skip navigation

More signal. Less noise.

Daily briefing.

Researchers discuss the role Destover malware played in the Sony attack, noting that Destover shares some code with both Shamoon and Dark Seoul. The version used against Sony, Kaspersky reports, was compiled in July and signed on December 5. ESET notes the role certificates played in the attack, and Imperva describes Destover's potential backdoor functionality. Observers, hearing the FBI's sober assertion that the attack would have succeeded against a lot of US Federal organizations, reaffirm their resolve to respond to incidents with swift mitigation.

TIME claims Sony "didn't say anything" after an attack in 2013. Ars Technica reminds us that Iranian hackers used Visual Basic malware to wipe data at the Las Vegas Sands Corporation in retaliation for a casino bigwig's anti-Iranian statements.

Sudan may be seeing the early phases of a cyber-jihad.

Syrian hacktivists are reported to have hit another US bank's websites.

A number of old exploits resurface in new forms. They're frequently disseminated by phishing, which leads security experts to (again) urge enterprises to undertake user security awareness training.

Microsoft bangs into some problems with its December patches.

Google pulls engineers from Russia as Moscow tightens information controls. (Google's also feeling different pressures in the EU.)

We've recently seen litigation and regulatory trends shape emerging cyber security standards of care — insurance underwriters make their own contribution to this environment.

More M&A activity: Cisco will buy Neohapsis, and Vistronix finalizes acquisition of Objective Solutions Inc.

The US Department of Homeland Security issues small business cyber research pre-solicitations.

Notes.

Today's issue includes events affecting Canada, European Union, France, Iran, Italy, Democratic Peoples Republic of Korea, New Zealand, Romania, Russia, Spain, Sudan, Syria, Turkey, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

3, 2, 1 Action: Sony's Apocalyptic Scene (Cyactive) The Sony cyber attack, that caused actual cyber damage by deleting data, used Destover, a variant of malware that carried out the exact same operation twice in the past two years

'Destover' malware highlights incident response (SC Magazine) Fallout from Sony Pictures hack continues with incident reponse now under the spotlight

Sony Hackers Nabbed Digital Cert to Evade Malware Filters (Infosecurity Magazine) Security researchers have claimed that the destructive, information-stealing malware attack on Sony Pictures last month allowed hackers to grab a digital certificate from the company which could enable future attacks to evade malware filters

FBI: Cyber attack against Sony would have bested most federal defenses too (Federal News Radio) The cyber attack that hit Sony Pictures two weeks ago was a sophisticated operation — so sophisticated, officials say, that the same attack could have made it through the defenses of almost any large organization, including the ones currently deployed by federal agencies

Sony Was Also Hacked a Year Ago but Didn't Say Anything (TIME) Sony kept mum about security vulnerabilities it noticed in February, almost a year before hackers began tossing large volumes of the company's private data around the Internet

Sony Execs Debated Risk of 'The Interview' (Newsfactor) Months before a devastating computer attack on Sony Pictures Entertainment, studio executives debated the risk of releasing the upcoming comedy "The Interview" amid threats from North Korea that the movie was tantamount to an act of war

Sony Cyber Attack: Amy Pascal, Scott Rudin Apologise for Racist Remarks about President Obama (International Business Times) Following the revelation of racially tinged emails mocking U.S. President Barack Obama's imagined movie tastes, Sony Pictures Entertainment's movie chief and one of its top producers released a public apology on Thursday

Why Sony's email leaks could happen to you (MarketWatch) You don't need to offend North Korean leader Kim Jong Un for your work emails to go public

Sony data hack: "You Can't Lose What You Ain't Never Had" (Lexology) Back in the 1960's, legendary bluesman Muddy Waters wrote a song called "You Can't Lose What You Ain't Never Had"

Iranian hackers used Visual Basic malware to wipe Vegas casino's network (Ars Technica) Attack in February aimed at punishing majority owner for "nuke Iran" statements

Cyber Jihadist Unit monitors Sudan's online communication (Radio Dabanga) Since May 2013, Sudan experienced a tightening of press freedom, detentions of activists and political opposition leaders, and the shutdown of major civil society organisations

Senate's torture report will provoke hacktivist reprisals (Computerworld) Former military cyber-warfare commander predicts revelations of CIA's brutality and duplicity will spark denial-of-service attacks, site defacements

