Hacktivists strike Philippine government sites to protest new cyber legislation they regard as prejudicial to free speech. Some not-for-profit sites in that country are also defaced, this vandalism the work of some motiveless knuckleheads from Indonesia's Gantengers Crew.
University of Liverpool researchers demonstrate a WiFi virus that spreads virally, from infected device to uninfected devices. Unrelated WiFi issues lead analysts to advise Apple users to avoid unsecured WiFi networks until they apply newly available patches for iOS and MacOS.
Email-delivered e-ticket malware hits British Airways customers. (Aviation industry analysts warn, coincidentally, of a growing cyber threat to the sector.)
The IE zero-day exploit continues to make a nuisance of itself in the wild: Symantec and Bromium offer useful warnings and analysis.
As feared and forecast, ZeuS makes a successful raid on some Salesforce customers. More Android malware shows up in Tor.
A test version of Microsoft's EMET (recently the subject of an attack-bypass-code demonstration) is out.
Mt. Gox's collapse prompts divergent views of crypto-currencies' future(s): crisis or opportunity? In either case, greater regulation is likely.
CNBC toots out some conventional wisdom on investing in cyber companies.
ICANN's Security and Stability Advisory Committee has some interesting perspective and advice on denial-of-service attacks.
In the US, DARPA announces research into component security. Also, NSA's inspector general explains why Snowden should have taken his concerns to the IG.
Today's issue includes events affecting Finland, France, Indonesia, Israel, Japan, Kazakhstan, Mexico, NATO, New Zealand, Philippines, Turkey, United Arab Emirates, United Kingdom, United States..
Dissecting the newest IE10 0-day exploit (CVE-2014-0322)(Bromium Labs) Few days ago the news about a fresh Internet Explorer 10 zero-day exploit popped up. Now the exploit code is publicly available and we managed to analyze the vulnerability and find out some details that were not mentioned so far. At the time of writing this blog, this exploit is still unpatched
Android Botnets Hop on the TOR Train(Malwarebytes Unpacked) Botnet creators have attempted numerous tactics for hiding their presence, traffic and locations of their command and control (CnC) servers
EC-Council Says Its Servers Haven't Been Hacked(Softpedia) The EC-Council denies that its website has been hacked. The organization says that the hacker simply redirected the site's visitors via a DNS hijack to a defacement page hosted with a company located in Finland
Are you sure you want to unsubscribe from our mailings?(SecureList) Spammers are relentless in their attempts to bypass anti-spam filters and confuse recipients of spam. Recently we detected a mass mailing disguised as an automated reply to a request to unsubscribe from a news blog. The authors noted their regret at losing one of their subscribers and asked if the user really wanted to unsubscribe
Non-profit tax forms posted by IRS expose 630,000 SSNs(Help Net Security) An estimated 630,000 social security numbers (SSNs) on non-profit organizations' tax returns—Form 990s—have been posted online by charities and the IRS since 2001, leaving unprotected consumers at risk
How a founder almost lost his entire startup to social engineering(FierceCIO: TechWatch) The co-founder of a tech startup recently shared the story of how he almost lost access to his company's online service, which was hosted entirely on Amazon's EC2 cloud infrastructure. This was an almost eerie reenactment of what happened to a developer who lost his $50k Twitter account, with the only exception being that disaster was averted in this instance—though only narrowly so
Microsoft testing EMET's new protection mechanisms(Help Net Security) Just as researchers made public their successful attempt of creating attack code for bypassing the protections of the latest version of Microsoft's Enhanced Mitigation Experience Toolkit (v4.1), the Redmond giant has announced the preview release of EMET 5.0
Cybersecurity threats against aviation on the rise(FierceITSecurity) Cybersecurity threats targeting airports, airlines and air traffic control systems are on the rise, creating a $1.7 billion opportunity for IT security providers this year, estimates market research firm Visiongain
BlackBerry's Chen Would Consider BBM Sale, Spinoff in Future(Bloomberg BusinessWeek) BlackBerry Ltd. (BBRY:US) Chief Executive Officer John Chen said he'd eventually consider spinning off or selling the smartphone maker's BlackBerry Messenger service once he's built it into a more formidable competitor
IBM Buys Cloudant, Eyes Amazon's Turf(InformationWeek) IBM's planned Cloudant buy will advance cloud-based database services, but can the underlying database compete against Amazon DynamoDB, MongoDB, Couchbase, and DataStax
Bitcoin's life-or-death moment(BBC) Like many, I am gripped by the concept of Bitcoin. I am not talking about the value of the individual bits of the new virtual currency, which has had a somewhat volatile history and is currently spiralling down
The bitcoin industry embraces what it was built to avoid—rules and regulation(Quartz) Bitcoin was designed to be unregulated by any government or central authority. But according to some of the cryptocurrency's biggest supporters, the crash of the prominent bitcoin exchange Mt. Gox is the latest sign that bitcoin needs to adopt some sort of oversight if it is going to survive and thrive
Emanuele Conti Named Kroll CEO; Charlie Gottdiener Comments(Executive Mosaic) Emanuele A. Conti, Dun & Bradstreet North America president, will become the chief executive at Kroll Inc., effective April 1. Conti will be responsible for all operations at Kroll, a global provider of cybersecurity solutions, data, information and ediscovery services, the company announced Monday
