Deliberation precedent to a punitive strike on Syrian targets continues, with cyber operations widely expected to play a part. Assad's Syrian Electronic Army (SEA) is relatively quiet today, although pro-regime hacktivists' second stringers commit minor acts of cybervandalism. Yesterday's claims that hacktivists have emails showing the US Joint Staff faked chemical attacks sink without trace—failed black propaganda.
Cyber conflict makes strange bedfellows. Anonymous claims to have "taken down" the SEA and confirmed Krebs' identification of the group's leadership.
Other Anonymous cells call for cyber jihad (against the US and Israel) on September 11, and protests against Brazilian corruption on September 7. Such #Ops have a weak recent track record.
Researchers at Georgetown and the Naval Research Laboratory (NRL) show how Tor can be de-anonymized by traffic correlation, that is, through determined use of metadata. (NRL should know—it invented Tor.)
Supermicro's Baseboard Management Controller is vulnerable to data theft. Familiar threats assume new forms: Citadel, Backdoor.Darkmoon, and NetTraveler. Some good news: Hand-of-Thief proves lamer than feared, and a glut of commodity botnets cuts into black market profits. As Kim Dotcom exits Mega for the music biz, a developer says he pwns Mega's master key.
State-sponsored cyber attacks are expected to increase (routers and switches being preferred targets).
In industry news, In-Q-Tel invests in Socrata, Spry Methods buys James Secure Solutions, and Arbor acquires Packetloop. Silent Circle offers an anonymous messaging tool. Brazil's government is developing a secure alternative to Gmail and Hotmail.
Business Insider claims Russia's FSB penetrated Wikileaks.
Today's issue includes events affecting Argentina, Australia, Bangladesh, Brazil, China, Egypt, India, Israel, Japan, Pakistan, Russia, Sweden, Syria, Taiwan, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Syria, Egypt strife sparks surge in cyber attacks — McAfee(Cyberwarzone) Syria's civil war and political strife in Egypt have thrown up new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company. More than half of incidents in the Gulf this year were so-called "hacktivist" attacks — which account for only a quarter of cybercrime globally — as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp's software security division McAfee said on Tuesday
Assad's Anonymous Cyber-Force: Who is the Syrian Electronic Army?(International Business Times) The Syrian Electronic Army is representative of a much wider move online in modern warfare. While we are yet to truly see a full–scale cyber–war, almost every single conflict taking place around the globe is being fought in some part in cyber–space
'Anonymous' to Reg hack: We know SEA leaders' names(The Register) Anonymous hacktivists say they've taken down Syrian Electronic Army hacktivists. Following the Syrian Electronic Army's (SEA's) attack on a Melbourne IT reseller which resulted in the temporary compromise of domain name records for targets as diverse as The New York Times and Twitter, a group claiming association with Anonymous now says it has compromised SEA databases and servers
Could an extra $50 really have prevented The NYT hack?(Business Spectator) It seems no stone was left unturned in the hurricane of mass confusion surrounding last week's hack of The New York Times. What else can you expect when you combine a high profile target (the New York Times), with an obscure issue (DNS security) and a local company (Melbourne IT), where it's difficult to comprehend their core business is at best of times, let alone on a tight deadline
Syrian Electronic Army Defaced Marines Website, US Confirms(1070 WAPI) U.S. officials confirmed a cyber attack by the Syrian Electronic Army on the Marine Corps recruiting website late Monday in which the pro-Assad collective replaced the normal page with one calling on U.S. servicemen to refuse orders to fight in Syria should they be called
#OpFreeSyria: 40 Chinese Educational Websites Hacked by Team Hacking Argentino(Hack Read) The Argentinian hackers from Team Hacker Argentino have hacked and defaced total 40 Chinese educational websites for #OpFreeSyria, an ongoing online operation in support of Syrian president Bashar al Assad. Hackers left a deface page along with a message on all hacked websites with an audio and text message, defending Syrian government and asking the government of the world not to interfere in Syria
Bangladesh's Largest IT University Daffodil hacked, server rooted by 3xp1r3 Cyber Army(Hack Read) Two hackers going with the handle of ExpirED BraiN and IceCream from 3xp1r3 Cyber Army have hacked and defaced the official website of Bangladesh's largest Information Technology 'Daffodil University'. The hackers also rooted the university server, as a result 84 of its sub-domains were also defaced today. All hacked sites were left with a deface page along with a message which gives us a little bit of clue
