The G20 summit convenes in Brisbane next week. If you bet on form, you'll take seriously Australian Signals Directorate cautions that the conference will draw much hacktivism and cyber espionage.
US officials sound unusually specific warnings about a Russian cyber threat to critical infrastructure, particularly utility ICS. The Sandworm team's repurposing of BlackEnergy is one aspect of the threat. TrendMicro sees recent developments as a "troubling" escalation of international tension in cyberspace.
Industry experts approach attribution of Operation Huyao phishing — it's from China, but whether it's run by criminals or intelligence organs (or some mix of both) remains unclear.
WireLurker Mac malware's command-and-control servers have been shut down. AlienVault has informed Palo Alto (which led WireLurker analysis) that earlier versions of the malware appear to have targeted Windows systems.
In separate incidents, hacktivists count coup in Mexico and Bangladesh.
Google notes that dangerous and persistent targeted malicious campaigns use skilled human operators rather than bots.
An unfortunate lesson from the JP Morgan hack: corporate social responsibility increases your attack surface, so by all means do good, but do so as securely as you do business.
Accuvant and FishNet Security announce their merger.
UK intelligence services are reported to have a cyber eye on lawyers arguing security cases.
In what Wired describes as "a scorched-earth purge of the Internet underground," Europol and the FBI sweep up hundreds of dark web sites and their operators. The police call the action "Operation Onymous," and it's taken down lots more than SilkRoad v2.
Today's issue includes events affecting Australia, Bangladesh, Canada, China, European Union, France, India, Japan, Mexico, Morocco, Russia, United Kingdom, United States.
Dateline Columbia, Maryland: the National Initiative for Cybersecurity Education conference
Welcome to the NICE Conference & Expo 2014(Federal Business Council) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices, educational programs and devices have emerged to deal with the cyber security issues that have become commonplace. In turn, the marketplace has responded by demanding a new workforce capable of taking on this challenge
Russian Cyberspies Caught With Mittens in Cyber Cookie Jar (TechNewsWorld) "It's quite troubling that geopolitical tensions are now escalating in a cybercontext," said Trend Micro Chief Cybersecurity Officer Tom Kellermann. "We've seen this with Iran. We've seen it with North Korea, and in a limited fashion, with the Russian regime in Estonia and Georgia. But what we're seeing now is a campaign of infiltration that's truly unprecedented"
Who's Behind Operation Huyao?(TrendLabs Threat Intelligence Blog) As previously discussed Operation Huyao is a well-designed phishing scheme that relys on relay/proxy sites that pull content directly from their target sites to make their phishing sites appear to be more realistic and believable
WireLurker not only threats iOS and Mac but Windows PCs too(TechWorm) Researchers at AlienVault has found a older version of WireLurker which uses Windows devices to spread. Jaime Blasco from AlienVault Labs who discovered this variant of WireLurker notified it to Palo Alto Networks Inc who then republished a new report on the Windows variant of this malware
Mexican Hacktivists #Riseup Against Internet Crackdown(Fusion) During the most recent Mexican Independence Day celebration, hackers initiated "Operación Tequila," posting a video on the Mexican Congress' official website accusing the government of treason and exhorting others to join the movement. The @MexicanH Twitter handle simultaneously released the email passwords of numerous congressmen
The Home Depot Reports Findings in Payment Data Breach Investigation(Home Depot) The Home Depot®, the world's largest home improvement retailer, today disclosed additional findings related to the recent breach of its payment data systems. The findings are the result of weeks of investigation by The Home Depot, in cooperation with law enforcement and the company's third-party IT security experts
Microsoft Ready with 16 Patch Tuesday Bulletins; 5 Critical(Threatpost) Microsoft today provided its Patch Tuesday advanced notification, giving IT managers a heads up about 16 bulletins that are scheduled to be delivered next week, including five rated critical for remote code execution and privilege escalation issues
Digicert Considering Certs for Hidden Services Beyond Facebook(Threatpost) News broke last week that Facebook had built a hidden services version of its social network available to users browsing anonymously via the Tor Project's proxy service. Unlike any .onion domain before it, Facebook's would be verified by a legitimate digital signature, signed and issued by DigiCert
FFIEC Cybersecurity Assessment(Federal Financial Institutions Examination Council) During the summer of 2014, Federal Financial Institutions Examination Council (FFIEC) members1 piloted a cybersecurity examination work program (Cybersecurity Assessment) at over 500 community financial institutions to evaluate their preparedness to mitigate cyber risks
Inside corporate privacy programs at Fortune 1000 companies(Help Net Security) The International Association of Privacy Professionals (IAPP) released a survey of corporate privacy programs at Fortune 1000 companies. The survey found that while corporate investment in privacy is likely to increase, many privacy leaders feel their programs are relatively nascent and want greater influence over corporate decision-making
