ISIS opens up a new recruitment tool: a first-person shooter game, "Call of Jihad." An obvious "Call of Duty," knock-off, it remains to be seen how successfully gaming can bear the jihadist message. That message's expression can be complicated: see, for example, Brookings' thought on how it's refracted through social media.
Westchester County officials say it's news to them that the Feds detected Iranian probing of that small dam in Rye, New York. Their reaction suggests (unsurprisingly) that inter-government cyber threat information sharing may still suffer implementation issues.
Investigation into the Juniper backdoor now points toward a less-than-satisfactory random number generator once advocated by NSA. Cisco is inspecting its own code for similar issues (and finds none, so far) and observers expect other companies to undertake comparable self-examination.
The Spy Banker Trojan courses through Brazil via Facebook and Twitter accounts.
Joomla 2.3.7 is out, and includes important security patches.
You may soon see a new error code in your browser. Joining 403 ("Forbidden") and 404 ("Not found"), 451 will tell you that "legal obstacles" (essentially, if not exclusively, censorship) prevent you from viewing content.
Internet privacy, censorship, and surveillance rules are enacted or mooted in China, the EU, the UK, and the US.
As Christmas approaches, the Hello Kitty and VTech hacks give parents the willies. And security companies offer much holiday-specific advice. You should, for example, make sure that any old device you're replacing with a new gift is securely wiped before you sell, toss, or give it away.
Today's issue includes events affecting Australia, Bahamas, Brazil, China, European Union, Iraq, New Zealand, Syria, United Kingdom, United States.
The CyberWire will be taking Thursday and Friday off for the Christmas holidays. We'll be back as usual on Monday, December 28. In the meantime, our best wishes for the holidays.
Social media screening for terrorism needs multiple lenses(Brookings) Since the recent tragic terrorist attack in San Bernardino, California — where a radicalized Muslim couple gunned down 14 people at a holiday office party — much attention has been focused on the wife, Tashfeen Malik, a Pakistani national. She was allowed into the US in 2014 on a type of visa for people who plan to marry American citizens
A Hidden Insider Threat: Visual Hackers(Dark Reading) Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts
Security Patches, Mitigations, and Software Updates
Joomla! 3.4.7 Released(Joomla!) Joomla! 3.4.7 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability and one low level security vulnerabilities. We strongly recommend that you update your sites immediately
Yahoo to Warn Users of State-Sponsored Attacks(Threatpost) Yahoo has announced it will follow in the footsteps of Twitter and Facebook and begin warning users when it believes their accounts have been targeted by a state-sponsored actor
2015 Ransomware Wrap-Up(Dark Reading) Here's a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year
Seven astounding technology trends for 2016(SecurityInfoWatch) 2015 was a transformative year for technological innovation. 2106 continues that technology trend with more disruption in sight. Below is a short list of my predicted trends for the coming year
5 Data Breach Predictions for 2016(Legaltech News) In its third annual Data Breach Industry Forecast, Experian makes five sobering predictions based on recent events and new and emerging trends
Expect Phishers to Up Their Game in 2016(KrebsOnSecurity) Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it
Finance teams becoming involved in cyber risk mitigation oversight(Help Net Security) CFOs and their finance teams are toughening policies on suppliers and increasing insurance coverage as they are asked take on a larger role in defending their companies from emerging cyber risks, according to a new survey of Chartered Global Management Accountant (CGMA) designation holders
Products, Services, and Solutions
5 Big Improvements in Wireshark(eSecurity Planet) It's now even easier to use the open source Wireshark tool to analyze network traffic at the packet level, thanks to a recent upgrade
Two of the Most Important Pieces of Cyber Legislation Ever(Willis Wire) A bit like London buses — you wait for ages and then two come along — two of the most significant pieces of European legislation ever affecting cyber liability have been announced by the European Commission in the last week
Explaining U.S. Surveillance Law Protections for an EU Audience(Lawfare) In October, the European Court of Justice and its Advocate General struck down as unlawful the EU/US Safe Harbor, which since 2000 has been a major way that US-based businesses could comply with the relatively strict EU privacy laws. Concerns about the weak protections in the US surveillance system were a major basis for striking down the Safe Harbor
China says tech firms have nothing to fear from anti-terror law(Business Insurance) Technology companies have nothing to fear from China's new anti-terrorism law which aims to prevent and probe terror activities and does not affect their copyright, China's Foreign Ministry said on Wednesday, rebuffing U.S. criticism as unwarranted
Apple disses British surveillance bill(Deutsche Welle) Apple is opposing provisions in a draft UK law that would weaken online encryption by requiring built-in cyber "backdoors" for government spies. The US e-gadgets company says backdoors harm rather than help security
Keller Rohrback Investigates Hello Kitty Database Cyber Attack(BusinessWIre) Attorney Advertising. Keller Rohrback L.L.P. is investigating recent reports that the popular website SanrioTown[dot]com — the official website for Hello Kitty and other Sanrio (OTC Pink:SNROF) toy brands — fell victim to a cyber attack that left over three million users' personal information at risk. The majority of users are children
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CES CyberSecurity Forum(Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers...
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.