The UK's Ministry of Justice was hit by a distributed denial-of-service attack earlier this week. Websites were unavailable for several hours before service was restored.
Anonymous Ukraine claims to have accessed communications belonging to the Ukrainian Democratic Alliance for Reform.
The University of Toronto's Citizen Lab says Hacking Team's RCS lawful intercept tool has been found monitoring the Ethiopian Satellite Television Service (ESAT).
Kaspersky has released the slides from its presentation on Mask, to an accompanying chorus of dire predictions from security companies that Mask foreshadows an escalating cyber arms race.
Fazio Mechanical speaks out on the Target breach. TechTarget raises questions about Target's PCI compliance.
The ongoing spam campaign directed against Bitcoin exchanges raises questions about virtual currencies' viability.
Kaspersky researchers report that weak implementations of Absolute Software's Computrace anti-theft software can be remotely hijacked.
The US National Institute of Standards and Technology has released its long-anticipated "Framework for Improving Critical Infrastructure Cybersecurity." The document, which will probably become the de facto standard applied in regulation and litigation, has three basic components. A "Core" prescribes a set of common activities designed to provide a high-level view of risk management. "Profiles" are intended to help organizations align cybersecurity with business requirements. Four "Tiers" help organizations evaluate cybersecurity implementations and manage risk. Observers note that work remains to be done on privacy and the special needs of small businesses.
The University of Nebraska and the Indian Institute of Technology Delhi announce they'll undertake cooperative research into information assurance and cyber security.
Today's issue includes events affecting Canada, Ethiopia, European Union, India, Italy, Malaysia, Netherlands, Russia, Ukraine, United Kingdom, United States..
Monday, February 17, is Presidents Day in the US, and the CyberWire will take a break in observance of the holiday.
Vendor speaks out on Target data breach(FierceRetailIT) It is so unfortunate and strange that Target's (NYSE: TGT) massive data breach can be traced back to one vendor. An HVAC vendor at that. However, that is what investigators found after the months-long investigation into the breach
Target breach details: Was the retailer PCI DSS compliant?(TechTarget) I've been catching up with the latest Target breach details, and current speculation is that the retailer may not have been complying with PCI DSS regulations in a number of ways. Can you shed any light on the incident? What PCI provisions may have been violated
Cyber attack on bitcoin a big warning to currency's users(Reuters via the Chicago Tribune) A massive cyber attack from unknown sources that has been spamming bitcoin exchanges is highlighting some of the dangers people can encounter when they exchange cash for digital currencies like the bitcoin, experts said on Wednesday
Sands cyber attack raises privacy concerns(Fox5 Vegas) The websites for the Venetian and Palazzo are still down after hackers attacked the Las Vegas Sand Corp. on Monday. The hack seems to be politically motivated. Anti-weapons of mass destruction messages were posted with a picture of Sands Chief Executive Officer Sheldon Adelson with Israel's prime minister
Absolute Computrace anti-theft software can be remotely hijacked(Help Net Security) Kaspersky Lab's security research team published a report confirming and demonstrating that the weak implementation of anti-theft software marketed by Absolute Software can turn a useful defensive utility into a powerful utility for cyberattackers
Online love scams flourish around Valentine's Day (CSO Salted Hash) Online dating and romance sites are obviously popular and because of that, regardless of the millions of admonitions to watch out for con artists, they are also a growing favorite of heartless scammers
Trend Micro targets 35% revenue growth in 2014(The Sun Daily) Security software company Trend Micro Malaysia Sdn Bhd is targeting 35% growth in revenue this year, driven by its consumerisation, cloud and virtualisation as well as cyber threat solutions
Why FireEye, Inc. Shares Plunged(The Motley Fool) Although we don't believe in timing the market or panicking over market movements, we do like to keep an eye on big changes — just in case they're material to our investing thesis. What: Shares of FireEye (NASDAQ: FEYE ) plunged 11% Wednesday after the cyber-security specialist beat expectations with its fourth-quarter results, but followed with disappointing forward guidance
Christian Mezger Promoted to CFO at Ciber(GovConWire) Christian Mezger, formerly senior vice president of finance at information technology consulting company Ciber (NYSE: CBR), has been promoted to chief financial officer
Bitdefender Wins AV-TEST #1 Spot in Protection and Performance(Broadway World) Bitdefender, the innovative provider of antivirus software solutions, was confirmed as the global leader in its field after winning awards for both protection and performance in 2013's independent home user trials by AV-TEST. Bitdefender earned perfect scores for protecting users against malware and zero-day attacks and maintaining the lowest possible impact on the system
