Physical space casts its shadow (as it always does) into cyberspace: France sees a spike in cyber attacks post-Charlie-Hebdo. About 19,000 Website have sustained attacks since January 7.
Symantec reports that the Carberp Trojan has morphed into an improved version with a preference for Australian targets.
CryptoWall 3.0 improves victim service, and not in a good way. KnowBe4 says the ransomware now makes it easier for its marks to pay up.
Malvertising is a growing threat. Everyone acknowledges its danger, but there's no clear consensus over who's responsible for dealing with it.
Ponemon releases a new study on estimating the cost cyber attacks exact from their targets.
As corporate boards take a more active role in cyber security, university boards of trustees (like Penn State's) do likewise.
The market for cyber insurance is expected to expand rapidly this year, and observers believe it will drive better standards and practices (often citing fire insurance as historical precedent).
Cyber threat information sharing is everyone's darling today. Security companies seek to share with their peers and competitors. US President Obama's proposed cyber legislation may be increasingly controversial (analysts see dangerous vagueness in its criminal sanctions, with security research possibly an unintended casualty) but there's general agreement that its goal of fostering threat information sharing is sound.
UK PM Cameron's war on encryption still finds little love, but the US-UK summit has agreed on joint cyber drills.
The Silk Road trial has its Perry Mason moment: defense counsel suggests Mount Gox set Ulbricht up.
A note to our readers: the CyberWire will observe Martin Luther King Day and not publish Monday. We'll resume regular publication on Tuesday, January 20.
Today's issue includes events affecting Australia, China, France, Indonesia, Democratic Peoples Republic of Korea, Russia, United Kingdom, United States.
WhatsApp sees increasing complexity of spam campaigns(Help Net Security) Over the past few months, AdaptiveMobile has tracked an increase of spam complexity on messaging apps, such as WhatsApp, in the United States, Europe and India, and expects these attacks to continue through 2015
Affordable Care Act Phishing Campaign(US-CERT) US-CERT is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code
3 Ways Cyber Insurance Will Improve Security Performance(BitSight Security Ratings Blog) In 2014, Cyber Insurance saw record growth. In fact, in a recent white paper from Advisen, their buyer penetration index showed a five-fold increase in insurance purchases from 2006 to 2013, demonstrating that many organizations have recognized the value in outsourcing corporate cyber risk. Naysayers, however, warn that this move does not make companies more secure and allows organizations to ignore the behaviors and issues that are creating security risks in the first place
The Top-12 Security Breach Facts Every C-Level Executive and Board Member Must Know(US Cybersecurity Magazine) Innovation, trade secrets and customer data are the lifeblood of U.S. companies and the U.S. economy. They comprise up to 80% of the current and future value of today's organizations. These critical economic engines of competitive advantage must be protected at all
cost. What we learned as an industry over the past months and years must be leveraged into your next level of information protection
DDoS volumes plateau as hackers try new attack vectors: Akamai(CSO Australia) Findings by content distribution network (CDN) provider Akamai that Australia is sliding down the world's broadband rankings got widespread coverage, but Akamai's review of global security exposure has also highlighted more pressing information-security concerns in Australia and elsewhere
Verizon: Most PCI Firms Fall Out of Compliance Within One Year(Infosecurity Magazine) The majority of merchants which sign up to payment security standard PCI DSS fall out of compliance less than a year after being validated, greatly increasing their chance of falling victim to a damaging data breach, according to Verizon Enterprise Solutions
A Samsung-BlackBerry Alliance Is Highly Desirable(Seeking Alpha) Samsung will benefit a lot from owning BlackBerry. Samsung can use BlacKBerry's QNX and Elliptic Curve Cryptography assets to build the most secure Machine-to-Machine communication solutions. Samsung can outrun Google in the connected car segment if Samsung owns QNX. QNX is the leading OS in connected cars
How much trust can you put in Telegram messenger?(IDG via CSO) Messaging programs are a closely watched application category, with experts scrutinizing how communications are protected from government surveillance dragnets and hackers. The primary defense invariably involves encryption, but just saying an application uses encryption by no means ensures it's secure
The EFF's secure messaging scorecard. Which app will you use?(Lumension Blog) Revelations by NSA whistleblower Edward Snowden woke many of us to up the risks posed by covert surveillance, and in just the last few days — following the ghastly events in Paris — UK Prime Minister David Cameron has called for secure communication apps to be made unlawful, or at least forced to contain a backdoor which the police and intelligence agencies could exploit
Cloud Security Vendor Centrify Adds MSP Program(CRN) Cloud security vendor Centrify has unveiled a new tier aimed at MSPs and executives say the SaaS-based identity management company is increasingly turning to system integrators and skilled security consultancies to establish a broader customer base
Privacy considerations in a cloudy world(Microsoft Cyber Trust Blog) In today's high tech world, individuals from around the globe can comment in real time on others social media posts and current events instantaneously. With just a few keystrokes, data, thoughts and ideas can reach around the globe. In this fast paced environment, consideration of what you choose to share and to whom is more important than ever. Likewise, as organizations take advantage of the scale and economies offered by cloud computing, understanding how data is managed by cloud service provider is a high priority
FortyCloud Joins Forces with Numergy to Address Growing Demand for Cloud Localization(The Hosting News) FortyCloud, a pioneer in network Security-as-a-Service for the cloud, today announced a partnership with Numergy, a leading public cloud services provider based in Paris. As part of the new partnership, Numergy customers can now take advantage of FortyCloud's first-of-a-kind offering that bundles all core security components (encryption, firewall, VPN, access control, identity management, etc.) into a single, integrated product delivered as Software-as-a-Service
