skip navigation

More signal. Less noise.

Daily briefing.

A low-grade virus hits Israeli Facebook users as that country prepares to weather Anonymous' threatened OpIsrael on Monday. The hacktivist collective's vandalism of North Korean sites this week may offer a preview. (Anonymous also mounts denial-of-service attacks against affiliated (?) news source Indiegogo for, effectively, trademark infringement, although how such infringement is possible among anarcho-syndicalists remains baffling.)

Wells Fargo undergoes another denial-of-service attack and US banks resign themselves to this being the new normal: Citi unofficially thinks of Wednesday as "DDoS Day." Vendors work on DDoS defenses.

ICANN's new top-level domains (like ".corp") carry risks because they're often used internally to name machines. Security analysts recommend enterprises mitigate the risk by no longer issuing "internal name" certificates.

Dell SecureWorks and BitDefender warn of new Android malware. Some of it appears to have been developed by Chinese espionage services (whom the Economist calls alarmingly "unabashed").

Sino-American cyber tensions continue, and Apple (under American scrutiny for its Foxconn connection and Chinese displeasure for insufficient compliance with censorship) seems caught in the middle. Ten US trade groups (TechAmerica and the US Chamber of Commerce among them) send a letter to Congress objecting to new restrictions on Government procurement of Chinese hardware.

HP board resignations may foreshadow major changes.

Virginia announces a new partnership to develop the Commonwealth's cyber labor force. As reports suggest a Federal cyber talent shortage that universities aren't addressing, the University of Maryland Baltimore County expands its cyber security offerings.

Russia and Ukraine make arrests in the Carberp botnet case.

Notes.

Today's issue includes events affecting Australia, Canada, China, Cyprus, Germany, Israel, Japan, People's Democratic Republic of Korea, Russia, Spain, Ukraine, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

On eve of attack, Israel preparing for the cyber-worst (Times Of Israel) Under the threat of what hackers swore would be the largest Internet battle in the history of mankind, Israel has been preparing for the past week for what many expect to be a massive attempt to swamp Israels Internet bringing websites to a crawl, or even bringing them down. The attack is set for Sunday, April 7 coincidentally, or perhaps not, the eve of Holocaust Memorial Day in Israel. Computer system administrators and security experts have been shoring up network defenses, changing passwords, and ensuring that they have the Internet bandwidth to withstand an attack

Anonymous threatens cyber attack on Israeli sites (Jerusalem Post) Hacktivist collective Anonumous threatened to launch a cyber attack on Israeli websites on Sunday, April 7, the eve of Holocaust Memorial Day…Anonymous warned Israel not to shut down the internet in Gaza and to "cease and desist from your terror upon the innocent people of Palestine or you will know the full and unbridled wrath of Anonymous." In an e-mail sent to Knesset employees Thursday, Deputy Information Security Officer Ofir Cohen explained that on Sunday, government websites are expected to face distributed denial of service (DDoS) attacks and attempts at vandalism

Computer virus attacks Israeli Facebook users (JTA) A computer virus attacked thousands of Israeli Facebook subscribers days before a threatened mass cyber attack on Israeli websites

Hack attack by Anonymous vandalizes North Korea's Twitter and Flickr accounts (CSO) North Korea may be making nuclear threats, but it's looking silly after hacks by Anonymous lampoon its leader on official sites and feeds. While North Korea has made some serious-sounding threats about military action against the United States and South Korea lately, the country's looking a bit silly after several of its online accounts were hacked. North Korea's official Flickr and Twitter pages have been vandalized, with hacker collective Anonymous taking credit. The hackers also gained access to a North Korean music and book store and the country's news and information site, both of which have both been taken down, The Next Web reports

Wells Fargo's Website Hit by Another Cyber Attack (Fox Business) Wells Fargo's (WFC) website was hit by a cyber attack on Thursday, a person familiar with the matter told FOX Business, just a week after the banking giant's consumer site suffered a similar problem. The apparent intrusion marks the latest distributed