Pakistani Hacker hacks website of Indian Bioresource Information Network (IBIN)(Hack Read) A famous Pakistani hacker going with the handle of h4x0r HuSsY is back, this time the hacker has hacked and defaced the official website of Indian Bioresource Information Network (IBIN) under government of Goa, India. The site was hacked today, left with a deface page along with a message in which hacker has been bashing Indian hackers for attacking Pakistani cyber space. The deface message was expressed in
#OP7: Anonymous Brazil calls for biggest protest in the history of Brazil on September 7(Hack Read) The online hackavist group Anonymous Brazil has asked Brazilians to join them on 7th September 2013, the country's independence day in one of the biggest protest against politicians and massive corruption. The protest will be conducted under the tag of '#OP7' in 140 cities especially against group of politicians involved in stealing massive amount of money from the government for ages without being charged
"Homeless hacker" Commander X quits Anonymous, retreats to robot lab(Ars Technica) Will "fade into the mists of myth and legend."Last year, I traveled to Canada to write a long profile of "homeless hacker" Christopher Doyon, who goes by the name "Commander X" and who is on the run from the US government. (Doyon brought down a California county's website for 30 minutes, with the help of Anonymous, as part of his protest over an "anti—sleeping" law targeting homeless people; he is under indictment in the Northern District of California and is the only known Anon who has jumped bail to live "in exile.") Doyon's life has been by turns bizarre and dramatic, but last week the online drama surrounding Anonymous proved too much even for him—and he quit
Persistent adversaries can identify Tor users(Help Net Security) Using the Tor network will not you grant perfect anonymity - in fact, a group of researchers from the US Naval Research Laboratory and Georgetown University say that "Tor users are far more susceptible
PRISM repercussion on the Tor network accesses(Security Affairs) The use of Tor Network to preserve user's anonymity and to avoid government surveillance, we discussed this topic several times explaining that through the analysis of Tor metrics data it was possible to study the effect of political events in the cyberspace. Cyberspace and ordinary life are directed linked, a disorder in the every part of globe has its repercussion on the cyber domain and viceversa. Analyzing the use of Tor Network it is possible to detect social protests or censorship/surveillance applied by any government
NSA Laughs at PCs, Prefers Hacking Routers and Switches(Wired) The NSA runs a massive, full-time hacking operation targeting foreign systems, the latest leaks from Edward Snowden show. But unlike conventional cybercriminals, the agency is less interested in hacking PCs and Macs. Instead, America's spooks have their eyes on the
G20 Summit Used as Bait to Deliver Backdoor.Darkmoon(Symantec) Ahead of tomorrow's G20 summit in Saint Petersburg, Russia, attackers are leveraging the meeting's visibility in targeted attacks. One particular campaign we have identified is targeting multiple groups. They include financial institutions, financial services companies, government organizations, and organizations involved in economic development
Citadel botnet resurges to storm Japanese PCs(The Register) Banking Trojan infects 20,000 IP addresses. Citadel, the aggressive botnet at the heart of a widely criticised takedown by Microsoft back in June, is back and stealing banking credentials from Japanese users, according to Trend Micro. The security vendor claimed to have found "at least 9 IP addresses", mostly located in Europe and the US, functioning as the botnet's command and control servers
APT malware NetTraveler learning new tricks(CSO) Advanced Persistent Threat exploits Java vulnerabilities, embraces watering hole technique, says researcher. An Advanced Persistent Threat (APT) called NetTraveler has been spotted making mischief again, but it appears to have learned a few new tricks since it was last spotted in June. The malware is now attacking a known Java vulnerability, CVE-2013-2465, and added water holing to its propagation strategy, according to new research from Kaspersky Lab
Chinese Cyberspies Enlist Java Exploit(Dark Reading) The so-called NetTraveler targeted attack campaign discovered earlier this year by Kaspersky Lab is now employing an exploit that takes advantage of a just-patched Java bug, and is also adopting the increasingly popular waterholing technique to infect targets. NetTraveler, a.k.a. Red Star, Travnet, and Netfile, is a less sophisticated but persistent attack campaign with uncanny longevity: For nearly 10 years, it has targeted hundreds of victims in 40 different countries across governments, embassies, oil and gas, military contractors, activists, and universities. The APT group is made up of some 50 members and has traditionally employed patched Office exploits — namely CVE-2012-0158
