As tensions among former Soviet republics persist, Armenian security services allegedly uncover a social media phishing campaign mounted by intelligence organs in neighboring Azerbaijan. Watch for increasing cyber operations in the region; expect, for example, Russia to deniably marshal some low-grade Uzbek cyber muscle against Ukraine.
Iraq's social-media clampdown is being widely evaded by users of mesh-networking app Firechat and censorship circumvention system Psiphon. The government imposed restrictions in response to ISIS's successful use of social media for information operations, but the surge in Firechat and Psiphon seems a grassroots phenomenon not directed by any faction.
State-directed hacking and other pressures aiming to repress speech and local political activity are eroding, observers fear, the "Basic Law" guaranteeing Hong Kong special autonomy within China.
AdaptiveMobile identifies a new mobile worm, "Selfmite," that spreads by SMS and propagates by texting contacts in the infected device's address book.
Self-installed versions of WordPress are found vulnerable to exploitation through a remote code execution zero-day in the latest version of the TimThumb plug-in's Webshot feature.
Be wary of all attachments arriving in unexpected email, even if (especially if) they purport to be judicial summons: they're currently carrying zip files with the Zortob Trojan as a payload. Zortob typically leads to a further Zeus infection.
The debate over a self-defense right to hack back continues, with a Slate op-ed arguing that the difficulty of attribution alone renders such putative rights problematic. NATO still struggles with Article 5's application to cyberspace — perhaps Estonia will offer useful counsel.
Today's issue includes events affecting Armenia, Australia, Azerbaijan, China, Estonia, European Union, India, Iraq, Ireland, Italy, Saudi Arabia, Syria, Taiwan, Turkey, United Kingdom, United States..
Hacker attacks and pressure from Beijing are killing free speech in Hong Kong(Quartz) When Deng Xiaoping sat down with Margaret Thatcher in 1984 to negotiate the terms of Hong Kong's handover from Britain to China, they hammered out an agreement that became Hong Kong's "basic law" and spelled out how China would govern the "highly autonomous" city. Among the rights accorded to all Hong Kong permanent residents are universal suffrage and freedom of speech, assembly, and demonstration
Indian Govt. websites down; no cyber attack(The Hindu) Some government websites, including those of the Prime Minister's Office, Lok Sabha, Rajya Sabha and key Ministries such as Finance and Defence, experienced outages on Wednesday evening
More on Hacking Team's Government Spying Software(Schneier on Security) Hacking Team is an Italian malware company that sells exploit tools to governments. Both Kaspersky Lab and Citizen Lab have published detailed reports on its capabilities against Android, iOS, Windows Mobile, and BlackBerry smart phones
Invasive Selfmite SMS worm uncovered(Help Net Security) AdaptiveMobile has discovered a previously unknown piece of mobile malware dubbed Selfmite. It spreads via SMS and fools users into installing a worm app which propagates by automatically sending a text message to contacts in the infected phone's address book
Google's Nest security warning after researchers show off 60-second hack(WeLiveSecurity) Google's Nest thermostat can be hacked in under a minute, according to a blog post and video posted by GTV Hacker. The hack, to be demonstrated in public at this year's Def Con conference in August, would allow attackers complete control over the device and access to the user's home network
Cloud app logins reused in piracy scam(ComputerWeekly) Software piracy will remain prevalent even as more applications are delivered over the internet in a software-as-a-service subscription model, according to the BSA Global Software Survey
The Right to Bear Denial-of-Service Attacks(Slate) Do we need a Second Amendment in the cyber world? Maybe the only thing Americans agree on anything when it comes to the Second Amendment is that the "right of the people to keep and bear arms" is all about guns and gun control. We're very used to seeing that language invoked around incidents of gun violence. So it was striking to see the logic of the National Rifle Association applied to a completely different context in a piece about cybercrime in the New York Times on June 21, in which Jeffery Stutzman, the vice president of the cybersecurity intelligence sharing consortium Red Sky Alliance, is quoted as saying, "I do really believe there should be a Second Amendment right in cyber"
Organizations Blind to Location of Sensitive Data Says New Research Report(Informatica) Informatica Corporation (Nasdaq:INFA), the world's number one independent provider of data integration software, today announced the availability of a new research report by the Ponemon Institute LLC, entitled, The State of Data Centric Security. Based on a global survey of more than 1,500 IT and IT security professionals, the study reveals how organizations understand and respond to data security threats in today's information-everywhere world
Are Social Media Giants Betraying Your Trust?(ComputerWorld) Revelations about the National Security Agency's widespread surveillance of online activity has roused the ire of social media firms, but it also reveals the extent to which these companies are at least partially to blame. How much of this personal data would be available if these companies weren't collecting and mining it for profit in the first place?
