Cyber rioting, some state-directed, some evidently done for the lulz, continues in the Middle East, with some spillover into the US.
State-sponsored cyber espionage continues to draw media attention. China's "cyber production line" seems evidence of collaboration among criminal gangs and security services. Gamma Group FinFisher lawful intercept product continues to leak from Germany even as Germany's Spiegel reports fresh allegations of GCHQ/NSA observation of German targets. Australia and New Zealand respond to leaks of Five Eyes surveillance.
JPMorgan cautiously reports there's no evidence that its customers were victims of fraud as the result of recent Wall Street hacks.
Home Depot alumni discuss the retailer's security practices, pre-breach. Trend Micro names point-of-sale ROM-scraping malware the "overnight sensation" of this year's retail breaches.
InformationWeek explains the significance of Dyre malware for cloud security.
Trend Micro finds a 64-bit version of MIRAS malware in a targeted attack against a European IT firm.
Belden reports that Dragonfly/Havex, first associated with attacks on the energy sector, is now sniffing around pharmaceutical companies.
InformationWeek offers a primer on electromagnetic pulse (EMP) and the risk it poses to electronics — said to be overblown. (Still, if EMP's threat spooks you, you can avail yourself of an EMP-hardened data center.)
Observers warn of "hybrid war" — an asymmetric form of conflict that combines both cyber operations with low-level kinetic combat.
Veracode and CyberArk prepare their IPOs.
US surveillance and intelligence policy continue their path in the absence of new doctrine or strategy.
Huawei and HP both face corruption allegations.
Today's issue includes events affecting Australia, Brazil, China, Croatia, Egypt, Finland, Germany, Iran, Israel, NATO, New Zealand, Palestinian Territories, Russia, South Africa, Ukraine, United Kingdom, United States.
The CyberWire's special coverage of the 5th Annual Billington Cybersecurity Summit in Washington, DC, on September 16, begins tomorrow. The Summit promises an interesting set of speakers and sessions. The CyberWire will also provide special coverage of the 2014 Cyber Security Summit, convening in New York on September 18.
Supporter of Anonymous Hacktivists Hacks Vodafone Egypt Sub-Domains(HackRead) A hacker going with the handle of 'Ali El Top' hacked and defaced two official sub-domains of Vodafone Egypt last Thursday (04/09/2014). Hacker left a message along with a deface picture of Anonymous hacktivists on sub-domains belonging to Vodafone's web hosting services for its customers
Former Home Depot Managers Depict 'C-Level' Security Before the Hack(Bloomberg BusinessWeek) Home Depot's (HD) in-store payment system wasn't set up to encrypt customers' credit- and debit-card data, a gap in its defenses that gave potential hackers a wider window to exploit, according to interviews with former members of the retailer's security team
PoS RAM Scraper Malware: The Overnight Sensation(Trend Micro Simply Security) There's a saying in show business that it takes years to become an overnight sensation. Point-of-Sale (POS) RAM Scraper Malware has arguably become the overnight sensation of cyberattacks this year. From Target and Neiman Marcus to Home Depot, PoS RAM Scraper Malware has become the malware story du jour
64-bit Version of MIRAS Used in Targeted Attack(TrendLabs Security Intelligence Blog) We have been investigating the MIRAS malware family, which was recently linked to attacks that targeted a Europe-based IT company. Our analysis shows that MIRAS, or BKDR64_MIRAS.B is a 64-bit malware that was used for the data exfiltration stage in a targeted attack. MIRAS is available in 32-bit (BKDR_MIRAS.B) and 64-bit (BKDR64_MIRAS.B) Windows operating systems
Cyber security pro: Finland under hybrid warfare attack(Yle Uutiset) Cyber security professor Jarno Limnéll says that hybrid warfare — wherein traditional and unconventional warfare methods are combined — is affecting Finns on a daily basis. The "attacks" are executed on the threshold of war and peace, and Limnéll says the most insidious form of hybrid war is the kind that operates undetected
Fortress finance pulls up the virtual drawbridge(BusinessDayLive) Western investors have largely shrugged off the military conflict in Ukraine, pushing global markets higher. But, deep inside some financial institutions and intelligence services, a debate is bubbling that investors should watch. This revolves not around boots and tanks but the cyber world
75% of mobile apps will fail basic security tests(Help Net Security) Through 2015, more than 75 percent of mobile applications will fail basic security tests, according to Gartner. Enterprise employees download from app stores and use mobile applications that can access enterprise assets or perform business functions, and these applications have little or no security assurances. These applications are exposed to attacks and violations of enterprise security policies
Secunia Vulnerability Review 2014(InfoWorld) Critical security vulnerabilities are on the rise and the sheer volume is staggering. This 2014 Security Vulnerability Report reveals data on global trends. Learn how the primary attack vectors are shifting, why there's an increase of vulnerabilities in Windows 7, and how to be on the watch for risks in PDF readers, browsers and the top 50 software applications
FireEye: Price Matters(Seeking Alpha) FireEye (NASDAQ:FEYE), an enterprise security provider, is a prime example of how price matters when buying a stock. One could probably have easily argued that the stock was overvalued at over $95 back in March, but what about now with the stock sitting at levels around initial trading following the IPO back last September?
