IS (a.k.a. ISIS or ISIL — we begin using its most common name) continues to concentrate on information operations, which the US State Department begins to take on with its own IO campaign. State and IS seem to use much of the same content, expecting a different effect on (perhaps) different audiences.
Pro-Palestinian hacktivists count coup against Israel's Ministry of Education and McDonald's Indonesian sub-domain. Pakistan's discontents continue to fuel low-level cyber-rioting.
"Sources close to the investigation" say that Home Depot was infected by a variant of the BlackPOS malware that was responsible for last year's Target breach. Inspection of the code, and of Rescator's online carding black market, indicates conventional criminality, but oddly tinged with nostalgia for Soviet power and Libya's deposed Gaddafi regime as the criminals involved don a hacktivist fig leaf.
GREF's reappearance through a new OS X backdoor prompts retrospectives of the group's espionage campaign against the US defense industrial base.
New Zealand's Spark was the unwilling vehicle of a denial-of-service effort directed toward Eastern European targets last week.
Carnegie Mellon's SEI reports a list of Android apps vulnerable to man-in-the-middle attacks.
A self-described "genious" (sic) reveals a malicious Flappy Birds knock-off.
VPN passwords (and Google and Facebook authentication codes) have been found in an Android malware C2 server.
Commodification of malware in an efficient black market facilitates Chinese gangs' cybercrime.
The Healthcare.gov hack continues to occupy researchers' (and politicians') attention.
One critical patch is expected from Microsoft tomorrow.
NATO and Russia harden their respective cyber stances.
Today's issue includes events affecting Bangladesh, Brazil, China, European Union, Indonesia, Iraq, Israel, NATO, New Zealand, Pakistan, Palestinian Territories, Philippines, Russia, Syria, Ukraine, United States.
U.S. attempts to combat Islamic State propaganda(Washington Post) The stunning rise of the Islamic State militant group as both a battlefield force and an Internet juggernaut over the summer has given new urgency to a State Department effort to counter online militant propaganda with a U.S. messaging campaign
Home Depot Hit By Same Malware as Target(Krebs on Security) The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the same malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation
The Amazon.com of Stolen Credit Cards Makes It All So Easy(Bloomberg BusinessWeek) On Sept. 1, the website Rescator[dot]cc alerted customers to a big new batch of product about to hit its digital shelves. "Load your accounts and prepare for an avalanche of cash!" a post on its News page read
RAW DATA: Spark releases Q+A on outages, cyber-attack(National Business Review) Cyber criminals based overseas appear to have been attacking web addresses in Eastern Europe, and were bouncing the traffic off Spark customer connections, in what is known as a distributed denial of service (DDoS) attack
Spark rethinking defences after attack(Radio New Zealand News) Telecommunications company Spark says it is rethinking its defences after an online attack from overseas started crippling its internet users
Researchers compile list of Android apps that allow MitM attacks(Help Net Security) Around 350 Android apps that can be downloaded from Google Play and Amazon stores fail to properly validate SSL certificates for HTTPS connections, and thus open users to Man-in-the-Middle attacks if they use them on insecure and open networks, a researcher with the CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University warned
Chinese Cybercrime Soars as Tools are Traded Online(Infosecurity Magazine) The underground market for cybercrime products and services in China is booming, with both the number of participants and IM messages sent between those participants doubling last year, according to new research from Trend Micro
HealthCare.gov breached, injected with malware(Naked Security) Federal health officials have discovered that the woebegone US insurance exchange site HealthCare.gov was breached in July when an intruder uploaded malware with the apparent motive of using the system to launch cyberattacks against other sites
HealthCare.gov Breach: The Ripple Effect(InformationWeek) Hackers breached a HealthCare.gov test server, reportedly affecting no records, but the repercussions could spread across many medical organizations
Cryptographic Locker(Webroot Threat Blog) It seems as though every few weeks we see a new encrypting ransomware variant. It's not surprising either since the business model of ransoming files for money is tried and true. Whether it's important work documents, treasured wedding pictures, or complete discographies of your favorite artists, everyone has valuable data they don't want taken