The Ghostly Side of Bug-Hunting(The Analogies Project) I have few vices in life but there is a TV programme called "Ghost Adventures" that has really caught me and yes, I'd go as far as saying I'm a little addicted. It's a fun programme led by 'Zak', who "wants to capture on film what he once saw" — a ghost. So he and his team go to haunted locations all over the world, but mainly in America to suit the audience, in some hope of capturing evidence of ghosts. It's all scientific despite the "for entertainment only" caption at the start of the showreel
French Rein In Speech Backing Acts of Terror(New York Times) The French authorities are moving aggressively to rein in speech supporting terrorism, employing a new law to mete out tough prison sentences in a crackdown that is stoking a free-speech debate after last week's attacks in Paris
Proposed CFAA Amendments Could Chill Security Research(Threatpost) Legitimate security researchers, from bug hunters to pen-testers, are buckled in for a bumpy ride as vague language in President Obama's proposed amendments to the Computer Fraud and Abuse Act (CFAA) is expected to be debated and sorted out as it makes its way through the legislature
Why I Hope Congress Never Watches Blackhat(Wired) What a strange time. Last week I was literally walking the red carpet at the Hollywood premiere of Michael Mann's Blackhat, a crime thriller that I had the good fortune to work on as a "hacker adviser" (my actual screen credit). Today, all I'm thinking is, please, God, don't let anybody in Congress see the film
Why A Global Cybersecurity Playbook Is Critical Post-Sony(Forbes) On Tuesday, President Obama announced a series of new cybersecurity measures to improve information sharing between the private sector and government, modernize law enforcement's approach to tackle cybercrime, and require national data breach reporting
Cyberspace regulation needed to avert war following recent cyber-attacks(State Press) ISIS sympathizers successfully hacked into the U.S. Central Command Twitter account on Monday — but ISIS is not the only organization that is hacking. Its actions come in the wake of similar attacks against the U.S. institutions, such as the infamous attack on Sony by North Korea and friends late last year
Does Air-Sea Battle Have a Fatal, Cyber Flaw?(National Interest) This commentary offers clarification to the National Interest's December 8, 2014 article, "Will Air-Sea Battle Be "Sunk" by Cyberwarriors?" (Erica D. Borghard & Shawn W. Lonergan). The article presents a misunderstanding of the multiservice Air-Sea Battle Concept on two levels
US Coast Guard Addresses Maritime Cybersecurity Issues(In Homeland Security) The United States Coast Guard fielded questions from maritime security experts and officials Thursday during a Maritime Cybersecurity Standards Public Meeting held at the U.S. Department of Transportation Headquarters in Washington, D.C
Obama turns to 'name and shame'(Reuters via IT Web) The unusually destructive cyber attack on Sony Pictures Entertainment is providing an early test of a new Obama administration policy to reveal more of what it knows or suspects about hacking campaigns
Is it Possible to Ban Autonomous Weapons in Cyberwar?(Just Security) Political and technological developments have often spurred responses from international humanitarian law (IHL). We already have a good sense of the major questions on the agenda in upcoming years. Two are especially noteworthy: First, how to apply IHL to cyberwarfare? Second, how to regulate autonomous weapons systems (AWS) — including whether to create new laws regarding both domains? These two issues, more than commonly appreciated, have a direct relationship with one another, which lawyers and policymakers should acknowledge
Matthew Green on the NSA and Compromising Crypto Standards(Threatpost) Dennis Fisher talks with Matthew Green of Johns Hopkins University about the NSA's "regret" for continuing to support Dual EC after it had been shown to be compromised, the effects of the agency's influence on crypto standards and the hope for more secure standards in the future
Panel: No alternative to bulk data collection by NSA(Army Times) A committee of scientific experts has concluded that there is no viable technological alternative to bulk collection of data by the National Security Agency that allows analysts access to communications whose significance only becomes clear years later
Arresting Dieudonné for "defending terrorism" is exactly what he wants(Quartz) "Je me sens Charlie Coulibaly." Translation: "I feel like Charlie Coulibaly." Infamous French comedian Dieudonné M'bala M'bala wrote these words in a puzzling Facebook post published (and since deleted) in the wake of massacres at the offices of satirical newspaper Charlie Hebdo and a kosher supermarket in the Parisian suburbs
DHS Believed Mt. Gox CEO Might Have Been Silk Road's Secret Mastermind(Wired) Long before the Department of Homeland Security set its sights on Ross Ulbricht, the agency had another surprising suspect in mind as the possible creator and administrator of the Silk Road's massive online drug market: Mark Karpeles, the chief executive of what was then the world's biggest bitcoin exchange, Mt. Gox
Marriott's stopped blocking your Wi-Fi hotspots(Naked Security) Marriott says it's throwing in the towel on its unsuccessful legal and PR battle to get the Federal Communications Commission (FCC) to let it block personal hotspots in its conference and convention areas
JPMorgan Asked by States for Detail on 2014 Data Breach(Bloomberg) JPMorgan Chase & Co. (JPM) was pressed for more evidence by a group of states probing a data breach that jeopardized millions of customer accounts last year, including whether any of the compromised information has been connected with fraud
UK Teen Arrested For Sony, Xbox DDoS Attacks(SecurityWeek) An 18-year-old was arrested this morning in the United Kingdom on suspicion of being involved in the distributed denial-of-service (DDoS) attacks launched against Sony's Playstation Network and Microsoft's Xbox Live over Christmas
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ShmooCon(Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.