ISIS has long used Twitter and YouTube for recruiting, and it also draws significant donations from fundraising in social media. The US Treasury Department is working to disrupt that, as well as ISIS's use of conventional banking to collect, save, and move money. A whiff of ISIS's bad odor inevitably clings to Twitter, so it's worth remembering Twitter's positive role in 2009's Iranian dissent (a false dawn, but bright while it lasted).
The Pawn Storm cyber-espionage campaign shows what bad actors can achieve through social engineering. A sophisticated, patient organization (probably Russian, say some observers) did its homework, and the preparation paid off.
Microsoft's patches may have slowed Sandworm, but Sandworm seems to have regained its slither. Another recently patched set of vulnerabilities — these in Flash Player — is attacked in the wild: at least two exploit kits are available.
CryptoWall nearly destroyed an unnamed US not-for-profit recently. The ransomware continues its dangerous spread.
Another familiar malware family, the Backoff RAM-scraper, is also infecting machines at an increasing rate, this despite Backoff's very public prominence in retail data breaches.
Malvertising campaigns against commercial targets provide criminals with steady cash flow.
Cisco patches a Telnet remote-execution vulnerability. VMware fixes an information-disclosure bug in vSphere.
A new consortium forms to help franchise businesses with cyber security: DHS, NCSA, and IFA are in.
ESG sees a clear trend toward investment in "cybersecurity cavalry" as opposed to traditional network defenses.
Yesterday's attack on Canada's Parliament is thought to augur more extensive surveillance in that country.
Today's issue includes events affecting Australia, Canada, France, Iraq, Netherlands, Pakistan, Philippines, Poland, Russia, Syria, Turkey, Ukraine, United Kingdom, United States, Vatican.
CyberMaryland arrives in Baltimore next week, and the CyberWire will cover the conference with special issues and live tweets from the sessions. Watch for our coverage October 29 and 30.
Cyber Attacks, Threats, and Vulnerabilities
ISIS rakes in donations on Twitter(The Hill) The United States is "very focused" on disrupting the social media fundraising by supporters of the Islamic State in Iraq and Syria (ISIS), the Treasury Department said Thursday
Surprise! ISIL is using banks, and that makes it vulnerable(Quartz) We've long known that the Islamic State pulls in vast sums of money from oil sales, extortion, ransom, and donations — but it turns out that the group is also, somewhat improbably, using the international financial system to manage its money
Iran Protests: Twitter, the Medium of the Movement(TIME) The U.S. State Department doesn't usually take an interest in the maintenance schedules of dotcom start-ups. But over the weekend, officials there reached out to Twitter and asked them to delay a network upgrade that was scheduled for Monday night. The reason? To protect the interests of Iranians using the service to protest the presidential election that took place on June 12
Are You Vulnerable to Memory Scraping? (And What to Do About It)(Fishnet Security) The Target breach that first made news in late 2013 was facilitated using "memory scraping malware" called "BlackPOS" or "TrackR" running on the Point of Sale (POS) systems. While many pundits have given Target a hard time, claiming they were misconfigured or that PCI compliance did not result in adequate security for cardholders, the truth is sensitive data having permanence in memory is a very prevalent problem affecting many types of point of sale systems. Worse yet, there is no quick and easy solution
'Malvertising' Crooks Earn $25,000 A Day Attacking Yahoo And AOL Users(Forbes) Cyber criminals were making an estimated $25,000 a day by forcing a host of big name websites, including Yahoo YHOO +1.27%! finance and sports sites, The Atlantic and a real estate service belonging to AOL AOL +3.35%, to chuck malware at visitors' PCs. Though none of those sites were hacked, they were serving ads from compromised advertising networks, in an attack type known as "malvertising"
VBS worms: Still dangerous?(TechTarget) VBS worms were a top security concern in the early 2000s. Should enterprises still be worried? Nick Lewis explains
Personal information of almost 100,000 people exposed through flaw on site for transcripts(Washington Post) The personal information of almost 100,000 people seeking their high school transcripts was recently exposed on a Web site that helps students obtain their records. The site, NeedMyTranscript.com, facilitates requests from all 50 states and covers more than 18,000 high schools around the country, according to its Web site and company chief executive officer
