As the Russo-Ukrainian conflict appears dangerously close to entering a new kinetic phase encompassing eastern Ukraine, the nongovernmental think tank US Cyber Consequences Unit publishes a retrospective on the cyber aspects of the crisis.
IsraelDefense blames Hamas for a recent malicious SMS campaign, and warns that mass media channels are in the crosshairs of politically motivated hacktivists.
The multi-purpose, cross-platform Zorenium bot now affects iOS systems. "Cribit" ransomware, now delivered by a Windows Trojan, is demanding payment in Bitcoins. Several other cyber capers try to give criminals access to a range of crypto currencies.
Good news: the recently discovered Microsoft Word/Outlook zero-day seems not to affect Word Pad. Bad news: Trend Micro finds a new family of worms, "CRIGENT," a.k.a. "PowerWorm," using Windows PowerShell to infect Word and Excel files.
Researchers at Northeastern University warn that careless GUI development practices are dramatically increasing endpoint attack surfaces.
Cisco patches vulnerabilities in its Internetwork Operating System Software.
Another call for better information sharing appears in the INSA Cyber Council's Cyber Intelligence Task Force's new white paper advocating more attention to strategic intelligence.
Wired thinks the lawsuit two banks filed this week against Target and its security assessment partner Trustwave will ("finally") expose the limitations of security audits.
The financial sector has the reputation of being more cyber-savvy than most. But smaller financial advisor practices may be an exception—industry sheet Financial Planning warns a single breach can kill a practice.
US President Obama's telephony metadata collection reforms are scrutinized, to mixed reviews.
Today's issue includes events affecting Australia, China, European Union, Israel, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Palestinian Territories, Russia, Syria, Turkey, Ukraine, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
A Cyber History Of The Ukraine Conflict(Dark Reading) The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned
Hamas' Cyber Attack(IsraelDefense) Threatening messages were sent to Israelis' mobile phones, including subscribers of IsraelDefense
The Next Target: Mass Media Channels(IsraelDefense) You thought that Hamas' cyber attack on Israeli media last week is a unique case? Well, Ram Levi uncovers the truth behind the recent attacks on media outlets around the world, a threat the World Economic Forum named — "digital firestorm"
Defense Ministry Foils Hacking Attempts(The Chosunilbo) A hacking attempt on March 22 targeting the network at the Defense Ministry's press room prompted authorities to block access, the military cyber command said Thursday
Zorenium bot can now hit iOS users as well(Help Net Security) If all the claims included in the adverts for the multi-platform, multi-purpose piece of malware called Zorenium are true, it could very well have a considerable impact on a large number of users, and become a favorite tool for cyber crooks
Cerberus app users warned about data breach(Help Net Security) Users of the Cerberus anti-theft Android app have been receiving warnings from the Cerberus Security Team, urging them to change their password as they have been reset in the wake of a data breach
Word and Excel Files Infected Using Windows PowerShell(TrendLabs Security Intelligence Blog) Malware targeting Word and Excel files has been around for some time, but we recently encountered a new malware family, CRIGENT (also known as "Power Worm") which brings several new techniques to the table
GUI Vulnerabilities Expose Information Disclosure, Privilege Escalation(Threatpost) Developers are creating countless information disclosure and privilege escalation vulnerabilities by misusing elements of various graphical user interfaces as a mechanisms for access control, according to a new research paper from the Northeastern University College of Computer and Information Science
NTP Amplification, SYN Floods Drive up DDoS Attack Volumes(Threatpost) There has been a steady but dramatic increase in the potency of distributed denial of service (DDoS) attacks from the beginning of 2013 through the first two months of this year. In large part, reason for this rise in volume has to do with the widespread adoption of two attack methods: large synchronization packet flood (SYN flood) attacks and network timing protocol (NTP) amplification attacks
Hackers Using Hijacked Phones to Mine Cryptocurrencies Are Wasting Their Time(Motherboard) Security firms have discovered Android apps that are laden with malware to turn your phone into a cryptocurrency mining machine, all for the benefit of someone else and to the detriment of your device. It's of course a ridiculously inefficient way to get your hands on some digital currency—there's a reason students have been hijacking university supercomputers to mine dogecoins—but that doesn't seemed to have stopped someone trying it
An Important Flight MH370 Question: Was Computer Hacking Involved?(Forbes) (Note: This guest post was written by a China-based former military aviator who has held a commercial pilot's license for more than 30 years and asked to remain anonymous.) Malaysia announced this week that flight MH370 ended in the Indian Ocean. In the months to come, the "why" of this horrific tragedy doesn't matter to the rest of the flying public so much as "how" it happened
