skip navigation

More signal. Less noise.

Daily briefing.

Several claims of zero-day vulnerabilities cropped up over the past week: a Chrome hole (Google doesn't believe it, and the researcher won't talk until he demos his exploit at an upcoming New Delhi conference), a Yahoo! Mail exploit (for sale on the black market), and SCADA vulnerabilities in systems by Siemens, GE, Kaskad, ABB/Rockwell, Eaton and Schneider Electric.

The US continues to deny charges of cyber espionage against the Elysee Palace, and some expert observers lend credence to the denial.

Symantec reports a database exploit is loose in the Middle East; Iranian security authorities call it old news. Other small hacks and scams surface; they amount to fresh warnings to use caution online. One is worth calling out: PASSTEAL malware is circulating in file-sharing sites where it masquerades as a key generator for paid applications.

The South Carolina breach looks more serious: attackers had at least two months' "unfettered access" to the state's tax system. US banks are warned to expect fallout from the 3.3 million bank accounts compromised in the exploit.

Huawei's reputation in the US Government as a security risk opens a market opportunity for other firms: Nokia and Siemens prepare a joint push for US Federal business. Various countries friendly to the US look to American companies to provide cyber expertise.

Lesser-known US universities—the University of Tulsa being exhibit A—become major sources of Federal cyber talent.

Australia's Defence Signals Directorate gives businesses advice on BYOD policy. Greek and British hackers face trial for cyber crimes.

Notes.

Today's issue includes events affecting Argentina, Australia, Canada, European Union, Finland, France, Georgia, Germany, Greece, India, Iran, Israel, Kuwait, Malta, New Zealand, Oman, Pakistan, Palestinian Territories, Qatar, Russia, Saudi Arabia, Syria, United Arab Emirates, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Questions, Doubts greet Researcher's Claim to have Chrome Zero Day (Security Ledger) But Gobejishvili also said he has not made any attempt to inform Google about the vulnerability and will not publish any details of the zero day hole even after

Researcher Claims To Have Chrome Zero-Day, Google Says 'Prove it' (Slashdot) chicksdaddy writes "Google's been known to pay $60000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a

Hacker Sells Yahoo! Mail Zero-Day for $700 (Softpedia) Underground hacking forums are flooded with all sorts of zero-day exploits, many of which can

Adobe Reader Zero-Day Still Unfixed, Researchers Fail to Provide P.O.C. (Softpedia) Earlier this month we learned from cybercrime investigation company Group-IB that cybercriminals were selling an Adobe Reader X/XI zero-day for prices

Info about 0-day SCADA flaws offered for sale (Help Net Security) Following in the footsteps of French Vupen Security, Malta-based start-up ReVuln has also decided to sell information about zero-day vulnerabilities to companies and governments instead of sharing it

Researcher Finds Nearly Two Dozen SCADA Bugs in a Few Hours' Time (Threatpost) It is open season on SCADA software right now. Last week, researchers at ReVuln, an Italian security firm, released a video showing off a number of zero-day vulnerabilities in SCADA applications from manufacturers such as Siemens, GE and Schneider Electric. And now a researcher at Exodus Intelligence says he has discovered more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours' work

Today's Tech: US accused of cyber-attack on France (ITProPortal) The United States has been accused of playing a part in some of the most significant cyber-attacks recorded in recent years, including the vicious Flame and Stuxnet viruses. But while the victims of these campaigns have been fairly predictable, with

Expert skeptical of alleged U.S cyberattack on French computers (CSO) Hackers said to have used Facebook to make a connection with people working in the Elysee Palace

U.S. denies hacking computers in the Elysee Palace (Help Net Security) U.S. cyber spies have allegedly hacked a string of computers inside the official residence of the President of the French Republic during the last days of Sarkozy's tenure and have stolen confidential

Maher center announcement about the 'narilam' malware (certcc) Recently Symantec reported the detection of a new malware called "win32. narilam". regarding that report there were numerous media coverage on the topic, and comparing the threat to the previously reported cyber-attacks on Iran's infrastructure like stuxnet, duqu and flame

