Minor cyber rioting occurs in a non-Ukrainian corner of the former Soviet near abroad, as Armenian hacktivists respond to border skirmishes with defacements of Azerbaijan websites. (The defacement text leads one to wonder despairingly if low young-adult American English is now irreversibly the script kiddies' international lingua franca.)
Russian news agency RIA-Novosti reports it sustained a denial-of-service attack this weekend. No attribution, yet.
The trade press mulls Recorded Future's report on al Qaeda's post-Snowden coms. The Base has changed its crypto, failed to resolve the tension between branding and security (to the detriment of security), and shifted away from Apple to Android (which Apple Insider says represents bad news for Android users).
Japanese households suffer a wave of malicious home-router traffic responsible for 4.8 million outages since the spring of this year.
Mozilla developers' passwords and email addresses may have been inadvertently exposed to harvesting by cyber criminals.
FireEye reports on "Pitty Tiger," allegedly a Chinese APT group whose directing intelligence remains obscure. Pitty Tiger has been active since 2008, and shown interest in the international aerospace sector as well as all things Taiwan.
Crimeware continues its evolution: Synology drives are affected by SynoLock, a dedicated strain of Cryptolocker; "Backoff" spreads across point-of-sale systems; Citadel gets improved, post-removal access capabilities.
Black Hat USA is underway, with exploit demonstrations in full swing: registry-infecting malware, avionics hacks via in-flight entertainment, BadUSB, Dropcam snooping vulnerability, and wireless automobile unlocking.
New Zealand's PM faces surveillance questions. US Senators still outraged over CIA network monitoring.
Today's issue includes events affecting Armenia, Azerbaijan, China, Ireland, Israel, Japan, New Zealand, Palestinian Territories, Russia, Taiwan, United Kingdom, United States.
RIA Novosti Website Hit by Cyber Attack(RIA Novosti) RIA Novosti's website has fallen foul of a distributed denial-of-service (DDoS) attack by hackers, the agency's IT specialists reported on Sunday
Terrorists Pivot on Communication Strategies in Wake of Snowden Leaks(VPN Creative) The intelligence firm Recorded Future has revealed they they have been tracking a sharp increase in the number of cryptographically-concerned apps being downloaded and distributed for the Android operating system, and that by using IP locater services, were able to discern that a large percentage of those new downloads were coming out of countries in the Middle East known to contain radical Islamic groups who train and harbor the terrorist elite
Big Data Firm Says It Can Link Snowden Data To Changed Terrorist Behavior(KERA News) For nearly a year, U.S. government officials have said revelations from former NSA contract worker Edward Snowden harmed national security and allowed terrorists to develop their own countermeasures. Those officials haven't publicly given specific examples — but a tech firm based in Cambridge, Mass., says it has tangible evidence of the changes
Al-Qaeda prefers Android over Apple's iOS(Apple Insider) Apple's iOS has taken majority market share in education, government and the enterprise, but Google's Android has become the favored mobile platform among Al-Qaeda operatives
New cyber-attack sends data through home routers(Yomiuri Shimbun via the Japan News) A new type of cyber-attack that sends a huge amount of data to Internet service providers' servers via home routers has caused Internet outages in at least 4.8 million households since spring, The Yomiuri Shimbun has learned
Thousands of Mozilla developers' emails, passwords exposed(Help Net Security) Email addresses and encrypted passwords of tens of thousands of Mozilla developers were accidentally exposed and might have been harvested by malicious individuals, Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager at Mozilla announced on Friday
Synology gets infected with SynoLcker ransomware strain(Slashgear) Synology's NAS drives are really getting popular. You can gauge that by the fact that it now has its own specific Cryptolocker strain. This ransomware encrypts data on the user's drive with a key that only the perpetrator knows, who then tries to extort money from the poor unsuspecting user in exchange for getting access to his or her own files
'White Label' Money Laundering Services(Krebs on Security) Laundering the spoils from cybercrime can be a dicey affair, fraught with unreliable middlemen and dodgy, high-priced services that take a huge cut of the action. But large-scale cybercrime operations can avoid these snares and become much more profitable when they're able to disguise their operations as legitimate businesses operating in the United States, and increasingly they are doing just that
Computers still vulnerable to hackers of start-up codes(Reuters via ABS CBN) A multi-year effort to prevent hackers from altering computers while they boot up has largely failed because of lax application of preventive steps, researchers say, despite disclosures that flaws are being exploited
Is your Dropcam live feed being watched by someone else?(IDG via CSO) Dropcam, the popular video monitoring camera, bills itself as "super simple security." But a pair of researchers plan to show at the Defcon hacking conference later this week how a Dropcam could be a weak point
"Man In The Middle" Cyber Attack Targets UWF(WUWF) A computer security breach at the University of West Florida has compromised the accounts of at least 160 individuals including 90 UWF students. UWF's Chief Information Officer Mike Dieckmann says this particular type of cyber attack is called a "man in the middle attack. It's kind of the internet equivalent of wiretapping". People were actually intercepting on line traffic, decrypting it and using that information to acquire user names and passwords from people's accounts
Police warn of credit card cyber attack(Delaware Online) Ocean City, Maryland police are alerting the public to the discovery of a recent credit card breach involving an out-of-state company that contracts with numerous restaurants and bars in Ocean City
