skip navigation

More signal. Less noise.

Daily briefing.

OpIsrael returns as 71 Israeli websites are hacked. OpPetrol, targeting mainly Middle Eastern oil producers, is expected to resurface around June 20.

A hack that gets to webcams via browsers is demonstrated. Android malware evolves better obfuscation. Software companies race to close a newly discovered cross-platform zero-day browser vulnerability.

The US FDA warns of medical device cyber vulnerability and proposes new regulation of the device and hospital IT sectors.

Reports suggest that US Government cyber threat information sharing with companies may have involved a metadata sharing quid pro quo.

As the US Congress continues to discuss NSA electronic surveillance, several Senators express doubts over General Alexander's testimony that the program deflected terrorist attacks. It remains unclear how Congress will ultimately respond to the PRISM affair, but observers (and members of Congress) are questioning the efficacy of legislative intelligence oversight.

Among laws under consideration is one that would restrict contractor access to classified information. (Since policy tends to be debated on Aesopian as opposed to analytical grounds, one might note that Bradley Manning was no contractor.) As details of the leak emerge—thumb drives, much online foreshadowing of leaks—analysts wonder why standard security measures seem to have failed.

PRISM has increased cyber tensions between the US and the EU, and hasn't helped with China, either. Observers also see a baleful impact on what's loosely called "Internet freedom." The case raises other questions, including that of corporate liability for leakers.

"Hacking back," some say, could prompt the return of letters of marque.

Notes.

Today's issue includes events affecting Australia, Canada, European Union, India, Israel, Saudi Arabia, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

#OpIsrael-Reloaded: X-Blackerz Inc Hacks Israeli Hosting Company, Defaces 71 Sites & Leaks Admin Info (Hack Read) A hacker going with the handle of X-Blackerz Inc, supporting Anonymous hackavists on #OpIsrael has hacked into the server of an Israeli based hosting company, ending up with defacing 71 Israeli websites and leaking hosting details online. The hacker left a deface page, along with a message in text and a Youtube video; explaining the reason for attacking Israeli cyber space

Anonymous' #OpPetrol: What is it, What to Expect, Why Care? (TrendLabs Security Intelligence) Last month, the hacker collective Anonymous announced their intention to launch cyber attacks against the petroleum industry (under the code name #OpPetrol) that is expected to last up to June 20. Their claimed reason for this attack is primarily due to petroleum being sold with the US dollar instead of currency of the country where petroleum originates. However, some chatter indicates there was a desire to launch new attacks due to both #OpIsrael and #OpUSA being regarded as ineffective

Smile! Hackers Can Silently Access Your Webcam Right Through The Browser (Again) (TechCrunch) You know those people who put tape over their laptop's webcam to keep digital peeping toms at bay? They're not crazy. A new proof of concept is making the rounds today that demonstrates how a hacker can snap pics off your webcam, right through the browser, with no consent required

Cybercriminals Improve Android Malware Stealth Routines with OBAD (TrendLabs Security Intelligence) We have been seeing apps that exploit vulnerabilities in Android, with most of them attempting to gain higher privileges on user devices. In recent days, a stronger and a far more advanced Android malware named ANDROIDOS_OBAD has come into play. What seems to be a product from the same malware authors behind ANDROIDOS_JIFAKE, ANDROIDOS_OBAD is found to be equipped with ability to avoid being uninstalled from devices and triggers more malicious code

Malware Redirects South Korean Users To Phishing Sites (TrendLabs Security Intelligence) Online banking threats have been prevalent for many years, but recently they seem to be determined to expand beyond their usual targets. In the past few weeks and months, we've seen various attacks target Korean banks using various techniques

AutoRun. Reloaded (SecureList) Recent months have produced little of interest among worms written in Java and script languages such as JavaScript and VBScript. The main reason behind this was the limited proficiency of the virus writers, whose creations were anything but remarkable. However, a couple of malware samples grabbed our attention; their complexity is testimony to the fact that professionals sometimes get involved as well

Microsoft misses Google-found flaw in Patch Tuesday updates (ZDNet) He made the zero-day flaw public, citing Microsoft as being "often very difficult to work with," and "treat[ing] vulnerability researchers with great hostility." The software giant said it was not aware of any attacks and had not issued an advisory