Once More Into the Breach, Dear CISO(Dark Reading) The sad truth about CISOs is that they are seldom given power over security budgets or strategic IT decisions. To many C-level execs they exist to accept blame and are given little authority to effect change
When Cyber Hacks Teach — More Than They Take(Dr. Chaos) I'm sure we can all agree that hackers have posed a considerable threat to our privacy in the past, and are generally understood to be a nuisance. They're the reason we have numbers, capital letters, and utter gibberish in our passwords. They force us to install expensive software, think twice about opening emails, and have stolen millions of dollars from the largest, most secure corporations to date
AllSeen Alliance Announces Nine New Members; Expands Reach in Security, Smart Lighting, Networking(Marketwired) The AllSeen Alliance, a cross-industry collaboration to advance the Internet of Everything through an open source software project, today announced that nine new companies have joined the initiative — dog hunter, FengLian, ForgeRock®, INSTEON, MobilityLab, NETGEAR, Organic Response, Quanta Computer and VeriSign, Inc. With the addition of these new members the Alliance totals 80 companies and 12 sponsored members
Secure Channels Announces Strategic Alliance With Townsend Security(Marketwired) Secure Channels, with its patented encryption technologies, is a provider of Intelligent Encryption-as-a-Service security technology, today announced a strategic alliance with Townsend Security that will help customers meet data security compliance regulations and best practices
Norse Secures $1.9M Contract with U.S. Department of Energy to Protect Nation's Energy Infrastructure from Cyber Attacks, Teams with FireEye(MarketWatch) Norse, the leader in live cyber attack intelligence, today announced it has been awarded a $1.9 million contract with the U.S. Department of Energy (DOE) to provide the department with comprehensive live threat intelligence solutions, services and key integrations in support of the DOE's Cybersecurity Risk Information Sharing Program (CRISP) that is managed by the Office of Electricity Delivery and Energy Reliability. The contract calls for Norse to provide national critical-infrastructure owners and operators in the energy sector with live cyber threat detection, proactive mitigation and reporting capabilities. Norse will also provide the DOE with access to its cloud-based live attack intelligence solutions, including Norse DarkList™ and Norse DarkViking™
Qualys, Proofpoint, CyberArk, and KEYW follow FireEye lower(Seeking Alpha) Threat-prevention hardware/software/services upstart FireEye is down 14.9% after missing Q3 revenue estimates and offering slightly soft Q4 revenue guidance. The company's billings figures were better.Security tech peers Qualys (QLYS -2.5%), Proofpoint (PFPT -2.5%), CyberArk (CYBR -6.7%), and KEYW Holding (KEYW -2.2%) have joined the list of names selling off in sympathy. Palo Alto Networks and Barracuda Networks are also lower
Radware's Alteon Virtual Appliance (VA) Available on AWS Marketplace(IT Business Net) Radware® (Nasdaq:RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, today announced it is offering its Alteon Virtual Appliance (VA)® for Amazon Web Services (AWS) — a cloud-based application delivery controller — available as a "Pay as you Go" and a "Bring Your Own License" (BYOL) model on AWS Marketplace
Privacy Tools: The best encrypted messaging programs(Personal Liberty) Ever since former National Security Agency consultant Edward Snowden revealed mass governmental surveillance, my inbox has been barraged with announcements about new encryption tools to keep people's communications safe from snooping
Cyber-security guidelines for safer buildings(Engineering and Technology Magazine) The Institution of Engineering and Technology (IET) has warned about risks related to modern Internet-connected buildings and launched new guidelines to help owners protect their assets against hackers
3 Signs Your Employees Need Cybersecurity Training(Cyveillance) With the end of the year approaching, it's a great time to evaluate your employee training programs. Whether your organization has budget to spend now, or you are planning your 2015 budget, here are some signs you should invest in employee cybersecurity training
eMazzanti Technologies Sponsors HackNJIT Hackathon at New Jersey Institute of Technology(Virtual Strategy) eMazzanti Technologies, a New York City area IT consultant, finds itself among an impressive list of sponsors for the HackNJIT hackathon coming up this weekend at the New Jersey Institute of Technology (NJIT). The 24-hour competition, hosted by the College of Computing Sciences at NJIT and the Association for Computing Machinery, will feature more than 100 undergraduate students competing for cash prizes. Sponsors for the 2014 HackNJIT hackathon include eMazzanti Technologies, AT&T, Audible, Hearst Corporation and Merck
Legislation, Policy, and Regulation
Spy master prays for the return of Alan Turing(Phys.org) It was almost unheard of to accuse US technology companies of becoming "the command and control networks of choice" for terrorists. Yet today, headlines announce that Robert Hannigan, new director of GCHQ (Government Communications Headquarters, UK), has been doing just that