Cisco, Check Point Gain Security Appliance Share(Investor's Business Daily) The security appliance market saw solid growth in the second quarter, with worldwide revenue up 7% and unit shipments up 5% year over year. The big vendors got bigger as the smaller players shrank in terms of factory sales, market research firm IDC reported Thursday
Check Point eyes local SME market(ITWeb) SMEs know they need security but don't want the headache of managing it themselves, says Doros Hadjizenonos, Check Point's sales manager for SA. Israel-headquartered security solutions provider Check Point Software Technologies is looking to tap into the South African SME market
ApplePay: The Security Pros & Cons(Credit Blog) ApplePay, the new mobile payments service introduced by Apple this week, could ultimately set the security and privacy benchmarks for digital wallets much higher
BitDefender and Kaspersky Antivirus — A comparison guide(STIX) You know where to look for new updates and features of a software program. But, many of us do not check latest news and information related to that software updates and features you are searching for, which is very important
How Boston Children's Hospital hit back at Anonymous(CIO via CSO) Hackers purportedly representing Anonymous hit Boston Children's Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That — and a little bit of luck — kept patient data safe
Emerging cloud threats and how to address them(Help Net Security) As organizations deploy and harness private, community and hybrid clouds, they encounter new types of threats, along with the old ones they've been battling for years
The Easy-to-Miss Basics of Network Defense(TrendLabs Security Intelligence Blog) Last month we released a paper on backdoor techniques which highlighted the importance of setting up your network properly to detect and block C&C communication. In this post, I will share some rules that IT administrators can proactively implement in order to set up "basic defense" for their network. I say basic here because these rules are not meant to cover all types of suspicious activity within the network — just some that I think are more likely to be missed
Are credential dumps are worth reviewing?(Internet Storm Center) It's been reported that around five million Gmail email addresses were released on to a forum early on in the week. In the file, next to each email address, was a password
Data Security Systems and the Prevention of Identy Theft(IP Watchdog) In the world of data security, 2014 will likely go down as one of the rockiest years in history. We have previously covered recent cyber attacks and data breaches at Target and Neiman Marcus, among others, as well as ways businesses can tighten up data security to prevent against breaches
Why Email Is Worth Saving(Dark Reading) What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is
Holder Says Private Suit Risks State Secrets(New York Times) In his first year in office, Attorney General Eric H. Holder Jr. put new limits on when the government could dismiss lawsuits in the name of protecting national security. Now, in what he has said is likely his final year, Mr. Holder has claimed broad authority to do just that in a case unlike any other
Huawei's Massive Bribery Exposed, Targeting Corrupt Officials?(New Tang Dynasty) Mainland Chinese media recently exposed millions of bribes in the business of Huawei Technologies Co. Ltd. 116 employees' involvement in the corruption was found at the leading telecommunications equipment company. Although some media said it's a rumor, the party mouthpiece not only reproduced the report of the corruption, but also published an opinion article saying corruptions of private enterprises need management from the outside. Huawei's CEO has a military and state security background. Is the explosion of the bribery case just a self-examination? Or is it the Chinese Communist Party (CCP) high level that wants to crackdown on "big tigers?"
Serial hacker pleads guilty to bank bitcoin blackmail(Naked Security) A 22-year-old with a lengthy history of convictions pleaded guilty last week to charges of blackmail and fraud, after threatening to reveal details of thousands of phished bank accounts if the bank involved refused to pay up
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Senior Executive Cyber Security Conference(Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...
Healthcare Cyber Security Summit 2014(San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
FloCon 2015(Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
Security Forum 2015(Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...
NOPcon Security Conference(Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...
5th Annual Billington Cybersecurity Summit(Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...
SINET Global Summit(London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...
Cyber Attack Against Payment Processes Exercise 2(Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...
Global Identity Summit(Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...
Fraud Summit Toronto(Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...
CSA Congress 2014 & IAPP Privacy Academy 2014(San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...
ICS-ISAC Fall Conference(Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...
The 2014 Cyber Security Summit (New York)(New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...
Ft. Meade Technology Expo(Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.