Reactions to the Paddy Power data breach(Help Net Security) Paddy Power is contacting 649,055 customers in relation to a data breach from 2010. The historical dataset contained individual customer's name, username, address, email address, phone contact number, date of birth and prompted question and answer. Customers' financial information such as credit or debit card details has not been compromised and is not at risk
Access Control's Future Is Now(Security Management) Convergence engineering of IT and traditional access control is no longer a "what if" but more of an "almost done," offering security practitioners a new array of innovations that are increasing the effectiveness of access control at their organizations
What is Privacy?(M) Earlier this week, Anil Dash wrote a smart piece unpacking the concept of "public." He opens with some provocative questions about how we imagine the public, highlighting how new technologies that make heightened visibility possible
How secure are today's critical networks?(Help Net Security) In this interview, Dr. Lutz Jänicke, CTO at Innominate Security Technologies, illustrates the security of critical networks, the regulatory mandates for organizations in the critical infrastructure sector, and showcases the building blocks of a robust security appliance aimed at critical networks
G Data Anti-Virus — New updates and Feature list(Streetwise Tech) G Facts Application, a group of anti-malware alternatives developed by G Facts Application Inc., is considered the most effective anti-virus software within the worldwide current market currently. It supports a significant level of safety and safety for end users. In addition, it truly is user-friendly and easy to navigate. G Data Computer software safeguards people from the huge selection of malware, threats, viruses, phishing together with other malicious scripts. Let's take a nearer glance on a number of the functions of the anti-virus software package
ZoneAlarm Internet Security Suite 2015(PC Magazine) Check Point Software puts out a wide range of products under the ZoneAlarm name. I tested four of them in April, when the 2015 product line came out. I started on the other two but hit some glitches and agreed to wait until Check Point could iron out the problems. Now, three months later, the company deemed ZoneAlarm Internet Security 2015 ($79.95 for three licenses) ready for testing. Test it I did, and I came away unimpressed with this security suite
Security Secrets, Dated but Real(New York Times) Was the National Cryptologic Museum designed using a code of some kind? Something perhaps meant, cryptically, to mask its character and significance? Something that can be deciphered only by those familiar with mysterious organizations like the Black Chamber?
Research and Development
How to secure the cloud(Phys.org) With support from the National Science Foundation, cryptography expert Daniel Wichs, an assistant professor in the College of Computer and Information Science, will work as part of a multi-university team to develop better encryption techniques to improve cloud security.
For many of us, the primary reason we use "the cloud" is for storage — whether it's storing email through services like Gmail and Yahoo!, photos on Flickr, or personal documents on Dropbox. Many organizations like hospitals and banks utilize the cloud to store data on patient and customer information
Purdue doctoral student recognized for stopping identity theft(NWI.com) U.S. Homeland Security Investigations recently recognized Rachel Sitarz, a Center for Education and Research in Information Assurance and Security Ph.D candidate in cyber forensics at Purdue University, for her efforts in support of a nationally coordinated investigation in 2012
Key must "come clean" on NSA / GCSB fibre optic cable interception(TelcoReview) The Green Party has called on Prime Minister John Key to "come clean" after revelations that a US National Security Agency (NSA) engineer was in New Zealand in 2013, discussing with the GCSB the setting up of an interception site on the country's only fibre optic cable
Army names new commander for cyber training center(FCW) Maj. Gen. Stephen Fogarty (left) is taking over the Army's Cyber Center of Excellence while Maj. Gen. LaWarren Patterson moves to the Installation Management Command. Army Chief of Staff Gen. Ray Odierno announced a change in command at the Army's main cybersecurity training center on Aug. 1
Sen. Mark Udall Calls For CIA Director John Brennan To Resign(Huffington Post) Following reports that Central Intelligence Agency employees improperly accessed computers used by U.S. Senate staff to investigate the agency, Sen. Mark Udall on Thursday called for the resignation of John Brennan as CIA director
The Country Has Big Trouble(Huffington Post) The two guys at the top of national security (the Director of National Intelligence [DNI] and the director of the CIA) have both been caught lying to the American people and to the US Senate — they have no right to lie
Google Explains How It Forgets(IEEE Spectrum) Google can forget, but unlike the rest of us, the process is not automatic. Yesterday Google told a European government data protection working party how it handles requests for search result link removals. The removals began in June after a May European court ruling (see our coverage) upholding a Spanish man's right to be forgotten
Feds' Silk Road Investigation Broke Privacy Laws, Defendant Tells Court(Wired) The Department of Justice sees its takedown of the billion-dollar Silk Road black market as a massive, victorious drug bust. Ross Ulbricht, the alleged creator of that anonymous contraband bazaar, now wants to cast the case in a different light: as a landmark example of the government trampling privacy rights in the digital world
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Black Hat USA 2014(, January 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning,...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
Resilience Week(Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day(Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...
Build IT Break IT Fix IT: Build IT(Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
The Hackers Conference(New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.