skip navigation

More signal. Less noise.

Daily briefing.

Bangladeshi hacktivists continue their cyber riot against India.

A new Mac Trojan, "OSX/Leverage.A" (or "Leverage," for short) is installing backdoors and downloading the Syrian Electronic Army (SEA) logo. An app disguised as a picture, the Trojan's mode of transmission remains unclear, but it's appearing in "highly targeted" exploits. Attribution is also unclear—the SEA told Softpedia it's "not associated" with the attacks.

Microsoft, responding to reports of targeted attacks exploiting an IE vulnerability, issues a warning and workarounds.

Symantec reports its identification of a Chinese hacking crew, "Hidden Lynx," which appears to be either an organization of the Chinese government or a contractor that works exclusively for that government. They're associated with both Aurora and the Bit9 certificate hack; their preferred tools are the Moudoor backdoor Trojan (a tailored version of Gh0stRAT) and Naid (used against high-value targets). Hidden Lynx is most active in industrial espionage and there makes substantial use of waterhole attacks. There's some evidence they may be running some fraud operations on the side.

Other Chinese hackers, the patriotic hacktivists of "Honker Union," mark the 82nd anniversary of the Kwantung Army's invasion of Manchuria (September 19, 1931) by preparing a cyber riot against Japanese targets.

In industry news, the long-feared (and not unreasonably feared) post-Snowden international reaction against US IT firms has yet to materialize. Mandiant expands into Europe. Banks are called upon to help businesses by sharing DDoS data.

Brazil's president cancels a US state visit as Brazil seeks to disconnect its Internet from the US.

Notes.

Today's issue includes events affecting Australia, Bangladesh, Belarus, Brazil, Canada, China, France, Germany, Hungary, India, Israel, Italy, Japan, Republic of Korea, Norway, Russia, Singapore, Syria, Taiwan, Ukraine, United Kingdom, United States, and Uzbekistan..

Cyber Attacks, Threats, and Vulnerabilities

Cyber War Continues as Bangladeshi Hackers Hacks more 200 Indian Websites (HackRead) As I had reported earlier how Bangladesh Black HAT Hackers (BBHH) have started cyber war against Indian cyber space by hacking 90 Indian websites. This time the hackers have hacked and defaced 200 Indian websites as a continuation of ongoing cyber warfare. BBHH claims that all hacks were done against alleged brutality of India Border Security Forces in which targeted sites were left with a message against

"Leverage" Mac Malware Downloads Syrian Electronic Army Logo on Infected Devices (Softpedia) Security researchers from Intego have uncovered a new Trojan that targets OS X machines. Dubbed "OSX/Leverage.A," the malware has been spotted in the wild, but experts say the overall threat level is low because it appears to be used only in targeted attacks

New Mac Trojan Discovered Related to Syria (Intego) A new Mac Trojan has been discovered that creates a backdoor on an affected user's machine. It was found on VirusTotal, sent by a user in Belarus. At the time of writing, the Command and Control (C&C) server is down and no longer sending commands to affected users. This appears to be a targeted attack, though the method of delivery is not yet known. So, while this has been affecting users in the wild, the overall threat level appears to be low. The Trojan is an application that is disguised as a picture — the .app file-extension is not visible by default

Microsoft warns of new IE zero-day, exploit in the wild (Threatpost) Microsoft is looking into reports of targeted attacks against a new vulnerability that exists in all supported versions of Internet Explorer. The attacks are targeting IE 8 and 9 and there's no patch for the vulnerability right now, though Microsoft has developed a FixIt tool for it

Hidden Lynx — Professional Hackers for Hire (Symantec Security Response) The Hidden Lynx group is a professional team of attackers with advanced capabilities. They were responsible for the compromise of security firm Bit9's digital code-signing certificate which was used to sign malware. The Bit9 breach was part of the much larger VOHO campaign and that campaign was just one of many operations undertaken by the group over the last four years. The group likely offers a "hackers for hire" operation and is tasked with retrieving specific information from a wide range of corporate and government targets

Hacker group in China linked to big cyber attacks: Symantec (Reuters) Researchers have discovered a group of highly sophisticated hackers operating for hire out of China, a U.S. computer security company said on Tuesday, and it linked them to some of the best-known espionage attacks in recent years