W32.Narilam the malware that hit databases in Middle East (infosec island) Recently we have always thought to malware as dangerous agents used to steal information such as banking credentials or to be used in cyber espionage operation. This is one of the different ways to monetize the development of a malicious agent, virus creation to steal information which is associated with an economic value. But we also learned that malware could be developed for destructive purposes, that the case of state-sponsored project or cyber weapon such as Stuxnet, but similar approach could be also persecuted by private companies against competitor business

Pakistan Hacker Explains How Pakistan google and other sites got hacked (E Hacking News) Recently, The news about the Pakistani Google hack spread like a wildfire in the Internet. At the time, Top Level Pakistan Domains displayed the defacement page including Yahoo, MSN, HSBC, EBay,Paypal and more sites. Today, khanisgr8, a hacker from Pakistan hacker collective called "TeamBlackHats" sent an email regarding the security breach

Anonymous Steps Into Gaza Crisis (InformationWeek) Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say

Hannibal account leak proven as false (cyberwarnews) A few days ago we posted an article that made claims that over 1,000,000 account details had been leaked from a hacker using the handle Hannibal who claimed to leak the data in retaliation attack against anonymous hacktivist for operation Israel. IT has come to light today that this attack was never carried out, that the data was leaked months ago and is still currently being hosted online in the exact same format that hannibal leaked it

MeTV Hacked, Affiliates credentials leaked (cyberwarnews) A popular TV broadcasting network MeTV has been hacked by a hacker we follow often @DARWINARE who recently has attacked and leaked data from UNSW, Amazon. uk and other high profile sites

Dreamhost Breached, Server & client information leaked (cyberwarnews) A pastebin user using the handle Syst3mswt who is apart of warriors team SWT has posted a a dump of server information which appears to come from the well known and popular web hosting service Dream Host

Anonymous hacker takes on Kaspersky & defaces Kaspersky MP3 webpage (cyberwarzone) Today I got an message in one of the social media groups that the website of Kaspersky has been defaced. It is not the full domain that has been defaced but simply one page (so far). The page that has been defaced is the Kaspersky Anti-Virus 6

Details of 700 Students Leaked from Syrian Virtual University (Softpedia) A hacker group called GreySecurity, or GSec, has hacked into the systems of the Syrian Virtual University (svuonline. org) and has leaked the email addresses of around 700 students. Over the past period, hackers have mostly tried to protect Syrian organizations, but it appears that some collectives dont necessarily care about the agenda of Anonymous and other hacktivists

Anonymous Hackers Take Down School District Site over Student Tracking System (Softpedia) The Northside Independent School District (NISD) in San Antonio made a lot of headlines last week, after threatening to expel a student that refused to participate in their radio frequency identification (RFID) tracking program. At the end of last week, a court delayed the school districts plans to expel the student but, in the meantime, some Anonymous hackers decided to take the matter into their own hands and took down the NISD website. The hacker who took credit for the attack told HotHardware that these 'student locator' programs are ultimately aimed at getting students used to living in a total surveillance state where there will be no privacy, and wherever you go and whatever you text or email will be watched by the government

Bogus Chase Paymentech notification carries malware (Help Net Security) If you receive an email seemingly coming from payment processing company Chase Paymentech, think twice about opening the attachment it carries. The email purportedly delivers an electronic Merchant

'Twitter is going to start charging' phishing scheme pops up (Help Net Security) Twitter users are being actively targeted with DMs falsely announcing Twitter's decision to start charging its use

Bogus Apple invoice leads to Blackhole, banking malware (Help Net Security) If you receive an invoice seemingly coming from Apple that apparently shows that your credit card has been billed for $699,99 (or a similar preposterously huge amount of money) because you bought post

Digitally signed ransomware lurking in the wild (Help Net Security) Trend Micro researchers have spotted two ransomware variants bearing the same (probably stolen) digital signature in order to fool users into running the files. Other than that, the malware acts

