skip navigation

More signal. Less noise.

Daily briefing.

Arbor Networks reports that denial-of-service attacks have risen in France, post-Charlie Hebdo. Pro-ISIS hackers haven't confined themselves to French targets, however, but continue their curious affinity for cybervandalism of US local governments.

China denounces GreatFire's allegations of responsibility for recent disruption of Microsoft Outlook as "slander." But fresh restriction of VPNs is China's avowed policy: "upgraded cyberspace sovereignty."

CryptoLocker's new variant finds its way into the United Arab Emirates.

Flash zero-days are actively exploited in the wild. Adobe issues one emergency patch, but holes remain, and a second patch is planned next week. Meanwhile, beware Flash exploitation.

Google's ProjectZero continues to crowd vendors — last week Microsoft, now Apple, as three OSX zero-days are disclosed. Faster patching seems in order: ninety days, Ars Technica observes, is an eternity in cyberspace.

Repurposed attack code and unpatched zero-days remain important reasons why attackers remain inside defenders' decision cycles, but the expense of maintaining human watchstanders (three FTEs per big enterprise, says a FireEye-commissioned study) on networks is another.

Such stories make symposiasts' flesh creep at Davos. IDF unit 8200 alumnus Nadav Zafrir warns them that "breakers are ahead of makers," and governments aren't exactly poised to ride to companies' rescue. He also urges executives to learn (from ISIS) the value of OSINT and loosely coupled networks. (US NGA Director Cardillo makes similar points at INSA, in a more positive way.)

IoT security remains a concern, both long-term and near-term (see stories of gas pump vulnerabilities).

Several court cases of cyber interest play out.

Notes.

Today's issue includes events affecting China, European Union, France, Israel, Russia, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

French DDoS attacks spike after terror protest (SC Magazine) Arbor Networks says that the number and size of DDoS attacks against French websites spiked considerably after 3.7 million people took to the streets to protest against terrorism

Pro-ISIS Group Hacked Isle of Wight, Virginia Website (HackRead) It seems that the tiny county in southeastern Virginia is the new victim of the pro-ISIS hackers as Team System DZ hacked the county's website on Friday evening

China denies involvement in Outlook.com attack (CSO) The Chinese government has denied any involvement in a recent cyber attack against Microsoft's Outlook.com, and it even went as far to accuse a watchdog group of slander for suggesting that the country could be behind it

China Cracks Down On VPN Services After Censorship System 'Upgrade' (TechCrunch) China is cracking down on VPNs, software that allows internet users to access Twitter, Facebook, Gmail and others services blocked in the country, according to state media and service providers

UAE Hit by New Breed of Crypto-Locker Ransomware (Arabian Gazette) A highly dangerous new breed of Ransomware, dubbed CTB-Locker has hit the GCC with the UAE seeing the largest number of threats — according to IT security company ESET

Flash zero-day flaw under attack to spread ad malware, botnet (ZDNet) New attacks on Flash Player may force Adobe to issue another patch just days after fixing nine flaws

Adobe fixes just one of two actively exploited zero-day vulnerabilities in Flash Player (IDG via CSO) Emergency updates for Flash Player released Thursday fix a vulnerability that is actively exploited by attackers, but leave a separate one unpatched

Google ProjectZero disclose details for three OS X 0days on Apple (Security Affairs) Google ProjectZero disclosed the details of 3 new OS X zero-day vulnerabilities, but experts believe that they could be exploited by hackers to run attacks

Critical Flaws Affect Symantec Data Center Security: Server Advanced (Softpedia) Glitches could be used as entry points to the network

New RATs Emerge from Leaked Njw0rm Source Code (TrendLabs Security Intelligence Blog) In the middle of my research on the remote access Trojan (RAT) known as "njrat" or "Njw0rm", I stumbled upon dev-point.com, a site that disguises itself as a site for "IT enthusiasts" but actually hosts various downloaders, different types of spyware, and RATs. I explored the site and found that they host malware under the "Protection Devices" section in their website. Under this section was a forum written in Arabic, which may suggest that an Arabic-speaking country is behind it

