Australia's Bureau of Meteorology has sustained a cyber attack that officials say (without being able to state the specific damage) could cost millions to remediate. The Bureau of Meteorology is one of the country's biggest users of supercomputers, but it's thought that the Bureau was attacked as means of getting access to the real target: Australian defense networks. "It's China," say Australian officials on background. "Groundless accusations and speculation are not constructive," says a Chinese Foreign Ministry spokeswoman.
The US and China are currently holding follow-on talks to their recent cyber security summit. How the Australian incident will affect these talks remains unknown, but some reports claim US President Obama is "pressuring" Chinese President Xi on China's allegedly ongoing cyber attacks on US industrial targets.
Attacks on banks continue, as hacktivists and criminal extortionists expand their attentions to financial institutions in Greece, Russia, and the United Arab Emirates.
Anonymous persists in multitasking, attacking Thai police sites and releasing personal information on law enforcement personnel.
Japan's Minister Taro Kono, responsible for public safety, warns that Japanese critical infrastructure is vulnerable to cyber attack by ISIS.
Heimdal warns that the Angler exploit kit is distributing Cryptowall 4.0, a new strain of ransomware, in a drive-by campaign.
Huawei has announced that it will not fix its vulnerable WiMax routers. They may still be for sale, but the company says they're now "unsupported," won't be patched, and should be "discarded."
The cyber insurance market continues to sort itself out. Policies remain expensive, risks high.
Today's issue includes events affecting Australia, Belgium, Cambodia, Canada, China, European Union, France, Germany, Greece, Iraq, Japan, Netherlands, Russia, Spain, Syria, Thailand, United Arab Emirates, United Kingdom, United States, and Vietnam.
Dateline IoT Security Foundation Conference
The Inaugural IoT Security Foundation Conference(IoT Security Foundation) The inaugural IoT Security Foundation Conference is a one-day event and follows on from the popular IoT Security Summit held earlier in the year at Bletchley Park. Whilst the Summit looked at the problems with IoT security, this conference will look closer at the need for security, applications and what organisations should be doing to ensure a security first, fit for purpose and resilient approach
Top Five IoT Predictions for 2016(iotUK) 2016 is almost upon us, meaning it's time to reflect back on 2015, as well as look towards the future of the Internet of Things. Paul Egan, IoTUK Principal Consultant, shares his top five Internet of Things predictions
IoTUK launches(Digital Catapult Centre) IoTUK, a national programme designed to amplify the UK's Internet of Things (IoT) capability, has today launched as part of the Government's £40m investment in IoT. Powered by the Digital Catapult and the Future Cities Catapult, IoTUK will look to advance the UK's global leadership in IoT and increase the adoption of high quality IoT technologies and services throughout businesses and the public sector
Samsung's smart fridge could be used to steal your Gmail login(Fortune) In yet another example of a manufacturer of a connected product failing to secure said product, Samsung's connected fridge allows malicious people to steal a consumer's Gmail login credentials provided they can get on the user's Wi-Fi network
2015: Year of the healthcare security breach(FierceHealthIT) IBM is calling 2015 the year of the healthcare security breach, noting in a report that five of the eight largest security breaches in the sector occurred in the first half of the year
The State of Cyber Insurance(Insurance Thought Leadership) While cyber purchases are increasing broadly, given the rise in breaches, some industries, such as healthcare and utilities, lead the way
How much a data breach costs Canadian companies(Toronto Globe and Mail) Cyber Monday may be an annual boon to Canadian shoppers, but for the country's businesses, the cybersphere presents a daily headache in dealing with ongoing concerns over data and security breaches
Why Shares of Infoblox Inc. Soared on Tuesday(Motley Fool) The computer networking company handily beat analyst estimates for revenue and earnings, and also announced strong guidance that flew in the face of recent analyst downgrades
BioCatch adds to Board of Directors(Biometric Update) Behavioral biometrics, authentication and malware detection firm BioCatch, has appointed two new members to the company's Board of Directors: Gadi Maier, who will serve as the board's Chairman, and Howard Edelstein, who will serve as an independent director
Duo Feature Update: Helping Users Update Endpoints(Duo Security) Welcome to the future of endpoint management (well, almost): Every endpoint is up-to-date, users patch vulnerabilities on their own, and when a 0-day patch is available, users know what to do in order to fix their endpoints
CylancePROTECT™ Achieves HIPAA Security Rule Compliance Certification(Marketwired) Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent, rather than just reactively detect, advanced persistent threats and malware, today announced that CylancePROTECT™ has been certified 100 percent compliant with HIPAA/HITECH malicious software protection, detection and reporting requirements
Opinion: It's time to rethink polarizing encryption debate(Christian Science Monitor Passcode) The debate over encryption technology that intensified after the Paris attacks is dominated by cyberlibertarians on one side and law and order proponents on the other. But any resolution will require reframing the discussion and figuring out how to apply democratic controls to our digital infrastructure
Privacy bill adds safeguards to individuals' old e-mails and texts(Christian Science Monitor Passcode) The Email Privacy Act would replace the current Electronic Communications Privacy Act, a nearly 30-year-old e-mail privacy law that requires probable cause warrants only for searches of e-mails and text messages that are less than 180 days old
Cyber and EW: It's about effects, not missions(C4ISR & Networks) Across the military, the services are moving electronic warfare and cyberspace operations ever closer together as the two disciplines become increasingly intertwined, dependent on each other and a source of growing pains
Vietnam gives Kingdom encryption lessons(Phnom Penh Post) The Vietnamese military has begun training Cambodia police in cryptography and encryption techniques as part of a national plan to protect "state secrets"
A Giant Malware Sandbox Is Europol's Secret to Fighting Hackers(Motherboard) What do you do when there are so many cases of cybercrime utilizing a myriad of different types of malware, and you're the cop that has to dig through them all? Well, you build a massive system for automatically analysing malware from as many countries as possible, of course
FEMA eGrants system doesn't meet DHS IT security specs, says OIG(FierceGovernmentIT) The electronic grant management system used by the Federal Emergency Management Agency for the Assistance to Firefighters Grant does not comply with the Department of Homeland Security's information system security requirements, according to an internal watchdog
Gansler to lead Pa. porn email probe(AP via the Daily Record) A team of Washington-based lawyers will comb through thousands of emails on government computers in an independent examination of pornographic and other objectionable content shared among judges, prosecutors and others, Pennsylvania Attorney General Kathleen Kane said Tuesday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Risk Wednesday: 2016 Threat Landscape(Washington, DC, USA, December 9, 2015) To discuss how 2016 will likely challenge today's security thinking and what we can learn from the past year's developments and these trends, please join the Atlantic Council's Cyber Statecraft Initiative...
Energy Tech 2015(Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its...
Enterprise Security and Risk Management(London, England, UK, December 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most...
Cargo Logistics America(San Diego, California, USA, December 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference...
NG Security Summit US(Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network...
Program on Cyber Security Studies (PCSS)(Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...
Cyber Security Breakdown: Washington DC(Washington, DC, USA, December 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Cloud Security Alliance Summit Los Angeles 2015(Los Angeles, California, USA, December 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise...
2015 Cyber Security Exchange(Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns,...
Disrupt London 2015(London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt?...
Passwords 2015(University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.
ACSAC (Annual Computer Security Applications Conference)(Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security...
NSA RCTCON(Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
cyberSecure(New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.