Trojanized Thanksgiving-themed screensavers lurking online (Help Net Security) If you want to add a little festive cheer to your computer, a screensaver showing beautiful Thanksgiving images might be just the thing

PASSTEAL Malware Lurking on File Sharing Sites (Threatpost) Variants of the PASSTEAL malware are propagating by masquerading as key generators for paid applications, popular e-books, and other software on file sharing services, according Alvin John Nieto, a threat response engineer at TrendMicro's TrendLabs

Hacked Go Daddy sites infecting users with ransomware (Naked Security) Computer users are getting infected with ransomware because criminals have managed to hack the DNS records of Go Daddy hosted websites

South Carolina Data Breach Poses Big Risks to Banks (American Banker) After initially deflecting responsibility, South Carolina Governor Nikki Haley has admitted that his government could have done a better job to prevent a data breach that compromised sensitive information for four million individuals and 700,000 businesses that file state taxes. More than 3. 3 million unencrypted bank accounts were stolen, and 5,000 credit card numbers, though most of those were expired

Attackers Had Access for Months in South Carolina Data Breach (Threatpost) Attackers had two months of unfettered access to South Carolina's Department of Revenue systems in a classic targeted attack that began with a phishing email and ended with the loss of electronic tax return data, and payment card and personal information on 3.8 million filers, possibly dating back to 1998

Security Patches, Mitigations, and Software Updates

Mozilla Releases Multiple Updates (US-CERT) The Mozilla Foundation has released updates to address multiple vulnerabilities for the following products: Firefox 17.0, Firefox ESR 10.0.11, Thunderbird 17.0, Thunderbird ESR 10.0.11, [and] SeaMonkey 2.14. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, bypass safety restrictions, or perform a cross-site scripting attack

Cyber Trends

A Backhanded Thanks (Dark Reading) As we recover from the Thanksgiving weekend, let's give our brand of security thanks for all the good (and not so good) in our world. Around Thanksgiving time in the U.S., I usually take a minute or two between football overload (like that's possible) and binge eating to reflect on the year. It's hard to believe folks are putting holiday decorations up and we're in full fledged planning for 2013. Didn't 2012 just start? Uh, I guess not

Business needs to focus on cyber security threat, says KPMG (hrmagazine) Senior management in British businesses are not taking the threat to cyber security seriously enough, despite increasing publicity about online security breaches in some of the world's largest organisations, according to professional services firm KPMG. The warning comes after cyber security minister, Chloe Smith, last week reiterated the Government's commitment to tackle cyber crime. KPMG's head of information protection and business resilience, Stephen Bonner, said:"The UK's digital economy accounts for 8% of our GDP, so why organisations are yet to develop a mature approach to cyber security is a question that must be answered

Growth of Black Friday online spending slowed despite the iPad's emergence as a major shopping tool (Quartz) US online sales rose 17.4% on Thanksgiving Day and 20.7% on Black Friday from a year earlier, according to estimates by IBM. Mobile web usage increased significantly, with 24% of consumers visiting retailers' sites from a smartphone or tablet, compared to 14.3% last year. Mobile sales represented 16% of the total, up from 9.8% in 2011. Consumers using iPads conducted roughly 10% of total online shopping, blowing away all other tablets. Wal-Mart separately said that mobile devices represented 45% of all Walmart.com traffic on Thanksgiving. But overall online shopping growth rates slowed from last year

Understanding basic honeypot concepts (Help Net Security) The EU cyber security Agency ENISA is launching an in-depth study on 30 different digital traps or honeypots that can be used by CERTs to proactively detect cyber attacks. The study reveals barriers

Battles over online information control to escalate (Help Net Security) The year ahead will feature new and increasingly sophisticated means to capture and exploit user data, escalating battles over the control of online information and continuous threats to the U.S. supply chain

