skip navigation

More signal. Less noise.

Daily briefing.

Chinese hackers, probably under PLA direction, exploit an Adobe Reader zero-day to spearphish Tibetan and Uyghur activists. CyberSquared also charges Chinese groups with using advanced persistent threats (APTs) against the Western medical industry. Quartz notes that Chinese cyber strategy dates at least to Major General Wang's 1995 analysis of US information operations.

A University of Illinois cryptographer demonstrates a TLS/RC4 attack. Sophos advises a look at your corporate Websites: Seagate's blog has been compromised to infect visitors with malware. An NCC Group pen-tester reports that a disconcertingly large number of security appliances are themselves riddled with vulnerabilities.

GFI Software says many organizations DOS themselves, as employees consume resources listening to the radio, watching videos, etc. (For at least a partial remedy, see the techniques for log monitoring discussed below.)

Patching alone won't close Industrial control system (ICS) vulnerabilities, and industry casts about for a better model. (Trend Micro claims success in drawing ICS hackers to honeypots.)

Bruce Shneier and others point out the growing dispersion of attack tools and suggest reasons to regard the attackers' advantage as an enduring one. With this, and with new advice on risk analysis, it's striking to see that cyber insurance purchases jumped 33% last year. This means not only that the boardroom recognizes the risk, but, more interestingly, that insurance companies believe they can assess and monetize it. (They wouldn't offer the insurance otherwise.)

Reuter's deputy social media editor was indicted yesterday for alleged complicity in an Anonymous attack on the Los Angeles Times.


Today's issue includes events affecting Belgium, Brazil, Canada, China, Czech Republic, Denmark, Hungary, India, Ireland, Portugal, Romania, People's Democratic Republic of Korea, Republic of Korea, Russia, United Kingdom, United States..

Next week, watch for our special coverage of ITSEF 2013, beginning Tuesday.

Cyber Attacks, Threats, and Vulnerabilities

Adobe Reader Zero-Day Exploit Targets Activists In Spearphishing Attacks (CRN) An Adobe (NSDQ:ADBE) Reader zero-day exploit has surfaced in a new wave of attacks targeting activist groups and is dropping an advanced piece of malware, according to researchers analyzing the new threat. Security researchers at Kaspersky Lab and FireEye issued a report Thursday warning about a new attack campaign they are calling "ItaDuke." The threat has been detected in spearphishing attacks targeting activists in Uyghur in Central Asia and activists in Tibet. The campaign preceded a human rights conference in Geneva this week, according to Kaspersky Lab threat researchers Costin Raiu and Igor Soumenkov

Tibetan, Uyghur activists fall victim to MiniDuke malware (Infosecurity-Magazine) (Activists for Tibet and Chinas Uyghur community are being targeted once again, this time with an Adobe PDF vulnerability using the MiniDuke malware. In late February, Government officials in more than 20 countries were the victims of an Adobe-based exploit that hackers have used to drop the MiniDuke malware, tasked with stealing intelligence from political targets. Kaspersky Lab uncovered attacks on the governments of Ireland, Romania, Portugal, Belgium and the Czech Republic, along with a research foundation in Hungary, two think-tanks and a healthcare provider in the US

Medical Industry Under Attack By Chinese Hackers (Dark Reading) Sykipot, VOHO targeted attack campaigns also hit medical industry, and cyberspies also after business-process intel. Multiple gangs of Chinese cyberespionage hackers are now targeting the healthcare and medical/life sciences industries. Most every industry is fair game for cyberespionage these days, so it's no surprise that the healthcare and medical industry would come up on the list, but to date, it's been a field more abused by cybercriminals motivated by medical identity theft and other financial fraud. Rich Barger, chief intelligence officer with CyberSquared, says his firm can confirm at least three advanced persistent threat (APT) groups out of China who have targeted organizations in the medical field

Recent cyberattacks could be part of a Chinese military strategy started nearly 20 years ago (Quartz) The recent spate of hacking attacks alleged to have originated from China's military has taken many world governments, business leaders and individuals largely by surprise. But it shouldn't have. Chinese generals have been talking about cyberwarfare for many, many years. The first signs of China's interest in cyberwarfare began with Major General Wang Pufeng, a former Director of the Strategy Department at the Academy of Military Science in Beijing. Now regarded as the founding father of "Chinese information warfare" (link in Chinese), Wang's 1995 paper titled "The Challenge of Information Warfare" (a more literal translation of the Chinese…would be "Information Technology and Military Revolution") analyzed the way the US had used information technology to win battles

Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessions (Threatpost) It's been more than 25 years since Ron Rivest invented his RC4 stream cipher, and after all that time it's still being used widely, which is something of an achievement in the crypto world. However, for more than 15 years researchers have known about a weakness in RC4 that could enable an attacker to decrypt the keystream. Now, a cryptographer has published an attack that exploits that vulnerability and causes serious problems with TLS implementations

Seagate's blog pushes malware on unsuspecting visitors via rogue Apache modules (Naked Security) SophosLabs has been tracking an infection of Mal/Iframe-AL on Seagate's blog since late February. Are you taking enough care of your company's websites

Polish President's computer network attacked by hackers (Reuters) Hackers broke into the computer network of the Polish president's office and attempted to spread a computer virus in the form of an email attachment, the president's press office said on Thursday. Similar incidents have taken place at several other government offices this month, including the Defence and Foreign Affairs Ministries. The internal security agency ABW had placed strict limits on Internet access at Prime Minister Donald Tusk's office after the cyber attacks were first detected

Chinese study claims Android apps are secretly stealing users' data (Quartz) More than two-thirds of apps that run on Chinese smartphones are tracking users' private data, according to a new study by the Data Center of China Internet. (The study is in Chinese but is reprised here in English by Tech in Asia.) And 35% of apps go further by tracking user data that has no connection with the apps' function, often not making users aware this was happening. The DCCI report said the review covered the top 1,400 apps in China

Westpac email hoax hits Aussie inboxes (Sydney Morning Herald) Hundreds of thousands of bogus malware-laden emails purportedly from Westpac were sent to Australians on Thursday, in what a security firm says is the fastest spreading email it can remember. The malware emails were first identified at 9. 30 on Thursday morning and security firm MailGuard said at 3

Encrypting Trojan targets users, demands $5,000 (Help Net Security) Russian anti-virus company Doctor Web is warning users of an active ransomware campaign executed through brute force attack via the RDP protocol on target machines. Once connected to the attacked

Heads-Up - Security appliances are riddled with serious vulnerabilities, researcher says (TechWorld) The majority of email and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances have serious vulnerabilities, according to a security researcher who analyzed products from multiple vendors. Most security appliances are poorly maintained Linux systems with insecure Web applications installed on them, according to Ben Williams, a penetration tester at NCC Group, who presented his findings Thursday at the Black Hat Europe 2013 security conference in Amsterdam. His talk was entitled, "Ironic Exploitation of Security Products."Williams investigated products from some of the leading security vendors, including Symantec, Sophos, Trend Micro, Cisco, Barracuda, McAfee and Citrix

Nevermind Anonymous - organizations are in danger of DOSing themselves (Infosecurity-Magazine) The danger comes from staff bringing both their personal devices and their personal preferences to work whether thats listening to the radio, watching the latest episode of their favorite soap during break periods, or browsing YouTube. The problem is not caused by BYOD, Sergio Galindo, global product manager at GFI Software told Infosecurity, but can be multiplied by BYOD. That said, he added, users with their own hardware are potentially capable of creating more disruption as their devices are not locked down or limited as company-issued hardware would be

Vulnerability database hack highlights need to bolster cybersecurity (CSO Salted Hash) National Vulnerability Database break-in comes as President Obama presses for stronger cybersecurity this week with corporate leaders

North Korea Blames US, South for 'Cyber Attack' (Voice of America) After it suffered a two-day outage of all of its websites based in the country, North Korea is accusing the United States and South Korea of conducting a cyber attack against it. North Korea's state news agency says the country's "internet

Russian intelligence is free to tap Skype sans court order (Rapsi News) Major cyber security and IT market players revealed that Russian security services are able to tap Skype conversations, the Vedomosti newspaper reports. Group-IB CEO Ilya Sachkov said that the security services have been able to monitor the conversations and location of Skype users for a couple of years now."This is exactly why our staff are not allowed to discuss business on Skype," he said. Since its acquisition of Skype in May 2011, Microsoft has added a legitimate monitoring technology to Skype, says Maksim Emm, Executive Director of Peak Systems

