ISIS/Daesh adherents appear to be attempting collaboration toward cyber attack capabilities. Consensus among observers is that Daesh hasn't progressed beyond low-grade, script-kiddie levels, and that any serious offensive capacity remains aspirational. Still, their efforts will bear watching.
Elsewhere, Jammat-ud-Dawah, nominal charitable and political arm of the south-Asian Islamist group Lashkar-e-Taiba, barked an announcement that a "24/7" cyber operations cell has been established to hold Indian targets under threat.
Turkey continues recovery from the recent denial-of-service campaign it sustained. The government talks up its tighter security measures and reaffirms its commitment to building up a cyber security workforce.
Abode patches Flash Player in response to Huawei's discovery of a zero-day being exploited in the wild. Analysts regard the out-of-band patch worth immediate attention.
Researcher Chris Vickery has found data for 191 million registered US voters — essentially all of them — exposed online thanks to an "incorrectly configured database." No one really knows who's responsible, but early speculation points toward an unidentified customer of political campaign service provider NationBuilder.
A presentation at the Chaos Computer Club says flaws in payment communication protocols Poseidon and ZVT could compromise PINs and otherwise enable banking and payment fraud.
Widespread US adoption of chip-and-pin payment cards in 2016 is expected to shift cyber criminals toward card-not-present fraud, with the sharing economy most heavily affected.
Forbes reviews the "hottest cybersecurity startups" of 2015.
New Chinese anti-terrorist legislation is characterized as requiring firms to decrypt on demand. It's unclear how different this will prove to be from requiring backdoors.
Today's issue includes events affecting China, European Union, India, Iraq, Pakistan, Syria, Turkey, United States.
the CyberWire will be taking this Thursday and Friday off for the New Year holidays. We'll be back as usual on Monday, January 4.
Is the Turkish state ready to hire nerds for cyber wars?(Hurriyet Daily News) "From a military standpoint, it would be fair to say that a high-profile cyber weapon is the combination of a nuclear weapon, a biological weapon, a time bomb, an anti-radiation missile, special forces and a medieval sword"
Security Sense: When is a Leak a Hack — and Does It Even Matter?(WindowsITPro) Today I woke up to news of 191 million US voter records having made a public appearance somewhere online. At first glance this appeared to be the same old story: someone hacked into a system and dumped everything either publicly or via a reporter. Same old, same old. But then it took an unexpected turn — it wasn't a hacker (at least in the traditional sense) breaking into a system somewhere, it was someone who was referred to as a "researcher"
AVG Forcibly Installs Vulnerable Chrome Extension That Exposes Users' Browsing History(Softpedia) The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more. The vulnerability was discovered by Google Project Zero researcher Tavis Ormandy, who worked with AVG for the past two weeks to fix the issue
Data breach reaches Pantex workers(Amarillo Globe-News) The National Nuclear Security Administration has confirmed a federal data breach affected some employees at Pantex Plant, potentially leaking background investigation details, fingerprints, mental health and financial history information
Veterans' information potentially compromised(Statesman Journal) The Oregon Department of Veterans' Affairs (ODVA) mailed notification on Monday, Dec. 28, to 967 Oregon veterans whose personal information may have been compromised
USCG Cyber Command warns of ransomware threat(Marine Log) Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it — and occurrences have been cropping up in the maritime domain
Security Patches, Mitigations, and Software Updates
Security updates available for Adobe Flash Player(Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Flash Player Patch Fixes 0-Day, 18 Other Flaws(KrebsOnSecurity) Adobe has shipped a new version of its Flash Player browser plugin to close at least 19 security holes in the program, including one that is already being exploited in active attacks
How the Internet of Things Got Hacked(Wired) There was once a time when people distinguished between cyberspace, the digital world of computers and hackers, and the flesh-and-blood reality known as meatspace
Will IT security be different next year?(Help Net Security) It is that time of the year again where we delve into the back of the cupboard and dust off the crystal ball as we make our predictions for the year ahead
Top Board Priorities for 2016(Harvard Law School Forum on Corporate Governance and Financial Regulation) Organizations are faced with many critical challenges — including rapidly changing technology, environmental risks, regulatory and legal requirements, major shifts in markets, ethical breaches, and big data and cybersecurity issues — that threaten their long-term success and sustainability
Why One Cybersecurity Investor Says No Company Is Safe(PYMNTS) In March 2015, addressing a crowd at Innovation Project 2015, retired four-star General Keith Alexander, the former director of the National Security Agency, quieted the crowd with his rather sober reality of the future of cybercrime and cybersecurity
Upcoming trends in the SIEM market(Help Net Security) AccelOps identified the need for a convergence of today's disparate Network Operations Center (NOC) and Security Operations Center (SOC) departments, a shift to outsource to security service providers and a desire for tools that map and analyze network infrastructure from a single-pane-of-glass view into both network operations and security
5 ways developers can exploit geospatial tech in 2016(Venture Beat) Since the rise of geospatial technology, applications like Facebook, Uber, and Grindr (where I work), have enabled users to engage with their surroundings to connect with friends, book a room, or set up a date
Cyberthon welcomes student applications(Pensacola News-Journal) Like football players getting ready for a bowl game, Angela Irby's students at Pine Forest High School Cybersecurity Academy are gearing up for Cyberthon 2016, a competition where students act as information technology professionals fending off simulated hacker attacks
Lawmakers push for commission on encryption(The Hill) Congress should create a national commission to investigate the difficulties encryption has created for law enforcement, a bipartisan pair of lawmakers argued Monday in a Washington Post op-ed
A modest response to a real cyberthreat(Washington Post) "Omnibus funding bill is a Privacy and Cybersecurity Failure," the Open Technology Institute declared on Dec. 16 . "Last-Minute Budget Bill Allows New Privacy-Invading Surveillance in the Name of Cybersecurity," the Intercept blared. Why did Congress, in its massive year-end budget deal, slip in a measure that Gizmodo once called "the worst privacy disaster our country has ever faced"? Because it's not
Nonprofits assail IRS for charitable-giving rules(The Hill) Nonprofit organizations and charities are sounding the alarm about a new regulatory proposal from the IRS that would encourage them to collect the Social Security numbers of their donors
CES CyberSecurity Forum(Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers...
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.