Big browser builders scramble to fix cross-platform zero-day flaw (Register) Browser manufacturers will release an update in the next few weeks to block a new type of malware that exploits a cross-platform flaw that allows attackers access to Mac, PC, mobile, and even games console internet users. "PC, Android, Mac - the

Vast array of medical devices vulnerable to serious hacks, feds warn (Ars Technica) A vast array of heart defibrillators, drug infusion pumps, and other medical devices contain backdoors that make them vulnerable to potentially life-threatening hacks, federal officials have warned

US swaps data with thousands of firms: sources (Sydney Morning Herald) Along with the NSA, the CIA, the FBI and branches of the US military have agreements with such companies to gather data that might seem innocuous but could be highly useful in the hands of US intelligence or cyber warfare units, according to the people

iOS 7 Beta Bug Enables Lockscreen Bypass (Threatpost) An iPhone user in Spain who downloaded the beta version of Apple iOS 7, which was made available Monday, was able to bypass its screen-lock security feature

Obama Appointee Who Heads U.S. Nuclear Security Agency Is Hacked By "Guccifer" (The Smoking Gun) The Obama administration official who heads the agency responsible for maintaining the country's nuclear stockpile as well as securing "loose nukes" worldwide is the latest victim of "Guccifer." Neile Miller, acting administrator of the National Nuclear Security Administration (NNSA) recently had her Facebook account breached by the notorious hacker, who also apparently illegally accessed one of Miller's personal e-mail accounts

Cyberespionage Operators Work In Groups, Process Enormous Data Workloads (Dark Reading) A group of Taiwanese researchers peer into the operations center of a group behind one large espionage campaign. In a study of the lifecycle of cyberespionage attacks, a group of researchers at a Taiwanese security startup have found that the nation's major government agencies encounter a dozen such attacks each day and that the operators behind the attacks have virtual data centers that appear to be processing enormous workloads

Zeus is hiring money mules - just get infected first (Infosecurity Magazine) For cyber criminals, Zeus is the complete package: not only will it steal your money, it now helps the gangs recruit the money mules to get stolen money out of the country and into their own accounts

How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them (Webroot Threat Blog) In 2013, the use of basic Quality Assurance (QA) practices has become standard practice for cybercrininals when launching a new campaign. In an attempt to increase the probability of a successful outcome for their campaigns — think malware infection, increased visitor-to-malware infected conversion, improved conversion of blackhat SEO acquired traffic leading to the purchase of counterfeit pharmaceutical items etc. — it has become a common event to observe the bad guys applying QA tactics, before, during, and after a malicious/fraudulent campaign has reached its maturity state, all for the sake of earning as much money as possible, naturally, through fraudulent means

Cyber Trends

Infographic: Canadian Cybercrime Report Card (SC Magazine) A large increase in foreign cybercriminals establishing virtual bases in Canada to command corporate espionage

State-level data governance efforts 'shaky at best' (FierceHealthIT) State level governance efforts for storing and exchanging citizen data--including health information--are "shaky at best," according to Chad Grant, a senior policy analyst with the National Association of State Chief Information Officers

'US infrastructure highly vulnerable to cyber attack' (Business Standard) "On a scale of one to 10, with 10 being strongly defended, our critical infrastructure's preparedness to withstand a destructive cyber attack is about a three based on my experience," Alexander, also in charge of the US military's Cyber Command, wrote

Cyber attacks top banking risk, says Bank of England (ComputerWeekly.com) Reporting on meetings with the UK's top five banks six months ago, Haldane said four had told him cyber attack was their biggest threat, according to Reuters. The fifth bank had since added cyber threats to its list of top risks, Haldane told the

News Analysis: Cyber security - prudence or paranoia? (B&T Marketing & Media) Late last month, Commonwealth Bank chief exexutive Ian Narev told the Group of 100 congress of leading finance executives that the threat of a cyber attack is one of his biggest fears. "The security of our perimeter and our ability to understand what

Cyber-crime devastates global economic growth, world economic powers told (Vancouver Sun) In December 2012, Saudi Arabia blamed unidentified people based outside the kingdom for a cyber-attack on state-owned Saudi Arabian Oil Co. that was aimed at disrupting production from the world's largest exporter of crude. U.S. officials have accused

FireEye release Australian cyber security survey findings (Australian Defence Magazine) FireEye has released their findings from a comprehensive survey of the state of Australia's cyber security as seen by executives and technical staff across

