Russia's military incursion into Ukraine's Crimean district prompts Ukrainian counter-mobilization, widespread diplomatic odium, harsh consequences for Russia in financial markets, and hacktivist protest. So far the hacktivism has been of limited effect, little beyond threats and site defacements, but, especially since there's little appetite internationally for kinetic warfare, cyber fallout of the invasion bears watching. ZDNet has a useful rundown of the cyber implications of Putin's current adventure.
State-sponsored cyber espionage returns to the news. G Data Security announces discovery of a spying tool they've called "Uroburos" and tentatively attributed to Russia. FireEye reports new signs that China has resumed (or simply continued) its cyber espionage programs. (Huawei demurs, and faults FireEye's research.) In the West, German officials now regard a "no-spy" deal with the US as unlikely, and Yahoo expresses outrage over allegations of GCHQ webcam hijacking.
Reports that US retailer Sears has suffered a data breach are dismissed as premature by Sears, which says its investigations have turned up no evidence of a compromise. The US Secret Service is said to be investigating.
A large number of email addresses (1.25B) and credentials (360M) have appeared on the black market. Their source is unclear, as is the identity of the criminals selling them.
Credentials stolen in the Target breach continue to be offered for sale, with the criminal vendors typically taking payment in Bitcoin.
In industry news, privacy and countersurveillance products, services and tools continue to appear. Others are under development: Intel is working on a private collaboration environment.
Today's issue includes events affecting Australia, Canada, China, European Union, India, Republic of Korea, Netherlands, Russia, Ukraine, United Kingdom, United States..
Uroburos — highly complex espionage software with Russian roots(G Data SecurityBlog) G Data discovers alleged intelligence agency software. G Data Security experts have analyzed a very complex and sophisticated piece of malware, designed to steal confidential data. G Data refers to it as Uroburos, in correspondence with a string found in the malware's code and following an ancient symbol depicting a serpent or dragon eating its own tail
Yahoo, ICQ chats still vulnerable to government snoops(CNet) Spy agencies and hackers at your local Starbucks can vacuum up Yahoo and ICQ chats and metadata about AOL's AIM users. These services are over a decade old — why are they not fully encrypted? Nine months after Edward Snowden revealed extreme Internet surveillance by US and British intelligence agencies, some major technology companies have yet to take rudimentary steps to shield their users' instant messages from eavesdropping
Unlucky casino punters have data hacked in huge cyber attack(Yorkshire Post) Hackers stole the personal information of tens of thousands of Las Vegas Sands customers during a huge cyber-attack, it has emerged. The casino company said in a regulatory filing that information about some patrons at its Bethlehem, Pennsylvania, hotel-casino was compromised during the attack
Sears Denies Breach(BankInfoSecurity) On Feb. 28, Bloomberg News and others reported that a possible breach at Sears Holding Corp. was being investigated by the Secret Service. Sears, which also owns Kmart, mygofer, Shop Your Way and Land's End, says it has not confirmed a breach
Sears investigating possible cyber security breach(Globe and Mail) Sears Holdings Corp. said Friday it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp.'s revelation at the end of last year that it had suffered an unprecedented cyber attack
Spam Mails Offering Loans on the Prowl, Warns Kaspersky(Spamfighter News) Cyber Security Company Kaspersky has cautioned about spam mails increasing recently that offer loans but actually steal users' data. Following this incident, the company's security researchers posted one fresh advisory giving guidance to Internauts that could keep them protected
Sunsets and Cats Can Be Hazardous to Your Online Bank Account(TrendLabs Security Intelligence Blog) It's been said that a picture is worth a thousand words. Unfortunately, there's one that's worth your bank accounts. We came across malware that uses steganography to hide configuration files within images. However unique this technique might seem, it is hardly new—we previously featured targeted attacks that use the same technique
Industry Needs To Do More To Protect the Power Grid From a Cyber Attack(Defense One) Energy companies should create a new industry-led body to deflect cyber threats to the electric grid — from large generators to local distribution utilities, according to a new report co-authored by Ret. Gen. Michael Hayden, former CIA and National Security Agency director
Cybersecurity and the North American Electric Grid: New Policy Approaches to Address an Evolving Threat(Belfer Center) Protecting the nation's electricity grid from cyber attacks is a critical national security issue. Evidence collected by the U.S. Department of Homeland Security (DHS) suggests that cyber attacks on key energy infrastructure—and on the electricity system in particular—are increasing, both in frequency and sophistication. These trends are alarming because the potential consequences of a successful large-scale cyber attack—or combined cyber and physical attack—on the electric power sector are difficult to overstate
