Monthly Archives: April 2023

The Women of Talos

The Women of Talos

Cisco Talos is one of the world’s most trusted threat intelligence organizations. Their team works to defend Cisco customers against known and emerging threats, identify new vulnerabilities in software, and interdict threats in the wild before they can wreak havoc against the internet. This month on Do We Belong Here, Pam and Tashya speak with Talos’ Amy Henderson, Director of Strategic Planning and Communications; Sammi Seaman, the Lead of Employee Experience; Alexis Childers, Security Engineer; and Kaitlin Acharya, the Strategic Operations Lead of Threat Intelligence and Interdiction. The group discusses work culture and what institutes an open and safe environment, the value of connecting the technical and non-technical sides of cybersecurity, and how remaining tenacious can be one of the most useful skills as a woman in cyber. Warning: this episode features a lot of laughter, mutual respect, and woman power!

2023-04-25T17:27:22-04:00April 25, 2023|
Read More

Putts and PD: Professional Development to Get You On The Ball

Cyber Florida’s Operation K12 and AFCEA’s Central Florida Chapter invites new and veteran cybersecurity teachers, principals, and career and technical education coordinators to the 3rd Annual Putts and PD Event!

Day 1 will be virtual and will include guest speakers, curriculum resources, and valuable classroom tools. Day 2 will be held at Top Golf in Tampa and will include a live demo of the Florida Cyber Hub, 2 hours of golf, food, and drink, most importantly, networking with some of the best teachers in the business from across the state!

Teachers must attend Day 1 to be eligible for Day 2. All others may attend one or both days.

All attendees must register for each day of the event separately.

Day 1: July 27 9:00 am- 3:00 pm ET

Day 2: July 28 10:00 am- 2:00 pm ET

Register Now
2023-08-18T13:29:10-04:00April 19, 2023|
Read More

Critical Vulnerabilities in Microsoft and Fortinet Products

I. Targeted Entities

  • Windows and Fortinet systems

II. Introduction

Several critical vulnerabilities were discovered in both Microsoft and Fortinet products, where remote code execution and arbitrary code execution can be leveraged, respectively.

For both companies, these vulnerabilities can allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. User accounts configured with fewer user rights could be less impacted when compared to user accounts operating with administrative rights.

III. Background Information

Microsoft has revealed that their security update for the month of April consisted of an update to fix a total of 97 flaws; one being an actively exploited zero-day vulnerability. Microsoft reported seven vulnerabilities to be labeled as “critical,” the most serious classification that can be used. The types of vulnerabilities that were provided in Microsoft’s advisory are the following: elevation of privilege, security feature bypass, remote code execution, information disclosure, denial of service, and spoofing (Abrams, 2023).

As for the zero-day vulnerability, known as CVE-2023-28252, it is a Windows common log file system driver elevation privilege vulnerability; this allows for the user privilege to be escalated to SYSTEM, which is the highest privilige in Windows. Microsoft also reported that this vulnerability was seen in the wild before the security updates patched the vulnerability (MS-ISAC, 2023).

Moreover, a cybersecurity solutions provider, Fortinet, has announced their release of patch for several high-security flaws in products such as FortiOS, FortiProxy, FortiSandbox, FortiWeb, FortiClient, and FortiManager. These issues could allow for cross-site scripting attacks, unauthorized API calls, command execution, arbitrary code execution, privilege escalation, and man-in-the-middle attacks. Fortinet also reported a critical missing authentication vulnerability, tracked as CVE-2022-41331 with a CVSS score of 9.3, in the infrastructure server for FortiPresence. This could be exploited by a remote and unauthenticated attacker through crafted authentication requests to access Redis and MongoDB instances; (Arghire, 2023).