Blackhole, Sweet Orange and Cool exploit kits top weapons for cyber crooks (v3) The Blackhole, Sweet Orange and Cool exploit kits are the cyber black markets best-selling tools, according to research by Finnish security firm F-Secure. F-Secure reported on Thursday that Blackhole, Sweet Orange and Cool currently account for 56 percent of the exploit market. The Blackhole is the most used accounting 27 percent of the market, followed by Sweet Orange with 18 percent and Cool with 11 percent

Fake Pope Twitter account proves malicious potential of breaking news (Help Net Security) Mere minutes after it become publicly known that Argentinian cardinal Jorge Mario Bergoglio was elected to serve as the new Pope, Internet users around the world began searching for him on social networks

Oh dear. SophosLabs has upset some malware authors (Naked Security) Whilst dealing with the daily deluge of malicious files, it is nice for those of us working in SophosLabs to occasionally come across something amusing which can make us smile. Sometimes even insults can be amusing (even complimentary), as we have previously noted. Messages to Sophos (sorry, Sofos) within malicious code could be regarded as confirmation that the defences we are putting up are aggravating the criminals. Earlier this week, a new message appeared in one of the active exploit kits…This translates to: "Dear Sofos, what do you need from me? I do not understand. Please f*** off! ThankYou!

Security Patches, Mitigations, and Software Updates

Apple releases OS X 10.8.3 (Help Net Security) The 10.8.3 update is recommended for all OS X Mountain Lion users and includes features and fixes that improve the stability, compatibility, and security of your Mac

Cyber Trends

Identity fraud is up, but banks are up to the security challenge (Help Net Security) In 2012, the total losses resulting from account takeover and new account fraud each rose by approximately 50% over the previous year. These two fraud types impact consumers most severely, and are his

Patching for industrial cyber security is a broken model (Help Net Security) New research from Belden shows that patching is often ineffective in providing protection from the multitude of vulnerability disclosures and malware targeting critical infrastructure systems today

Industrial and Critical Infrastructure--Essential Protection Strategies (Security Info Watch) The critical infrastructure, industrial and outdoor detection markets are nearly synonymous with each other. Certainly, critical infrastructure has its written definition from the Department of Homeland Security (DHS): "Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof"

Demand for Cyber-Attack Insurance Jumps 33 Percent -Report (Fox Business) Demand for Cyber-Attack Insurance Jumps 33% -Report. Published March 14, 2013. Dow Jones Newswires. The number of U.S. companies buying insurance to protect against a cyber attacks and data breaches jumped 33% last year at insurance broker

Hackers Target Third-Party Apps, Popular Programs, Says Secunia (PC Magazine) Danish security firm Secunia specializes in vulnerability management, at all levels. You may have used their Secunia Personal Software

Smaller Nations Will Play Bigger Role in Cyber Warfare ( Jarno Limnell of Stonesoft believes we will see a more level playing field as cyber-warfare becomes a reality. Things were a lot simpler in the good old

Danger Lurks in Growing New Internet Nationalism (Technology Review) Cyber-espionage is old news. What's new is the rhetoric, which is reaching a fever pitch right now. For technology that was supposed to ignore borders, bring the world closer together, and sidestep the influence of national governments the Internet is fostering an awful lot of nationalism right now. We've started to see increased concern about the country of origin of IT products and services; U.S. companies are worried about hardware from China; European companies are worried about cloud services in the U.S; no one is sure whether to trust hardware and software from Israel; Russia and China might each be building their own operating systems out of concern about using foreign ones

Our Security Models Will Never Work -- No Matter What We Do (Wired Threat Level) A core, not side, effect of technology is its ability to magnify power and multiply force -- for both attackers and defenders. One side creates ceramic handguns, laser-guided missiles, and new-identity theft techniques, while the other side creates anti-missile defense systems, fingerprint databases, and automatic facial recognition systems. The problem is that it's not balanced: Attackers generally benefit from new security technologies before defenders do. They have a first-mover advantage. They're more nimble and adaptable than defensive institutions like police forces. They're not limited by bureaucracy, laws, or ethics. They can evolve faster. And entropy is on their side -- it's easier to destroy something than it is to prevent, defend against, or recover from that destruction

