Anti-regime hacktivists of Rucyborg leak financial details of the oligarchical Russian Industrial Investment Fund in a self-described protest against Russian President Putin's "insane" policies. More details emerge on hacks of NATO sites claimed by CyberBerkut. As the Russo-Ukrainian conflict moves closer to kinetic warfare, it's worth noting that most of the hacktivism (unless you believe CyberBerkut really is an independent group of pro-Russian Ukrainian patriots) seems to have been directed against the Russian government.
The Indonesian hackers of the "Black Angels" (who seem to be independent cyber vandals) deface the Regional Integrated Multi-Hazard Early Warning System for Africa and Asia (RIMES).
BGPmon reports that Google's public DNS service was briefly hijacked over the weekend.
Citroen falls to an Adobe ColdFusion backdoor exploit.
Rescator, the black market dealer in stolen payment card data, is hacked by a cyber vigilante who defaces Rescator's site and derides its customers as "miscreants and subhumans." (The episode may provide a useful way of thinking about the distinction, if any, between vigilantism and active defense.)
Windows XP, in its final weeks of life, will exact a cost from its users during its afterlife. ATMs and government agencies are prominent among XP holdouts. Banks are planning to pay for ATM security; agency strategies are less clear.
In the US, DARPA seeks to expand its stable of cyber performers. Technology Review runs an overview of startups nurtured by NSA.
Also in the US, Church Committee veterans petition the Government for a Church-like Congressional inquiry into Intelligence Community surveillance.
Today's issue includes events affecting Afghanistan, Armenia, Austria, Bahrain, Bangladesh, Bhutan, Brazil, Cambodia, China, Comoros, Estonia, France, Germany, India, Indonesia, Iran, Israel, Japan, Kenya, Democratic People's Republic of Korea, Laos, Maldives, Madagascar, Mauritius, Mongolia, Mozambique, Myanmar, NATO, Nepal, Pakistan, Papua New Guinea, Philippines, Russia, Saudi Arabia, Seychelles, Sri Lanka, Somalia, Tanzania, Thailand, Timor-Leste, Turkmenistan, Ukraine, United Kingdom, United States, Uzbekistan, Venezuela, Vietnam, and Yemen..
Official Website of Multi-Hazard Early Warning System for Africa and Asia Hacked(HackRead) The official website of Regional Integrated Multi-Hazard Early Warning System for Africa and Asia (RIMES) has been hacked and defaced by Indonesian hacking group "Black Angels". The hackers going with the handle of Hmei7 and Dbuzz along with others are behind the attack in which the high profile website of RIMES has been left with a deface
Google's Public DNS Hijacked for 22 Minutes(Softpedia) On Sunday, BGPmon, a network monitoring and routing security company that monitors the Internet for Border Gateway Protocol (BGP) attacks, revealed that Google's public DNS service had been hijacked
Exploiting vulnerabilities in media players to spread advanced malware(Help Net Security) Trusteer's research has shown that vulnerable media players are constantly targeted by malicious actors. Since in most environments media players exist on users' desktops for their own personal use, IT and security administrators ignore these applications and the content files they use. After all, you want to keep your employees productive and happy, and allow them to listen to their harmless music while they work. However, because these applications are not controlled, and users are not in a rush to patch these applications, most installations are vulnerable to exploits
How Growth Hacking Drives Twitter Followers via Twitterjacking(Search Engine Journal) Brands are growth hacking their Twitter followers via popular and highly engaging tweets that come from other brands or people i.e. "Twitterjacking". A great example of Twitterjacking was during the #GRAMMYS, where other brands latched on to one tweet and harnessed it to take advantage of massive interaction. Twitterjacking, and Hashtag Hijacking, can be a bad thing and sometimes even controversial
Windows XP can put SOX, HIPAA, credit card security-compliance at risk (CSO Salted Hash) When Microsoft stops supporting Windows XP next month businesses that have to comply with payment card industry (PCI) data security standards as well as health care and financial standards may find themselves out of compliance unless they call in some creative fixes, experts say
Windows XP Holdouts: 6 Top Excuses(InformationWeek) Microsoft cuts support for Windows XP in less than a month, but millions still use the OS. Are these rationales worth the risk
Three Things to Take Away from CanSecWest, Pwn2Own(Threatpost) Now that CanSecWest and the Pwn2Own hacking contest has wrapped up for another year, we're left to still ponder the security of web browsers, whether BIOS attacks are the next frontier, and how exploit brokers will shape the business end of vulnerability research
What My Droid's Metadata Says About Me(BankInfoSecurity) Jonathan Mayer, like many privacy advocates, challenges the National Security Agency's contention that the NSA's program to collect metadata from telephone calls does not violate individuals' privacy rights
Facebook and the NSA should team up to put data to good use(Washington Post) Mark Zuckerberg is angry that the National Security Agency is violating Facebook users' privacy, which is a bit like the Silicon Valley equivalent of "Get your government hands off my Medicare." He thinks users should be upset about this, too
DARPA Cyber Ops Needs a Bigger Rolodex(Nextgov) The Pentagon is scouting for cyber ninjas in the private sector who would be available for future help dominating the cyber domain, according to documents. The trick will be finding potential "performers" that hold security clearances for classified endeavors, Defense Advanced Research Projects Agency officials said
