Colombia's President Santos, reports say, has had his emails hacked. FARC, or at least FARC sympathizers, are suspected. Their apparent goal is intelligence on continuing peace negotiations between FARC and the government.
Indonesian cyber vandals deface sites belonging to Yemen's Ministry of Human Rights and several United Nations organizations. The motive seems nothing more than counting coup.
KnowBe4 reports a new strain of ransomware in the wild: CryptorBit (a.k.a. HowDecrypt). It appears to bypass group policy settings designed to fend off ransomware; it also installs a cryptocurrency miner on infected machines.
Apple acknowledges an iOS email attachment encryption flaw.
StubHub's ability to sell World Cup tickets bogs down as a denial-of-service attack shuts down its Brazilian operations.
DropBox issues a patch to close a security hole that has, researchers claim, been known since last November.
New reports detail financial sector cyber security trends. The Anti-Phishing Working Group says cyber criminals' optempo is up. Cybergangs now change targeted brands more quickly, looking for newly popular companies with weak defenses and vulnerable user bases.
Mergers and acquisitions lead industry news. FireEye is buying enterprise forensics shop nPulse Technologies, and Endgame makes its first acquisition, Onyxware, seen as a BYOD security play. IBM's predictive and preventive cyber security solutions continue to attract attention.
SHA-2's displacement of SHA-1 is moving faster, thanks to Heartbleed.
In the US, legislation to restrict electronic surveillance is moving through the House, prospects boosted by new support from leading NSA supporters. The bill would restrict telecommunications metadata mass collection.
Today's issue includes events affecting Argentina, Brazil, Canada, China, Colombia, Estonia, Georgia, India, Indonesia, Iran, Latvia, Moldova, Pakistan, Russia, Saudi Arabia, Ukraine, United Kingdom, United States, Yemen, and Zimbabwe..
Cyber Attacks, Threats, and Vulnerabilities
Colombian President Target of Cyber-Spy Operation, Emails Hacked(Hispanically Speaking News) Investigators discovered a clandestine cyber-espionage operation targeting the government's negotiations with leftist guerrillas, Colombia's attorney general said Tuesday, adding that the spies apparently intercepted President Juan Manuel Santos' e-mails
Yemen's Ministry of Human Rights and United Nations Domains Hacked by Indonesian Hackers(HackRead) A group of Indonesian hackers going with the handle of Gantengers Crew have hacked and defaced the official website of Yemen's Ministry of Human Rights, United Nations Development Programme (UNDP), United Nations and United Nations Volunteers. All websites were hacked about an hour ago, left with a deface page along with a message which doesn't explain why the
DIY cybercrime-friendly (legitimate) APK injecting/decompiling app spotted in the wild(Webroot Threat Blog) With millions of Android users continuing to acquire new apps through Google Play, cybercriminals continue looking for efficient and profitable ways to infiltrate Android's marketplace using a variety of TTPs (tactics, techniques and procedures). Largely relying on the ubiquitous for the cybercrime ecosystem, affiliate network based revenue sharing scheme, segmented cybercrime-friendly underground traffic exchanges, as well as mass and efficient compromise of legitimate Web sites, for the purpose of hijacking legitimate traffic, the market segment for Android malware continues flourishing
New DNS Spoofing Technique: Why we haven't covered it.(Internet Storm Center) The last couple of days, a lot of readers sent us links to articles proclaiming yet another new flaw in DNS. "Critical Vulnerability in BIND Software Puts DNS Protocol Security At Risk" claimed one article, going forward to state: "The students have found a way to compel DNS servers to connect with a specific server controlled by the attacker that could respond with a false IP address"
The Non-Advanced Persistent Threat(Imperva) Advanced Persistent Threat (APT) is a name given to attacks that specifically and persistently target an entity. The security community views this type of attack as a complex, sophisticated cyber-attack that can last months or even years. The skill and scope required to instigate an attack of this magnitude and sophistication are believed to be beyond the reach of individual hackers. Therefore, APT is generally attributed to governments, hacktivists, and cyber criminals
Hacktivism: good or evil?(ComputerWeekly) Wikipedia is always a good source of definitions for technology-related issues. It defines hacktivism as "the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics". As with any technology, "hacking" and therefore hacktivism can be a force for good or evil
Security Patches, Mitigations, and Software Updates
Report on Cyber Security in the Banking Sector(New York State Department of Financial Services) Cyber attacks against financial services institutions are becoming more frequent, more sophisticated, and more widespread. Although large-scale denial-of-services attacks against major financial institutions generate the most headlines, community and regional banks, credit unions, money transmitters, and third-party service providers (such as credit card and payment processors) have experienced attempted breaches in recent years
Security Trends In The Financial Services(CloudTweaks) Readers who subscribe to our newsletter will have already read Fridays news about Microsoft's latest report into key security trends in financial services. The report is part of a series which looks at security trends in cloud computing across four specific industries — financial services, healthcare, retail, and public sector
