More information appears on recently reported cyber intrusions into US power utility networks: the incursions appear to have been cyber reconnaissance, which is consistent with Department of Homeland Security claims that no damage was found in control systems. One of the hackers mentioned in dispatches is Wang Dong (former nom de guerre "Ugly Gorilla," currently going by "Say Goodbye to my youth") whom regular readers will recognize from US indictments of Chinese PLA officers. Among the utilities affected was that of Madison, New Jersey, a smallish town that manages its own piece of the grid, and therefore an attractive test target.
The World Cup continues to spawn more cyber crime than effective hacktivism, but big sponsors remain on alert. Fans in Brazil to watch the games are advised to be wary of local AC/DC device chargers.
The Australian mining trade press discusses the difficulty of balancing security and operational efficiency, an act all industries will find familiar.
In industry news, Target's new CISO will report to the CIO, and observers differ over whether that will prove an effective organization. The US State Department has turned to bonuses (although it refuses to call them such) in its efforts to lure cyber talent from industry.
NIST 800-53 Revision 5 is likely to place more emphasis on continuous monitoring, and enterprises consider doing the same in anticipation of the new US security standard. Also in the US, the FCC revises its own cyber defense guidance for industry; the FAA pushes avionics cyber security.
Today's issue includes events affecting Australia, Bahamas, Belgium, Bolivia, Brazil, China, France, India, Indonesia, Israel, Malaysia, Netherlands, Romania, Russia, Taiwan, United Kingdom, United States, and Venezuela..
Security Tips for Football World Cup Fans(Lumension) The FIFA World Cup has kicked off in Brazil, with fans travelling to the country from around the globe in the hope that their country's football team will make it to the grand final
Taiwan Hit With Micropayment Fraud via Android Malware(TrendLabs Security Intelligence Blog) In our 1Q Threat roundup report, we noted that the number of mobile malware and high-risk applications reached the two-million mark and is rapidly growing. In our monitoring of the mobile threat landscape, we have recently discovered an Android malware that is spreading fast in Taiwan
Scans Quantify Vulnerable OpenSSL Servers(Threatpost) Certain mitigating factors made the recent OpenSSL man-in-the-middle vulnerability a notch or two below Heartbleed in terms of criticality. With that in consideration, it's probably no surprise that patching levels for CVE-2014-0224 aren't as high out of the gate as they were for Heartbleed
Heartbleed & The Long Tail Of Vulnerabilities(Dark Reading) To this day there are still unpatched systems, still hackers scanning for vulnerable systems, and still cyber criminals using Heartbleed every day to break into companies
Origin not hacked, EA confirms false alarm(SlashGear) This afternoon there's been a false alarm announcement by a supposed hacker group suggesting they'd breached Origin, lifting thousands of emails and passwords. In fact the emails included in a leak come up in Google searches as far back as several years ago, meaning the list was likely harvested from several already-public lists. EA suggests that "there is no truth" to the idea that there was a hack
Bitcoin security guarantee shattered by anonymous miner with 51% network power(Ars Technica) For the first time in Bitcoin's five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It's an event that, if it persists, signals the end of the crypto currency's decentralized structure
French Hospital's Computer "Bug" Trashes a Fortune in Perfectly Good Drugs(IEEE Spectrum) Last week saw another wave of healthcare-related IT malfunctions, problems, and issues being reported. This time, we turn our focus to a controversy currently capturing the attention of the French press: the startling admission by administrators at the university hospital in Rennes that perfectly good drugs and other medical supplies are being trashed as a result of technical issues with its relatively new automated pharmacy system
Bulletin (SB14-167) Vulnerability Summary for the Week of June 9, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
China's Huawei trains Indonesian ICT students(Xinhua via GlobalPost) China-based telecommunications giant Huawei held a commencement ceremony for Indonesian information and communications technology (ICT) students on Friday, seeking to transfer ICT skills to the largest Southeast Asian country through its training program
ZTE to Support Telkom Indonesia in Java Backbone Network Upgrade(Wall Street Journal) ZTE Corporation ("ZTE") (H share stock code: 0763.HK / A share stock code: 000063.SZ), a publicly-listed global provider of telecommunications equipment, network solutions and mobile devices, is pleased to support Telkom Indonesia in Java backbone network upgrade to deliver a 10-fold capacity increase in most of the network and will enable a superior user experience to subscribers
Raytheon broadens tech offerings as market shifts(Washington Technology) Whether a threat is kinetic or cyber, or comes from a terrorist group or a rogue nation, Raytheon offers the technologies to provide the U.S. government and other nations with the technologies to alert them to the threat and enable them to take action to neutralize the threat
