Last week's warnings to expect more Twitter hijacking were borne out over the weekend as the Syrian Electronic Army took over accounts belonging to the Guardian.
US bank PNC, long-targeted by Islamist hacktivists, discloses it may have undergone another distributed denial-of-service (DDoS) attack Friday—the nature of the incident and its attribution remain unclear. The US government considers putting Iran on notice that it won't tolerate further cyber attacks, but wishes to do so in a way that won't exacerbate ongoing cyber conflict.
LivingSocial suffers a compromise affecting some 50 million customers. (CSO says they "learn[ed] about the weakness of hashed passwords the hard way.") A security researcher warns of the dangers of Skype account hijacking. Facebook assumes (unwillingly) a larger role as an advertising platform for the crimeware industry.
FCW continues to report that Huawei is forsaking the American market. Lenovo's acquisition of IBM's server unit is proceeding quickly toward conclusion. Quartz sees Amazon doing to enterprise cloud providers what it did to brick-and-mortar bookstores.
In the wake of recent social media hacks, security experts offer useful advice on how to make yourself a harder target. Other experts take up response to a DDoS attack—the first step should be calling your host or ISP.
Privacy concerns impede cyber legislation in both the US and UK.
Spanish police arrest one "S.K.," a Dutch citizen suspected of launching the anti-Spamhaus DDoS attacks. With a "mobile cyber van" and "bunker," he was apparently doing a good impersonation of a Bond villain.
Today's issue includes events affecting China, European Union, Germany, India, Iran, Netherlands, Russia, South Africa, Spain, Syria, United Kingdom, United States..
PNC Bank Reports Possible Cyber Attack Friday(The Inquisitr) PNC Bank experienced a possible denial of service attack on Friday when many customers discovered that they couldn't access their accounts online. PNC addressed the issue on its Facebook page with a series of updates to keep customers informed
US wary of warning Iran on cyber-attacks(Japan Times) In one of the most damaging such incidents, a cyber-attack last summer wiped data from computers at Saudi Arabia's state-owned oil company Saudi Aramco, rendering them inoperable. Daniel said he believes companies need to do more to defend their
LivingSocial cyber-attack could affect 50 million customers(Christian Science Monitor) LivingSocial cyber-attack could affect 50 million customers. LivingSocial says its website was hacked, possibly compromising names, e-mail addresses, even passwords. But LivingSocial says credit-card information not affected by the cyber-attack
Alert: Skype account hijack technique may affect all users(ZDNet) After six malicious takeovers of his Skype account, a frustrated security researcher has posted his attempts to get Skype's help. Here's how to protect yourself. According to security researcher @TibitXimer (A.K.A. Dylan) his Skype account was stolen six times, and now claims all Skype user accounts are vulnerable to the same fate due to Skype's flimsy account recovery practices - which are especially thin, as he discovered the hard way, when contacting customer service
Analysis of an Evasive Backdoor(lastline) A number of other posts have covered the Nuclear Pack Exploit Kit. While this EK (exploit kit) may not be as popular as kits such as g01pack or BlackHole, and may not contain nearly as many exploits as CoolEK or Phoenix, it still sees use
Misconfigured serial port servers a widespread problem(FierceCIO: TechWatch) Over 13,000 Internet-enabled serial port servers are misconfigured and could be accessed without any need for authentication. This was discovered in a recent study by security firm Rapid7, which identified more than 114,000 unique serial port server appliances from equipment makers such as Digi International and Lantronix on the Internet. The vast majority of these systems are connected via mobile connections such as GPRS, EDGE and 3G, according to HD Moore, chief research officer at Rapid7 and the author of the study, making them hard to protect since they are located outside the corporate firewall
Kaspersky Warns UK Government Of 'Catastrophic' Cyber Attack(TechWeekEurope UK) Government officials have been warned of the "catastrophic" consequences of a cyber attack on the UK population, by Eugene Kaspersky, chief of the Russian security firm that carries his surname. Kaspersky, who recently told TechWeekEurope he backed
Ruppersberger: Hacker group Anonymous made threats over CISPA(The Hill) Last year, Anonymous took credit for crashing the websites of two major trade associations, USTelecom and TechAmerica, which supported the cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA). The group has published a torrent
Data breaches increase IT budgets(Help Net Security) Protecting brand reputation and observing security best practices should be organisation's primary motivators for data protection, while meeting compliance requirements also remains a major driver
Phishing attacks skyrocketing(Help Net Security) A new phishing survey by the Anti-Phishing Working Group (APWG) reveals that phishers are breaking into hosting providers with unprecedented success, using these facilities to launch mass phishing attacks
Chinese company drops US market(FCW.com) Two recent high-profile reports on cybersecurity, one from Mandiant and one from Verizon, have tagged China as the leading source of cyber breaches. The Mandiant report linked a specialized unit of the People's Liberation Army to cyber attacks
Huawei CEO Ren Zhengfei Insists His Company Is "Completely Transparent" In An Internal Email(TechCrunch) An internal email written by Huawei founder Ren Zheng-fei and obtained by Sina Tech (link via Google Translate) sheds light on the secretive Chinese firm's future. In it, Ren downplays his company's reputation for opacity, which has fueled charges that Huawei, the world's second largest maker of telecom equipment, is involved in espionage for the Chinese government. Ren, who is 68 and rumored to
