Turkish hacktivists, this time Kemalist rather than Ottoman, recognize Republic Day by hacking sites they perceive as hostile with Atatürk's image.
An Anonymous cell with an Arabo-Liverpudlian nom de hack claims responsibility for vandalizing Italian university sites (without obvious motive). As Guy Fawkes Day approaches (next Tuesday), big Anonymous calls for physical demonstrations in #OpVendetta, not hacktivism.
A Palestinian hacker seeks renown by pwning Mark Zuckerberg.
Ransomware continues to proliferate. It's retail crime: ordinary users are targets.
Odd episodes are harbingers of exploits in the emerging Internet-of-things: Chinese-made electric kettles (says the Russian press), compromised tradeshow swag, counterfeit money detectors.
Open sources contain interesting information. Consider a 2009 academic paper Chinese researchers published through Elsevier, detailing how the US power grid might be taken down.
Such cyber warfare is much on official minds from Tehran to Beijing (via Tel Aviv, London, Dublin, and Washington). A "cyber Pearl Harbor" is again widely discussed. (But cyber events notoriously can be ambiguous. Pundits might also consider the possibility of a cyber Tonkin Gulf Incident.)
Another historical analogy is also much discussed: the 1970's Church Commission inquiry into the CIA. Fresh allegations of US NSA incursions into Google and Yahoo (denied by NSA's director) seem to bring a Church 2 closer. French authorities recover their momentarily cooled outrage, the Chinese government says it will "take steps" to protect itself, and the Israelis again point out that cyber surveillance is pretty widespread.
Some industry news: interesting new products and a "Dark Mail" project are announced.
Today's issue includes events affecting China, European Union, France, Iran, Israel, Italy, Democratic People's Republic of Korea, Republic of Korea, Palestinian Territories, Philippines, Romania, Russia, Singapore, Turkey, United Arab Emirates, United Kingdom, United States, Vatican..
Cyber Attacks, Threats, and Vulnerabilities
Turk Hack Team Celebrates Turkish Republic Day by Hacking 450+ Websites(HackRead) TurkHackTeam from Turkey, collectively has hacked and defaced 450+ random websites in order to celebrate republic day of Turkey on October 29. Hackers left a deface page with Mustafa Kemal ATATÜRK's image and a greeting message on Turkey's republic day. The deface message was expressed in following words: Since then, every year on October 29 is celebrated as Republic Day in Turkey
#OpVendetta: Anonymous Calls for Massive Million Mask March on November 5th 2013(HackRead) The online hacktivists from Anonymous have asked the people to join them on November 5th 2013 in a massive million mask march against the governments around the world in order to bring a change in society. The important point about this protest is that hacking or defacing will not be a part of it. It will be a protest on ground
Brandon University Hacked(eSecurity Planet) Names, addresses, birthdates and social insurance numbers from student applications between 2004 and 2009 may have been exposed
Cascade–based attack vulnerability on the US power grid(Elsevier) The vulnerability of real-life networks subject to intentional attacks has been one of the outstanding challenges in the study of the network safety. Applying the real data of the US power grid, we compare the effects of two different attacks for the network robustness against cascading failures, i.e., removal by either the descending or ascending orders of the loads
Security Patches, Mitigations, and Software Updates
Windows XP Malware: 6X As Bad As Windows 8(InformationWeek) Need another reason to quit Windows XP before Microsoft ends support for the operating system in six months? Then consider that real-world Windows XP systems already sport a much higher rate of malware infections than Microsoft's more recent operating systems
Google Webmaster Tools Adds "Security Issues" Section(Search Engine Land) Google has announced the addition of a new section within Webmaster Tools named "Security Issues." This new section is aimed at better communicating to website owners security issues, such as site hacks, malware, and so on and then giving a more detailed and concise method of fixing the problem and submitting a review request
