The US State Department acknowledges that unnamed hackers reported earlier this year may indeed, after all, have made off with sensitive information.
Today, of course, is Anonymous's "Troll ISIS Day." Much as one might wish them success at holding Daesh up to mockery, the virtuous trolling doesn't seem to have shown the Caliphate much. The closest Anonymous gets to a rave review is PC Magazine's "this isn't entirely feel-good slacktivism." Much of what's visible — and it's not exactly breaking the Internet — is promulgated under "#Daeshbag" and consists largely of depicting jihadists in unflattering, defeated, or debased postures.
Busy as the hacktivist collective's been with ISIS, they've still had time to deface sites belonging to Japan's Prime Minister Abe (for whaling) and American real estate mogul cum presidential aspirant Trump (for anti-Muslim remarks).
ZScaler has information on the Spy Banker Trojan that's infesting Brazilian networks.
FireEye finds the Angler exploit kit lurking in a 2011 Guardian story about cyber crime, and it's also appeared in sites susceptible to a recently disclosed WordPress vulnerability. Heimdal offers an overview of Angler adapted to non-technical readers.
Malwarebytes runs a useful account of Chimera, an unusual bit of crimeware in that it combines file encryption (as in familiar ransomware) with doxing functionality (threatening to publish victims' files if they don't pony up).
Cyber criminals are changing tactics to cut their costs — they only need what works, and that doesn't necessarily require the exotic or expensive.
Bitcoin's Satoshi Nakamoto remains as airborne and elusive as ever.
Today's issue includes events affecting Australia, Brazil, Czech Republic, Finland, France, Germany, Iraq, Japan, NATO, New Zealand, Switzerland, Syria, United Kingdom, United States.
Anonymous Hacker Group Claims It Hit Abe's Personal Website(Wall Street Journal) Japanese police are investigating after the hacker group Anonymous apparently claimed responsibility Thursday for a shutdown of Prime Minister Shinzo Abe's personal website, Chief Cabinet Secretary Yoshihide Suga said
WP Engine Hacked — Customers Exposed(Check & Secure) WordPress is great. The web publishing software has opened up a new world for hobby bloggers, companies and budding online entrepreneurs alike. It's plug and play functions have spawned a new substrata of companies who provide services linked to the site. Theme designers, plugin developers, WP hosters and many more besides. Unfortunately, some of the companies surrounding WordPress are slightly lax with regard to their security
My Talking Tom offers up naked selfie ads to kids(Naked Security) My Talking Tom, heralded as the "world's most popular cat" by the maker of the Android and iOS children's app, is a fully animated, interactive 3D character that users can tickle, poke, play with, spend parents' money to customize, get to repeat what they say, force to sing a pimple-themed version of Lady Gaga's My Poker Face, and induce to dance Gangnam style
Only 5% of organizations protect credentials(Help Net Security) In order to find the riskiest industries in the cloud, CloudLock analyzed 10 million users, 1 billion files, and over 91,000 applications, focusing on and breaking down risk in the Retail, Manufacturing, Healthcare, Financial Services, K-12, Higher Education, Government, and Technology industries
The impact of data breaches on customer loyalty(Help Net Security) Nearly two-thirds (64%) of consumers worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen
Top 6 Venafi 2016 Cybersecurity Predictions: More Encryption Equates to More Attacks on Trust(Venafi Blog) Venafi 2016 cybersecurity predictions include an increase in attacks that misuse keys and certificates. Cybercriminals will use keys and certificates to hide in encrypted traffic, conduct MITM attacks, and make phishing sites and malware appear trustworthy. In 2016, most organizations will fall victim to an attack on trust — one that impacts keys and certificates
2015: The Year Hacking Got Personal(Cisco OpenDNS Blog) Following the Ashley Madison hack in July 2015, Troy Hunt — the security expert who runs HaveIBeenPwned.com — started receiving inquiries and pleas from people worrying about whether or not their names and e-mails would be found in the database hackers published online
How does government cloud security stack up?(GCN) What: "Riskiest Industries in the Cloud," a new report from Cloudlock that analyzes anonymized usage data from the 10 million users, 1 billion files, and over 91,000 applications the company monitors
Wynyard shareholders approve $30 million private placement(National Business Review) Wynyard Group [NZX: WYN] shareholders have passed a resolution to raise at least $30 million from a number of strategic investors to enable the security software firm to cash in on increased demand for ways to combat cyber, terrorist, and organised and transnational crime
Cylance Named by CRN Magazine as One of the 10 Coolest Security Startups of 2015(Virtual Strategy Magazine) Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent, rather than just reactively detect, advanced persistent threats and malware, announced today that it has been named to CRN Magazine's 10 Coolest Security Startups of 2015
Distil Networks Rounds Out Executive Team with New Hires(PRWeb) Distil Networks, Inc., the global leader in bot detection and mitigation, today announced it has made three new executive hires. Matt Hibbard has joined as Chief Financial Officer, Kent Rounds has joined as Executive Vice President of Sales and Jason Hollander has joined as Vice President of Customer Success
When APIs and DevOps Meet Cybersecurity(Network World) Center of gravity will flow to middleware and cybersecurity process expertise as software integration proliferates in the enterprise cybersecurity market
DARPA on the hunt for 'early warning' cyberattack detection technology(FierceGovernmentIT) The Defense Advanced Research Projects Agency will bring together potential proposers on Dec. 14 to give industry more information on its cyber threat monitoring needs in advance of forthcoming solicitations under a broad agency announcement known as the Rapid Attack Detection, Isolation and Characterization, or RADICS, program
CLPO discusses how to balance national security, privacy in an increasingly transparent world(IC on the Record) At a recent presentation to University of Texas students and faculty, the Civil Liberties Protection Officer for the Office of the Director of National Intelligence (ODNI), Alexander Joel, discussed the intelligence community's efforts to balance the protection of national security with the protection of privacy and civil liberties in an open and transparent democracy
Retired Admiral Recommends Creation of a U.S. Cyber Force(Seapower) Two retired senior flag officers with vast command experience have recommended significant changes in the Defense Department's command structure to improve operational performance, including putting the chairman of the Joint Chiefs of Staff (CJCS) in the chain of command, consolidating some regional combatant commands and creating a U.S. cyber combatant command or even a separate cyber force
Satoshi Gulch(TechCrunch) Satoshi Nakamoto doesn't exist. He is not one person. He is not even controlled by a single entity
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Program on Cyber Security Studies (PCSS)(Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...
ACSAC (Annual Computer Security Applications Conference)(Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
cyberSecure(New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.