Password Re-use Fuels Starwood Fraud Spike (KrebsOnSecurity) Two different readers have written in this past week to complain about having their Starwood Preferred Guest loyalty accounts hijacked by scammers

Click-fraud malware brings thousands of dollars to YouTube scammers (Help Net Security) A malware delivery campaign aimed at making victims' computers surreptitiously view YouTube videos and, consequently, artificially inflate their popularity so that scammers might earn money from the ads embedded in them, has been targeting users around the world for months now

The Snake and the RAT are Cooperating Against You (Cyactive) Every week our posts highlight cases of newly exposed malware and explain how they are in fact recycled, reusing components of earlier malware. A recent eye-opening and very thorough post by G-Data reveals just how basic the practice of reuse is to malware development

HealthCare.gov sends out users' personal info to ad companies (Help Net Security) HealthCare.gov, the health insurance exchange website operated by the US government, is sending out personal health information about its users to at least 14 (and likely more) third-party websites belonging to private advertising companies

Senate.gov websites up after 4-hour outage (USA TODAY) After being down for some three hours, the websites and email systems of multiple U.S. Senators began to come back online Wednesday evening

Ten percent of UK Windows PCs are not fully patched, Secunia finds (ComputerWorld) Internet Explorer 11 recorded large number of flaws in 2014

How to Build a Botnet (ZeroFOX) Sound the alarms — bots are taking over

The Internet of Gas Station Tank Gauges (Rapid7 Security Street) Automated tank gauges (ATGs) are used to monitor fuel tank inventory levels, track deliveries, raise alarms that indicate problems with the tank or gauge (such as a fuel spill), and to perform leak tests in accordance with environmental regulatory compliance. ATGs are used by nearly every fueling station in the United States and tens of thousands of systems internationally

Security Patches, Mitigations, and Software Updates

Adobe Patches One Zero Day in Flash, Will Patch a Second Flaw Next Week (Threatpost) Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit

Adobe issues emergency fix for Flash zero-day (Naked Security) Adobe has published an emergency Flash update to protect against a "zero day" exploit

Running Adobe Flash? You need to read this today (Graham Cluley) Adobe has released a critical security patch for an Adobe Flash vulnerability that is being exploited by online criminals

If you use either of these WordPress themes update them now (Naked Security) Lines theme and version 1.4.4 of the Platform theme were released three days ago and contain fixes for very serious vulnerabilities. If you use either one of these WordPress themes on your website, update it now

Google Pays Big Bug Bounties in Chrome 40 Fix (eSecurity Planet) Google pays out $88,500 in bug bounties, with the largest browser security update yet in 2015. In all, Google fixed 62 different security flaws

Cyber Trends

An Israeli Cyber Warrior Puts a Scare Into CEOs at Davos (BusinessWeek) How scared are chief executives about cyber attacks after the incursion into Sony's network? Scared enough that dozens of top brass, including Citigroup CEO Michael Corbat, showed up for a Davos breakfast with an Israeli cybersecurity expert who talked about defending against attackers armed with what he called the digital equivalent of an F-16 fighter jet

Top executives freak out about hackers (CNN Money) Cybercrime is now the top risk banks face, Barclays CEO Antony Jenkins said Thursday

Cisco CEO: Hacking attacks about to get a lot worse (USA TODAY) Cisco Systems chief executive John Chambers expects hacking attacks to become a lot worse this year, and he's positioning his digital networks company to take advantage of it

Why cybersecurity will suffer the same fate in 2015 as it did in 2014 (CSO) Cyber security in 2015 — Skating away on the thin ice of the new day

With Multi-Vector Attacks, Quality Threat Intelligence Matters (CIO) It's no longer a matter of if attacks will happen, but when they will happen

Why insider threat is thriving (Help Net Security) In the past few years, rapid growth in the volume of sensitive information combined with new technologies has chipped away at the effectiveness of traditional endpoint protections and network perimeter security. In tandem come warranted concerns about the number and types of employees who have access to sensitive data