Affected Microsoft Systems:

  • NET Core
  • Azure Machine Learning
  • Azure Service Connector
  • Microsoft Bluetooth Driver
  • Microsoft Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Dynamics 365 Customer Voice
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Message Queuing
  • Microsoft Office
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows DNS
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Boot Manager
  • Windows Clip Service
  • Windows CNG Key Isolation Service
  • Windows Common Log File System Driver
  • Windows DHCP Server
  • Windows Enroll Engine
  • Windows Error Reporting
  • Windows Group Policy
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kerberos
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows Lock Screen
  • Windows Netlogon
  • Windows Network Address Translation (NAT)
  • Windows Network File System
  • Windows Network Load Balancing
  • Windows NTLM
  • Windows PGM
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Point-to-Point Tunneling Protocol
  • Windows Raw Image Extension
  • Windows RDP Client
  • Windows Registry
  • Windows RPC API
  • Windows Secure Boot
  • Windows Secure Channel
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Transport Security Layer (TLS)
  • Windows Win32K

Affected Fortinet Systems:

  • FortiDDoS-F versions prior to 6.4.1
  • FortiDDoS versions prior to 5.7.0
  • FortiADC versions prior to 7.2.0
  • FortiAnalyzer versions prior to 7.2.2
  • FortiManager versions prior to 7.2.2
  • FortiAuthenticator versions prior to 6.5.0
  • FortiClientMac versions prior to 7.2.0
  • FortiClientWindows versions prior to 7.2.0
  • FortiOS versions prior to 7.2.4
  • FortiNAC-F versions prior to 7.2.0
  • FortiNAC versions prior to 9.4.2
  • FortiProxy versions prior to 7.2.3
  • FortiPresence versions prior to 2.0.0
  • FortiSOAR versions prior to 8.0.0
  • FortiSandbox versions prior to 4.2.3
  • FortiDeceptor versions prior to 4.2.0
  • FortiWeb versions prior to 7.2.0
  • FortiSIEM versions prior to 6.5.0

VI. CVEs (Common Vulnerabilities and Exposures)

  • CVE-2023-28252 – Windows Common Log File System Driver Elevation of Privilege Vulnerability – Elevates privileges to SYSTEM, the highest user privilege level in Windows
  • CVE-2022-40679 – FortiADC / FortiDDoS / FortiDDoS-F – Command injection in log & report module: An improper neutralization of special elements used in an OS command vulnerability in FortiADC, FortiDDoS and FortiDDoS-F may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
  • CVE-2022-41330 – FortiOS / FortiProxy – Cross Site Scripting vulnerabilities in administrative interface: Multiple improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerabilities in FortiOS & FortiProxy administrative interface may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests.
  • CVE-2022-43952 – FortiADC – Cross-Site Scripting in Fabric Connectors: An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability in FortiADC may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.
  • CVE-2022-43955 – FortiNAC – FortiWeb – XSS vulnerability in HTML generated attack report files: An improper neutralization of input during web page generation in the FortiWeb web interface may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.
  • CVE-2022-30850 – FortiAuthenticator – Reflected XSS in the password reset page: An improper neutralization of script-related HTML tags in a web page vulnerability in FortiAuthenticator may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the “reset-password” page.
  • CVE-2023-27995 – FortiSOAR – Server-side Template Injection in playbook execution: An improper neutralization of special elements used in a template engine vulnerability in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.

V. Recommendations

Microsoft Systems:

Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing. (M1051: Update Software)

  • Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
  • Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
  • Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
  • Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
  • Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
  • Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources. (M1017: User Training)
  • Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
  • Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.
  • Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040 : Behavior Prevention on Endpoint)
  • Safeguard 13.2 : Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
  • Safeguard 13.7 : Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.