Websites of Fifth largest bank in U.S. hacked by Free Syrian Hackers. (HackRead) World renowned anti-Bashar Ul Assad hacker from Syria…is back in news, this time with a massive cyber attack on high-profile banking infrastructure of the United States in which five official websites of US Bank Corp were hacked and defaced

'Poodle' Bug Returns, Bites Big Bank Sites (KrebsOnSecurity) Many of the nation's top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible

REVETON Ransomware Spreads with Old Tactics, New Infection Method (TrendLabs Security Intelligence Blog) Last week we wrote about a sudden hike in crypto-ransomware variants across the Europe, the Middle East and Africa (EMEA) region, specifically seen in Spain, France, Turkey, Italy, and the United Kingdom. In this blog post we will discuss another strain of ransomware known as REVETON, which was seen infecting systems in the United States with a new infection method: arriving as a .DLL versus the traditional .EXE

Info-Stealing File Infector Hits US, UK (TrendLabs Security Intelligence Blog) We noticed that there has been a spike in infections related to the malware URSNIF. The URSNIF family is known to steal information such as passwords. Spyware are always considered high risk, but these URSNIF variants can cause damage beyond info-stealing. These URSNIF variants are file-infectors — which is the cause of the noted spike

Cybercriminals Targeting Healthcare (HealthITOutcomes) FIN4 is gaining access to user names and passwords to access to healthcare information

Custom Websites Running HD FLV Player Plugin Vulnerable to Attack (Threatpost) Content management system providers Joomla and WordPress have patched a critical vulnerability in the HD FLV Player, but custom websites running the Flash video player are still vulnerable

Dyre Trojan Includes Anonymous Communication over I2P Network (Softpedia) A recent version of the Dyre banking Trojan, delivered via phishing, has been seen to integrate communication through the I2P anonymization network

Dridex and Email: A Nasty Social Engineering Team (eSecurity Planet) Recent social engineering attacks involving Dridex malware illustrate the importance of paying attention to older and infrequently used attack vectors

Phishers Target Yahoo Mail Users (Tom's Guide) Phishing attacks are usually easy to avoid, but as long as people keep falling for them, scammers will keep using them. A recent con targets Yahoo Mail users, but despite an ever-so-slightly convincing layout, avoiding it is not difficult, especially if you have Internet security software installed

Researcher: 'Lax' Crossdomain Policy Puts Yahoo Mail at Risk (Threatpost) Yahoo has made strides in battening down its security in the last 12 months, most publicly with its decision to enable end-to-end encryption for its email service, turn on SSL by default, and encrypt links between its data centers. There are still some darkened corners of its infrastructure, however, that merit attention

Cross-Signed Certificates Crashes Android (TrendLabs Security Intelligence Blog) We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix and no timeframe for a fix from them

Time's Up: Android-Based Smartwatches Hacked (Tom's Guide) Smartwatches and other wearable devices can manage tons of personal information, from texts and email messages to health and biometric data. But how safe is that information as it travels to and from the wearable?

Hackable intercom lets you SPY on fellow apartment-dwellers (Register) He knows if you are sleeping, he knows if you're awake…

Anonymous says it took down Oakland police, city websites (Los Angeles Times) The online hacker collective known as Anonymous seems to have claimed responsibility for a cyberattack that apparently disabled several websites connected to the city of Oakland

CHARGE Anywhere Provides Notice of Payment Card Incident (CHARGE Anywhere) CHARGE Anywhere, LLC is a provider of electronic payment gateway solutions to merchants. Our solutions route payment transactions from merchants' point-of-sale systems to their payment processors. Maintaining the security of payment card data provided to us by our customers is an absolute priority. Unfortunately, criminals have become good at evading security measures to steal payment card data from retailers and their service providers. CHARGE Anywhere recently uncovered a sophisticated attack against its network. The attack has been completely shut down and fully investigated

Sophisticated cyber attack tools available underground to anyone, Senate panel says (FierceHomelandSecurity) Several federal law enforcement and computer security officials told a Senate panel Dec. 10 that increasingly sophisticated malware and other tools designed to infiltrate information systems are available to any individual, organization or country at relatively lower costs through underground markets

