Russian arms export agency Rosoboronexport denies it lost any sensitive data in a cyber attack it sustained some two weeks ago at the outset of the crisis in Crimea. The US looks into its electronic surveillance performance during that crisis.
Algeria's election season opens with a round of cyber attacks on campaign sites.
Microsoft warns that a Word zero-day is being actively exploited in the wild. Targeted attacks are using booby-trapped RTF files to gain control of compromised machines via a memory corruption bug. Word 2010 is principally affected, but other versions are also affected: Word 2003, 2007, and 2013 for Windows; Microsoft Office for Mac 2011; and multiple versions of Microsoft SharePoint Server. Viewing an email in an Outlook preview pane can be sufficient to infect a device. Microsoft has issued notes on mitigation.
GitHub developers may have revealed their AWS keys.
Distributed denial-of-service campaigns reappear. Researchers claim to have found a DDoS exploit for Android. Hootsuite is back online, but Basecamp is subjected to an extortion-motivated DDoS attack.
BitCrypt malware combines ransomware with Bitcoin theft. A new Android malware family (ANDROIDOS_KAGECOIN.HBT) mines Bitcoins, Litecoins, and Dogecoins. And Blockchain users are phished for Bitcoins.
MH370 seems not to have been hacked, but concerns about avionics vulnerabilities remain.
Business leaders call for more threat information sharing.
Palo Alto Networks buys Cyvera for $200M (and sees its share price take a hit).
China demands an explanation of alleged US Huawei hacking.
The US Administration and Congress seem poised to limit surveillance.
Today's issue includes events affecting Algeria, Australia, China, France, India, Israel, Malaysia, Russia, Switzerland, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States..
Ransomware and Bitcoin Theft Combine in BitCrypt(TrendLabs Security Intelligence Blog) CryptoLocker and other such ransomware threats have been a significant problem for some time now, but recently we've seen a new addition to the ransomware scene. This new threat, which calls itself BitCrypt, adds a unique angle to ransomware: it steals funds from various cryptocurrency wallets as well
Mobile Malware Mines Dogecoins and Litecoins for Bitcoin Payout(TrendLabs Security Intelligence Blog) Recently, other researchers reported that a new Android malware family (detected as ANDROIDOS_KAGECOIN.HBT) had cryptocurrency mining capabilities. Based on our analysis, we have found that this malware is involved in the mining for various digital currencies, including Bitcoin, Litecoin, and Dogecoin. This has real consequences for users: shorter battery life, increased wear and tear, all of which could lead to a shorter device lifespan
Guess Who's Spying on Huawei?(Slate) The New York Times reported over the weekend, based on files provided by Edward Snowden, that the National Security Administration has been hacking into the servers of Chinese telecommunications giant, Huawei. The story is not particularly surprising, though it is somewhat ironic given that for years, the U.S. government has been warning that Huawei's servers aren't safe given the risk of spying by Chinese intelligence
The Mobile Cybercriminal Underground Market in China(Trend Micro) Places in the Internet where cybercriminals converge to sell and buy different products and services exist. Instead of creating their own attack tools from scratch, they can instead purchase what they need from peers who offer competitive prices. Like any other market, the laws of supply and demand dictate prices and feature offerings. But what's more interesting to note is that recently, prices have been going down
Employee with Minnesota-based insurer risks data of 38K members(SC Magazine) Roughly 38,000 members of Minnesota-based HealthPartners may have personal information at risk after an employee brought home electronic files containing the data, showed the files to a family member for help with formatting, and transferred the files to their own devices, between 2008 and 2010
Black Market for Malware and Cyber Weapons is Thriving(Foreign Policy) The world of computer hackers who sell stolen credit card numbers, spyware, and cyber weapons is often likened to an "underground," a word that implies the existence of a place cut off from most Internet users and existing in a corner of the Web that most people never see. But a new report concludes that the markets actually function more like thriving bazaars subject to the same economic forces as legitimate stores. And just like those legitimate stores, the bazaars aren't that hard to find
Bulletin (SB14-083): Vulnerability Summary for the Week of March 17, 2014(US CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Isn't It Time Oracle Gave Us Monthly Security Updates for Java?(Lumension) In some ways, it could be argued that Java is an incredible success. I'm serious. Stop laughing at the back. You see, according to Oracle, Java's developer, the product is used on over 3 billion different devices worldwide. That *is* impressive. But, for those of us concerned with securing systems and keeping computer data safe, it's been a nightmare
How Companies—Together—Can Stop Cyberattacks(Wall Street Journal) Millions of consumers were impacted by recent large-scale credit-card data breaches at retailers. These breaches have resurrected the issue of cybersecurity for policy makers. The financial-services sector has successfully tackled cyberattacks for decades, but consumers interact with many others in the "payments ecosystem" when making purchases. The security of cybersystems is only as strong as the weakest link in the system