Fortinet Systems:

Apply appropriate updates provided by FortiNet to vulnerable systems immediately after appropriate testing. (M1051: Update Software)

  • Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
  • Safeguard 7.2: Establish and Maintain a Remediation Process: Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.
  • Safeguard 7.3: Perform Automated Operating System Patch Management: Perform operating system updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
  • Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
  • Safeguard 7.6: Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets: Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.
  • Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
  • Safeguard 12.1: Ensure Network Infrastructure is Up-to-Date: Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
  • Safeguard 18.1: Establish and Maintain a Penetration Testing Program: Establish and maintain a penetration testing program appropriate to the size, complexity, and maturity of the enterprise. Penetration testing program characteristics include scope, such as network, web application, Application Programming Interface (API), hosted services, and physical premise controls; frequency; limitations, such as acceptable hours, and excluded attack types; point of contact information; remediation, such as how findings will be routed internally; and retrospective requirements.
  • Safeguard 18.2: Perform Periodic External Penetration Tests: Perform periodic external penetration tests based on program requirements, no less than annually. External penetration testing must include enterprise and environmental reconnaissance to detect exploitable information. Penetration testing requires specialized skills and experience and must be conducted through a qualified party. The testing may be clear box or opaque box.
  • Safeguard 18.3: Remediate Penetration Test Findings: Remediate penetration test findings based on the enterprise’s policy for remediation scope and prioritization.
  • Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them. (M1016: Vulnerability Scanning)
    • Safeguard 16.13: Conduct Application Penetration Testing: Conduct application penetration testing. For critical applications, authenticated penetration testing is better suited to finding business logic vulnerabilities than code scanning and automated security testing.Penetration testing relies on the skill of the tester to manually manipulate an application as an authenticated and unauthenticated user.
  • Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
    • Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
    • Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
    • Safeguard 5.5: Establish and Maintain an Inventory of Service Accounts: Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.
    • Safeguard 6.8: Define and Maintain Role-Based Access Control: Define and maintain role-based access control, through determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties. Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule at a minimum annually, or more frequently.
  • Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems. (M1030: Network Segmentation)
    • Safeguard 12.2: Establish and Maintain a Secure Network Architecture: Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
  • Restrict execution of code to a virtual environment on or in transit to an endpoint system. (M1048: Application Isolation and Sandboxing)
    • Safeguard 16.8: Separate Production and Non-Production Systems: Maintain separate environments for production and non-production systems.
  • Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
    • Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
  • Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
    • Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.
    • Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
    • Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. (M1017: User Training)
    • Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
    • Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.

VII. References

Arghire, I. (2023, April 12). Fortinet Patches Critical Vulnerability in Data Analytics Solution. SecurityWeek. Retrieved April 12, 2023, from https://www.securityweek.com/fortinet-patches-critical-vulnerability-in-data-analytics-solution/

Abrams, L. (2023, April 11). Microsoft April 2023 Patch Tuesday Fixes 1 Zero-day, 97 Flaws. BleepingComputer. Retrieved April 12, 2023, from https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2023-patch-tuesday-fixes-1-zero-day-97-flaws/

MS-ISAC. (2023, April 11). MS-ISAC CYBERSECURITY ADVISORY – Critical Patches Issued for Microsoft Products April 11, 2023 – PATCH NOW – TLP: CLEAR

MS-ISAC. (2023, April 12). MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution – PATCH NOW – TLP: CLEAR

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Sreten Dedic

2023-04-19T11:03:30-04:00April 13, 2023|
Read More

Four States Passed Nearly Half of All New Cyber Laws in 2022

As employers in the private and public sectors adjust to the advent of flexible work over the last two years, they’re simultaneously trying to protect their organizations from attackers looking to steal and sell data.

2021 was a year defined by significant cyberattacks that crippled infrastructure and shut down hospitalsschools, and municipal governments. It’s the same year the Colonial Pipeline, which supplies gasoline to millions living in the Northeast U.S., was hobbled by a ransomware attack that triggered a gas panic and elevated prices for consumers.

And lawmakers were paying attention—passing dozens of laws in 2022 aimed at training workers, securing government agencies, and funneling money into cybersecurity education programs.

Drata analyzed legislation across all 50 states tracked by the National Conference of Legislatures to identify the states where the most cybersecurity regulations were enacted in 2022. At least 25 states enacted 43 laws that address cybersecurity concerns, out of more than 250 bills proposed and considered by legislatures, including in U.S. territories.

