skip navigation

More signal. Less noise.

Daily briefing.

The Syrian Electronic Army hacks another Twitter account (Reuters') and is blamed for US White House staffers' gmail account compromises. It may be too soon to tell, but Israeli hacktivists' opIslam seems to have sunk without a trace. Anonymous attacks New Zealand's presidential website and sites belonging to the National Party to protest that country's electronic surveillance policies.

Security Explorations announces they've discovered a new Java 7 vulnerability.

Malware-laden USB thumb drives are now able to bypass Windows 7/8's autorun protections.

BlackHat's scare stories so far include demonstrations of vulnerabilities in the Internet-of-things, with things prominently hackable including cars, ships, satellites, medical devices, and smart homes. (One notices that geolocation often invites the bad actors in.) Cisco helpfully offers a counter that keeps a running tally of Internet-connected devices.

A Parliamentary report in the UK breathlessly suggests cyber crime is a greater threat than nuclear war, by which the rapporteurs must mean that cyber crime is far more likely than a nuclear exchange.

Today's big marketplace news comes courtesy of the Australian Financial Review, which reports Chinese hardware manufacturer Lenovo has found its way onto English-speaking security services' blacklists. Nextgov says Lenovo is quickly surpassing Huawei in odium: "there's a new bogeyman in town."

Cisco's acquisition of SourceFire prompts speculation about the next round of cyber M&A: Check Point, Fortinet, Palo Alto Networks, Radware, ProofPoint, and Qualys are mentioned as potential targets.

Observers see Congressional support for NSA surveillance softening.

A verdict in the Manning trial is expected this afternoon.


Today's issue includes events affecting Australia, Azerbaijan, British Virgin Islands, Canada, China, Czech Republic, France, Germany, India, Ireland, Israel, Latvia, Luxembourg, New Zealand, Netherlands, Poland, Romania, Russia, Spain, Sweden, Syria, Ukraine, United Kingdom, United States, and Vietnam..

The CyberWire will provide special coverage of SINET's Innovation Summit, meeting in New York August 6. Dawn Meyerriecks, Deputy Director, Science and Technology, US Central Intelligence Agency, will deliver the closing keynote.

Cyber Attacks, Threats, and Vulnerabilities

Syrian Electronic Army hack into the Thomson Reuters Twitter account (Graham Cluley) The notorious Syrian Electronic Army hacking group managed to break into an official Twitter account belonging to the Thomson Reuters news agency overnight, and publish messages and cartoons that were pro–President Bashar Al–Assad

Syrian hackers target White House staffers, Reuters (Help Net Security) The Syrian Electronic Army has been busy over the last few days, and has managed both to hijack the official Reuters Twitter account and to compromise personal email accounts of a number of White House staffers

Hackers attack New Zealand PM's website (Fox News) The "hacktivist" group Anonymous on Tuesday briefly crashed New Zealand Prime Minister John Key's website in protest at plans to allow the country's intelligence agency to spy on local residents

National Party websites hacked (Radio New Zealand) The National Party is continuing to work on restoring more than a dozen websites taken down in a cyber attack on Monday. The group Anonymous New Zealand

VisLink Surveillance Hacked, Accounts leaked and Partners Exposed (Cyber War News) This weekend a hacker using the handle @G3NTbl4ck has announced and released data from a Surveillance company named Vislink

Java 7 vulnerability opens door to 10–year–old attack (ComputerWorld) Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code

BGP multiple banking addresses hijacked (Internet Storm Center) On 24 July 2013 a significant number of Internet Protocol (IP) addresses that belong to banks suddenly were routed to somewhere else. An IP address is how packets are routed to their destination across the Internet. Why is this important you ask? Well, imagine the Internet suddenly decided that you were living in the middle of Asia and all traffic that should go to you ends up traveling through a number of other countries to get to you, but you aren't there

Custom USB sticks bypassing Windows 7/8's AutoRun protection measure going mainstream (Webroot Threat Blog) When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular. However, pragmatic and market demand-driven opportunistic cybercrime-friendly vendors quickly realized that this has opened up a new business opportunity, that is, if they ever manage to find a way to bypass Microsoft's AutoRun protection measures