Banks Hit Downtime Milestone In DDoS Attacks (Information Week) In recent weeks, U.S. banks and financial services institutions have seen their website downtime double, compared to just one year ago. That finding, first reported by NBC News, comes via Keynote Systems, which maintains dummy accounts with the country's top 15 banks, which it uses to monitor site uptime and availability to customers by attempting to log into its accounts every five minutes

The New Normal: Wednesday Is DDoS Day At Citi (The Security Ledger) How common are crippling denial of service attacks aimed at Western banks? Heres one sign: Wednesday is unofficially DDoS day at Citi, according to a Senior Vice President for Information Security at the financial services powerhouse. Speaking on Wednesday at an event hosted by Perdue University, Mamani Older told an audience at CERIAS 2013 that massive distributed denial of service or DDoS - attacks have become business as usual for Citi, and that those launching the attacks have fallen into a predictable schedule of attacks

Japanese web portals hacked, up to 100,000 accounts comprimsed (CSO) Yahoo Japan found malicious software on its servers but no data was lost, while rival goo said up to 100,000 accounts were hacked

Cash machine users alerted to Thailand withdrawals (Get Surrey) Residents in Lightwater have reported a card-skimming device after they were alerted by their banks to attempts to steal upwards of 100 pounds from their accounts

Back to the past with pennie stock spam (Internet Storm Center) Most of you will remember the pennie stock SPAM messages from a fair few years ago. The main aim of the game is to buy a bunch of pennie stock and then do a SPAM campaign to drive buying interest, artifically inflating the price of the stock. They sell and make their money. It may be a few cents per share, but if you own enough of it can be quite profitable. Most SPAM filters are more than capable of identifying and dumping this kind of SPAM

Indiegogo Suffers DDOS Aimed At YourAnonymousNews Campaign (TechCrunch) When there is no central authority, who has the authority to sell t-shirts? That question came to a head over the past few days when YourAnonNews announced it planned to create something like a newswire for Anonymous news

Scribd, 'world's largest online library,' admits to network intrusion, password breach (Naked Security) San Francisco-based document sharing site Scribd has admitted to a network intrusion. Details are scant, but fortunately a notification published by the company suggests that no more than 1% of users are at risk

University of Florida reports patient identity theft ring (Health It Security) The University of Florida (UF) medical clinic announced yesterday that a former medical clinic employee, Arthur Thomas, had breached the data of nearly 15,000 patients as part of an identity theft ring. Thomas was arrested Tuesday, according to The Gainesville Sun, and stole patient data from UF&Shands Family Medicine at Main from March 2009 and October 2012 and included patients insurance information, names, addresses, dates of birth and Social Security numbers while selling the information to a third party. The university learned of the breach on Oct. 25, but state law enforcement prevented it from notifying patients until the criminal investigation was complete

Cyber attack on Bitcoin exchange exposes flaws in virtual currency (Irish Independent) Despite DDOS attacks being one of the most common methods of cyber attack, they are difficult to defend against. MTGox said its security systems had failed to block the attack. Following the problems, the controversial currency, plunged 20pc in value

Bitcoin May Be the Global Economy's Last Safe Haven (Bloomberg BusinessWeek) One of the oddest bits of news to emerge from the economic collapse of Cyprus is a corresponding rise in the value of Bitcoin, the Internet's favorite, media-friendly, anarchist crypto-currency. In Spain, Google (GOOG) searches for "Bitcoin" and downloads of Bitcoin apps soared. The value of a Bitcoin went up to $78. Someone put out a press release promising a Bitcoin ATM in Cyprus. Far away, in Canada, a man said he'd sell his house for BTC5,362

Dell SecureWorks becomes latest to warn about Android malware (SC Magazine UK) The malware, called Stels, was identified by Dell SecureWorks' Counter Threat Unit (CTU)…they become a lucrative target for cyber criminal

Android malware: A new avenue for Chinese hackers (CITEworld) Indeed, enterprises have been the targets of Chinese hackers for years, according to a report released in February by U.S. cybersecurity firm Mandiant, which wrote that 141 organizations in the U.S. and other English-speaking countries across 20