HP says server security and safety updates will remain free(Help Net Security) The news that starting on February 19, HP will provide firmware updates for its servers only to customers with a valid warranty, Care Pack Service or support agreement, has hit like a ton of bricks those who haven't and don't intend to pay for the service
Framework for Improving Critical Infrastructure Cybersecurity(NIST) The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company's bottom line. It can drive up costs and impact revenue. It can harm an organization's ability to innovate and to gain and maintain customers
NIST Roadmap for Improving Critical Infrastructure Cybersecurity(NIST) This companion Roadmap to the Framework for Improving Critical Infrastructure Cybersecurity ("the Framework") discusses NIST's next steps with the Framework and identifies key areas of development, alignment, and collaboration. These plans are based on input and feedback received from stakeholders through the Framework development process particularly on the "Areas for Improvement"
section of the Preliminary Framework, which has been moved to this document
AWWA Releases Cybersecurity Guidance Document(EP Magazine) The association notes that the FBI, the Department of Homeland Security, and the National Intelligence Agency agree cybersecurity is … available guidance document to help water utilities reduce their vulnerability to cyber attacks
How Big Data Could Help the U.S. Predict the Next Snowden(Defense One) National Intelligence Director James Clapper, at Tuesday's Senate Armed Services Committee hearing, asserted (again) that malevolent insiders with access to top secret material, like Edward Snowden, constituted a top threat to our nation's national security. The lawmakers agreed and pressed Clapper to explain how he was changing the practices within his office and across the intelligence community to prevent another Snowden-scale data breach. One key step that Clapper outlined: our nation's top intelligence folks will become subject to much more surveillance in the future
Revamping an old technology to jam the GPS jammers(Naked Security) Illegal GPS jammers, sold cheap online, can endanger space stations and ship navigation, not to mention potentially preventing emergency calls or keeping rescue teams from homing in on injured people. But recently, a new version of an old, longwave technology, eLORAN, is showing great promise in
How PCI 3.0 changes the PCI DSS penetration testing requirement(TechTarget) I saw that the PCI DSS 3.0 preview made penetration testing a requirement for everyone, including SMBs. Could you detail what exactly is required out of PCI DSS penetration tests to achieve compliance? What do you think would be the cheapest method for SMBs to meet this requireme
How Windows XP end of life conflicts with PCI DSS requirement 6.2(TechTarget) I work for a regional retailer, and we still utilize Windows XP machines throughout most of the organization. Our IT team has tried to convince higher-ups of the need to migrate to newer OSes, but they frankly don't seem to care, as long as the machines they have are still functioning. We process millions of card transactions a year, so we're obviously subject to PCI DSS requirements. I'm curious how Windows XP reaching end-of-life status will impact our PCI compliance status. Will it matter to a QSA that we're running XP machines, and if so, is there a way to stay compliant, particularly after XP updates end in 2014
NSA Surveillance Proponent Unsure if Program Will Continue(Defense News) A vocal proponent among US Senate liberals for controversial National Security Agency (NSA) surveillance efforts says the program could be shut down, and experts are unsure how many Americans' phone numbers have been gathered
A Coalition Unites To Fight NSA Overreach(TRNS) TRNS spoke with Linda Schade, the Communications Director for Defending Dissent, about what this call for action means and what those concerned with the invasion of privacy want
Spy Agencies Send Congress Faulty Contractor Data: GAO(Bloomberg) Civilian U.S. intelligence agencies have provided unreliable and incomplete reports to Congress since 2011 on the use of private contractors who perform core functions, according to a new congressional audit
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Security Analyst Summit 2014(Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.
Free OWASP Training and Meet Up(San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Nellis AFB - Technology & Cyber Security Expo(Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...
Cybersecurity Tax Credits Webinar(Online, March 11, 2014) Learn about tax credits designed to help your cybersecurity company grow in Maryland. Details will be presented by Jeffrey Wells, Executive Director of Cyber Development and Mark Vulcan, Esq., CPA, Program...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Fourth Annual China Defense and Security Conference(Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.