Mandiant: ''advanced attackers' exploiting trusted supplier-client VPN (CSO) Advanced attackers are increasingly exploiting the privileged communication channels that targets give their suppliers to launch attacks, according to US security firm, Mandiant. The firm behind the recent report on Chinese hacking groups such as the


Documents lift veil on cyber-security web behind Canadian government firewalls (Calgary Herald) It only took one click for a federal worker to allow malware to infect about 1,800 computers at the Fisheries and Oceans Canada late last year. It took just a little longer for security staff to wipe the malicious code from workstations. But it wasn't as simple a job as it sounds

Duplicative fusion center servers create reporting gaps, finds GAO (FierceGovernmentIT) As part of the Nationwide Suspicious Activity Reporting Initiative, fusion centers gain access to suspicious activity reports using the Justice Department's Shared Spaces servers and the Federal Bureau of Investigation's eGuardian system--a practice the Government Accountability Office says presents overlapping services

Lute: Sequestration will delay Einstein-3A and DHS cybersecurity outreach (FierceGovernmentIT) Sequestration will delay the rollout of the next generation of intrusion detection systems to federal networks, said Homeland Security Deputy Secretary Jane Holl Lute. The system, Einstein 3-Accelerated, and automation of continual diagnostics and monitoring will be impacted by the across-the-board cuts that went into effect March 1, Lute told the House Homeland Security Committee during a March 13 hearing

Google Breaks Up Mapping and Commerce Unit (Wall Street Journal) Google Inc. executive Jeff Huber stepped aside as head of the Internet giant's mapping and commerce unit on Wednesday, in a two-part management shift at that also saw the chief of the Android unit, Andy Rubin, leave his position, according to people

Android Chief Andy Rubin Steps Aside (InformationWeek) Google's Sundar Pichai, senior VP of Chrome and apps, will be adding Android to his responsibilities

Google builds an 'X-team' of tech executives--but for what? (Quartz) Something funny is happening in Mountain View. First Andy Rubin, the man who invented Android, and now Jeff Huber, the former head of Google's mapping and advertising divisions, are moving to a mysterious division within Google so secretive that until the New York Times revealed its existence in 2011, even most of the company's employees didn't know about it

Weatherford leaving DHS, joining Chertoff Group (CSO) Mark Weatherford, deputy undersecretary for cybersecurity at the Department of Homeland Security, is returning to the private sector

CRGT Appoints New Chief Financial Officer Chuck Cosgrove (MarketWatch) CRGT Inc., a leading provider of full life cycle IT services and expert in IT solutions for the Federal Government, today announced the appointment of Chuck Cosgrove as its new Chief Financial Officer (CFO). In this role, Mr. Cosgrove will oversee the Finance, Accounting, Contracts, Legal, IT, Program Control and Quality Management departments for the company out of the main office in Reston, Virginia

Will VMware Challenge Amazon Head On? (InformationWeek) VMware announces Hybrid Cloud Services unit. Does that mean VMware IaaS, competing directly with Amazon, or continued reliance on partners

Silver Spring's IPO showed the right mix of art and science (Quartz) Smart power grid company Silver Spring Networks had some doubters before its IPO debuted on March 13. The company had waited a long time before going public (it filed its initial paperwork in 2011) and green tech stocks haven't been embraced by the market. But when the IPO finally came, the stock jumped by almost 30% after its debut, showing a successful IPO is just as much about art as it is science

FireEye to invest $50 mn, launches R&D centre in Bangalore (Hindu Business Line) PTI FireEye set up its R&D centre in Bangalore which will develop and test new Internet security products products. Cyber security firm FireEye today said

Where are the cyber pros? (Federal Computer Week) For more than a year, leaders at virtually every federal agency have been saying it: "We need a cyber workforce." The qualifications of that workforce vary across organizations - some may need security clearances, specific credentials or specialized training - but for all the talk, what is being done