The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, describes cybersecurity as the “art” of defending computers, electronic devices, and networks against malicious attacks seeking to compromise their function or data.

Companies and government organizations employ cybersecurity methods to keep people who aren’t authorized to see certain information out of those digital spaces and to secure private information or company trade secrets from prying eyes, including criminals.

The average cost of a data breach at a U.S. company in 2022 was $9.4 million, according to IBM’s annual report on cybersecurity threats. Ransomware is one of the most common forms of attack. In a ransomware attack, the offender gains access to a network, takes private information that can often be sensitive, and locks it up with a code only the attacker knows—demanding a ransom be paid to regain access. But access isn’t always granted after a ransom is paid.

Maryland and Florida passed the most new legislation of all states

Maryland’s newest cybersecurity-oriented laws expand on training programs and dedicate public money to protecting digital and information technology infrastructure throughout its state and local governments, including setting standards for its 911 emergency telephone system. It also places new requirements on health care and insurance providers.

In Florida, newly enacted laws will require municipalities to adopt cybersecurity standards, report incidents of ransomware, assess steep fines against perpetrators of attacks, and prevent government agencies from paying ransomware demands.

About half of the states in the U.S. did not enact any cybersecurity-related legislation in 2022. Some of those states may convene to make laws less frequently, like Texas, which has a state legislature that gathers every other year. Other states, including Oregon, proposed new laws but did not pass any of them through their legislatures.

Kentucky

– Enacted: 3
– Failed: None
– Vetoed: None

The Kentucky legislature passed three laws in 2022, one of which was a mostly ceremonial resolution urging Congress to take action to mitigate cyberattacks and specifically ransomware. The other two create cybersecurity regulations that apply to insurance firms and investment advisors.

Licensed insurers based in Kentucky will have to implement and report cybersecurity and data privacy standards annually to the state. It also requires organizations to report cybersecurity events to the state no less than three days from when they’re discovered. It carries a penalty of up to $10,000 per violation. The new law does not apply to any companies already in compliance with federal data privacy and breach laws like the Gramm-Leach-Bliley Act of 1999 or rules issued by the U.S. Department of Health and Human Services.

The other law simply requires all registered investment advisors to create and implement cybersecurity policies that “ensure the confidentiality, integrity, and availability of physical and electronic records and information.”

Virginia

– Enacted: 3
– Failed: 2
– Vetoed: None

In Virginia, lawmakers passed laws requiring public sector agencies to report all cybersecurity incidents to its Virginia Fusion Intelligence Center, and allocating funding to help employers in the state attract and retain cybersecurity professionals. The state is sending tens of millions to help recruit faculty at Virginia Tech.

Florida

– Enacted: 4
– Failed: 10
– Vetoed: None

Florida passed four laws related to cybersecurity in 2022, including a budget bill that allocates $20.5 million to higher education and workforce development in the industry. About half of that money was earmarked for the Florida Center for Cybersecurity at the University of South Florida while the other half will go to building a “Cyber Attack and Simulation Range” for “highly technical” training. The state is also dedicating $50 million to implement a 2021 task force’s recommendation for better cybersecurity protections for the state’s businesses and government agencies.

It also passed a law that exempted some aspects of cybersecurity attacks and data breaches from public records law, where the information would help criminals learn about “detection, investigation, or response practices.” It does not stop government agencies from reporting the number of incidents and general information about each.

A new Florida statute will also create a penalty for the perpetrators of attacks against government entities equal to twice the total of the ransom demanded.

Maryland

– Enacted: 8
– Failed: 17
– Vetoed: 2

The Modernize Maryland Act of 2022 included requirements for water and sewer systems to assess and report cybersecurity vulnerabilities to the government. It also created a commission and fund to support and implement state and local government cybersecurity investments before the end of 2030.

The state also passed a law setting cybersecurity standards for health care organizations, including most insurers and those that provide care to Medicaid patients. It requires organizations to issue thorough notifications about data breaches affecting more than 250 people in the state and carries a fine of up to $125,000 for each violation of the law.