New Spamcop Traps Raise Old Issues(Return Path) Spamtrap operators play a valuable role in the email ecosystem. As stated in "M3AAWG Best Current Practices For Building and Operating a Spamtrap", spamtraps are "designed to capture any sort of email abuse." A well-run spamtrap network can identify many types of email abuse, from the very malicious – botnet command and control centers – to the mostly harmless but annoying – email marketers who are inadvertently sending to the wrong subscribers. In order to remain effective, spamtrap operators must frequently update their networks to ensure that they are adequately capturing enough data to identify abuse. As such, many spamtrap operators are continually preparing new traps which they can begin using at any time without warning
Risk versus hype: What is the real impact of insider security threats?(SerchSecurity) In a recent survey of international corporate executives, insider threats were their No. 1 security concern. Does data justify this level of concern? Should the top priority (and subsequent resources) of enterprise infosec teams be to curb insider security threats
DM Warns of Enemies' Cyber War against Iran(Fars News Agency) Iranian Defense Minister Brigadier General Hossein Dehqan warned of enemies' possible plots to wage a cyber war against the country to destroy Iran's scientific and industrial infrastructures
Cyber Warfare at Home and Abroad(Daily NK) Of late, there has been constant criticism of online political meddling carried out by the National Intelligence Service (NIS) and ROK military Cyber Command; incidents that have inflicted further harm on public trust in South Korea's state security apparatus. Though justified, this criticism has also led to confusion over the value of online defenses against North Korea's own cyber warfare. This is problematic, as cyber security experts mostly agree that Pyongyang is engaged in more such actions today than at any time in the past
How Can We Realistically Prep For A Cyber Attack?(National Geographic) American Blackout is not a movie about cybersecurity. It is about disaster preparedness. The 90-minute docudrama devotes less than five minutes to the cyber attack, saying only that it involves some sort of "malicious code" that somehow causes transformers and substations to blow up all over country. The rest of the movie follows the breakdown of civil society during a ten-day, nationwide blackout
Alexander: Defending Against Cyberattacks Requires Collaboration(American Forces Press Service) Catastrophic cyberattacks loom in the nation's future, and only collaboration among government agencies, Internet service providers and U.S. allies worldwide can help citizens prepare for them, the commander of U.S. Cyber Command said this afternoon
The Haunted House of Cyber Scares(PCMagazine) Don't think supernatural baddies exist? You're about to be proved wrong. Vampires and witches pose some of the most dangerous cyber threats out there. In the spirit of Halloween, Trend Micro released an entertaining infographic that pairs some of the spookiest frights to their cyber counterparts
Romania's Bitdefender says "a listing on the stock exchange before 2016 is unlikely"(actmedia) "We are now reviewing our strategy for the next 3 to 5 years. Bitdefender will not list on the stock exchange before 2016. I am referring to the fact that we need to reach critical mass, and the first stage of this will probably happen in 2015," Florin Talpes, CEO and founder of Romanian security solutions provider Bitdefender, said
Lavabit And Silent Circle Join Forces To Make All Email Surveillance–Proof(Forbes) In recent months, Lavabit, based in Texas, and Silent Circle, based in Washington, D.C., both shuttered their encrypted email services. The companies said they couldn't keep them running knowing they were vulnerable to surveillance if faced with a dedicated enough attacker... which for Lavabit came in the form of the federal government when it wanted access to NSA whistleblower Edward Snowden's Lavabit account. Now the companies are teaming up with plans to offer an open-source tool that could make peer-to-peer, end-to-end encryption an easy add-on for any email service. The challenging part: they need to get other email providers — especially the heavyweights, Google, Yahoo, and Microsoft — to join them in offering the tool
Why you should care about something as boring as an accounting firm merger(Quartz) PriceBoozHouse. PricewaterhouseBooz. BoozPrice. Pooz? Those are just a few of the scintillating names that could come from combining two of the world's biggest professional services firms, accounting behemoth PricewaterhouseCoopers, and management consulting house Booz & Company. The firms announced plans to tie up today, which should help give sluggish PricewaterhouseCooper a boost. But what's good for the bottom line isn't always good for the integrity of the business; the move raises concern about the accounting industry's longstanding troubles with conflicts of interest
