The links among cyber criminals, hacktivists, cyber vandals, and state security services have long been complex and close. Iran's "Ajax Security Team" provides a case study of the transition from hobbyist to agent, with a thriving criminal sideline. Plausible deniability has long been a principle of clandestine operations, and it's firmly in place in cyberspace as well.
Russian and Chinese territorial ambitions, whether one considers them aggression or mere rectification, continue to alarm their neighbors. Expect state-inspired hacktivism and cyber rioting to affect regional targets, including Latvia, Kazakhstan, Singapore, and Vietnam.
Glen Greenwald's most recent Snowden transmissions include an allegation of US-government backdoors in American tech exports.
Phishing continues to evolve in sophistication and diversity of technique. Bitdefender reports that Google account passwords are being stolen with crude-looking attempts that nonetheless appear successful in evading heuristic detection. Trend Micro finds more phishing sites asking for (and getting) multiple email addresses from their victims.
University researchers demonstrate malware cloaking that successfully bypasses several leading dynamic analysis platforms, including Google's Bouncer.
It is, of course, Patch Tuesday. Expect the word from Redmond later today.
The growing cyber insurance market is expected to push companies toward more comprehensive security measures. Whether this will prove merely a further accretion of compliance or more effective security will depend largely on how rigorously insurers and their clients deal with risk management.
Enterprises see fresh calls for threat information sharing in Australia and the US.
MI6's former head calls for a new approach to UK espionage oversight.
Today's issue includes events affecting Australia, Cambodia, Canada, China, European Union, Germany, Iran, Israel, Italy, Kazakhstan, Latvia, Russia, Singapore, United Kingdom, United States, and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Iran hackers start to hit defence industry(SC Magazine) A new breed of hackers has emerged in Iran that, likely supported by their Government, have escalated from hobbyist website defacement to full-on cyber espionage against US defence organisations, according to FireEye
Google account passwords stolen in phishing attack(Help Net Security) Hackers have been stealing Google account passwords in a new and better crafted phishing attack that is hard to catch with traditional heuristic detection, according to Bitdefender
Phishers Cast Wider Net, Now Asking for Multiple Emails(TrendLabs Security Intelligence Blog) From a security perspective, phishing attempts are pretty much old hat. In most cases, phishing attempts or attacks focus on getting one particular credential, such as those for credit cards or user accounts. We are now seeing cybercriminals attempt to get more credentials by using phishing pages that allow for multiple email logins
Android App Components Prone to Abuse(TrendMicro Security Intelligence Blog) We've recently found a vulnerability in certain Android apps that may leave user data at risk of being captured or being used to launch attacks. The two affected apps we investigated are both highly popular
Your phone is a gateway for spying on you by anyone(Russia Today) At a time when people can be watched, tracked and monitored every minute of the day it's not a surprise that market for international surveillance is thriving. Is the government doing more than just uncovering our secrets? Who else can spy on us? Is privacy gone forever? Well, our guest today is committed to exposing the world of unlawful snooping
Points of Sale Poorly Secured, Facing Sophisticated Attacks(Threatpost) The point-of-sale (PoS) systems on which financial transactions are conducted at nearly every physical retail location in the U.S. and and beyond are fast becoming a favorite target for sophisticated criminal organizations as well as standalone attackers
Researchers Quantify Fake Certificates Used in SSL Connections(Threatpost) An attacker with a forged SSL certificate is quite the Internet villain these days, be he a criminal or government spy. In possession of such a cert, an attacker can easily decrypt and monitor traffic, steal credentials and other sensitive information from a network
A word on phone scammers(Blaze's Security Blog) You have probably heard of any of the terms "cold call", "calling from Windows" or "phone scam" before
Bitly breach details revealed(Help Net Security) Bitly has released more details about the breach that made them reset user account credentials and disconnect all users' Facebook and Twitter accounts late last week
Spy plane sparked memory shortage that disabled air traffic system(Orlando Sentinel) A common design problem in the U.S. air traffic control system made it possible for a U-2 spy plane to spark a computer glitch that recently grounded or delayed hundreds of Los Angeles area flights, according to an inside account and security experts
Why Foreign Spies Target IT Workers(Information Security Buzz) The Financial Times broke a story the other night about how the British Intelligence service MI5 was warning CEOs at major businesses that, "Foreign intelligence agencies are targeting IT workers at big businesses, hoping to recruit them and gain privileged access to sensitive computer systems."