Account Takeover Attempts Nearly Double Over Six Months: Report (Security Week) Account takeover attempts and credit card fraud have nearly doubled over a six month period, ThreatMetrix said, as part of its new Cybercrime Index, which examines Web fraud and provides insight into the prevalence of such attacks

Top 10 Security Myths: Misconceptions and Exaggerations About Threats and Technologies (Security Week) Information security is peppered with several misconceptions and exaggerations about threats facing businesses and the technologies to combat those threats, according to a Gartner analyst. The misconceptions have become "security myths" which are widely held among senior management, business managers, and even among security professionals, Jay Heiser, a Gartner analyst, told attendees at the Gartner Security & Risk Management Summit on Tuesday. Risk perspective is "not rational" and based on information at hand, people can misunderstand or overemphasize risk, Heiser said. This is why people may wind up emphasizing the wrong ideas, worrying over exotic issues instead of thinking about the common-and more likely-risks

Marketplace

0-Day The (Bug) Bounty Hunter (Dark Reading) Companies increasingly offer bug bounties to help find vulnerabilities and threats. This is an opportunity for those looking to get into security. Whenever I go to a conference, inevitably I'll meet a college student or a younger kid interested in security. They want to know how I got to--well, wherever I am--and how they can sit in coffee shops all day. Once I get over the shock that I had already graduated from college before these kids were born, they usually want some guidance on how to get started in the business

Talking cyber security with the UK government (SC Magazine) It is easy to be critical of the government when it comes to cyber security, but the truth is that up against attacks, a lack of funding and an increasingly able adversary, what it is achieving is not all that bad

NASA CIO unable to implement effective IT governance (FierceGovIT) The position of NASA chief information office has limited visibility and control over the agency's information technology investments, resulting in ineffective governance over its 550 IT systems and more than $1.5 billion annual IT spending, finds a June 5 Office of Inspector General report. "NASA's current IT governance model weakens accountability and does not ensure that IT assets across the Agency are cost effective and secure," writes the OIG

Hiring digital 007s (The Economist) A new cyber-industrial complex is rising. Should you worry? "AT BOOZ ALLEN, we're shaping the future of cyber-security," trumpets a recruiting message on the website of Booz Allen Hamilton, a consulting and technology firm. It is hard to argue with that blurb right now. Edward Snowden, the man who revealed he was responsible for leaks about surveillance of American citizens by the National Security Agency (NSA), was a contractor working for Booz Allen. That has turned a spotlight on the extensive involvement of private firms in helping America's spooks to do their jobs. The affair could lead to changes in the way these relationships work

House Republicans block anti-sequestration amendments in defense spending bill markup (FierceGovernment) The House Appropriations Committee marked up the Defense Department spending bill June 12, blocking several amendments from Democrats

Agencies need governmentwide guidance on suspension and debarment process, GAO official says (FierceGovernment) Though the suspension and debarment system has been around for many years, there is little guidance for it, Government Accountability Office Acting Director of Acquisition and Sourcing Management John Neumann said at a June 12 House Government and Oversight Committee hearing

IBM U.S. Job Cuts Reach at Least 1,300, Employee Group Says (Bloomberg) International Business Machines Corp. (IBM), the world's largest computer-services provider, has fired at least 1,300 workers in a round of U.S. job cuts that began yesterday, according to the employee group Alliance@IBM

NSA Leaks Suggest Microsoft May Have Misled Public Over Skype Eavesdropping (Slate) Revelations about the Internet spying system PRISM have put the international spotlight on the extent of the U.S. government's secret surveillance. But the disclosures also raise important questions about the role the world's largest Internet companies played in hoodwinking the public over the controversial spying

Before Edward Snowden, Intel Chief Warned Of Contractor Perils (Huffington Post) As the Edward Snowden leak case reminds us, the United States government has increasingly outsourced its intelligence operations to private firms like Snowden's erstwhile employer, Booz Allen Hamilton, which raked in $1.3 billion from its intelligence

Behind the Curtain: Booz Allen Hamilton and its Owner, The Carlyle Group (The New American) According to writers Thomas Heath and Marjorie Censer at the Washington Post, The Carlyle Group and its errant child, Booz Allen Hamilton (BAH), have a public relations problem, thanks to NSA leaker and former BAH employee Edward Snowden