Hand of Thief Linux Trojan fails to work as promised(Help Net Security) RSA researchers have recently spotted a banking Trojan targeting Linux systems being sold online by a cybercrime team based in Russia. Dubbed Hand of Thief by its creator(s), the malware apparently has form grabbing and backdoor capabilities, and is able to block the victims' access to hosts offering AV solutions and security updates. It also purportedly works on 15 different Linux desktop distributions and supports 8 different desktop environments
Suspicious Responses: Shining a New Light on an Old Threat(Umbrella Labs) OpenDNS users may have noticed an intriguing security feature in their dashboard: the ability to block "suspicious responses." When enabled, this feature blocks any DNS response containing IP addresses within a private IP range
Packet captures and log files for Port 14566(Internet Storm Center) A recent uptick in Port 14566 shows some activity over the past month, as shown in our DShield Report(1), however we have little information about what exactly is happening. Some activity, then a lag near the end of August, followed by a large spike at the end, and the top port the past 24 hours, is curious. A search of that port using Google and other security and traffic sites has yielded little, so if anybody has log files or activity of this port, we'd love to have a look
How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts? — part two(Webroot Threat Blog) We continue to observe greed-centered underground market propositions selling access to malware-infected hosts based in Russia and Eastern Europe, a practice which has been largely avoided by cybercriminals for years in order to avoid attracting the attention of local law enforcement. How are these prices shaped? Are these examples an indication of a trend, or a fad largely based on the seller's inability to secure a long-term revenue stream for selling? Are we witnessing a commoditization and over-supply of malware-infected hosts based in developed countries? Let's find out
Online Attack Leads to Peek Into Spam Den(New York Times) For years, Igor A. Artimovich had been living in a three-room apartment he shared with his wife in St. Petersburg, sitting for long hours in front of his Lenovo laptop in his pajamas, drinking sugary coffee. If he were known at all to Western security analysts who track the origins of spam, and in particular the ubiquitous subset of spam e-mails that promote male sexual enhancement products, it was only by the handle he used in Russian chat rooms, Engel
Anatomy of a killer bug: How just 5 characters can murder iPhone, Mac apps(The Register) What evil lurks in the Unicode of Death…oh, a buffer overrun. There has been much sniggering into sleeves after wags found they could upset iOS 6 iPhones and iPads, and Macs running OS X 10.8, by sending a simple rogue text message or email. A bug is triggered when the CoreText component in the vulnerable Apple operating systems tries to render on screen a particular sequence of Unicode characters: the kernel reacts by killing the running program, be it your web browser, message client, Twitter app or whatever tried to use CoreText to display the naughty string
Data–Security Expert Kaspersky: There Is No More Privacy(Wall Street Journal) Russia's Eugene Kaspersky Talks to WSJ About Growing Cyberthreats. A month after National Security Agency leaker Edward Snowden arrived at the airport here, Russian computer-security expert Eugene Kaspersky fielded a question on the newly-exposed U.S. surveillance programs at his office down the road. "There is no more privacy," the 47-year-old CEO of antivirus software firm Kaspersky Lab told a group of journalists
Over one–fifth of people use ad–blocking software—and it's beginning to hurt(Quartz) Last week, Quartz reported on an unlikely crowdfunding campaign: The browser extension AdBlock, which does exactly what its name says, is raising money so it can fund online ads that tell people how to use it to block online ads. As of this writing, the campaign has surpassed its second goal of $50,000, which AdBlock says will allow it to not only post online ads but also get space on a billboard in Times Square. We estimated that AdBlock is probably doing rather well for itself through donations alone and noted that the more people use AdBlock the more it could harm sites that rely on advertising revenue to stay afloat
Vulnerabilities Everywhere(Secunia) Every day, we read about cyber-attacks and data breaches, incidents that represent in many cases a disaster for private companies and governments. Technology plays a significant role in our lives; every component that surrounds us runs a piece of software that could be affected by flaws and exploited by those with ill intentions
Amazon hiring 'top secret' IT staff as it fights for CIA work(Computer World) Government private cloud bid represents new approach for Amazon — one that has put it at odds with IBM. The U.S. isn't doing a good job keeping secrets. Think Edward Snowden. But demand for trustworthy IT professionals is strong, especially if they want to work for Amazon Web Services