Another bill revised and expanded the state’s Cybersecurity Public Service Scholarship Program for students interested in pursuing a cybersecurity career. Previously the program supported students who went on to work for state agencies. Now it includes those who go to work for schools and colleges as well as county and municipal governments.

Among the 17 measures that failed in Maryland was one that would have given small businesses a state tax break for spending on cybersecurity measures.

Source: https://stacker.com/government/4-states-passed-nearly-half-all-new-cybersecurity-laws-enacted-across-us-2022
2023-09-16T17:38:36-04:00April 6, 2023|
Read More

Cyber Florida to Host NCAE Cyber Games Finals

Cyber Florida at the University of South Florida is proud to host the national championship round of the NCAE Cyber Games on April 22 on the University of South Florida-Tampa campus.

Funded by a grant from the National Security Agency’s National Centers of Academic Excellence in Cybersecurity (NCAE-C) program, NCAE Cyber Games is dedicated to inspiring college students to enter the exciting (and sometimes profitable!) realm of cyber competitions. Cyber competitions are a valuable addition to any college student’s resume, but they can be intimidating for first-timers. NCAE Cyber Games is creating a new style of collegiate cybersecurity competition for college students who have never competed before, where they can learn about cyber competitions in an environment focused on teamwork, building confidence, and growing their skills.

Now in its second year, the program has grown from about 500 competitors from 50 colleges and universities to 700+ competitors from more than 80 colleges and universities out of approximately 350 NCAE-C institutions.

Cyber Florida will host roughly 12o competitors from 11 regional winning teams to face off in a day-long competition to determine the Year 2 National Champions! The University of South Florida eSports crew will broadcast live the second half of the day on https://www.twitch.tv/ncaecybergames.

Learn more
2023-04-25T08:35:04-04:00April 6, 2023|
Read More

Policy Paper: The National Cyber Strategy & Florida

2023-04-05T17:33:39-04:00April 5, 2023|
Read More

Cybersecurity Spring Symposium 2023

Join us for a symposium hosted by Palm Beach State College (PBSC) in partnership with the School District of Palm Beach County (SDPBC) to bring together academic researchers, student ethical hackers, industry practitioners and professionals to engage in information sharing to examine the latest cyber-defense techniques and emerging cybercrime threats. The symposium will serve as a foundation for making cybersecurity connections, information exchange, and problem-solving as students and industry professionals—work together to form alliances for a stronger and more prepared cybersecurity workforce to address the demands of a constantly evolving cyber threat landscape.

Learn more
2023-05-02T11:00:15-04:00April 5, 2023|
Read More

Bianca Lewis – the teenage CEO of Girls Who Hack and Secure Open Vote, who is as comfortable on a stage as she is on a keyboard

Bianca Lewis, also known by her hacker name BiaSciLab, is a next-generation teenage hacker and the CEO of Girls Who Hack. Bianca’s cybersecurity journey started at age 11 when she was part of a team who successfully compromised a simulated election-reporting system at DEF CON 26. She has since become a national conference speaker and advocate for recruiting girls into the cyber industry. In this episode of No Password Required, Bianca joins Jack Clabby and KnowBe4’s Kayley Melton to share her experiences as a teenage hacker, her advice for being a confident public speaker, and her other biggest passion in life: the theatre. Jack and Kayley discuss the joint investigation between German police, the FBI, and law enforcement in Ukraine and the Netherlands and how they took down the DoppelPaymer ransomware group.

You can connect with Bianca on Twitter here: @BiaSciLab

You can learn more about Girls Who Hack here: https://girlswhohack.com/

You can learn more about Secure Open Vote here: https://secureopenvote.com/

2023-04-04T11:17:24-04:00April 5, 2023|
Read More

FAMU Receives $5M to Establish Cyber Policy Institute

Florida A&M University (FAMU) is among four schools, each receiving $5 million from the William and Flora Hewlett Foundation for the creation of a Cyber Policy Institute that will allow the University to develop scholars to address cyber policy issues especially for underrepresented communities.