Special Ops Command Extends Booz Allen's IT Management Deal (Nextgov) The folks in the Special Operations Command's contracting shop evidently have no intention of letting the largest leak of top secret intelligence in history keep it from extending a contract with Booz Allen Hamilton, the employer of the now on-the-lam

GSA awards $150M to Qinetiq North America for software development (Washington Business Journal) Under a potential $150 million blanket purchase agreement, Qinetiq North America will provide IT and software development services to the General Services Administration, the Reston-based federal contractor announced Thursday

AVG Acquires Remote Monitoring and Management Software Firm (Security Week) Internet security software maker AVG Technologies announced that it has entered into an agreement to acquire LPI Level Platforms, a provider of remote monitoring and management software solutions

Sourcefire CEO — Cyber Attacks And The New Cyber Security Model (Forbes) Cyber attacks not only are growing in volume, but in the last year they have hit major companies like Google, Bank of America, Northrop Grumman, Microsoft, Yahoo, AOL, LinkedIn, Tumblr, the Reuters news service and the BBC to name a few. Simply put, the situation is a cause for alarm and in my experience that usually spells an opportunity for investors. That's one of the reasons why the threat of cyber attacks sits in the crosshairs of my Safety & Security PowerTrend, one of my Great 8 PowerTrends that shapes how we invest in my PowerTrend Profits newsletter

Products, Services, and Solutions

Panda Cloud Antivirus 2.2 adds Data Shield, Parental Control and Rescue Boot creator (PC Authority) Bilbao, Spain-based Panda Security has released Panda Cloud Antivirus Free 2.2, a major new version of the company's cloud-based antivirus tool

#Facebook gets #hashtags, which does #WTF to your #privacy? (Naked Security) Oh, boy! Now you won't miss snippets regarding #gameofthrones or the antics of people's #children

TP-LINK announces Archer C7 Wi-Fi router (Help Net Security) TP-LINK released the AC1750 Wireless Dual Band Gigabit Router, Archer C7, that support the 802.11ac standard. Archer C7 operates over both the 2.4GHz and 5GHz bands to give users two dedicated

Log analysis and alert management platform (Help Net Security) RandomStorm has released its new integrated log analysis, HIDS and file integrity platform, StormAgent. StormAgent automates protective monitoring of network hosts, reducing the time needed to sift

Ping Identity updates cloud identity management platform (Help Net Security) Ping Identity announced PingFederate 7, an upgrade to its identity bridge software and Cloud Identity Management Platform. The release delivers standards-based user provisioning, authentication

Automated password management for privileged accounts (Help Net Security) BeyondTrust announced the release of PowerBroker Password Safe, including integration with Retina CS, the company's vulnerability management platform. PowerBroker Password Safe is an automated

HP Gets Its Big Data Act Together (InformationWeek) Hewlett-Packard's 'HAVEn' ecosystem unites Hadoop, Autonomy, Vertica and enterprise security, backed by management software and consulting services

CloudAware Uses Chatter In Amazon Cloud Management (InformationWeek) CloudAware finds Salesforce.com's Chatter social platform a boon to helping companies monitor compliance, performance in Amazon Web Services workloads

Technologies, Techniques, and Standards

Can You Completely Secure Linux? (eSecurity Planet) Top Linux security engineers address whether complete security can ever be achieved with the open source operating system

Letter Of (Cyber) Marque And Reprisal (Dark Reading) The past couple of years have seen a growing base of "hack back" supporters -- with several new businesses around the globe now presenting their services in a similar vein, each advocating more forceful responses to breaches, such as launching denial-of-service attacks against the attackers, hacking botnet command-and-control servers, embedding exploits in pilfered documents, etc., in an effort to mitigate ongoing threats

Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away? (Ars Technica) How to to encrypt e-mail, and why most don't bother

How orgs should handle personal data on IT systems that they don't control (Help Net Security) Organizations should create a privacy program that keeps personal data at arm's length, but under control, according to Gartner, which predicts that by 2019, 90 percent of organizations will have pers

Whose data is it anyway? (FierceBigData) In light of the recent revelation that the NSA is using big data in its surveillance efforts, it is a good time to remember that it is not the only government agency to use this strategy. It's also a good time to ask the burning question of the day: "Whose data is it anyway?" Last year, the TechAmerica Foundation's Federal Big Data Commission report titled "Demystifying Big Data: A Practical Guide To Transforming The Business of Government" revealed multiple use cases from several U.S. government agencies

