As the Russian government asserts a right to military intervention in Ukraine, unidentified hackers bring down the Russian President's and Central Bank's websites. Speculation turns to Anonymous Caucasus as possibly responsible, although there's no shortage of other internal opposition to the regime, either, as recent official blocking of dissident sites suggests. Accusations of Ukrainian involvement are curiously absent from Russian statements. In the US, Director NSA nominee Rogers tells the Senate that Ukraine is under cyber attack, but primly declines to say by whom while speaking in an unclassified session.
Target says it received warning of its data breach during the event's early stages, but decided not to take action. This is not evidence, by itself, of irresponsibility. The problem is a common one: too many security warnings—with a high incidence of false positives, an absence of well-structured assessments of relative risk, and dependence upon human watchstanders—create a glare that can obscure significant threats. (Globalization note: a security team in Bangalore passed the warning in question to Target headquarters in Minneapolis.)
Dr. Web identifies a Trojan, "Rbrute," that infects Wi-Fi routers to spread Sality malware.
Adobe, Ubuntu, RedHat, and Google issue various patches or security upgrades.
Industry analysts find Pwn2Own usefully disillusions those who think their software invulnerable. Blackstone acquires Accuvant. (ISC) ² advises addressing security workforce shortages by creating entry-level positions and building a pipeline to fill them.
The crisis in Ukraine snarls US-Russian cyber security talks. The EU enacts new data protection rules.
The CIA-Senate dispute proves legally murky.
Today's issue includes events affecting Canada, China, European Union, France, Germany, India, Russia, Ukraine, United Kingdom, United States..
20 million reasons the Kremlin just blocked a bunch of opposition websites(Quartz) With tensions rising over Crimea, Russia yesterday blocked a number of opposition websites. One of them is the blog of Alexei Navalny, an opposition leader currently under house arrest, who is known for publishing documents about official corruption online. In response to the censorship, he published what he says are his blog's traffic statistics (link in Russian) for the past 12 months, showing 20 million unique visitors (note that it's not possible for us to verify this independently). Assuming most of them are from Russia, it's a not-insignificant chunk of the country's population of 143 million—good reason for the authorities to be worried
NSA Nominee Confirms Ukraine is under Cyberattack(Nextgov) A top U.S. military official said Tuesday he believes hackers are attacking Ukrainian computer and communications networks—but he declined to point the finger at Russia. "In an open unclassified forum, I'm not prepared to comment on the specifics of nation-state behavior," Vice Adm. Michael Rogers told the Senate Armed Services Committee when asked whether Russia is using cyberattacks against Ukraine
Inside Turla: US military's worst cyber breach(Gadget) G-Data and BAE Systems have released information on the cyber espionage operation codenamed Turla. Furthermore, Kaspersky's has found a connection between it and the already existing Agent.BTZ malware, which took the Pentagon over a year to eradicate it from the U.S. military's networks
Target says it declined to act on early alert of cyber breach(Reuters) Target Corp's security software detected potentially malicious activity during last year's massive data breach, but its staff decided not to take immediate action, the No. 3. U.S. retailer said on Thursday. "With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement
110,000 Wordpress Databases Exposed(CSO) For years now I've been writing my various blog posts and I have used many different kinds of CMS platforms right back to posting using VI back in the 90s. My favourite platform that I've used to create content has been Wordpress by far. I can almost here the security folks cringe. Yes, it is a massive headache to lockdown. But, I fight on as the user experience makes the pain worthwhile
Commercial Windows-based compromised Web shells management application spotted in the wild — part two(Webroot Threat Blog) Sticking to good old fashioned TTPs (tactics, techniques and procedures), cybercriminals continue mixing purely malicious infrastructures with legitimate ones, for the purpose of abusing the clean IP reputations of networks, on their way to achieving positive ROI (return on investment) for their fraudulent activities. For years, this mix of infrastructures has lead to the emergence of the 'malicious economies of scale' concept, in terms of efficient abuse of legitimate Web properties, next to the intersection of cybercriminal online activity, and cyber warfare
The Smart Car will be hacked(ReadWrite) Connected cars are computers on wheels, and before long they'll do most everything our phones and tablets do now—store personal data, finalize transactions, play games. Oh, and catch viruses and other malware