FireEye Enters Agreement to Acquire nPulse Technologies(MarketWatch) Combination creates industry's first solution to deliver enterprise forensics from the endpoint to the network, providing visibility across the entire attack life cycle and accelerating threat response and remediation
Endgame's First Acquisition Takes It Beyond Cyber Weapons(Bloomberg BusinessWeek) Endgame, once a secretive supplier of cyber weapons to yet more secretive government agencies, has made its first acquisition, aiming to help public- and private-sector clients better protect mobile devices used by employees
Do Proofpoint's Earnings Mean Anything for Cybersecurity?(Motley Fool) Proofpoint (NASDAQ: PFPT) shares soared after the cloud data protection software provider reported better-than-expected earnings. However, it's worth noting that shares of security stocks have been badly beaten, and had continued to trend lower prior to Proofpoint's report
Akamai's Solid Q1 Performance Offset By Near-Term Margin Concerns(Trefis) Akamai (NASDAQ:AKAM) recently announced a strong set of Q1 results, beating the high end of its guidance on both revenues and earnings. The company generated revenues of $454 million in the first quarter, about 23% higher than the prior-year quarter when adjusted for the ADS divestment and the recent acquisition of Prolexic
Dell Turns 30: Where To Next?(InformationWeek) Dell celebrates its 30th birthday while working to reinvent itself for the cloud era. What do you want most from Dell now?
Bitdefender, Point Service Mobiles sign distribution deal(Telecompaper) Antivirus software publisher Bitdefender has signed an agreement with French mobile phone and tablet repair chain Point Service Mobiles have signed a distribution agreement for Bitdefender Mobile Security for Android
Distil opens Raleigh office(Raleigh News Observer) The founders of Distil Networks, a small but fast-growing Internet security software firm based in Arlington, Va., have returned to their North Carolina roots by opening an office in the Triangle
IBM's New Cybersecurity Plan: Find Bad Guys Before They Steal(Wall Street Journal) Protecting a company from data theft traditionally involves setting up a secure perimeter. But with computer crime growing in recent years, International Business Machines has a new approach: spotting threats before the crown jewels are stolen
5 SQL Server 2014 Security Enhancements(SQL Magazine) SQL Server 2014 continues the Microsoft commitment to excellence in security. According to the National Institute of Standards and Technology (NIST) public security board, SQL Server reportedly has the lowest number of security vulnerabilities across major database vendors
Splunk Introduces Hunk 6.1(MarketWatch) Organizations around the world turning to Hunk for easier and faster analytics for Hadoop and NoSQL data stores
Cryptol Version 2 Released(I Programmer) An open source version of Cryptol has been released. The language is designed specifically for cryptography, and while this is the first public version, the language has been under development and in use for almost 15 years
CACI Digital Forensics Lab Receives American Society of Crime Laboratory Directors Accreditation(Wall Street Journal) CACI International Inc (NYSE:CACI) announced today that its CACI Digital Forensics Laboratory (CDFL), a full-service computer and audio forensics facility located in Alexandria, Va., has been accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board (ASCLD/LAB)-International. This independent and impartial accreditation demonstrates that CACI's lab, which is part of the capabilities the company offers in its Investigation & Litigation Support market, meets or exceeds established testing and calibration requirements as well as industry digital forensic standards
Technologies, Techniques, and Standards
SHA-2 takes off, thanks to Heartbleed(ZDNet) Industry and standards bodies had announced the transition from SHA-1 hashes to SHA-2 in certificates some time ago, but adoption was weak. Now Heartbleed has created an opportunity to jumpstart the transition
The attack that keeps on giving(SC Magazine) Once again the importance of sound key management has been brought into sharp focus. The Heartbleed bug found in OpenSSL, one of the most common means of encrypting data on the internet and internal networks, provides a way for attackers to potentially access private keys
The State of Cryptography in 2014, Part 1: On Fragility and Heartbleed(TrendLabs Security Intelligence Blog) It seems like cryptography has been taking a knock recently. This is both good and bad, but is not actually true: cryptography is always under attack, and for that reason constantly evolves. That's bad, but it's good to realize that cryptography needs constant attention. The threat to cryptography can be very disruptive, as we most recently saw with Heartbleed, and more distantly with 'issues' in various algorithms like RC4, MD5, SHA1 and Dual_EC_DRBG (all of which should not be used any more, by the way)
Cyber Counterintelligence: from Theory to Practice(Tripwire: the State of Security) In the previous article, Cyber Intelligence Collection Operations, the types of collection and the types of data that could be obtained were discussed. At the end of the discussion I pointed out that analysts must be critical of the data they evaluate as at any time it could be compromised
Embedding positive security behaviors is essential(Help Net Security) Organizations have spent millions over recent decades on information security awareness activities. The rationale behind this approach was to take their biggest asset — people — and change their behaviors, thus reducing risk by providing them with knowledge of their responsibilities and what they need to do