Surprise, Surprise: Your Android Apps Are Being Used To Nab Personal Data (Lifehacker Australia) A new study from online security firm Bitdefender has revealed thousands of popular Androud apps are being used by unscrupulous advertisers to collect and upload user information to third party servers. Some apps were even found to access users'

Five Signs Your Android Device is Infected With Malware (PC Magazine) Today, the antivirus and security company Bitdefender released a list of five symptoms that might indicate a malware infection. Do any of these sound familiar? Racked-Up Phone Bills Last year, the SpamSoldier malware introduced the world to the first

Possible security disasters loom with rollout of new top-level domains (Ars Technica) Plans to populate the Internet with dozens of new top-level domains in the next year could give criminals an easy way to bypass encryption protections safeguarding corporate e-mail servers and company intranets, officials from PayPal and a group of certificate authorities are warning. The introduction of Internet addresses with suffixes such as ".corp"

Masters of the cyber-universe (The Economist) China's state-sponsored hackers are ubiquitous--and totally unabashed. CHINA'S SOPHISTICATED HACKERS may be the terror of the Earth, but in fact most of their attacks are rather workaday. America and Russia have hackers at least as good as China's best, if not better. What distinguishes Chinese cyber-attacks, on anything from governments to Fortune 500 companies, defence contractors, newspapers, think-tanks, NGOs, Chinese human-rights groups and dissidents, is their frequency, ubiquity and sheer brazenness. This leads to an unnerving conclusion. "They don't care if they get caught," says Dmitri Alperovitch

Security Patches, Mitigations, and Software Updates

Postgresql Patches Critical Vulnerability (Internet Storm Center) The Postgresql team announced earlier today the release of patches for its popular open source database. The description of the vulnerability sounds quite scary. An attacker may cause corruption to the database, or if the attacker is able to log in, the attacker may then escalate privileges and in some cases execute arbitrary code

Preview: Microsoft's Patch Tuesday Load for April 2013 (CSO) Microsoft plans nine security bulletins containing fixes for a variety of Windows, Office and Internet Explorer flaws

Sophos fixes vulnerabilities in its Web security appliance (CSO) The flaws could allow attackers to execute commands with high privileges and read sensitive passwords stored on the product

Cyber Trends

Would the Mob Really Break Your Virtual Kneecaps With Counterfeit Chips? (IEEE Spectrum) Apparently, the next chip security threat could come from organized crime, says IOActive

This Bank Can't Withstand a Cyber Attack (Motley Fool) The consumer banking landscape is undoubtedly changing. The big banks are closing down branches and adjusting business models. However, there is one bank that is way ahead of the curve. BOFI Holding (NASDAQ: BOFI) is a Internet-only bank that has seen its business boom in recent years because of its high-interest deposit products and ease of use

Cloud Security Still a Murky Issue as Vendors Move Vulnerabilities Creep with Them (Silicon Angle) We are living in a highly sophisticated Internet era where practically everyone is vulnerable and exposed to security risk, especially when most of us are cloud consumers. Cloud computing, which was just a buzzword a few years ago has gone mainstream now. In fact, if we take a look at two surveys conducted by InformationWeek in 2008 and 2012 the difference in quite prominent

Outsourcing Security to the Cloud: As Safe as Burying Treasure Near a Pirate (CMS Wire) Welcome! Yea, though a scurvy pirate or two has occasioned to dare set foot within our establishment, they were swiftly dealt with and ne'ery a one have been eyed since. Aaargh ...'tis no safer place to bury yer treasure. Thar treasure chests are sturdy and their locks sure. We afford ye yer own shovel for buryin' and the watchmen step lively to thwart the ne'er-do-wells. Would ye care for a copy of our SSAE-16? Did I mention that we're PCI compliant

Advanced Persistent Threats get more advanced, persistent and threatening (Register) FireEye's latest advanced threat report states tech businesses are at the forefront of cyber-espionage malfeasance, with one event per minute