State–Sponsored Hacker Gang Has a Side Gig in Fraud (Wired) An elite group of nation-state hackers running roughshod through the financial sector and other industries in the U.S. has pioneered techniques that others are following, and has used sophisticated methods to go after hardened targets, including hacking a security firm

Hidden Lynx — the hackers for hire who compromised a security firm (Graham Cluley) Symantec researchers have published a detailed report into the hacking gang that they believe hacked into security firm Bit9 earlier this year, and managed to inject malware into customers' networks

Securo–boffins link HIRED GUN hackers to Aurora, Bit9 megahacks (The Register) Researchers: It was 'resourceful' Hidden Lynx crew wot done it. Security researchers have linked the "Hackers for hire" Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009. Hidden Lynx is a sophisticated hacking group based in China and made of up of between 50 to 100 individuals, according to Symantec. The hackers provide "full service" as well as "customised" cyber-espionage attacks against corporate and government targets, claims the security firm. Its favoured tactics include compromising third-party sites frequented by individuals from targeted organisations with malicious code

'Honker Union' sniffs 270 hacktivism targets (The Register) Chinese group to mark Manchurian Incident with cyber nationalism raids. Infamous Chinese hacktivist group Honker Union has shortlisted a whopping 270 Japanese targets for attack today — the anniversary of the Manchurian Incident, which was the precursor to the Japanese invasion of China

Affiliate network for mobile malware impersonates Google Play, tricks users into installing premium-rate SMS sending rogue apps (Webroot Threat Blog) Affiliate networks are an inseparable part of the cybercrime ecosystem. Largely based on their win-win revenue sharing model, throughout the years, they've successfully established themselves as a crucial part of the cybercrime growth model, further ensuring that a cybercriminal will indeed receive a financial incentive for his fraudulent/malicious activities online. From pharmaceutical affiliate networks, iPhone selling affiliate networks, to affiliate networks for pirated music and OEM (Original Equipment Manufacturer) software, cybercriminals continue to professionally monetize each and every aspect of the underground marketplace, on their way to harness the experience, know-how and traffic acquisitions capabilities of fellow cybercriminals

Too long passwords can DoS some servers (Help Net Security) The discovery of a vulnerability in popular open source web application framework Django has recently demonstrated that using a long password is not always the best thing to do. As explained by

Neutrion EK — IE exploit analysis (MalForSec) More Neutrino stuff on the menu. Hopefully you find it better than spam and are not tired of my Neutrino adventures. As I have just come back from a week off-line I spotted a tweet…Just over a week ago I sort of concluded that Neutrion only had Java exploits. But here someone prove me wrong and I must admit I had only checked with the "obvious" stuff that neutrino uses Plugin Detect for. So time to look once again into Neutrino and one of it's mysteries

Citadel's Man–in–the–Firefox: An Implementation Walk–Through (Arbor Networks) While banking malware or "bankers" have a lot of functionality, they are defined by their Man-in-the-Browser (MITB) implementation. This mechanism allows them to not only steal banking usernames and passwords, but to also inject arbitrary content into banking websites in order to social engineer and try and steal additional credentials such as identifying information, pins, and token codes

Connecting the Dots: Fake Apps, Russia, and the Mobile Web (TrendLabs Security Intelligence Blog) The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow. Fake apps usually ride on the popularity of legitimate apps—for example, recently fake emails said that users had received voice mail from WhatsApp. These fake messages try to trick users to download them onto their mobile devices, from which they usually perform a combination of these malicious routines

Maryland state security sloppiness exposes personal data (ZDNet) Careless practices by the State of Maryland have exposed the data on thousands of background check forms to even the most casual hacker. Securing data can be hard work. It can be complicated. It can be expensive. And then sometimes you see people putting so little effort into it that there's just no excuse. An example of this was sent to me by a reader. In anticipation of new gun control laws scheduled to take effect October 1, tens of thousands of citizens of Maryland applied for gun permits, which requires a background check

Security Patches, Mitigations, and Software Updates

Microsoft Releases Security Advisory 2887505 (Microsoft Security Response Center) Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message. Running modern versions of Internet Explorer ensures that customers receive the benefit of additional security features that can help prevent successful attacks