Password management done right(Help Net Security) David Sancho, senior threat researcher with Trend Micro, has recently written a short but good post in which he pointed out the reasons why despite their inherent insecurity, passwords are here to stay
Don't let the latest zero-day fool you(InfoWorld) The Internet Explorer exploit patched by Microsoft last week was serious stuff, but, if you're prioritizing holes to plug, browser vulnerabilities shouldn't be first on the list
Design and Innovation
What Google's King of Crazy Ideas Wants to Take On Next(Wired) As head of Google X, the search giant's so-called "moonshot factory," Astro Teller gets to think about big, hairy world issues for a living. He's the driving force behind Google's self-driving cars. He's leading the way on glucose-monitoring contact lenses for diabetics. He has tried — and failed — to bring us jet packs that are actually safe. And yes, for better or worse, he brought us Google Glass
How Putin Is Reinventing Warfare(Foreign Policy) Though some deride Russia for backward thinking, Putin's strategy in Ukraine betrays a nuanced understanding of 21st century geopolitics
House panel voting to end NSA bulk phone metadata program(Ars Technica) Proposal would require NSA to get approval from FISC to access records from telcos. A House panel is expected to vote on a proposal Wednesday ending the National Security Agency's bulk telephone metadata collection program
Key NSA Defender: Congress 'A Lot Closer' On Surveillance Reform(Foreign Policy) In a dramatic change of tone, Rep. Mike Rogers, the chairman of the House Intelligence Committee, praised a bill in the House Judiciary Committee that would sharply curb the National Security Agency's surveillance powers. His remarks suggest that the powerful lawmaker may be more willing to vote for tougher reforms than previously anticipated
Director of the National Security Agency: Who Is Michael Rogers?(AllGov) Admiral Michael S. Rogers took over April 2, 2014, as director of the National Security Agency (NSA) and head of the U.S. Cyber Command. In that role, Rogers will direct communications and data gathering and decoding. Rogers took charge of the agency as it was trying to recover from allegations of spying on Americans and foreign officials and the Edward Snowden revelations
Sending cyber sense down the Navy chain of command(FCW) Vice Adm. Jan E. Tighe, commander of U.S. Fleet Cyber Command, says the Navy brass has a good handle on the need for cyber defense, but the lower ranks need to be brought up to speed. The U.S. Navy is undergoing a "cultural shift" toward seeing computer networks for the battlefields they are, but some of that education has yet to trickle down to the rank and file, its top cyber commander said May 6
Former Unisys CIO Kevin Kern Joins ICE as CIO(ExecutiveGov) Kevin Kern, formerly senior vice president and chief information officer at Unisys, has been named CIO for the Department of Homeland Security's Immigration and Customs Enforcement agency
Examiner Editorial: Obama's chief science adviser must explain secret emails(Washington Examiner) White House Office of Science and Technology Policy Director John Holdren or somebody on his staff would have been well-advised to heed Sir Walter Scott's poetic warning: "What a tangled web we weave when first we practice to deceive." As a result, the Competitive Enterprise Institute filed suit in a federal court Monday claiming Holdren violated federal law and regulation by doing something he specifically advised employees not to do. That something was using a private email account to conduct official government business
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Ruxcon(Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...
US Secret Service Cybersecurity Awareness Day(Washington, DC, May 8, 2014) This Cybersecurity event will be the first of its kind at the USSS. There will be 2-3 opportunities for participating companies to present a 1/2 hour presentation on a Cybersecurity topic of concern to...
SANS Security West(, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...
Eurocrypt 2014(, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.
ISPEC 2014(Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...
GovSec 2014(Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...
Cyber Security for National Defense Symposium(, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations...
CyberWest(Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...
Fraud Summit(Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...
INFILTRATE(, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...
Security BSides Denver 2014(Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
Security Start-up Speed Lunch NYC(New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...
CEIC 2014(Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...
The Device Developers' Conference: Bristol(Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
Mobile Network Security in Europe(London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the...
Positive Hack Days(, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...
Georgetown Law: Cybersecurity Law Institute(, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...
NSA Mobile Technology Forum (MTF) 2014(, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...
CyberMontgomery Forum: Center of Gravity(Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...
Cyber Risk Summit(Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.
The Device Developers' Conference: Cambridge(Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
Fort Meade Technology Expo(, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...
3 Day Startup(San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...
CANSEC(, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.