The tragedy of the bomb attack on the Boston Marathon, sadly and predictably, draws the usual cyber nihilists out: malware authors are spamming attack news—much of it addressed to the worried and bereaved—that carries a Trojan payload.
We've been following the Schnucks breach, and now the chain has been sued by credit card holders over recent cyber attacks that exposed their card numbers and resulted in unauthorized charges. The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion. Super botnets are fueling meaner attacks. Qualsys warns that wireless security cameras are disturbingly vulnerable to hacking.
Oracle fixes 42 holes in Java. Researchers and software firms are coordinating advisories with bug fixes.
Sequester? What sequester? Or so Defense News asks, suggesting that the US Congress budgets as if the automatic cuts didn't exist. According to a report from the US Director of National Intelligence, more people have security clearances than ever. Ahoy! The Navy is planning to beef up its Fleet Cyber Command to the tune of $22.6 million. Meanwhile, the Army wants to put more cyber decisions into the hands of soldiers in the field. NSA is testing the service academies' cadets for their cyber security bona fides this week in Colorado Springs.
Some think it's time to scrap CISPA and start over. (Meanwhile, the White House threatens to veto the bill.) US National Security Agency Director Keith Alexander discusses cyber war with Congress.
Australian security experts offer a list of the seven top cyber safety measures for business. Pirate Bay cofounder charged with trying to steal money from bank accounts.
Today's issue includes events affecting Australia, China, Egypt, Latvia, Ukraine, United Kingdom, United States..
Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful(Ars Technica) Average amount of bandwidth used in DDoS attacks spiked eight-fold last quarter.
Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns
Linode Hacked Through ColdFusion Zero Day(Threatpost (blog)) The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion and were able to access the company's database, source code and customers' credit card numbers and passwords. The company said that the
WordPress users urged to change passwords after botnet attack(ITProPortal) WordPress users and Internet administrators are this week picking up the pieces from a sweeping cyber attack on the popular blogging platform. The unidentified perpetrators are believed to have built a botnet to launch attacks from thousands of unique
Oracle fixes 42 holes in Java to prevent cyber hacking
(Livemint) The situation grew so bad earlier this year that the US Department of Homeland Security recommended that computer users disable Java in the browser. But many large companies use internal software that relies on Java and have been pressing Oracle to
Web Hosting Provider Breached Via Adobe ColdFusion Vulnerabilities(Dark Reading
) Linode says attackers accessed one of its Web servers, some source code, and database.
Web hosting provider Linode said it was hacked via a recently revealed bug in Adobe's ColdFusion that led to the attackers getting access to a Web server, some of its source code and its database
Employers in denial about insider threat to data security(CSO) Study finds nearly half of UK employers trust workers not to steal company information. Although insider threats to data security remain a serious problem, the word apparently hasn't made it up the corporate food chain in the UK
Coordinated Disclosure, Bug Bounties Help Speed Patches(Dark Reading) Vulnerability advisories are increasingly accompanied by a patch these days, indicating that researchers and software firms are working more closely.
For more than a decade, researchers and software makers have debated the proper method of disclosing vulnerabilities so that end users might be best protected against the malicious exploitation of the security holes
Report shows 4.9 million people hold security clearances, number may be all-time-high(AL.com) More people than ever have access to classified information and that number continues to rise, according to a report from the Office of the Director of National Intelligence.
