Assad's Syrian Electronic Army defaces Le Monde's website with the presumably Islamist message "Je ne suis pas Charlie," evidently an attempt to deny the Islamic State sole possession of jihadist street cred.
A lone Turkish hacker defaces a large number of Ghanaian government websites, declaring "cyberwar" for unclear motives.
Attribution of the "Inception" campaign remains controversial: Blue Coat and Kaspersky advance competing explanations of the attacks.
US CENTCOM refuses to rise to hackers' bait, saying it anticipates no changes to its social media policy.
Adobe investigates reports that a Flash zero-day has been incorporated into the Angler exploit kit. The vulnerability appears to affect Flash installations on older versions of Windows (including XP).
Davos is in session, and cyber security appears to be giving global warming competition for pride-of-place among the (elite, wealthy, etc.) symposiasts' worries.
The cyber security market sees some of the increased spending widely forecast in the wake of the Sony hack. Next-generation firewalls, improved encryption, data-centric security, managed security services, and closer attention to the supply chain are mentioned in descriptions of plans and purchases.
Reactions to US President Obama's cyber proposals are falling into some consensus. The President's concerns are generally held to be well-intentioned, with gestures toward cyber threat intelligence sharing particularly welcome. On the other hand, many regard the proposed measures as over-broad, likely to criminalize — probably unintentionally — a wide-range of innocent online activity. And ability to cut through the glare of war in cyberspace seems unlikely to be achieved through legislative fiat.
Today's issue includes events affecting Australia, Brazil, Canada, China, Curaçao, France, Ghana, Indonesia, Ireland, Democratic Peoples Republic of Korea, Republic of Korea, Switzerland, Syria, Turkey, United Kingdom, United States.
List Of Other Government Websites Hacked(Pulse) From what Pulse.com.gh gathers, Alsancak Tim is a Turkish hacker. On his Facebook page, he listed the other Ghanaian websites he exploited into details with the mirrors to prove his point
DoD: CENTCOM hack to have no effect on social media policy(C4ISR & Networks) Despite the high-profile Jan. 12 hacking incident that resulted in the takeover of U.S. Central Command's official Twitter and YouTube accounts, Defense Department officials have no plans to reevaluate policy on the use of social media, according to a DoD spokesperson
Adobe Investigates Fresh And Fishy Flash 'Zero Day'(Forbes) Adobe has confirmed it is investigating a report that a previously-unknown and unpatched vulnerability, better known as a zero day, is being used by criminal hackers using an exploit kit known as Angler
Careless Sharing: 32 Per Cent Take no Precautions When Letting Others use Their Devices, Kaspersky Lab Discovers(PRNewswire) According to a survey jointly executed by B2B International and Kaspersky Lab, 32 per cent of respondents who share an Internet-enabled device with their relatives, colleagues or friends do not take any precautions to protect their information. They see no risks associated with sharing these devices even though it can significantly increase the chances of data stored on the device being lost or stolen. In fact, the more people that use a device, the greater the probability of one of them making a mistake and falling for a cybercriminal's trick
CyberArk makes Security Predictions for 2015(Technuter) CyberArk, the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today outlined its security predictions for 2015
Defense contractors see opportunity in cybersecurity sector(Los Angeles Times) After a year that saw destructive cyberattacks on major U.S. companies, President Obama's call to stiffen America's digital defenses could help bolster the bottom lines of top defense and aerospace contractors facing cutbacks in Pentagon spending
Saving Us From The Snoops(Forbes) In 1990 William Ghetti, a staff sergeant in the U.S. Air Force, had a letter published in British newspaper The Independent in which he challenged the purpose of American offensives in the Gulf. His comments, later cited in a U.K. Parliament debate over whether U.K. military should assist the U.S., still resonate: "The greed that drives our oil-based world economy has put us in the position that we are willing to risk our nation's sons and daughters in the quest for stable prices at the pumps"
Global shortage of skilled cybersecurity pros(Help Net Security) A new global survey of more than 3,400 ISACA members shows that 46 percent of respondents expect their organization to face a cyberattack in 2015 and 83 percent believe cyberattacks are one of the top three threats facing organizations today
What's driving executive turnover for CISOs?(TechTarget) I read recently that a number of seasoned CISOs are leaving their positions and moving to the vendor side of security. What is driving this trend, especially in a time when the industry already has a shortage of qualified information security professionals?