Sophos delivers cloud–based endpoint security(Help Net Security) Sophos announced Sophos Cloud, an easy to use security service that provides essential protection for today's advanced threats. This first version of Sophos Cloud provides protection at the endpoint
Secure corporate BYOD solution by ForeScout(Help Net Security) ForeScout Technologies announced interoperability between ForeScout CounterACT network security and SAP Afaria mobile device management (MDM) platforms. The combination enables companies to accelerate
Lockheed Martin Cyber Solution Enables Secure Data Sharing Between Top Secret and Unclassified Security Domains(Wall Street Journal) Lockheed Martin (NYSE: LMT) has developed a cyber security solution that allows intelligence to be securely shared among personnel working at all security levels -- from highly classified intelligence sites to unclassified users in the field. This high assurance information solution, called Trusted Sentinel, allows data to be manually and/or automatically transferred between two or more differing security domains by using a single consolidated configuration of hardware and software
FireEye Introduces New Virtual Machine–Based Threat Protection for Remote or Branch Offices(MarketWatch) FireEye, Inc. FEYE -3.80% , the leader in stopping today's advanced cyber attacks, today announced the launch of the FireEye(R) NX 900, extending the FireEye virtual machine-based threat protection to remote or branch offices. With the FireEye NX 900, organizations can better protect one of the weakest links in enterprise security against advanced attacks. The FireEye NX 900 will be generally available before the end of the year
Improving Critical Infrastructure Cybersecurity: Executive Order 13636(NIST) The Preliminary Cybersecurity Framework for improving critical infrastructure cybersecurity is now available for review. The Preliminary Cybersecurity Framework is provided by the National Institute of Standards and Technology (NIST). If the Cybersecurity Framework is to be effective in helping to reduce cybersecurity risk to the Nation's critical infrastructure, it must be able to assist organizations in addressing a variety of cybersecurity challenges. The National Institute of Standards and Technology (NIST) requests 9 that reviewers consider the following questions
Compliance Checklist: Cloud Encryption Best Practices for Banks and Insurance Companies(Ciphertext) For industries whose handling of sensitive consumer data renders them subject to strict regulations, the cloud is anything but a simple choice. Before you can commit to the cloud, you'll have to understand exactly what cloud information protection measures you must take to remain in regulatory compliance. Follow this checklist to protect your organization's data and business interests
BSIMM Advancing Software Security(eSecurity Planet) The annual Building Security in Maturity Model (BSIMM) study adds new software security data every year. Nearly 70 companies contributed to version five, introduced this week
Making metadata meaningful for network security(CSO) Metadata is most simply data about data. From a network security perspective it has multiple uses ranging from real-time incident detection to post-prevention forensic analysis. Before you start exploring the many uses of metadata extracted from your network environment, there are some variables that must be considered
America's Best Student Researchers to Compete in NYU–Poly Cyber Security Awareness Week(Sacramento Bee) Judges chose 10 of the best young researchers to progress to the final round of the prestigious Best Applied Security Paper Contest during the world's biggest student cyber security challenge event. The 10 doctoral candidates from across the United States will gather on the Brooklyn campus of the Polytechnic Institute of New York (NYU-Poly) for the 10th annual Cyber Security Awareness Week
Capitol Hosts Cybersecurity Awareness Event(Capitol College) [On October 16, 2013], Capitol College hosted students from Oxon Hill High School, Charles H Flowers High School, Frederick Douglas High School and Fort Meade High School for a cybersecurity awareness event in honor of National Cybersecurity Awareness month. Every October is National Cybersecurity Awareness Month and it is an excellent opportunity to help create a safe, secure, and resilient cyber environment
NSA fires back at Washington Post report(Politico) A new report that the U.S. government had infiltrated links to Google's and Yahoo's data centers around the globe drew a sharp rebuke Wednesday from the National Security Agency, which declined to comment whether such collection had ever occurred
