to “upgrade and modernize our systems.”

“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the spokesperson said, adding that the impact from the hack “was limited to two systems, which we immediately took offline.”

The two systems run on older technology that was already set to be replaced, sources told CNN.

Part of the Department of Homeland Security, CISA investigates cyber intrusions at federal agencies and advises private critical infrastructure firms on how to bolster their security.

The Record first reported on the hack.

It was not immediately clear who was behind the hack, but it occurred through vulnerabilities in popular virtual private networking software made by Utah-based IT firm Ivanti. For several weeks, CISA has urged federal agencies and private firms to update their software or take other defensive measures in response to widespread exploitation of Ivanti vulnerabilities by hackers.

Among the hackers exploiting the flaws are a Chinese group focused on espionage, private researchers have previously told CNN.

While there is some irony in it, even cybersecurity agencies or officials can be victims of hacking. After all, they rely on the same technology that others do. The US’ top cybersecurity diplomat Nate Fick said last year that his personal account on social media platform X was hacked, calling it part of the “perils of the job.”

To read more, click on CNN

The post US Federal Cybersecurity Agency Hacked – China Suspected appeared first on MITechNews.

SOUTHFIELD – Chahak Mittal is the featured speaker March 21 at the ISSA Motor City Chapter Meeting. Her topic is Unveiling The Power of Compliance.

She is a Certified Information Systems Security Professional (CISSP) and Cybersecurity Governance, Risk and Compliance Manager at Universal Logistics. Chahak is deeply committed to knowledge sharing and community engagement. She has actively contributed to the cybersecurity ecosystem through her roles as a Judge at Globee Awards, Major League Hacking (MLH) Hackathons and a dedicated Cybersecurity Teacher in the Microsoft TEALS Program.

Chahak’s active involvement in organizations such as the Cybersecurity Collaboration Forum and SecureWorld’s Detroit Advisory Council has been instrumental in her pursuit of staying at the forefront of industry trends and challenges. She has also channeled her insights into thought-provoking cybersecurity articles, published on SecureWorld.io, making a meaningful contribution to the field’s intellectual discourse. Chahak’s commitment to diversity and inclusion in cybersecurity is unwavering.

She has actively participated in organizations like Women in Cybersecurity (WiCyS) and the Michigan Council of Women in Technology (MCWT), where she has championed the cause of gender diversity within the field. Her outreach efforts extend to interviews on prominent media platforms like PBS Channel and the Women in Technology podcast, where she has shared her insights

The post ISSA Motor City Chapter Meeting Unveiling The Power Of Compliance appeared first on MITechNews.

NEW YORK – Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.Ph

As part of this attack, security researchers Talal Haj Bakry and Tommy Mysk register a new ‘Phone key’ that could be used to access the Tesla.

The researchers reported their findings to Tesla saying that linking a car to a new phone lacks proper authentication security. However, the car maker determined the report to be out of scope.

While the researchers performed this phishing attack using a Flipper Zero, it could easily be done with other devices, such as a computer, a Raspberry Pi, or Android phones.

An attacker at a Tesla supercharger station could deploy a WiFi network called “Tesla Guest,” an SSID that is commonly found at Tesla service centers and car owners are familiar with it.

Mysk used a Flipper Zero to broadcast the WiFi network but notes that the same can be accomplished using a Raspberry Pi or other devices that come with WiFi hotspot capabilities.

Once the victim connects to the spoofed network, they are served a fake Tesla login page asking to log in using their Tesla account credentials. Whatever the victim enters on the phishing page, the attacker can see on the Flipper Zero in real time.

After entering the Tesla account credentials, the phishing page requests the one-time password for the account, to help the attacker bypass the two-factor authentication protection.

The attacker has to move before the OTP expires and log into the Tesla app using the stolen credentials. Once in the account, the threat actor can track the vehicle’s location in real time.

To read more, click on Bleeping Computers 

The post MiTM Phishing Attack Lets Attackers Unlock And Steal A Tesla appeared first on MITechNews.

NEW YORK – The global cybercrime cost has snowballed over the years, with companies and organizations worldwide losing head-spinning figures in cyber attacks.

According to data presented by Stocklytics.com, the annual cost of cybercrime will hit $9.2 trillion in 2024, one trillion more than last year. This figure is expected to jump by a further 70% and hit a shocking $13.8 trillion by 2028.

Cybercrime Cost to Grow by One Trillion Dollars Per Year

Despite the maximum efforts to prevent and minimize cybercrime damage, cyber-attacks, including ransomware attacks, data breaches, cyber espionage, phishing, and cyber espionage, are still the biggest threats in the business sector. According to the Allianz Risk Barometer survey, 40% of respondents called cybercrime their biggest potential threat in 2023, ahead of inflation, energy crises, and supply chain disruptions.

Their fear of cybercrime is quite understandable, considering the amount of money stolen in cyber attacks each year. But even more worrying is that the annual cost of cybercrime continues rising, with no signs of stopping any time soon.