Westport Police Warn Locals about Phishing Emails(Spamfighter) Westport-news.com reported on 28th August, 2014 stating that Westport Police are warning residents of Westport to be cautious of a scam email purporting to be from the Westport Town, Connecticut, New York City, US designed to steal credit-card data
Apple Plans to Extend 2FA to iCloud(Threatpost) In the wake of the iCloud photo theft scandal, Apple's CEO said the company plans to extend its two-factor authentication system to logins to the iCloud service from mobile device. The change will come when iOS 8.0 comes out later this month
Profit leads motives for malware engineers(Help Net Security) With mobile malware doubling year after year, NQ Mobile released new data and background information outlining the current threat landscape and projecting trends for the immediate future. Revealing details on infection rates and strains found around the world, the information demonstrates how such threats put sensitive data and bank accounts at risk
The Security Implications of Wearables, Part 1(TrendLabs Security Intelligence Blog) The Internet of Everything has given rise to new gadget categories in every electronics retailer shop. Smart wearables are rapidly becoming more commonplace than you think. While not everyone has Google Glass, you can bet that a lot of people have fitness trackers and even smart watches
The Security Implications of Wearables, Part 2(TrendLabs Security Intelligence Blog) In the previous post, we talked about the definition and categories of wearables. We will now focus our attention at possible attacks for such devices
Cyber Crime Means Business — Potentially Yours(Forbes) Christopher Skroupa: In previous discussions, you've mentioned the "shark fin effect," relating it to how executives perceive cyber threats. Tell us what you mean by this and why it is cause for concern. MacDonnell Ulsch: Over the years, the media has played a key role in shaping the perception of what constitutes a data breach
IBM Can Help Apple's Trust Issues but Blackberry Could Steal Share(Datamation) Apple can't be trusted. With the release of nude pictures of celebrities this is likely the same conclusion many of you are reaching today. In the end this is probably where IBM can provide the greatest value in their new partnership with Apple because IBM understands that, with an Enterprise, trust is likely the most important value a vendor can provide
Check Point's Customer Wins Impressive, Risks Persist(Zacks) Check Point is a well-known provider of information technology (IT) security solutions globally. Sophisticated cyber threats significantly affect financials, brands and reputation of enterprises. Consequently, cyber security is becoming a mission-critical, high-profile requirement. Check Point's wide experience in the security space and consistent delivery of such solutions will help it maintain and grow its market share
JPMorgan-to-Apple Data Scares Spur Israeli Stock's Surge(BloombergBusinessWeek) With each successive data breach scare that's hit corporate America in recent weeks, from JPMorgan Chase & Co. to Apple Inc. and then Home Depot Inc., the shares of an Israeli cyber-security giant have bounced higher
A Closer Look at the Google Domains Register(Lenny Zeltser on Information Security) Google's new domain registration service, Google Domains, is shaping up to be a capable, yet easy-to-use service, which will put pressure on traditional registrars to offer additional features, clean-up their user interface or drop prices
Mac Security Products Put to the Test(SecurityWeek) Two well known independent antivirus testing labs have published the results of tests performed on security products designed for devices running Mac OS X operating systems
IPC opens DDoS attack scrubbing center with Nexusguard(Telecompaper) Philippine DDoS mitigation services provider IP Converge Data Services (IPC), in partnership with internet security provider Nexusguard, has launched a locally hosted Distributed Denial of Service (DDoS) attack scrubbing center
PLDT unit beefs up defense vs cyber attacks(Philippine Star) IPC (IP Converge Data Services Inc.), a unit of dominant carrier Philippine Long Distance Telephone Co. (PLDT), is ready to put up another scrubbing center in the country to protect companies from malicious Internet attacks
Prevention, Detection and Response: A New Approach to Tackle APTs(Infosecurity Magazine) What was once a wake-up call for organizations is now an almost daily occurrence. Businesses are under cyber-attack and, according to experts, the cost of these incidents is on the rise. The Ponemon Institute recently claimed that the average cost of a reported breach has grown by 15 per cent, reaching an average of $3.5 million
Taking a Naked Selfie? Your Phone Should Step In to Protect You(New York Times) What should smartphone makers do about nude selfies? Should they encourage us all to point our phones away from our unclothed bodies — or should they instead decide that naked selfies are inevitable, and add features to their products that reduce the chance that these photos could get hacked?