The future of phishing: Credit card redirection (Help Net Security) Cyber crooks will go at great lengths to get their hand on users' credit and debit card information. Usually they try to trick them with spoofed emails that lead to specially crafted phishing site

Pharma Spam Campaign Uses Interesting Tactic to Avoid Detection (Spamfighter) Security researchers at Symantec have detected a new pharmacy spam email campaign which relies on a fascinating technique to avoid detection. Cyber crooks are employing subject lines with randomized non-English words or characters in the beginning or end

The week in security: Millions compromised in Apple, Linux forum hacks (ComputerWorld Malaysia) Are you covered for damage from a security attack? If you're like most companies, the answer may be 'no' even if you think otherwise. One insurance-industry figure warns that some uncomfortable truths may come out in the wash as growing pressure for mandatory breach warnings drives companies to fess up about their real vulnerabilities

Patients notified after resident doctors store their data on Google (SC Magazine) Portland-based Oregon Health & Science University (OSHU) notified more than 3,000 patients that their information had been stored in an unauthorized cloud service

Wesley College mistakenly posts private student records online (Delaware Online) Public could access critiques of over 100 students on Internet

Apple Dev Center partially back online, still no details about the hack (Help Net Security) Parts of the Apple Developer Center are back online after a week long outage caused by an unnamed intruder that has "attempted to secure" personal information of Apple registered developers

Sharp increase in blended, automated attacks (Help Net Security) FireHost announced its latest web application attack statistics, which track the prevalence of four distinct types of cyberattacks that pose the most serious threat to businesses. Detailing more

Mobile Malware Gets in the Top 10 Viruses (Fortinet) Up to now, mobile malware were certainly growing, but still minor compared to PC malware. Well, this is about to change. We have recently acknowledged a mobile malware getting in our top 10 virus activity, where usually there were only PC malware. The (sad) winner is Android/Plankton.B!tr, with a record prevalence of 4.42 percent (note: prevalence is the number of new hits in a given time frame divided by the number of fortigates reporting during that same interval of time). This would currently rank it as the 6th most active virus — PC malware included. Actually, Plankton (also known as Counterclank and NewyearL) is a very intrusive form of advertisement which changes your browser's home page, adds bookmarks, shortcuts or records your search queries. Some other AV vendors classify it as an adware, anyway, what's for sure is that end-users won't want it on their phones…and the fact is that it is more and more wide spread

Cyber Attacks in Space (Israel Defense) Satellites can be harmed today by a variety of methods, including by harming computer systems linked to them. Satellite layouts must therefore be made more resilient against cybernetic threats

Tampering with a car's brakes and speed by hacking its computers: A new how-to (Ars Technica) The "Internet of automobiles" may hold promise, but it comes with risks, too. Just about everything these days ships with tiny embedded computers that are designed to make users' lives easier. High-definition TVs, for instance, can run Skype and Pandora and connect directly to the Internet, while heating systems have networked interfaces that allow people to crank up the heat on their way home from work. But these newfangled features can often introduce opportunities for malicious hackers. Witness "Smart TVs" from Samsung or a popular brand of software for controlling heating systems in businesses

ATMs, pacemakers and cars are all vulnerable to cyber attack. And you thought spam was bad (Calgary Herald) In case you aren't quite paranoid enough about security issues within the devices you now apparently can't live without, allow me to draw your attention to an event that will seriously ratchet up the fear level. This week, in Las Vegas, technical security experts from around the world are meeting at Black Hat Briefings, an annual conference designed for sharing information about emerging threats to not only computer systems, but the many modern devices that contain some sort of electronic intelligence

Car hack highlights march toward remote control of critical systems (CSO) Defense Department's DARPA funded the work, showing the government believes the number of computers systems in cars is a safety threat

Home Invasion 2.0: Attacking the Smart Home (eSecurity Planet) Black Hat security research set to expose weaknesses of home automation systems. 'I just don't think these technologies are ready for prime time yet,' researcher says. The home of the future is all about automation. Home owners will be able to automate thermostats, doors, alarms, cameras and other devices — and manage them all remotely. But what if home automation