The report is required as part of the Intelligence Authorization Act of 2010 and includes the total number of security clearances across the government sectors and the timeliness in granting those clearances
Navy Plans to Beef Up Cyber Workforce(Nextgov) The Navy requested an operations budget of $22.6 million for its Fleet Cyber Command in 2014, up $2.3 million from 2013. Adm. Jonathan Greenert, chief of naval operations, told the hearing that the service plans to man and train a cyber force increase
Christopher Hegedus Joins Pragmatics as Federal Civilian VP(GovConWire) Christopher Hegedus, a former senior program manager at Science Applications International Corp. (NYSE: SAI), has joined Pragmatics as vice president and general manager of the federal civilian division. He will lead a division that works with agencies such as the Department of Homeland SecuritySecures the nation from natural and man-made threats
Frank Ruggiero Named BAE US Govt Relations Lead(GovConWire) Frank Ruggiero, a former vice president of international government relations at BAE Systems' U.S. subsidiary, has been appointed VP of federal government relations. The appointment took effect April 15 and Ruggiero succeeded Erin Moseley, who was promoted to president of the support solutions division in February, the company said Monday. Ruggiero, who joined BAE in
Mark Nackman Named VP, General Counsel at General Dynamics Advanced Information Systems(GovConWire) Mark Nackman, formerly an assistant general counsel at General Dynamics (NYSE: GD), has been promoted to vice president and general counsel for General Dynamics Advanced Information Systems, GovCon Wire has learned. Nackman will responsible for the business unit's legal, export, contracts and subcontracts functions in his new role. In his previous position, Nackman primarily supported
FCC taps Matthew Quinn to lead healthcare initiatives(FierceMobileHealthCare) After a four-month job search, the Federal Communications Commission (FCC) has picked its first Director of Health Care Initiatives, according to MobiHealthNews. Although the agency has not officially announced the appointment, the publication said it has confirmed through sources that Matthew Quinn has been chosen for the new FCC position
Products, Services, and Solutions
Money can't buy privacy in Google Play store, study shows(PC World) Both paid and free apps in the Google Play store harvest the same amount of private information from Android phones, a researcher discovered. Paying for an app in Google's online store, Google Play, will banish nagging in-app ads, but it won't dam the flow of personal information from your phone to marketers
Seven top cyber safety measures for business (The Age) One in five Australian businesses suffered an electronic breach or cyber attack in 2012. Most report an average of two attacks a year. Companies put their own ability to effectively secure their organisation at 4.5 out of 10. Australia is now 21st in
NSA tests cadets' cyberdefense skills(DVIDS) This computer security competition fosters education and awareness among future military leaders about the role of Information Assurance in protecting the
Legislation, Policy, and Regulation
Laws Can't Save Banks From DDoS Attacks(Dark Reading
) A threat information-sharing bill wouldn't do much to help banks defend themselves against distributed denial-of-services (DDoS) attacks.
The co-author of the Cyber Intelligence Sharing and Protection Act (CISPA) ought to know better
National security officials to brief House members on cybersecurity(The Hill (blog) ) Top national security officials will participate in a briefing for House members on cybersecurity Tuesday afternoon. Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and National Security Agency Director Gen. Keith Alexander
Cyberwar: How Digital Threats Are Redefining National Security
(New York Times (blog)
) Keith Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee. "This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace
White House threatens to veto CISPA ahead of vote(IDG News Service) The White House said it is concerned that the bill does not adequately prevent sharing of irrelevant personal information.
The White House has threatened to veto the controversial Cyber Intelligence Sharing and Protection Act (CISPA) in its present form, citing concerns that the bill does not adequately prevent sharing of irrelevant personal information
House should scrap cyber bill (CISPA) and start over
(The Hill (blog)
) Additionally, senior military, intelligence and law enforcement officials have repeatedly stated they believe the Department of Homeland Security should be the initial point of receipt for information. Improving information sharing about cyber threats
New cyber rules put combat decisions in soldiers' hands(ArmyTimes.com) Pentagon officials have been more public about U.S. Cyber Command's efforts in recent months. The military is creating a series of cyber teams, 13 focused on offense — when directed by the White House — and an additional 27 to support the military's
Lawsuit Filed Over Schnucks Cyber-Attack
(Alton Daily News) Schnucks has now been sued over a recent rash of cyber-attacks. The company reported yesterday that more than two-million customers may have had their credit-card information compromised over a four-month period. At least 100 people so far have reported unauthorized charges as a result
Obama Whistleblower Prosecutions Lead To Chilling Effect On Press(Huffington Post) On April 9, McClatchy's Jonathan Landay reported that the Obama administration has 'targeted and killed hundreds of suspected lower-level Afghan, Pakistani and unidentified other militants' in drone strikes, a revelation that contradicts previous administration claims of pursuing only senior-level operatives who pose an imminent threat to the United States
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
TechExpo Cyber Security Hiring Event(Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.