The CyberCaliphate returns, swearing fealty to the Islamic State while hacking Newsweek and threatening US President Obama's family. The threat is clearly gasconade, but the hack remains troubling. More troubling in some ways is the CyberCaliphate's hijacking of a US service member's Twitter account to spread threats against military spouses.
Anonymous continues its OpISIS. HackRead has details on the Islamic State social media Anonymous claims it's downed. Those interested in crowd-sourced information operations may consult Bloomberg for advice on trolling ISIS.
The Netherlands' government reports its websites have suffered a denial-of-service attack.
The Chinese cyber espionage group "Codoso" compromised Forbes's website (specifically the "Thought of the Day" feature) and turned it into a watering hole (now fixed).
China retained its place as leading state cyber espionage actor in 2014, but its prime target may seem a bit surprising: it's not the United States, but Vietnam.
Google has updated Chrome. Microsoft's Patch Tuesday included significant updates to Windows and Internet Explorer, closing both Jasbug and POODLE vulnerabilities.
Asset owners increasingly exercise close due-diligence when they hire financial management companies.
Cyber security stocks continue to rise post-Anthem. Anthem itself gets predictable scrutiny from state attorneys general. New York State regulators are in a particularly aggressive mood, and promise the insurance and financial sectors lots of additional help. Soon.
The new US Cyber Threat Intelligence Integration Center seems motivated by impatience with the difficulties of attribution (an inherently hard problem). Industry reaction is mixed and mostly wary, but intelligence sharing would be welcome.
Today's issue includes events affecting China, Holy See, Iraq, Democratic Peoples Republic of Korea, Netherlands, Russia, Syria, United Kingdom, United States, and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
CyberCaliphate claims Newsweek Twitter hack(Military Times) The Twitter account for Newsweek was briefly hacked Tuesday morning by a group calling itself the CyberCaliphate, which claims to be affiliated with the Islamic State group
ISIS hacker targets military spouses(The Hill) Hackers claiming to be part of the Islamic State in Iraq and Syria (ISIS) apparently hacked into the Twitter account of a military spouse Tuesday, threatening military spouses and their children
How to Troll Islamic State Like a Pro(Bloomberg) From the grainy post-Sept. 11 video clips of Osama bin Laden to today's sophisticated online propaganda, Islamic terrorists and their supporters worldwide have proved adept at using the press, Internet and social media to get out their message and attract recruits
Poor Anthem? These Are the Real Victims…(Dark Matters) The other morning I was making breakfast and had the news on in the background. The Anthem breach was being reported on and sensationalized by the media outlet and all kinds of speculation was being tossed about
Researchers identify buffer overflow vulnerability in Advantech device(SC Magazine) The Core Security researchers said that, as far as they know, there has been no exploitation attempts in the wild.
Advantech released firmware version 1.64 for a Modbus Gateway device on Monday, and with it comes a fix for a buffer overflow vulnerability — identified by researchers with Core Security — that can be exploited remotely by attackers to execute arbitrary code
MongoDB databases at risk(Universität des Saarlandes | CISPA ) Several thousand MongoDBs without access control on the Internet
How public Wi-Fi puts unprotected users at risk(Help Net Security) 76% of American smartphone and tablet users are at risk of privacy loss and identity theft via public Wi-Fi networks. The risk of using public Wi-Fi without a protected Internet connection leaves users' personal information vulnerable to cyber criminals. However, using public Wi-Fi is harmless for users, if they install protection that allows secure Internet connection while accessing public networks
Global Threat Intel Report(Crowdstrike) In 2014, it became abundantly clear that threat intelligence would provide the decisive advantage when protecting your network
Security Patches, Mitigations, and Software Updates
Stable Channel Update for Chrome OS(Chrome Releases) The Stable channel has been updated to 40.0.2214.114 (Platform version: 6457.94.0). Systems will be automatically updated over the next few days. This build contains a number of security updates and stability fixes. Some highlights of these changes are: PPAPI Flash updated to 188.8.131.525-r1
Security now one of the top risks for business leaders worldwide(Help Net Security) Cybersecurity has come to the forefront of risk oversight for board members and C-suite executives, according to results of a survey of business executives by Protiviti and the Enterprise Risk Management (ERM) Initiative at the North Carolina State University Poole College of Management
Unsurprisingly, adults don't read terms and conditions of mobile apps(Help Net Security) Today, we spend more time on our smartphones and tablets than ever before, downloading games on the go, banking online or conducting the weekly grocery shop. However, despite the rise in the use of mobile apps, of the 2,000 UK adults surveyed by Intel Security, 63% are unaware of the personal information they could be giving away by not reading terms and conditions on the apps they download
This Top Cyber Stock Is Surging Ahead Of Earnings(Investor's Business Daily) CyberArk Software (NASDAQ:CYBR) is climbing on the stock market Tuesday after the U.S. government said it plans to establish a new agency to monitor cybersecurity threats
ThreatTrack Security Appoints John Lyons President(Providence Journal) ThreatTrack Security — a leader in cyber threat prevention solutions that substantially change how organizations respond to cyberattacks — today announced the appointment of John Lyons as President. Lyons, a proven security industry veteran, will lead worldwide commercial and government operations, and report to the company's Board of Directors
BT Assure Threat Intelligence launched to reduce cyber attack(InfoTechLead) BT Assure Threat Intelligence, a new services launched by BT, is aimed at assisting enterprises to anticipate and defend against cyber threats, protecting their assets, customers and employees from DDoS attacks to hacking and data theft
Humanizing Non-Human High Privileged Accounts(Infosec Island) Every IT environment has them. They are called by a variety of names: Non-human accounts; system accounts; service accounts; administrator accounts; shared accounts; group accounts; and the list goes on. What is common is that they have exceedingly high privileges to often the most critical areas of an IT environment
Attribution is Hard, Part 2(Tenable) Last week in Attribution is Hard, Part 1, I described a classic hacking incident and discussed the challenges of establishing attribution. This week, I explain what weak attribution is, and I conclude the discussion on the four requirements of establishing attribution
Securely wiping an Android smartphone or tablet(ZDNet) Your selling or otherwise planning on getting rid of your existing Android smartphone or tablet, but you want to make sure that all your data has been securely deleted. Here's what you need to do
Obama's role in net neutrality decision under investigation(FierceCIO) Politics have always weighed heavily in the net neutrality debate, and now comes word that the U.S. House Oversight Committee has opened an investigation into whether the White House has exercised undue influence in the debate
The Future of Cybersecurity Innovation(Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight...
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Cybersecurity for a New America: Big Ideas and New Voices(Washington, DC, USA, February 23, 2015) In addition to featuring keynote remarks by Admiral Mike Rogers, Director of the National Security Agency, this event will convene experts and practitioners from the public and private sector, military,...
Workforce Development Forum — CyberWorks Information Session(Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.