Mozilla Updates Firefox 24 With 17 Security Advisories (eWeek) The latest open-source Firefox browser release adds new user features and patches critical security vulnerabilities. Mozilla on Sept. 17 released its latest open-source Firefox browser update for both Android as well as desktop versions for Windows, Mac and Linux operating systems. The Firefox 24 release is light on new user-facing features and heavy on security fixes, providing 17 security advisories, seven of which Mozilla has rated "critical"

Cyber Trends

Travelers regularly connect to free, unsecure Wi-Fi networks (Help Net Security) GFI Software announced the findings of an extensive independent research project looking at end user use of mobile devices at work and in their daily commute to and from the workplace, which revealed

James Bamford Discusses Cyber Warfare (SC Magazine) [Video] James Bamford discusses the possibility of Silicon Valley tech companies going on the offensive when it comes to cyber security

"More trouble" brewing as mobile threats multiply "exponentially", ex–ISACA chief warns (WeLiveSecurity) Mobile threats are becoming more complex, and more difficult to deal with as more and more devices become connected, a former vice-president of security trade body ISACA has warned. "Expect more trouble," Rolf von Roessing warned an audience of IT professionals at the 2013 EuroCACS conference. Roessing warned that iPhone users would not be immune — and that even companies which attempted to audit and control mobile devices would still find 30–40% "flying under the radar"

Marketplace

Google, Facebook See No Significant Impact On Business From NSA Revelations (Huffington Post) Edward Snowden's unprecedented exposure of U.S. technology companies' close collaboration with national intelligence agencies, widely expected to damage the industry's financial performance abroad, may actually end up helping

Senior execs debunk the US skills gap myths (FierceBigData) More than a few economists call the aftermath of the last recession a "jobless recovery," perhaps the first such beast to roam the economic landscape after a major downturn. That argument has been countered with the claim that jobs do exist, but too few American workers have the skills needed to fill them. Case in point: the huge demand for data scientists and big data related jobs that remain largely unfilled. But a recent survey of senior executives finds that a lack of technical skills in job applicants isn't the prevailing problem. American workers are missing something far more fundamental and the execs blame the education system for the shortfall

Microsoft leads growing SaaS content security market, says Infonetics (FierceITSecurity) Microsoft (NASDAQ: MSFT) leads the software-as-a-service content security market, which is forecast by Infonetics to top $1 billion by 2017. Other top contenders in the SaaS content security segment include Symantec, Intel's McAfee, Cisco and Proofpoint

MILITARY $8.31 Million Federal Contract Awarded to Jacob & Sundstrom (Hispanic Business) Jacob & Sundstrom Inc., Baltimore, was awarded an $8,310,388 federal contract by the U.S. Army Contracting Command, Adelphi, Md., for support services for the U.S. Army Research Laboratory Computer Network Defense Services program, ARL Information Assurance Manager's office and the ARL Computational and Information Sciences Directorate gent for the Certification Authority

SAIC to Install Polycom Tool in NATO Video Conference Platform (GovConWire) Science Applications International Corp. (NYSE: SAI) will install Polycom technology into a video collaboration environment intended to help NATO members centralize communications. The Polycom RealPresence platform will be installed in NATO locations across Europe and North America and will be built to hold resources for operations such as classified communications and resource planning, Polycom said Monday

EXCLUSIVE: Ron Police, Former Apple Government Lead, Joins SAP National Security Services (GovConWire) Ron Police, the former vice president of Apple Government, has joined SAPSimplified Acquisition Procedures / Special Application Program National Security Services (NS2), the independent national security and critical infrastructure contracting subsidiary of SAPSimplified Acquisition Procedures / Special Application Program, GovCon Wire has learned

Enlightened Appoints Derek Smith To Director Of Cyber Initiatives (BWW) Enlightened, Inc., a leading Information Technology (IT) consulting firm delivering Cyber Security, Systems Integration, and Management Consulting solutions, announced today the appointment of Derek Smith as Director of Cyber Initiatives. Prior to joining Enlightened, Mr. Smith was the Global Cyber Security Education, Training and Awareness Practice Manager for the Commercial Cyber Security Consulting Group at Computer Sciences Corporation (CSC)

Mandiant® Announces European Expansion to Meet Growing Demand for Products and Services (Fort Mill Times) Mandiant®, the leader in security incident response management, today announced the expansion of its European operations including a new office in the London area, key hires to direct sales in the region and new agreements with channel partners. The announcement was made in London at the opening of the Gartner Security & Risk Management Summit, where Mandiant is exhibiting on 18th-19th October

