Brazilian hacktivists mature their plans to disrupt the coming World Cup on behalf of a basket of grievances against Brazilian policy and the social conditions they believe it engenders.
The Christian Science Monitor claims to have found a supply-chain angle to Stuxnet's incapacitation of Iranian nuclear facilities.
Facebook users are cautioned against a malicious "profile viewer" browser add-on that purports to reveal stalkers. A fix for a zero-day affecting Avaya's one-X 9608 IP telephones is expected to become available tomorrow. The IE zero-day that first surfaced in watering-hole attacks staged through a compromised VFW site continues to cause trouble in the wild.
Target's conference call provides a case study of how a large company handles a major breach with its investors: the breach, unsurprisingly, was addressed prominently.
The insurance sector continues to evolve its approach to cyber coverage, and to assessing the value of assets at risk to cyber attack. An interesting piece in the WillisWire discusses how much cyber insurance retailers need to carry against the sort of attack Target and Neiman Marcus sustained. The BBC reports insurers have denied coverage to power companies with weak cyber defenses. Where insurance goes, so goes litigation, and corporate directors now face derivative lawsuits following breach disclosures.
New products show the value the market may be placing on privacy. Two new phones with similar names are particularly interesting: Boeing's "Black" (for government markets) and Silent Circle/Geeksphone's "Blackphone" (for consumers).
The US Army releases a new field manual covering cyber security and operations.
Today's issue includes events affecting Australia, Brazil, Canada, European Union, Germany, Iran, Israel, Japan, Russia, United States..
Cyber Attacks, Threats, and Vulnerabilities
Hackers target Brazil's World Cup for cyber attacks(Reuters) Brazilian hackers are threatening to disrupt the World Cup with attacks ranging from jamming websites to data theft, adding cyber warfare to the list of challenges for a competition already marred by protests, delays and overspending
Security Researchers Discover Way to Log Touch Input on iOS Devices(Daily Tech) Security researchers have already proven that apps can be placed on Jailbroken iOS devices that enable background monitoring by third parties. However, security researchers from FireEye have announced that they have found a vulnerability on iOS 7 devices that allows the bypassing of the official app review process and allows the exploitation of iOS device that aren't even jailbroken
Ongoing NTP Amplification Attacks(Internet Storm Center) Brett, who alerted us earlier this month regarding the mass exploit against Linksys devices has surfaced a current issue he's facing with ongoing NTP amplification attacks
US Tax Season Phishing Scams and Malware Campaigns(US-CERT) In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that seek to take advantage of the United States tax season. The Internal Revenue Service has issued an advisory on its website warning consumers about potential scams
Why Target Breach was Preventable(GovInfoSecurity) The Target retail POS breach is the most talked-about incident in recent memory - and it was entirely preventable with available security solutions, says Adam Tegg, CEO of Wontok Solutions
Lessons Learned From The Target Breach(Dark Reading) The time is ripe for organizations to take a long hard look at how they manage employee access and secure sensitive data in cloud environments
California insurance exchange had 'vulnerability'(AP via News Daily) More than three months after it opened for business, California's online health insurance marketplace had what federal officials described as a potential security flaw in its computer system and one that had already been disclosed publicly
Jewish websites reportedly hacked(Cleveland Jewish News) Secure Community Network has received multiple reports from Jewish organizations indicating that their websites were hacked and defaced, according to an intelligence report sent by SCN to Jewish agencies and security directors Feb. 25
Electric Cars: Booming Sales Prompt Power Grid Cyber Attack Conerns(Inquisitr) Electric cars are attracting more buyers than ever before. Although the now more sporting looking vehicles may be better for the environment, they pose a great risk to the power grid. Not only are power grid segments in some cities already too overly burdened to sustain increased usage by a multitude of charging electric cars, the "refueling" stations themselves are reportedly extremely susceptible to cyber hacking
Security Patches, Mitigations, and Software Updates
97% of SaaS vendors use SAML-based single sign-on(Help Net Security) OneLogin and the Cloud Security Alliance today announced findings from their OneLogin 2014 State of SaaS Identity Management survey, which was conducted to better understand the maturity of SaaS vendors in their implementation of identity management solutions, security standards and assurance certifications
Why near-CDP is nudging true CDP from data protection landscape(TechTarget) Over the past few years, we've watched so-called near-continuous data protection overtake true CDP to become the de facto norm for organizations dealing with tight recovery time objectives. The reason why is simple — near-CDP is just plain good enough for most organizations
POS Systems and P.O.S. Hackers: How Much Cyber Insurance is Enough for a Retailer?(WillisWire) It's been about 2 months since the first of the stories broke on the multiple large-scale hacking attacks in the retail sector. The target in this recent round were the "Point of Sale" systems, the computers and card/pin pads formerly known as 'cash registers'. We have leaned since that several national retailers succumbed to the sophisticated series of hacks, losing millions of debit and credit card numbers in some cases