Hacker to business owner: Spotting innate talent in others (Help Net Security) There has been much debate recently in the UK about the current GCSE exam format. On the one side are those that argue it should be scrapped in favour of a complex testing process to produce stronger

Products, Services, and Solutions

GlobalSign Is First Certificate Authority To Support IPv6 (Dark Reading) Provides all certificate revocation status services over IPv6. GlobalSign (, the enterprise SaaS Certificate Authority (CA), today has announced that it is the first Certificate Authority to provide all Certificate revocations status services over IPv6. This is an important step for the SSL ecosystem, as revocation status services underpin the base security system providing trust to the Internet

Kill The OTP: Netcore Launches Payment Authentication With Missed Call (Medianama) Rajesh Jains Netcore Solutions has launched 2FA, a payment authentication service which allows banks and e-commerce companies to authenticate payments and logins using missed calls. At present, the payment ecosystem is plagued by unreliable bank payment gateways (I had 4 credit card transaction attempts fail on Sunday), and a tedious one time password (OTP) method for enabling mobile payments. Netcore allows users to be authenticated by giving a missed call from a registered mobile number, instead of having to remember a password, or the need to type in a one time password

ESET launches ESET Secure Authentication in South Africa (ITweb) ESET, the leader in proactive digital protection, today announced the general availability of ESET Secure Authentication, a two-factor authentication (2FA) software solution for small and medium-sized enterprises (SMEs). This simple and highly efficient application makes use of remote end-users' mobile devices to deliver a one-time password (OTP) when they connect to company networks, providing added security to the network and the device. ESET Secure Authentication is available immediately through the ESET Southern Africa partner network

ArrayShield IDAS Two Factor Authentication Now Available As Virtual Appliance Solution (biztech2) ArrayShield, the provider of pattern based two factor authentication product has announced the release of its IDAS 2FA Virtual Appliance. ArrayShield IDAS 2FA Virtual appliance strengthens ArrayShield's widely successful IDAS 2FA product suite offering remote access and cloud security providing customers with the flexibility to choose the deployment model that best meets their unique requirements. For the organisations that are looking to deploy an on-premise solution with the highest security and at the same time get the benefit of virtualisation environment, IDAS 2FA Virtual Appliance is the right choice

Raytheon Unveils SureView 6.7 (Zack's Equity Research) Raytheon Company ( RTN - Analyst Report ) has unveiled its SureView Version 6.7 solution to support U.S. federal agencies. The main objective behind the introduction of this new technology is to implement an insider threat detection program to counter national security threats and protect privacy rights. The company's Intelligence and Information Systems business segment will be responsible for this solution upgrade program

HBGary Launches Virtual Classroom for Incident Response Professionals (MarketWatch) Courses include Active Defense, Basic Malware Analysis Using Responder Pro and Advanced Malware Analysis Using Responder Pro

Technologies, Techniques, and Standards

Database Security Operations: Process -- not tools -- is important (Dark Reading) Meeting up with seasoned database security and IT operations teams always keeps me on my toes. The RSA Conference is one such event where I get to meet people who have been doing database security far longer than your average practitioner, and their perspective of the daily grind -- in the trenches -- is very different from my typical analyst inquiry on how to deploy a specific security technology

Constructive Security Training For Application Developers That Works (Dark Reading) Talk to developers in their language-code and make security ramifications visible so they have a reason to improve their habits. Don't believe the lie that developers don't care whether their application code causes expensive vulnerabilities for their organizations. If the dev team is apathetic, then chances are that the security team and IT leadership aren't giving them a reason or the means to care, application security pundits say

Assessing Risk In Your Enterprise Compliance Initiative (Dark Reading) Measuring risk is an important part of many compliance projects. Here are some tips to help you do it right. Compliance and risk are major concerns for any organization that operates in a regulated market. While compliance and risk overlap in certain areas, they are not the same thing

Cloud Providers Work To Disperse Points Of Failure (Dark Reading) Outages at Cloudflare and Microsoft's Azure in the past month underscore that widespread chaos can be the result of a weak point in cloud infrastructure