Marketplace

Cyber Directorate of the Department of Army CIO Discusses Mobility Challenges and Goals (Federal Technology Insider) Managing the balance between productivity, security, and user expectations is ubiquitous among all agencies seeking to leverage mobility solutions. In this video clip from the Trezza Media Groups Federal Executive Forum on Mobility, Rick Walsh, Cyber Directorate of the Department of Army CIO/G-6 in Emerging Technology, discusses the challenges and priorities as the Army implements Bring Your Own Device (BYOD) and other mobility tools and solutions

NSA to close Yakima Training Center facility (Seattle Times) The National Security Agency is closing a secretive listening post it has quietly operated near Yakima since the early 1970s

McConnell Talks Cyber at Todd Lecture Series (The Northfield News) The Northfield News Mike McConnell is the Vice- Chairman of Booz Allen Hamilton. Booz Allen is a strategy and technology-consulting firm serving the US

Governor Bob McDonnell Announces Virginia Cyber Security Partnership (Dark Reading) "Northrop Grumman is proud to support the Semper Secure initiative," said Mike Papay, vice president and Chief Information Security Officer, Northrop Grumman Corporation. "We understand the critical need to develop our cyber workforce and innovate to

Federal cybersecurity workforce study highlights age, training needs (FierceGovernmentIT) The average federal cybersecurity professional is between the ages of 51 and 55, works in the GS-2210 Information Technology Management occupational series, and has 10 years of experience in the public sector, according to the 2012 Information Technology Workforce Assessment for Cybersecurity. The assessment surveyed nearly 23,000 federal IT civilian workers and closely resembles the 2011 Information Technology Workforce Capability Assessment, according to the March 14 report published by the Federal Chief Information Officers Council

Future cyber policymakers aren't well served by higher education (FierceGovernmentIT) Cybersecurity has become an important national security issue, requiring government leaders to have a basic understanding of how networks operate, major threats and emerging trends. However, a March 26 report from the Pell Center for International Relations and Public Policy finds most of the country's top ranked master of public administration and master of public policy programs lack cybersecurity technology and policy components in the curricula

Are iOS apps the next victims in China's war on Apple? (Quartz) It looks like Another Bad China Day for Apple. The company faces accusations of kowtowing to China after it removed an application from its app store in China today that includes books banned in the country--just days after Apple issued a long and contrite apology to Chinese customers following near daily onslaughts by state media. (Apple hasn't responded to a request for comment.) But the removal of bookstore jingdian shucheng (or classics bookstore), may just be the beginning of Apple giving in to Chinese censorship in order to preempt another attack

HP board shakeup means study of a breakup could gain traction (Quartz) Hewlett-Packard's longtime chairman Ray Lane has attracted blame for many of the company's recent woes. Critics said he was a rubber stamp for HP's disastrous acquisition of Autonomy in 2011, leading some shareholders to call for his ouster. His reelection to the HP board in March came down to a close shareholder vote. HP announced today that Lane is stepping down as chairman and will be temporarily replaced by activist investor Ralph Whitworth

Tableau's $150 million IPO offers more proof of Big Data's big growth potential (Quartz) "Visual analytics for everyone," proclaims Tableau Software's homepage. True to its word, the company makes software for creating maps and charts that is both free and Luddite-proof--enough, at least, to be popular among reporters at the Wall Street Journal and the Huffington Post, as VentureBeat reports. Its bread and butter, though, is more sophisticated business analytics software and services, lumping Tableau firmly in with the Big Data business that everyone is getting so excited about these days

Silvia Torres Appointed Panda Security Global PR Director (San Francisco Chronicle) Global Security Leader Appoints New Executive Panda Security, The Cloud Security Company, has announced that Silvia Torres has been appointed as its new

TASC Promotes Cliff Greenblatt to General Counsel and Vice President (Sacramento Bee) He will also lead TASC's ethics and compliance and trade-compliance activities…integration and decision-support services to the Intelligence Community