Cloud Storage Startup Nirvanix Tells Customers, Partners It's Shutting Down (CRN) Nirvanix, a San Diego-based cloud storage startup, is shutting down and telling customers to move their data off its systems by the end of the month, sources told CRN Tuesday

FireEye IPO Gets My Attention (Seeking Alpha) FireEye, Inc (FEYE), a next generation cyber security firm, plans to raise $182 million through its upcoming IPO. The firm will offer 14,000,000 shares at an

F5 acquires cyber security co Versafe (Globes) F5 Networks has acquired the Rishon Lezion company, which provides web anti-fraud, anti-phishing and anti-malware solutions. F5 Networks Inc. (Nasdaq: FFIV) has acquired Rishon Lezion based Versafe Ltd., which provides web anti-fraud, anti-phishing, and anti-malware solutions. Financial details about the acquisition were not disclosed and F5 said that the acquisition was not expected to have a material impact on the company's operating results

SAP Ventures invests $15m in Recommind (Computing) SAP Ventures, the technology investment unit of software vendor SAP, has invested $15m in unstructured data management company Recommind

Products, Services, and Solutions

Review: Avira Free Android Security (eSecurity Planet) Reviewer Matt Sarrel says Avira Free Android Security shows that simple device security does not require an expensive product only enterprises can afford

Mobile Device Management companies get more app control on iOS 7 (CSO) Apple is providing MDM APIs that better allow vendors to 'take advantage of the operating system hooks to provide application-level security'

HP's security portfolio upgrade stems from bigger focus on real-time data (ZDNet) HP is looking toward the fervor surrounding real-time data to support new threat detection and preventative measures. Hewlett-Packard is rolling out a number of upgrades and additions to its enterprise security portfolio while hoping to encourage BYOD strategies at the same time. But aside from HP's new Security Risk and Controls Advisory Services for Mobility (essentially a strategy guide on managing personal devices in the workplace), most of HP's latest updates focus on the infrastructure well in the background rather than any devices directly

Evaluate the skill level of Linux pros (Help Net Security) TrueAbility launched AbilityScreen for Linux Professionals, a new way to evaluate the skill level of those who work within a Linux environment. Individuals now have a way to demonstrate their expertise

Zscaler cloud–based platform makes behavioral analysis mainstream (Help Net Security) Zscaler announced Zscaler for APTs, a cloud-based security solution to address the entire advanced persistent threat (APT) and advanced targeted attack (ATA) defense lifecycle, including protection

Growler Gets Down With The Internet (Strategy Page) Four years after entering squadron service, the U.S. Navy's EA-18G "Growler" electronic warfare aircraft is being upgraded with a communications technology that allows the EA-18G to share data instantly with other EA-18Gs and other types of aircraft (combat and support, like E-2 and E-3 AWACS). The new capability is JTIDS (Joint Tactical Information Data System). Development (by the U.S. Air Force) of this system began 30 years ago and mature examples of the technology only began showing up in the last decade. JTIDS is a datalink that gives the pilot complete and real-time situation report, showing what other pilots (and planes like the E-3) are seeing

BlackBerry Z30 to launch as firm tries to revive smartphone ambitions (ITPro) Can the largest BlackBerry device to-date do enough to attract users? Faltering smartphone firm BlackBerry has announced the successor to its flagship Z10 handset, as the firm continues to try and claw back market share

The War Machine (Slate) The military's laptop of choice provokes shock and awe. Just as Desert Storm boosted the sales of Hummers and GPS handhelds, Gulf War II will spawn its own crossover hits, pieces of military equipment that become civilian fetish objects. A prediction: One of the war's big winners will be Itronix's GoBook MAX, a sort of Windows laptop on steroids. The GoBook MAX has already been spotted in video from the front, and Air Force firemen deployed in Turkey have them. If Gulf War II is the first Internet war, then a computer should be its first piece of military chic

Kaspersky joins the new AV trend: multi–device edition (ZDNet) The latest thing in the antivirus business is an edition that buys you protection on multiple device types, probably Windows, Mac and Android. Kaspersky has released theirs. It's partly a concession of the market failure of products for Mac and mobile

Dropbox File Brouhaha: Use Case Is The Issue (InformationWeek) Before you pull your files over a perceived security threat, ask yourself: How are you using the cloud file sharing service