What Is Lurking in Log Files (eSecurity Planet) A U.S. software programmer made headlines when he outsourced his own job to China. He probably never would have gotten away with it if his employer had been paying attention to its log files. Early this year news broke of a clever but unnerving security breach at a "critical infrastructure company" in the United States. As originally detailed by the security firm who untangled the

Outsource Your Monitoring To The Business (Dark Reading) Don't keep all the fun to yourself. Weren't you looking for an excuse to get out of reading logs? Well, here it is. Security monitoring takes many forms, and some of them are more appropriately done directly by the business. One obvious example of this is Web usage. Department managers will generally know better than you do which kinds of sites are relevant to their work, and which ones aren't. Fantasy baseball league sites are a no-brainer, but what about news sites? If employees are spending a lot of time on The Wall Street Journal pages, they may be doing legitimate research, or they may be goofing off. Only the supervisor can say for sure how much browsing or emailing is too much when compared to the staff's actual assigned tasks

Wipe the drive! Stealthy Malware Persistence - Part 2 (Internet Storm Center) I'd like to continue the discussion on stealthy malware persistence techniques that I began Wednesday and provide two more techniques. The goal is to show that there are many unusual and often overlooked ways to cause processes to execute. This will provide incident responders with ammunition to take what they already know is the right course of action after a malware infection or compromise by an attacker and wipe the drive. So lets talk about technique #3 and #4. If you missed the first two methods for malware persistence, you can read about those here

AVG detect legit file as virus (Internet Storm Center) If you have any Windows XP machines running AVG antivirus you may want to check on them and manually update your AV signatures. According to the report below AVG reports that "wintrust.dll" was being flagged as a trojan

Diving in the Deep Web (Infosec Institute) Deep Web, also known as hidden web, is a term that evokes the unknown, a mysterious place in the cyber space populated by criminals and hackers that is not accessible for ordinary people, but is it true? What is the Deep Web, how do you access to its resources and what is possible to find in its networks? In this post, Ill try to provide an overview on the principal concepts related tothe Deep Web, providing a guide on how to orient within a plethora of hidden servicesThe Deep Web is a collection on information resources located on the World Wide Web not indexed by search engines, contrary to what one might think, its extension is much higher than that of ordinary web, raw estimationsaccredit it around 500 times larger

Trend Micro dupes wannabe hackers with honeypot scam (v3) Security firm Trend Micro has duped hackers into attacking fake industrial control systems (ICS), collecting invaluable data on their attack methods and goals and revealing surprising insights on the UK's hacking scene. The research was revealed at Blackhat Europe 2013 in Amsterdam on Friday and is the result of a collaborative project between Trend Micro and Scada security researcher Kyle Wilhoit. The scam worked by enticing the hackers attack fake honeypot architectures developed by Whilhoit

Is training key to preventing spear-phishing attacks? (HR Zone) One of the most common ways for cybercriminals to gain access to sensitive data on enterprise networks is through phishing. Phishing is a method where cybercriminals send spoofed emails to try to trick recipients into doing something they shouldnt. They can also provide hackers with access to corporate networks in order to acquire sensitive information such as usernames, passwords or R&D information

Beyond the Zero Day: Detecting JVM Drive-bys - Part 1 of 3 (RSA: Speaking of Security) With all the recent Java Virtual Machine (JVM)exploits, a lot of attention is being focused on figuring out how best to mitigate the vulnerability. Detection has been limited to signature-based attempts, mostly firing on class names or well-known strings within the JAR/Class. While this works for the commodity malware based on pre-packaged kits like Black Hole and Redkit, a clever adversary will re-write the exploit and avoid that simple detection method

Design and Innovation

Telecommuting and Yahoo's Desperate Need for Innovation (IEEE Spectrum) Yahoo's CEO, Marissa Mayer, and its executive vice president of HR, Jacqueline Reses, started a firestorm a few weeks ago with a memo that called all its work-at-home personnel back into the office, beginning in June. By some reports, that's only a few hundred employees, but it seems others, who work at home regularly for part of the week, or who less regularly but more than occasionally work at home, would no longer be allowed to work remotely as well


Open Education: Take Back The Curriculum (InformationWeek) Textbooks and course materials distributed like open source software are becoming a serious force in both primary and higher education