The Internet of Robotic Things: Secure, harmless helpers or vulnerable, vicious foes? (CSO) Experts say robots will be commonplace in 10 years. "Many respondents see advances in [artificial intelligence] and robotics pervading nearly every aspect of daily life by the year 2025 — from distant manufacturing processes to the most mundane household activities," says Aaron Smith, senior researcher, The Pew Research Center's Internet Project, speaking of the several experts quoted in his "Predictions for the State of AI and Robotics in 2025"

Why smart devices and wearables will be security's new headache (CSO) The cyber kill chain has a new link

The Internet of Abused Things (Dark Reading) We need to find ways to better secure the Internet of Things, or be prepared to face the consequences

Mobile health IT security challenge: way bigger than HIPAA? (We Live Security) Wearable technology and other health-related devices were big at the 2015 Consumer Electronics Show (CES) earlier this month

Former CIA Director talks national security while in Huntsville (WAAY TV) Former Director of the Central Intelligence Agency, General Michael Hayden, says in his opinion cyber-terrorism is the number one threat facing Americans today

Marketplace

FireEye Report Finds 35% of Large Enterprises Require at Least Three Full-Time Positions for Security Alert Management (Marketwired via CNN Money) Independent Global Survey by IDC Highlights Resource and Time Constraints That Prevent Organizations From Responding to Alerts in Minutes

Financial Firms Must Adapt To Cyber Threat, Says BoE's Gracie (London South East) Financial institutions need to adapt to the challenge posed by the risk of cyber attack, according to a Bank of England executive director, with a need for board level engagement and regular testing of the people, processes and technology put in place to deal with the threat

Target Breach Had Massive Impact on Cyber Security Awareness (eSecurity Planet) Security budgets increased by an average of 34 percent in the year following the Target breach, according to the Ponemon Institute

How managed security services providers benefit from transparency (TechTarget) In light of recent breaches, organizations may seek out MSSPs that hold themselves to the highest security standards

Year in review: Security breaches fueling more deals (Reuters) A flurry of security fundings toward the end of 2014 helped to emphasize the point that the security sector is a hot one for VCs to invest in

Top Cyber Security Stocks: Symantec Corporation (SYMC), FireEye Inc. (FEYE) And Palo Alto Networks Inc. (PANW) Read more at (Insider Monkey) Data breaches as a result of cyber-attacks have become a common feature in the world where consumer's data has become extremely valuable in instigating further attacks

FireEye Inc (FEYE): Beyond the Sony Hack, What's In It For Investors? (Small Cap Network) Mid cap cyber security stock FireEye Inc (NASDAQ: FEYE) has underperformed other security stocks like small cap Barracuda Networks Inc (CUDA), mid cap Fortinet Inc (FTNT) and large cap Palo Alto Networks Inc (PANW) with the latter ending the year higher and the former having a big surge in the early part of the year before ending the year lower

FireEye shows intent in UK (Business-Cloud) Are FireEye about to begin a push into the public sector market?

What's the boss of this Worcester firm got in common with Barack Obama? (Worcester News) Until now you'd be forgiven for thinking the boss of a small but growing Worcester company had little in common with Barack Obama

How one tech startup benefitted from Cameron's trip to Washington DC (ComputerWeekly) Last week a number of technology startups joined Prime Minister David Cameron in Washington DC to raise awareness of the growing threat of cyber security

Huawei Founder Ren Zhengfei Dismisses Chinese Military Connections (International Business Times) In the telling of Ren Zhengfei, Huawei, the telecommunications company he founded more than three decades ago, traces its origins not to some savvy plan to conquer the world but to the simple imperative to earn sustenance in a Chinese economy still struggling to recover from the Cultural Revolution

Churches Must Be Proactive in Protecting Personal and Financial Data, Says TechSoup Global Expert (ChristianNewsWire) TechSoup Global Partners with Bitdefender to Help Religious Nonprofits Make Cybersecurity a Pillar for Operations in 2015

Fort Lauderdale City Spends $430,000 on Cyber Security After Anonymous Attack (Hack Read) The City of Ford Lauderdale boosted its cyber security network with a heavy investment of $430,000 to bring in more improvements after it encountered a hacking attack by a cyber-activist group called Anonymous last month for its homeless laws

