Monthly Archives: July 2022

Cyber Educators: The UPDATED Cyber Citizenship Education Portal is Now Live!

Attention all K12 educators: The NEW AND UPDATED Cyber Citizenship Initiative site is now LIVE! The new site has over 1,000 resources for teaching K-12 students about misinformation and disinformation, as well as online communities for educators to join, collaborate, and curate content.

Available Resources:

  • Courses, lesson plans, and reading.
  • Assignments and case studies for independent work.
  • Games and interactive activities for engaged learning.
  • A curated catalog of trusted partners and resources to support media literacy, cybersecurity awareness, and digital civics education.
  • Groups to collaborate with peers within your school, library, or university. Create, evaluate, and share resources in a private or open environment.
  • And more!
Visit the Resources Portal
About the Cyber Citizenship Initiative

The Cyber Citizenship Initiative began as a platform to help resolve challenges with misinformation and online polarization occurring at the intersection of media literacy, digital civics and citizenship, and cybersecurity, with a special focus on aiding K-12 teachers. The ultimate goal of the project is to support educators seeking to build students’ resilience against the new challenges and threats of the digital world through an online portal consisting of a (1) repository of vetted resources from across the internet, (2) space to build an active virtual community of educators and resource reviewers, (3) and provide a series of live and pre-recorded online trainings.

Project partners for the initiative include Cyber Florida, the Florida Center for Instructional Technology (FCIT), National Association for Media Literacy Education (NAMLE) and New America. Check out the new site at www.cybercitizenshipeducation.org

Want to get involved? Educators can create and upload learning modules, lessons, assignments, assessments, or activities to share with other educators within the portal. To learn more, visit: https://cybercitizenshipeducation.org/authoring-overview

2023-04-05T17:28:14-04:00July 20, 2022|
Read More

Cyber Florida Staff Director Dr. Ron Sanders Retires

July 18, 2022—TAMPA, FL: After helping to oversee a period of rapid change and dramatic growth at the Florida Center for Cybersecurity (also known as Cyber Florida), Staff Director Ron Sanders, DPA, has announced his retirement. Dr. Sanders first served as a member of the Board of Advisors upon the center’s founding in 2013. In 2020, he was brought on as staff director under former Executive Director Mike McConnell, VADM, USN, Ret., who has also recently retired. During his tenure as staff director, Dr. Sanders championed several new initiatives that garnered national recognition for the center and helped secure significant new funding for a series of efforts to improve the state’s overall cybersecurity posture.

“I am grateful to Dr. Sanders for his many notable contributions to this organization,” said the center’s new executive director, General (Retired) Frank McKenzie. He continued, “His leadership was instrumental in elevating Cyber Florida to national prominence, and together, he and VADM McConnell built an impressive legacy. I’m proud to carry on the remarkable momentum they created and wish Dr. Sanders well in retirement.”

Dr. Sanders’ career includes nearly three decades of decorated civil service. Among his many accomplishments, he helped lead the historic post-Cold War transformation of the U.S. Defense Department and the post-9/11 stand-up of the Department of Homeland Security and the Office of National Intelligence. He managed the recruiting, development, and deployment of thousands of new intelligence officers to fight the Global War on Terror and the restructuring of the IRS. He helped establish the United Arab Emirates’ cybersecurity and space agencies and China’s National School of Administration. He was also a presidential appointee, serving as chair of the U.S. Federal Salary Council from 2017 to 2020.

Dr. Sanders is the recipient of three Presidential Rank Awards (from DOD, IRS, and the U.S. Office of Personnel Management), two Teddy Roosevelt Distinguished Public Service Awards, and the National Intelligence Distinguished Service Medal. He is the author of four books and has served on the faculty of several distinguished institutions, including George Washington University, The Brookings Institution, and the University of South Florida.