Technologies, Techniques, and Standards

Database Misconfigurations: Windows To Vulnerable Data (Dark Reading) Experts recommend developing configuration baselines and regularly comparing database configurations to those standards to prevent configuration drift

Suspect NIST crypto standard long thought to have a back door (GCN.com) While the National Institute of Standards and Technology reopens public review of several of its cryptographic standards, it is "strongly" advising against using

So you think you know all about configuration management (The Register) Last month El Reg published an article by me that introduces the concepts of configuration management. You can read it here. In this article I explore some common misconceptions about the topic and move on to discuss some dos and don'ts. Let me state straight away that configuration management (CM) is not just about program code

ISF Provides Organizations with Advice on How to Implement a BYOD Program (Softpedia) The Information Security Forum (ISF) has published a new report to help organizations address the problems they may face when implementing a bring-your-own-device (BYOD) program. The study, "Managing BYOD Risk: Staying Ahead of Your Mobile Workforce," highlights a few key aspects and makes recommendations on how such programs should be implemented to make sure corporate data is not exposed

When it comes to HIPAA, don't be bossy with business associates (FierceHealthIT) Don't try to be Big Brother to your business associates (BAs) and put stress on your own healthcare organization as the new HIPAA omnibus rule goes into effect, warns Frank Ruelas, compliance officer at Gila River Healthcare in Sacaton, Ariz. BAs know they will be directly liable for compliance under the HIPAA Security Rule and parts of the Privacy Rule, he says in an article at HealthITSecurity

Lawmakers, hospitals press OMB on unique identifier rule (FierceHealthIT) What's taking so long? That's what four members of the U.S. House asked in a recent letter to the Office of Management and Budget about releasing the Unique Device Identifier (UDI) final rule. In response to slow progress, Congress last year set a June 19 deadline for the Food and Drug Administration to develop regulations for a medical device tracking system. The FDA's proposed rule has been under review with the OMB—the final step—for nearly a full year

Banks' Leadership in DDoS Fight (Bank Info Security) As we mark the one-year anniversary this week of the first announcement of DDoS attacks waged by Izz ad-Din al-Qassam Cyber Fighters against U.S. banks, it's time to call attention to the need for banks to take a leadership role in helping other sectors fend off attacks (see Lessons Learned From Bank DDoS Attacks). U.S. banking institutions must take the lead in the defense of our nation's critical infrastructure by sharing cyberthreat intelligence with other industries as well as lessons learned about effective defenses

The semantic web: "metadata on steroids" (FierceBigData) One of the biggest problems in big data use is in finding which data you need to use to answer any given question. As practitioners struggle to resolve this issue daily, an often overlooked potential solution is getting more attention

Biggest challenge to big data projects? Human bias (FierceBigData) When it comes to data analysis, people want to believe that the data and the analytical outcomes are unbiased and reliable. But that simply isn't the case. Far too often the data itself is incorrect, either because it's taken out of context, is wrong by any account, or it hasn't been updated. Such dirty data gives bad results. But beyond data integrity issues, the bigger challenge is by far human bias

OECD revises 33–year–old privacy guidelines (FierceITSecurity) The Organization for Economic Co-operation and Development has updated its privacy guidelines for the first time in 33 years, according to a report by Bloomberg BNA. The guidelines take a new risk-management approach to privacy protections for companies and public organizations and introduce the concept of "privacy risk assessment," explained Olivier Proust, a Brussels-based attorney with Field Fisher Waterhouse

Design and Innovation

Phonebloks — A Customizable Smartphone That Could Revolutionize The Industry (Forbes) I'm quite proud of the fact I predicted the smartphone a good half a decade before the likes of Apple 's iPhone became popular. Even before the likes of Microsoft 's Windows Mobile and Blackberry OS were doing the rounds, it seemed pretty clear to me that we were on the verge of an all-in-one device that could take half-decent pictures, play your MP3s, access the Internet and make calls

Research and Development

A quantum leap for network security (Computing) The word "quantum" often brings to mind the almost impossible; quantum physics, quantum theory, quantum mechanics - all dizzying topics understood by few. For those of us currently without a doctorate in physics, the idea of quantum technology sounds very much like science fiction

Academia

Computer science professor to earn top honors (Purdue Exponent) Spafford will be inducted into the National Cyber Security Hall of Fame in Baltimore on Oct. 9. He will also receive the Harold F. Tipton Lifetime Achievement

