The Sochi Olympics (opening on February 7) continue to attract the attention of hacktivists, cybercriminals, and the security organs that work against them. Private security firms are heavily involved in preparations.
The Target data breach, for all of the ingenuity and effectiveness with which it was executed, appears to have employed what Forbes calls "bargain-basement malware": the BlackPOS exploit kit, available on the black market for $1800. BlackPOS is generally thought to be of Russian origin, but given its widespread availability this provenance is of limited use in attribution. The mechanism of infection also remains unclear.
Target's payment processing contractors probably face fines.
Neiman Marcus, the other known victim, is now the subject of a class-action lawsuit. Banks are seeing patterns of fraudulent card use that strongly suggest other compromised retailers.
Cisco patches three vulnerabilities in its Secure Access Control System.
Security worries slow enterprise cloud migration, but malware distributors show little compunction, increasingly hosting their wares in public clouds (especially Amazon and GoDaddy).
Recent data breaches have spurred business purchases of cyber insurance. Analysts differ over the effect of a recent US net neutrality court decision. Google buys security start-up Impermium. Google's recent purchase of Nest may be more about the consumer data Nest collects than about home automation. Privacy concerns have helped search engine DuckDuckGo gain users.
NIST will release its cyber security framework in the US next month; close scrutiny is expected.
Few observers expect US President Obama to announce significant surveillance policy changes in tomorrow's speech.
Today's issue includes events affecting China, European Union, France, India, Indonesia, Japan, Kenya, Republic of Korea, Democratic People's Republic of Korea, Pakistan, Philippines, Russia, Singapore, Syria, Turkey, United Kingdom, United States..
Monday is Martin Luther King Day, and the CyberWire will observe the holiday with a one-day hiatus.
Closing time for the open Internet(The New Yorker) Since 1970 or so, carriers like A. T. & T. and Verizon have been barred from blocking or degrading whatever is transported over their lines. Although, at the time, the rule primarily concerned long-distance voice calls, that principle, applied to the Internet, has become known more recently as net neutrality. It offers a basic guarantee: that content providers on a network—whether it be YouTube, Wikipedia, or bloggers—can reach their users without worrying about being blocked, harassed, or forced to pay a toll by the carrier. Policing that rule in its various guises has been a core mission of the Federal Communications Commission for the past four decades—and keeping carriers away from Internet content has been among the F.C.C.'s most successful policy initiatives since its creation, in 1934. It is the Magna Carta of the Web; today, there's not a tech firm or a blog that doesn't owe something to the open, unblocked Internet
Amazon and GoDaddy are the biggest malware hosters(Help Net Security) The United States is the leading malware hosting nation, with 44 percent of all malware hosted domestically, according to Solutionary. The U.S. hosts approximately 5 times more malware than the
Data transparency moves increase cyber-attack risks(Pharma Times) The drive for transparency of clinical-trial data in the pharmaceutical industry and associated sectors will inevitably increase the vulnerability of data networks to cyber-attacks, warns a hacking expert at professional services organisation Ernst & Young
Attacks spur surge in cyber insurance sales(Financial Times) Sales of "cyber insurance" policies have surged almost a third at AIG, the biggest standalone insurer in the US, as companies seek to protect themselves from a growing onslaught of cyber attacks and data breaches
Net Neutrality Change Already Turns Some Companies Into Winners(24/7 Wall Street) Verizon Communications Inc. (NYSE: VZ) is on the winning end of an argument about Net Neutrality. A US appeals court has overturned certain aspects of the so-called Net Neutrality laws, which effectively required Internet service providers to treat all web traffic equally without regard to the source. The court ruled that the FCC does not have the right to force providers to force carriers to be neutral
What Google can really do with Nest, or really, Nest's data(Ars Technica) Hint: it's not home automation. Google's acquisition of Nest for $3.2 billion this week has been heralded as the company's big move into home automation. Nest has made overtures about customer privacy, but given the size and profitability of its new owner's advertising and personal data business, the new relationship needs a closer examination
IDA-FireEye collaboration to boost cyber security in S'pore(Channel NewsAsia) Cyber security in Singapore will get a boost with the opening of a centre dedicated to developing expertise in the area. To staff the centre, global network security company FireEye aims to hire more than 100 cyber security professionals over the next two years
Private Messaging App Vendor Wickr Offers Hackers $100,000 for Bugs(Threatpost) Bug bounty programs, for the most part, have been the domain of large software vendors and Web companies such as Google, Mozilla, Microsoft, PayPal and Facebook. But some smaller companies are now getting involved, with the latest one to announce a bounty being Wickr, the maker of secure messaging apps for Android and iOS, and
Best big data value opportunity for investors(FierceBigData) Not everyone investing in big data is doing so by buying tools for their own use. Investors are eyeing vendor stock in hopes of reaping big returns too. If you're into investing in big data via the stock market, then you'll likely find the Splunk-Tableau-Verient debate interesting