New Systems Seek to Connect Troops at the Tip of the Spear(SIGNAL Magazine) Two ongoing military programs, one getting ready to deploy and another still in the prototype stage, aim to connect troops at the very tactical edge back to larger military data and communications networks. These programs—one service–oriented, the other an agency effort—are part of the Defense Department's thrust to make warfighters, especially individual soldiers in small units, more connected
Landrieu seeks 'cyber footprint' for Louisiana(FCW) Sen. Mary Landrieu wants the federal government to build out its cybersecurity capabilities in her home state, far away from the federal contracting hub inside the Beltway. The Louisiana Democrat — who is up for re–election in 2014 — has parochial reasons for making such a pitch. But some experts agree with her
DRC Wins $6 Billion Blanket Purchase Award for Cyber Security Support(Wall Street Journal) Dynamics Research Corporation (Nasdaq:DRCO), a leading technology and management consulting company focused on driving performance, process and results for government clients, today announced it was one of 17 awardees of a $6 billion blanket purchase agreement for the Department of Homeland Security Continuous Diagnostics and Mitigation, Tools and Continuous Monitoring as a Service program to deploy continuous monitoring tools and services throughout the federal government. The contract has a one–year base period of performance and four one–year option years
VMware's security efforts lack focus, argues analyst(FierceITSecurity) VMware (NYSE: VMW) has shifted its security focus from security application programming interfaces (APIs) to a virtual networking platform, observes Paula Musich, principal analyst for enterprise security at Current Analysis, in a recent blog. Prior to its acquisition of software defined networking firm Nicira for more than $1 billion, VMware was focusing its security efforts on a set of higher level APIs developed with security partners to replace its VMsafe APIs. The new APIs were intended to be easier to work with and provided a greater variety of security functions, explained Musich
Spry Methods, Inc. Completes Acquisition of James Secure Solutions, Inc.(gnom.es) Spry Methods completed its acquisition of James Secure Solutions, Inc. (JSS), just ranked by Inc., as #98 on the Top 100 Government Services Companies nationwide, is a leading provider of Cyber Security, Information Assurance, and Continuous Monitoring, services the Intelligence Community, Department of Defense, and federal law enforcement agencies who sustain mission critical operational and developmental programs in support of our Nation's security. JSS is well known within the industry for vulnerability and security assessments, penetration testing, risk management framework, FISMA compliance, auditing and audit review participation, and incorporating security into various development methodologies, i.e., Agile. JSS now becomes part of Spry Methods, which provides Information Technology, Enterprise Resource Planning, Financial Management, Business Process Consulting, C5ISR and Systems Engineering services in support of the United States Navy, Army, Department of Homeland Security, USDA, HUD, and the Intelligence Community
Arbor Networks acquires Packetloop(Help Net Security) Arbor Networks has acquired privately held Packetloop, an innovator and provider of Security Analytics. Terms of the deal were not disclosed. Arbor plans to invest in and expand Packetloop's Sydney, Australia
Who wins and who loses in Microsoft's acquisition of Nokia(Quartz) Microsoft just bought Nokia's smartphone business for $7.2 billion. No matter how this turns out, the implications for both companies, and for the fortunes of other smartphone makers, especially in emerging markets, could be huge
Microsoft's Nokia Buy: Consumer Chase Is On(InformationWeek) Microsoft can't live by enterprise dollars alone. By purchasing Nokia's device business, Microsoft has shown its consumer strategy will survive into the post-Ballmer era
Verizon bets big on U.S. wireless market(CNN Money) One of the biggest deals in corporate history solely targets the already saturated U.S. wireless market. Verizon (VZ, Fortune 500) is paying $130 billion to take full control of Verizon Wireless from U.K. partner Vodafone (VOD), giving it full control of America's largest and most profitable wireless provider
Forget the Microsoft Soap Opera. It's the Verizon Deal That Matters(Wired) To be sure, Microsoft's purchase of Nokia's cellphone business makes for a better story. The $7.17 billion deal spans the big-time patent wars, a simmering drama over the CEO succession plan at Microsoft, and the tragic spectacle of two aging tech giants flailing around in search of relevance — not to mention all those shiny gadgets
FireEye Launches New 'Continuous Protection' Platform(SecurityWeek) FireEye, the soon-to-go-public provider of threat protection solutions, today announced a new, real-time, continuous protection platform that leverages a combination of people, technology and intelligence to protect customers against advanced cyber attacks. Dubbed "Oculus", the new platform from FireEye is comprised of three components