Amazon is going to do to enterprise cloud companies exactly what it did to book stores(Quartz) "I find it really hard to believe that we cannot collectively beat a company that sells books," said Carl Eschenbach, the chief operating officer of VMWare, at the company's recent annual confab with its partners and resellers. VMWare competes with Amazon to provide businesses with computing and IT services in the cloud and—I'm sorry to say to Eschenbach—he might soon have to suspend his disbelief
Cyber criminals beware of the 'certified ethical hackers'(The News International) The council's CEH certification is recognized by US governmental agencies like National Security Agency (NSA), Federal Bureau of Investigation (FBI) and the Committee on National Security Systems (CNSS). The CEH training will be conducted using the
Products, Services, and Solutions
Google Now Launches On iOS(TechCrunch) Google just released Google Now for iOS through an update to the Google Search app for iOS. Google maintains that the service is exactly the same as Google Now on Android, though certain flourishes like swiping upward to launch the application sadly cannot carry over to Apple's closed iOS ecosystem
Free Community Tool: CrowdInspect(Crowdstrike) CrowdInspect is a free community tool for Microsoft Windows systems from CrowdStrike aimed to help alert you to the presence of potential malware that communicates over the network that may exist on your computer. It is a host-based process inspection tool utilizing multiple sources of information, including VirusTotal, Web of Trust (WOT), and Team Cymru's Malware Hash Registry to detect untrusted or malicious network-active processes. CrowdInspect can be used during Incident Response process to rapidly identify potential malicious running processes on a machine
Sophos conducts live hacking demo using cryptography [Video](Inquirer) Security firm Sophos has shown how hackers can exploit user data from victims' machines using cryptography. Demonstrating the walkthrough live at the Infosecurity Europe 2013 conference in London this week, Sophos' director of technology strategy
Tech Insight: Time To Set Up That Honeypot(Dark Reading) A combination of traditional network security monitoring and recent advancements in honeypot and active defense tools is key to detecting today's threats. Many companies are simply doing security wrong. While they might have perimeter security nailed down, they are probably failing at securing their workstations from insider abuse or have no true visibility as to what's going on within their internal networks
What is "up to date anti-virus software"?(Internet Storm Center) On the heels of my post on Microsoft's SIRv4 earlier this week, reader Ray posed a great question that elicited some nuanced responses from fellow handlers Mark H and Swa F. All parties have agreed to allow me to share the conversation with the ISC readership
HTG Explains: The Security Risks of Unlocking Your Android Phone's Bootloader(How-To Geek) Android geeks often unlock their bootloaders to root their devices and install custom ROMs. But there's a reason devices come with locked bootloaders – unlocking your bootloader creates security risks. We're not advising against rooting and using custom ROMs if that's really what you want to do, but you should be aware of the risks. For the same reason Android doesn't come rooted, it doesn't come unlocked – with more power comes more risks
Hosted virtual desktops can increase security(Help Net Security) One of the most commonly cited motivations for implementing hosted virtual desktops (HVDs) is to increase the security of end-user computing, according to Gartner
Who to call when hit by a DDoS attack(Help Net Security) Recent reports all point to the same fact: despite the different motives of the attackers, DDoS attack have become more frequent and more intense. So what are businesses and organizations to do
Google Joins FIDO Alliance Effort to Move Beyond Passwords(Threatpost) Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year, is working to make two-factor authentication the
U.S. cranking out cyberspace warriors(Windsor Star) About 25 air force cadets will graduate this year with the computer science-cyber-warfare degree, and many will go on to advanced studies and work in their service's cyber headquarters or for U.S. Cyber Command at Fort Meade, Md., the Defence
Education Data: Privacy Backlash Begins(InformationWeek) Privacy and education experts worry about the movement to capture and analyze student data, even as edu tech companies decry ulterior motives
Legislation, Policy, and Regulation
Symantec executive endorses civilian control of cyber threat information sharing(FierceGovernmentIT) Civilian agencies should take the lead for information sharing efforts with the private sector, a cybersecurity executive told a House panel on the same day that Sen. Jay Rockefeller (D-W.Va.) said the House-approved Cyber Information Sharing and Protection Act won't advance beyond the committee stage in that chamber
German security chiefs in US for talks and memorial(Deutsche Welle) He is due to hold talks with Department of Homeland Security Secretary Janet Napolitano and discuss ways to tackle electronic cyber crime during a visit to the US National Security Agency (NSA) in Washington. The NSA serves the US military and
Mathis & Boychuck: How well is US balancing security, liberty?(ReporterNews.com) Warrantless wiretapping is now legal. The National Security Agency is probably capturing (if not directly peeking at) every single one of our electronic communications. Civil libertarians, who celebrated the night of Obama's election, have instead kept