Products, Services, and Solutions

Don't Count Out Active Directory For Cloudy Future (Dark Reading) Because Active Directory (AD) was first developed in an era before SaaS services, some security proponents might make the case that it hasn't adapted well enough and doesn't have the architectural flexibility to future proof itself within the increasingly cloud- and mobile-centric enterprise. However, there are plenty of others out there who will tell you not to count out AD just yet. Not only is Microsoft making ground at honing AD's cloud capabilities through Windows Azure Active Directory and further refinements of Active Directory Federation Services, but AD is so completely ingrained within the fiber of just about every big enterprise out there that it's not going anywhere anytime soon

EventTracker Enterprise v7.3 (SC Magazine) EventTracker Enterprise is comprehensive. It is designed to be scalable to address multiple locations, business units and domains using the EventTracker Stand-Alone, Collection Point and Collection Master architecture. The latest version (7.3) expands/improves the offering in areas of file integrity monitoring, change audit, configuration assessment, cloud integration, event correlation and writeable media monitoring and management. Some of the other new features include built-in ticketing system (with acknowledgement, search, notes and email), support for log4j and related standards, such as log4cxx, log4net, log4php, scheduled discovery of applications and systems, configurable behavior rules to detect new and out-of-the-ordinary behavior by user-specified thresholds, frequency or learned-behavior thresholds, and risk-based prioritization for incident identification and automatic or manual remediation solutions

Google Launches Drive App Data Folders, Lets Developers Safely Store Configuration Files And Other Data (TechCrunch) If you're a developer building web or mobile apps that use Google Drive for storing information, you've probably found that users really can't be trusted not to delete or move that data. Once the user does that, the app experience won't be so great and the data that the app needs to run isn't there to use. Today, Google has introduced "app data folders"

HP shifts mobility management into the cloud (ZDNet) HP says its new cloud-based mobility management service allows firms to give users access to apps and data via smartphones and tablets while still maintaining control over security. The new service, HP Enterprise Cloud Services Mobility, enables companies to deploy tools and services quickly for access to applications, file storage and sharing via multiple mobile platforms, according to HP. It provides organisations with the tools to set appropriate security policies and controls to protect data

BlackBerry details extensive security protection in BlackBerry 10 OS (CSO) The recent release of the BlackBerry 10 operating system sets the stage for a security evolution as well, according to Alex Manea, manager of security services at BlackBerry. For one thing, the BlackBerry 10 OS is distinct from any previous BlackBerry OS in that it provides a way to separate out personal applications from corporate-designated ones by using a capability built directly into the OS called Balance. Manea says this "partitions the phone into two spaces, a workspace 100% controlled by IT, which can delete it without interfering in the personal side" and represents a way that businesses can support the bring-your-own-device (BYOD) trend by allowing employees their personal space on BlackBerry, too

Google announces brand new web browser core, so does Mozilla (Naked Security) When you wait ages for a bus, and then three come along at once, it's not a coincidence: it's a side-effect of queuing and traffic lights. But what about when three browser vendors make announcements on the same day

Yandex launches public DNS service with malicious URL filtering (CSO) The company is working with some hardware vendors to create router firmware with built-in support for the service

Cryptography Research and StarChip Sign Patent License Agreement for DPA Countermeasures (PYMNTS) Cryptography Research, Inc. (CRI), a division of Rambus Inc. (NASDAQ:RMBS), and StarChip SAS (StarChip), experts in designing and qualifying Smart Card ICs, today announced they have signed a patent license agreement allowing the use of Cryptography Research's patented technology in StarChip products, including the StarChip line of smartcard integrated circuits. Incorporating Cryptography Research's patented countermeasures onto their devices will help protect StarChip's products against differential power analysis (DPA) and related side channel attacks. The license covers hardware and software countermeasures developed by StarChip or its customers

Technologies, Techniques, and Standards

Praetorian Expands Offering To Include Advanced Persistent Threat (APT) Simulation (Dark Reading) Praetorian offers controlled exercises designed to simulate real-world advanced threats