Multiple Pinterest Accounts Hacked, Flooded With Butt Pics(TechCrunch) If you log onto Pinterest and see that one of your friends has suddenly developed a fixation with weight loss ads and butt pics like the ones below, don't click on the pins. Multiple accounts have been hacked over the last hour and flooded with spam. We've emailed Pinterest for comment
War of the Bots: When DVRs attack NASs(Internet Storm Center) While looking at the latest honeypot data for what is happening with Synology devices, I did notice one particular agressive IP connecting to a number of our honeypot IPs. At first, I figured it may just be a new Shodan scan (got tons of them in the honeypot). But when I connected to port 443 using openssl, I saw a rather interesting SSL certificate being sent
Infographic: A phishing email's route through the corporate network(Help Net Security) For years, even decades, computer security has been seen as a technical problem that requires a technical solution. In recent years, enterprises have plowed billions of dollars into technology solutions, only to find that the frequency and cost of breaches have hardly dropped at all
Strategic Cyber Intelligence Is Essential To Business Security, INSA Says(Homeland Security Today) A new white paper from the Intelligence and National Security Alliance (INSA) Cyber Council's Cyber Intelligence Task Force said while there's been much attention directed towards the tactical, on-the-network cyber domain, there's a "need for more resources to be focused on strategic information requirements and planning, and concentrates on organizations' accurate, strategic cyber intelligence assessment processes"
Strategic Cyber Intelligence(Intelligence and National Security Alliance) In a September 2013 white paper, "The Operational Levels of Cyber Intelligence," the Intelligence and National Security Alliance (INSA) proposed definitions for the strategic, operational, and tactical levels of cyber activity. While there has been much emphasis on tactical cyber intelligence to help understand the "on-the-network" cyber-attacks so frequently in the news, there has been little discussion about the strategic and operational levels in order to better understand the overall goals, objectives, and inter-relationships associated with these tactical attacks. As a result, key consumers such as C-suite executives, executive managers, and other senior leaders are not getting the right type of cyber intelligence to efficiently and effectively inform their organizations' risk management programs. This traditionally tactical focus also hampers the capability of the cyber intelligence function to communicate cyber risks in a way that leaders can fully interpret and understand
FireEye Releases Comprehensive Analysis of 2013 Zero-Day Attacks; Impact on Security Models(MarketWatch) FireEye, Inc. FEYE +1.43%, the leader in stopping today's advanced cyber attacks, today announced the release of "Less Than Zero: A Survey of Zero-day Attacks in 2013 and What They Say About the Traditional Security Model." Through an analysis of the eleven zero-day vulnerabilities discovered in 2013 by FireEye — by far the most discoveries of any security company that year — the paper provides context around the advanced threats these vulnerabilities enable as well as guidance to enterprises on mitigating these hidden problems
Analysis of three billion attacks reveals SQL injections cost $196,000(Help Net Security) NTT Innovation Institute has announced the release of its Global Threat Intelligence Report (GTIR), which raises awareness with C-level executives and security professionals alike that when the basics of security are done right, it can be enough to mitigate and even avoid the high-profile security and data breaches
Advisors Beware: Single Data Breach 'Can Bring Down' a Practice(Financial Planning) In the face of a range of cyber threats that are increasing both in volume and sophistication, investment advisors need to shore up their digital defenses, taking steps to elevate security as a business priority and share more information about attacks with relevant authorities
DataWalker for Oracle v1.0 in the wild(ToolsWatch) DataWalker for Oracle is a data unloader and block examiner tool. It can be used by DBAs to recover data or by forensic examiners to look for evidence after a breach
Addressing Cyberattacks via Positive Enforcement Model(SecurityWeek) As more and more details about the Target breach have emerged, security experts, bloggers and media have focused on why Target failed to react to alerts from zero day malware point products that allegedly provided indication there was malware in the network
Social Media Monitoring and Compliance: Five Best Ways to Navigate Complexity in the Workplace(Cyveillance Blog) Businesses have a lot to juggle these days. Detecting physical threats against facilities, employees, customers, executives, and suppliers is one obvious example. The list continues to grow with managing network security alerts and devices, preparing for sophisticated DDoS attacks, guarding sensitive IP and data against leaks and breaches, and protecting employees from social engineering attacks. Brand integrity, distribution control, phishing, and fraud detection add further to the complexity of managing online and offline environments
