The Financial Times traces the history of Russian cyber operations against Ukraine, which it suggests preceded the Crimean annexation by years.
Past Anonymous campaigns have fizzled often enough, but the cyber assault against World Cup sponsors has already achieved nuisance levels. Security experts think this time Anonymous have done a lot of preliminary work on quietly gaining access to its targets' networks.
Vodaphone's transparency report indicates that government surveillance in Vodaphone's markets is more widespread than hitherto suspected.
The FBI's good work notwithstanding, GOZeuS remains a threat globally.
"SimpleLocker" is in the wild: the first ransomware designed for Android.
OpenSSL warns its users to update their SSL.
Linksys updates firmware for its E4200 router, closing an authentication bypass vulnerability.
Microsoft is expected to issue eight fixes on Patch Tuesday. Among them will be patches to an IE 8 zero-day.
Financial institutions (long among the most cyber-savvy business) still lack confidence in their security controls. Energy utilities remain a prime critical infrastructure target, and observers wonder how secure their industrial control systems are.
Google pulls its competitors' collective nose with a study showing how little email is actually encrypted.
The US Secret Service wants automated help detecting social media sarcasm. A worthy goal, but difficult enough for actual humans, so observers are widely moved to skepticism.
It's the seventieth anniversary of D-Day, so spare a thought for the veterans of Gold, Juno, Sword, Utah, Omaha, and the drop zones behind them. (A thought for the French citizens who welcomed them, too.)
Today's issue includes events affecting Albania, Australia, Belgium, China, Czech Republic, Congo, Egypt, Fiji, Finland, France, Germany, Ghana, Greece, Hunagary, India, Ireland, Italy, Kenya, Lesotho, Malta, Mozambique, Netherlands, New Zealand, Portugal, Qatar, Romania, Russia, Singapore, South Africa, Spain, Tanzania, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States..
the CyberWire will provide special coverage of next Tuesday's Cyber 5.0 Conference in Howard County, Maryland. We'll be live-Tweeting from the event.
Cyber Attacks, Threats, and Vulnerabilities
Kremlin alleged to wage cyber warfare on Kiev(Financial Times) Russia's physical invasion of Crimea may have begun in late February, in the days after the removal of Ukraine's president Viktor Yanukovich, but the infiltration of Kiev's computer systems began years before
Why Anonymous threats should not be ignored(Help Net Security) International hacktivist group Anonymous is causing fear within the business and technology community once again, after a supposed Anonymous spokesperson warned that World Cup sponsors are next on the hit list
UAE is hit hard by GameOver Zeus virus(Khaleej Times) The malware, which the FBI terms "extremely sophisticated", can steal banking and other passwords from the computers it infects and mostly spread through spam e-mail or phishing messages
Hacking Apple ID?(TrendLabs Security Intelligence Blog) The many announcements at Apple's 2014 Worldwide Developers Conference (WWDC) this week was welcome news to the throngs of Apple developers and enthusiasts. It was also welcome news for another group of people with less than clean motives: cybercriminals
US state and local government bodies lack cyber defences(Financial Times) Cyber criminals on the hunt for poorly protected confidential data are circumventing the US federal government and targeting state and regional authorities on the basis that they have fewer resources to defend themselves
It's The Security, Stupid!(TechCrunch) It's 2014. Do you know where your security is? On Tuesday, Google published a full account of the current state of encryption in email, revealing that some leading providers like Comcast and France's Orange encrypted nearly none of the email that approached its servers. The news this week seemed to confirm many of our worst fears about the state of security on the Internet (as it does most weeks)
If attorney needed to explain cyber coverage, the policy is not clear(Advisen Cyber Risk Network) Advisen: What do you see as the greatest cyber risks today? Scott Godes: The theft of credit card and financial-related information from retailers, credit card processors, and others. These are crimes, and ultimately, everyone pays a price because the crimes have happened, no matter what entity bears the liability
Product review: Check Point Software UTM Threat Prevention Appliances(TechTarget) The Check Point Software Next Generation Threat Prevention Appliances are the latest in a long line of security products from the vendor whose brand is synonymous with firewalls. Check Point has one of the best united threat management approaches, providing solid products — both for the high and low ends of the market — with the essential features enterprises look for
Trend Micro in pact with Broadcom(Voice and Data) Security software provider Trend Micro has partnered with Broadcom Corporation for developing an integrated security solution that will protect home security networks from cyber threats
KnowBe4 Says "We'll Pay Your Crypto-Ransom If You Get Hit"(Insurance News Net) In a bold move, IT security firm KnowBe4 announced it will pay a company's ransom in Bitcoin if they get hit with ransomware due to human error of an employee. Security experts agree It will only be a matter of weeks before CryptoLocker or a variant will be back in business as the criminals who created it are still on the loose. When it does come back, KnowBe4 is confident it can help organizations protect their employees and networks through its Kevin Mitnick Security Awareness Training
Cyber Essentials scheme launched(Business-Cloud) Companies are overwhelmed by advice from vendors around how to protect against Internet based threats. Now the UK Government has issued its own advice
Set up email encryption in half an hour(Help Net Security) As part of the global Reset the Net action, the Free Software Foundation, a non-profit organization that promotes computer user freedom and aims to defend the rights of all free software users, has released Email Self-Defense, a step-by-step guide that can teach even low-tech users how to use email encryption