Mobile forensics in a connected world(Help Net Security) In this interview, Andrew Hoog, CEO of viaForensics, talks about the forensic examination of mobile devices, the challenges involved with testifying at trials, and offers advice to those interested in working in the mobile security forensics field
8 of the Best Online Security Dashboards(TechieHOW) With new information security threats being discovered daily, having one resource that can display security related information in one convenient view can be a valuable resource. From showing information on latest threats, tools versions, news or real time attacks, that's what the following online dashboards deliver
Hackathon gears up for first round(Washington Square News) Registration for Capture the Flag, the NYU Polytechnic School of Engineering's annual hackathon, opened on Aug. 25 in preparation for the preliminary, online-only round of the competition. It will be held from Sept. 19 to Sept. 21
Russia Wants 'Hot Peace,' Not War(Council on Foreign Relations) The NATO summit has highlighted concerns over military deterrence against Russia in eastern Europe, but Western powers should be preparing for non-military disruptive actions from Russia, says expert Mark Galeotti. Such actions include support of political movements hostile to the European Union, the penetration of strategic industries, and potentially cyber-attacks via proxies, he says
Hack attacks spur calls for cyber insurance(The Hill) Lawmakers have been unable to pass legislation to deal with the stream of hacks at major stores and websites, but the government may be able to do some good by helping out the insurance market
Legal memos released on Bush-era justification for warrantless wiretapping(Washington Post) The Justice Department released two decade-old memos Friday night, offering the fullest public airing to date of the Bush administration's legal justification for the warrantless wiretapping of Americans' phone calls and e-mails — a program that began in secret after the 2001 terrorist attacks
Litigation, Investigation, and Law Enforcement
The Feds Found The Silk Road's Ross Ulbricht Thanks To A Leaky CAPTCHA(TechCrunch) You may have heard that the infamous Dread Pirate Robets AKA Ross Ulbricht's Silk Road was taken down thanks to a problem in his anonymous Tor server. Now, however, Brian Krebs has shown us just how the Feds found Ulbricht's server and, additionally, the pirate himself
Dread Pirate Sunk By Leaky CAPTCHA(Krebs on Security) Ever since October 2013, when the FBI took down the online black market and drug bazaar known as the Silk Road, privacy activists and security experts have traded conspiracy theories about how the U.S. government managed to discover the geographic location of the Silk Road Web servers
The two towers(Economist) Junk science is putting innocent people in jail
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Ground Zero Summit, Sri Lanka(Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.
Detroit SecureWorld(Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...
Cyber Attack Against Payment Processes Exercise 1(Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...
Build IT Break IT Fix IT: Fix IT(Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
Suits and Spooks London(London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...
NOPcon Security Conference(Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...
5th Annual Billington Cybersecurity Summit(Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...
SINET Global Summit(London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...
Cyber Attack Against Payment Processes Exercise 2(Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...
Global Identity Summit(Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...
Fraud Summit Toronto(Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...
Cloud Security Alliance Congress 2014(, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...
ICS-ISAC Fall Conference(Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...
Ft. Meade Technology Expo(Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...
The 2014 Cyber Security Summit(New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...
NYIT Cyber Security Conference(New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and...
Dutch Open Hackathon(Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation
St. Louis SecureWorld(, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
Rock Stars of Cybersecurity(Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...
VB2014(, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...
DerbyCon 4.0(Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...
BruCON 2014(Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...
ROOTCON 8(, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...
INTEROP(New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.