Those who noticed a US Congressman's call to kick ISIS off Twitter will be interested to see Recorded Future's analysis of the Islamic State's dramatically increased presence in the social medium: 250% more twittering per day in February 2015 than December 2014. The growth lies in Arabic-language tweets; it's not significantly attributable to bot traffic.
Lenovo's bad week continues with reputational damage unabated. Some brief, script-kiddiesque vandalism affects the company's website. (Krebs reports the vandalism, like last week's attack on Google's Vietnam service, may have been enabled by seizure of Malaysian registrar Webnic.)
Customers of for-profit companies like Anthem aren't the only ones who need to worry about becoming collateral damage in a data breech. The Urban Institute reports that its National Center for Charitable Statistics (NCCS) network has been compromised, with information from some 700,000 charities exposed.
Telegram disputes Zimperium's claim that Telegram's secure messaging application fails to protect content in memory.
Attackers are exploiting a vulnerable Google Maps extension to launch denial-of-service attacks from Joomla servers.
Onapsis reports finding five SAP vulnerabilities.
Mobile spyware remains an unresolved threat to corporate networks. Developers aren't fixing vulnerabilities quickly enough — these typically persist for months — and mistrust of smartphone security in particular is proving a drag on the mobile economy.
As the US Congress mulls cyber legislation, industry mulls the probably consequences of the President's recent Executive Order. Regulators also begin to move: the US FCC seems about to pass net neutrality; New York is likely to tighten financial cyber oversight.
Today's issue includes events affecting China, European Union, Germany, Israel, Italy, Netherlands, New Zealand, Palestinian Territories, United Arab Emirates, United Kingdom, United States, and Uzbekistan.
Cyber Attacks, Threats, and Vulnerabilities
Explosive Growth in ISIS Tweets: Arabic Overtakes English(Recorded Future) The volume of tweets involving ISIS grew in August-October of 2014, then had a clear decline in November-December 2014, and has exploded in 2015. The growth in 2015 is almost entirely due to tweets written in Arabic
After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware(SC Magazine) In a Monday interview with SCMagazine.com, Joe Siegrist, CEO of LastPass, a security company that created a security tool for users to check whether they have Superfish on their machine, said that after investigating the adware issue, LastPass found that a major browser maker outside of the U.S. appeared to be accepting invalid certificates generated by Superfish
Webnic Registrar Blamed for Hijack of Lenovo, Google Domains(KrebsOnSecurity) Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Google's Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others
Washington D.C. Think Tank Hacked — 700,000 Charities at Risk(Dark Matters) The Urban Institute, a prominent Washington D.C. based think tank which provides research articles for nonprofits on management and governance, disclosed that the organization's National Center for Charitable Statistics (NCCS) network has been the subject of a major breach event that compromised sensitive information for up to 700,000 charities
The top software exploit of 2014? The Stuxnet XP flaw from 2010, reckons HP(Techworld via CSO) For cyber-attackers, the old flaws are still the best, according to HP's Cyber Risk Report 2014 and it has a startling piece of evidence to back up its claim — the most commonly exploited software vulnerability for last year was the infamous .lnk flaw in Windows XP made famous by Stuxnet in the distant summer of 2010
Mobile spyware running rampant in corporate America(FierceMobileIT) If your enterprise has at least 2,000 mobile devices on your network, there is a 50 percent chance that at least six of those devices are infected with malware that can spy on your network
Supervisor: No data compromised in Hinds cyber attack(Clarion-Ledger) The Hinds County website was the victim of a cyber attack Wednesday morning, however Hinds County District 1 Supervisor Robert Graham says it does not appear at this time any data was compromised
Mobile Apps Remain Vulnerable For Months(InformationWeek) Developers are failing to respond quickly to reports of security flaws, Trojans are infecting corporate devices at an alarming rate, and even mundane data about your device's power consumption could threaten your privacy
Fewer Enterprises Able To Detect Hacks on Their Own(Sci-Tech Today) The nature of cybersecurity threats continued to evolve in 2014, with attackers using an array of tricks to evade detection, according to FireEye's latest "M-Trends" report. Released Tuesday, the annual report details the cyber-threats uncovered over the past year by FireEye's information security company Mandiant
Addressing cybersecurity business disruption attacks(Help Net Security) Although the frequency of a cybersecurity attack on a large scale is low, by 2018, 40 percent of large enterprises will have formal plans to address aggressive cybersecurity business disruption attacks, up from zero percent in 2015, according to Gartner
Sandia faces 1.5 billion "cyber events" every day(Albuquerque Journal) Cyberwarfare is not a thing of the future, but a pervasive battle that's well under way and growing at an alarming rate, according to John Zepper, Sandia National Laboratories? director of computer and networking services
Companies expects others to protect them against DDoS attacks(Help Net Security) One in five businesses surveyed believe that their online services should be protected against DDoS attacks by their IT service providers (in particular, network providers). However, this responsibility often falls on the shoulders of companies that come under attack, according to Kaspersky Lab
Symantec's Renaissance Is On The Way(Seeking Alpha) Strong Buy rating with $35/sh one-year target price. Turnaround assets along with improving return on capital from FY14. Decoupling first time between EVA improvements and stock performance in 2014. Deeply undervalued with tremendous upside catalysts
The hard truth about IT soft skills(FierceCIO) In the new world of IT, being a great technologist is not enough. Employers are more focused on hiring well-rounded tech employees--especially those with soft skills