Security Patches, Mitigations, and Software Updates
Cyber attacks present a greater risk to firms as they collect more data about customers(Washington Post) Companies are gathering an increasing amount of information about their customers, storing that data for longer periods and analyzing it to glean greater insight about their clientele. But the rise in big data analytics comes at a time when those companies face a higher risk of cyber breaches from hackers looking to access that same information
What keeps senior IT security pros up at night? It's not what you think(Help Net Security) In the security space, last year was one for the books. Edward Snowden made waves after leaking classified documents detailing government surveillance programs, which raised privacy and security concerns for individuals and enterprises worldwide. Data breach after data breach of major retailers and brands shook every industry to its core, leaving IT teams wondering, "could this happen to us?"
Recommendations for Adding Cybersecurity Intelligence to the Smart Grid(CircleID) Over the last few years, there has been an increased effort to modernize the U.S. electric grid. Building a "Smart Grid" has been central in the effort to help utilities better manage their resources, minimize power outages and reduce energy consumption. However, adding more electronic devices and sensors to the grid's network has made it a prime target of cyberattacks, like Distributed Denial of Service (DDoS) attacks, which if successful, could cause wide-spread disruption of services affecting many other sectors
Cyber Crime Is Growth Industry In Israel(HSToday) In the first quarter of 2014, there were approximately 400,000 malicious code attacks launched against Israel, which was ranked 49th on the list of most dangerous countries for cyber attacks, according to a new cyber-security report by Kaspersky Labs
Call to keep customers in cyber-attack loop(The Australian) Australian businesses should be more forthcoming in the event of a cyber-attack and alert customers about the potential exposure of their personal information to criminal networks, according to a leading global cyber security expert
Data Breach Roundup: April 2014(eSecurity Planet) Would sharing intelligence on hackers and other threats help companies avoid data breaches? At least one expert thinks so
NIMBOXX Selects SparkCognition to Deliver Cognitive Security for its Hyper-converged Platform(Digital Journal) SparkCognition, the world's first Cognitive Security Analytics company, announced that its Cognitive Security Insights platform has been selected by NIMBOXX, developer of the industry's most advanced hyper-converged platform. SparkCognition's software and its Cloud based service will power security analytics and automated security policy management for NIMBOXX systems
AhnLab's MDS: A comprehensive approach to malware management(SC Magazine) AhnLab is no newcomer to the information security market — having been around since 1995. This offering, however, is relatively new. It is backed by a large global company with vast experience in many aspects of information security, cloud-based systems and on-premises tools. I have seen elements of this offering in many other anti-malware tools, though the hallmark of this one is that for every reason one buys individual gateways this tool has it
Technologies, Techniques, and Standards
Varying opinions on HHS Security Risk Assessment Tool(HealthITSecurity) The Department of Health and Human Services (HHS) releasing its Security Risk Assessment Tool has spurred diverse opinions as to how healthcare organizations should use the tool as part of their compliance strategy as well as audit preparation
Beefing up Windows End Station Security with EMET(Internet Storm Center) After my post last week on things a System Administrator can do to protect against zero days in your browser, operating systems and applications, one of the biggies for Windows is to deploy EMET — Microsoft's Enhanced Mitigation Experience Toolkit. EMET implements advanced security controls that are not native to the operating system. Using EMET, you can take advantage of security features from Windows 8, even if you are running Windows 7 or even to some extent on XPSP3. Or you can beef up what's in Windows 8 with features that aren't anywhere but in EMET yet
Why Google prefers numeric CAPTCHAs(Help Net Security) Alphanumeric CAPTCHAs — those more or less difficult-to-read combinations that are used by many online services to discern whether a user is human or a bot — have been in use for over 15 years now, but I've yet to meet a person who likes "solving" them
How to better secure your Twitter account(Hot for Security) Have you ever had your Twitter account hacked? Did you find it unexpectedly spewing out claims that you had lost weight following a miracle diet, malicious links to phishing sites, or even over-run by mischievous hackers like the Syrian Electronic Army?