Few vets use free credit monitoring after VA breaches(Military Times) Only about one in 25 veterans offered free credit monitoring in the wake of Veterans Affairs Department security breaches has signed up for the service, a figure that VA officials call disappointingly low
About the security content of QuickTime 7.7.6(Apple Support) This document describes the security content of QuickTime 7.7.6. This update can be downloaded and installed using Software Update, or from the Apple Support website. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website
Microsoft offers two-factor authentication in Windows 10(ITNews) Microsoft will bake two-factor authentication into its new Windows 10 operating system in an effort to avoid the data theft and systems break-ins that arise from the insecure single-password approach, the company said
Your business can't afford the cost of cyber crime(CSO) It's not a surprise that cyber crime is costly for organizations. The cost of any lost productivity, combined with the fallout of any compromised data, the impact to the organization's reputation, and the cost to clean up and recover from an attack all add up
How cybercrime and cybersecurity affects nations and geopolitics(Crowdstrike Adversary Manifesto) The Adversary Manifesto recently spoke with Shawn Henry, President of CrowdStrike Services about geopolitics and cybersecurity. Henry is a sought-after expert on cybersecurity who was formerly the executive assistant director for the FBI. While there, Henry boosted the organization's computer crime and cybersecurity investigative capabilities
Cyber security's "Doomsday Warning"(Microscope) Earlier this month, President Obama spoke of a devastating wave of cyber attacks that could soon strike the US in what Washington insiders are calling a "Doomsday Warning"
Cybersecurity help coming for franchises(The Hill) Two industry groups are teaming up to help franchise businesses learn about cybersecurity. The National Cyber Security Alliance (NCSA) — backed by companies such as Facebook, Google and Microsoft, as well as the Department of Homeland Security — will work with the International Franchise Association (IFA) on basic cybersecurity strategy
Angel Investing in Cybersecurity: Understanding the Technology(Mach37) In our White Paper "Angel Investing in Cybersecurity: Aligning With a Vertical Accelerator," we make the argument that by partnering with a vertical accelerator, angel investors can bridge the knowledge gap caused by the technical complexity of the cybersecurity market and establish the confidence needed to invest in it
The Laborers Who Keep Dick Pics and Beheadings Out of Your Facebook Feed(Wired) The campuses of the tech industry are famous for their lavish cafeterias, cushy shuttles, and on-site laundry services. But on a muggy February afternoon, some of these companies' most important work is being done 7,000 miles away, on the second floor of a former elementary school at the end of a row of auto mechanics' stalls in Bacoor, a gritty Filipino town 13 miles southwest of Manila
Force 3 Names Steve Scribner as New CFO(PRWeb) Force 3, delivering the best in federal security, collaboration, next-generation networking, and support solutions, today announced Steve Scribner as their new Chief Financial Officer
White Ops adds big-name security veteran(New York Business Journal) The ad-fraud detecting startup White Ops has added another senior-level veteran of the computer security industry to its team, hiring Eddie Schwartz as its first president and chief operating officer
Bricata, LLC Announces Management Team(Virtual-Strategy) Bricata announces the formation of its management team, bringing together nearly eight decades of combined cyber security, engineering, sales, and management experience
Products, Services, and Solutions
secunet wins PKI tender from the Norwegian Police(Biometric Update) Secunet has been awarded with a contract in which the Norwegian Police will use secunet's public key infrastructure as the basis to check electronic travel documents, as well as issue electronic passports and electronic residence permits in the near future
SolarWinds solutions approved for secure government deployment(Financial News) SolarWinds (NYSE: SWI) reported that multiple products are now certified under the Common Criteria for Information Technology Security Evaluation, an internationally recognized standard for computer security achieved through independent laboratory testing and evaluation
Blackthorn Technologies Launch Game-Changing Product Portfolio(Sys-Con Media) Blackthorn Technologies, a London-based software company, unveiled its new approach to product development today with the release of its first product from a new suite of software solutions aimed at large organisations who value data sensitivity and security
ESET bolsters flagship products(IT Web) Security solutions vendor ESET has unveiled the latest versions of its flagship security software products, ESET NOD32 Antivirus n8 and ESET Smart Security 8