Cisco Is Counting Things That Are Connected To The Internet In Real Time (Here's The Counter) (WebProNews) Cisco launched the Cisco Internet of Everything (IoE) Connections counter today, claiming to count, in real time, everything that comes online

Black Hat: Ad networks lay path to million-strong browser botnet (IT World) Long ago, we surrendered our privacy to the web. But research presented at this week's Black Hat Briefings in Las Vegas suggests that structural problems in the way the web works means we may have also surrendered our security, as well

How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts? (Webroot Threat Blog) For years, many of the primary and market-share leading 'malware-infected hosts as a service' providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. This sociocultural trend was then disrupted by the Carberp gang, which started targeting Russian and Eastern European users, demonstrating that greed knows no boundaries and which ultimately led Russian and Ukrainian law enforcement to the group

Why I willingly handed over my credit card and PIN to a fraudster (New Statesman) If scammers disguised themselves as your bank's fraud protection team, would you fall for it? Andy Welch did

Security Patches, Mitigations, and Software Updates

Patch Available for DOS Vulnerability in BIND nameservers (Threatpost) A denial-of-service vulnerability in certain versions of BIND name servers has been patched, and network managers are urged to upgrade quickly to a secure version of the DNS software

Cyber Trends

The new duty of care (SC Magazine) All companies have a duty of care to their customers and employees while ensuring their business runs profitably. There have been many high-profile cases over the years of companies receiving substantial penalties for breaching employee or customer safety standards. However, most companies have not been held to as high a standard, or focused enough attention, on protecting private data

Cybercrime 'bigger threat than nuclear war', UK lawmakers say (ZDNet) Following the lead of the U.S., U.K. lawmakers say that preventing cybercrime is now a top priority. Is the threat of cybercrime more of concern than a nuclear bomb? The U.K. government believes so. The U.K. Home Affairs Committee, a panel dedicated to scrutinizing governmental policy, has released a report which claims the country is failing in efforts to protect businesses and consumers against cybercrime. After a ten-month inquiry, the committee released its report on E-crime, saying that 25 countries have chosen the United Kingdom as a primary target due to the valuable information stored on servers, including bank and financial data

Online privacy: How did we get here? (Help Net Security) As technology has evolved over the past two centuries, so have our expectations about privacy. This new digital world allows us to connect with each other with increasing ease, but it has also left

Video: Hackers for hire (Help Net Security) Hackers are the 21st century warriors who worry many. As everything we use becomes increasingly connected, so their opportunities to hack, divert or destroy increase. NATO Review talked to some hacker

To achieve good security, you need to focus on business (Help Net Security) In September 2001, as the Nimda computer worm devastated networks worldwide, we in IT security thought that the management will finally wake up and see how important it was to secure out networks

Can Cyber Attacks Prompt the Next Financial Crisis? (Bloomberg TV) Howard Schmidt, former White House cybersecurity coordinator, discusses the threat to the U.S. economy from cyber attacks against corporations and the black-market for the selling of information on system vulnerabilities

Cyber Crime: Whose Side is the Gov't on, Anyway? (Wall Street Daily) Try to wrap your brain around these numbers…Cyber criminals launched 1.5 billion web attacks in 2012, infiltrating 6.5 million unique domains. Malicious codes corrupted servers in the internet zones of 202 countries, just 20 of which accounted for 96.1% of all of those detected by IT security vendor, Kaspersky Labs

The 'Internet of things' will mean really, really big data (InfoWorld) The far-out future of Internet-enabled sensors and objects promises big business benefits -- and it's not as far off as you think. Bland by name and superficially viewed as gee-whiz technology never to be realized, the IoT (Internet of things) has significant potential to transform business. Early forays into Net-enabling physical objects are already pointing the way

Observations on the California Data Breach Report (Tripwire) Recently, the State of California released their "Data Breach Report 2012," which chronicles last year's data breaches affecting 25 million California citizens. Reading through the report, there are a lot of numbers to digest but a few things stood out for me