iboss Network Security Appoints New Senior Vice President of Worldwide Sales(Virtual Strategy Magazine) iboss Network Security today announced the appointment of security industry veteran Frank McLallen to senior vice president of worldwide sales. McLallen was brought onboard to drive the company's global sales strategy, with an emphasis on growing the channel. In his new role, McLallen will focus on expanding the global sales team, building out comprehensive channel programs, and creating an aggressive go-to-market strategy
Just when you thought you had a handle on PCI DSS 3.0(Dell TechPageOne) As reported last month, merchants who accept credit card transactions, and those who aim to keep that data safe, saw version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) come into effect on January 1
Cybersecurity: How health execs handle growing privacy threat [Special Report](FierceHealthIT) Cybersecurity in healthcare is easier said than done, something both Franklin, Tennessee-based provider Community Health Systems and Anthem, the nation's second-largest health insurer, know all too well. In 2014, CHS — which operates 206 hospitals in 29 states--fell victim to hackers, compromising personal information for 4.5 million patients
Opinion: What cybersecurity pros can learn from 'Ocean's Eleven'(Christian Science Monitor: Passcode) In the movie 'Ocean's Eleven,' cunning crooks outwitted an elaborate defense system. The same dynamic plays out on the digital front. That's why cybersecurity requires strong threat deterrence and not just stronger locks and taller fences
If you could go back in time…(CSO) Every week brings news of breaches, cybercrime and state-sponsored hacks, each more shocking than the last. Unfortunately, it's not practical to rip up the whole Internet and start over again with a more secure foundation. But wouldn't it be nice if we could go back in time to when it was first being built, and shake some sense into the early developers? We asked some security experts about what they would change if they could go back
IARPA to Launch Contest on Cyber Attack Predication(ExecutiveGov) The Intelligence Advanced Research Projects Activity?s Office for Anticipating Surprise is set to launch a four-year contest to develop new technology that can predict potential cyber attacks
UA Talent Pipeline Stopping Data Breaches(UA News) Because the University is a leader in preparing graduates with information security expertise, demand is high by employers and by students seeking to enter the MIS master's program
DHS: New cyber threat center is not strictly about cyber(Federal News Radio) The Obama administration's plan to create a new Cyber Threat Intelligence Center would mean the government would put its collective knowledge about current cyber threats at any given time into one place. But the Department of Homeland Security sees the CTIC as serving two more purposes: Integrating cyber threat data with more old-fashioned intelligence sources, and declassifying the end-product so it can be shared outside the intelligence community
Privacy and cybersecurity get political legs(Brookings) When I joined the Obama administration five years ago, I set out with like-minded colleagues at the Commerce Department to tackle key issues for the digital economy and protect the ecology of the Internet. At the top of the agenda were cybersecurity and consumer privacy
Competing cyber info-sharing plans in spotlight on Capitol Hill(Inside Cybersecurity) Two Department of Homeland Security officials will testify today on President Obama's legislative proposal on cybersecurity information sharing, but the stars of the House hearing could be two other cyber bills that have yet to be introduced
Uzbekistan launches 'morality' crackdown on Internet cafes(World News Report) Authorities in Uzbekistan tightened control over Internet cafes in the capital Tashkent on Wednesday in a bid to stem the impact of "violent and immoral" web content and video games on children. A municipal resolution obliges the popular hangouts to close at 9 pm and bans children in the city of over two million from visiting the cafes during school hours
Litigation, Investigation, and Law Enforcement
European Cyber Police Try To Shut Down Ramnit Botnet That Infected 3 Million(Forbes) British, German and Italian police have claimed success in disrupting one of the world?s biggest botnets, Ramnit. The Ramnit malware, which sought to steal victims' banking login data, was believed to have infected as many as 3.2 million Windows PCs. It is currently sitting on up to 350,000 compromised computers
Study: SMBs lack thorough understanding of state data breach notification laws(SC Magazine) Considering the slew of headline-grabbing data breaches being reported, it should come as no surprise that small business owners are brushing up on their state data breach notification laws. However, one recent study found that only 33 percent of small business owners and decision-makers feel "very confident" in their understanding of their states' breach disclosure legislation
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
28th Annual FISSEA Expo(Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
The Future of Cybersecurity Innovation(Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight...
2015 Cyber Risk Insights Conference — San Francisco(San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers...
Cybergamut Technical Tuesday: Tor and the Deep Dark Web(Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
Boston SecureWorld(Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Mercury Proposers' Day Conference(IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of...
OISC: Ohio Information Security Conference(Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...
RiSK Conference 2015(Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.
B-Sides Vancouver(Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit(Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...
2015 North Dakota Cyber Security Conference(Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...
Philadelphia SecureWorld(Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
2015 Cyber Security Summit(McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...
BSides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11(Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...
Cyber Security Conference 2015(Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...
CyberTech Israel 2015(Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...
2nd Annual ISSA COS Cyber Focus Day(Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...
CYBERWEST: the Southwest Cybersecurity Summit(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.