A major false alarm — Turkey's widespread power blackout apparently was not, as early reports blared, the result of a cyber attack — rattled users of the European electrical grid at midweek. While the disruption was contained and remediated, observers warn that power grids throughout the developed world remain vulnerable to cyber attack. Their warnings also have broader application to ICS/SCADA networks.
Israeli sources, led by Check Point, continue to point to Lebanon as the source of the Volatile Cedar espionage campaign. Attribution wavers between the Lebanese government and unnamed "political groups."
The Laziok reconnaissance and industrial espionage Trojan Symantec reported this week is decidedly not a cutting-edge tool, but that doesn't matter. It's been able successfully to exploit a flaw in Windows Active X Control that was patched back in 2012. This highlights, of course, the importance of patching, and of keeping systems up-to-date. (Coincidentally, NetMarketShare reports that Windows XP — support for which ended on April 8, 2014 — still has more users than its Windows 8 successor, which is hardly good news from the herd immunity point-of-view.)
The denial-of-service attack that began afflicting GitHub last week, now by consensus attributed to the Chinese government, might have been mitigated by more widespread use of https (or so says the Electronic Frontier Foundation).
Several reports track trends in cyber criminal markets.
In industry news, CipherCloud buys Anicut Systems, CACI acquires LTC Engineering Associates, and Motorola Solutions buys PublicEngines.
President Obama's "national emergency" Executive Order on sanctions for cyber attacks draws foreseeably mixed reactions.
Today's issue includes events affecting Algeria, Belgium, Denmark, Estonia, European Union, Finland, Germany, Ireland, Latvia, Lithuania, Morocco, Norway, Sweden, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States.
Texas Electric Grid Vulnerable To Cyber-Attack(KEYE TV) The warnings are getting louder and louder. "It's not a question of if," said Chris Humphreys with The Anfield Group. "It's a question of when." Energy security experts say the grid is vulnerable
Inside the rickety, vulnerable systems that run just about every power plant(IT World) In 1982, at the height of the Cold War, a vast explosion, visible from space, lit up Siberia. NORAD and others in the U.S. defense establishment worried: was this a nuclear test, or a missile being launched from a region where nobody had suspected that missies were stored? But no: it turns out the explosion, one of the largest non-nuclear blasts ever created, came from a remote area of the new Trans-Siberian Pipeline. And according to Thomas C. Reed, a U.S. National Security Advisor at the time, it was an audacious act of sabotage by U.S. intelligence
Unsophisticated Trojan Malware Targets Middle East Energy Companies: Symantec(International Business Times) Cybersecurity specialist Symantec has exposed a new kind of malicious software that is being used as part of an ongoing international espionage campaign. The malware, dubbed Trojan.Laziok, has primarily targeted energy companies in the Middle East, though who first deployed it remains unclear
Pin-pointing China's attack against GitHub(Errata Security Blog) For the past week, the website "GitHub" has been under attack by China. In this post, I pin-point where the attack is coming from by doing an http-traceroute
'Revolution' Crimeware & EMV Replay Attacks(KrebsOnSecurity) In October 2014, KrebsOnSecurity examined a novel "replay" attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards. Today's post looks at one service offered in the cybercrime underground to help thieves perpetrate this type of fraud
NewPosThings Has New PoS Things(TrendLabs Security Intelligence Blog) Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area — namely, versions for 64-bit and higher
Angler Exploit Kit — Recent Traffic Patterns(Internet Storm Center) Angler exploit kit (EK) has changed URL patterns (again) during the past month. I infected a Windows host so we can take a closer look. Let's see what Angler has been up to. First, here are the Angler EK URL patterns noted in traffic from an infected host
Caution! New SMS scam!(Panda Media Center) We have seen many scams involving text messages, the most recent one in Spain a few days ago; crooks sent innocent users this SMS
Is it safe to use public Wi-Fi networks?(Network World) Wi-Fi has significantly changed the way we work and play, enabling us to interact with the digital world from anywhere in the physical world. Furthermore, free Wi-Fi access is on the rise, from local coffee shops to international restaurant chains. However, the convenience of free Wi-Fi comes with some real threats, from computer viruses to identity theft
Security Patches, Mitigations, and Software Updates
Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37(Threatpost) Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don't support HTTPS
Stable Channel Update(Google Chrome Team) The stable channel has been updated to 41.0.2272.118 for Windows, Mac and Linux. A partial list of changes is available in the log
CACI International (CACI) Announces Acquisition of LTC Engineering Associates(Street Insider) CACI International (NYSE: CACI) has acquired LTC Engineering Associates, Inc., a highly specialized provider of technical engineering solutions and services to the Intelligence and Department of Defense communities in the areas of software engineering, cybersecurity, signals intelligence (SIGINT) and communications intelligence (COMINT), and digital signals processing
Cybersecurity Leader Qualys Posts Superb Earnings Growth(Investor's Business Daily) Shares of Qualys (NASDAQ:QLYS) have been pulling back in what is now looking like a new base for the computer security leader. The stock has been consolidating for nearly four weeks since peaking at 50 on March 5. It's also possible to interpret the chart as a seven-week-old base because the stock hasn't made a new weekly closing high in that period
Why I Prefer Fortinet To Palo Alto Networks As A Long-Term Holding(Seeking Alpha) Shares of cyber-security solutions providers Fortinet and Palo Alto Networks have been doing very well over the past 12 months. This has mainly been orchestrated by the high demand for reliable cyber-security solutions driven by a record number of data breaches being witnessed across diverse industries. Which company is the better long-term prospect?