Move Over, Huawei, there's a new bogeyman in town and it's called Lenovo (Nextgov) Western governments have long suspected Chinese computer equipment makers of being spying factories. Huawei is typically front and center in today's allegations about Chinese corporate spying. But Lenovo, it turns out, is a longstanding shared enemy of Western spy agencies

Spy agencies ban Lenovo PCs on security concerns (Australian Financial Review) Since acquiring IBM's PC division, Lenovo has traded top spots with HP in terms of global market share, however their computers have been banned from the "secret" and "top secret" networks of the intelligence and defence services of Australia, the US, Britain, Canada, and New Zealand due to security concerns

Report: Lenovo products banned by western governments over security concerns (ITProPortal) The security of products made by Chinese manufacturer Lenovo has been called into question by revelations that the UK and a host of other countries have banned use of the company's equipment within intelligence and defence networks. According to an investigation from the Australian Financial Review, researchers uncovered backdoor vulnerabilities and firmware weaknesses in Lenovo chips that make its devices susceptible to hacking

DoD's new cyber teams aren't expensive, says Carter (FierceGovIT) The Defense Department has 40 new cyber teams--27 for defense and 13 for offense--within cyber command, amounting to approximately 4,000 dedicated personnel, said Deputy Secretary of Defense Ashton Carter

Microsoft to Share Vulnerability Data with Incident Responders (SecurityWeek) Microsoft's pre-patch information sharing on vulnerabilities in its software has been expanded to include incident responders dealing with advanced targeted attacks

Microsoft expands bug info-sharing program to larger crowd (ComputerWorld) Acknowledges increased risk of leaks to hackers

TrueAbility raises $2M to build 'open flight simulator' for tech recruiting (VentureBeat) TrueAbility has raised $2 million for its approach to recruiting top technical talent. The company was founded by a team of former Rackspace employees to address inefficiencies in the hiring process. Rackspace provides managed cloud hosting services, and founders Marcus Robertson, Dusty Jones, Luke Owen, and Frederick "Suizo" Mendler wanted to build a system that focused on skill testing rather than resumes

Dell, Icahn Mount Heavy Media Battle As Buyout Vote Looms (CRN) Carl Icahn's unrelenting attack against Michael Dell (NSDQ:Dell) and investment partner Silver Lake continued Monday with an open letter to shareholders that urged Dell's special committee to deny Michael Dell's request to change the way shareholder votes are counted

The Next Network Acquisition Target (Seeking Alpha) Cisco Systems (CSCO) recently announced acquisition of Sourcefire (FIRE) has prompted speculation among the pundits about the next target…Will this acquisition start a run on other companies? According to an article in Bloomberg, Daniel Ives, an analyst at FBR Capital Markets thinks that Fortinet (FTNT) could fetch as much as $39 per share. Ives went on to say that other potential targets include the Israel-based company Check Point Software Technologies (CHKP) and Palo Alto Networks (PANW). The seven companies listed below, including Sourcefire, are in the news and may be in play because of the Sourcefire acquisition

Sourcefire Q2 Profit Rises, Beat Estimates (NASDAQ) Cyber security solutions provider Sourcefire, Inc. ( FIRE ), Monday reported an increase in profit for the second quarter with net income of $2.2 million or $0.07 per share, compared to $1.1 million or $0.04 per share a year ago

Security Software and Hardware Provider STDi Expanding Rapidly in South America as Advancements Breach Borders, Says CEO Jose Susumo Azano (Hispanic Business) There is a constant rise of cyber criminals who would like nothing more than to crack the code on new smartphones. Thus, safety and security are equally as important as the functionality of any newly introduced device. Security software and hardware provider STDi has seen tremendous growth, especially in South America, as a result of an increased demand for technology that is not only reliable, but trustworthy as well

EmeSec Incorporated Celebrates 10 Year History as Cybersecurity Innovator (BWW) EmeSec Incorporated (EmeSec), a provider of forward-looking information assurance (IA) and cybersecurity solutions to commercial and federal agencies, is marking the 10th anniversary of its founding. Since its inception, EmeSec has been laser-focused on solving technical, management and operational cybersecurity challenges; driving best-in-class cybersecurity standards; and offering compelling out-of-the box solutions for government agencies

