Ukraine's election systems were hacked over the weekend in an apparent attempt to disrupt that country's presidential vote. Manual ballot counting continues. CyberBerkut, the Russian-sympathizing (possibly Russian-controlled) hacktivist group claims responsibility.
Belgian's election systems also experienced problems, but those seem a simple bug, not an exploit.
New Zealand's FitzRoy supercomputer, property of the National Institute of Water and Atmospheric Research has been hacked. The attack originated from a Chinese IP address, but New Zealand authorities cautiously point out that this could be misdirection. Observers say hackers may have been constructing a supercomputing botnet for application to cryptographic problems.
eBay continues its recovery from last week's data breach as new vulnerabilities in the online auction service are reported. The market responds quickly: both customer and investor confidence suffer.
Spotify warns that a customer account may have been hijacked, and promises a security fix soon.
Avast warns that some 400,000 user accounts in the company's forum may have been compromised.
China doubles down on tu quoque criticism of the US, and takes steps to exclude Microsoft, Cisco, IBM, and US consultants from its markets. The US considers denying visas to Chinese nationals wishing to attend BlackHat and other conferences.
Russia's Putin calls US security services "unprofessional" for letting Snowden abscond. Former KGB General Kalugin (whom Putin's own service unprofessionally let relocate to Maryland back in the 1990s) says that Snowden is being run by the FSB.
Federal prosecutors recommend a light sentence for Sabu, in view of his services as an informant.
Today's issue includes events affecting Afghanistan, Australia, Austria, Belgium, Brazil, Bulgaria, China, France, European Union, India, Indonesia, Ireland, New Zealand, Russia, Saudi Arabia, Ukraine, United Kingdom, United States..
Rigged Presidential Elections in Ukraine? Cyber Attack on the Central Election Commission(Global Research) It's been four months now since the situation in Ukraine is close to a disaster. The presidential elections on May 25 are seen by the western leaders as a crucial moment to unite Ukraine. But they should be held in democratic, transparent and fair conditions to show everybody in the world that the US and EU-backed authorities in Kiev are legitimate and can control the country
Niwa super computer attacked from Chinese internet address, PM confirms(National Business Review) Fitzroy's attacker could have been using a Chinese IP (internet protocol) address to mask their true origin, Key says. Prime Minister John Key trod delicately around the risk of a diplomatic and trade row following revelations of a cyber attack on the government's National Institute of Water and Atmospheric Research (Niwa)
eBay denies leaked data is genuine(Telegraph) Online auction site eBay has denied that personal information apparently belonging to hundreds of hacked users posted online is genuine, as security researchers say it is "consistent" with details of the cyber attack
Ebay Plans To Boost Its Cyber Security Amid Threats Of Global Legal Actions(CJ News India) The computer systems of eBay were recently attacked and compromised by unknown hackers. Ebay initially downsized the incidence and its impact by stressing upon mere password change. However, things are not as casual and easy as Ebay has considered. Three U.S. States are investigating whether Ebay's has committed any wrong by not reporting the matter in a timely manner
Spotify Was Hacked, Warns Android Users Of Impending Update(TechCrunch) Spotify users, take note. The music streaming service just posted a message on its company blog indicating that one user's account was hacked, but assuring that steps are being taken to ensure others will not fall victim to the same exploit
RAT in a jar: A phishing campaign using Unrecom(General Dynamics Fidelis Cybersecurity Solutions) In the past two weeks, we have observed an increase in attack activity against the U.S. state and local government, technology, advisory services, health, and financial sectors through phishing emails with what appears to be a remote access trojan (RAT) known as Unrecom. The attack has also been observed against the financial sector in Saudi Arabia and Russia
DDoS attacks: Criminals get stealthier(Help Net Security) There is a lot of media hype surrounding volumetric style DDoS attacks recently where the focus has been on large Gb/sec attacks, sometimes up to 400 Gb/sec. In reality, these are very rare and these big and dumb style attacks make one wonder if they are just being used as a distraction to take up resources and divert IT operations' efforts in the wrong place so that hackers can get into websites unnoticed. Bottom line is that DDoS attacks are a serious security threat that evolve every day, much like the sophistication of the criminals that launch the attack
Monsanto Subsidiary Hacked(eSecurity Planet) An undisclosed number of Precision Planting customers' and employees' personal information may have been accessed
Bulletin (SB14-146) Vulnerability Summary for the Week of May 19, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
The Internet Is Burning(TechCrunch) Online security is a horrifying nightmare. Heartbleed. Target. Apple. Linux. Microsoft. Yahoo. eBay. X.509. Whatever security cataclysm erupts next, probably in weeks or even days. We seem to be trapped in a vicious cycle of cascading security disasters that just keep getting worse