Privacy case makes your phone untrackable(Help Net Security) With all the recent revelations about NSA's long cyber reach and the (in)voluntary involvement of big Internet companies and US telecoms in its many surveillance programs, it's not entirely surprising that a Kickstarter project offering a portable and usable Faraday cage for mobile devices has been successful
NSA–resistant Android application 'burns' sensitive messages(CSO) Silent Circle's messaging application ensures only the sender and receiver can view messages and files. Silent Circle, a company specializing in encrypted communications, released a messaging application for Android devices on Wednesday that encrypts and securely erases messages and files
Neohapsis and Arxan protect sensitive apps(Help Net Security) Neohapsis and Arxan announced a partnership to offer enhanced tamper-resistance and self-defense built into a comprehensive application security strategy
30–Second HTTPS Crypto Cracking Tool Released(InformationWeek) Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible. Details of the BREACH — short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext — attack were first revealed last month at the Black Hat information security conference in Las Vegas by Salesforce.com lead product security engineer Angelo Prado, Square application security engineer Neal Harris, and Salesforce.com lead security engineer Yoel Gluck
Android 4.4 named KitKat(Open Source Insider) The next version of the open source Android mobile operating system from Google has been named KitKat. Now powering what is estimated to be more than 1 billion of the planet's smartphones and tablets, Android 4.4 had previously been rumoured to be named Key Lime Pie
#Socialmediaruinedmylife: Live to (not) regret using social media(Trend Micro) Those who have ruined their reputations and damaged their careers after posting inappropriate material on social networks include politicians, movie and sports stars as well as teachers, police officers and even fast food restaurant employees. The problem of exposing too much information could continue to plague social media users, a possibility supported in the August 2013 poll by Cint USA and the global security software developer Trend Micro. According to the poll, 24 percent of the respondents said they have posted something they later regretted or removed, and 36 percent said they have seen something they regard as inappropriate
Technologies, Techniques, and Standards
Domain Security Needs More Than Registry Locks(Dark Reading) Protecting domains requires registry locks as well as other measures, including two-factor authentication and administrative access control. Today's networking infrastructure relies on the domain name system--not only a company's public-facing Web servers and Internet appliances but much of its private infrastructure as well. But enterprises need to better protect their DNS environments, as last week's attack on a reseller of domain registrar MelbourneIT and the subsequent redirection of the New York Times, the Huffington Post, and two subsidiary Twitter domains, demonstrated. While the attacks should not have come as a surprise, the vast majority of companies are unprepared for such malicious attention
Do You Know Where Your Databases Are?(Dark Reading) One of the most important first steps to any database security strategy is also coincidentally one of the most likely to be forgotten: enumerating the databases an organization manages. After all, unless an enterprise knows how many databases it has and which ones contain sensitive information, it is pretty difficult to prioritize them based on risk and implement appropriate controls. And yet, many organizations are operating in the dark with regard to database discovery
Emulating binaries to discover vulnerabilities in industrial devices(IOActive Labs Research) Emulating an industrial device in a controlled environment is a really helpful security tool. You can gain a better knowledge of how it works, identify potential attack vectors, and verify the vulnerabilities you discovered using static methods. This post provides step-by-step instructions on how to emulate an industrial router with publicly available firmware. This is a pretty common case, so you should be able to apply this methodology to other scenarios
PCI DSS 3.0 is a start, but more changes are needed(SC Magazine) The PCI Security Standards Council (PCI SSC) recently released highlights of the widely anticipated PCI DSS 3.0 requirements. Businesses that store, process or transmit cardholder data must follow the requirements to better protect their customers' information from being stolen by criminals
Dude, where's my security ROI?(CSO) When it comes to security, ROI or return on investment has historically been difficult to measure. It's a bit like that bar receipt from Las Vegas that you don't want to bring up around management because it's hard to defend