FBI couldn't bypass iPhone 6 encryption, but this 7-yr-old did. (HackRead) Harrison Green, a witty 7-year-old boy, unlocked his father's iPhone 6 Plus easily adopting a very simplistic method of Touch ID. How he did it? He sneaked into his father's room while he was asleep and pressed his dad's finger on the cellphone's Touch ID Home button. There you have it, the mighty iPhone 6 Plus was unlocked in seconds merely

Security Patches, Mitigations, and Software Updates

Microsoft pulls a patch and offers PHANTOM FIX for the mess (Register) KB3004394 is a hot mess and the replacement KB3024777 was elusive

FreeBSD Patched Against Buffer Overflow Vulnerability (Softpedia) Programming issue allows attacker to execute arbitrary code

'Critical' security bugs dating back to 1987 found in X Window (Register) 27-year-old flaw and others slain in open-source patch batch

Cyber Trends

The biggest challenges faced by CIOs/CISOs heading into 2015 (CSO) As the year winds to a close, CIOs and CISOs are faced with a number of challenges heading into 2015. CSO recently heard from several experts about the topic, each offering their opinion on what they feel would be the most important item in the security sandbox next year

Why the board of directors will go off on security in 2015 (CSO) Get ready for 2015, a year when some predict breaches will hit even harder and security executives will come under fire by confused company board members. But, as our "fly on the wall" reports from the year ahead, the answers to this dilemma may lie in retooling the CSO position - and adding a security-minded board member

2015 To See More Targeted Cyber Attacks (CXO) Targeted attacks are on the rise and they will continue to multiply in 2015, forewarns a Trend Micro report, which adds that enterprises should be on high alert in order to counter the threat

Study: Malicious social media attacks on the upswing (SC Magazine) Social media represents the next frontier of threats for IT security professionals and the companies they protect, according to a new study that details Fortune 100 companies and their social media channels

Cybersecurity in Healthcare: a Unique Challenge (Trend Micro: Simply Security) Well-established cybersecurity vendors like Trend Micro have long had something of a dual role in the industry. On the one hand, we work tirelessly around the clock and across the globe to keep businesses, governments and consumers safe from the latest security threats. But on the other, we're also working to educate those individuals and organizations better about the threat landscape — to make the world a safer place in which to exchange digital information

A Look Back At Information Security in 2014 (CSO Online) With the major financial card breaches at global retailers, as well as a number of SSL/TLS vulnerabilities, it's possible you may have missed a few other under-reported security issues that provided valuable lessons to the general technology community in 2014

UK's biggest firms still falling down on anti-phishing security (Techworld via CSO) Leading UK firms are still failing to implement basic layers of email security to protect themselves from brand abuse and their customers from phishing attacks, email vendor Agari has reported in its latest Q3 ranking

Many businesses not testing cyber security incident response plans (Out-Law) A fifth of businesses have either not set out how they would respond to cyber security incidents or fail to ever test their procedures, according to a new report.11 Dec 2014

Retailers are "overconfident" about their security, majority have fundamental gaps (Naked Security) This just in, right in time for the holiday shopping daze: many UK retailers' heads are comfortably buried in the sand when it comes to their cyber security and data protection capabilities, thinking that in spite of not having basic protection and no contingency plans for data breaches, something — maybe magic? — will somehow protect them from malicious cyber attack

Turning worm (Economist) How cyber-warfare really started — and where it will lead

What Does Cloud Security Even Mean and Other Questions Answered (HackSurfer) A recent survey of CISOs by IBM found that nearly 90 percent of respondents had either already adopted or were currently planning cloud initiatives. Additionally, the cloud market as a whole is expected to grow by 126.5 percent this year, according to a CipherCloud report

Marketplace

Cyber Security Practices Insurance Underwriters Demand (Dark Reading) Insurance underwriters aren't looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks

As DDoS attacks increase so does enterprise investment in DDoS prevention hardware (FierceITSecurity) Large enterprises and service providers are investing heavily in distributed denial of service (DDoS) prevention hardware as attackers ramp up the intensity and frequency of their DDoS attacks

Google moves engineers out of Russia (BBC) Tech giant Google has confirmed reports that it plans to move engineers out of its office in Russia

The war against Google in Europe is escalating … but will it make any difference? (Quartz) The knives are out in Europe