According to a Statista Market Insights survey, between 2018 and 2020, the global cybercrime cost skyrocketed by 245%, rising from $860 billion to $2.95 trillion. This cost included stolen money, damage and destruction of data, lost productivity, theft of intellectual property, theft of personal or financial data, post-attack disruption to the ordinary course of business, restoration and deletion of hacked data and systems, and reputational harm.

With companies and organizations worldwide speeding up the digitalization of their business amid the pandemic, this figure almost doubled and hit $5.49 trillion in 2021. Since then, the annual cost of cybercrime has been rising by more than one trillion dollars. After jumping over $7 trillion in 2022, the annual cost of cyber attacks hit $8.15 trillion last year. Statista expects this figure to continue increasing by one trillion dollars per year, helping it to climb to shocking levels.

Statistics show cybercrime will inflict damages totaling $9.22 trillion this year, more than double the GDP of some of the world’s largest economies like Japan, Germany, India, and the United Kingdom. By 2028, this figure is forecasted to skyrocket to $13.82 trillion, or 16 times more than the total cybercrime cost in 2018.

Companies to Spend Over $1.1 Trillion on Cybersecurity in the Next Four Years

The surging cost of cyber attacks continues forcing companies to spend more and more money on cybersecurity measures. Last year, companies and organizations worldwide spent $166.2 billion on cyber solutions and security services. This figure is forecasted to grow by 10% and hit $183.1 billion this year.

Statista expects the annual spending on cybersecurity to continue rising by an average of $20 billion per year and hit $273.5 billion in 2028. The cumulative spending figures are even more shocking. Statistics show that companies and organizations worldwide will spend over $1.1 trillion on cyber solutions and security measures in the next four years.

The full story and statistics can be found here:  https://stocklytics.com/content/annual-cybercrime-cost-to-jump-by-70-and-hit-13-8-trillion-by-2028/

The post Annual Cybercrime Cost To Jump By 70 Percent To Top $13.8 Trillion By 2028 appeared first on MITechNews.

ANN ARBOR – Cybersecurity experts Dan Lohrmann and Richard Stiennon discuss the impact of the Feb. 21 ransomware attack on medical billing processor Change Healthcare forced the $13 billion company offline, and severed one of the few links connecting health care providers to insurance firms — and triggered a cash crunch at hospitals, health clinics and pharmacies nationwide.

Lohrmann and Stiennon also discuss whether voting machines can be hacked by bad players and what states and local communities can do to provide cybersecurity for the November elections.

Plus Stiennon is offering MITechNews readers and viewers a 25 percent discount on his Security Yearbook that lists all the cybersecurity companies in the world. Use the Code MITechNews and click on www.it-harvest.com/sales to order.

The post Change Healthcare Shut Down By Ransomware, Election Security Warnings appeared first on MITechNews.

SOUTHFIELD —Stefanini Group, a $1 billion global technology company specializing in digital solutions, has hired Orion Czarnecki as the head of cybersecurity for North America/Asia-Pacific (NA/APAC). The new addition to Stefanini’s leadership ensures continued growth and success in cybersecurity portfolio efforts.

“As we reinforce our existing cybersecurity practice across North America and Asia-Pacific, we know that Orion’s expertise will elevate our team,” said Spencer Gracias, Stefanini NA/APAC CEO. “His dedication to growing leaders and experience in developing world-class teams will help us deliver game-changing cyber services to our clients.”

As head of cybersecurity, Czarnecki will oversee NA/APAC cybersecurity leaders to plan, grow and strengthen cybersecurity services at all levels. He will also be responsible for ensuring a unified approach to enterprise cybersecurity, service, pre-sales development and the integration of a refined cybersecurity service portfolio.

Czarnecki joins Stefanini with a robust background in cybersecurity, including the development of cybersecurity operations centers, programs and teams with notable financial institutions, such as PNC Financial and BNY Mellon. Combining over a decade of experience in cyber service and fusion center integrations, he specializes in guiding teams through governance, risk management and compliance, as well as application and cloud security, IT service management and cyber threat prevention programs.

To learn more about Stefanini Group, please visit www.stefanini.com.

The post Stefanini Group Hires Head Of Security For North America And Asia Pacific appeared first on MITechNews.

WASHINGTON DC – The Biden administration is preparing to take the unusual step of issuing an order that would prevent US companies and citizens from using software made by a major Russian cybersecurity firm because of national security concerns, five US officials familiar with the matter told CNN.

The move, which is being finalized and could happen as soon as this month, would use relatively new Commerce Department authorities built on executive orders signed by Presidents Joe Biden and Donald Trump to prohibit Kaspersky Lab from providing certain products and services in the US, the sources said.

US government agencies are already banned from using Kaspersky Lab software but action to prevent private companies from using the software would be unprecedented. Nothing is final until it is announced, the sources cautioned, but the Commerce Department has made an “initial determination” to prohibit certain transactions between the Russian company and US persons, the sources said.

It’s the latest US government effort to use its vast regulatory powers to prevent Americans from using popular technology that US officials consider a national security risk. It comes as the Senate weighs a bill that would force Chinese-owned TikTok to find a new owner or face a US ban.

