Observers continue to mull the import of Twitter's warnings that you-may-be-the-target-of- state-sponsored-attention, but reach no consensus.
As Russia deploys jammers to Syria, ISIS/Daesh retaliates indirectly against the ministrations of Anonymous, releasing personally identifying information of US personnel (not themselves, ex hypothesi, Anonymous adherents). European and American authorities begin prosecution of ISIS supporters for either recruitment or conspiracy. In the US, eyebrows rise over reports that the Department of Homeland Security explicitly excludes social media checks from its vetting of visa applicants. One of the San Bernardino killers is said to have left a lurid trail in her social media posts.
As the OPM hack is found to extend to accredited journalists, OPM's recently appointed "cyber czar" says he's worried that ISIS/Daesh may also be able to compromise the agency's data or networks.
One hears much of "actionable intelligence," but use cases have been surprisingly thin on the ground. But here's a developing story of one such case: British firm Moonfruit, which provides online services primarily for small businesses, has taken itself offline in response to indications that it may soon be targeted in a DDoS campaign. Moonfruit says it's taken this step to protect its customers, and that it will return after a security upgrade.
Other case studies surface in responsible disclosure, courtesy of researcher Chris Vickery, who finds two unrelated problems. The vendors' different responses are instructive.
The "Microsoft Word Intruder" crimeware kit gets an upgrade.
Joomla patches a remote code execution vulnerability being actively exploited in the wild.
Today's issue includes events affecting Afghanistan, Algeria, China, Egypt, European Union, France, Germany, Iraq, Jordan, Libya, Malaysia, Morocco, Nigeria, Norway, Pakistan, Qatar, Romania, Saudi Arabia, Syria, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States, and Yemen.
Twitter warns users the black helicopters are coming(CSO) I'm seeing in the news today that a subset of Twitter users have been receiving notifications that they may well be the targets of surveillance by nation state actors. Step one, let's all take a deep breath
New OPM Cyber Czar Worried About an ISIS Hack(Nextgov) The new cybersecurity adviser hired by the Office of Personnel Management after a Chinese-originated hack says he expects ISIS may ultimately pierce the agency's systems, too
MacKeeper User Database an Open Book(Threatpost) A trove of MacKeeper user data — some 13 million records — has been locked down after a researcher found an exposed and accessible database using a simple Shodan query
Hackers Likely To Target More Apple Devices in 2016(Top Tech News) The Apple ecosystem has managed to avoid suffering from many of the worst cybercrimes and exploits over the years. But that could soon change, according to a new report by technology security firm FireEye
Lack of cyber security draws hackers to hospital devices(Financial Times) Imagine if simply typing "password123" into a computer did not open your email account, but an internet-connected medical device responsible for feeding you drugs or monitoring your blood oxygen or insulin levels
John Halamka: Security work to increase in 2016(FierceHealthIT) Security threats have increased despite healthcare organizations expanded efforts to educate workers on the risks; security is a process that's never finished, Boston-based Beth Israel Deaconess Medical Center CIO John Halamka writes at his blog
FireEye up 2.6% on bullish Evercore coverage(Seeking Alpha) Evercore has launched coverage on FireEye (FEYE) with a Buy rating and $39 target. The launch comes a day after shares closed within a dollar of a 52-week low of $19.76, after having tumbled on Friday amid a market rout
Anti-Malware Vendor Market Share Still Dominated by Microsoft(Softpedia) Once every quarter, OPSWAT releases a market study detailing the popularity of various anti-malware solutions currently available on the antivirus market. As in previous years, Microsoft's Security Essentials ranked above its competition
Proofpoint Launches Industry's First Instagram Security Solution(CNN Money) Proofpoint, Inc., (NASDAQ:PFPT), a leading next-generation cybersecurity company, today announced the first solution that automatically identifies Instagram security threats, compliance violations and inappropriate content for removal. Proofpoint SocialPatrol™ performs advanced analysis of images, text and text embedded within images, enabling brands and compliance-aware organizations to monitor and eliminate posts and comments