Lewis: Cybercrime is big money for hackers(CNN via WCTI 12) In the early days of the Internet boom, some thought we would enter an era where there would be one integrated world economy with no borders, where we would share similar democratic values, and where governments would be less important and civil society could pick up many governmental tasks
The escalating US-China spying war is McKinsey's loss and Huawei's gain(Quartz) US consultants may be the next victim of the US and China's escalating battle over cyber-spying. Chinese officials have asked state-owned enterprises to stop employing US consulting companies, the Financial Times reported (paywall), because of fears they are reporting company secrets to the US government
China Said to Study IBM Servers for Security in Spy Dispute(Bloomberg via the Washington Post) The Chinese government is reviewing whether domestic banks' reliance on high-end servers from International Business Machines Corp. compromises the nation's financial security, people familiar with the matter said, in an escalation of the dispute with the U.S. over spying claims
Anti-surveillance mask foils facial recognition systems(Help Net Security) The unnerving ubiquity of security cameras in public places and the fact that an increasing number of them are connected to facial recognition systems has spurred Chicago-based artist Leo Selvaggio to think of a way to foil these systems
Belden Debuts Cyber Security Toolkit(DesignNews) With nearly every device getting connected through the Internet of Things and with constant reports of hacking and cybertheft, the idea of a toolkit to tap down the cyber covers is timely. Belden Inc. has produced a cyber security toolkit — the Tofino Enforcer Software Development Kit (SDK) — to protect critical industrial infrastructure. The goal is to bring next-generation security to SCADA Networks
Kaspersky proves its not a nice cyber-world(ITWire) Kaspersky's new cyber-portal should scare the bejesus out of every computer user. It brings together real time statistics on cyber threats and malware — as well as the number of mobile phones sold today, new porn sites started and more
Emerging security technology: What's old is new again(TechTarget) The proliferation of online and mobile data is a boon for sales, marketing, product development and, in turn, cybercrime. The concept of data-driven security to counter these data-driven cyberthreats is still relatively new, but when I asked what emerging security technologies IT execs would recommend to combat such cybercrime — and cyberthreats in general — the answers were surprisingly old school. As ISSA founder and former Citibank CISO, Sandy Lambert, put it: When it comes to cyberthreats, go back to the basics
Password's days numbered, security experts say(Waterloo Record) Yet another cyber attack on a corporate database has online security experts calling on companies to improve the way they keep our private information private — and possibly replace traditional passwords
Lessons from 3 Organizations That Made 3 Privacy Mistakes(InfosecIsland) Even with the number of privacy breaches increasing, and with numbers of privacy sanctions coming from the FTC and other regulatory agencies and courts snowballing for companies doing irresponsible things with personal information, putting growing numbers of individuals at risk of identity fraud as well as physical safety risks, companies are still asking for way too much unnecessary and sensitive personal information purely for their marketing purposes
Doing it right: Cloud encryption key management best practices(TechTarget) Enterprises are moving more data into the cloud than ever before, in all different types of service models. As the sensitivity of data moving into the cloud increases, security professionals are actively looking to protect this data using encryption, with tried-and-true techniques they've been using in their data centers for years. In some cases, however, this may not be possible or may require some different approaches and tools, especially for encryption key management
'Hack-proof' drone revealed by Pentagon(Naked Security) Developing software that is totally impervious to hackers is arguably the holy grail of computer security and, until now, has perhaps been nothing more than a pipe dream
We're Training High Schoolers to Fight a Cyber War(Fiscal Times via Yahoo!News) The Department of Justice indicted five Chinese hackers last week for being part of an elite Chinese hacking unit that allegedly hacked the computers of major American companies to steal their corporate secrets
Magid: Internet security is a global issue that requires global cooperation(San Jose Mercury News) The National Cyber Security Alliance, or NCSA, is a Washington, D.C.-based organization that promotes online security and safety. Its board consists of representatives from Microsoft, Google, Facebook, Comcast and other U.S. companies, and it works closely with the Department of Homeland Security to provide security advice for American businesses and consumers. I've attended meetings in Washington, Pittsburg and Silicon Valley with NCSA staff, and the agenda has always focused on U.S. security issues
NSA reform to be 'fight of the summer'(The Hill) Civil libertarians who say the House didn't go far enough to reform the National Security Agency are mounting a renewed effort in the Senate to shift momentum in their direction