For ATMs, why not Windows 8?(ZDNet) Banks are only now getting around to replacing Windows XP on their ATMs with Windows 7, but why bother? Windows 8 should work at least as well and has a longer support life
Fort Belvoir hosts new Cyber Defense Training Program(Belvoir Eagle) Fort Belvoir played host to the Cyber-Digital Master Gunner Solution Course from March 3-21. The course, a new three-week pilot program developed by U.S. Army Communications-Electronics Command's Field Support Branch, invited Soldiers and network professionals from U.S. Army Cyber Command and the 1st Information Operations Command (Land), to participate in hands-on training in the increasingly important fields of offensive and defensive network activity, such as hacking and scanning for enemy vulnerabilities
Design and Innovation
Ford's connected car revs up with APIs and external app developers(TechTarget) Ford Motor Co. has been getting the mobility trend for a while now. But in its endeavor to build the smartest connected car around, the automaker is taking mobile to another level. "How do we take the experiences customers have on mobile devices and bring them into the vehicle?" Jim Buczkowski, director of electrical and electronics systems for Ford Motor Co., said at Xconomy Forum's "Mobile Madness 2014: The Next Disruptors"
Facebook Joins Google In The Hunt For The Future(TechCrunch) We now live in an era when Mark Zuckerberg speed-dials Obama, controls fleets of drones, brokers $19 billion acquisitions in a week, and buys whole virtual worlds. Facebook's mission has changed. While once it was solely "to make the world more open and connected", it's expanded to also "give people the power to share." And nothing is too crazy if it brings Facebook one step closer to that goal
Is the Oculus Rift sexist?(Quartz) In the fall of 1997, my university built a CAVE (Cave Automatic Virtual Environment) to help scientists, artists, and archeologists embrace 3D immersion to advance the state of those fields. Ecstatic at seeing a real-life instantiation of the Metaverse, the virtual world imagined in Neal Stephenson's Snow Crash, I donned a set of goggles and jumped inside. And then I promptly vomited
When Is a Tor Block Not a Tor Block?(EFF) As Turkey prepares for elections on Sunday, Turkish Prime Minister Recep Tayyip Erdoğan continues to double down on Internet censorship. A week after Turkish ISPs blocked Twitter Turkey's telecommunications authority has blocked YouTube. The block began to be rolled out hours after a leaked recording published anonymously on YouTube purported to show a conversation in which Turkey's foreign minister, spy chief, and a top general appear to discuss scenarios that could lead to a Turkish attack against militants in Syria
China to Boost Cybersecurity (Wall Street Journal) China's defense ministry said it would take measures to boost cybersecurity after reports this week alleging the U.S. spied on Chinese technology company Huawei Technologies Co. and several Chinese leaders
UN raps US civil rights record on secret programs(AP via the Houston Chronicle) A U.N. panel has found serious shortcomings in the United States' civil rights record, with experts citing Thursday a lack of adequate oversight and transparency in national security programs dealing with everything from electronic surveillance to targeted drone killings and secret detentions
Obama Says Plan Will End NSA Bulk Data Sweep(AFP via SecurityWeek) President Barack Obama put forward a plan Thursday to end bulk collection of telephone records, aiming to defuse a controversy over the government's sweeping surveillance activities on millions of Americans
Background Conference Call by Senior Administration Official on the Bulk Telepone Metadata Program(IC on the Record) Thank you so much. Hi, everyone. Thanks for joining. We wanted to get you together for a quick call on statements — you either have these or about to receive — on the President's decision on the Section 215 Bulk Metadata Program. As you'll see, the President has decided that the best path forward is for the government not to collect or hold this data in bulk, but instead the data would remain at telephone companies
Statement from DNI Clapper on Ending the Section 215 Bulk Telephony Metadata Program(IC on the Record) Today, President Obama announced his proposal for ending the Section 215 Bulk Telephony Metadata Program. The President's proposal will, with the passage of legislation, ensure that we have the information we need to meet our intelligence requirements while protecting civil liberties and privacy and being as transparent as possible
Feinstein endorses end to NSA surveillance(Visalia Times-Delta) One of the strongest supporters of the Obama administration's domestic surveillance activities said Tuesday she supports President Barack Obama's new proposal to end the program in its current form
Using Metadata to Catch a Whistleblower(Huffington Post) With Obama recently announcing his plans to amend the electronic surveillance program at the National Security Agency, it is a good time to look more closely at what the NSA has been doing with some of the data it has been collecting on Americans for the last decade or so. But first some background
Feds unveil new road map for critical cybersecurity(Westechester County Business Journal) More information sharing and voluntary collaboration between government and the private sector without additional federal regulations is needed to reduce the risk of cyberattacks on the natio's critical infrastructure, cybersecurity experts said at a recent forum on the Fordham University Westchester campus