What's the most coveted target for cyber attackers? (Help Net Security) Despite repeated warnings, organizations are still failing to lock down the primary target of most cyber-attacks – privileged access points. Cyber-Ark labs analyzed a string of recent, high-profile

Cloud Security Not the Barrier It's Supposed to Be (Midsize Insider) Groups like the Cloud Security Alliance will continue to perform research and issue documents, as it recently did, according to this Integration Developer News article. These documents are said to serve an important purpose in showing how the industry

Study Hints at the Future of Cloud Computing (BostInno) A recent study by the Cloud Security Alliance (CSA) and the Information Systems Audit and Control Association (ISACA) revealed that changing government regulations, plausible exit strategies, and international data privacy are the most pressing

Paid mobile apps to generate $57 billion by 2017, says Strategy Analytics (Fierce Mobile IT) Paid mobile apps downloads are expected to generate more than $57 billion globally between 2008 and 2017, despite a shift toward free app downloads over the period, according to the latest estimate by Strategy Analytics.

Marketplace

Nokia Siemens to head stateside to fill Huawei-shaped market gap (ZDNet) After a U.S. House Intelligence Committee found that Huawei and ZTE, which provide telecoms equipment to cellular and wired networks, "cannot be trusted" to be free from foreign state influence and "thus pose a security threat to the United States," it left many networking companies which buy their products up the creek without a paddle. Finland-based Nokia Siemens Networks (NSN) is looking to fill the gap, and what an opportune time: the company is sinking and it needs to expand stateside or face potential collapse

As cyberwarfare heats up, allies turn to U.S. companies for expertise (Washington Post) In the spring of 2010, a sheik in the government of Qatar began talks with the U.S. consulting company Booz Allen Hamilton about developing a plan to build a cyber-operations center. He feared Iran's growing ability to attack its regional foes in cyberspace and wanted Qatar to have the means to respond

Cyberwar Poses Dilemma For Defense Contractors (Washington Post) As allies seek help, U.S. officials wary of technologys misuse

Cyber Security Challenge announces new competitions (Engineering and Technology) The Cyber Security Challenge has announced new competitions including malware attacks from hostile states, IP theft in motor racing and 'Stuxnet-like' attacks on high security facilities. Professional cyber teams from Orange, Prodrive, (ISC)2, the SANS Institute, QinetiQ and Sophos will test over 100 qualifiers from the virtual first-round competitions over the coming months to determine the 40 finalists for the Masterclass grand finale in March 2013

Transcom Opens Cyber Center (Executive Gov) U.S. Transportation Command has opened a joint cyber center for securing the command's information networks, American Forces Press Service reports

Exelis to Help Navy Design, Install C4ISR Awareness Systems (ExecutiveBiz) ITT Exelis has won a $93,261,183 U.S. contract to provide material and services for design, procurement, installation and maintenance of adaptive persistent awareness systems

CMS Awards up to $15B to Upgrade & Manage Data Centers (Govconwire) The Centers for Medicare and Medicaid Services has awarded a number of contracts that could add up to $15 billion in the next 10 years, for the management of its data center operations. According to a NextGov article, contractors for the "virtual data center operation" indefinite-delivery-indefinite-quantity contracts include Accenture Federal Services, HP Enterprise Services, IBM, Lockheed Martin and other vendors

Joyent Gets New CEO, Preps Cloud Tools (InformationWeek) Henry Wasik joins Joyent from Dell, where he lead networking unit; cloud software gets upgrade in early 2013

Intel's Next CEO Must End Mobile Neglect (InformationWeek) Intel built an unbeatable infrastructure for PC and server chips -- which gives it zero advantage in meeting fundamentally different requirements for mobile chip design

Could departure of Intel CEO signal faster shift toward mobile? (Fierce Mobile IT) Chip maker Intel (NASDAQ: INTL) announced Tuesday that Paul Otellini, its long-serving chief executive officer, is retiring in May