Tips for educational organizations on how to defend against online threats (Help Net Security) The kids are back to school and hopefully they're heeding the right advice on how to stay safe in an educational environment, but students aren't the only ones who should be concerned about security

Legislation, Policy, and Regulation

Proportionality key to cyber surveillance, says former MI5 head (ComputerWeekly) Proportionality is critical in cyber surveillance by intelligence services, says former MI5 head Eliza Manningham-Buller. "The more intrusive the tool, the higher the level of authorisation," she told attendees of Trend Micro's 25th anniversary customer conference in London

Brazilian President Dilma Rousseff calls off US trip (BBC News) Brazilian President Dilma Rousseff has called off a state visit to Washington next month over allegations of US espionage. The US National Security Agency (NSA) has been accused of intercepting emails and messages from Ms Rousseff, her aides and state

Brazil's Wild Plan to Purge America From Its Internet (Gizmodo) Brazil is not very happy about all these NSA revelations. As home to Latin America's biggest economy, the country understandably hates the idea that the United States is listening to its phone calls and reading its emails. In fact, Brazil hates it so much that it wants to disconnect itself from the U.S. internet altogether

New Intel Bill Would Force More FISA Court Reporting (Breaking Defense) A bipartisan group of House lawmakers have presented a new bill designed to increase congressional oversight of the Foreign Intelligence Surveillance Court and its main client, the National Security Agency. Obviously, the bill was sparked by the flood of classified information released by the international fugitive and former intelliegnce contractor Edward Snowden

Senators Decry NSA 'Ineptitude,' Call for End to Dragnet Phone Surveillance (Wired) Sens. Ron Wyden (D-Oregon) and Mark Udall (D-Colorado) are blasting the NSA's admission that — because of its own internal bungling — it carried out thousands of inquiries on phone numbers without any of the court–ordered screening designed to protect

Is cyber–offense the answer? (FCW) Private-sector companies spend billions of dollars each year on cybersecurity to keep the bad guys out of their systems, but their efforts are often exercises in futility as the tools and capabilities of cyber threats continue to increase

Relax and learn to love big data? Ummm, no. Regulation is a must! (FierceBigData) Adam Thierer, a senior research fellow at the Mercatus Center at George Mason University, penned an opinion post in U.S. News wherein he suggests we all "relax and learn to love big data." Despite being the big data lover that I am, I wholeheartedly disagree with that advice and his assertions that "the critics often overstate these dangers while also glossing over the overwhelming benefits. They also ignore the extent to which people adapt to new information technologies over time." While humans are incredibly adaptable, even to horrid circumstances, adapting does not in any way sanction any given circumstances as acceptable

Congress takes aim at NSA on surveillance (FierceITSecurity) Lawmakers are having second thoughts about the authority that Congress granted the National Security Agency (NSA) to conduct a broad surveillance program against U.S. citizens. For example, two powerful Democratic senators are calling for an end to the bulk collection of phone record data from U.S. carriers

Litigation, Investigation, and Law Enforcement

Beijing calls fears over internet crackdown "paranoia," briefly detains corruption–fighting blogger (Quartz) In China, "people enjoy full freedom on the Internet," an official from the Ministry of Information told Indian reporters during a visit to Mumbai this week, according to DNA, a news outlet in India. "The perception that the government has placed any restrictions on the Internet is untrue," he said, adding that China's media had the same freedom as any others, except they must "avoid fabrication of stories" and "be socially responsible by not aggravating any issue"

Government requests to LinkedIn on the rise (ZDNet) While requests for LinkedIn user data from governments remains relatively low, there were close to double the number of requests between the last half of 2012 and the first half of 2013

U.S. Telcos Have Never Challenged NSA Demands for Your Metadata (Wired) Since at least 2006 a secret spy court has continuously compelled the nation's carriers to hand over records of every telephone call made to, from or within the United States. But none of the phone companies have ever challenged

FBI a 'secret domestic intelligence agency,'ACLU says (Anchorage Daily News) In the wake of the National Security Agency spying scandal, the American Civil Liberties Union shifted attention Tuesday to the FBI with a