Shift in big data: From standalone product to 'feature inside'(FierceBigData) For a while now, big data has steadily become the root of decision-making in every aspect of business. It should come as no surprise then that its emerging ubiquity would move it to feature rather than standalone status—that it would become part of all software. Movement on that front is already in evidence. Here is what's happening now
Momentum of big data overwhelms experts' expectations(FierceBigData) Even the most accomplished experts in the big data field have been taken aback and completely overwhelmed by how fast and drastically big data is changing our lives. While change has always been the only constant, change this constant and on this scale is a completely new experience
Polish Government Announces $100M Fund To Support Ukrainian Startups(TechCrunch) Poland is to put $100 million (300 million Zloty) into supporting small Ukrainian companies, which will obviously include tech companies by implication, and allow more Ukrainian companies to list on its stock exchange. "We do this to support the new Ukrainian industry, new business and build a new middle class," sad President Bronislaw Komorowski told Polish newspaper Gazeta
Palo Alto Networks to buy Israeli cybersecurity firm(Reuters via the Chicago Tribune) Palo Alto Networks Inc , which makes firewalls to protect companies from cyber attacks, said it would buy a tiny Israeli security firm, Cyvera, for about $200 million in a move that some analysts expect will crimp profits over the next few years. Palo Alto's shares fell as much as 7 percent in late morning trading
Don't Fiddle While FireEye Burns…(Nasdaq) FireEye's (FEYE) rising stock price brings back vivid memories of my tenure at Goldman Sachs during the Internet bubble. A stock would be deemed "cheap", because it was trading at only 30x revenue (while its peers were trading at 40x). I thought those days were over. Yet, FEYE (a fairly recent IPO) now trades at roughly 30x 2014 revenue (at the time of publication in PTT). As a former portfolio manager, I can't justify this on any metric. In my recollection, investors have never been able to make money on established companies trading at 30+ times projected revenue
Microsoft to Include Itself in Future Transparency Reports(InfoSecurity Magazine) Microsoft has stated that it conducted a search of the emails of one of its own users while looking for the source of stolen Windows IP. It did this on its own cognizance without prior court order. Details became available court filings accusing a previous employee of the 'Theft of Trade Secrets'
Microsoft Says: Come Back with a Warrant, Unless You're Microsoft(EFF via infosec island) EFF has long argued that law enforcement agencies must get a warrant when they ask Internet companies for the content of their users' communications. In 2013, as part of our annual Who Has Your Back report, we started awarding stars to companies that require warrants for content. It is now unclear whether Microsoft, one of our inaugural "gold star" companies in that category, is willing to live by its own maxim
Former FBI Director Mueller Joins Wilmer(Legal Times) Former Federal Bureau of Investigations Director Robert Mueller III has joined Wilmer Cutler Pickering Hale and Dorr as an equity partner, the firm said Monday
Trend Micro extends mobile security portfolio(ITWeb) Internet security company Trend Micro has unveiled a set of solutions to combat the unprecedented array of cyber attacks that are continually victimising individuals and enterprises via mobile platforms
Multiven Launches Pearl Guard to Defend IT & Network Devices Against Cyber-Attacks(WebWire) Multiven today launched Pearl Guard, a new service offering that provides businesses, telcos, government agencies as well as owners and operators of Internet-enabled devices with during-breach expert technology support to defend against any computer network attack, restore software configurations and replace damaged equipment within 24 hours of a cyber-attack
WhiteHat Releases Aviator Browser for Windows(Threatpost) Keeping Web sessions private and secure can be a daunting task, especially for users who may not be so familiar with how to lock down their browsers, but WhiteHat Security is trying to make that process simpler with the release of a beta version of its Aviator browser for Windows
How To Secure Your WordPress Website From Hackers(Forbes) Millions of websites are powered by WordPress software and there's a reason for that. WordPress is the most developer-friendly content management system out there, so you can essentially do anything you want with it. Unfortunately, that has some downsides as well
Integrating Physical Security Sensors(Internet Storm Center) I have been playing for a few years now with different network connected devices. As a "security guy", a lot of this research has been about vulnerability in these devices, or what we sometimes call the "Internet of Things". Over the years, I also learned to appreciated the ability of these devices to deliver physical context to some events that I may see in my logs, and I started to add the state reported from some of these devices to my syslog collector feeding into my SIM (right now not a full SIM, but Splunk for the most part).