During his tenure with Cyber Florida, he led the transformation of the University of South Florida’s online M.S. in Cybersecurity into four independent cyber-focused master’s degree programs to better align with employer needs. He advocated for the launch of the center’s highly successful Operation K12 program, and his passion for public service led him to create the Cyber Citizenship Education initiative, designed to teach K-12 students to navigate online misinformation and disinformation, among other accomplishments.

ABOUT CYBER FLORIDA

The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the Florida Legislature in 2014 to help position Florida as a national leader in cybersecurity through education, research, and outreach. Hosted by the University of South Florida, Cyber Florida leads a spectrum of initiatives to inspire and educate future and current professionals, support industry-advancing research, and help people and organizations better understand cyber threats and what they can do to stay safer in cyberspace.

###

2022-07-18T09:43:13-04:00July 18, 2022|
Read More

Google Patches Exploited Chrome Bug

I. Targeted Entities

• Google Chrome

II. Introduction

On July 4, Google quietly released a stable channel update for Google Chrome to patch an actively exploited zero-day vulnerability. This is the fourth flaw Google has released for Google Chrome this year.

III. Background Information

Chrome 103 (103.0.5060.71 for Android and 103.0.5060.114 for Windows and Mac) fixes a heap buffer overflow flaw in WebRTC. WebRTC is the engine that gives the browser its real-time communications capability.[1] The vulnerability, given the moniker CVE-2022-2294 and reported by Jan Vojtesek from the Avast Threat Intelligence team, is described as a buffer overflow, “where the buffer that can be overwritten is allocated in the heap portion of memory.”[1]

Google did not reveal any specific details about the vulnerability, but they did recommend that users upgrade their Google Chrome browsers. Because there are so few known details about the flaw, users’ most feasible protection is to upgrade their browser. Fortunately, Google Chrome updates are pushed without user intervention so most users will be protected once an update is available.[1]

Buffer overflows can lead to crashes and other attacks that make the affected program unavailable, like putting the program into an infinite loop. Attackers can take advantage of the attack by using the crash to execute arbitrary code usually outside of the scope of the program’s security policy.[1]

Along with fixing the zero-day buffer overflow flaw, the fix also patches a confusion flaw in the V8 JavaScript engine (CVE-2022-2295), which was reported on June 16th by researchers at S.S.L.[1] This is the third flaw of this nature found in the open-source engine used by Google Chrome and Chromium-based web browsers that has been patched this year. In March, a different type-confusion issue in the V8 JavaScript engine (CVE-2022-1096) required a hasty patch from Google. And in April, Google patched another type-confusion flaw (CVE-2022-1364) which affected Google Chrome’s use of V8, which attackers had already pounced on.[1]

Another flaw patched the July 4 Google Chrome update is a use-after-free flaw in Chrome OS Shell, which was reported by Khalil Zhani on May 19th and was given the moniker CVE-2022-2296, according to Google. Prior to patching the Chrome V8 JavaScript engine flaws in March and April, Google, in February, patched a zero-day use-after-free flaw in Chrome’s Animation component (CVE-2022-0609) that was under attack.[1]

IV. MITRE ATT&CK

Because the specific details of this flaw have not been announced, there are currently no MITRE ATT&CKs associated with this flaw.

V. Recommendations

  • Phishing Awareness Training
    Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should also be educated about new types of attacks and schemes to mitigate risk. Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
  • Set Antivirus Programs to Conduct Regular Scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures.
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified. Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a
  • Turn on Endpoint Protection
    Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using.
  • Malware Monitoring
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.

VI. Indicators of Compromise (IOCs)

Because the specific details of this flaw have not been announced, there are currently no IOCs associated with this flaw.

VII. References

(1) Montalbano, Elizabeth. “Google Patches Actively Exploited Chrome Bug.” Threatpost English Global, July 5, 2022. https://threatpost.com/actively-exploited-chrome-bug/180118/.

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Dorian Pope, Sreten Dedic, EJ Bulut, Tural Hagverdiyev, Uday Bilakhiya.