Cloud data security: Customers and providers share responsibility (TechTarget) The amount of control customers have over public cloud computing services increases as you move down the computing stack, with Software as a Service (SaaS) offering little or no control and Infrastructure as a Service (IaaS) offering the most control. The same goes for security responsibilities in the cloud: With SaaS, the responsibility to secure the platform and infrastructure clearly falls on the provider

20 Critical Security Controls: Control 13–Boundary Defense (Tripwire) Today's post is all about Control 13 of the CSIS 20 Critical Security Controls - Boundary Defense (the last post pertained to Control 12). Here I'll explore the (29) requirements I've parsed out of the control (I used the PDF version, but the online version is here) and offer my thoughts on what I've found

Design and Innovation

Hey Silicon Valley, The British Are Coming (To Learn Your Startup Secrets) (TechCrunch) Doing a startup in Europe is challenging for many reasons. The can-do attitude of Silicon Valley is undoubtedly fuelled in part by the amount of investor money flying around. But that's not the only reason. Failing in the U.S. isn't seen as an end point in the way it can be in Europe. A new U.K. internship programme is aiming to pass that attitude on to 15 grads via Valley startup work placements

Legislation, Policy, and Regulation

Sen. Chambliss: No Intel Reform Likely After NSA Leak Scandal (DefenseNews.com) Congress is unlikely to overhaul the US intelligence community after a Booz Allen Hamilton employee disclosed several highly classified national security programs, says one key senator. Asked Thursday morning by Defense News whether

Intelligence Committee Chair: Court Order Not Needed To Search Metadata (BuzzFeed) Also says Congress will push for legislation to limit how much access contractors have to classified information

Critics question claim that NSA surveillance crucial in 2 cases (Digital Journal) The widespread surveillance programs revealed to the public last week, have prevented dozens of terrorist attacks according to Army General Keith Alexander, head of the US Cyber Command

Harkin questions testimony of National Security Agency commander (Radio Iowa) The head of the National Security Agency told members of a U.S. Senate committee on Wednesday the agency's in-depth surveillance of American citizens has stopped dozens of terrorist attacks. Iowa Senator Tom Harkin remains unconvincedtent

The Lie Of Legislative Oversight (Washington Post) Ron Wyden doesn't want to call the director of national intelligence a liar

Surveillance And Its Discontents (Wall Street Journal) In our age of proliferating nuclear weapons and genetically engineered biotoxins, a country serious about self-preservation must detect potential threats and prevent attacks before they occur, not prosecute them as crimes after the fact. The architecture to protect civilians must therefore include signals intelligence, or surveillance, to obtain actionable information about the plans, actions and capabilities of the decentralized and lethal networks that are al Qaeda and its franchises

Look who's listening (The Economist) America's National Security Agency collects more information than most people thought. Will scrutiny spur change

Pushing The Envelope, NSA-Style (Washington Post) The National Security Agency's recording of U.S. phone data does basically that with the telephone. It records who is calling whom the outside of the envelope, as it were. The content of the conversation, however, is like the letter inside the envelope

The NSA's Big Data Problem (Time) It's still unclear exactly how the National Security Agency (NSA) is carrying out digital surveillance on us. But we know one thing for sure: the government is collecting a whole lot of data

A Promise Of Changes For Access To Secrets (New York Times) If Congress enacted such limits it would force a widespread change in the way many of the country's most delicate intelligence operations are run, and would most likely require the intelligence agencies to hire more staff members of their own to do work that in recent years has increasingly been outsourced. It is unclear how broadly Congress would endorse such changes

Oppose PRISM-like programs today or lose you privacy tomorrow (Help Net Security) I used to work for a telecommunication company. The government had access to call records, although the process for obtaining any information required manual requests and processing. That is why I am not surprised by recent news related to PRISM, an NSA-led initiative to gather intelligence related information from internet providers and communication services providers

The best answer to PRISM's abuses is strong cryptography in the hands of the public (AmericaBlog) Trying to make sense of the official pronouncements about the National Security Agency's PRISM program is like trying to nail Jello to a wall. First, a quick primer. PRISM is a highly classified NSA program whereby the computer servers of nine Internet companies, including Microsoft, Yahoo, Google, Facebook, Skype and YouTube, are tapped by the US government. We now know that the disclosure of PRISM's existence came from disgruntled NSA contractor Edward Snowden