Cisco buying Neohapsis to boost security services (Network World) Deal will give Cisco more boots on the ground for its security-as-a-service push

Vistronix Turbocharges Big Data, Cloud, Cyber and SIGINT Capabilities with Acquisition of Objective Solutions Inc. (Virtual Strategy Magazine) Vistronix, a leading provider of intelligence and technology solutions to national security agencies in the federal space, is pleased to announce that the company has finalized its acquisition of Objective Solutions Inc. (OSI), a Maryland-based solutions provider for the intelligence community (IC) in key mission areas including Big Data, Cyber, Collection and Advanced Analytics

Cyren Ltd (NASDAQ:CYRN) Up More Than 25% On Deal With China's Bangcle (OCTA Finance) Cyren Ltd (NASDAQ:CYRN) has entered into an agreement with China-based Bangcle, a mobile application security provider, through which Bangcle will deploy CYREN's embedded technology to protect mobile applications against threats

Castle Union Considers Proxy Fight at Procera Networks (The Street) Castle Union LLC is eying a potential proxy fight at Procera Networks Inc. (PKT) if the communications equipment maker doesn't launch a public strategic review process by the end of January

Small Cap KEYW Holding Corp (KEYW): Will the Shorts Come Up Short? LDOS & MANT (Small Cap Network) Small cap cybersecurity stock KEYW Holding Corp (KEYW), a potential peer of Leidos Holdings Inc (LDOS) and Mantech International Corp (MANT), has elevated short interest of 41.76% according to Highshortinterest.com data

Cybersecurity newcomer Hexis: We're not like FireEye (CRN) Start-up claims it is a very different beast from threat detection specialists as it launches into UK channel

Why BlackBerry and Microsoft Must Watch Apple's Deal With IBM Closely (The Street) Nearly 30 years after Steve Jobs facetiously welcomed IBM (IBM) to the PC market and unveiled Apple's (AAPL) iconic 1984 ad, the once-frosty relationship between the two companies has thawed and is beginning to bear fruit. As Apple enters the enterprise market with the announcement of 10 new apps, born from its July partnership with IBM, BlackBerry (BBRY) and Microsoft (MSFT) better be paying attention

New Boeing lab to focus on engineering, integration, visualization, cyber security, data analytics (Intelligent Aerospace) Boeing (NYSE:BA) is constructing a 7,000-square-foot addition to its research and technology center in Alabama. The new lab space, known as the Center for Applied Simulation and Analytics (CASA), will serve as a hub for Boeing, its research partners, and academic collaborators to create and develop simulation and analytics technologies, providing advanced simulation of Boeing products from concepts through operations

Wynyard Group announces new Christchurch building (Scoop) Wynyard Group announces new Christchurch building in Innovation Precinct

ThreatStream™ Appoints Rick Wescott as Vice President Worldwide Sales and Adds Federal Sales Director (PRNewswire) ThreatStream™, the provider of a threat intelligence platform that identifies cyber threats and facilitates trusted threat sharing, today announced the appointments of Rick Wescott as vice president of worldwide sales, and W. Todd Helfrich as director of federal sales

Hiring study reveals IT's 'magnificent seven' (FierceCIO) Data analyst and cloud computing professionals have hogged many of the IT hiring headlines in 2014, but the true leaders of the pack are information security analysts

We present the 2014 Security 7 award winners (TechTarget) As the year comes to a close, we are excited to present one of our favorite issues, the annual Security 7 award winners. For the past decade, we have asked the information security community to nominate peers who are at the top of their profession for recognition in one of seven enterprise markets. The winners this year carry on that tradition, leading the charge in areas such as healthcare information sharing, secure software development, community building, and cybersecurity education

Products, Services, and Solutions

Cisco Releases Alpha Version of Snort 3.0 (SecurityWeek) The popular open source intrusion prevention system (IPS) Snort has been completely rewritten and fitted with several new features, Cisco announced on Thursday

Huawei Partners with Black Lotus to Provide Enhanced DDoS Protection for the Global Security Service Market (PRNewswire) Huawei today signed a Memorandum of Understanding (MoU) with Black Lotus, a leading Distributed Denial of Service (DDoS) protection service provider to provide enterprises with professional and efficient anti-DDoS products and services that address the challenges of new DDoS attack types. The partnership will focus on research and development (R&D) in cyber defense technology and marketing