Products, Services, and Solutions

Mozilla suspends work on 64-bit Firefox for Windows (Computer World) Mozilla this week suspended development of a 64-bit version of Firefox for Windows, citing add-on incompatibilities and low priority for the project. In a message posted to Bugzilla, the company's bug- and change-tracking database, Benjamin Smedberg, a developer with consulting firm Mozdev, and a regular contributor to the open-source browser, said that the organization was suspending, perhaps for some time, the work on a 64-bit version."Please stop building windows 64 builds and tests," Smedberg wrote on Bugzilla Wednesday. In the same message, he told commenters the decision had been made, and not to argue it on Bugzilla, a warning that several people ignored

HP delivers server for Big Data (Help Net Security) HP unveiled a server built to help clients operationalize Big Data, drive new business opportunities and save up to $1 million over three years

Check Point taps ThreatCloud to revolutionise attack response (ITWeb) Check Point Software Technologies, the worldwide leader in securing the ... and are powered by Check Point's revolutionary ThreatCloud security intelligence

QinetiQ Group plc : QinetiQ Commerce Decisions' Award software is available on G-Cloud Ii / Rm1557 Ii Framework (4-Traders) QinetiQ Commerce Decisions, leading provider of software and services to support strategic procurement projects, has been awarded a place on Lots 3 and 4 of the G-Cloud II framework by the Government Procurement Service. Lot 3 is the framework for Software as a Service (SaaS) and Lot 4 is for Specialist Cloud Services

VMware vCenter Multi-Hypervisor Manager 1.0 released (Help Net Security) VMware vCenter Multi-Hypervisor Manager is a component that enables support for heterogeneous hypervisors in VMware vCenter Server

New line of Panda Security integrated perimeter security appliances (Help Net Security) Panda Security launched Panda GateDefender Performa eSeries, its new, unified perimeter security device that protects against all types of threats

Imation releases PC on a Stick mobile workspace (Help Net Security) Imation announced beta availability of its IronKey Workspace, certified for deployment of Windows To Go. The IronKey Workspace lets organisations outfit mobile professionals with a secure, fast USB

ManageEngine updates Password Manager Pro (Help Net Security) ManageEngine announced enhancements to Password Manager Pro, which offers protection to data centres by helping establish access controls to IT infrastructure, and seamlessly record and monitor

Linux file encryption with BestCrypt (Help Net Security) Jetico has announced BestCrypt Container Encryption for Linux 2.0, now with a simple user experience in a new GUI, plus greater stability and security

Netflix Wants You To Adopt Chaos Monkey (InformationWeek) Netflix has made its own automated disaster testing service, Chaos Monkey, available as a free public download. Should you turn it loose on your own systems

10 Best Apps For Samsung Galaxy Notes (InformationWeek) Check out these 10 great apps that take advantage of the Samsung phablet's S Pen stylus

Android 4.2 On The Nexus 7: First Impressions (InformationWeek) Google recently pushed Android 4.2 Jelly Bean to the Nexus 7 and other devices. Here's a first look at the newest version of Android on Google's 7-inch tablet.

UK mobile operator Three rolls out cloud-based M2M platform (Fierce Mobile IT) U.K. mobile operator Three is rolling out a cloud-based machine-to-machine platform for U.K. companies that want to use its network to provide M2M connectivity

Windows Intune to simplify enterprise adoption of Surface tablet, analyst says (Fierce Mobile IT) Windows Intune, the cloud-based PC management and security software tool available on the new Surface tablet, should "simplify the adoption" of the tablet in the enterprise, said Forrester Research senior analyst David Johnson

Technologies, Techniques, and Standards

Guide to iPad Security in the Enterprise (eSecurity Planet) While iPads and other tablets provide big productivity benefits in the enterprise, they also create some pretty big security challenges. As iPads continue to make their way into the enterprise, security is an increasingly significant concern – a recent study by Context Information Security suggested that the iPad is dangerously vulnerable