Governor's Cyber Aces Championship is Saturday(eNews Park Forest) Illinois' leading role in recruiting Veterans and career changers to enter the cybersecurity workforce shines this Saturday in the state's first ever Cyber Aces State Championship, the Illinois Department of Employment Security (IDES) said today
The hidden risk in Blackphone's "secure" communications(Quartz) Messaging, cheap phones, and the tensions between the telecom industry and web companies have been the overriding themes at the Mobile World Congress (MWC), an annual telecom-industry gathering in Barcelona this week. But another current has been flowing underneath the surface: security and privacy
Military-grade encryption tunnel scrambles voice, text and emails(Help Net Security) GOTrust Technology Inc. announced that National Institute of Standards Technology (NIST) has awarded the company Federal Information Processing Standards (FIPS) 140-2 level 3 certification for their SDencrypter microSD working on Android and many other Operating Systems including Windows and Linux
Cisco security strategy update: Cisco adds Sourcefire AMP to gateways(TechTarget) If the significance of Cisco's new security products and strategy could be distilled into a single, exasperated line, it would be the one uttered by its chief security officer, John N. Stewart. "It's different," Stewart said, "and it's about time something is different"
Data company Versium says it can bust fraudsters one email address at a time(TechTarget) Digital thieves can be difficult to spot before they strike. That's partly because traditional security methods haven't kept pace with technology, giving fraudsters a chance to exploit holes in the wall of fraud detection systems, said Chris Matty, CEO of Seattle-based Versium Inc., a predictive analytics startup
Cyber Security Startup Announces Release of Cyber War Games DDoS Module(Digital Journal) Today, MazeBolt Technologies, an Israeli based Cyber Security Startup announced the release of their DDoS Simulation module to strengthen their posture in the Cyber Security arena.A methodology commonly known in cyber security circles as a "War Games Simulation". A roleplay of realistic DDoS attack scenarios on your network infrastructure or website
Hexis Cyber Solutions Launches Worldwide Security Channel Program(Wall Street Journal) Hexis Cyber Solutions, Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), today announced the launch of its new Worldwide Security Channel Program, which is designed to extend the company's security footprint while providing sales and marketing resources to reseller partners throughout the world
FM 3-38: Cyber Electromagnetic Activities(Headquarters, Department of the Army) FM 3-38, Cyber Electromagnetic Activities, provides overarching doctrinal guidance and direction for conducting cyber electromagnetic activities (CEMA). This manual describes the importance of cyberspace and the electromagnetic spectrum (EMS) to Army forces and provides the tactics and procedures commanders and staffs use in planning, integrating, and synchronizing CEMA
Army experts talk cyber domain(Redstone Rocket) It's a war fighting domain that is ever-evolving and offers no easy answers for the fight, but is becoming all the more important as the Army heads into the future
EMP Effects and Cyber Warfare — Part I(The Jewish Voice) The Jewish Voice has been at the forefront of media outlets in providing much needed information to the public about U.S. critical electric infrastructure vulnerabilities. The effects of an electromagnetic pulse (EMP) attack in the form of high-altitude nuclear weapons and geomagnetic disturbances (GMD) from coronal mass ejections have been described within this publication over the past several weeks
Snowden to Testify Before European Parliament's LIBE Committee(Information Security Magazine) The question over whether direct testimony from US whistleblower Edward Snowden will be heard by the European Parliament (EP) has finally been settled. On Monday the Civil Liberties, Justice and Home Affairs Committee (LIBE) voted to accept testimony in relation to the parliament's inquiry into mass surveillance
Privacy or national security: Have spy agencies gone too far?(Globe and Mail) The Debate: Is your government gathering masses of cellphone information to protect you, or to invade your privacy? Spy agencies in the Canada, the United States and elsewhere have been caught harvesting huge amounts of potentially private data from laptops, tablets and cellphones of millions of people, including their citizens
NSA surveillance: A new door to court challenges?(AP via the Milwaukee Journal Sentinel) A Brooklyn man in prison for terrorism may have a new opportunity to challenge his conviction because the government only recently told him how it obtained evidence it intended to use against him. It was through one of the National Security Agency's secret surveillance programs
NSA now meddling with lawyers(Washington Times) The right of clients and attorneys to speak feely is under siege. In the months since Edward Snowden revealed the nature and extent of the spying that the National Security Agency (NSA) has been perpetrating upon Americans and foreigners, some of the NSA's most troublesome behavior has not been a part of the public debate.
Directors Sued for Cyber Breach(WillisWire (h/t BlackOps Partners)) After disclosure of a recent cyber breach, the company's board of directors was sued by shareholders in two separate legal actions—derivative lawsuits to be precise
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Cloud Expo Europe(, January 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex...
Suits and Spooks Security Town Hall(, January 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton...
Trustworthy Technology Conference(, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens...
Creech AFB Technology & Cyber Security Expo(, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is...
Nuclear Regulatory Commission ISSO Security Workshop(, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.