Experts Conclude: HawkEye G Identifies, Blocks and Removes Varying Levels of Threat-Based Malware (GlobeNewswire via Nasdaq) Network world praises Hexis Cyber Solutions' flagship solution on ability to automate incident response

Hexis Cyber Solutions Announces Strategic Distribution Alliance with Promark in the U.S. (TWST) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced a distribution agreement with Promark, an Ingram Micro (NYSE:IM) company and premier value-added distributor of data storage and electronic document imaging products and solutions. As a U.S. distribution partner, Promark will market and sell Hexis' NetBeat product line to channel partners that help organizations in need of continuous monitoring, analysis and control capabilities for their network

Bitdefender's Next Generation GravityZone Opens for Beta Testing (Newswire Today) The Next Generation of GravityZone, the Bitdefender security solution that has revolutionized security for on-premises virtualized datacenters and cloud computing, is now open to public beta testing

Netskope chosen as Box Trust partner (Financial News) Netskope said it has announced its participation in the new Box Trust ecosystem,a comprehensive security initiative that provides Box customers with a unified network of partners and solutions that help ensure security, visibility and accessibility for critical business content

Today's multiheaded malware needs a multipronged solution (InfoWorld) By analyzing and predicting process behavior, a new approach to endpoint protection overcomes the limitations of traditional AV detection and sandboxing

Review: Vectra X-Series Prevents Data Breaches with AI (Enterprise Networking Planet) Frank Ohlhorst details how data breaches happen and what Vectra's X-Series security appliances can do to detect and prevent them

eMazzanti Teams up with WatchGuard to Offer Schools Improved Data Security (PR Rocket) Advanced network security solution protects students and school data for districts pursuing one-to-one and BYOD initiatives

Technologies, Techniques, and Standards

Why now is the time for enterprises to implement context-based authentication (Help Net Security) Security and efficiency are constant concerns in enterprise IT. The popularity of BYOD has been a boon for improved productivity and collaboration, but it has also created a new set of challenges, increasing the potential for fraudulent logins from the personal devices that are being used to access critical and non-critical applications

Standards: The superglue for security systems (Security InfoWatch) If you think about it, without standards to govern the products and services we manufacturer and buy, whole industries would collapse. Cars wouldn't run. Buildings would crumble. Service people would be at a loss as to how to fix things or even get the correct replacement parts

Cloud security: Do you know where your data is? (Help Net Security) The rapid move towards virtualization and cloud infrastructure is delivering vast benefits for many organizations. In fact, Gartner has estimated that by 2016, 80% of server workloads will be virtualized. The reasons are clear: better availability, improved cost-efficiency from hardware investments, and better SLAs

CID: Be alert and aware on social media (Army Times) Army Criminal Investigation Command is calling on all soldiers and their loved ones to scrub their social media accounts in light of recent world events

Can you spot the phishing scams and stay safe online? (CSO) For many people, the holidays means a dramatic spike in email traffic. There is more communication between family and friends, more solicitations from retailers pitching holiday bargains, and more online shopping confirmations and shipping notifications. It's also a time of year when cybercriminals try to take advantage of the overwhelming volume of email communications to catch unwitting victims off guard with phishing scams. Hopefully you would be able to spot a fake malicious email and avoid getting compromised, but don't be too sure

Research and Development

Analyzing Ponemon Cost of Data Breach (Data Driven Security) I was recently presenting on the use of statistics for risk analysis at the SIRACon conference held in Minneapolos (Oct. 9th and 10th, 2014). I was explaining how models and algorithms work at a high level: given one or more observations and the outcomes, we build models or algorithms to learn how the observations can help predict the outcome. As examples I used things like CVSS, the Binary Risk Assessment and the Ponemon cost of data breach (CODB) report. All of them use observables that feed into some type of model for the purpose of predicting an outcome (or providing a score). In the case of Ponemon, I simplified the model down to having an observable of # of records, the model is to multiply that by a fixed number and the output (prediction) is the impact of a breach

DHS seeks help of small businesses to develop security-related solutions (FierceHomelandSecurity) The Homeland Security Department's research and development arm recently released a pre-solicitation notice to small businesses regarding the potential development of innovative technologies from forensics to cybersecurity to wearable communications