Industry Veterans Join AlgoSec to Support Strong Growth in the Security Policy Management Market(IT Business Net) AlgoSec, the market leader for Security Policy Management, today announced the expansion of its executive team with the appointments of Eli Adler as General Manager of EMEA, Bruno Weinberger as Vice President of Strategic Alliances and Shelly Sarid as Vice President of Finance. The new executives will help drive the company's business model and growing market presence. In the first five months of 2014, the company continued on its track of fast growth, securing several 7-digit deals with global financial institutions, retailers and managed service providers
ZeroFOX Appoints Two New Vice Presidents to Lead Global Sales Teams(PR.com) ZeroFOX, The Social Risk Management Company™, today announced the appointment of two new vice presidents, Pano Paschaloudis and Stephen Weis, to augment the company's leadership team and further develop and execute its comprehensive sales vision to foster high volume revenue and dynamic sales growth
Products, Services, and Solutions
Stalker: A creepy look at you, online(CNN Money) While you were having a latte and hunting for a Tinder date on your local coffee shop's open Wi-Fi, you were giving away your personal information. Want to know how much? Stalker will tell you
Tenable Integration with Threatgrid Enhances Detection of Persistent Malware(Crowdsourcing.org) Tenable Network Security®, Inc., the leader in continuous monitoring of vulnerabilities, threats and compliance, announced its latest new source of threat analytics through an integration with ThreatGRID's malware analysis and threat intelligence solution. This integration enhances Tenable's dynamic library of known threats from the industry's top 25 antivirus vendors, improves accuracy and reduces the time to detect advanced malware that bypass traditional security controls
Google's after your health data with 'Google Fit' service(Naked Security) Google's about to jump into the growing fitness data marketplace — a mosh pit that consumer advocates are already calling a privacy nightmare — to wrestle with Apple and Samsung for the data created by fitness trackers and health-related apps
What's the leading cause of data loss?(Help Net Security) HDD crashes more than doubled in the last four years, prevailing as the most common cause of data loss according to customer data provided by Kroll Ontrack
The age of the quantified family is upon us(Quartz) We're one step closer to the quantified household. University of Virginia associate professor of computer science, Kamin Whitehouse, is leading a team that's designing the software to make it possible. "We need to not just be users of the internet of things, we need to also be objects in the internet of things," Whitehouse told a Massachusetts Institute of Technology digital summit last week
Bahamas Expects Official Response from US Addressing Spying Claims(Atlanta BlackStar) Foreign Affairs Minister Fred Mitchell said Wednesday that the Bahamian government will ensure that its relationship with the United States remains intact even if it discovers the controversial allegation that its National Security Agency (NSA) is recording and storing audio from every cellphone conversation in the Bahamas is true
New evidence US drug body spied on Bolivia, Venezuela(GreenLeft) In a May 19 article on US government spying for The Intercept, Ryan Devereaux, Glenn Greenwald and Laura Poitras publish leaked documents that show the US government may have used the Drug Enforcement Administration (DEA) to aid National Security Agency (NSA) spying on US citizens and non-citizens in foreign countries
FCC unveils 'new regulatory paradigm' for defeating hackers(Washington Post) In recent months, the Federal Communications Commission has quietly worked to expand its role among federal agencies charged with protecting the nation's networks from cyberattack. On Thursday, the agency sought to take the lead again, unveiling a new regulatory model aimed at helping phone companies and other telecommunications firms defend themselves from malicious hackers
What the Departure of Eric Cantor Means for National Security(Roll Call) Everyone is still digesting the fallout from this week's surprise primary election defeat of Majority Leader Eric Cantor, R-Va., but the part related to its effect on national security and foreign policy is pretty well-chewed, enough to examine it as a whole
Ruling Raises Stakes for Cyberheist Victims(Krebs on Security) A Missouri firm that unsuccessfully sued its bank to recover $440,000 stolen in a 2010 cyberheist may now be on the hook to cover the financial institution's legal fees, an appeals court has ruled. Legal experts say the decision is likely to discourage future victims from pursuing such cases
How to 'double your money on PayPal!' and why you should NOT try it(Naked Security) You can double your money by bilking PayPal with a loophole in its terms of service, according to a Romanian man convicted in 2012 of temporarily blocking the systems of the US Army, Pentagon and NASA. Cernăianu Manole Răzvan, who has published under his hacker handle TinKode in the past, was released a few months after Romanian law nabbed him
Global Summit on Computer and Information Technology(, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer...
NRC Cyber Security Seminar/ISSO Security Workshop(Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.
2014 Spring National SBIR Conference(Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...
MeriTalk's Cyber Security Brainstorm(Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
Suits and Spooks New York(, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.