Hackonomics: Cybercrime's cost to business(ZDNet) How much does getting hacked actually cost a business? Looking closely at the cyber black market's cost factors is worrying, but offers insight into keeping crime's cost low
Ex-NSA Chief Will Give Bankers What They Deserve(Money News) General Keith Alexander, the now-retired National Security Agency (NSA) director who was once Edward Snowden's boss, hung out his consulting shingle this month. His IronNet CyberSecurity firm already has a hot prospect: the Securities Industry and Financial Markets Association (SIFMA)
Crowdsourcing Finding Its Security Sweet Spot(Threatpost) Pulling in security help on a project has traditionally meant either hiring more full-time help, or bringing in an outside consultant. Enterprises and vendors alike, however, are starting to really go outside the perimeter these days and are taking advantage of crowdsourcing
Cyber Squared Inc. Named "Hottest Bootstrap" Company in the Washington D.C. Area by NVTC(Digital Journal) Cyber Squared Inc. won the "Hottest Bootstrap" award at the 13th Annual Northern Virginia Technology Council's (NVTC) Hot Ticket Awards held on Tuesday, June 24, 2014 at Redskins Park in Ashburn, VA. Cyber Squared is a global provider of threat intelligence and security technology solutions and is the company behind the leading threat intelligence platform, ThreatConnect™
Products, Services, and Solutions
"Towelroot" app makes it easy to root Galaxy S5 and other locked Androids…(Naked Security) In the Hitchhiker's Guide to the Galaxy, cool and well-informed space travellers (hoopy froods, in the vernacular) always know where their towels are. Now, owners of Samsung Galaxy phones, notably the S5, can take frood-like control over their devices, thanks to a hoopy new tool called Towelroot
HackPorts — Mac OS X Penetration Testing Framework and Tools(Kit-Ploit) HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a 'super-project' that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines
ThreatTrack Security Enables Enterprises to Assess their Exposure to any Malware Threat(Broadway World) ThreatTrack Security today released ThreatAnalyzer 5.1, the latest version of the company's fully customizable dynamic malware analysis solution. ThreatAnalyzer enables organizations to recreate their entire application stacks including virtual and native environments in which to detonate malicious code and discover how malware will behave on their networks. By executing files and links within ThreatAnalyzer, cybersecurity professionals can completely and accurately quantify their risk and exposure to Advanced Persistent Threats (APTs), targeted attacks and Zero-day threats designed to evade signature-based defenses
Panda Security Stop APTs with Cloudy Big Data(PR.com) Panda Advanced Protection Service (PAPS) is a managed service for monitoring applications which uses a disruptive approach as opposed to the traditional system of detecting malware based on blacklists. The new service provides continuous monitoring and visibility of all actions performed by applications on the network
ForeScout CounterACT Secures BYOD Program for Long Road Sixth Form College(IT Business Net) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced that Long Road Sixth Form College in Cambridge has selected ForeScout CounterACT to ease the roll-out of its bring your own device (BYOD) program by providing real-time visibility of what is connected to the network
Stop Targeted Attacks Dead in Their Tracks with an Incident Response Team(Trend Micro: Simply Security) The thrilling and terrifying thing about working in the cyber security industry is the rate at which threats evolve. It seems like just yesterday we were talking about large scale worm outbreaks like Conficker and Storm. Infecting corporate and personal machines in their millions, these big name attack campaigns garnered plenty of headlines and caused a fair amount of disruption. But what has increasingly taken their place is far worse, and requires a much different, cross-organizational response
Ireland's leading teenage programmers to compete in Taiwan(Silicon Republic) After several rigorous selection rounds of the All Ireland Programming Olympiad (AIPO), four young secondary students have been selected to represent Ireland for the 2014 International Olympiad in Informatics (IOI) in Taiwan
Report underlines China's cyber security challenges(Xinhua via Global Post) Cyber security is the most important issue that China has to address in developing its new media, according to a report released Wednesday by the Chinese Academy of Social Sciences
Cybercom Chief: Partners Vital to Defending Infrastructure(American Forces Press Service) Building partnerships among the federal government, the private sector and academia is vital to bringing together capabilities in the defense of critical infrastructure, the commander of U.S. Cyber Command said yesterday
NSA says it has no record of Snowden challenging spying(The Hill) The National Security Agency says it has not been able to find a single recorded case where former contractor Edward Snowen raised complaints about the agency's operations. The claim, revealed in response to a Freedom of Information Act request from investigative reporter Jason Leopold, undercuts Snowden's claim that he raised concerns with his superiors before leaking top-secret spy agency documents to the press
This is what you'll see when Google removes 'Forgotten' search results(Engadget) It was only a matter of time until it happened, but Google has now started removing search results from its listings as part of the European Commission's "Right to be forgotten" ruling. The Wall Street Journal reports that the company started implementing the blocks earlier today, weeks after it first started allowing individuals to request that the search giant remove listings that turned up against searches for their own names. Google says it has begun notifying successful applicants that their requests have been accepted, and we're already noticing some high-profile searches are displaying removal notices
Motion to dismiss filed in NSA spying class action(Legal Newsline via the Washington Examiner) The defendants have filed their motion to dismiss in a lawsuit that alleges the National Security Agency conducted surveillance and intelligence-gathering programs that collected data from American citizens
UK police forces fail to impress in ICO audit(ComputerWeekly) Only one out of 17 UK police forces audited by the Information Commissioner's Office achieved the highest possible assurance rating for compliance with UK data protection laws
Queensland man charged over Bitcoin theft(ITNews) Accused Riot Games hacker nabbed again. A 21 year-old Queensland man who was charged with hacking US games developer Riot Games earlier this year has been charged again for stealing around $110,000 worth of Bitcoin during the attack
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
The Hackers Conference(New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.