2022-07-14T10:00:23-04:00July 14, 2022|
Read More

Cyber Florida Says Goodbye to Executive Director, Welcomes New Leadership

After a highly distinguished career in public service spanning more than five decades, the Honorable J. Michael “Mike” McConnell, VADM, USN, Ret., has retired as executive director of the Florida Center for Cybersecurity at the University of South Florida (USF), also known as “Cyber Florida” as of June 30, 2022. General Frank McKenzie, USMC, Ret., has been appointed by USF President Rhea Law to be Cyber Florida’s new executive director. General McKenzie will also be leading USF’s new Global and National Security Institute [link to USF news article].

McConnell first served as chair of the board of advisors upon the center’s launch in 2013. He assumed the role of executive director in February 2020 at the behest of then-USF President Steven C. Currall. During his two-and-a-half-year tenure, McConnell elevated Cyber Florida from a regional center to a truly statewide entity, helping to guide policy at the state level and expanding the center’s reach beyond the State University System of Florida to include the Florida College System and the state’s public school districts, the state’s defense extensive defense industry, and several federal agencies. Under his guidance, the center also forged strong relationships with Florida’s military community, robust defense industry, and several federal agencies, including helping to bring in several million dollars in grants from the National Security Agency.

“We sincerely thank Vice Admiral McConnell for his decorated career of service to our country and his many important contributions to the success of Cyber Florida.  We wish him the best in a well-deserved retirement,” USF President Rhea Law said. “With the foundation Vice Admiral McConnell helped establish, I look forward to seeing Cyber Florida continue to strengthen the cybersecurity industry across our state and the nation in the future.”

General Frank McKenzie, who recently retired from the U.S. Marine Corps as commander of U.S. Central Command, has taken over as Cyber Florida’s new executive director as well as leading USF’s new Global and National Security Institute.

“Vice Admiral McConnell has set Cyber Florida on a solid trajectory to position Florida as a national industry leader and model state for cybersecurity, and I intend to carry on that mission leveraging the strong momentum he and his team have created,” said McKenzie.

2023-04-05T17:28:31-04:00July 11, 2022|
Read More

United States Cyber Command TECH TALK #2

Join Subject Matter Experts Dr. Natalie M. Scala and Colonel Paul L. Goethals on Thursday, July 14 for the Tech Talk Forum on Analyzing Security Threats to Mail-Based Systems for Electoral Processes”.

Welcome and Opening Remarks:

  • COL Scott Nelson, USCYBERCOM Director of Academic Engagement
  • LTC Travis Trammell III, NSA Election Security Group
  • Dr. Travis Derico, USCYBERCOM J2 Elections Defense Lead
2022-08-19T09:04:36-04:00July 6, 2022|
Read More

Tashya Denose (aka the Cyber Whisperer) – Senior Manager of Cybersecurity Analysis at Capital One and a builder of the most rad relationships in cyber

Tashya Denose (aka the Cyber Whisperer) - Senior Manager of Cybersecurity Analysis at Capital One and a builder of the most rad relationships in cyber

Tashya Denose is a Senior Manager of Cybersecurity Analysis at Capital One and the Director of Brand & Marketing at Black Girls in Cyber. In this episode, Tashya joins the No Password Required team to discuss her passion for making everyone feel welcome in the cybersecurity world, the state of the cybersecurity pipeline and what needs to be done, and a LOT of other rad stuff (including her feelings about the word “rad” making a comeback!) Ernie, Jack, and Pablo discuss the rogue freelancers that were taking advantage of remote work opportunities to hide their true identities and earn money for North Korea. Pablo presents the new Technologue game show where the team attempts to answer questions about the first-ever computer worm.

2022-07-06T05:14:36-04:00July 6, 2022|
Read More

Hosted by the University of South Florida
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620
outreach@cyberflorida.org
813-974-2604

Office meetings by appointment only

CONTACT US

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.