The threatened (and appallingly named) "electronic Holocaust" against Israel fails to produce much more, so far, than relatively easily contained and remediated cyber vandalism.
ISIS continues to recruit through social media: South African police are cracking down on local efforts.
The Guardian publishes an interesting interview with some of the people behind "Anonymous International," which you may know better under their Russian name, "Sholtai Boltai." Sholtai Boltai's the outfit that claimed coup against Russian President Medvedev and various oligarchs.
Indonesian hacktivists of "Indonesia Cyber Freedom" deface a United Nations subdomain. They claim a puritanical commitment to exposing security lapses as their motive, which seems a long way of saying "lulz."
Reports claim that Linux Australia has warned users of a malware infection in its servers.
A new Chrome hack is demonstrated.
Venafi warns that, while most big companies have patched for Heartbleed, they're still vulnerable because too many of them haven't also reviewed and revoked implicated certificates.
Bitglass completes an experiment in cyber criminology, setting fictitious personal information as hacker-bait and tracing the data's progress through the dark web. It concludes that the cyber black market is mature, accessible, and liquid.
Much of that black market is state-sponsored, or state-encouraged, or at least state-tolerated, according to some reporting in SC Magazine, which rounds up the usual suspects. (They're looking at you, Russia.)
The US Federal Aviation Administration delays a cyber security procurement as it investigates recent hack.
Mozilla updates Firefox.
Reuters claims attacks on critical infrastructure have been seriously underreported.
Today's issue includes events affecting Argentina, Australia, Chile, China, Indonesia, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Malaysia, Peru, Philippines, Russia, Singapore, South Africa, Syria, Thailand, Ukraine, United Arab Emirates, United Kingdom, United Nations, United States, Uruguay, and Vietnam.
Malware found in Linux Servers(eHacking) Linux Australia has requested his registered attendees of the organization conference of the last three years to change their to change their Passwords, aimed the possible breach of one of its Servers. The possible leaked information may include the First and Last names, Postal addresses, Emails, Paswards,Cell numbers according to the Linux President Joshua Hesketh
AwSnap! New Hack Can Crash Chrome Browsers of Mass Audience(Hacker News) Few weeks back, we reported how a string of just 13 characters could cause your tab in Chrome to crash instantly. However, there was an exception that this special 13 characters string was only working on Mac OS X computers with no impact on Windows, Android, or iOS operating systems
Bell's Default Password Policy Leaves Tens of Thousands of Users Exposed(Victor Stanchev's Blog) Long story short, Bell's residential modem/routers have weak default passwords that can be cracked in under a day. Few people change them, so tens of thousands of their customers are exposed to risk. To the best of my knowledge, they are not interested in fixing it
Hacking ATMs, Literally(KrebsOnSecurity) Most of the ATM skimming attacks written about on this blog conclude with security personnel intervening before the thieves manage to recover their skimmers along with the stolen card data and PINs. However, an increasingly common form of ATM fraud — physical destruction — costs banks plenty, even when crooks walk away with nothing but bruised egos and sore limbs
It's time to research new ways to fight DDoS attacks(CSO) Almost 1-in-5 (18-percent) of businesses experienced a distributed denial-of-service attack within a year-long timeframe, according to the Global IT Security Risks Survey 2014—Distributed Denial of Service (DDoS) Attacks from Kaspersky Labs and B2B International. The data applies to the period from April 2013 to May 2014. The survey's 3,900 respondents represented very small to very large companies from 27 countries
Bulletin (SB15-096) Vulnerability Summary for the Week of March 30, 2015(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Combatting the Human Element(Infosecurity Magazine) According to research from CompTIA, malware and hacking are serious concerns for nearly half of all companies; but, the human element in security trumps all — companies report that it's the largest factor behind security breaches
No shortcut to ensuring world-class online security in Asia-Pacific(Enterprise Innovation) According to the International Association of Chiefs of Police Centre for Social Media, it is estimated that consumers spend a staggering $272,000 per minute shopping online. In particular, e-commerce in Asia-Pacific is booming due to rising affluence of the growing middle class and their increased access to the internet
FAA delays procurement to respond to hack(FCW) The Federal Aviation Administration has postponed plans to seek a new cybersecurity services provider while the agency responds to a cyberattack, according to contracting documents
