AFP reports that, after realizing considerable information operations success online, Islamist groups are now beginning to shy away from the Internet, fearing that intelligence services are using it as a tool against jihad.
FireEye offers an account of the Syrian civil war's cyber antagonists. (Note the reappearance of traditional espionage tradecraft.)
More warnings of cyber attacks on critical infrastructure appear, and Tripwire at least thinks these amount to more than the usual FUD background noise.
Fresh ransomware campaigns circulate in the wild, some targeting mobile devices.
Over 100,000 Facebook users have been reportedly infected with malware in the past few days — observers of the campaign suggest those responsible used video and tags to facilitate their attacks.
Atlassian resets some HipChat passwords after observing "suspicious activity."
Pirate Bay returns from suspension, and security analysts warn that the service comes freighted with risk.
Denial-of-service attacks often look like something done just for the lulz (see, for example, the recent Taylor Swift capers) but Nexusguard thinks such apparent coup-counting may actually be DDoS-for-hire marketing ploys.
Cyber security received its fair share of attention at Davos, but at least one authority, the City of London Police commissioner, advances the gloomy view that it will take a catastrophic attack on a major multi-national firm to motivate real improvements in security.
As more industry voices call for recognizing cyber attacks as "war," various governments look to their tactics. The UK is said to be considering Orde Wingate's WWII Chindits as a model for a cyber force.
Today's issue includes events affecting China, Colombia, France, Germany, Iraq, Malaysia, Pakistan, Sweden, Syria, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
Jihadists Increasingly Wary of Internet, Experts Say(AFP via SecurityWeek) After having used the Internet profusely for propaganda and recruitment, jihadist organizations have realized that investigators are gleaning crucial information online and are increasingly concealing their web presence, experts say
Behind the Syrian Conflict's Digital Frontlines(FireEye Blog) Cyber espionage is traditionally understood as a method aimed at achieving an information edge or a strategic goal. However, our research on malware activity related to the ongoing conflict in Syria indicates that such operations can provide actionable military intelligence for an immediate battlefield advantage
Cyberterrorists' Attack on Critical Infrastructure Could Be Imminent(Tripwire: the State of Security) The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country's critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn't seem like just more FUD (fear, uncertainty, and doubt) journalism
Zero-day exploit affects modem/router combo(Kim Kommando) If you're a DSL customer and use a D-Link DSL-2740R model, then you're vulnerable to a proof-of-concept discovered by Bulgarian security researcher Tondor Donev. The attack allows hackers to bypass the router's security and hijack Web traffic
Bulletin (SB15-033) Vulnerability Summary for the Week of January 26, 2015(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Cybersecurity Concerns Seize Center Stage in Davos(SecurityWeek) If there were any lingering doubts that cybersecurity is a geopolitical issue with global implications, such opinions were cast on the rocks by discussions this past week at the 2015 World Economic Forum in Davos, Switzerland
Cyber Crime Economics(NoJitter) The longer a company goes without experiencing an attack, the more complacent it becomes and less likely to adhere to proper security procedures
Do government initiatives increase security awareness?(Help Net Security) New research, by SecureData and Vanson Bourne, investigated the impact government security initiatives had on end-user organizations in 2014, with nearly half (47%) reporting that initiatives have helped them communicate the importance of security across their organization
Time for industry and business to rethink the electronic battlefield(CSO) Over the past two decades, industrialised nations have been systematically pillaged by enterprising nations and criminal organisations that had the foresight to see the opportunities of governments, business, industry and people around the world rushing to connect to the Internet
What IT workplace issues keep CIOs awake at night?(Help Net Security) What worries chief information officers (CIOs) and IT professionals the most? According to a recent survey by Sungard AS, downtime and talent acquisition weigh heaviest on their minds
How The Skills Shortage Is Killing Defense in Depth(Dark Reading) It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely "looks nifty, but I don't have the staff to deploy it"
A Quarter of Top Legal Officers Have Seen Data Breaches(Recorder) One in four chief legal officers saw a data breach in their companies within the past two years, according to a new study released by the Association of Corporate Counsel. For the health care industry, the ratio is even higher, at almost one in two