QinetiQ and SynApps Solutions Awarded Contract with Environment Agency (Hispanic Business) To help meet changing legislation and data security requirements, the Environment Agency has awarded a contract to QinetiQ , a provider of cyber security solutions, and SynApps Solutions , the content management solutions company, to develop a new cloud based case management system. The new system will help Environment Agency employees to manage changes in dam safety regulations arising from the Flood and Water Management Act 2010

Northrop Grumman Awarded U.S. Air Force Distributed Mission Operations Network Contract With Potential Value of $490 Million (Yahoo Finance) The U.S. Air Force has awarded Northrop Grumman Corporation (NOC) a contract potentially worth $490 million to continue providing network and integration services under the Distributed Mission Operations Network (DMON) 2.0 service contract

DoT may rope in Israeli firm to intercept encryption services (Hindu Business Line) India and Israel are likely to come closer in the field of telecommunications as Department of Telecommunications (DoT) may rope in a nIsraeli cyber firm for providing solutions to intercepting encryption services available on smart phones. According to a report on engagements of Telecom Minister Kapil Sibal's visit to Tel Aviv in the middle of last month, discussions were held with Verint Systems, a firm which provides exclusive solutions for lawful interception in cyber space

Booz & Co said on Booz Allen Hamilton, the U.S. government, and Edward Snowden (ABC.AZ) The firm said the below article was posted on our website and it contains errors that we are asking be fixed as soon as possible: Booz & Company is a completely separate firm from Booz Allen Hamilton. We separated in July 2008 and since that time we have operated as separate and distinct companies with different owners and different areas of practice. Booz Allen Hamilton is publicly traded. We at Booz & Company are privately owned by our partners. Edward Snowden has never worked for Booz & Company and there is no connection whatsoever between him and our firm

RSA president leaving to take cloud job at parent EMC (CSO) RSA President Tom Heiser is transferring from the security company to its parent company EMC to focus on cloud computing initiatives, according to an internal communication sent from the company today

Andrew Bryden Appointed VP Communications and Public Affairs by SRA International, Inc. (Herald Online) SRA International, Inc., a leading provider of IT solutions and professional services to government organizations, today announced Andrew Bryden has been appointed to the position of vice president, Communications and Public Affairs

Lockheed Martin Has a New Spymaster (Motley Fool) Rob Weiss, formerly head of the company's Lockheed Martin Aeronautics Advanced Strike and Intelligence, Surveillance, and Reconnaissance programs, has

Former Mozilla CEO Takes Top Spot at AVG (SecurityWeek) AVG Technologies, maker of free and premium Internet security software for PCs and mobile devices, today named Gary Kovacs as Chief Executive Officer and Managing Director. Kovacs joins AVG from Mozilla Corporation, the organization behind popular Web browser Firefox, where he most recently served as CEO, responsible for expanding the company's desktop and mobile businesses

Is Baltimore benefiting from Maryland's cybersecurity industry? ( Baltimore) Maryland has more than 19,000 available jobs in cybersecurity, a $68 billion global industry. But is the state's rapid growth as a cybersecurity center helping Charm City? …Those are questions that, despite the piles of data, are more difficult to find answers to. Overall cybersecurity job numbers make it relatively easy to extrapolate the effect of cybersecurity on the state economy, but much harder to ascertain any potential benefit for Baltimore. CyberPoint is at least one cybersecurity firm that sees advantages to being in Charm City. "That's one of the reasons we're here--Baltimore's a fantastic place to be," Kilpe said. "We're going to stay here longterm because we believe in the potential"

Products, Services, and Solutions

CrowdSource Tool Aims to Improve Automated Malware Analysis (Threatpost) When a new piece of malware surfaces, it's typically analyzed eight ways from Sunday by a long list of antimalware and other security companies, government agencies, CERTs and other organizations who try to break it down and classify its capabilities. There's a lot of duplicated effort there, and a group of researchers is building a new tool called CrowdSource that is designed to take advantage of the existing analysis capabilities in the community and perform automated malware analysis to provide rich reports on each new sample

