Chinese government spokesmen indignantly deny allegations China spied on G20 foreign ministries because, well, who believes those FireEye guys anyway? Actually quite a few do: see especially the "Attribution Analysis" section of FireEye's report on "Operation Ke3chang." Their evidence is admittedly circumstantial, but nonetheless suggestive.
Hacktivists of varying stripes (Islamist, nationalist, anarchist) surface to hit targets in Spain, Mexico, and the US. An Anonymous denial-of-service attack against Mexico's Congress is particularly noteworthy.
Consumers are advised to add keyloggers to their cyber worries over the holidays. Social media also continue to be a channel of retail cybercrime.
An audit warns of cyber vulnerabilities in Australia's State of Victoria's water distribution infrastructure.
Gamers in the UK sustained 11.7M attacks in 2013. F-Secure coins a new term, "sharking," to describe cybercrimes against cardplayers. A Las Vegas casino and hotel visitors' guide Vegastripping.com is breached, with user credentials posted to Pastebin.
Researchers find a banking Trojan using database-as-a-service platforms for its command-and-control traffic.
Amid more reports of tighter IT (and cyber) labor markets, the US Navy and Air Force both move to increase the number of uniformed cyber operators in their ranks.
The UK is announcing today a new requirement for cyber-security certification of government contractors.
Palantir raises $107.5M and is now valued at $9B. Mocana receives significant funding from GE Ventures. Adobe faces investor scrutiny over privacy. BlackBerry pegs its future to enterprise mobility.
Members of the US House introduce the "National Cybersecurity and Critical Infrastructure Protection Act of 2013" with bipartisan sponsorship.
Today's issue includes events affecting Australia, China, European Union, Finland, Ireland, Mexico, Morocco, New Zealand, Spain, Sweden, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Beijing rejects latest US hacking accusations(Want China Times) China on Tuesday rejected the accusation by a US computer security firm that Chinese hackers were involved in a cyber attack against European countries before the G20 Summit in September
Operation "Ke3chang": Targeted Attacks Against Ministries of Foreign Affairs(FireEye) Diplomatic missions, including ministries of foreign affairs (MFA), are high–priority targets for today's cyber spies. Large-scale cyber espionage campaigns such as "GhostNet" have demonstrated that government agencies around the world, including embassies, are vulnerable to targeted cyber attacks
How cybercriminals efficiently violate YouTube, Facebook, Twitter, Instagram, SoundCloud and Google+'s ToS(Webroot Threat Blog) With social media, now an inseparable part of the marketing expenditures for every modern organization, cybercriminals quickly adapted to the ongoing buzz, and over the last couple of years, have been persistently supplying the market segment with social media metrics performance boosts, in the the form of bogus likes, dislikes, comments, favorites, subscribers, and video/music plays. This process, largely made possible by the massively undermined CAPTCHA bot vs human verification practice, results in automatically registered accounts, or the persistent data mining of malware-infected hosts for accounting data for social media accounts, continues to scale, allowing both individuals and organizations to
ENISA Threat Landscape 2013 — Overview of current and emerging cyber–threats(ENISA) ENISA releases the 2013's ENISA Threat Landscape (ETL 2013). The ENISA Threat Landscape is a collection of top cyber-threats that have been assessed in the reporting period, ie. end 2012-end 2013. ENISA has collected over 250 reports regarding cyber-threats, risks and threat agents. ETL 2013 is a comprehensive compilation of the top 15 cyber-threats assessed
How cyber squatters and phishers target antivirus vendors(Help Net Security) Illegal online activities such as phishing and typosquatting are growing at an alarming rate. To understand the issue in detail High-Tech Bridge analyzed 946 domains that may visually look like a legitimate domain (for example replacement of "t" character by "l" character, or mutated domain names such as "kasperski.com" or "mcaffee.com") or that contain typos (e.g. "symanrec.com" or "dymantec.com")
Finnish Computer Security Company F–Secure Confirms "Sharking" Attacks at EPT Barcelona(Poker News) On Tuesday, F-Secure, an anti-virus, cloud content, and computer security company based in Helsinki, Finland, confirmed that Jens Kyllönen and his friend Henri Jaakkola were the victims of a "Sharking" attack at EPT Barcelona. After performing some tests on the high-stakes pro's laptop, F-Secure discovered that it was infected by a Remote Access Trojan (RAT), allowing the attacker to access Kyllönen's hole cards remotely
Catphishing is a loveless nightmare(Hacksurfer) What is catphishing? This recently coined term refers to false online identities created by Internet scammers to deceive people into a long-term romantic or emotional relationship
The Threat Landscape is Like the Curate's Egg, Suggests ENISA(InfoSecurity Magazine) The European Network and Information Security Agency (ENISA) takes an uncommon approach for its Threat Landscape 2013 report. Rather than undertaking or commissioning fresh research, it analyzes the existing reports published through the year: crowdsourcing. And as often proven, crowdsourcing can be remarkably effective
Young professionals exposing workplaces to cyber attack(Help Net Security) Low cyber-threat awareness amongst Gen-Y professionals coupled with blasé attitudes towards cyber security are leaving organizations across the country exposed to attack and data leaks according to ESET
A Future of Failure?(Ford Foundation) The rapid pace of technology innovation and development has had a profound and undeniable impact on all corners of contemporary society. It has changed many of the day-to-day transactions that characterize personal and home life; it has radically reshaped and influenced domestic and global markets; and it has offered the potential to revolutionize how government works at the same time that it challenges the ways in which government protects consumers. A few wellworn statistics only confirm these trends