Academics Spy Weaknesses in Bitcoin's Foundations(MIT Technology Review) One thing cannot be disputed about the person (or persons) responsible for creating Bitcoin: they were skilled in math, and expert at coding. Five years after the Bitcoin software was first released, no major fixes have been needed to the core code, which uses cryptography to generate and transfer virtual money
Why Google Glass security remains a work in progress(CSO via TechHive) University researchers' recent experiment with spyware for Google Glass has demonstrated that lots of security work remains before the head-mounted computer eyepiece is available for consumers
Cybersecurity Lies Take Longer than Cybersecurity Truth(SIGNAL Magazine) Attacks on a computer's Basic Input/Output System (BIOS) do not receive a lot of attention, and protecting against them is often not a priority, but they are on the rise, say researchers at The MITRE Corporation, a not-for-profit research organization funded by the U.S. government. The MITRE team is developing tools to protect against BIOS attacks and is searching for organizations to help evaluate those tools
Slideshow Outlines Cyberwar Training for Chinese Students(Epoch Times) Computer science students in China are exhorted to "shoulder the responsibility of safeguarding [China's] cyber sovereignty, and engage in the arduous task of cyber battle," according to an "Introduction to Computing" presentation from China's East China University of Science and Technology
Obama to Call for End to N.S.A.'s Bulk Data Collection(New York Times) The Obama administration is preparing to unveil a legislative proposal for a far-reaching overhaul of the National Security Agency's once-secret bulk phone records program in a way that — if approved by Congress — would end the aspect that has most alarmed privacy advocates since its existence was leaked last year, according to senior administration officials
Ruppersberger bill would end NSA bulk telephone data collection(Baltimore Sun) Rep. C.A. Dutch Ruppersberger, the top Democrat on the House Intelligence Committee, plans to introduce bipartisan legislation Tuesday that would end the National Security Agency's bulk collection of U.S. telephone and email data — the surveillance program that has drawn fire from privacy advocates, civil libertarians and some lawmakers since it was revealed last year
Obama reassures Internet CEOs on tech privacy(News Herald) A week before a self-imposed deadline for a review of National Security Agency programs, President Barack Obama sought Friday to assure leading Internet and tech executives that his administration is committed to protecting people's privacy
China calls on US to quit spying on its companies(The Hill) China is calling on the United States to explain its use of cyberespionage and to stop spying on its companies after a report revealed the National Security Agency hacked into the servers of a major Chinese company
Turkey Twitter ban is 'a losing battle', expert claims(BBC) The Turkish government is "fighting a losing battle" in banning social media network Twitter, experts have said. Locals continue to tweet via virtual private networks (VPN), anonymous web browser Tor and text messages, said security expert Rik Ferguson
Want to be anonymous? Now you have a right to be(Sydney Morning Herald) Australian citizens now have the right to remain anonymous or use a pseudonym when interacting with government agencies, private health service providers, and large organisations under new privacy laws
Twitter, Facebook sued for 'abusive' methods(The Local (French Edition)) A French consumer watchdog group announced on Tuesday it was suing Twitter, Facebook and Google for allegedly breaking France's privacy laws. The lawsuit is the latest in a battle over privacy protection on social networks in France
Facebook's online teen privacy argument challenged in California court(Naked Security) A long-running legal dispute that was settled is now bubbling up once again. Namely, the way that Facebook appropriates children and teen users' names and photos for "Sponsored Story" ads when users "Like" something, regardless of whether such users want to be seen as endorsing the subject of their thumbs-upping
Snowden's latest NSA claims strain credulity(FierceBigData) One of the more appalling things about the Snowden revelations is how quickly he was embraced as either hero or villain. In the court of public opinion, judgment is often made based on emotion and not much else. But now that the heat of the moment has passed, it's time to look at the evolving evidence with a more discerning eye. "As each new allegation about the National Security Agency's data-gathering capabilities hits the news, one has to wonder how much of it is true and how much is sensationalism," writes Wayne Rash in eWeek
U.S. notified 3,000 companies in 2013 about cyberattacks(Washington Post) Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions
California's DMV Investigates Card Processing Breach(InfoSecurity Magazine) When Brian Krebs learned of a private MasterCard warning being circulated to banks, he challenged the DMV — and only then did it issue a public statement that it was indeed investigating a potential security issue
Judge to porn trolls: IP addresses aren't people(Ars Technica) Adult film company Malibu Media has sometimes been called a "porn troll," or "copyright troll," because it has sued hundreds of people for allegedly illegal downloads of pornographic movies that it owns. Malibu is believed to have filed over 1,000 such lawsuits
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SOURCE(, January 1, 1970) The purpose of SOURCE Conference is to bridge the gap between technical excellence and business acumen within the security industry. SOURCE fosters a community of learning where business and security professionals...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Fourth Annual China Defense and Security Conference(Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
Cyber Saturdays(Laurel, Maryland, USA, March 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
NSA Hawaii(, January 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by...
InfoSec World Conference & Expo 2014(, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
IT Security Entrepreneurs Forum (ITSEF) 2014(, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...
Women in Cybersecurity Conference(, January 1, 1970) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
Suits and Spooks San Francisco(, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...
East Africa Banking and ICT Summit(Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...
InfoSecIndy(Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
Infosecurity Europe 2014(, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.