One goal of the order would be to mitigate any risk to critical US infrastructure, the sources familiar with the policy process told CNN. A draft of the initial determination to prohibit certain Kaspersky software that circulated last year applied to US persons but could have been amended, according to a source who viewed the draft.

The sources declined to detail the full scope of any final order against Kaspersky products, but its focus is expected to be on the firm’s anti-virus software.

A Kaspersky Lab spokesperson did not respond to questions about a potential prohibition or about how big the company’s market share is in the US.

A Commerce Department spokesperson declined to comment on any potential pending action related to Kaspersky products.

US officials have for years alleged that the Russian government could force Kaspersky Lab to hand over data or use its anti-virus software to attempt to carry out hacking or surveillance of Americans — accusations that Kaspersky Lab strenuously denies.

Under US law, Kaspersky Lab can appeal the “initial determination” to prohibit use of its products or strike a deal with the government that mitigates US security concerns before any final ruling from Commerce is announced.

Commerce Department officials have to carefully consider how practical any such regulation would be for the department to enforce and for users to comply with. It would make little sense, for example, to force a small business somewhere in America to uninstall Kaspersky software if it was disruptive and the business had no bearing on national security.

More than 400 million people and 240,000 companies worldwide use Kaspersky Lab’s software products, according to the company. Just how many of those people and companies are in the US is not clear. But US officials believe the risk posed by the software to US infrastructure is high enough to justify the pending order.

‘A new era’ in Commerce regulation

The Trump administration in 2017 forced US federal civilian agencies to purge Kaspersky Lab software products from their networks, and Congress later codified the ban and applied it to US military networks. But the expected move from the Biden administration would go a step further by using Commerce Department authorities to prevent private companies from using Kaspersky Lab software.

The Commerce authorities are relatively new and derived in part from a 2021 executive order that Biden signed in the name of protecting Americans’ personal data from “foreign adversaries” and a related order signed by Trump in 2019.

Both orders cite a “national emergency” related to security threats to America’s software supply chain and the ability of the Commerce secretary to review risky transactions under a 1977 law known as the International Emergency Economic Powers Act. Specifically, the secretary can prohibit, or mitigate the risk from, transactions involving information and communications technology supply chain, according to updated law based on the two executive orders.

The Wall Street Journal reported last year that Commerce was weighing using its authorities to restrict use of Kaspersky Lab software, but that no decision had been made to do so.

But after months of deliberating on how to effectively to use the Commerce Department’s regulatory powers against the use of Kaspersky Lab software, US officials are finally preparing to use the authorities, a US official familiar with the private discussions told CNN.

The pending action “signals a new era in which Commerce will be more willing to intervene in the name of protecting national security,” Henry Young, a former senior counsel at the Commerce Department, told CNN.

Companies “owned or controlled by a foreign adversary should take note” if the Commerce secretary shows “the willingness to prohibit transactions that create an unacceptable risk to US national security,” said Young, who is now senior director of policy at the Business Software Alliance, an industry lobby.

The Commerce Department aims to use its authorities in the most precise way that addresses national security concerns without having adverse impacts on American businesses or consumers, a Commerce official told CNN. The official discussed the department’s general approach to regulating technology transactions and not any specific potential action.

“We will do what addresses the national security risk and no more,” the Commerce official said. “If that involves saying: X, Y, Z critical infrastructure operators in high-risk sectors, you can’t use this software and that software provider can’t transact with you, then we’ll do that. And if it needs to be broader, we’ll do that.”

The post Biden Administration Seeks To Prevent Americans Using Russian-made Software Over National Security Concern appeared first on MITechNews.

SOUTHFIELD – ISSA Motor City Virtual Meeting is scheduled for April 18 at 6 pm and will feature Chris Raber, Strategic Accounts Manager for Cribl. His topic is Data Management for Cybersecurity.

Cribl will present on Managing Cyber Security and Observability data. How can organizations easily harness their data for insights and risk management, do so in an agile manner, while controlling costs?

Date: April 18, 2024

Time: 6:00PM to 8:00PM

Location: Register to receive the meeting invite for the virtual meeting.

Register at Event Brite 

The post ISSA Motor City Virtual Chapter Meeting April 18 – Data Management for Cybersecurity appeared first on MITechNews.

DEARBORN – The Michigan CyberPatriot Program needs companies and individuals interested in helping develop the next generation of cyber warriors to donate money in April so founder Tamara Shoemaker can fund summer cybersecurity camps for grade-school students.

To pull that off, MICyberPatriot needs $5000 in financial commitments. Tamara also needs $2500 to pay for trophies for the Cyberpatriot competitions. You can donate to both at MIcyberpatriot.com.

CyberPatriot provides in-person and online awareness presentations and training sessions across the state. Tamara’s hope is to have enough industry support to cover its expenses and ensure that every school in Michigan can participate in CyberPatriot.

You can email her at Tamarashoe@gmail.com if you have questions or want to donate or participate.

The post Michigan Cyberpatriot Program Seeks Donors To Fund Summer Camps appeared first on MITechNews.