CSG Invotas Introduces Board of Advisors(Wall Street Journal) CSG Invotas, the exciting new enterprise security business from CSG International, Inc. (NASDAQ: CSGS), today announced the addition of two new members to its advisory board
How investors should play the cybersecurity war(CNBC) As companies and governments battle to protect their systems from the threat of online attacks and malware, Bank of America Merrill Lynch has published a list of stocks that could gain from the global drive to improve cybersecurity
Damballa Addresses Advanced Threat Protection with HP(Yahoo Finance) Damballa, the experts in advanced threat protection and containment, today announced technology interoperability with HP that provides enhanced visibility of advanced threats within a network, automating and streamlining prevention and remediation. As a result, enterprises can reduce time to containment and the manpower required to keep up with advanced threat
Skybox Security Announces Skybox View Enterprise Suite 7.0(Fort Mill Times) Skybox Security, the leading provider of risk analytics for cyber security, today announced the achievement of a record milestone for integrations with network devices and security management systems, continuing Skybox Security's lead as the most comprehensive context-aware analytics solution for enterprise IT security
Guidance Software and Blue Coat Join Forces to Provide a 360-Degree View of Advanced Threats and Security Risks(Wall Street Journal) Guidance Software, Inc. (NASDAQ:GUID), the World Leader in Digital Investigations™, and Blue Coat Systems, Inc., the market leader in business assurance technology, today announced that they are partnering to deliver a groundbreaking approach for detecting evasive cyber threats. The partnership will integrate EnCase® Cybersecurity with the Blue Coat Security Analytics Platform to provide an unprecedented level of visibility into both network traffic and endpoint devices that will enable enterprises to close the gap between breach and detection
WhitePages Current For Android Now Protects Against "One Ring" Scam(TechCrunch) WhitePages Current, a free Caller and text identification application for Android users, has been updated today to counter the plague that is the "one ring scam." In case you're unfamiliar, scammers are now trying to exploit smartphone owner's "missed call" screen by programmatically dialing thousands of numbers per hour, all of which they immediately hang up on after just one ring
Identify and fix vulnerabilities in your SSL certificates(Help Net Security) DigiCert announced DigiCert Certificate Inspector, a tool designed to quickly find problems in certificate configuration and implementation, and provide real-time analysis of an organization's entire certificate landscape, including SSL termination endpoints
ICANN SSAC on DDoS, DNS and BCP 38(Spamhaus) ICANN's Security and Stability Advisory Committee (SSAC) document Advisory on DDoS Attacks Leveraging DNS Infrastructure, published this week, provides a much-needed touchstone for the Internet in its current state. DDoS attacks, such as the one directed at Spamhaus last spring, continue to grow in size
DARPA seeks to automate battlefield decision aids(GCN) Today's battlefield commanders have a spectrum of flexible and powerful tools, including manned and unmanned platforms, weapons, sensors and electronic warfare systems that interact over robust satellite and tactical communications links
A New Laser for a Faster Internet(California Institute of Technology) A new laser developed by a research group at Caltech holds the potential to increase by orders of magnitude the rate of data transmission in the optical-fiber network—the backbone of the Internet
MSU makes top three in cybersecurity education ranking(Mississippi Business Journal) According to a Hewlett Packard-sponsored survey by the Ponemon Institute, Mississippi State University's cybersecurity courses and degree programs rank among the top three for academic excellence and practical relevance
Le rapport interministériel sur la cybercriminalité à nouveau reporté(PCINpact) Avec trois mois de retard sur le calendrier initial, les conclusions du groupe de travail interministériel sur la cybercriminalité seront remises au gouvernement la semaine prochaine. Jean-Marc Ayrault en a fait l'annonce ce matin, lors de l'inauguration des nouvelles installations de l'Agence nationale de la sécurité des systèmes d'information
NATO debates policy for cyber defense of public and private sectors(Inside Cybersecurity) The prospect that NATO might formally do more to prevent and mitigate cyber threats to governments and critical infrastructure looms this week as the alliance prepares for a defense ministerial in Belgium that will pave the way for a major fall summit in Wales
Litigation, Investigation, and Law Enforcement
NSA watchdog: Snowden should have come to me(Politico) The National Security Agency's top watchdog slammed Edward Snowden on Tuesday for failing to follow official protocol in relaying his concerns about wayward intelligence gathering and also faulted Congress for not vetting the details of post-9/11 surveillance programs
Settlement talks in landmark data-breach case postponed(Inside Cybersecurity) A federal district court has postponed for more than two months a settlement conference in a data-breach case that could determine the Federal Trade Commission's authority to require security measures
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Nellis AFB - Technology & Cyber Security Expo(Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...
Cybersecurity Tax Credits Webinar(Online, March 11, 2014) Learn about tax credits designed to help your cybersecurity company grow in Maryland. Details will be presented by Jeffrey Wells, Executive Director of Cyber Development and Mark Vulcan, Esq., CPA, Program...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Fourth Annual China Defense and Security Conference(Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.