NYPA shores up cyber defenses(FierceSmartGrid) The New York Power Authority (NYPA) is partnering with the Center for Internet Security (CIS) to facilitate real-time information sharing to reinforce NYPA's cyber defense capabilities and critical infrastructure assets against potential cyber threats. The partnership will allow NYPA access to the very best security analysis, and the sharing of information will boost NYPA's cyber defenses and ability to respond to cyber occurrences
Gaining the attention of Gen Y(SC Magazine) The increasing number of breaches continues to create awareness at enterprises that are increasingly bulking up their security programs. But, as the workforce demand continues to rise, the industry needs to get the attention of millennials to fill positions
Thomas Kennedy to Become Raytheon CEO March 31; William Swanson to Retire(Executive Mosaic) Thomas Kennedy, executive vice president and chief operating officer at Raytheon (NYSE: RTN) since April 2013, will serve as CEO of the defense technology maker starting on March 31. William Swanson, CEO for 10 years and a 41-year company veteran, will retire from the chief executive role on that date and continue to serve as chairman of the board of directors
Paul Casey Named Northrop UAE Intl Business Development Head(Executive Mosaic) Paul Casey has been appointed to serve as director of international business development for the United Arab Emirates at Northrop Grumman, Monday. Casey will lead the business development activities in the UAE and the rest of the Middle East region, the company announced Tuesday
Products, Services, and Solutions
Latest in privacy protection tools: GPS shifting for smartphones(FierceBigData) In the topsy turvy world we live perhaps it shouldn't come as surprise (although it is a bit shocking, actually) that a social discovery mobile dating app is among the first to come up with a feature to dislocate your location. Yes, you heard me right. A dating app that allows you to see other people that are close to your current location also enables you to cast a different location to others than where you are actually standing. It also lies about where you are to Facebook and other social media, to pesky retailers tracking you in their store and even to quite a few data brokers
DuckDuckGo continues to gain larger audience(FierceContentManagement) DuckDuckGo reported phenomenal growth last year, and it's no wonder. In a time when our privacy is continually being eroded, and every day there seems to be a new revelation about government surveillance, many people are looking away from major search engines like Google and Bing and moving to DuckDuckGo, a service that guarantees it doesn't save your search information
DissidentX from BitTorrent creator hides messages inside other messages(Slashgear) Recent events in the US and elsewhere have given rise to renewed and more mainstream interest in cryptography. But while the more popular methods are slowly proving to be inadequate, a stronger option might soon be available in the form of DissidentX, a software made by Bram Cohen, more popular for having created the BitTorrent file sharing protocol
Bitrot and atomic COWs: Inside "next-gen" filesystems(Ars Technica) Most people don't care much about their filesystems. But at the end of the day, the filesystem is probably the single most important part of an operating system. A kernel bug might mean the loss of whatever you're working on right now, but a filesystem bug could wipe out everything you've ever done… and it could do so in ways most people never imagine
Close look awaits NIST cybersecurity framework due next month(Federal Times) Almost a year after President Obama issued an executive order aimed at bolstering protections against computer hacking attacks, a key juncture comes next month when the government releases a framework for reducing the risks of cyber threats
Tiger Team Sets 2014 Privacy Agenda(HealthCareInfoSecurity) Privacy issues involved when patients authorize individuals to securely access their electronic health information on their behalf are among the topics the Privacy and Security Tiger Team will tackle this year
Next-generation authentication technologies emerge to restore balance(TechTarget SearchSecurity) Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication technologies. This handbook discusses emerging authentication technologies that reduce organizational risk while limiting user inconvenience
Anomaly Detection, Knowing Normal Is the Key to Business Trust and Success(SecurityWeek) Threats and attacks are steadily increasing, and business executives face new challenges with trust exploits. While organizations adopt cloud computing and allow employee-owned devices onto the network, the challenge of securing company data increases exponentially. When it comes to advanced persistent threats (APTs), bad actors take advantage of every exploit to steal information, and look for the weakest link in enterprise security systems
Why Cyber Security Is Not Enough: You Need Cyber Resilience(Forbes) With breaches on the rise, companies should focus on cyber resilience, not just cyber security. It's true. Cyber attackers have an edge on you. Just look at recent incidents of credit card information being stolen from Target and SnapChat users' names and cell phone numbers being published online
How do you know if your cloud is actually down?(Trend Micro Simply Security) These days, it is difficult to determine whether a cloud has actually gone down. There might be a brief outage, but caching and other systems kick in, and it is largely invisible. If your cloud-resident application is available and working for 90% of your audience, but not the other 10, is the cloud up or down? Is there an in between