Opening the Surveillance State's Secret Courts (Bloomberg) Are we ready now for that discussion about secrecy? In December, in a holiday-season rush to reauthorize the Foreign Intelligence Surveillance Act, the U.S. Senate shot down several amendments intended to limit the powers the act grants to the government and to scale back the near-total secrecy that it authorizes

Congress Won't Defund PRISM-Style Snooping (Slate) It was largely ignored yesterday, but the House Rules Committee had two chances to strike a blow at the NSA. Both Rep. Alan Grayson and Rep. Tim Huelskamp, a Democrat and a Republican both at the edges of their party conferences, introduced amendments that would have effectively cut the purse strings for--and made it illegal to fund--anything like PRISM

What the NSA got right (FierceBigData) Edward Snowden's revelation about the NSA's daily harvest of cell phone metadata from Verizon upset many Americans. Government officials attempted to soothe the public by explaining that the data would be used to track terrorists and not everyday people. By and large that tactic worked. According to a Washington Post--Pew Research Center poll, 56 percent of Americans consider the NSA's actions acceptable

NSA Surveillance May Have Dealt Major Blow To Global Internet Freedom Efforts (Forbes) The internet has never been a perfect tool for advancing democracy and human rights. Despite the most optimistic techno-utopian projections, the internet has yet to set us free and rid the world of dictators. Critics have been right to warn us of the dangers of a single-minded approach — we should be careful not to overlook the deep historical, economic, and cultural factors that shape the world we live in today. At the same time, it is true that the internet has revolutionized the way we are able to connect with each other. We are no longer limited to our culture and geography, we can now unite around shared interests and values

UK denies wrongdoing and EU demands answers on U.S. surveillance (FierceGovIT) Surveillance programs operated by the federal government have sent shock waves into Europe, as international leaders scramble to take a stance on the issues and demand details from the United States

EU 'assessing U.S. relationship' amid PRISM spying claims (ZDNet) In a letter obtained by ZDNet, the EU justice chief hints at consequences to come for the U.S. government if European citizens were targeted by the NSA's PRISM program

What's Worse: China Hacking Vs. Pentagon Whacking? (Eurasia Review) As the Obama administration imposes gouging cuts on fundamental social spending, the White House is allocating $13 billion for the US Cyber Command, tasked with waging 'offensive cyber strikes' to defend the homeland. In 'Pentagonese' that translates

China deserves explanation of PRISM (GLobal Times) Edward Snowden, the man who blew the whistle on the American National Security Agency's PRISM project, has claimed that the US has been hacking servers in the Chinese mainland and Hong Kong for years. The Chinese diplomatic department should explicitly demand a reasonable explanation from the US government

Short-Circuiting China's Cybersnooping (Washington Times) Persistent activity by Chinese cyberspies reveals just how vulnerable America remains to digital security breaches. In the cyberworld, the playing field has leveled, and the United States, without the fortified cyberprotections to match the threat, remains target No. 1

China's Silence Is Golden On Washington Snooping (Financial Times) But now, for once, silence is golden for Beijing. In a matter of days, the Snowden leaks have turned the dynamics between China and the US over cyber security upside down. If Beijing plays it right, it could look like the victim of a US smear campaign

Keep The Focus On China Cyber Threat (Financial Times) One point must not be lost, however. The great danger of the furore over the NSA in recent days is that it will distract attention from the immense threat from China that US companies face. Yes, the US government must be accountable and transparent when it comes to the surveillance of its own citizens. But the scale of cyber espionage by China against western companies is on an altogether different scale

What we know about CSEC, Canada's eavesdropping agency (CBC.ca) Revelations about the extent of surveillance by the National Security Agency (NSA) in the U.S. have spark interest in the activities of Canada's own, highly secretive agency. Last week, media reports revealed that the NSA collected hundreds of millions

FDA wants tighter cybersecurity for medical devices (FierceMedicalDevices) As concerns about the hackability of medical devices mount around the world, the FDA is proposing tighter regulations for manufacturers, suggesting that companies include cybersecurity information along with clinical data when seeking approval

Federal regulators address rising security risk to medical devices (CSO) The Food and Drug Administration's latest security guidance to medical-device makers reflects the growing risk hackers and malware present to the lives of hospital patients

U.S. prosecutors propose kill switch to stop smartphone thefts (CSO) The kill switch is part of an initiative to reduce thefts, which sometimes involve violence