Executable file analysis tool launched by Bit9 (SC Magazine) Bit9 has launched a tool to assess the security risk of every executable file (dll, installer, script and other programs) on a PC running Windows XP or later versions

The scary implications of Google Glass (Help Net Security) Google Glass, for all its promise, has some scary implications. Here is my list of potential challenges we face with Glass: User experience, Social awkwardness, Privacy (or lack thereof), Obsession

nPulse updates its flow and packet capture appliance (Help Net Security) nPulse released a new version of its Capture Probe eXtreme (CPX) flow and packet capture appliance, which provides a packet indexing solution at 30 million packets per second. CPX is an ultrafast

ThreatTrack Security to Provide Automated Remediation for APTs (Broadway World) While advanced security solutions like a malware analysis sandbox enable security professionals to identify and profile APTs, targeted attacks, Zero-day threats

Norman Shark to Announce Malware Analyzer G2 v4.0 (Broadway World) Norman Shark, the global security leader in malware analysis solutions for enterprises, service providers and government entities, announced

Organizations Can Build a Stronger DDoS Defense Using Real-Time Data Analysis—Deploy a faster, better DDoS response with real–time analytics, mitigation appliances and experienced mitigation engineers (PRWeb) Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, today released recommendations on using real-time analytics as a powerful tool for identifying denial of service attacks and other cyber threats, risks and events

Verisk Analytics Inc. : ISO Enhances Its Cyber Liability Insurance Program with Media Liability Coverage (4-Traders) ISO announced today revisions to its e-commerce (cyber insurance) product. The E-Commerce Program enhancements from ISO introduce new insurance policies designed specifically for companies with a media liability exposure. Both a "claims-made" and "occurrence" version, each providing defense within limits, are available. ISO is a member of the Verisk Insurance Solutions group at Verisk Analytics (Nasdaq:VRSK)

AhnLab's Malware Defense System Delivers Increased Value (MarketWatch) AhnLab, a leading provider of information security products and services for enterprise and

Comodo Shows Biggest Improvement in Antivirus Tests (PC Magazine) Kaspersky scored a perfect 6.0 points, as did Bitdefender, Comodo…Bitdefender, Kaspersky, Norton, and six others earned a perfect 6.0 points, and all but two

CIRCLean (CIRCL) This project aims to be used by someone receiving a USB key from an untrusted source and who want to see the content you do not know what is on it without opening the original and potentially malicious files. The code runs on a Raspberry Pi which means it is never required to plug nor open the original USB key on a computer. It does not require any technical prerequisites of any kind and can be used by anyone

Technologies, Techniques, and Standards

If We Own Your Data We Own Your Ass (Strategy Page) For the military the Internet (and networks in general) and computers (especially the smart phone) have changed everything, especially how troops operate in combat. The military is still scrambling to make the most of these new and, for most, unexpected technologies. Less unexpected was the growing number of databases and software able to quickly find patterns that are otherwise undetectable and indecipherable. That sort of thing had been developing for over a century (since the invention of the punch card and mechanical tabulating devices, a technology that lasted into the 1980s). But suddenly you not only had unimaginable amounts of data, but you had it anytime, anywhere. In theory this should have been a tremendous advantage for those who had it. But it did not work out that way immediately. It took a few years for the troops to get everything working together. Now it's taken for granted that data, captured anywhere, can be quickly processed (scanned, translated and analyzed for useful patterns) and return (sometimes in hours, or less) useful leads

As Feds Seek Passwords, Can Cryptography Still Be Trusted? (Infosecurity Magazine) While national executives, including the EU's executive (the European Commission) seem intent on downplaying the impact of the NSA's PRISM program

Security Today Requires More Than AV Software (IT Business Edge) I had the opportunity to talk with Aleks Gostev, chief security expert for the global research & analysis team at Kaspersky Lab, about some of the current threat trends facing the enterprise today. Not surprisingly, the first thing he mentioned was mobile threats. BYOD, he said, is a huge problem for security officers, especially when dealing with the Android platform, because of the approximately 5,000 mobile Trojans discovered every week. And that security problem is doubled when you connect your PC to your Android device