FAMU, along with Spelman College, is one of two Historically Black Colleges and Universities (HBCUs) to receive the funding to support the launch and expansion of interdisciplinary cyber policy programs. Florida International University in Miami, a Hispanic-serving institution, and Turtle Mountain Community College, a tribal college in Belcourt, North Dakota, are the other two grant recipients, the Hewlett Foundation announced Wednesday.

“We are proud to partner with the Hewlett Foundation to create the Cyber Policy Institute, an interdisciplinary collaboration between the University’s College of Science and Technology (CST) and the College of Social Sciences, Arts, and Humanities (CSSAH),” said FAMU President Larry Robinson, Ph.D. “This partnership will help students develop expertise and, ultimately, earn a master’s degree in cyber policy. Let me congratulate and thank the Hewlett team, and our team, for bringing this opportunity to FAMU. I am excited that through this initiative, we will produce cyber policy experts well-equipped to address the complex interactions of people, communities, and cyber policy.”

Launched in early 2014, the 10-year, $150 million Cyber Initiative’s goal has been to cultivate a field of institutions with experts capable of addressing society’s most pressing cyber challenges, from encryption policy to combating ransomware to establishing norms governing conflict between nations in cyberspace, among others.

“Because of the pivotal role digital technology plays in our society, it is critical that the cybersecurity field that protects computer networks and individual users can draw on the experience and expertise of people from diverse backgrounds – particularly those that have historically been underrepresented and excluded,” Eli Sugarman, who leads the Cyber Initiative for the Hewlett Foundation, said in a statement. “The work these institutions will do represents a key piece of the puzzle in the development of a more diverse cyber policy field that can keep us all safer in cyberspace.”

As part of the initiative, Stanford University is a mentor for the FAMU group, led by an interdisciplinary team from CST and CSSAH. The partnership aims to integrate science-based and market-oriented domains of knowledge within the university to help students develop expertise in cyber policy and, ultimately, earn a master’s degree in cyber policy,  the announcement stated.

The FAMU Cyber Policy Institute (Cyπ) addresses challenges and opportunities presented by the development of cyber-enabled disciplines where market science fuses with the domain, their impact on society and human evolvement while creating a talent pipeline that produces experts with the necessary mix of non-technical and technical skills and knowledge to staff our institutions- academia, government and corporate, said Principal Investigator, FAMU CST Dean Richard Alo, Ph.D.

CSSAH Dean Valencia Matthews, Ph.D., Richard A. Long, Ph.D., CST associate dean for Research & Graduate Programs, and Kyle Eidahl, Ph.D., professor of social sciences, are co-principal investigators for the initiative.

“The institute will engage faculty and graduate student fellows and broaden collaboration between non-STEM and STEM disciplines,” Alo explained.

With the spectacular and fast-paced technological innovation, particularly within social media, Artificial Intelligence (AI), and Data Sciences, there has been a corresponding growth in the cyber-attack threat, Alo added.

“There have been great strides in how we respond to the cyber threat from a technological perspective, but cyber issues cannot be addressed from a purely technological perspective,” Alo said. “Data Science and its tools have significantly influenced the workforce where our professions are rapidly being digitalized and demand the fusion of market science – psychology, policy, management, ethics, etc. There is a pressing need for experts in cyber/technology policy. Developing policies to address cyber/technology issues, whether in government or the corporate environment, significantly lags behind technological advances.”

Source: https://www.famu.edu/about-famu/news/famu-receives-5m-hewlett-foundation-grant-to-establish-cyber-policy-institute.php 

2023-04-04T10:41:01-04:00April 4, 2023|
Read More

Hosted by the University of South Florida
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620
outreach@cyberflorida.org
813-974-2604

Office meetings by appointment only

CONTACT US

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.