With data, Baltimore city should fix problems before they even occur: Heather Hudson [Q&A] (Technically Baltimore) Baltimore's first chief data officer says her main priority is organizing city government data into a central data warehouse

Govt rolls out new cyber security framework (I Government) "As India becomes more networked, we will become more vulnerable to cyber attack. Today, we are protected by virtue of being under-networked. As a networked country, coordinating between multiple agencies will becomes a growing challenge," says an

Litigation, Investigation, and Law Enforcement

Why does the public now listen to an U.S. government whistleblower? (Help Net Security) This is not the first time that a government whistleblower has come forward and tried to warn the U.S. public about the surveillance overreach of government agencies, but it was the first time that such revelations had such a global impact and response

Manning Case Challenges Definition of "Whistleblower" (PBS NewsHour) The court martial for Army Pfc. Bradley Manning began on June 3 in Fort Meade, Md. Manning was arrested three years ago for leaking 700,000 classified U.S. government documents to the website WikiLeaks. Manning has pled guilty to some of the lesser

Why Are Massive National Security Breaches So Ridiculously Easy? (The Nation) While attending the the court-martial of Pfc. Bradley Manning in Fort Meade yesterday, I was reminded once again that the biggest security breach in US history was as challenging and intricate as instant coffee. Witness after witness from the

Snowden Used Thumb Drive For Data (Los Angeles Times) Former National Security Agency contract employee Edward Snowden used a computer thumb drive, a portable data storage device that is supposedly barred inside the spying agency, to smuggle highly classified documents out of an NSA facility in Hawaii, according to U.S. officials

While Working For Spies, Snowden Was Secretly Prolific Online (Reuters.com) While working for U.S. intelligence agencies, Edward Snowden had another secret identity: an online commentator who anonymously railed against citizen surveillance and corporate greed

U.S. Officials Fear Leaker Has More Classified Files (Washington Post) A broad assessment of the damage caused by disclosure of documents on classified intelligence programs has concluded that the former National Security Agency contractor who claimed responsibility for the leaks probably obtained dozens of other sensitive files, U.S. officials said Thursday

Leaker's Ties To China Probed (Wall Street Journal) U.S. lawmakers briefed Thursday on the recently revealed NSA surveillance programs trained their fire on the self-described source of the leaks, Edward Snowden, suggesting he may be cooperating with the Chinese government

Hong Kong to Handle Leaker Extradition Based on Law (Bloomberg Law) Hong Kong will deal with any U.S. request to extradite Edward Snowden, the former U.S. government contractor who disclosed secret information, according to the city's legal system, Chief Executive Leung Chun-ying said

Leak from the National Security Agency Prompts Risk Managers to Ask New Questions (Wall Street Journal) News reports on the leak of confidential information from the NSA by a government contractor may cause Risk Managers to ask themselves a new question: What happens when your employee acts as a whistleblower to either the government or another company with whom you have a contract? Until now, the potential claim scenarios often involved an unintentional mistake or random human error

Charges pending againt student suspected in Manchester Regional cyber bullying attack (NorthJersey.com) A student at Manchester Regional High School has been identified as the alleged cyberbully believed to be responsible for launching a series of vulgar online attacks against other students in January, school and law enforcement officials said Thursday

Anonymous Hacker 'ItsKahuna' Pleads Guilty to Hacking into Salt Lake City Police Website (Hack Read) An Anonymous hacker going with the handle of @ItsKahuna on Twitter from Ohio is all set to confess the cyber crime for which he was arrested few days back. He breached the security of one of the websites, which belonged to salt lake police. This site operated for five different cities namely: Utah, California, New York and Missouri. So, at the court he was charged for five different crimes

Bitcoin lovers: This is what it looks like when the US wants to destroy a currency (Quartz) There's a big difference between bringing down a currency and simply trying to regulate it. Today a top US financial crime official said digital currencies like bitcoin shouldn't fear government plans to regulate them like regular old financial institutions

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Digital Forensics and Incident Response Summit (Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...

Suits and Spooks La Jolla 2013 (LaJolla, California, USA, June 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in...

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Hack in Paris (Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...

2013 ICAM Information Day and Expo (Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.

Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, June 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium.

NASA National Capital Region Industry Days (Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...

AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...

ShakaCon (Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...

Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, June 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy...

American Technology Awards Technology and Government Dinner (Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.