DoD Seeks 10-year Extension of Small Business Mentoring Program (DoD News, Defense Media Activity) The Defense Department intends to request a 10-year extension of a program that improves the ability of socioeconomically disadvantaged small businesses to compete for defense contracts, the program's manager said yesterday

iJET International Opens New, State of the Art Headquarters in Annapolis, MD (Marketwired) The integrated risk management provider officially unveils new facility designed for growth and collaboration

HPI Names John Ballentine as Director of Cyber Security and Compliance (PRWeb) Renowned cyber security and compliance expert joins Houston-based turbomachinery solutions and services provider

Allied InfoSecurity Appoints Former Senior Government Cyber Official to Board of Advisors (WKRG) Arnold J. Abraham has been appointed to serve as a member of Allied InfoSecurity's Board of Advisors

Products, Services, and Solutions

Microsoft unveils Project Spartan, the browser after Internet Explorer (Ars Technica) The browser is faster, more lightweight, and even supports extensions

Norweigan insurer DNK signs for Darktrace cyber defence (Finextra) Darktrace today announces that DNK, a major insurance company for the shipping industry, has selected Darktrace's Enterprise Immune System technology for cutting-edge cyber defense

Bitglass Breach Discovery Limits Damage From Data Breaches (MarketWired) Automated service enables enterprises to discover data breaches early

A10 Networks ACOS 4.0 Features Harmony Architecture (eWeek) Harmony allows enterprises to integrate third-party services and prototype, test and provision new applications

How To Use A 'Fake' Credit Card To Protect Yourself From Hackers (Business Insider) Dozens of retailers including Target, Neiman Marcus, and Home Depot have reported data breaches in the last year

Microsoft Security Essentials scores zero points for malware detection in antivirus test (myce) German antivirus test organisation AV-Test.org has tested 28 antivirusscanners and Internet Security Suites for Windows 7. In the tests Microsoft Security Essentials was used as the reference scanner and the antivirus applications were tested for real world scenarios like protection, ease of use and performance

ICS-ISAC and ThreatStream Announce Strategic Partnership (PRNewswire) ThreatStream, a vendor who provides a threat intelligence platform that prioritizes threats and facilitates trusted threat sharing, announced today it has executed a partnership agreement with the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC) that would enable its members to use the ThreatStream platform

Technologies, Techniques, and Standards

The Sony hack signals the need for information governance (Inside Counsel) One of the most important reasons to adopt information governance is the need to address the increasing security risks associated with unchecked data growth

NSA Report: How To Defend Against Destructive Malware (Dark Reading) In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks

An exploration of enterprise security alert management in Europe (ZDNet) FireEye's latest report suggests that a number of businesses face over 10,000 cybersecurity alerts per month. What is being done to combat potential attacks?

How to Communicate with Employees During a Cyber Hack (Fast Company) Effective employee communication during a data breach is a must. These five tips will help you through tough times

Cybercrime and hacking are even bigger worries for small business owners (Guardian) Hacks cost the American economy $100bn a year, and it's not just the Sonys and Targets of the world. Some experts offer advice on how small businesses can fight the wave of cybercrime

Former CIO of the FBI: Be prepared for insider security threats (VentureBeat) Most chief information security officers focus solely on battling malicious activity from the outside-in, completely ignoring the threat within their own walls. Insider hacking accounts for 35 percent of all cyber attacks and cost US companies $40 billion in 2013 alone, according to SpectorSoft. The Morgan Stanley, NSA, and Sony security incidents are examples of preventable breaches potentially orchestrated with the help of employees and/or contractors. The large majority of these attacks result simply from poor housekeeping with outdated tools