Study Shows Phone 'Metadata' is Highly Sensitive(Threatpost) The term metadata and the implications of its collection and analysis have been one of the key points in the debate surrounding the NSA's broad surveillance programs over the last year. Legislators, policy makers and others continue to argue about whether metadata can actually reveal anything about the people behind the phone numbers, but researchers
Security Patches, Mitigations, and Software Updates
Security update available for Adobe Shockwave Player(Adobe Security Bulletin) Adobe has released a security update for Adobe Shockwave Player 188.8.131.52 and earlier versions on the Windows and Macintosh operating systems. This update addresses a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe recommends users of Adobe Shockwave Player 184.108.40.206 and earlier versions update to Adobe Shockwave Player 220.127.116.11 using the instructions provided in the "Solution" section below
USN-2147-1: Mutt vulnerability(Ubuntu Security Notice) The mutt mail client could be made to crash or run programs as your login if it opened a specially crafted email
Google Play update adds enhanced security options for app purchases(Phandroid) A new version of the Google Play Store is arriving for Android users, giving folks more control over security measures surrounding app purchases. Users can now decide how often the Play Store will ask for password confirmation, adding a layer of protection against the happy fingers of a child
For Windows XP, the end is nigh(Boston Globe) I drive a 12-year-old Ford, and why not? It's quiet and comfy, and it gets me there. Lots of people feel the same way about software. Almost 30 percent of the world's desktop computers run Microsoft Corp.'s Windows XP, an operating system introduced in 2001. About 40 percent of the PCs at The Boston Globe still run XP, and so do 95 percent of the world's automatic teller machines, according to ATM maker NCR
Sailing the Seas of Digital Detritus(CSO) Much like the hundreds of discarded satellites and assorted rocket pieces that circle the planet high above our heads, the Internet is littered with junk. I'm not talking about people taking pictures of EVERY single meal that they sit down to eat. Rather, broken and/or forgotten websites. For the last couple days I've been sailing along the tubes of the Internet looking for broken sites and there is no shortage
High-Risk Security Vulnerabilities Identified During Reviews of Information Technology General Controls at State Medicaid Agencies(US Department of Health and Human Services) High-risk security vulnerabilities we identified during previous, restricted reviews of information
system general controls at 10 State Medicaid agencies (State agencies) raise concerns about the integrity of the systems used to process Medicaid claims. The integrity of the State agencies' Medicaid systems depends on the effectiveness of the information system general controls, which are critical to the reliability, confidentiality, and availability of Medicaid data. Without effective general controls, State agencies are not able to adequately safeguard sensitive Medicaid systems and data
Ponemon and AccessData Study Reveals Majority of Organizations Unable to Effectively Respond to and Resolve a Cyber-Attack(Open PR) AccessData, the leader in incident resolution solutions, and the Ponemon Institute released new findings focused on the current state of incident response and threat intelligence and how both can be improved to better benefit organizations. The report, Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations, sponsored by AccessData, surveyed 1,083 CISOs and security technicians in the United States and EMEA about how their company handles the immediate aftermath of a cyber-attack and what would help their teams more successfully detect and remediate these events
Cyberspace: What is it, where is it and who cares?(Armed Forces Journal) Assured access to cyberspace is a key enabler of national security, so the answer to the question in the title is: we should all care. Two of the defining characteristics of a strong, modern, industrial nation are economic prosperity and a credible defense. The ability to use cyberspace has become indispensable to achieving both of these objectives
Social media scams rampant. Water is wet.(CSO) I'm rather amused reading this article in the Globe and Mail today about social media scams. It talks about how people are falling for scams on social media sites time and again. While my initial reaction is to scoff, I have to constantly remind myself that these scams, social media based or otherwise, continue to work. Why? People are greedy, gullible and easily swayed in many cases. They want that $250 gift card for completing a survey or a free set of Ginsu knives for providing their banking details
Enterprises Harness Social Networking for Increased Agility and Responsiveness, Finds Frost & Sullivan(FierceITSecurity) The need to enhance communication and collaboration in the workplace to increase employee engagement, accelerate decision-making, and boost overall productivity is driving the global enterprise social networking market. Organizations are integrating purposeful social collaboration functionality into workflows to dynamically connect people and information at the appropriate time, instead of relying solely on legacy collaboration tools utilized in traditional static use cases