Risk Assessment Reloaded (thanks PCI !) (Internet Storm Center) Last month was Cyber-Security Awareness Month, and we had some fun presenting a different security standard each day. One of the standards we discussed was the ISO 27005 standard for Risk Assessment. So when the PCI Council released Risk Assessment Guideance this past week, it immediately caught my attention

What's in Your Change Control Form? (Internet Storm Center) It's surprising how many organizations don't plan well for change. Change Control is a well known process, one that is well defined in many different frameworks (ITIL and the ISO 27000 Series and NIST for starters). Yet many organizations plan changes over coffee and a napkin (or a visio on a good day). This almost always results in figuring out problems during the change (I don't know about you, but the less 1am thinking I need to do, the better off I am!), conflicting changes, or changes that just plain don't work, and need to be backed out in a panic.

Black Friday and Cyber Monday: Trend Micro Canada's Top Tips (Canada NewsWire) With this year's cyber holiday shopping season about to begin, Canadians in record numbers will be online looking for perfect gifts, deals and bargains. Unfortunately shoppers and sellers aren't the only ones who will be busy

Tips for a safe online shopping season (Help Net Security) The holiday season presents the perfect opportunity for cybercriminals to steal consumers' information as shopping is increasingly conducted online. According to a 2011 study from comScore, dollars

Cloud security begins with the contract, says expert (TechTarget) "If I was a business person actually negotiating these deals I would never move forward without those basic, bare bones minimums," Kellermann said in a recent interview with SearchSecurity.com conducted at the 2012 Cloud Security Alliance Congress

Design and Innovation

Innovation Lesson: Disrupt Before You're Disrupted (InformationWeek) Even innovators struggle with the pace of change. Here are some of the ways Silicon Valley companies like LinkedIn push the edge without falling off

Research and Development

A Quantum Dot First: Electron-Photon Entanglement (IEEE Spectrum) A new way to entangle quantum bits made of light and matter could be a boost for quantum communication

Academia

Spy Training For The Digital Age (Los Angeles Times) Stalking is part of the curriculum in the Cyber Corps, an unusual two-year program at the University of Tulsa that teaches students how to spy in cyberspace, the latest frontier in espionage. It may sound like a Jason Bourne movie, but the little-known program has funneled most of its graduates to the CIA and the Pentagon's National Security Agency, which conducts America's digital spying

Big Data Education: 3 Steps Universities Must Take (InformationWeek) How can universities help meet the growing demand for data scientists? Consider this advice from a professor working in the trenches with tomorrow's analytics pros

Legislation, Policy, and Regulation

DSD issues advice for executives tackling BYOD (ZDNet) The Australian Defence Signals Directorate (DSD) has issued security advice for executives who are having to tackle the issue of employees bringing their own devices (BYOD) into the workplace. Issued from the DSD's Cyber Security Operations Centre, the notice covers implications of BYOD, including the legal, financial, and security implications

Digital Agenda: EU and US sign joint declaration to make the internet safer (Invest in EU) Within the European Commission, Vice-President Kroes is responsible for cyber-security and Commissioner Malmstrom for tackling cyber-crime. Within the United States, the Department of Homeland Security, Department of Justice, Department of State

Demise of cybersecurity bill means executive order on the way (CSO) The demise of the Cyber Security Act of 2012 (CSA) clears the way for President Obama to issue an executive order (EO) implementing at least some of the major elements of the bill. And some political observers say

Israel's Investments in Cyber Defense Pay Off (Heritage.org) Sequestration will cut 9.4 percent from every part of the defense budget. These cuts will hit cyber operations, including cybersecurity programs in the Department of Homeland Security. Hollowing out our conventional and strategic forces is bad enough

New web domains face government objections (Fierce Government IT) The government advisory committee to the Internet Corporation for Assigned Names and Numbers released Nov. 20 a list of about 200 proposed new generic top level domains to which various governments object. ICANN began accepting applications for new gTLDs in January and in June unveiled a list of 1,930 possibilities, some of which have attracted controversy--although the usual examples of contentious proposals such as .sex and .gay are in fact missing from the GAC objections list (.sucks does make it, however)