Privileged Account Management: Lessons from the Sony Hack (Infosec Institute) CNN recently reveled the methodology of the cyber attack that allowed anonymous cybercriminals Guardians of Peace direct access to their network, or the "keys to the entire building," as one Sony Pictures Entertainment official stated. According to investigators, the attack was carried out through a set of stolen system administrator credentials; a privileged account username and password providing a golden gateway of unfettered access to employee records, unreleased films, intellectual property, email conversations and other sensitive data. The breach has now escalated to a matter of national security, with FBI claiming North Korea as the nation state responsible for this attack based on a recent press release from the agency

Privileged Users Top List of Insider Threat Concerns: Survey (SecurityWeek) A few weeks ago, Morgan Stanley fired an employee for accessing client information and publicly posting some of it on the Internet

Asset Identification Cybersecurity (Automation World) By identifying addressing information in protocols, as well as understanding the commands being sent and received on the network, asset and network identification cybersecurity adds new depth to industrial control system security

How Vulnerabilities Happen: Input Validation Problems (Internet Storm Center) We would like to thank Richard Ackroyd of RandomStorm for reporting a critical input validation error in our site to us. As we have done before, here is how it happened so hopefully you can learn from it as well

As 0days get meaner, Google defenses increasingly outpace Microsoft (Ars Technica) In today's attack climate, 90 days is an eternity. Unless you're Microsoft

Diverse White Hat Community Leads To Diverse Vuln Disclosures (Dark Reading) Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones

Design and Innovation

Report: Popularity of biometric authentication set to spike (TechTarget) Juniper Research claims that the popularity of biometric authentication will rise dramatically in the next five years, incorporating innovative technology beyond today's fingerprint sensors and voice authentication systems

Generation Z Predicts End to Passwords and PINs by 2020 (Infosecurity Magazine) Over half of Britons aged 16 to 24 believe passwords and PINs will be a thing of the past by 2020 as more user-friendly alternatives such as biometrics take their place, according to Visa Europe

MIT's Planning Algorithms are Like Siri, Except Creative and Helpful (IEEE Spectrum) People have trouble with realistic planning

Academia

Norse Launches Cyber Attack Intelligence LifeJourney (Dark Matters) Norse Corporation announced a new, groundbreaking partnership with Science, Technology, Engineering & Math (STEM) education leader LifeJourney to launch a new "Cyber Attack Intelligence LifeJourney™"

5 tips for dealing with cyberbullying in education (Help Net Security) According to the latest figures by nobullying.com, 68 per cent of teens agree that cyber bullying has now become a serious problem in schools. This is exacerbated by the fact more than half of young people admit they never confide in their parents when cyber bulling happens to them

ForeScout Earns Two Slots in HigherED Tech Decisions' 13 Best Higher Education Products of 2014 (Newswire Today) ForeScout Technologies, Inc., a leading provider of continuous monitoring and mitigation solutions for Global 2000 enterprises and government organizations, today announced that its flagship solution, CounterACT™ and its integration architecture, ControlFabric™, were listed among HigherED Tech Decisions' 13 Best Higher Education Products of 2014

Legislation, Policy, and Regulation

Why Russia Hacks (Dark Reading) Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions

Europe weighs increased security amid privacy concerns (Al Jazeera) As France reveals new anti-terrorism laws, critics raise alarm over blanket data sharing to combat threats

Can the next EU regulation guarantee data protection for all? (Help Net Security) The European Parliament has agreed its text, the Commission is satisfied with the latest draft, so now we're are only waiting for the Council of member states to work out what they do and do not want in the new Data Protection Regulation

Davos 2015: Banks call for free rein to fight cyber crime (Financial Times) Executives at some of the world's largest banks are pressing government officials to pursue cyber criminals more aggressively or let the industry off the leash to fight them directly

UK and US plan cyber games — really? ((ISC)² via ComputerWorld) Headline-grabbing perhaps but short on substance

Dempsey: Cyber Vulnerabilities Threaten National Security (Joint Chieft of Staff) Cyber vulnerabilities in the private sector pose a serious threat to national security, the chairman of the Joint Chiefs of Staff said

Why Obama's Cybersecurity Plan May Not Make Americans Safer (Atlantic) The president's proposal promises to anonymize data. Experts don't think that will help