Bitdefender Reveals Portable Adware Removal Tool(JBG News) Bitdefender has announced yet another way to keep you safe from the harmful viruses, adware, and malware available across the Internet, albeit with more of a focus on the adware aspect this time around. The security company has unveiled the Bitdefender Adware Removal Tool for PC. The tool is currently in the midst of its first public beta. The program will detect and remove and unwanted software from your computer, ensuring nothing harmful remains and you?re cleaned up perfectly
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely(Wired) Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it's no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet "anonymity" or "invisibility." And as with any panacea in a box, the quicker the fix, the more doubt it deserves
Shellshock a Fail for Security Disclosure(eSecurity Planet) Shellshock and the Xen vulnerability. One of these things is not like the other, and an expert says they can teach us a lot about how to disclose security vulnerabilities
Cyber resilience: Why networks matter(C4ISR & Networks) To encourage a more stable, safe and resilient cyberspace, President Obama issued Executive Order 13636 in early 2013, which called for the establishment of a set of security standards for critical infrastructure, including military operations
How to kill a troll(Naked Security) A new Pew Research Center survey on online harassment — the first such of its kind undertaken by Pew — confirms what most of us already know: the internet can be a vicious, frightening place, especially for young people, and most particularly so for young women
Do we really need strong passwords?(Naked Security) The idea that computer users should use long, complex passwords is one of computer security's sacred cows and something we write about a great deal at Naked Security
'Spam Nation' Publisher Discloses Card Breach(KrebsOnSecurity) In the interests of full disclosure: Sourcebooks — the company that on Nov. 18 is publishing my upcoming book about organized cybercrime — disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information
Experts Fret Cyber Risk to Electronic Health Records(National Law Journal) A cybersecurity framework for medical devices and health-care technology needs to be developed in a partnership between the government, manufacturers and health-care providers, officials from across the public and private sectors during a workshop convened by the U.S. Food and Drug Administration
House CISO Talks Threat Landscape, Challenges with Information Sharing(Wall Street Journal) Darren Van Booven, CISO of the U.S. House of Representatives, runs into many of the same technological challenges as CISOs of big companies. He sat down with CIO Journal on the sidelines of the SC Congress, an information security conference hosted by SC Magazine, this week to discuss how he approaches both insider and outsider security threats, the role of information sharing in the government, and the importance of the security product portfolio. Here are edited excerpts
New York Financial Regulator Shifts Agency's Focus on to Cyber Security(SC Magazine) New York's financial regulator said on Monday his agency will focus on cyber security over the next year, saying the possibility of a systemic attack to the financial system is one thing that keeps him awake at night. Benjamin Lawsky, superintendent of the Department of Financial Services for the state of New York said, "It is impossible to take it seriously enough
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Hack.lu 2014(arc Hotel Alvisse, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
ToorCon San Diego(San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?
FOCUS 14:Empowering the Connected World(Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...
FOCUS 14: Empowering the Connected World(Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...
Cybergamut Tech Tuesday: Software-Defined Networking Security(Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...
Cyber Security and IT Day at Fort Carson(Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...
Securing the Social Space(Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring...
USDA Cyber Security Symposium and Expo 2014(Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...
Cyber Job Fair(Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...
Cyber Security and IT Days at Peterson AFB(Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...
CyberMaryland 2014(Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
Dallas SecureWorld(Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
ekoparty Security Conference 10th edition(Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.