'Watered-down' bill loses support(Honolulu Star-Advertiser) U.S. Rep. Colleen Hanabusa on Thursday voted against a bill that would restrict the National Security Agency's bulk collection of phone records, arguing that it was too watered down
NSA reform falls short(Charleston Post and Courier) A large bipartisan majority of the House of Representatives last week passed a bill, the USA Freedom Act, to end the bulk collection of American telephone records by the National Security Agency. The bill also would throw a modest amount of light on the decisions of a secret federal court that oversees intelligence collection by the executive branch
Reining in the NSA(Connecticut Day) Finally forced into action by the revelations of former National Security Agency contractor Eric Snowden, the House last week passed a bill to place some limits on the mass collection of electronic data that Americans have been subjected to in the name of protecting the homeland
Assessing Cybersecurity Regulations(The White House Blog) Effective regulations are an important tool to protect the security and economic vitality of our nation. The President is committed to simplifying and streamlining regulations while ensuring that the benefits justify the costs. In fact, this Administration has undertaken one of the most significant and transparent reform efforts aimed at eliminating unjustified regulatory costs to date
Creating an 'embryonic' cyber defense force(Jakarta Post) Many other nations already have their own armies of tame hackers. The United States has its US Cyber Command, China maintains its so-called Blue Army and the Israelis operate under the flag of Unit 8200
Litigation, Investigation, and Law Enforcement
Beijing Levels New Attack at U.S. Cyber-Spying(New York Times) A week after United States prosecutors indicted five People's Liberation Army officers on charges of cyber-theft, a Chinese government agency has issued its own lengthy, political indictment of American cyber-espionage, accusing the Obama administration of spying on the Internet on a scale far greater than that of other countries
The world's biggest internet spy is playing cop(People's Daily Online) Since the U.S. Department of Justice announced indictments against 5 Chinese military officers, some U.S. media have reported that the U.S. is conducting spying operations not confined to national security. The claims are based on secret documents leaked by former U.S. National Security Agency contractor Edward Snowden
Greenwald: I'm Going to Publish Names of NSA Victims(NewsMax) Glenn Greenwald, the former Guardian newspaper journalist who helped reveal the National Security Agency's secret phone and Internet surveillance program and the identity of leaker Edward Snowden, says he plans to publish a list of names of U.S. citizens who were targeted by their own government
Snowden's deeds — for all they're worth(Slate via the Salt Lake Tribune) Journalist Glenn Greenwald takes on the doubters and reveals what was at stake when government secrets were brought to light
NSA Spying In Austria Beyond Unacceptable: Analyst(Voice of Russia) The National Security Agency [NSA] has reportedly gained direct access to the fiber optic network linking Vienna, Austria to the Internet, and has been spying on the roughly 17,000 diplomats stationed in the Austrian capital city, where several important international organizations are headquartered, including the Organization of Security and Cooperation in Europe, the International Atomic Energy Agency and Organization of the Petroleum Exporting Countries (OPEC)
Tech firms: Government's gag orders violate First Amendment(Dallas News) Court documents unsealed Friday show Google, Yahoo, Facebook and Microsoft are arguing that government gag orders that stop them from disclosing the number of national security requests they receive violate the companies' First Amendment right to free speech
11 arrested as Europol busts Bulgarian carding gang(Naked Security) A joint operation between French and Bulgarian law enforcement backed by Europol's European Cybercrime Centre (EC3) has brought down a carding gang operating out of Bulgaria and targeting victims in France and other European countries
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
3 Day Startup(San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...
CANSEC(, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.
Area41(, January 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester(Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
NSA SIGINT Development Conference 2014(, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...
AFCEA Presents: Insider Threat to Small Business(Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their...
The Device Developers' Conference: Scotland(Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
The 2014 Cyber Security Summit (DC Metro)(Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible...
MIT Technology Review Digital Summit(, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies...
Cyber 5.0 Conference(Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
Global Summit on Computer and Information Technology(, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer...
NRC Cyber Security Seminar/ISSO Security Workshop(Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.
2014 Spring National SBIR Conference(Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...
MeriTalk's Cyber Security Brainstorm(Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
Suits and Spooks New York(, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.