Convergence of SIEM and Forensics(InfoSecurity Magazine) Sometimes technology areas that once seem distinct converge. Indeed, there was a time when the term convergence was used, without qualification, to refer to the coming together of IT and traditional telephone networks, something that for many is now just an accepted reality
Cyber, IT Bright Spots in Defense Budget(National Defense Magazine) The Pentagon's budget proposal for fiscal year 2015 includes $5.2 billion for cyber security. But when intelligence agencies are added to the mix, the amount nearly doubles, according to new estimates
Record prizes for Pwn2Own and Pwnium contestants(Help Net Security) The results of the first day of the traditional Pwn2Own hacking contest at the CanSecWest Conference currently taking place in Vancouver are in, and the losers are Adobe, Microsoft and Mozilla
Accuvant to be acquired by the Blackstone Group(SC Magazine) In a deal that is reported to be worth $225 million, the Blackstone Group will buy a majority of the stake in cyber security firm Accuvant from investment firm Sverica International
Solving The Security Workforce Shortage(Ars Technica) To solve the skills shortage, the industry will need to attract a wider group of people and create an entirely new sort of security professional
Former DISA Vice Director Joins DB Networks Board(Newsfactor) DB Networks, an innovator of behavioral analysis in database security, today announced that Maj. Gen. James David Bryan, U.S. Army (Ret.) has joined its board of advisors. In this new role, Mr. Bryan will provide insight and counsel as the company takes its behavioral analysis technology for database security into new growth markets
Products, Services, and Solutions
Google encrypts search; bad news for NSA, China(The Washington Post via Herald Net) Googling the words "Dalai Lama" or "Tiananmen Square" from China long has produced the computer equivalent of a blank stare, as that nation's government has blocked websites that it deemed politically sensitive
Skybox Security Introduces Vulnerability Center(Broadway World) Skybox Security Introduces Vulnerability CenterSkybox Security, the leading provider of risk analytics for cyber security, today launched the Skybox Vulnerability Center, a free online resource for IT security practitioners that includes access to the Skybox Vulnerability Database, one of the most advanced vulnerability databases in the industry. Users can search the Skybox Vulnerability Database by vendor, category, severity, date, CVE number and more, and drill down for special details on specified vulnerabilities
Validian Launches Next Generation of Intrusion Prevention(Wall Street Journal) Validian Corp. (OTCQB:VLDI), first-to-market with next generation cyber security technology that provides secure access of critical applications and secure access, transfer and storage of digital information on wired, wireless and mobile networks over the Internet, announced today that it has launched its next generation Intrusion Prevention System, which is the first technology in the market to actually prevent cyber attacks that result from breaching critical applications, and the improper access and theft of valuable digital information
Cloud-based wireless network monitoring(ProSecurityZone) Smaller businesses now have access to wireless monitoring, security and management tools available in a cloud computing model thereby avoiding hardware dependence
Guide to ERM: Risk Governance(Willis Wire) What should a board expect from management regarding risk and resiliency? As a part of strong enterprise risk management practice the board of directors should consider the following
Will Self-Encrypting Drives Help Stop Data Breaches?(PC Magazine) In light of all the security breaches last year, companies are looking for ways to protect their own and their clients' data. Samsung claims that self-encrypting drives are the solutions to better security software protection. In a recent infographic, the company outlines a few reasons why self-encrypting drives are better for businesses
Involving the C-suite in risk management(FCW) As the world becomes more digitized and interconnected, the door to emerging threats and proprietary data leaks has opened wider. The number of security breaches affecting enterprises across numerous industries continues to grow, seemingly every day. Once a topic restricted to the IT organization, security is now unquestionably a C-suite priority. A strong plan for risk management throughout the organization has become essential
Design and Innovation
The World's Richest Ex-Hackers(Forbes) Long before he was the two-hundred-and-second richest person on the planet, Jan Koum was just another curious kid with a wardialer
