Cyber-snooping on FARC talks will be resolved in Colombia's courts even as it roils the presidential election.
Chinese security organs accuse an "unnamed foreign country" (but they're looking at you, America) of actively recruiting students as agents. Quartz describes how Millennials in both countries are peculiarly vulnerable to this old-yet-new form of social engineering.
Recorded Future begins a series on how al Qaeda is muffling its digital exhaust post-Snowden. (Compare British MP Rifkind's assessment: Snowden's leaks were tantamount to an attack on the US.)
Sysadmins were warned this week against compromise by sparrows and ravens, but some of them need no such inducement. A former US Navy sailor—sysadmin on USS Harry S Truman—is charged with having led the anti-military hacktivist crew "Team Digi7al" from his spaces aboard the warship. Apparently he did it for the lulz.
The upcoming FIFA World Cup opens vast opportunities for phishing and waterholing.
Analysts point to the rapid evolution of malware, the large tribe of cyber attackers, and potential targets' burgeoning attack surface as more evidence that greater automation is required for effective defense. They also note the simultaneous difficulty and indispensability of threat intelligence: if it's not timely and well-structured, it's just so much glare.
A great deal of industry news focuses on investors' views of companies in the sector. Those views aren't uninformed, but they represent an unfamiliar perspective. Entrepreneurs might consider investors (stock buyers, not VCs) a low-information audience.
Welcome to the industry, Keith Alexander, now a cyber security consultant.
Today's issue includes events affecting Australia, Brazil, China, Colombia, Iran, Saudi Arabia, Switzerland, Thailand, Turkey, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Dirty tricks take over Colombian campaign(Buenos Aires Herald) Discovery of intel centre linked to Santos' rival comes just one day after aide's resignation. With presidential elections in Colombia just around the corner and the outcome still unclear, the main candidates' campaign teams have started resorting to dirty tricks
Foreign spies lure Chinese students(China.org.cn) China's security department has discovered overseas intelligence agencies are using the Internet and money to lure Chinese students to steal state secrets
China and the US are racing to turn poor, naive Millennials into spies(Quartz) Chinese state media are accusing an "unnamed foreign country" of recruiting spies at Chinese universities and through popular blogs and social media. This week, a series of news reports claim that unsuspecting Chinese, some of them as young as 16 years old, are being lured into working for foreign intelligence agents
How Al-Qaeda Uses Crypto Post-Snowden (Part 1)(Recorded Future) Since 2007, Al-Qaeda's use of encryption technology has been based on the Mujahideen Secrets platform which has developed to include support for mobile, instant messaging, and Macs. Following the June 2013 Edward Snowden leaks we observe an increased pace of innovation, specifically new competing jihadist platforms and three (3) major new encryption tools from three (3) different organizations — GIMF, Al-Fajr Technical Committee, and ISIS — within a three to five-month time frame of the leaks
Threats Get a Kick Out of 2014 FIFA World Cup Brazil Buzz(TrendLabs Security Intelligence Blog) Cybercriminals are well-versed in preying upon anyone curious about world events. Case in point: the upcoming 2014 FIFA World Cup in Brazil. While the world is waiting for this, cybercriminals are not wasting time and are now launching new threats that turn global followers into victims
Sefnit Accomplices Account For Spike In Malware Infections(Threatpost) Plenty has been written about the Sefnit malware family and its favor with using Tor to mask communication, as well as the money it's made for criminals via click-fraud schemes. Sefnit, however, has had a pair of accomplices that until recently were regarded as harmless programs by most security companies. The trio, which now includes two malware families Rotbrow and Brantall, are responsible for a startling jump in malware infections detected in the fourth quarter of last year, according to Microsoft
SNMP: The next big thing in DDoS Attacks?(Internet Storm Center) It started with DNS: Simple short DNS queries are easily spoofed and the replies can be much larger then the request, leading to an amplification of the attack by orders of magnitude. Next came NTP. Same game, different actors: NTP's "monlist" feature allows for small requests (again: UDP, so trivially spoofed) and large responses
The prime target for malicious emails(Help Net Security) In the first quarter of 2014 spammers started imitating messages from mobile applications. They especially like the popular mobile messengers — WhatsApp, Viber and Google Hangouts. Notifications supposedly sent from these applications were used to spread both malware and harmless adverts
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Advisory for WebEx Players(US-CERT) Cisco has released a security advisory to address multiple buffer overflow vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players. Successful exploitation of the vulnerabilities could cause an affected player to crash or allow a remote attacker to execute arbitrary code
No Windows XP, Office 2003 patches in May Patch Tuesday(ZDNet) The company will release eight bulletins, two of them critical, and five for Microsoft Windows. Windows XP is not scheduled to receive an update, nor is Office 2003 scheduled to receive either of the two Office updates
CIOs fear compliance and regulation over IT failure to tackle big data(ComputerWeekly) Almost half (46%) of UK organisations are struggling to extract value from information due to current approaches to IT. As many as 87% of CIOs fear that failing to address their untapped intelligence will lead to issues with compliance and regulation, according to a research
Security Think Tank: KuppingerCole's security predictions for 2014(ComputerWeekly) After the proliferation of Stuxnet, Duqu in 2012 and other Scada-focused attacks in 2013, industrial control system security will become an important topic in 2014, writes Robert Newby. Large-scale processes involving multiple sites over long distances will be increasingly subject to advanced persistent attack
Security Think Tank: ISF's top security threats for 2014(ComputerWeekly) The top security threats global businesses will face in 2014 include bring your own device (BYOD) trends in the workplace, data privacy in the cloud, brand reputational damage, privacy and regulation, cyber crime and the continued expansion of ever-present technology
Cloud app security exceptions have become the rule, says report(FierceITSecurity ) Cloud app security exceptions have become the rule, putting organizations' security at risk, warns the most recent Netskope Cloud Report.