Hacking The User Security Awareness And Training Debate (Dark Reading) Bruce Schneier says training end users on security is a waste of time. But security awareness experts argue there's a whole new generation and approach emerging that better schools users on security behaviors

How to Protect Macs in the Enterprise (eSecurity Planet) Mac OS X has developed a reputation for security - which means many people ignore measures they should take to secure Macs in the enterprise. If you've ever consulted with a computer security expert and they seemed a little paranoid, consider it a good thing - paranoia is an essential component to effective security. Conversely,

Exxon Mobil CEO zeroes in on risk (Fuel Fix) Exxon Mobil Corp. is targeting employee habits in its effort to improve computer security, which has become extraordinarily important to preventing disasters and safety risks, CEO Rex Tillerson said. In an exclusive interview with FuelFix, Tillerson said the company is educating its employees on safe computer behavior, just as it has done for its physical operations. Computers controlling massive oil company systems, including those on offshore rigs, have been targeted by online attacks and are especially vulnerable to infection with malicious software that could disrupt operations and potentially lead to a major disaster, the Chronicle reported recently

Don't Pay Up How To Beat Ransomware! (makeuseof) Just imagine if someone showed up on your doorstep and said, Hey, theres mice in your house that you didnt know about. Give us $100 and well get rid of them. This is the Ransomware Scam in its original form

Design and Innovation

Kickstarter is definitely not a store (IT World) Kickstarter is a tech scene phenomenon. But it's important to know what it really is.Back in September, Kickstarter felt the need to post an update stating that "Kickstarter Is Not a Store". In it, the crowd-funding and project-launching phenomenon laid out a few new rules, clarified its mission a bit, and generally reinforced the key point in the headline: you back projects, you don't buy goods

Academia

UMBC expands cyber security offerings (Baltimore Business Journal) University of Maryland, Baltimore County is launching a new certificate program through its Cybersecurity Academy and has plans for another. The Certificate in Cyber Operations will be a full-time program that will teach specialized technical skills that can prepare people with even basic computer and technology proficiency to work in entry-level cyber security jobs. The program begins June 24

Legislation, Policy, and Regulation

Tech groups protest anti-China provision in US budget resolution (Computer World) A little-publicized provision in a U.S. government budget resolution that largely prohibits four agencies from using Chinese-made IT products could backfire, several tech trade groups said. The provision, in a 2013 budget resolution signed by President Barack Obama on March 26, bars the U.S. Department of Commerce, the Department of Justice, NASA and the National Science Foundation from acquiring IT systems manufactured by companies owned or subsidized by the Chinese government

MPs blast minister over threat to cyber security (London Evening Standard) Fears that Britain's armed forces are vulnerable to a cyber attack grew today after MPs said they were not satisfied with assurances by a senior minister. In a critical letter to armed forces minister Andrew Robathan, the Commons defence committee raised concerns about the Government's response to its inquiry on cyber security

House Democrat to push for privacy change to cyber bill (The Hill) Schiff plans to offer the amendment during the House Intelligence Committee's closed-door markup of the Cyber Intelligence Sharing and Protection Act (CISPA) next week. If the amendment is adopted, companies would be required to "make reasonable

Pentagon seeking 'rules of engagement' for cyber-war (Detroit Free Press) The need to create a new set of rules reflects how muddled the cyber-world is. Even what constitutes an act of war is difficult to determine. Gen. Keith Alexander, head of Cyber-Command, said recently the bulk of cyber-attacks are espionage and

SCIF requirements prevent open CISPA markup, says House Intelligence (FierceGovernmentIT) Opponents of the Cyber Intelligence Sharing and Protection Act and government transparency advocates are calling on the House Intelligence Committee to hold a public markup of the bill when it comes before the committee next week - although committee staff the nature of the committee hearing prevents public entry or recording

SEC Embraces Social Media (Wall Street Journal) Executives with itchy Twitter fingers can rest easier after federal securities regulators blessed the use of social-media sites to broadcast market-moving corporate news