Pre-solicitation Topics Announced for Nine Homeland Security Challenges (Department of Homeland Security Science and Technology Directorate) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced the release of the Small Business Innovation Research (SBIR) Program FY15.1 Pre-Solicitation. The Pre-Solicitation, HSHQDC-15-R-00017, contains topic descriptions from both S&T and the Domestic Nuclear Detection Office (DNDO) for which Phase I proposals are sought. These include seven topics from S&T and two topics from DNDO

Legislation, Policy, and Regulation

Congress Strengthens Homeland Security's Cyber Role with FISMA Reform, Other Bills (Nextgov) Lawmakers have sent a raft of cyber legislation to President Barack Obama's desk, breaking through a six-year logjam. No doubt congressional action was spurred on by escalating intrusions into government and contractor networks

FBI Calls For Law Facilitating Security Information Sharing (Dark Reading) Uniform breach notification laws and amendments to the Computer Fraud and Abuse Act are also on the list

Tim Rudolph: Air Force aims for zero data centers through purchase of IaaS (C4ISR & Networks) n a recent Q&A session, Rudolph offered candid comments on the direction of IT infrastructure acquisition, where he articulated the Air Force's goal of operating zero data centers and a shift to purchasing IT infrastructure as a service (IaaS), as well as other capabilities as a service

Cyber Command trying to get running start, add staff (Stars and Stripes) The fledgling U.S. Cyber Command is trying to hit the ground running, aware that it's playing catchup with often archaic equipment, dealing with constantly evolving threats and trying to justify its existence amid budget cuts and force reductions

Army's new Cyber branch looking to recruit talent (Defense Systems) As the military continues to trim down following the drawdown in Iraq and Afghanistan, the one growth area is in cyber defense. All of the military services' cyber divisions, along with the overarching U.S. Cyber Command, plan to steadily increase their number of cyber warriors over the next two years, to help protect networks and combat the growing threats from other countries

Navy sets a three-prong plan for information dominance (Defense Systems) The Navy has laid out its long-range plans for effective operations in cyberspace with three documents that address different areas of what the military calls information dominance, from treating information as a weapon to building a capable corps of cyber warriors

Litigation, Investigation, and Law Enforcement

Lawsky investigates Barclays and Deutsche Bank algorithms in FX scandal (FierceFinanceIT) Dozens of traders have been let go as probes into manipulation of the FX benchmarks have unfolded, but a New York financial regulator may be looking beyond the traders and investigating FX algorithms. New York Department of Financial Services superintendent Benjamin Lawsky is reportedly investigating whether Barclays and Deutsche Bank used algorithms to manipulate currency benchmarks

GCHQ and police team up to hunt down child abusers on the darknet (Naked Security) UK intelligence experts and organised crime specialists are joining forces to root out child abuse images hidden on the "dark net", Prime Minister David Cameron said on Thursday

Silk Road Judge: I Won't Reveal Witnesses Because Ulbricht Could Have Them Killed (Wired) When alleged Silk Road mastermind Ross Ulbricht's trial begins in less than a month, he'll face charges of narcotics conspiracy, money laundering, and computer fraud — not murder. But the specter of violence is creeping into Ulbricht's trial nonetheless. The prosecution and judge in his case have now refused to let him know which witnesses will be testifying against him for fear that he might orchestrate their killing from his jail cell

Five Years in Jail for Romanian Involved in International Fraud Scheme (Softpedia) A Romanian national implicated in fraud operations on popular online markets was sentenced on Thursday to serve 63 months in prison and pay more than $600,000 / €484,000 in restitution

UPDATED: More charges could be coming for Coquitlam teen arrested in 'swatting' incident (Tri-City News) A Coquitlam teenager arrested last week in an alleged "swatting" incident involving false reports to a Florida police force could be facing more charges related to other allegations

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...

Upcoming Events

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...

ICFPT 2014 (Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...

Cyber Security Division 2014 R&D Showcase and Technical Workshop (Washington, DC, USA, December 16 - 18, 2014) The cybersecurity threat continues to evolve and in order to keep ahead of the threat, new cutting-edge cybersecurity technologies are needed. DHS S&T's Cyber Security Division (CSD) is funding many R&D...

Cybersecurity World Conference (New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...

FloCon 2015 (Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

FIC 2015 (Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human...

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, January 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.