Litigation, Investigation, and Law Enforcement

Anonymous claims Stratfor hacking trial is partial, unfair (ZDNet) Anonymous is demanding that the judge overseeing the trial of a hacker, who is alleged to be responsible for the Stratfor breach, step down from her position. In December last year, hackers stole information from intelligence broker Stratfor and published the information online. The information included over 50,000 credit card numbers, as well as a large number of email addresses, phone numbers, and easily cracked encrypted passwords

Accused Wikileaker To Ask For Dismissal (Baltimore Sun) Army Pfc. Bradley Manning is due back at Fort Meade this week, where lawyers for the alleged WikiLeaker plan to argue that he was punished at a military brig before his case had been heard grounds, they say, to dismiss all charges against him

Govt spies may face court (Otago Daily Times) Any disclosure would allow Mr Dotcom's team to attempt to examine whether the GCSB had passed information to its US partner, the National Security Agency. The NSA works with the FBI on issues of national significance

Feds want Obama's Internet instructions kept quiet (WND.com) The National Security Agency says a special directive from Barack Obama on the organization's reach into private Internet communications will not be made public. The announcement comes in a letter from the NSA's Pamela Phillips to the Electronic

Experts question guilty verdict for AT&T 'hackers' (CSO) Computer Fraud and Abuse Act of 1986 needs major update, security experts say

Greek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks (Internet Storm Center) From the Associated Press via The Washington Post. The report cites a 9 million record value and notes that Greece currently has a population of around 10 million (WolframAlpha tells me that the 2010 estimate is 11.2M.) The WP article also wisely notes that 9M value is from a data-file that hasn't been de-duplicated

Student denies PayPal cyber-attack (TG Daily) Student Christopher Weatherhead was one of four British hackers to attack PayPal in support of Wikileaks, a court heard yesterday. While his three co-defendants - Londoner Ashley Rhodes, 27, Peter Gibson, 24, from Hartlepool and an 18-year-old male who

Lewys Martin of Kent faces Oxbridge cyber attack charges (BBC News) Lewys Martin of Kent faces Oxbridge cyber attack charges. A man has been accused of 17 offences connected to the blocking of the websites of Oxford and Cambridge universities and Kent Police. The charges against Lewys Martin, 20, also relate to the

Petraeus Staff Subject Of Document Probe (Washington Post) Petraeus aides and other high-ranking military officials were often tasked by Petraeus and other top commanders to provide military records and other documents to Paula Broadwell for her work as Petraeus's biographer, former staff members and other officials told The Washington Post

EPA struggles with FISMA compliance (Fierce Government IT) The Environmental Protection Agency fell short of its major cybersecurity responsibilities in fiscal 2012 through poor security log management and not resolving known security failures, writes the agency's office of inspector general

Lab misspent more than $1M on IT purchases, says SEC OIG (Fierce Government IT) A lab at the Securities and Exchange Commission is responsible for some major spending and IT security infractions, according to an SEC Office of Inspector General report released publicly Nov. 19 but dated Aug. 30

Good Technology lawsuits show MDM competition is heating up (Fierce Mobile IT) Good Technology's recent patent infringement lawsuits against competitors MobileIron and AirWatch are an indication that competition is heating up in the mobile device management market, observed Phillip Redman, research vice president for mobile and client computing at Gartner

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

First Annual Maryland Digital Forensics Investigation Conference and Challenge (, January 1, 1970) Test your knowledge of digital forensics and cyber investigations. Academic teams of four students from Maryland high schools, community colleges and universities will compete for prizes in the Cyber Crime...

Digital Security Summit (Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.

Passwords^12 (, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...

CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, December 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.

Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, December 4, 2012) An overview of sandboxing as a key security technology.

CIO Cloud Summit 2012 (, January 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.

BayThreat (Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.

2012 European Community SCADA and Process Control Summit (Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...

SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, December 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

tmforum Big Data Analytics Summit (Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.