Organised fraudsters pose biggest cybersecurity threat: survey(CSO) The growing onslaught of cyber security attacks reflect a rapidly evolving criminality whose impact is near-unanimously expected to continue growing as mobile compromises, financial fraud and organised groups of fraudsters outweigh other risks such as those posed by supply-chain partners, a recent survey of IT decision makers has found
DDoS Attack! Is Regulation The Answer?(InformationWeek) Four security experts weigh in on why there's been little progress in combating DDoS attacks and how companies can start fighting back
Security Budgets: Do You Know Your Priorities?(Information Security Buzz) As business leaders become more 'cyber aware' concerns over data security shift from awareness to action. Organisations around the globe are increasing security spending, but have they prioritised budgets correctly or are they just throwing money at the problem
IoT Brings A Tremendous Risk To Consumers(Information Security Buzz) Let's all think back to 2009 when "cloud computing" was first entering the majority of technologists' lexicon. There was much groaning towards the name with statements such as, "we've all been doing this for years" and "this doesn't change anything". Now fast-forward to the present and you may notice a similar line of dialog about how the "Internet of Things" isn't really that important. Unfortunately for dissenters, they couldn't be more wrong
The future of access control according to HID(Help Net Security) A new security environment in which users will have a seamless experience when using cloud-based applications and services, accessing data, and opening doors is emerging. This environment will move the industry beyond traditional strong authentication approaches, cards, and readers to simplify and improve how we create, manage and use identities across many different applications on both smart cards and smartphones
Stock Adds Fuel to Tech-Deal Fire(Wall Street Journal) Facebook FB -0.70% might have shelled out a shocking $19 billion for Whats-App, but it at least had the presence of mind to finance the bulk of the deal with its highly valued stock. That may become a repeat story as tech companies realize lofty valuations give them a virtual printing press for acquisition currency
2014 US Cyber Challenge Kicks Off in April(Infosecurity Magazine) The US Council on Cyber Security (USCC) has launched the 2014 US Cyber Challenge, calling on the industry and government to "get serious" about the workforce problem. The initiative aims to find 10,000 bright students and turn them into cybersecurity professionals
Spy Lockout Shareholder Proposal To Be Raised At Apple Annual Meeting(PRWeb) "Apple can lead our industry's escape from vast, wasteful surveillance and earn back the trust of users the world over." At the annual Apple Inc. shareholder meeting today, shareholders will ask the Bay Area computer maker to take several policy and technical actions immediately, a Spy Lockout to protect the company against negative business impact from the NSA bulk surveillance scandal
Anti-NSA services on the rise(Bloomberg News via the Fort Wayne Journal-Gazette) Encryption technology to leave no data trail for spying. The National Security Agency's snooping on email traffic and phone records has prompted a cottage industry in products meant to keep spies out of their customers' business
Santa Rosa's Sonic leads in online privacy protection(Santa Roas Press-Democrat) In a large, cold, immaculate room, rows of black metal cabinets shelter Internet servers whose blinking green lights indicate the frenetic pulse of our every online move, whether it's sending mundane emails, trolling online forums, messaging a lover or making online purchases
KEYW subsidiary Hexis plans to increase revenue through global resellers(Baltimore Business Journal) Hexis Cyber Solutions develops a product called the HawkEye G, which is designed to detect and disable cyber threats in a company's network. Hexis Cyber Solutions, a growing subsidiary of KEYW Corp., is launching a worldwide program that will provide sales and marketing resources to its reseller partners across the globe
FBI to launch malware-analysis system to allow people identify bugs(Business Standard) The Federal Bureau of Investigation (FBI) has reportedly announced that it is planning to roll out a malware-analysis system that would help people and businesses identify and report malware attacks. FBI Director James Comey didn't disclose much about the new system, but said that it would be derived from the Binary Analysis Characterization and Storage System (BACSS), which the agency already uses
Two-factor authentication for WordPress using Rublon(Help Net Security) Rublon provides automatic two factor authentication for web applications. It currently supports Drupal, WordPress, Magento, PrestaShop and OpenCart. Two-factor authentication is definitely something that all web based applications should enforce, so using Rublon or some similar plugin is a good way to ramp up your security
