The Warsaw Stock Exchange suffered outages and an apparent breach at the end of last week. Hackers who claimed responsibility say they acted in sympathy with ISIS. ISIS itself, says F-Secure's Hyppönen, seeks to train its volunteers to conduct cyber attacks. The British Home Office has been stepping up cyber and information operations against ISIS, moved more by concerns over domestic radicalization than by the threat of direct cyber attack from the Islamic State.
Anonymous protests the IDF's fatal shooting of a teenager with attacks on Israeli government sites.
Elections in Ukraine have concluded in spite of the Putinist Cyber Berkut's disruptions of voting-related sites.
Cyber rioting continues in South Asia with widespread Pakistani ripostes against Indian sites.
Leviathan Security researchers find a rogue Tor exit node that's wrapping Windows executables in malware.
Enterprises continue to patch Shellshock. Criminals realize slow but steady success assembling botnets by attacking unpatched message transfer and mail delivery agents.
Retailers in North America and elsewhere shore up cyber defenses in anticipation of increased threats during the coming holiday season. There's bad news, however: Backoff infections rose 57% from August to September, and a new threat — this one to putative retail savior chip-and-PIN technology — called "Relay," has surfaced in Brazil and shows signs of spreading.
Abode begins encrypting user data from Digital Editions. Privacy advocates remain unhappy with Verizon's "permanent cookie" and worry that ApplePay's enabling technology itself poses irreducible privacy problems.
Samsung disputes an anonymous researcher's reports of vulnerabilities in its recently US-Government-approved Knox.
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, India, Iraq, Israel, NATO, Pakistan, Poland, Russia, Syria, United Kingdom, United States.
CyberMaryland arrives in Baltimore this week. Watch for CyberWire special issues and live tweets from the conference sessions, October 29 and 30.
Cyber Attacks, Threats, and Vulnerabilities
Hackers breach the Warsaw Stock Exchange(The Hill) Hackers breached the Warsaw Stock Exchange Thursday, exposing login credentials for dozens of brokers in apparent retaliation for the bombing campaign against the Islamic State in Iraq and Syria (ISIS)
ISIL sympathizer hits Warsaw Stock Exchange(Politico) The Warsaw Stock Exchange was apparently hacked by an attacker claiming to act in support of the Islamic State yesterday. The hacker posted logon credentials of brokers and other internal data apparently stolen from the computer network of the Warsaw Stock Exchange online, and the exchange's English language website also appeared to be inaccessible to users in the U.S
'Replay' Attacks Spoof Chip Card Charges(KrebsOnSecurity) An odd new pattern of credit card fraud emanating from Brazil and targeting U.S. financial institutions could spell costly trouble for banks that are just beginning to issue customers more secure chip-based credit and debit cards
Verizon's 'Perma-Cookie' Is a Privacy-Killing Machine(Wired) Verizon Wireless has been subtly altering the web traffic of its wireless customers for the past two years, inserting a string of about 50 letters, numbers, and characters into data flowing between these customers and the websites they visit
Staples Investigates Breach — Expert Comments(Information Security Buzz) Earlier this week, Staples announced that it is investigating a potential data breach at several of its northeastern-based stores. Here to comment on this potential breach are a number of experts in the information security field. Leading enterprises including STEALTHbits Technologies and Network Box USA are represented
57% increase in Backoff malware from August to September(Help Net Security) Damballa released a new report highlighting the extent to which malware infections, such as Backoff malware, are able to bypass network prevention controls. The report reveals the ongoing challenges faced by security teams in managing a mountain of security events and the positive impact of taking measures which can identify the true positives within these alerts
'Spear-phishing' tactics becoming more sophisticated(Federal Times) The email looks legitimate: It's from your office's IT department, or your bank, or the airline you recently booked a flight with. It's specific to you and it comes with an attachment that is as plausible as the email itself
Clueless Founder "Hacks" Jason Calacanis' Voicemail After Spoofing Phone Calls(TechCrunch) I don't like to bring up these little lapses of judgement (or, in this case, horrendous lapses of reason) but it's an interesting story and deserves at least a brief mention. An entrepreneur, who shall remain nameless, wanted Jason Calacanis and Tim Ferris to invest in his startup. Instead of emailing the two, the founder spoofed a phone call from Ferris to Calacanis, assuming that Calacanis would immediately pick up if his friend called
Security Patches, Mitigations, and Software Updates
Is this Unix's Code Red Moment?(CSO) Back in July 2001 two security researchers, Marc Maiffret and Ryan Permeh from eEye Digital Security, discovered the Code Red worm — a piece of malware that targeted Microsoft's IIS software and propagated wildly until it was stopped. It was followed by more vulnerabilities and threats until Microsoft was forced to launch its Trustworthy Computing initiative in 2002
Security Will Need Big Insight, Not Just Big Data(TechCrunch) In looking for new opportunities in security and many other sectors, we look for the echoes of the current IT mega-trends: cloud, mobile, big data. These trends, and especially the interactions between them, are dramatically changing security needs. Add to that the changing profile of would-be hackers — now a frightening mix of international organized crime and employees of enemy governments — and we see the potential for several new solutions that can each be the foundation of one or more successful companies