Better Safe Than Sorry: How Startups are Staying Protected in Cyberspace(Entrepreneur) Even business intelligence firms can learn a thing or two about doing business in the digital era. Just ask Bowman & Partners, a Roanoke, Texas-based startup that mines a wealth of brand and consumer data to create customer management strategies and marketing initiatives for clients that include Comcast Business, United Healthcare and Windstream Communications
Cyber crime threat stalks fund houses(Financial Times) Cyber crime has the potential to cause serious damage to the reputations of the world's largest fund houses, but risk experts believe the investment industry has been slow to tackle the threat, potentially leaving investors exposed
Data risks give rise to 'cyber insurance' policies(Desert Sun) Molly-Ann Leikin's living room floor is bordered by records, all framed, some brightly polished gold. They are propped almost upright against the wall. She hasn't had the energy to hang them
Cyber Security Expert Launches Tellagraff, LLC(IT Business Net) Mark Graff, Founder/CEO of Tellagraff LLC, announces that the company is now officially open for business. Tellagraff is an information security consulting firm that helps businesses protect their online assets and operations from cyber attack
L-3 Wins Two NSA Contracts Valued at $367 Million(BusinessWire) L-3 Communications (NYSE:LLL) announced today that its National Security Solutions (NSS) business has been awarded two National Security Agency (NSA) Enterprise Program Management (EPM) contracts worth a total of $367.3 million. The five-year contracts provide systems engineering, acquisition planning, program management and financial management for two of NSA's major mission areas
Norman Security Suite PRO 11(PC Magazine) One typical product-line model for security vendors involves a standalone antivirus, a security suite that builds on the antivirus's features, and a top-level mega-suite that adds bonus features to the security suite. Norman handles things a bit differently, withholding Web-based antivirus protection in all but the mega-suite. As a result, Norman Security Suite PRO 11 ($76.95 per year for three licenses) is a better antivirus than the other two Norman products. Even so, it's not a suite you'd want to rely on
What Advisors Can Learn From the Sony Hack(ThinkAdvisor) Whoever hacked Sony over the comedy 'The Interview' has offered businesses of all sorts some dramatic — and valuable — lessons on cyber and terrorism insurance
Industry professionals create framework for measuring HIT value(FierceHealthIT) Healthcare professionals have created a framework for measuring health information technology with a goal of making "HIT evaluations more relevant to the current needs of the healthcare system," according to a paper published at the American Journal of Managed Care
9 common security awareness mistakes (and how to fix them)(CSO) To err is human, but to err in cyber security can cause major damage to an organization. It will never be possible to be perfect, but major improvement is possible, just by being aware of some of the most common mistakes and their consequences
Smart tips for raising digital children(Thomaston Times) The Internet is a wonderful place for learning and entertainment, but like the world around us, it can pose dangers if precautions are not taken. Allowing free access puts your child, your computer and your personal data at risk
Check autorun entries with VirusTotal — Autoruns v13(Infected IO) Version 13 of Autoruns which was release January 29, 2015 includes a very handy feature to check unknown autorun entries with Virustotal "automatically". It's integrated pretty well, you open Autoruns as usual and then just right-click and choose Check Virustotal
Psychological cyberwar, or just plain propaganda(IT Security) "The British military," the Independent reported yesterday, "is setting up a specialist force modelled on the Chindits, the commandos who gained renown through their daring missions behind enemy lines in Burma during the Second World War"
Big insurer groups push Senate on cyber security bill(Business Insurance) Thirty-five organizations, including big insurance trade groups, have sent a letter to the U.S. Senate urging the quick passage of a cyber security information-sharing bill that also offers them a safe harbor against frivolous lawsuits
Cybercrimes: Pakistan lacks facilities to trace hackers(Express Tribune) The number of Distributed Denial-of-Service (DDoS) events topping 20 gigabits per second (Gbps) in the first half of 2014, were double than those in 2013 as more than 100 attacks at 100Gbps or higher were recorded in the first six months of 2014, Forbes said in a report last July while quoting a research from Arbor Networks
Workforce Development Forum — CyberWorks Information Session(Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress(Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference(Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.