What Are Cryptocurrencies?(Cointelegraph) Cryptocurrencies are a form of digital money that rely on distributed networks and shared transaction ledgers to combine the core ideas of cryptography with a monetary system to create a secure, anonymous, traceable and potentially stable virtual currency
Identify stolen credentials to improve security intelligence(Help Net Security) Data is the heart of an organization, and IT security teams are its protectors. Businesses spend billions of dollars per year setting up fortresses to safeguard data from anyone who dare try to take it. The latest forecast from analyst firm Canalys has IT security spending increasing to $30.1 billion by 2017. Despite this investment, data breaches are on the rise
KEYW Partners With the University of Central Florida to Provide Big Data Visualization Framework(MarketWatch) The KEYW Holding Corporation KEYW +10.01% announced today that its subsidiary, The KEYW Corporation, entered into a formal partnership with the University of Central Florida (UCF) formalizing teaming efforts focused on research and development in the critical cybersecurity domain. The newly signed agreement provides KEYW and UCF with a framework to work and collaborate on task orders related to big data visualization efforts
A safe bet for turning a college degree into a job(CNBC) When word first got out that Case Western Reserve University in Cleveland, Ohio, was planning to build two degree programs specializing in big data analytics, vice provost of undergraduate education Donald Feke's in-box filled up with inquiries from students clamoring to get in—long before the programs were ready
White House looking to Capitol Hill on cyber(FCW) White House adviser Ari Schwartz goes about the business of explaining the Obama administration's cybersecurity goals methodically. At multiple recent conferences for cybersecurity professionals in the Washington, D.C., area, Schwartz has offered updates on threats as varied as Heartbleed and the Chinese hackers indicted by the Justice Department
One Year Later: Snowden Disclosures' Effect on Secret Laws(Roll Call) One year ago, on June 5, 2013, Edward Snowden revealed that he had provided several reporters with access to documents he had taken from the National Security Agency. The subsequent carefully researched and thoughtfully written stories blew the lid off much of the secrecy that the National Security Agency, the Foreign Intelligence Surveillance Court, the Department of Justice, and the intelligence community had imposed on the communications surveillance in which our government had been engaging
I'm Willing to Die for Your Online Freedom (but I'm hoping it doesn't come to that).(Politico) My name is Brian Zulberti. I'm a lawyer. For the past three days I have been on a hunger strike outside the Supreme Court of the United States. I am going to remain here until coverage or death. More specifically, I want 90 seconds on a major national television network, during prime time, to warn the nation about the dangers of social media-related firings. I will fast until either I get that 90 seconds or I die
Fight internet surveillance, Reset The Net(Naked Security) It's a year since the name Edward Snowden became world famous and a year since we learned that the USA's National Security Agency has infiltrated the internet like an aggressive fungal mycelium
Jonathan Zittrain and L. Gordon Crovitz Debate the Future of Internet Governance(Harvard: Berkman Center for Internet and Society) The recent move by the United States to relinquish its role in the assignment of Internet names and numbers has generated a wide range of predictions for the future of Internet governance. Join Professor Jonathan Zittrain and Wall Street Journal Columnist Gordon Crovitz in a Google Hangout starting at 2:30pm as they debate the impact of ICANN's independence on the Internet and its role in society as an open platform
Vice-minister calls US cybersecurity gripes hypocritical(China Daily) China has criticized the United States for being hypocritical and hegemonic in cybersecurity and urged it to stop eavesdropping on other countries and individuals, said a senior Chinese diplomat, following a series of spats between the two countries involving cyberspace
Litigation, Investigation, and Law Enforcement
Vodafone admits some governments have free reign to eavesdrop on calls(Engadget) Gone are the days when we thought governments could only access our phone calls through official, naive-sounding procedures like "warrants." Nevertheless, it's only now, after the whole Snowden / NSA blow-up, that companies like Vodafone are trying to be more transparent
Judge orders feds to preserve surveillance data(Politico) A federal judge affirmed Thursday that the U.S. Government must preserve records of National Security Agency surveillance relevant to ongoing lawsuits challenging the legality of the practice, including data gathered under a controversial provision allowing harvesting of foreigners' U.S.-based e-mail and social media accounts
Man fined $8,000 for Istana website hack(The Straits Times) A businessman who was fined $8,000 yesterday for hacking into the Istana website is the first to be convicted of carrying out a cyber attack on a government website here
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber 5.0 Conference(Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
NRC Cyber Security Seminar/ISSO Security Workshop(Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.
SC Congress Toronto(Toronto, Ontario, Canada, June 17 - 18, 2014) SC Congress Toronto is Canada's premier information security conference and expo experience. Join us for this year's SC Congress Toronto on June 17-18, 2014! The two-day gathering brings industry thought...
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
MeriTalk's Cyber Security Brainstorm(Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
INSCOM Cyber Day(Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber)...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.