NSA bombshell shocks former spooks(Foreign Policy) Former intelligence officials, technology industry executives and lawmakers reacted with anger and anxiety over the latest revelations that the National Security Agency is reportedly infiltrating some of the world's biggest technology companies and making off with the private communications of millions of their customers
NSA denials are 'Implausible,' France says(Washington Post) France rejected as implausible assertions by U.S. intelligence agencies Wednesday that they had not collected phone records of millions of European citizens, and a French government spokeswoman said the charges "appear to have been thoroughly substantiated"
What Hides in the 'Box'?(Israel Defense) Ronen Solomon reveals: the US embassy in Tel Aviv and other US embassies around the world possess devices similar to the one used for wiretapping purposes in Berlin, according to the investigation by Der Spiegel
NSA uproar could spark changes not seen since 1970s(USA Today) As criticism of the National Security Agency mounts, the U.S. intelligence community is bracing for an overhaul of how it does business on a level not seen since Sen. Frank Church held hearings into intelligence abuses nearly four decades ago
Woodward: "Secret" Government Under Obama Administration Needs To Be Reviewed(Face the Nation via Real Clear Politics) BOB SCHIEFFER: What is so interesting, Bob Woodward, and you know, you and I have seen a lot of these things. BOB WOODWARD: Too much. SCHIEFFER: The first thing that agencies tend to do is try to make sure they can't be blamed for something. And, clearly, that is why the FBI and the CIA did not come clean with the Warren commission, and why maybe they didn't even tell the agents in Dallas what was going on
Senate bill calls for random background checks for clearance holders(Federal News Radio) In the aftermath of the Sept. 16 shootings at the Navy Yard and security leaks caused by former National Security Agency contractor Edward Snowden, a group of senators has decided it's time to update how the government conducts security clearance background checks
Los Angeles creates 'Cyber Intrusion Command Center'(Reuters via Yahoo! News) Los Angeles Mayor Eric Garcetti, citing warnings by President Barack Obama and National Intelligence Director James Clapper about the threat of attacks on computer networks, on Wednesday announced the creation of the city's first "Cyber Intrusion Command Center"
Litigation, Investigation, and Law Enforcement
How enterprises can avoid violating the Stored Communications Act(SearchSecurity) I saw that there was a recent case in Ohio, Lazette v. Kulmatycki, where a company was found in violation of the Stored Communications Act, or SCA, because it didn't adequately tell employees how it monitors communications on BYOD devices. What sort of BYOD monitoring details should we include (or not include) in our policy
PNP bags 4 Koreans in 'voice phishing' scam(FreeNewsPos) Four Koreans involved in the so-called "voice phishing" scam were nabbed by the Cyber Response Team of the Philippine National Police-Anti-Cybercrime Group (PNP-ACG) during operations in 30 Bb. Librado Avelino St., Circulo 12, BF Homes, Paranaque City Thursday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CyberInnovation Briefing(Baltimore, Maryland, USA, November 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being...
RSA Conference Europe(Amsterdam, the Netherlands, October 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning...
TrustED 2013(Berlin, Germany, November 4, 2013) In this workshop we consider selected aspects of cyber physical systems and their environments. We aim at bringing together experts from academia, research institutes, industry and government for discussing...
OKTANE 1(San Francisco, California, USA, November 3 - 5, 2013) OKTANE13 is an identity, security and mobility event. Whether you're just getting started with cloud applications, evaluating a mobile strategy, building a hybrid enterprise IT, or looking to make your...
MIRcon 2013(Washington, DC, USA, November 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress.
KMWorld 2013(, January 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development...
Maryland Art Place Annual Fall Benefit(Baltimore, Maryland, USA, November 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner...
Cyber Education Symposium(Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways...
APPSEC USA(New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security...
IT Forum Expo/Black Hat Regional Summit(, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...
2nd Annual East Africa IT and Cyber Security Convention 2013(Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.