Is Hadoop secure enough for the enterprise?(Help Net Security) An ever-increasing number of organisations are turning to big data to gain valuable insight that can be immediately acted on to increase revenue, lower operating costs, or mitigate risk
How Questions About Terrorism Challenge Bitcoin Startups(Forbes) In light of the recent attacks in Paris that led to the deaths of 129 Parisians, the European Union (EU) and other international powers, including the United States and Russia, have been gathering to discuss how to curb the threats of terrorism, specifically ISIS or ISIL
Research and Development
SnoopWall Receives Extensive Personal Computing & Mobile Security Patent(Digital Journal) SnoopWall, Inc., the world's first counterveillance security company, has been granted another strategic U.S. Patent for "Securing Data Gathering Devices," such as PCs, tablets, laptops, netbooks, notebooks, internet of things (iOT) devices and, most importantly, Smartphones
Read more: http://www.digitaljournal.com/pr/2775111#ixzz3uOuz8oso
Work Outlines Key Steps in Third Offset Tech Development(Defense News) The Pentagon hopes to use the next year as a testing ground for the theories behind the Third Offset strategy to lay the groundwork for the next 25 years of American dominance, Deputy Secretary of Defense Bob Work said Monday
E.U. set to agree new data privacy law with stiff penalties(Reuters via Business Insurance) A sweeping reform of fragmented laws governing the uses of personal data set to be agreed by the European Union on Tuesday will force companies to report privacy breaches to authorities or face stiff sanctions
White House calls for feedback on encryption debate(FierceGovernmentIT) In response to a petition that garnered more than 100,000 signatures and urges the president to support strong encryption technologies, the White House called for public comments on the subject Dec. 8
Policy Repercussions of the Paris Terrorist Attacks(Schneier on Security) In 2013, in the early days of the Snowden leaks, Harvard Law School professor and former Assistant Attorney General Jack Goldsmith reflected on the increase in NSA surveillance post 9/11
Statecraft in Cyberspace(Cipher Brief) Does the cyber domain call for a fundamentally different framework for achieving international order in the 21st century, requiring statesmen to critically rethink the art of statecraft?
CBO: Port Cyber Info-Sharing Bill to Cost $37M Over 5 Years(ExecutiveGov) The Congressional Budget Office estimates that the implementation of the proposed Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015 would cost the government $37 million over a five-year period ending 2020
National Guard plans cyber surge over next 3 years(FierceGovernmentIT) By the end of fiscal 2019, the National Guard will have 13 more cyber units spread across 23 states, according to a plan announced by the Army last week. Army and Air Force are working together to train and equip the cyber forces who will operate on Defense Department and state government networks
Secret US Policy Blocks Agents From Looking at Social Media of Visa Applicants, Former Official Says(ABC News) The State Department today said that "obviously things went wrong" in the visa background check for one of the San Bernardino shooters — comments that came in the wake of an ABC News report that said officials by policy generally do not check social media postings of applicants due to civil liberties concerns and therefore would not have seen purported evidence of Tashfeen Malik's radicalization online
Meet the new undisputed enforcer of cyberstandards(Washington Examiner) A legal bid to rein in the Federal Trade Commission's cybersecurity authority has ended in defeat for the business community, leaving the FTC as an undisputed enforcer of cyberstandards
Why Volkswagen Cheated(Newsweek) On December 10, Volkswagen Chairman Hans-Dieter Pötsch made a public admission: A group of the company's engineers decided to cheat on emissions tests in 2005 because they couldn't find a technical solution within the company's "time frame and budget" to build diesel engines that would meet U.S. emissions standards. When the engineers did find a solution, he said, they chose to keep on cheating, rather than employ it
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Program on Cyber Security Studies (PCSS)(Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
cyberSecure(New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.