Progress on EU data protection reform now irreversible following European Parliament vote(European Commission) The European Parliament today cemented the strong support previously given at committee level to the European Commission's data protection reform (MEMO/13/923 and MEMO/14/60) by voting in plenary with 621 votes in favour, 10 against and 22 abstentions for the Regulation and 371 votes in favour, 276 against and 30 abstentions for the Directive). The reports of MEPs Jan-Philipp Albrecht and Dimitrios Droutsas, on which members of the European Parliament voted, are a strong endorsement of the Commission's data protection reform and an important signal of progress in the legislative procedure. The data protection reform will ensure more effective control of people over their personal data, and make it easier for businesses to operate and innovate in the EU's Single Market
La CNIL actualise ses conseils sur le paiement en ligne(Le Monde Informatique) La Commission nationale de l'informatique et des libertés a décidé de mettre à jour ses recommandations sur le paiement en ligne qui avaient été émises il y a plus de 10 ans et a mis l'accent sur la confidentialité des données relatives aux cartes bancaires
Foreign Officials In the Dark About Their Own Spy Agencies' Cooperation with NSA(The Intercept) One of the more bizarre aspects of the last nine months of Snowden revelations is how top political officials in other nations have repeatedly demonstrated, or even explicitly claimed, wholesale ignorance about their nations' cooperation with the National Security Agency, as well as their own spying activities. This has led to widespread speculation about the authenticity of these reactions: Were these top officials truly unaware, or were they pretending to be, in order to distance themselves from surveillance operations that became highly controversial once disclosed
Stop mass surveillance now or face consequences, MEPs say to US(Help Net Security) Parliament's consent to the EU-US trade deal "could be endangered" if blanket mass surveillance by the US National Security Agency does not stop, members of European Parliament said on Wednesday, in a resolution wrapping up their six-month inquiry into US mass surveillance schemes
NSA Director nominee wants every branch of the military to have a dedicated cyber attack force(Engadget) It seems like President Obama was pretty serious about that cyber attack list he drew up last year — his nominee candidate for NSA Director, Admiral Michael Rogers, just told the Senate that the military is building several new cyber combat units. Rogers, who is slated to both take over at the NSA and head the United States Cyber Command, spent several hours answering to the Senate Armed Services Committee this week
U.S. Military Given Secret "Execute Order" on Cyber Operations(FAS) Last June, the Chairman of the Joint Chiefs of Staff issued a classified "execute order" to authorize and initiate a military operation. The nature, scope and duration of the military operation could not immediately be determined — even the title of the order is classified — but it evidently pertains to the conduct of military cyberspace activities. The existence of the previously undisclosed execute order was revealed last week in a new Air Force Instruction
Bill Gates: 'No admiration' for Edward Snowden(Politico) Gates said some details about government surveillance are best left secret. Microsoft founder Bill Gates says despite his concerns about privacy, he has no "admiration" for National Security Agency leaker Edward Snowden
Justifying New Federal Cyber Campus(InfoRiskToday) When President Obama proposed spending $35 million to design a federal cyber campus to promote a "whole-of-government" approach to cybersecurity incident response, the administration provided scant details on the initiative buried deep in its $3.9 trillion fiscal year 2015 budget proposal
JIE not a program of record, says Takai(FierceGovIT) Defense Department effort to restructure its information technology infrastructure is not a program of record, although it is subject to program of record-like oversight, said DoD Chief Information Officer Teri Takai
DHS seeks to erase database walls, but filter searches(FierceGovIT) An effort to create an internal data mining and search capability encompassing multiple Homeland Security Department databases will be constrained by a system that filters results according to employee authorization to see certain kinds of data, says the department privacy office
NY Judge Questions Rare Arrest In Trade Secret Theft Case(Law360) New York Supreme Court Judge Jeffrey K. Oing on Wednesday questioned whether hedge fund Two Sigma Investments LLC had gone too far by seeking the arrest of a former analyst accused of stealing trade secrets, saying other employers might now copy the tactic and try to jail ex-workers in such disputes
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SOURCE Boston 2014(, January 1, 1970) The purpose of SOURCE Conference is to bridge the gap between technical excellence and business acumen within the security industry. SOURCE fosters a community of learning where business and security professionals...
SOURCE Dublin 2014(, January 1, 1970) SOURCE Dublin combines cutting-edge business, technology, and application security presentations, providing security experts and industry professionals the opportunity to share insights and develop future...
CanSecWest(, January 1, 1970) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...
Nuclear Regulatory Commission ISSO Security Workshop(, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.