skip navigation

More signal. Less noise.

Daily briefing.

T-Mobile is reportedly preparing to warn subscribers of a significant data compromise originating in a third-party supplier's network.

Another Java exploit strikes, this time in Yahoo!'s advertising servers.

SnapChat continues to repair the damage done by mishandled telephone numbers, and prepares various security upgrades. Observers see the episode as a case of a familiar tendency in start-ups: prioritizing growth over security.

The OpenSSL defacement turns out not to have been a hypervisor hack after all. Skype confirms that the Syrian Electronic Army's webpage defacements did not involve any data compromise; Microsoft tweets advice on recognizing phishing.

China's online payment platform Alipay is notifying customers (and apologizing to them) over a three-year-old data breach.

Online gaming continues to suffer security issues. Steam and Origin suffered denial-of-service attacks last week, and a breach at the World Poker Tour Amateur Poker League compromised player data (many players had US Government e-mail addresses). (The United Nations Office on Drugs and Crime notes that online gaming and micropayment platforms are increasingly favored by cyber-criminals laundering money.)

Bruce Schneier, formerly of BT, now CTO of Co3 Systems, cautions that the Internet of Things is "wildly insecure, and often upatchable."

FireEye's acquisition of Mandiant caused the buyer's share price to pop last week. Forbes sees the enhanced company as combining cloud– and SaaS–based security with incident response.

The US Congress seems unlikely to enact intelligence legislation soon, but the President is preparing to announce various reforms, including a "public advocate" position in the Foreign Intelligence Surveillance Court.

Notes.

Today's issue includes events affecting Australia, China, France, India, Japan, Republic of Korea, Nigeria, Russia, Slovenia, Syria, United Arab Emirates, United Kingdom, United Nations, United States..

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

FloCon2014 (Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...

NASA Langley Cyber Expo (Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...

cybergamut Tech Tuesday: Malware Reverse Engineering - An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, January 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer...

CANCELLED DUE TO WINTER STORMS: cybergamut Tech Tuesday: Malware Reverse Engineering — An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, January 21, 2014) This talk has been cancelled. Please consult cybergamut for scheduling updates.

Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.

Cyber Training Forum at NGA (Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.

The Insider Threat: Protecting Data and Managing Risk (Online, February 11, 2014) As recent events have demonstrated, the threats from inside government have the potential to be more harmful than the hacking activities of our enemies. Protecting sensitive government information from...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.