How Can SMB Overcome Obstacles to Social Media Monitoring for Risk and Compliance?(Cyveillance) Small and medium businesses (SMB), particularly banks and credit unions, typically have to meet the same compliance guidelines for their industry as their larger peers, including those for social media. As one expert noted, there are some baseline compliance requirements that organizations must meet if their employees use social media at work, whether the company is regulated by FINRA, HIPAA, the SEC, or otherwise. In this post, we'll discuss three of the hurdles that SMBs often face when trying to implement monitoring solutions for risk and compliance, and some suggestions for how to overcome them
UK needs new watchdog for its spies, ex-MI6 chief says(Reuters via the Chicago Tribune) Britain should create a new body to oversee its intelligence agencies to reassure the public after revelations from ex-U.S. intelligence contractor Edward Snowden, the former head of the British foreign intelligence service said on Monday
Lobbying on data, cybersecurity has tripled(Washington Post) The number of companies, associations and other groups lobbying on data and cybersecurity issues has nearly tripled since 2008, according to a review by Capitol Metrics, a lobbying analytics firm. The number of lobby firms advocating on behalf of clients on data and cybersecurity issues also tripled in the same period
New NSA chief vows more transparency for embattled agency(Reuters) The new head of the National Security Agency vowed on Monday to lead the embattled spy agency with greater transparency as it balances individual rights against the rising risk of a destructive cyber attack against the United States
How N.S.A. Recalibrated Its Mission(New York Times) Part 1 of "United States of Secrets," Tuesday night on PBS's "Frontline," is a fine ticktock account of how we arrived at our current information collection quandary, and what makes it so says a lot about this still-evolving issue
Inside the NSA the Day After 9/11(PBS Frontline) The mood was somber at NSA headquarters on Sept. 12, 2001. Nearly 3,000 Americans were dead in the worst terrorist attack in U.S. history. Analysts at Fort Meade were shell-shocked. What had they done to miss the warning signs?
FBI Seeks License To Hack Bot-Infected PCs(Dark Reading) Justice Department seeks search warrant changes to battle online crime syndicates, but critics cite impact on innocent bystanders and potential for abuse
Regulators Planning Cybersecuity Assessments for Banks(Threatpost) A government agency in charge of developing standards for the nation's banks announced last week that it will work harder to try to identify vulnerabilities in smaller community banks and that it's planning to better raise awareness when it comes to cyber threats
A new LinkedIn best practice—don't connect with your insider trading partner(Quartz) If your college buddy is feeding you economic data ahead of its official release, it's perhaps best to avoid publicly connecting with him on social networks. It was a LinkedIn connection that helped lead to the arrest of a National Australia Bank associate director who is charged with insider trading, the Age reports
12 voice phishing hackers have been arrested by Europol(CyberWarZone) Europol and her partners have successfully arrested 12 hackers which were involved in the voice-phishing case. Europol seized 15000 EUR in cash and important digital evidence which would help to build the voice-phishing case
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Security West(, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...
Eurocrypt 2014(, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.
ISPEC 2014(Fujian, China, May 12 - 14, 2014) The ISPEC conference series is an established forum that brings together researchers and practitioners to provide a confluence of new information security technologies, including their applications and...
GovSec 2014(Washington, DC, USA, May 13 - 14, 2014) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...
Cyber Security for National Defense Symposium(, January 1, 1970) DSI's Cyber Security for National Defense Symposium is designed as an educational and training "Town Hall" forum, where thought leaders and key policy-makers across military and civilian organizations...
CyberWest(Phoenix, Arizona, USA, May 13 - 14, 2014) Cyber threats affect all industry sectors and impact individuals, businesses and governments. From hacktivists to advanced persistent threats, conducting business on-line exposes individuals, corporations...
Fraud Summit(Chicago, Illinois, USA, May 14, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...
INFILTRATE(, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...
Security BSides Denver 2014(Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
Security Start-up Speed Lunch NYC(New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare,...
CEIC 2014(Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions...
The Device Developers' Conference: Bristol(Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
Mobile Network Security in Europe(London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the...
Positive Hack Days(, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright...
Georgetown Law: Cybersecurity Law Institute(, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels...
NSA Mobile Technology Forum (MTF) 2014(, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...
CyberMontgomery Forum: Center of Gravity(Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring...
Cyber Risk Summit(Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.
The Device Developers' Conference: Cambridge(Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
Fort Meade Technology Expo(, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...
3 Day Startup(San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...
How the SBIR/STTR Program Can Help Grow Your Business(Halethorp, Maryland, USA, May 27, 2014) The SBIR/STTR programs promote small business innovation and profitability while simultaneously meeting the government's research and development needs. Every year, small businesses receive millions of...
CANSEC(, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.