NUARI to Receive $9.9 Million Contract from U.S. DHS S &T to Develop Technologies for Combating Cyber Attacks(IT News Online) Norwich University Applied Research Institutes (NUARI) and U.S. Senator Patrick Leahy (D-Vt.) announced Thursday that U.S. Department of Homeland Security Science and Technology (DHS S &T) directorate intends to award NUARI a $9.9 million contract for technologies and systems to help financial institutions, government agencies and other critical infrastructure respond to cyber attacks through expansion of capabilities of its DECIDE software platform
Legislation, Policy, and Regulation
India govt concerned about Chinese apps(ZDNet) Amid the growing popularity of Whatsapp and UC Browser in India, various government agencies have expressed concerns over potential security risks of these made–in–China mobile apps
Brazilian government plans national 'anti–snooping' email system(Wired) The Brazilian government is planning to develop a national email system that is protected from the sort of espionage that the US National Security Agency carries out. The government has already been working with the national postal agency Correios to develop the new commercial email system, providing an alternative to the likes of Gmail and Hotmail, which would guarantee the veracity of documents and offer functions such as a delivery certification showing when an email has been read by the recipient
President Obama says U.S. not snooping on ordinary people's emails, phones(Reuters) President Barack Obama said on Wednesday the United States was not spying on ordinary people's correspondence and phone calls, but its international intelligence gathering was targeted at specific areas of concern. "I can give assurances to the publics in Europe and around the world that we are not going around snooping at people's emails or listening to their phone calls," Obama said during a joint news conference with Swedish Prime Minister Fredrik Reinfeldt
New documents detail cyber operations by US(Economic Times) Newly disclosed budget documents for America's intelligence agencies show how aggressively the United States is conducting offensive cyber operations against other states, even while the Obama administration protests attacks on U.S. computer networks by China, Iran and Russia
Dispute over report about secret NSA budget(Security Info Watch) The National Security Agency on Thursday disputed a published report that secret intelligence budget files provided by agency leaker Edward Snowden show that the surveillance agency warned in 2012 that it planned to investigate up to 4,000 cases of possible internal security breaches
The Only Way to Restore Trust in the NSA(The Atlantic) The public has no faith left in the intelligence community or what the president says about it. A strong, independent special prosecutor needs to clean up the mess. I've recently seen two articles speculating on the NSA's capability, and practice, of spying on members of Congress and other elected officials. The evidence is all circumstantial and smacks of conspiracy thinking — and I have no idea whether any of it is true or not — but it's a good illustration of what happens when trust in a public institution fails
Piecemeal Approach to Cyber Legislation(Healthcare Info Security) As lawmakers head back to Washington after their summer recess, the U.S. Senate likely will take a piecemeal approach to cybersecurity legislation, says Jacob Olcott, the former counsel to the Senate Commerce, Science and Transportation Committee, whose leaders introduced a draft bill
Army swears in new cyber command leader(FCW) In a ceremony held Sept. 3 at Fort Belvoir, Va., Army Chief of Staff Gen. Ray Odierno swore in Lt. Gen. Edward Cardon as commander of Army Cyber Command. Cardon previously served as commanding general of the 2nd Infantry Division in South Korea. Prior to that, he was deputy commanding general for support for U.S. Forces-Iraq. That appointment was the last of Cardon's several commanding positions in and deployments to Iraq
Did WikiLeaks Sell Out Snowden To The Russians?(Business Insider) Is it just a coincidence that former NSA analyst Edward Snowden, a valuable intelligence asset, ended up in the hands of Russia's security services? Or did WikiLeaks, the "anti-secrecy" organization that has taken responsibility for Snowden, send him there in collaboration with the Russians Former senior U.S. intelligence analyst Joshua Foust makes a compelling argument that Wikileaks may have been infiltrated by Russia's Federal Security Bureau, the post-Soviet successor to the KGB
Russia Issues International Travel Advisory to Its Hackers(Wired) For roughly two decades Russia has been something of a safe haven for professional spammers, hackers, phishers and fraudsters hitting the U.S with cyber scams. Now the Russian government has some advice for its cyber criminal class, and any other citizens who might be wanted by U.S. law enforcement: Don't leave home
Surveillance Law Meant to Curb Spying, not Boost It, Senators Say(Courthouse News Service) Walter Mondale and another former senator who crafted the 1978 Foreign Intelligence Surveillance Act want to join in the fight against the National Security Agency's spying powers. The so-called Church Committee, which published 14 reports on U.S. intelligence agencies and their operations, formed as members of Congress learned about the abuses of power in the Nixon administration