Have we got the privacy-safety balance right?(CNN) Fareed speaks with Michael Hayden, former director of the CIA and National Security Agency, about tackling terrorism in the wake of the Boston attack. Suppose you have a few of these people and they get radicalized on the Internet and they learn how to
Full Show: Trading Democracy for 'National Security'(BillMoyers.com) GLENN GREENWALD: We are close to that already. There is a Washington Post series in 2010 called Top Secret America, three-part series by Dana Priest and William Arkin. And one of the facts that reported was that the National Security Agency, every day
CISPA Changes Show Power of Internet Advocacy(Huffington Post) A second major flaw in the bill was that it would have changed decades of federal policy by shifting control over private sector cybersecurity programs to a super-secret military agency, the National Security Agency. Last year, in the face of criticism
CISPA is (practically) dead, says Senate representative(Help Net Security) There's finally some good news for CISPA opponents: according to a representative of the U.S. Senate Committee on Commerce, Science and Transportation, the Senate is unlikely to pass the controversial
Infosec 2013: Big disagreements over European data breach law(SC Magazine UK) Daniele Cattedu, managing director EMEA at the Cloud Security Alliance said the draft legislation published last year was 'very bad', and said that it was trying to force data breach laws and principles which were very difficult to apply
How effective are data breach penalties? Are ever-bigger fines enough?(Naked Security) Since 2011, data security company ViaSat UK has spiced up the Infosecurity Europe conference by filing a Freedom of Information request for data breach statistics. In previous years they've fallen out with the regulators over the matter, but things turned out better in 2013
Suspect in 'biggest cyber attack in history' had hack van, bunker(Sydney Morning Herald) A Dutch citizen arrested in northeast Spain on suspicion of launching what is described as the biggest cyber attack in internet history operated from a bunker and had a van capable of hacking into networks anywhere in the country, officials said on Sunday
Dutch cyber attack suspect arrested in Spain(New Straits Times) Prosecutors say a Dutch citizen has been arrested in Spain in connection with what experts described as the biggest cyber attack in the history of the Internet, launched against an anti-spam watchdog group last month
BYOD could prompt employee lawsuits, cautions AirWatch chief(FierceMobileIT) BYOD could lead to lawsuits from employees over privacy and overtime pay, warned John Marshall, chief executive officer of mobile device management firm AirWatch. Marshall told Network World that he is concerned that there could soon be a BYOD class action lawsuit related to employees required to work overtime hours without compensation or privacy issues
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ITWeb Security Summit 2013(Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers...
Second Maryland Cybersecurity Center Symposium (MC2)(College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote...
SANS Thailand 2013(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
TechExpo Cyber Security Hiring Event(Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
Symposium on Cybersecurity & Information Assurance(Teaneck, New Jersey, USA, May 1, 2013) Fairleigh Dickinson University's Center for Cybersecurity and Information Assurance is pleased to announce its inaugural Symposium on Cybersecurity and Information Assurance to be held on May 1, 2013 in...
Critical Security Controls International Summit(London, England, UK, May 1 - 2, 2013) The SANS Institute will be hosting the Critical Security Controls International Summit in London from May 1st to May 2nd at the London Hilton on Park Lane hotel. The Summit focuses on the Critical Security...
INSA Leadership Dinner with NGA Director Letitia Long(McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of...
Interop Las Vegas(Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...
The Computer Forensics Show(New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity...
ASIS 23rd New York City Security Conference and Expo(New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges...
Software Engineering Institute Invitational Hiring Event(Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on...
Baltimore Tech-Security Conference(Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
CyberSecurity UAE Summit 2013(Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising...
GovSec(Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...
Thriving in the Post-Sequestration GovCon Era(McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each...
FOSE(Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers...
7th Annual INSA IC Industry Day(Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is...
Hack Miami(Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...
CEIC 2013(Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers.
IEEE Symposium on Security and Privacy(San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...
International Workshop on Cyber Crime (IWCC)(San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field...
Web 2.0 Security and Privacy(San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations...
Maryland/DC Celebration of International Trade(Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...
IEEE-Cyber 2013(Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT(Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...
Cyber Security for the Chemical Industry(Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced...
DGI Cyber Security Conference & Expo(Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.