Legislation, Policy, and Regulation

Committee Approves Critical Cybersecurity R&D Bills (Intelligent Utility) Congressional Documents and Publications/ContentWorksThe Science, Space, and Technology Committee today unanimously approved two critical bipartisan bills that coordinate and drive research and development (R&D) across federal agencies to address cyber threats to America's high-tech infrastructure. The Committee approved the Cybersecurity Enhancement Act of 2013 (H.R. 756) and the Advancing America's Networking and Information Technology Research and Development (NITRD) Act of 2013 (H.R. 967) by voice vote. Committee Chairman Lamar Smith (R-Texas) is an original cosponsor of both bills

Government announces cyber security partnership to tackle crooks (v3) The government has announced it is to create a new cybercrime partnership, bringing together police, security experts and academics, in an effort to tackle the threat of organised online criminals. The Cyber Crime Reduction Partnership was unveiled by security minister James Brokenshire during a speech to the BCS, the Chartered Institute for IT. Brokenshire, who is best known for closing the UK Forensic Science Service, argued that the public were blissfully unaware of the true nature of cybercrime today.'For too long the public's perception of cyber crime has been lone bedroom hackers stealing money from a bank account, he said

Litigation, Investigation, and Law Enforcement

Genesco Sues Visa Over $13 Million In PCI Noncompliance Penalties (Dark Reading) Retail giant Genesco is suing Visa over a fine of more than $13 million that the credit card firm exacted for noncompliance with PCI guidelines following a breach in 2010

Security reporter tells Ars about hacked 911 call that sent SWAT team to his house (Ars Technica) Brian Krebs may be first journalist to suffer vicious hack known as SWATting

Doctors used silicone fingers to fool fingerprint scanner (Help Net Security) Fingerprint scanners might not work with severed fingers, but artificial ones still manage to fool them, as proved by the recent discovery of a fraudulent scheme set up by doctors working

Govt orders probe into cyber attack on DRDO (Deccan Herald) Govt orders probe into cyber attack on DRDO. Chethan Kumar, Bangalore, March 14, 2013, DHNS. This is not the first time the Ministry of Defence has been targeted by hackers. Fluttered by reports that computers of the Defence Research and Development

Has the Justice Department Learned Anything from the Aaron Swartz Case? (Slate) On Thursday afternoon, the Department of Justice announced it had indicted Matthew Keys, the deputy social media editor at Reuters, on one count of conspiracy and two counts of computer fraud. As Slate's Emma Roller and others have reported, Keys allegedly helped members of the hacker collective Anonymous access the back end of the Los Angeles Times' website in 2010 and change the content of one of its news stories. Though the damage done was minimal, the consequences for Keys may be severe: the three counts with which he was charged carry a maximum combined penalty of 25 years in prison. To put that in perspective, that's almost two years for every word that was changed in the hacked Los Angeles Times story in question

'Oh Jesus': Reuters Editor Accused of Conspiring with Hacker Group Anonymous (Slate) Matthew Keys, deputy social media editor at Reuters, has been indicted by the federal government for conspiring with the hacker group Anonymous to access the Los Angeles Times website in December 2010. He faces up to 25 years in prison and $750,000 in fines if convicted

Matthew Keys 'fine' after indictment on hacking charges (Los Angeles Times) Matthew Keys, the Thomson Reuters deputy social media editor indicted Thursday for allegedly conspiring with members of the hacking group "Anonymous" to infiltrate a Tribune site, reassured friends on Twitter that he is "fine

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...

Department of Homeland Security 6th Annual Industry Day (Washington, DC, USA, March 18, 2013) The Department of Homeland Security (DHS) will be hosting its 6th Annual Industry Day to provide advanced acquisition planning information to industry. DHS Industry Day will consist of two sessions, the...

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...

SINET IT Security Entrepreneurs' Forum (ITSEF) 2013 Underscores Growing Importance of Public-Private Cybersecurity Collaboration (Palo Alto, California, USA, March 19 - 20, 2013) 7th annual collaborative event set for March 19-20 at Stanford University. The Security Innovation NetworkTM(SINET), an organization focused on the advancement of cybersecurity innovation through public-private...

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

SANS Cyber Threat Intelligence Summit (Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.