Continual vigilance key to security, says Damballa (ComputerWeekly) UK businesses need to update their approach to cyber security to recognise that they need to look for signs of compromise continually, says security firm Damballa. "For 25 years, businesses have had the mentality of scan, detect, fix, relax, but that approach to security is no longer working," said Adrian Culley, Damballa's technical consultant for Europe

Hot Security Tips for HotSpots (Kaspersky Daily) For many, summer vacations used to mean leaving all the trappings of home behind. But now that we're more inseparable from our devices than ever before, we never leave everything behind — especially anything that can connect us to the Internet. But the trouble with using the Internet on vacation is that often the only Wi-Fi hotspots available— at hotels, airports, coffee shops, etc. — are unsecured, public networks, and that spells trouble. Here's how to minimize the risk

Debating the Maturity of Cyber–Insurance (GovInfoSecurity) What Role Should It Play in NIST Cybersecurity Framework? The team developing the cybersecurity framework that President Obama ordered is considering incorporating cyber-insurance as a component of the plan, says NIST Director Patrick Gallagher

NIST: Patch management has inherent challenges (FierceGovIT) Poor patch management is a recurring problem for federal information technology systems--noted over and over in oversight reports--but that's due in part because there are challenges inherent to performing patch management, says a new publication from the National Institute of Standards and Technology


Naval Academy Launches Cyber Operations Major (DefenseTech) This fall, the Naval Academy will become the first service academy — or university for that matter — to offer their undergraduate students the chance to major in Cyber Operations

Legislation, Policy, and Regulation

Russia follows in footsteps of SOPA with unsettling new anti-piracy laws (ComputerWorld) In a controversial move by the Kremlin, Russia has followed in the footsteps of SOPA by hurriedly passing two new anti-piracy bills. Experts have been debating whether the new proposed laws - the first to be passed by Russian authorities in over eighteen years - are in fact a smokescreen for something more sinister

First on CNN: More on NSA surveillance programs to be declassified (CNN Security Clearance Blog) The U.S. intelligence community plans to declassify additional information about surveillance programs of the National Security Agency, possibly as soon as Tuesday, CNN has learned

House members to hear from critics of NSA spying program (Daily Caller) Critics of the National Security Agency's domestic spying program will appear before Congress on Wednesday in a hearing that should offer a sharp contrast

How NSA leaks are changing minds among the public—and in Congress (Ars Technica) Most politicians who voted "for" the NSA last week say they want changes, too. Last week, the House of Representatives came within eight votes of defunding the NSA program that collects telephone metadata. The vote was no flash in the pan; developments over the last few days suggest it could be the harbinger of a major change in how the US deals with surveillance

Americans more concerned about privacy than terrorism — Pew study (Russia Today) For the first time in almost a decade, the majority of Americans are more concerned about the government infringing on their civil liberties than about a potential terrorist attack, according to a new poll by Pew Research

NSA Surveillance Extends The Threat Hierarchy (Forbes) The slide below will be familiar to just about anyone who has seen me present. I have used the Threat Hierarchy, first portrayed by my predecessors at Gartner, for a dozen years to launch my narrative on what drives the IT security industry. As I explain at least twice a week to eager investors who want to develop a security portfolio, IT security is different than any other technology sector. There is no maturation. There will not be three or four big players who dominate the space as there are in PCs, databases, ERP, or CAD/CAM. Because there is an outside driving force: threat actors

Rockefeller–Thune NIST cybersecurity bill set to be voted on in committee July 30 (FierceGovIT) A Senate committee will mark up a cybersecurity bill before the 5 week late summer recess

When Would Cyber War Lead to Real War? (Defense One) When would attacks on satellites or computer networks justify retaliation with conventional weapons? Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, recently addressed this question at a forum at the Brookings Institute