Security warnings do better if they use scammers' tricks, research finds(Naked Security) Researchers at University of Cambridge's Computer Laboratory actually modeled their security warnings on scammers' messages in their research, using techniques such as authoritative voice and clear descriptions of risks to see if people would resisting clicking through to malware
Symantec Patents Method To Weed Out Fake Or Malicious Torrents(Ubergizmo) For the most part when it comes to downloading torrents, spotting a fake or one laced with malware is relatively easy as you would only have to scan the comments and the negative votes. However there are times when the torrent might be new or unpopular which means that comments and votes are not available, so how do you tell then if the torrent you are about to download is a fake or contains malware? Well thanks to a Symantec patent, it seems that the anti-virus company is hoping to help make your future torrent downloads a safer and much more informed one at that. After all no one likes spending hours downloading a torrent only to find out it's a dud, right
Penn State to Offer New Option in Cybersecurity and Information Assurance for its Master's Degree in Information Sciences(PR Web) In today's interconnected society, information systems are vulnerable to a myriad of threats such as unwanted intrusions, illicit insider corruption or dissemination of data, and unexpected losses from natural or man-made disaster. As a result, government and industry need to hire individuals who have the knowledge and training to combat the onslaught of cyber-attacks. To meet that demand, Penn State's College of Information Sciences and Technology (IST) has created a new option within its Master of Professional Studies (MPS) in Information Sciences program that is designed to prepare graduates to work in the areas of cybersecurity and information assurance in the federal government or private sector
Student Programmer Competition Promotes Creativity, Diversity(SIGNAL Magazine) A competition for student programmers will recognize the importance of other disciplines and focus areas than the ones commonly associated with science, technology, engineering and mathematics (STEM), such as art (design), diversity and digital literacy. "Dream it. Code it. Win it." is organized by MIT and TradingScreen and will award more than $50,000 in scholarships and prizes to winners of the competition. Entrants must be at least 18 years old and enrolled at accredited colleges and universities in the United States. The deadline for entry is March 30, 2014
Cyber-Security in Corporate Finance(ICAEW) New initiative tackles cyber-security threat to corporate finance sector. Understanding, anticipating and managing cyber-security risks in corporate finance is crucial for all company directors and advisers; it is not an issue to be dealt with only by IT and technical specialists
Obama Is Not About to Reform the NSA, Insiders Say(Foreign Policy) When President Barack Obama gives his much-anticipated speech on NSA surveillance Friday, he's unlikely to seize the opportunity to rein in the agency's vast surveillance programs. Instead, he will punt. Of the 43 recommendations from a panel that reviewed the agency's programs, Obama is expected to embrace very few, according to U.S. officials and news reports, leaving the harder task of long-term surveillance reform to Congress and the courts
Homeland security subcommittee approves the National Cybersecurity and Critical Infrastructure Protection Act of 2013(GSN) The Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies has approved the National Cyber Security and Critical Infrastructure Protection Act of 2013. The legislation primarily aims to fortify and codify many of the pre-existing national cyber security initiatives while prohibiting new regulatory authority at the Department of Homeland Security (DHS). It also allows private entities to interact with federal authorities to increase the level of cybersecurity across the board
San Diego Company Admits to Defrauding Defense Department of Millions(Department of Defense Inspector General) United States Attorney Laura E. Duffy announced today that San Diego-based Vector Planning & Services, Inc. ("Vector") entered into an agreement with the United States Attorney's Office in which it admits to criminally defrauding the Defense Department, and in which it agrees to pay restitution. Vector, which also has offices in Chantilly, Virginia, entered the agreement this afternoon in federal court in San Diego before U.S. Magistrate Judge William McCurine, Jr
Hackers Used Amazon's Cloud To Scrape LinkedIn User Data(Business Insider) Hackers have been using Amazon's powerful data center computers to scrape data from thousands of LinkedIn accounts in order to create fake profiles on the site, according to a new complaint the company has filed in the U.S. district court of Northern California
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FloCon2014(Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...
Cybertech — Cyber Security Conference and Exhibition(Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.
Cyber Training Forum at NGA(Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...
Security Analyst Summit 2014(Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.
The Insider Threat: Protecting Data and Managing Risk(Online, February 11, 2014) As recent events have demonstrated, the threats from inside government have the potential to be more harmful than the hacking activities of our enemies. Protecting sensitive government information from...
Free OWASP Training and Meet Up(San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Nellis AFB - Technology & Cyber Security Expo(Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.