The Twitter-savvy insurgents of ISIS/ISIL have proclaimed a caliphate in the swath of territory it controls in Iraq and Syria. Rivals and enemies (including its more mainstream cobelligerents in al Qaeda) don't swallow this, but the proclamation has prompted two responses of interest to those concerned with cyberspace. First, Anonymous tries to grab a headline by promising an operation against ISIS supporters (prominently among whom Anonymous numbers Saudi Arabia). Second, Qatar and Iran discuss cooperation against ISIS and in support of the embattled Iraqi government. Any such cooperation would have a strong cyber element.
The Syrian Electronic Army counters ISIS indirectly, with an attack on Israeli Defense Forces sites calculated for locally crowd-pleasing effect.
New banking malware, "Emotet," is sniffing data transmitted via HTTPS. So far most infections are reported in Germany, but users in Asia and North America have also been affected.
Sophos Labs offers more information on "Andr/SlfMite-A," an Android worm spreading by SMS.
ICS-CERT warns that Havex industrial control system malware has appeared in three vendors' update installers (details available from US-CERT's secure portal).
A study of "emotional contagion" (conducted by researchers at Facebook, Cornell, and the University of California San Francisco on Anglophone users of Facebook's News Feed) attracts considerable attention, mostly negative. Was there informed consent? Proper human subject research review?
Microsoft responds to Canada's anti-spam law by stopping email security updates. Some observers think this passive aggressive, but the law is clearly having unintended consequences.
eWeek offers an overview of cyber threat-intelligence sharing communities.
Today's issue includes events affecting Canada, European Union, Germany, Iran, Iraq, Israel, Malaysia, Qatar, Saudi Arabia, Syria, United Kingdom, United States..
We'll be taking Friday off as we observe the US Independence Day holiday. The CyberWire will resume normal publication on Monday, July 7.
Banking malware sniffs out data sent over HTTPS(Help Net Security) Careful online banking users can sometimes spot that something is amiss when malware installed on their computer pops up phishing pages or adds fields to legitimate banking forms. But the Emotet banking malware doesn't bother with that, and sniffs out data sent over secured connections instead
Exploiting wildcards on Linux(Help Net Security) DefenseCode released an advisory in which researcher Leon Juranic details security issues related to using wildcards in Unix commands. The topic has been talked about in the past on the Full Disclosure mailing list, where some people saw this more as a feature than as a bug
How does a rogue ad network function?(Help Net Security) It's a well known fact that a considerable chunk of Internet traffic is bogus, made by infected computers that visit sites and click on adverts chosen by malicious actors
ICS Malware Found on Vendors' Update Installers(Threatpost) Malware targeting industrial control systems has infected the update installers belonging to three known industrial control vendors, according to an advisory from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
Experimental evidence of massive-scale emotional contagion through social networks(PNAS) We show, via a massive (N = 689,003) experiment on Facebook, that emotional states can be transferred to others via emotional contagion, leading people to experience the same emotions without their awareness. We provide experimental evidence that emotional contagion occurs without direct interaction between people (exposure to a friend expressing an emotion is sufficient), and in the complete absence of nonverbal cues
Facebook is learning the hard way that with great data comes great responsibility(Quartz) Facebook released the results of a study where its data scientists skewed the positive or negative emotional content that appeared in the news feeds of nearly 700,000 users over the course of a week in order to study their reaction. The study found evidence of "emotional contagion," in other words, that the emotional content of posts bled into user's subsequent actions
Facebook's massive psychology experiment likely illegal(BoingBoing) Researchers from Facebook, Cornell and UCSF published a paper describing a mass-scale experiment in which Facebook users' pages were manipulated to see if this could induce and spread certain emotional states. They say it was legal to do this without consent, because Facebook's terms of service require you to give consent for, basically, anything
The Numinous Veil Of Ignorance(TechCrunch) I seem to be on the wrong side of the Facebook experiment issue. I'm referring to the news which broke recently that Mark Zuckerberg himself (no, not really) conducted an experiment in 2012 to test whether influencing what a user sees in turn affects what they post. If they were shown more negative material, for example, did they become more negative? The answer is yes. The conclusion? Facebook seems able to influence our moods (well, sort of)