Spinoffs from Spyland(MIT Technology Review) How America's eavesdropping agency commercializes technology. It takes more than a little tradecraft to spin off a startup from the National Security Agency
Ralph Shrader Says Booz Allen Will Continue to Evolve as it Pursues Growth(Executive Mosaic) Booz Allen Hamilton leader Ralph Shrader has held the chief executive role at the Tysons Corner, Va-based government services provider since 1999, and has overseen several important changes at the firm, including the separation of its government and commercial businesses and its transition into a public company
Lenovo To Keep Buying Companies Until It Owns Everything, Everyone(TechCrunch) Lenovo isn't putting away its checkbook yet. The CEO of the Chinese PC giant said on Tuesday that the company will continue to acquire companies for overall growth. This comes as the company is closing two major deals. Lenovo recently purchased Motorola Mobility from Google for $2.91 billion. The company also picked up IBM's server business for $2.3 billion, which seems only natural
FireHost Names New CEO(Dark Reading) In a significant move resulting from mounting years of fast growth and widening market demand for its secure cloud offerings, FireHost, the secure cloud company, announced today the appointment of technology veteran Jim Lewandowski as its new chief executive officer (CEO). This move occurs in concert with founder and former CEO Chris Drake's decision to take the reins as the company's chief technology officer
Products, Services, and Solutions
Top Apps for Boosting Mobile Security(eSecurity Planet) Carriers of both iOS and Android mobile devices can improve their mobile security with apps that offer help with password management, encryption and other security best practices
Firefox is still the least secure web browser, falls to four zero-day exploits at Pwn2Own(Extreme Tech) At Pwn2Own 2014, an annual computer hackfest in Vancouver, Mozilla's Firefox has proven yet again that it's the least secure major web browser. While all four major web browsers — Chrome, Internet Explorer, Firefox, and Safari — were successfully exploited, for a grand total of $850,000 in prize money awarded to successful security researchers, Firefox was by far the least secure browser
Israeli System Fuses Surveillance, Memory for Persistent Intelligence(Defense News) From Israel's Golan Heights border with war-torn Syria to Brazil's Bahia carnival capital on the Atlantic coast, a new system that mates forensic memory and target detection with numerous sensor-fused video streams is demonstrating persistent, broad-area surveillance for military and policing missions
mSpy now selling phones pre-loaded with spyware(Naked Security) It's one of a family of spying apps that lets someone remotely snoop on you through your phone or tablet. That includes text messages, call logs, emails, location tracking, recording of conversations by remotely turning somebody's phone into a bugging device, calendar information, GPS coordinates tracked on a convenient map, that kind of thing
8 Ways to Improve Wired Network Security(NetworkWorld) We sometimes focus more on the wireless side of the network when it comes to security because Wi-Fi has no physical fences. After all, a war-driver can detect your SSID and launch an attack while sitting out in the parking lot
RAND Study: TRIA Expiration Could "Affect U.S. National Resilience"(Willis Wire) The Terrorism Risk Insurance Act (TRIA), which provides a federal backstop for insured terrorism losses, will expire later in 2014. There's been plenty of discussion about the disruption to insurance markets that could be created by failure to renew this
NIST requests $8M increase for NSTIC(FierceGovIT) An Obama administration effort to replace online passwords with an "identity ecosystem" led by the National Institute of Standards and Technology would receive $24.5 million under the White House budget proposal for the coming fiscal year
Convicted Hacker 'Weev' Gets Another Chance At Freedom(Huffington Post) Attorneys for convicted hacker Andrew "Weev" Auernheimer will appear in court this week in a last-ditch attempt to win his freedom and overturn a verdict that could have a chilling effect on the work of researchers who help keep the Internet safe
Man Arrested in Connection with Morrisons Data Breach(Softpedia) An employee of UK supermarket chain Morrisons has been arrested in connection with the investigation into the data breach suffered by the company last week. The suspect has not been named and his motives are still uncertain
Mt.Gox's Login Returns, Lets Users Check Bitcoin Balances(TechCrunch) After weeks of showing only legal notices, Mt.Gox's homepage now has a login screen that lets users check their Bitcoin balances. But that's apparently all the beleaguered digital wallet service will allow for now. The site also displays a notice stating
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Fourth Annual China Defense and Security Conference(Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
NSA Hawaii(, January 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by...
InfoSec World Conference & Expo 2014(, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
IT Security Entrepreneurs Forum (ITSEF) 2014(, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...
Women in Cybersecurity Conference(Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
Suits and Spooks San Francisco(, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...
East Africa Banking and ICT Summit(Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...
InfoSecIndy(Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
Infosecurity Europe 2014(, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.