Voluntary Initiatives As a Source of Policy–Making on the Internet (CircleID) For many years, I have observed that the Internet is adopting many self-regulation frameworks to address a variety of issues. Indeed the Internet has benefited from self-regulation as an efficient way to address jurisdictional conflicts -- particularly as compared to traditional law making. Since the Internet is global, jurisdiction is often the most difficult policy issue to address. To this end, voluntary initiatives are becoming increasingly popular in the digital space due to their ability to address dynamically issues related to the Internet. Voluntary, self-regulatory or industry-based are all terms used to identify initiatives that are produced and enforced by independent (private) bodies or trade associations and focus on addressing issues that have a limited scope and are of a specific subject matter

White House mulls waving cash at businesses to get them to beef up cybersecurity (Naked Security) Specifically, the US government is reportedly thinking about tax breaks, insurance perks and limited lawsuit protection for organizations that opt in to standards that are now getting hammered out

CIA Talent Gap Blamed On Management (Los Angeles Times) CIA officials often assert that while the spy agency's failures are known, its successes are hidden. But the clandestine organization celebrated for finding Osama bin Laden has been viewed by many of its own people as a place beset by bad management, where misjudgments by senior officials go unpunished, according to internal CIA documents and interviews with more than 20 former officers

Pentagon's Key Whistleblower Counselor Moves to Intel Community (Government Executive) On Monday, a Defense Department loss became the U.S. intelligence community's gain. Dan Meyer, for more than a decade the major whistleblowers counselor working out of the Pentagon inspector general's office, assumed a new post at an undisclosed location to provide interagency coordination for President Obama's new policy protecting whistleblowing by national security employees

Bank of Thailand bans Bitcoin (The Register) Buying and selling Bitcoin banned, mining them still okay

Litigation, Investigation, and Law Enforcement

Irish watchdog won't probe Apple, Facebook over PRISM…but COULD IT? (The Register) Yes, and it SHOULD, says information law specialist

Manning, Snowden: World Weighs Treason vs. Nobel Prize ( Manning is currently in jail in Fort Meade, Md., following the closing of his military trial last week. According to media reports late in the afternoon July 29, the

Edward Snowden's father: Son can't get fair trial in US now (Washington Post) The father of National Security Agency leaker Edward Snowden said Friday his son has been so vilified by the Obama administration and members of Congress

$300 million 'superhackers' are not so super after all (Naked Security) Two of the five men that were part of "the largest ever hacking and data breach scheme in the United States", were caught thanks to some pretty obvious carelessness, posting their holiday snaps online and letting their mobile phones broadcast their location to the cops on their trail

Two big obstacles hinder cybersleuths (USA TODAY) Data privacy restrictions such as these complicate the ability to deftly react to a cyber attack, given that one of the key methodologies attackers use is the deliver

Crime moves into cyber markets (ComputerWorld Malaysia) Policing organised crime has become more complex because of an increase in "entrepreneurs" selling drugs, guns, child pornography and fake identification online, the Australian Crime Commission has warned

Mail from the (Velvet) Cybercrime Underground (Krebs on Security) Over the past six months, "fans" of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares

Crumbs, we're going to lose that public sector bid — Jeeves, send for the lawyers (The Register) Hyper-competitive businesses file ever more complaints

Exposed: RSPCA drills into cops' databases, harvests private info (The Register) Animal charity gets its paws on police data — and nobody appears to be watching

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Black Hat 2013 (Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

Growing Maryland's cybersecurity industry: Baltimore Meetup (Baltimore, Maryland, USA, July 30, 2013) Join Technically Baltimore in at CyberPoint International on July 30 for a presentation about Maryland's rapidly expanding cybersecurity industry -- and how the Baltimore region's broad, general technology...

AFCEA Global Intelligence Forum (Washington, DC, USA, July 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence...

International Conference on Cyber Security (New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...

Third Annual SINET™Innovation Summit (New York, New York, USA, August 6, 2013) SINET™, the premiere community builder and innovation catalyst for the Cybersecurity industry hosts their third annual Innovation Summit at Columbia University on August 6th. SINET programs are where the...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...

AFCEA Tinker AFB Information Technology & Cyber Security Expo (Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information...

AIAA Aviation 2013 (Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...

Security in Government (SIG) (Canberra, Australia, August 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy...

A Cloud Computing Introduction for Managers (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

cybergamut Technical Tuesday: A Cloud Computing Introduction for Managers (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.