Retailers prepare for cybercrime offensive(The Star) Retailers are shoring up defenses against escalating hacking attacks but as threats multiply so do costs, with businesses increasingly factoring cybercrime into their prospects for growth
Gemalto Rides The Mobile Commerce Wave(Find Biometrics) The fortunes of the mobile payment and biometric security boom are beginning to trickle down to the rest of the digital security industry, if Gemalto is any indication
Company Profile for Intel Security(MarketWatch) McAfee is now part of Intel Security INTC, +1.50% With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence, Intel Security is intensely focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world
Sources of cyber intelligence from governments and academia(CTO Vision) Cyber intelligence is a growing discipline in the cybersecurity community, providing important information for cyber defenders in enterprises large and small. This post reviews key sources of cyber intelligence provided free from governments and academia
Turning Data into Threat Intelligence: A Case Study(BrightTalk) Many security professionals find it challenging to keep up with vast amounts of data from multiple sources without hiring additional analysts to analyze it and find what's most important. We'll be discussing this topic in our next webcast, as we present a case study of how Open Source Intelligence (OSINT) can help you better protect your organization, and how you can turn data into threat intelligence faster
Snapchat Photo Leak Shines a Light on Vulnerable Third-Party Apps(Cyveillance Blog) After a massive photo leak dubbed "The Snappening" exposed an estimated 200,000 images from Snapchat users, the company took to Twitter and their blog to make something clear: the attack was carried out against a third-party app, not Snapchat itself
Mysterious Statistical Law May Finally Have an Explanation(Wired) Imagine an archipelago where each island hosts a single tortoise species and all the islands are connected — say by rafts of flotsam. As the tortoises interact by dipping into one another's food supplies, their populations fluctuate
Scientific Community Blasts Microsoft for Closing of Silicon Valley Lab(IEEE Spectrum) "Dear Harry, Peter, and Jeannette," starts a letter dated 14 October. It sounds like a casual note to a few good friends — or at least familiar colleagues. And indeed, that's what the letter from more than 30 researchers from the U.S. computer science community to the leaders of Microsoft Research is
ASIC wants telco interception powers(ZDNet) The Australian financial regulatory agency that accidentally blocked 250,000 websites due to a lack of technical knowledge is now pushing to have the power to intercept telecommunications information to investigate financial crime
Domains, Budgets and Bureaucracies: Nukes, Space & Now — Cyber(Breaking Defense) Analysis of the Peloponnesian War is a standard of military and security studies curricula. Strategists had it relatively easy between the 5th century BC and the 19th century AD: land power versus sea power, but then things began to get complicated. In the 19th century "domains" — warfighting environments — began to expand
Peekaboo, I See You: Government Authority Intended for Terrorism is Used for Other Purposes(EFF) The Patriot Act continues to wreak its havoc on civil liberties. Section 213 was included in the Patriot Act over the protests of privacy advocates and granted law enforcement the power to conduct a search while delaying notice to the suspect of the search. Known as a "sneak and peek" warrant, law enforcement was adamant Section 213 was needed to protect against terrorism. But the latest government report detailing the numbers of "sneak and peek" warrants reveals that out of a total of over 11,000 sneak and peek requests, only 51 were used for terrorism
Temporary Restraining Order and Order to Show Cause Why a Preliminary Injunction Should not Issue(US Federal Trade Commission) Plaintiff, the Federal Trade Commission ("FTC" or the "Commission"), pursuant to Section 13(b) and 19 of the Federal Trade Commission Act ("FTC Act"), 15 U.S.C. §§ 53(b) and 57b, has filed a Complaint for Injunctive and Other Equitable Relief, and has moved ex parte for a temporary restraining order and for an order to show cause why a preliminary injunction should not be granted pursuant to Rule 65(b) of the Federal Rules of Civil Procedure
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Navy Now Forum(Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
FOCUS 14:Empowering the Connected World(Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...
FOCUS 14: Empowering the Connected World(Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...
Cybergamut Tech Tuesday: Software-Defined Networking Security(Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...
Cyber Security and IT Day at Fort Carson(Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...
Securing the Social Space(Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring...
USDA Cyber Security Symposium and Expo 2014(Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...
Cyber Job Fair(Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...
Cyber Security and IT Days at Peterson AFB(Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...
CyberMaryland 2014(Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
Dallas SecureWorld(Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
ekoparty Security Conference 10th edition(Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...
Senior Executive Cyber Security Conference(Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...
FS-ISAC EU Summit 2014(London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.