A disturbing 90 percent of cloud app usage is in apps that were blocked at the network perimeter but were granted exceptions, according to the report, which compiles data from Netscape Active Platform users
Small businesses targeted with email-borne exploits(Help Net Security) Even though the data gathered by Microsoft points to the fact that cybercriminals now prefer deceptive tactics to exploits, it does not mean that the latter approach has been wholly abandoned
Growing dynamic in politically-motivated hacktivism(Help Net Security) While financial cybercrime becomes ever more entrenched through a consolidating demand and supply chain, the hacktivist landscape is more turbulent, vacillating constantly in tandem with geo-political turmoil
Will Investors Regret Target's CEO Ouster? Compare to Sears, JCP(Forbes) There was much press this week about Target's CEO and Chairman, Gregg Steinhafel, being forced out. Blame reached the top job after the successful cyber attack on Target TGT +0.33% last year. But investors, and customers, may regret this somewhat Board level over-reaction to a mounting global problem
Open Source's Deep-Seated Conflict(InformationWeek) Heartbleed showed that it doesn't matter whether open source projects can patch bugs faster. The real issue is whether they can generate enough revenue to stay alive
The Intelligence Community Needs a New Workforce Model(Nextgov) "Recognizing employees today and meeting unknown requirements for the future, strategic workforce planning is more important now than ever," said said Deborah Kircher, Chief Human Capital Officer for the Office of the National Director of Intelligence
Why "AV is dead" is a dead end topic(Trend Micro Simply Security) It seems like not a day goes by without you hearing someone declare that "AV is dead." Most recently we've even seen people in our industry in the news making this claim
New buys for EMC may come in security, big data(PCWorld) EMC may be in the market for security and data analytics acquisitions as it builds out what it calls a federation of businesses among VMware, RSA Security, Pivotal and the company's traditional storage operations
Finjan Holdings To Begin Trading On The NASDAQ Capital Market(MarketWatch) Finjan Holdings, Inc. (otc mkt:FNJN) today announced it has received confirmation that its application to list the Company's common stock on The NASDAQ Capital Market has been approved by The NASDAQ Stock Market, a unit of the NASDAQ OMX Group
Procera Networks Inc Stock Downgraded (PKT)(The Street) Procera Networks (Nasdaq:PKT) has been downgraded by TheStreet Ratings from hold to sell. The company's weaknesses can be seen in multiple areas, such as its disappointing return on equity and generally disappointing historical performance in the stock itself
A**hat of the Year Award: Dave Dewalt, CEO of $FEYE(iBankCoin) I know it's early in the year and there will be plenty of gents worthy of this distinguished award. However, it would be impossible for anyone to steal this guy's thunder inside of the next 7 months of 2014
Ex-NSA chief Keith Alexander seeks post-Snowden second act(Politico) 'This effort is in its exploratory stages, and I look forward to the work ahead.' Former National Security Agency chief Gen. Keith Alexander is launching a consulting firm for financial institutions looking to address cybersecurity threats
Why Splunk Inc. Shares Went Splat Today(Motley Fool) What: Shares of intelligence software specialist Splunk Inc. (NASDAQ: SPLK) dropped nearly 13% early this morning, and then settled to close down around 6% as the broader tech sector pulled back
Using reputation-based security to mitigate IPv6 security risks(TechTarget) With the gradual switch to IPv6, I've read that attackers will have a basically infinite amount of unique IP addresses from which they will be able to send malicious traffic. Right now, my organization utilizes a reputation-based security system to filter out such traffic from known, malicious IPv4 addresses, but will that be possible once IPv6 uptake is in full swing? How should we change our network security posture to account for this new risk?