SEC Says Social Media OK for Company Announcements if Investors Are Alerted (SEC) The Securities and Exchange Commission today issued a report that makes clear that companies can use social media outlets like Facebook and Twitter to announce key information in compliance with Regulation Fair Disclosure (Regulation FD) so long as investors have been alerted about which social media will be used to disseminate such information

Litigation, Investigation, and Law Enforcement

Surveillance Court's Opinions Must Remain Secret, Feds Say (Wired Threat Level) The President Barack Obama administration is informing a federal judge that if it's forced to disclose a secret court opinion about the government illegally spying on Americans, the likely result could be "exceptionally grave and serious damage to the national security." The statement came in response to a lawsuit demanding the administration disclose a Foreign Intelligence Surveillance Court opinion issued as early as last year

Google will fight secretive national security letters in court (Ars Technica) The search giant has 0-999 problems, and an NSL may or may not be one

7 faces of 'hacking' hysteria (IT World) Businesses and politicians are understandably concerned about the threat of cybercrime, given the rising threat of international cyber crime syndicates, some of which are backed by foreign governments. Unfortunately, lawmakers and business leaders have proven themselves overzealous at times in their pursuit of alleged hackers and small-time cybercriminals, abusing their expansive resources, their power, and poorly written legislation like the DMCA, whether to silence and subdue legitimate researchers and developers or to make examples of small-fish hacktivists and pirates through disproportionately harsh fines and jail sentences. In this slideshow, we present some of the faces of people who've felt the brunt of this cyber crime and hacking hysteria since 2000

German court invalidates Apple slide-to-unlock patent (Computer World) A German court has invalidated an Apple patent for the slide-to-unlock feature on mobile phones, according to a published report. The Thursday ruling by Bundespatentgericht, Germany's federal patent court, is a victory for Samsung Electronics and Motorola Mobility. Apple has sought injunctions prohibiting the sale of devices from both companies

U.S. government can't intercept iMessage, but it can still serve Apple a search warrant (ZDNet) The U.S. government is struggling to crack into Apple's encrypted messaging system for domestic lawful wiretapping, according to an internal U.S. Drug Enforcement Agency (DEA) document. Because Apple stores data sent over iMessage and runs the service and encryption in-house, the iPhone and iPad maker is still open to being served a subpoena or a court-ordered search warrant. As a result, Apple is also lagging behind other companies on transparency by not disclosing how many government requests have been made

Inspector General finds email security risks at SEC (CSO) Report found with Web mail that 'nonpublic information could potentially be disclosed to unauthorized persons,' among other problems

Australia charges alleged Anonymous member (CSO) The unidentified juvenile was charged on a number of counts related to unauthorized access to computer data

Suspected hackers behind Carberp botnet, Eurograbber arrested (ZDNet) Alleged members of a botnet ring that systematically stole money from Internet users worldwide have been arrested. According to publication the Kommersant Ukraine, the leader of the Carberp botnet operation, as well as members of the ring's virus and malware development team, are now in custody. The arrests were jointly made between the Security Service of Ukraine and the Russian Federal Security Service

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Pen Test Berlin 2013 (Berlin, Germany, June 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations...

London Summer 2013 (London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...

Emerging Science and Technologies - Securing the Nation through Discovery and Innovation (Washington, DC, USA, April 4, 2013) Join Nextgov and INSA on April 4th and hear from key leadership at IARPA, DIA, and the Applied Research Laboratory, Penn State University who will address: the challenges to our nation's future as the...

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The...

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...

Hack in the Box 2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...

SANS Northern Virginia 2013 (Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply...

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Software Engineering Institute Invitational Career Fair (Pittsburgh, Pennsylvania, USA, April 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing...

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

Cyber Guardian 2013 (Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...

A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, April 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex...

SANS 20 Critical Security Controls Briefing (Washington, DC, USA, April 18, 2013) The SANS Institute presents an Executive Briefing on the 20 Critical Security Controls.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...

Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...

Infosecurity Europe (London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...

INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...

cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, April 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations...

TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.