AF Cyber Command bulks up, slims down(Defense Systems) The Air Force Cyber Command is bulking up and slimming down at the same time, planning to add a couple thousand airmen to its workforce by 2016 while simplifying its architecture as part of the military's move to the Joint Information Environment (JIE)
Exelis to Spin Off Military and Government Services Business(Defense News) McLean, Va.-based contractor Exelis, itself a 2011 spin off from ITT, announced Wednesday that it would be spinning off its military and government services business focused on facilities management, logistics and network communications
BlackBerry's future could lie in enterprise mobility services(V3) This year has been something of a rollercoaster ride for BlackBerry, as the smartphone maker launched its next-generation handsets based on a brand new operating system in a bid to reclaim market share it has lost to Apple and Android devices over the past couple of years
Can Adobe 'photoshop out' privacy concerns?(Marketplace) Adobe releases its fourth-quarter earnings Thursday after the market close. The company's earnings slightly beat the consensus of analysts' estimates in the third quarter
NetFort Introduces LANGuardian V12(Consumer Electronics Net) NetFort Technologies, a leading developer of innovative software for monitoring activity on computer networks, today announced the availability of LANGuardian version 12, a significant new release of its flagship network monitoring software product
Browser Fingerprinting via SSL Client Hello Messages(Internet Storm Center) Encrypted traffic has long been a challenge for network monitoring. But even if traffic is encrypted, there is still plenty of information that can be extracted. In this little example, we are looking at "SSL Hello" messages. These messages are sent by the client to initiate the SSL connection. They include a number of parameters that may vary depending on the SSL library used or the SSL clients preference
What Is Homomorphic Encryption?(NoVASec) I was listening to an older episode of Risky Biz (282) where they were discussing the concept of homomorphic encryption and how it can be applied to secure cloud computing. Basically, this type of operation involves performing computing operations on data while its encrypted rather than having to decrypt it first. It's obvious to see the application of this technology for use in the cloud
Energy–efficient bcrypt cracking(Help Net Security) Bcrypt is a password hashing scheme based on the Blowfish block cipher. It was designed to be resistant to brute force attacks and to remain secure despite of hardware improvements
Survey: Hadoop still isn't reliable or secure enough(VentureBeat) Hadoop, that ecosystem of open-source tools for storing and analyzing large quantities and many kinds of data, is spawning more and more companies. Some offer commercial support or consulting assistance for Hadoop. Others provide analytics software for understanding data sitting in Hadoop. But Hadoop itself is free
Sweden's Intelligence Agency has Access to NSA's XKeyscore system(InfoSecurity Magazine) Sweden has sometimes been called the 'Sixth Eye' - referring to the English-speaking Five Eyes SIGINT alliance — suggesting a close working relationship between Sweden's FRA and the NSA and GCHQ. New documents suggest that it has access to the XKeyscore tool, and has helped in the Quantum hacking program
NSA director defends surveillance programs as necessary(USA Today) National Security Agency Director Keith Alexander said Wednesday that "there isn't a better way'' to help defend the country from potential terror threats than the ongoing and controversial bulk collection of telephone records involving millions of Americans
The NSA is out of control and must be stopped(The Verge) The National Security Agency is breaking trust in democracy by breaking trust in the internet. Every day, the NSA records the lives of millions of Americans and countless foreigners, collecting staggering amounts of information about who they know, where they've been, and what they've done. Its surveillance programs have been kept secret from the public they allegedly serve and protect. The agency operates the most sophisticated, effective, and secretive surveillance apparatus in history
A spat over Justice Department national security job(CNN) President Barack Obama's pick for the Justice Department's national security prosecutor is expected to be among several nominations to move in the coming weeks as Senate Democrats start wading through the presidential appointments backlog built up amid partisan fights
German prosecutor: still weighing NSA probe(AP via Imperial Valley Press) Germany's chief federal prosecutor says he hasn't decided whether to open an investigation into alleged surveillance by the U.S. National Security Agency but is suggesting that he's skeptical
A UK citizen has sued Microsoft for leaking Prism private data to the NSA(Hack Read) A UK citizen has sued Microsoft for leaking PRISM private data to the NSA. A UK court will be carrying out an action trail for a case that has been filed by a British Citizen. The reason is that the private data of a UK citizen has been leaked or given to NSA by Microsoft. Now the court will test whether Microsoft has the right of disclosing such private information to the intelligence agency
Man Who Hacked US Government Systems Sentenced to 18 Months(Softpedia) 24-year-old Andrew James Miller, who admitted earlier this year to hacking and selling access to the systems of various US government and other high-profile organizations, has been sentenced to 18 months in prison. He will also have to pay a $25,000 (€18,000) fine
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
FloCon2014(Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...
NASA Langley Cyber Expo(Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...
Cybertech — Cyber Security Conference and Exhibition(Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.