Crypto wars 2.0(Economist) Intelligence agencies and tech firms have little choice but to compromise
BR 14-125 Primary Order(Office of the Director of National Intelligence) A verified application having been made by the Director of the Federal Bureau of Investigation (FBI) for an order pursuant to the Foreign Intelligence Surveillance Act of 1978
Intelligence Agency GCs Seek Surveillance Transparency(Legal Times) Top intelligence agency lawyers said on Thursday that the U.S. government can do more to increase the transparency of surveillance activities that have drawn rebukes from the technology industry and the public at large after the revelations by former National Security Agency contractor Edward Snowden
Few cyber targets, so far, for Republicans' anti-regulation push(Inside Cybersecurity) A promised congressional Republican assault on the Obama administration's regulatory agenda will probably find few initial targets in the cybersecurity policy realm, although GOP control of Capitol Hill could lead to increased caution among would-be cyber regulators
Global Web Crackdown Arrests 17, Seizes Hundreds Of Dark Net Domains(Wired) When "Operation Onymous" first came to light yesterday, it looked like a targeted strike against a few high value targets in the Dark Web drug trade. Now the full scope of that international law enforcement crackdown has been revealed, and it's a scorched-earth purge of the Internet underground
Feds Arrest Alleged 'Silk Road 2' Admin, Seize Servers(KrebsOnSecurity) Federal prosecutors in New York today announced the arrest and charging of a San Francisco man they say ran the online drug bazaar and black market known as Silk Road 2.0. In conjunction with the arrest, U.S. and European authorities have jointly seized control over the servers that hosted Silk Road 2.0 marketplace
In Britain, Guidelines for Spying on Lawyers and Clients(New York Times) British spies have the authority to intercept privileged communications between lawyers and their clients — and may have illegally exploited that access in some sensitive security cases — according to confidential documents that were released Thursday
The Internal Revenue Service Does Not Adequately Manage Information Technology Security Risk-Based Decisions(Treasury Inspector General for Tax Administration) Risk-based decisions are made when the IRS wants to make an exception to its own policies and requirements based on suitable justification and a thorough assessment of evident and potential risks. For decisions related to the security of information systems, exceptions are allowed if meeting the requirement is 1) not technically or operationally possible or 2) not cost effective. When risk-based decisions are not made within the established guidelines, the organization may be accepting too much risk related to security of its systems and data. Consequently, taxpayer data may not be secured and may be vulnerable to unauthorized disclosure, which can lead to identity theft. Furthermore, accepted weaknesses may result in security breaches, which can cause network disruptions and prevent the IRS from performing vital taxpayer services, such as processing tax returns, issuing refunds, and answering taxpayer inquiries
Cyber fugitive John Gordon Baden arrested by the FBI(Examiner) On November 4, 2014, FBI announced the arrest of John Gordon Baden, 38, who was considered one of San Diego, California's FBI Most Wanted Cyber Fugitives. Baden was arrested on November 1, 2014, in Tijuana, Mexico, by officers from the Tijuana Municipal Police Department (TPD). Tijuana PD officers were working with FBI agents
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
THREADS Conference 2014(Brooklyn, New York, USA, November 13, 2014) A 2-day conference exploring state-of-the-art advances in security automation. We will present new research and innovations on integrating security into modern software development and operations, focusing...
US News STEM Solutions: the National Leadership Conference(San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow...
POC2014(Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...
RiseCON 2014(Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014(Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.
i-Society 2014(London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...
Seattle SecureWorld(Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
AVAR 2014(, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...
ZeroNights 2014(Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...
Cyber Security Awareness Week Conference(New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...
Ground Zero Summit, India(New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...
Deepsec 2014(Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...
BugCON(Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...
Navy Now Forum: Admiral Rogers(Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...
International Cyber Warfare and Security Conference(Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...
EDSC 2014(Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...
Cyber Security World Conference 2014(New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...
Ethiopia Banking and ICT Summit(Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...
BSidesVienna(Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto(Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5(Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.