Cisco TelePresence vulnerability: Mitigate default credentials issues(TechTarget) A serious vulnerability was recently found in Cisco Systems Inc.'s TelePresence systems that could be triggered due to default credentials being left in place after system setup. Could you provide some security best practices that enterprises could implement for such systems, particularly in regard to the use of unique credentials?
Audit concerns when migrating from traditional firewall to NGFW(TechTarget) My organization is looking to transition from a traditional firewall to a next-generation firewall (NGFW), but I'm concerned about the overlap when both will be in use. Are there any inherent dangers involved with running them side-by-side during the transition? Or could there even be advantages depending on how we write our firewall policies?
The State of Cryptography in 2014, Part 2: Hardware, Black Swans, and What To Do Now(TrendLabs Security Intelligence Blog) Is hardware security any better? We closed the first post by asking: is hardware any more trustworthy? One would think that it is… but it's not. Recently, chip vendors have been incorporating cryptography into their CPUs or chipsets. Usually, this is an implementation of a "standard" cipher (like AES) or a pseudorandom number generator (PRNG)
Design and Innovation
2014 NBIA Incubation Award Finalists(NBIA) …Cyber Incubator at bwtech@UMBC, Baltimore, Md., Alexandra Gold, incubator manager…Achievements: bwtech's Cyber Incubator has been financially stable due to diligent oversight by its staff and Board of Directors, by its ability to negotiate a below market rent for the incubator with the building owner and due to support from the State of Maryland for leasehold improvements, says Alexandra Gold, incubator manager
MPs call for spy agency oversight reforms(ComputerWeekly) Parliament's cross-party home affairs select committee is calling for wide and radical reforms of intelligence agency oversight mechanisms to improve accountability
Turkey has censored more than 100 tweets in the past week(The Verge) More than a month after Turkey lifted its Twitter block, the country's government is still keeping a close eye on any potentially embarrassing tweets. This week alone, Turkish courts have filed five separate takedown motions to Twitter HQ, requesting the removal of over a hundred tweets
ADF to embrace cyber warfare in future military operations(Sydney Morning Herald) The Australian Defence Force has embraced cyber warfare, deception and disinformation through the internet as key elements of future military operations. However, newly declassified ADF papers provide no guidance on how efforts to influence and deceive adversaries will not also mislead the Australian public and media
Regulating User-Generated Health Information, Privacy an Uphill Battle(Threatpost) The proliferation of wearable devices coupled with smartphone apps that monitor heart rates and other health metrics raises an important question: How exactly should the information generated by these devices be regulated? If there's a fist fight in a bar can a person's Fitbit accelerator be subpoenaed? How much user-manufactured data can companies share or integrate into advertising?
NASA Reports Most Cyber Incidents But Gets an 'A' for Compliance(Wall Street Journal) The National Aeronautics Space Administration reported the highest number of cybersecurity incidents in 2013. Paradoxically, it also has one of the best track records among federal agencies of complying with security regulations, according to a May 1 report to Congress by the Office of Management and Budget. Analysts say NASA's cybersecurity situation is a sign the government is measuring the wrong things
Senator: S.C. hacker received $25,000 ransom(The State) A state senator said Thursday that he believes federal authorities paid a $25,000 ransom to the computer hacker who stole the personal data of 6.4 million residents from the South Carolina Department of Revenue
Server mishap results in largest HIPAA fine to date(FierceHealthIT) A breach of electronic protected health information impacting 6,800 individuals at two New York-area hospitals discovered in the summer of 2010 has resulted in the largest HIPAA settlement to date—$3.3 million
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
How the SBIR/STTR Program Can Help Grow Your Business(Halethorp, Maryland, USA, May 27, 2014) The SBIR/STTR programs promote small business innovation and profitability while simultaneously meeting the government's research and development needs. Every year, small businesses receive millions of...
SANS Security West(, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...
Eurocrypt 2014(, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.
ISPEC 2014(Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...
GovSec 2014(Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...
Cyber Security for National Defense Symposium(, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations...
CyberWest(Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...
Fraud Summit(Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...
INFILTRATE(, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...
Security BSides Denver 2014(Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
Security Start-up Speed Lunch NYC(New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...
CEIC 2014(Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...
The Device Developers' Conference: Bristol(Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
Mobile Network Security in Europe(London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the...
Positive Hack Days(, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...
Georgetown Law: Cybersecurity Law Institute(, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...
NSA Mobile Technology Forum (MTF) 2014(, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...
CyberMontgomery Forum: Center of Gravity(Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...
Cyber Risk Summit(Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.
The Device Developers' Conference: Cambridge(Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
Fort Meade Technology Expo(, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...
3 Day Startup(San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...
CANSEC(, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.