Five things you should know about iOS security(Mac World) Security is an extra-hot topic these days, as all sorts of government agencies short on letters but long on budgets keep getting accused of spying on their own citizens, and debates rage on whether what look like accidental bugs may actually turn out to be quite intentional
Tor secure messaging client in pipeline for safer chat(SlashGear) Internet anonymity service Tor is working on a messaging client to offer Skype, Google Hangouts, and other IM users concerned about who might be reading their conversations a little piece of mind. Dubbed the Tor Instant Messaging Bundle, or TIMB, the app is expected to build on top of the existing InstantBird messenger, which will eventually be bundled in locked-down, encrypted form with the general Tor Launcher later this year
RSA Creates New Managed Security Service Program(Channelnomics) RSA, the security division of EMC Corp., has created a new program designed to unleash a new generation of managed security services. The company also has signed Verizon Enterprise Solutions as its marquee global services partner to aid enterprise customers worldwide. Other partners include: Foreground Security, DataShield Consulting and Communication Valley Reply Group
Encryption Would Have Stopped Snowden From Using Secrets(Bloomberg BusinessWeek) Edward Snowden could have been thwarted from leaking classified U.S. documents if the National Security Agency encrypted the information to make it unreadable, two former senior cybersecurity officials said
How to travel safely: An in-depth look at data security on the road(ITProPortal) Travel security used to mean stashing your cash in a money belt. With the wide acceptance of credit cards, that inconvenience is mostly gone — replaced, due to the rise of cybercrime and identity theft, with the need to secure your data when traveling. Unfortunately, it is a lot trickier than most people realise to protect your personal information when you use your computer on the road
How to craft the perfect password(BGR) It seems obvious, but passwords are our first line of defense against a growing army of nefarious hackers looking to steal our data, money or even identities. While many people know how serious the issue of cybersecurity is, many still use passwords that are remarkably bad. Compounding matters is the common practice of using the same password across multiple accounts, so a hacker who gains access to one account may be able to breach others. But protecting yourself is easy and there's just no excuse for leaving your accounts vulnerable with bad passwords
Germany: no spy deal with US anytime soon(AP via the Washington Post) The German government is conceding that it doesn't expect to reach agreement with Washington in the foreseeable future on a hoped-for "no-spy" deal
Senators blast NSA for webcam spying(The Hill) Sens. Ron Wyden (D-Ore.), Martin Heinrich (D-N.M.) and Mark Udall (D-Colo.) slammed the National Security Agency after reports that its surveillance program capture images from users' webcams
More congressional action brewing on data-breach notification issues(Inside Cybersecurity) The House Financial Services Committee is the latest panel to jump into the debate over consumer data-breach notification, scheduling a subcommittee hearing for next week, but data-breach legislation introduced in the Senate apparently isn't ready yet for committee action
Cyber Spending Rare Bright Spot in Budget(Defense News) US spending on cyber, both defensive and offensive, will continue to grow in the coming years, including in the fiscal 2015 budget, officials said. But while the money has poured in, there are still questions to be answered as to how that money should be spent as the military settles what cyber preparedness really means
U.S. military not prepared for cyber warfare, commander warns(Washington Free Beacon) The U.S. military is ill-prepared for waging cyber warfare and needs to bolster defenses against the growing threat of cyber attacks against both military systems and private infrastructure, the commander of U.S. Cyber Command told Congress on Thursday
DHS lays out cyber framework details(FCW) The Department of Homeland Security will make managed cybersecurity services available for all 56 U.S. state and territorial governments this week, said Phyllis Schneck, deputy undersecretary for cybersecurity
NSA revelations may let jailed terrorists challenge their convictions(Japan Times) A man in prison for terrorism may have a new opportunity to challenge his conviction, because the U.S. government only recently told him how it obtained evidence it intended to use against him: through one of the National Security Agency's secret surveillance programs
Bitcoin exchanges pressed to reveal cyber attack coping strategies(IT Pro) Sources claims US lawyers have subpoenaed Bitcoin exchanges. US Attorney Preet Bharara has sent subpoenas to Mt. Gox, other bitcoin exchanges, and businesses that deal in the virtual currency to seek information on how they handled recent cyber attacks, sources claim
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Nuclear Regulatory Commission ISSO Security Workshop(, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.