Data breach lawsuits roll on as lawyers work to establish legal precedent(SC Magazine) Nearly a decade ago, identity thieves posed as customers to steal more than 160,000 consumer records from data broker ChoicePoint. If the incident were to happen today, it likely would be met with a passing yawn, common hacker play that is nothing more than just another headline, only to replaced by tomorrow's breach, that one by the next day's. But the ChoicePoint heist remains a landmark incident, mostly because it was the first big breach required to be publicly reported, thanks to a pioneering notification law passed in 2003 in California, known as SB-1386
Lawyers report steep rise in employee data theft cases(Naked Security) UK law firm EMW has reported a sharp rise in confidential data theft cases brought before the High Court. Is that because data control is becoming laxer, or actually because things are tightening up so that more crooks are getting caught
Microsoft, Google discover newfound respect for Constitution(FierceITSecurity) Microsoft (NASDAQ: MSFT) and Google (NASDAQ: GOOG) have discovered a newfound respect for the U.S. Constitution. In their efforts to disclose additional information about the data they turned over to the National Security Agency, the two firms are waving the flag and appealing to the First Amendment
Why Child Identity Theft is Dangerous(McAfee) Identity theft in the form of new account fraud can happen to anyone with a Social Security number, which includes virtually any American with a pulse...as well as some who no longer do. Identity theft can even happen to your newborn baby shortly after a Social Security number has been issued to him or her and this could have long term implications for your child
Nine cyber syndicate members remanded(ITWeb) Nine members of a cyber syndicate, which allegedly stole R15 million, have been denied bail. The syndicate reportedly defrauded thousands of people through phishing scams, opening false store accounts and accessing credit using cloned identities. Forty-five members of an alleged cross-continental cyber syndicate, which stole R15 million from South Africans, were released on bail yesterday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
2013 ACT–IAC Executive Leadership Conference(Williamsburg, Virginia, USA, October 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for...
TechCrunch Disrupt San Francisco(San Francisco, California, September 7 - 11, 2013) For the fourth year in a row, TechCrunch Disrupt will take over the San Francisco Design Center Concourse, and we're bringing the hottest startups and best minds in the industry with us. Block off September...
SANS CyberCon Fall 2013(Online, September 9 - 14, 2013) With sequestration still in place, organizations are finding themselves with training budgets, but drastically reduced travel budgets. This one-of-a-kind online training event brings SANS' top instructors...
15th Annual AT&T Cyber Security Conference(New York, New York, USA, September 10, 2013) The AT&T Cyber Security Conference is an annual day-long conference offered by the AT&T Chief Security Office. Combining the expertise of its security experts, the scale and reliability of its global IP...
International Common Criteria Conference(Orlando, Florida, USA, September 10 - 11, 2013) FBC invites you to participate in the International Common Criteria Conference (ICCC) taking place in Orlando, Florida. This is the first time since 2000 that the ICCC is taking place in the U.S. The ICCC...
GrrCon(Grand Rapids, Michigan, USA, September 12 - 13, 2013) Says IT World, "Another hacker conference, this time in Michigan. The schedule looks to be bawdy, brash and anything but dull, with hackers promising to "pwn" you before you leave town. There are also...
cybergamut Technical Tuesday: Malware Analysis for the Masses(Columbia, Maryland, USA, September 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With...
Shaping the Future of Cybersecurity Education Workshop(Gaithersburg, Maryland, USA, September 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National...
NovaSec!(McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...
Strange Loop(, January 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and...
ISSA Cyber Security Forum at Ft Belvoir(Fort Belvoir, Virginia, USA, September 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber...
CISO Executive Summit(Atlanta, Georgia, USA, September 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind...
2013 Cyber Security Summit(New York, New York, USA, September 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be...
4th Annual Cybersecurity Summit(Washington, DC, USA, September 25, 2013) GEN Keith Alexander, Commander of U.S. Cyber Command, Director of the NSA/Chief, Central Security Service and Dr. Pat Gallagher, Director, NIST are among the distinguished speakers confirmed to keynote...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.