Bulletin (SB14-181) Vulnerability Summary for the Week of June 23, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Google Drive update fixes data-leaking flaw(Help Net Security) Google has fixed a security issue that made some of the files stored on Google Drive and shared with friends or colleagues via a direct link potentially reachable by unauthorized third parties, and calls users to remove previously shared documents
Microsoft Kills Security Emails, Blames Canada(Krebs on Security) In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company's recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software
Why security awareness matters(Help Net Security) In this interview, Paulo Pagliusi, CEO at MPSafe Cybersecurity Awareness, talks about the value of security awareness and how it influences the overall security posture of an organization
Lockheed Martin develops hybrid cloud for Air Force(C4ISR & Networks) Lockheed Martin is developing a hybrid cloud that will enable the U.S. Air Force to migrate to a cloud-based system. Lockheed claims that this will offer lower costs, better service and greater agility for 800,000 Air Force users
Keeping pace with cyber training(C4ISR & Networks) Report after report continues to surface warning about the shortage of properly skilled cyber security resources. Last year, the DHS inspector general reported that the National Cybersecurity and Communications Integration Center "does not have sufficient resources to provide specialized training to incident responder." The report documented that between 2009 and 2013 only 10 of the 22 (or about 45 percent) analysts had the needed technical training
ZeroFOX Supports Maryland Tech Workforce as Member of the Central Maryland IT/Cyber Consortium(PR.com) ZeroFOX, The Social Risk Management Company™, announced that the Central Maryland IT/Cyber Consortium has been awarded an implementation grant through EARN (Employment Advancement Right Now) Maryland. The grant funds will be used to develop an innovative workforce development program and provide Marylanders with hands-on training and education through apprenticeships at partner companies
AxCrypt. It's Good And Bad News.(Gizmo's Freeware) Last week I recommended that you take a look at Cryptainer if you need a replacement for the now-defunct TrueCrypt encryption product. A handful of people have suggested that another free program, AxCrypt, is also a suitable replacement, and I promised to take a look at it. So here goes
Panda Security Launches Panda Advanced Protection Service(IT News Online) Panda Security has launched Panda Advanced Protection Service (PAPS), a new managed service for monitoring applications which uses a disruptive approach as opposed to the traditional system of detecting malware based on blacklists
Cisco Web Security and the Health Insurance Portability and Accountability Act (HIPAA)(Cisco Blogs) Spurred by the Health Insurance Portability and Accountability Act (HIPAA), which outlined a set of standards and guidelines for the protection and transmission of individual health information, as well as the subsequent amendment to address standards for the security of electronic protected health information, customers often ask me the following questions
New N.S.A. Chief Calls Damage From Snowden Leaks Manageable(New York Times) The newly installed director of the National Security Agency says that while he has seen some terrorist groups alter their communications to avoid surveillance techniques revealed by Edward J. Snowden, the damage done over all by a year of revelations does not lead him to the conclusion that "the sky is falling"
24th AF hosts ANG GO Cyber Summit(Lompoc Record) Air National Guard leaders from across the country gathered in San Antonio June 4-6 for the ANG General Officer Cyber Summit
EXCLUSIVE Obama Poised to Yank Top Military Intel Pick(Foreign Policy) The Obama administration is poised to abandon its pick to run the sprawling Defense Intelligence Agency amid two ongoing investigations into whether programs she had overseen have been marred by questionable and potentially illegal spending, according to administration officials and congressional sources with knowledge of the matter
Iran, Qatar to cooperate against 'terror'(Daily Star) The leaders of Shiite Iran and Sunni Qatar vowed Sunday to cooperate to fight "terrorism in the region", President Hassan Rouhani's office reported as Iraqi forces counter a militant onslaught
The Law's Vital Role in America's Intelligence Debate(Real Clear Defense) In his essay, "National Security Lawyers a National Security Threat," Marshall Erwin disparages national security lawyers for, in his view, putting the nation's security at risk. In the process of doing so, Erwin inadvertently makes a compelling case for why national security lawyers play a vital role in helping to guide those who make and execute national security policies
Facebook's facing a losing battle to protect users' privacy(Naked Security) Composite. Image of data privacy courtesy of Shutterstock. Last year, prosecutors in Manhattan held Facebook up by the ankles and shook out personal data on 381 users — a mugging that Facebook so far hasn't had any luck in fighting
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
INSCOM Cyber Day(Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber)...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.