skip navigation

More signal. Less noise.

Daily briefing.

An unusual feature of recent denial-of-service attacks on gaming sites has been their abuse of the Network Time Protocol (NTP). Similar in effect to DNS-amplification attacks, successfully executed NTP attacks may herald a shift in hacker tactics toward this formerly seldom-used technique.

Consumers continue to feel the effects of Target's payment card breach. Financial institutions work to soften the blow, and other retailers upgrade their point-of-sale systems.

A motive for the Yahoo! malvertising campaign may have emerged: BitCoin mining. A different malvertising attack has hit South Africa, as visitors to the Mail and Guardian site are redirected to a server in the Netherlands, and thence into the hands of criminals.

IntelCrawler identifies a new class of botnet spying on smartphone users. "XXXX.apk" illicitly gathers location information and (perhaps) details on connections to home networks. Other researchers find smartphone personal banking apps "leaky."

Ransomware spoofs a warning from New Zealand police and demands payment in Ukash.

The SnapChat leak turns out to have been inadequately redacted by the professed white hats who published it. Other researchers find they can extract a surprising amount of information (those working on anonymization, take note).

Researchers find, and Siemens fixes, zero-days in Siemens switches.

Defense intellectuals turn their attention to cyber conflict and the prospects of deterrence.

The US President is thought likely to adopt his surveillance review panel's recommendations on curbing surveillance of allied leaders. EU suspicions of economic espionage rise.

The Australian teenager who discovered Victoria's Metlink vulnerability was rewarded with police attention.

Notes.

Today's issue includes events affecting Australia, China, European Union, Ireland, Japan, Republic of Korea, Netherlands, New Zealand, Russia, South Africa, United Kingdom, United States..

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

IT Security Entrepreneurs Forum (ITSEF) 2014 (, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...

FloCon2014 (Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...

NASA Langley Cyber Expo (Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...

Federal Intel Summit (, January 1, 1970) The Potomac Officers Club is proud to host the 2014 Federal Intel Summit featuring Congressman Mike Rogers and leadership from across the Federal Agencies focused on protecting our national interests.

cybergamut Tech Tuesday: Malware Reverse Engineering — An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (, January 1, 1970) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer...

Federal Mobile Computing Summit (, January 1, 1970) The Federal Mobile Computing Summit: Digital Government Strategy II will feature government leaders who played an instrumental role in the development of the DGS and worked on the resulting deliverables.

Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...

2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.