Fortinet Further Invests in the Middle East region(Zawya) Fortinet® (NASDAQ: FTNT) — a global leader in high-performance cyber security — today announced that it has moved to a new and larger office and at the same time opened a unique Technical Assistance Center in Dubai, UAE
The top cloud providers for financial services(ZDNet) Stringent compliance rules and potential security breaches might make cloud seem too risky for financial services. Don't overlook the benefits cloud providers can offer your firm
CYREN (CYRN) Cybersecurity Tech Selected for Use by Mitsubishi, Siemens Joint Venture(Street Insider) CYREN (NASDAQ: CYRN) announced that UK-based Primetals Technologies, a joint venture by Mitsubishi Heavy Industries, Ltd. (MHI) and Siemens AG, selected CYREN's cloud-based cybersecurity technology to provide real-time protection from advanced cyberattacks, zero hour malware outbreaks, and hard-to-detect email threats, including viruses, phishing, spam and spyware
Vidsys Innovates Software Platform to Converged Security and Information Management(Marketwired via Sys-Con Media) Vidsys, a top global provider of enterprise Physical Security Information Management (PSIM) software, announced today the next stage of evolution of its award winning, web-enabled software platform, to include the convergence of physical and cyber security along with information management solutions
Technologies, Techniques, and Standards
Do Threat Exchanges Work?(eSecuirty Planet) Sharing intelligence on security threats is an old idea getting new cred, thanks to Facebook's new Threat Exchange. But how well do such exchanges work?
Info governance committees could be strategic mistake(FierceContentManagement) You know the drill; you've seen it a thousand times. Whenever a company-wide initiative hits the planning stages, committees are formed, meetings are held and every component of the new strategy is discussed to death. Information governance committees are no different but IG attorney Linda Sharp says its time to turn that approach on its head
To Respond to Targeted Attacks, You Must Detect the Unseen(Trend Micro: Simply Security) If you have not done so already, go play Targeted Attack: The Game. As of late, this is the reason why I ponder earth shaking questions such as the connection between the two inanimate objects you see above and targeted attacks. However, my hope is that after breezing through a few paragraphs, you will come to the following conclusion: Those who would perpetrate a targeted attack do not play by a set of predictable rules. To win 'the game,' you need to be able to detect things you would otherwise not see
Design and Innovation
Students Build Open Source Web-Based Threat Modeling Tool(Threatpost) Threat models help application developers answer some fundamental questions about potential risks and how to cut off vulnerabilities before they're put into production. Some software development lifecycles, however, don't include threat modeling as part of the code-building process because they've either never heard of it, or the process is too difficult
Advanced Analytics for the Masses(Wall Street Journal) Amplified intelligence extends the benefits of advanced analytics to drive operational efficiencies and improve decision-making throughout the enterprise
AACC cybersecurity program recognized(Capital Gazette) The National Security Agency and the U.S. Department of Homeland Security designated Anne Arundel Community College as a National Center of Academic Excellence for Information Assurance and Cyber Defense
Legislation, Policy, and Regulation
Our Latest Tool to Combat Cyber Attacks: What You Need to Know(The White House Blog) For the first time, President Obama is giving our country a new tool to combat the most significant cyber threats to our national security, foreign policy, or economy. It's an important step, and many people may be wondering how it will work. Take a look at a few answers to some questions you may have on how the President's latest Executive Order will bolster our cybersecurity
Opinion: Sanctions may be Obama's best idea yet to battle cyberattacks(Christian Science Monitor Passcode) Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks
Obama Emergency Cyber Sanctions 'Another Salvo In War On Legitimate Hackers'(Forbes) Unconvinced by President Obama and the government's promises to protect security researchers, professional hackers have expressed concern the "cyber" sanctions announced today by the US administration could, perversely, be used to punish those trying to protect the country. They're also not sure about the need to call a "national emergency" as a result of digital attacks on the nation
House chairman: Obama order reveals 'piecemeal' cyber plan(The Hill) President Obama's executive order authorizing more sanctions on cyberattackers is a small move that doesn't cover up the lack of a comprehensive plan to countering cyber crooks, House Homeland Security Committee Chairman Michael McCaul (R-Texas) argued Wednesday
U.S. Army Builds Cyber Branch One Step at a Time(SIGNAL) The U.S. Army's newly created cyber school is prepared to accept its first class of second lieutenants this summer followed by enlisted personnel and warrant officers. The historic first class signifies a significant first step toward building the service's new cyber branch
Silk Road Boss' First Murder-for-Hire Was His Mentor's Idea(Wired) The allegation that the Silk Road's Dread Pirate Roberts attempted to pay for six murders has loomed over the story of that massive online drug market. How could the pseudonymous figure preaching non-violent, libertarian ideals stoop to commissioning the paid killings of half a dozen people?
Coast Guard Intelligence Industry Day(Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...
10th Annual Cyber and Information Security Research Conference(Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...
Cyber Risk Wednesday: The future of Iranian cyber threat(Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...
Cyber Threats Masterclass(Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...
InfoSec Southwest 2015(Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...
Cybergamut Tech Tuesday: Tor and the Deep Dark Web(Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
Cyber Security Summit: Industrial Sector & Governments(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...
Cyber Security Summit: Financial Services(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...
INTERPOL World 2015(Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...
Mid-Atlantic ISSA Security Conference 2015(Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...
IIT Cyber Forensics and Security Conference and Expo(Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...
RSA Conference 2015(San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference(Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.
Security Forum 2015(Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...
CyberTexas / CyberIOT(San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...
INTEROP Las Vegas(Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...
2015 Synergy Forum(Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.