Extended Ruling By Secret Court Backs Collection Of Phone Data (New York Times) The Foreign Intelligence Surveillance Court on Tuesday offered its most extensive public explanation for why it has allowed the government to keep records of all Americans' phone calls, releasing a previously classified opinion in which it said the program was constitutional and did not violate Americans' privacy rights

FISA court defends NSA surveillance decisions (McClatchy) The secretive federal court that oversees government surveillance released a recent opinion Tuesday that explains and defends its decisions giving the National Security Agency broad power to collect the phone records of all Americans. At issue were decisions going back to 2006 that permitted the agency to order phone companies to turn over the dialing records of calls made in this country. This "metadata" did not include the names of the callers, nor did it include the content of the calls

Alleged Anonymous Hacktivist Arrested for Hacking Texas County Website (HackRead) Last week the FBI had arrested an alleged hacker who they claim is a member of online hacktivist Anonymous group and took part in hacking the official website of Texas County Website. His name is Fidel Salinas Jr, now in federal custody awaiting a detention hearing where Salinas is facing charges for breaching and hacking computers of Texas County Website without permission. Texas County website was hacked

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Information Security Conference (Charleston, West Virginia, USA, October 2, 2013) On October 2, the WVOT Office of Information Security and Controls, will be sponsoring a no-charge information and cyber security awareness event at the Charleston Civic Center. The agenda will offer...

Shaping the Future of Cybersecurity Education Workshop (Gaithersburg, Maryland, USA, September 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National...

NovaSec! (McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...

Strange Loop (, January 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and...

ISSA Cyber Security Forum at Ft Belvoir (Fort Belvoir, Virginia, USA, September 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber...

CISO Executive Summit (Atlanta, Georgia, USA, September 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind...

CCBC Leadership Seminar Luncheon: Cyber Awareness: What Employers Need To Know (Owings Mills, Maryland, USA, September 20, 2013) , no later than September 13, 2013.

cybergamut Technical Tuesday: Malware Analysis for the Masses (Columbia, Maryland, USA, September 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With...

2013 Cyber Security Summit (New York, New York, USA, September 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be...

4th Annual Cybersecurity Summit (Washington, DC, USA, September 25, 2013) GEN Keith Alexander, Commander of U.S. Cyber Command, Director of the NSA/Chief, Central Security Service and Dr. Pat Gallagher, Director, NIST are among the distinguished speakers confirmed to keynote...

The Monktoberfest (Portland, Maine, USA, October 4, 2013) Our speakers will explore how social trends can change the way we build and use technology, and how technology in turn can change the way we socialize.

Suits and Spooks NYC 2013 (New York, New York, October 5, 2013) Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state...

Forensics and Incident Response Summit EU (Prague, Czech Republic, October 6 - 13, 2013) The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. In addition, we encourage you to take every opportunity to...

CyberMaryland 2013 (Baltimore, Maryland, USA, October 8 - 9, 2013) Join cybersecurity leaders, luminaries and rising stars at CyberMaryland 2013. This two-day event at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for...

2013 Maryland Cyber Challenge (Baltimore, Maryland, USA, October 8 - 9, 2013) Held in conjunction with Cyber Maryland and intended to let students and young professionals showcase their cybersecurity skills, Maryland Cyber Challenge offers competition in three divisions: high school,...

AFCEA Hill AFB Technology & Cyber Security Expo (Ogden, Utah, USA, October 9, 2013) The purpose of this first-time event is to allow base personnel the opportunity to learn about the latest computer security trends, network with peers, share remediation strategies and to view and demo...

International Conference on Cyber–Enabled Distributed Computing and Knowledge Discovery (Shanghai, China, October 10 - 12, 2013) International Conference on Cyber-enabled distributed computing and knowledge discovery -promotes research and development of the cyber-related technology. It is unique and significant that spans through...

VizSec 2013 (Atlanta, Georgia, USA, October 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, October 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer...

USDA Cyber Security Symposium and Expo 2013 (Washington, DC, USA, October 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit...

SNW Fall 2013 (Long Beach, California, USA, October 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and...

Hexis Exchange (Athens, Greece, October 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such...

Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, October 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers,...

Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, October 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have...

13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security...

Cloud Connect (Chicago, Illinois, USA, October 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully...

cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, October 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting...

Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, October 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest...

Joint Federal Cyber Summit 2013 (Washington, DC, USA, October 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished...

2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, October 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for...

SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, October 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S.

Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary,...

NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, October 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.