Protegrity Extends Data Security into the Cloud(Database Trends and Applications) As the cloud becomes more central to data storage and information exchange than ever before, the enterprise risk to the security of that data is also escalating
Redspin Introduces Cyber Security —Red Team— Assessments(GNOMES) Redspin, Inc., a leading provider of penetration testing services and HIPAA risk assessments, today announced a Cyber Security ?Red Team? assessment service. The new service is designed to uncover realistic paths that external adversaries may take to compromise computer systems and networks, steal confidential data, and gain access to facilities
Sysmon v2.0: System Activity Monitor for Windows(Kitploit) System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network
Facebook update aims to reduce News Feed hoaxes(Naked Security) Most people don't believe everything they read on their Facebook News Feed. But, as we've seen time and again on Naked Security, some bogus stories do catch the attention of readers — however improbable they may sound
Software enables secure, automated DoD data sharing(Federal Times) Sharing sensitive data safely and responsibly can be a difficult task in the age of hackers and insider threats. The task becomes significantly more challenging when talking about information related to national security or military operations being conducted around the globe
Technologies, Techniques, and Standards
The critical 48 hours after a cyber attack(Banking Technology) A range of social, political, cultural and economic factors drives cyber attacks. How well banking and financial institutions understand the drivers for an attack and how effectively they respond in the 48 hours following the discovery of an attack has a major effect on the resultant impact
When good security advice…isn't(CSO) Is there any piece of common security advice that you find you disagree with? Context can often change what we should be telling people about how to secure their data and machines
IT's security metrics and reporting problem: A communication failure(CSO) What used to be a back room, invisible function of enterprise, IT security has been launched into the limelight with high profile data breaches with Sony as the most recently, and reoccurring, example. Enterprises are rightfully bringing IT security to the forefront of the business process, and IT teams are responsible for showing the improvement and success of security programs that are often a significant line item on the books
PayPal Pans Passwords at Event Co-Sponsored with Google(eCommerce Bytes) PayPal co-sponsored an event on online authentication — not product authentication with which merchants are familiar, but rather, the process by which websites authenticate users when they log in to their systems. It used the event to introduce the FIDO Alliance and its new authentication standards
Marshall Academy CyberPatriots Advance to the National Competition(Connection Newspapers) Students from Marshall, a Governor's Science, Technology, Engineering, and Math (STEM) Academy, are advancing to the national round of the annual CyberPatriot Competition. They are doing so after two teams were awarded first and third place in the state competition, and after a long day of regional competition that took place on Saturday, Jan. 17
The Second Crypto War and the Future of the Internet(Huffington Post) In the early 1990s, the first Crypto War began. With the release of the programmer Phil Zimmerman's PGP ("Pretty Good Privacy") encryption software in 1991, for the first time in history, anyone could encode and exchange a message that no law enforcement agency had the technical ability to intercept and decode
The Flaws in Obama's Cybersecurity Initiative(Harvard Business Review) President Obama's new raft of proposals aim to address the growing concern that America is not taking tough-enough action against the increasing cybersecurity problem of nation-states and criminals (usually criminal gangs) attacking U.S. consumers and organizations. The evildoers' motivation for doing so is most often money, but intellectual property is also being filched, and the internet is also being used for anything from identity theft to illicit political objectives
Obama's cybersecurity proposals are just the start: Experts(MarketWatch) The White House announced plans last week to share more information about cyber threats between the government and the private sector and create a 30-day customer notification requirement after data breaches. And last night, the president said during the State of the Union that "if we don't act, we'll leave our nation and our economy vulnerable"
Snowden on Cyberwar: America Is Its Own Worst Enemy(Newsweek) After a year punctuated by hacks and data breaches, most notably a cyberattack against Sony, President Barack Obama used part of his State of the Union address on Tuesday to mention the growing threat to cybersecurity. "No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids," he said
6 Threats, 6 Changes, & A Brave New World: Intel Chief Vickers(Breaking Defense) There's no one thing that keeps the Pentagon's chief of intelligence up at night. There's half-a-dozen things — terrorism, cybersecurity, Iran, North Korea, Russia, and China — but Mike Vickers has a six-point plan to counter them
Litigation, Investigation, and Law Enforcement
France anti-terror plan calls for hiring more intel agents(AP via Longview News-Journal) Reeling from the Paris terror attacks, France announced broad new measures to fight homegrown terrorism, such as giving police better equipment and hiring more intelligence agents, as European officials sought to strike the right balance between rushing through tough counterterrorism laws and protecting treasured democratic rights
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
CSEAN Cyber Secure Nigeria 2015 Conference(Garki Abuja, Nigeria, January 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot...
Data Connectors Los Angeles 2015(Los Angeles, California, USA, January 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
Transnational Organized Crime as a National Security Threat(Washington, DC, USA, January 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the...
ISSA CISO Forum(Atlanta, Georgia, USA, January 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are...
NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.