Lockheed Martin Implements Cost-Saving Cross-Domain Security Solution(HPCwire) Lockheed Martin staffs several government programs that manage high-performance computing (HPC) resources, including support and hardware, used by R&D contractors and scientists engaged in compute-intensive modeling and simulation research. In such an environment, there are multiple levels of security that must be respected by the systems in place
IoT groups ink collaboration deal on standards(FierceMobileIT) The Internet of Things promises great changes in the workplace and at home. But one obstacle to its widespread adoption is the lack of agreement on standards, with a number of groups competing to set the unified standard for IoT devices
Using different public online malware analyser tools(Vanimpe) Analyzing malware and extracting useful detection indicators (Indicators of Compromise, IOCs) for protecting your customers is a recurrent task if you do incident response. If you have your own malware analysis environment and you receive a suspected malicious file then uploading the file for processing and waiting for the analysis is one of the first steps in this process. However sometimes you have to rely on using different public online malware analyser tool for getting the results
How to stay safe online: CNET's security checklist(CBS News) It's always better to be safe than sorry. Especially when it comes to your personal information. Keeping your info secure online requires you to take more time and care, but what you lose in moments you'll surely make up in peace of mind
Collaboration and boundaries vital for new cybersecurity initiatives(CSO) Underscoring the seriousness of recent cyber-attacks, the Obama Administration is seeking to establish cybersecurity standards and enact new federal laws to cover cybercrimes. The common thread throughout these recent announcements has been the importance of collaboration among business and government sectors to stop cyber-attacks and strengthen national security. However, it remains to be seen which of these proposals, if any, will be enacted into law. It is equally uncertain whether the protections afforded to the business community will satisfy businesses, or take into account the practical issues that they face every day
Why security pros don't like Obama's proposal for antihacking law(Christian Science Monitor Passcode) The tech community has long called for reforming the 1986 Computer Fraud and Abuse Act for its overly broad language. But now many worry a White House plan to toughen the law will have a chilling effect on work to expose software weaknesses
Burr stumps for cyber bill(FCW) Sen. Richard Burr (R-N.C.) is trying to drum up public support for his cybersecurity legislation, the Cybersecurity Information Sharing Act of 2015. He used the Republicans' weekly speech on April 4, in the midst of a two-week break in the congressional session, to pitch his bill as a solution to the ongoing plague of large-scale cyberattacks that is compromising the personally identifiable information of millions of Americans
Should security providers be held liable for data breaches?(DNA) Black Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to "secure". The recent number of hacking incidents everywhere have made this a widespread issue and security professionals worldwide have voiced their opinions
Electronic Forensics Lab Aids Alabama Police Departments(Forensic Magazine) The new Joint Electronic Crime Task Force is headed up by the University of Alabama Police Department. Constant technological growth has created a new frontier in criminal investigations. Recognizing that, the University of Alabama, in partnership with area law enforcement agencies, has created a new electronic forensics lab that will allow the investigation process to speed up
10th Annual Cyber and Information Security Research Conference(Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...
Cyber Risk Wednesday: The future of Iranian cyber threat(Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...
Cyber Threats Masterclass(Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...
InfoSec Southwest 2015(Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
Cybergamut Tech Tuesday: Tor and the Deep Dark Web(Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
Cyber Security Summit: Industrial Sector & Governments(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...
Cyber Security Summit: Fnancial Services(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...
INTERPOL World 2015(Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...
Mid-Atlantic ISSA Security Conference 2015(Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...
IIT Cyber Forensics and Security Conference and Expo(Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...
RSA Conference 2015(San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference(Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.
Security Forum 2015(Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...
CyberTexas / CyberIOT(San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...
INTEROP Las Vegas(Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...
2015 Synergy Forum(Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.