Commerce Dept. critical of liability protection as cybersecurity framework incentive(FierceGovIT) Liability protection as an incentive for private sector adoption of the cybersecurity framework under development by the National Institute of Standards and Technology requires further study, says the Commerce Department in a discussion paper that takes a skeptical view of the need for protection against tort claims and other possible private sector incentives
How do the FBI and Secret Service know your network has been breached before you do?(CSO) Knock, knock! Secret Service here. "Is this your customer payment card data?" By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement, the Secret Service and Federal Bureau of Investigation (FBI). But how do the agencies figure it out before the companies know they have been breached, especially given the millions companies spend on security and their intense focus on compliance? The agencies do the one thing companies don't do. They attack the problem from the other end by looking for evidence that a crime has been committed
Cybercrime loses its right to silence(Financial News) In 2012, the director general of MI5 revealed that a London-listed company had lost £800 million as a result of a state-backed cyber attack. The company in question has not been publicly identified and no disclosures were made to the market. Why was the market not notified?
Government Requests for Google User Data Continue to Climb(Threatpost) While the number of requests for user information that Google receives from governments around the world continues to rise—climbing by 120 percent in the last four years—the company is turning over some data in fewer cases as time goes on. Google received more than 27,000 requests for user information from global law enforcement agencies in the last six months of 2013 and provided some user data in 64 percent of those cases
Google: We didn't access Arrington's Gmail account to identify leaker(Help Net Security) In the wake of the revelation that Microsoft has accessed a blogger's Hotmail account in order to discover the identity of an employee who leaked company trade secrets, TechCrunch founder Michael Arrington took to his blog and stated that he was "nearly certain" that, a few years ago, Google accessed his Gmail account for the same purpose
Richard Clarke: Snowden Should Be in Prison(Dark Reading) Former White House cybersecurity advisor Richard Clarke says that although the NSA's domestic intelligence data collection has been too broad, there is no evidence that NSA has yet used this data for ill and that Edward Snowden has jeopardized the United States' national security
Manning lawyer wants leak conviction reversed(AP via WAAY TV) Convicted leaker Chelsea Manning is asking an Army general to reverse her conviction and 35-year prison sentence for sending reams of classified information to WikiLeaks
Former Qwest CEO Joe Nacchio Tells Story of Fight Against NSA, SEC(Fox Business) In his first interview since being released from prison, former Qwest Communications CEO Joe Nacchio appeared on FBN's Opening Bell with Maria Bartiromo to tell his story of a fight against the National Security Agency and allegations of insider trading
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Security BSides Denver 2014(Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
Cyber Saturdays(Laurel, Maryland, USA, March 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
InfoSec World Conference & Expo 2014(, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
IT Security Entrepreneurs Forum (ITSEF) 2014(, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...
Defensive Cyberspace Operations & Intelligence Conference(, January 1, 1970) Two days of presentations, workshops, training, and networking on defensive operations and intelligence activities in cyberspace. Speakers from government, universities, and industry will share their insights...
SOURCE(, January 1, 1970) The purpose of SOURCE Conference is to bridge the gap between technical excellence and business acumen within the security industry. SOURCE fosters a community of learning where business and security professionals...
2014 GovCon Cyber Summit(McLean, Virginia, USA, April 9, 2014) The U.S. Computer Emergency Readiness Team (US-CERT) noted that last year federal networks saw a substantial increase in hacking incidents, with 48,000 attacks reported by agencies. In recognition of this...
Women in Cybersecurity Conference(Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
NSA Procurement in today's business arena(Elkridge, Maryland, USA, April 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages...
Suits and Spooks San Francisco(, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...
US News STEM Solutions: National Leadership Conference(, January 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is...
East Africa Banking and ICT Summit(Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...
InfoSecIndy(Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
United States Cyber Crime Conference 2014(, January 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics...
Infosecurity Europe 2014(, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.