Grading the President's SOTU Cybersecurity Agenda (Network World) In the wake of the furor over the Sony Pictures attack, President Obama came out swinging in his State of the Union speech earlier this week. Not to be outdone, Senator Joni Ernst (R-Iowa) included a cybersecurity-centric sentence or two in the Republican's response

Barack Obama abandons telephone data spying reform proposal (Telegraph) US President quietly abandons proposal to put NSA surveillance under non-government control

What Government Can (And Can't) Do About Cybersecurity (Dark Reading) In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact

Obama's cybersecurity plan: Share a password, click a link, go to prison as a hacker (ComputerWorld) Security experts say that, thanks to President Obama's proposed cybersecurity plans and CFAA amendments, you could be considered a hacker for innocent behavior like sharing your Netflix password with family members or clicking a link that contains unauthorized content

President's Plan To Crack Down On Hacking Could Hurt Good Hackers (Dark Reading) Security experts critical of President Obama's new proposed cybersecurity legislation

Is Corporate America ready for real cyber-security? (Bloomberg News via News Tribune) Barack Obama wants to prod corporations into addressing their cybersecurity weaknesses and he used his State of the Union speech Tuesday night to do just that

Survey: Cybersecurity pros endorse data breach notification rules (PC World) U.S. President Barack Obama?s call for a nationwide data breach notification law has won strong support from members of one cybersecurity-focused organization

Senate to hold first cyber info-sharing hearing (The Hill) The cybersecurity information-sharing debate will kick off in earnest next Wednesday, as the Senate Homeland Security and Governmental Affairs Committee will hold Congress's first 2015 hearing on the issue

How Obama's new cyber laws will impact UK firms (IT Pro Portal) President Barack Obama made clear in his State of the Union address earlier this week that he intends to push through new legislation aimed at tightening corporate cyber security standards across the U.S

MPAA Boss Chris Dodd Talks About Sony Hack & Free Speech… Ignoring How It Revealed MPAA's Plan To Undermine Free Speech (TechDirt) Variety has an amusing interview with former Senator and current MPAA boss Chris Dodd, in which he admits that he should have been "more vocal" in speaking out against the Sony Hack — which he argues was "an attack on free speech"

The Current DMCA Exemption Process is a Computer Security Vulnerability (Center for Democracy and Technology) In this day and age, it's undeniable that we need the best computer security research to keep our data and ourselves safe. However, security researchers today don't have the freedom they need to test systems for bugs and then fix them. It turns out a somewhat obscure regulatory process — the Digital Millennium Copyright Act's triennial circumvention review — could be a significant barrier to better security research

Director Cardillo: Democratization of Data Offers NGA Opportunity for Transparency, Public Service (Intelligence and National Security Alliance) Encouraging the geospatial intelligence community to look at its mission through "a new lens — a lens of consequence," National Geospatial-Intelligence Agency Director Robert Cardillo said Wednesday night the agency can become a leading example of transparency, private sector collaboration and public service by the U.S. Intelligence Community (IC)

Can You Have a Transparent Spy Agency? (Defense One) To the average American, the term intelligence agency refers to a group of secret military types, locked in a windowless room in Virginia, furtively collecting data on bad guys, good guys, citizens, everybody

In post-Snowden era, NSA maintains surprisingly favorable image (Christian Science Monitor) But that doesn't mean it's popular. A Pew poll released today found that the only federal agency less well-liked among Americans was the Internal Revenue Service

Litigation, Investigation, and Law Enforcement

FBI and IRS warn of pervasive, maddening business, consumer scams (Network World via CSO) FBI says man-in-the-middle e-mail scam cost victims $214M; IRS says phone scam has 3,000 victims who've paid over $14M

British Retailers Call for Improved Policing as Cyber-Threats Increase (Infosecurity Magazine) The British Retail Consortium (BRC) has called for improved fraud reporting and better policing after reporting an increase in cyber-attacks against its members last year

Barrett Brown sentenced to 63 months for 'merely linking to hacked material' (Guardian) The journalist and former Anonymous member is also ordered to pay $890,000 fine in what he calls a "dangerous precedent" for indicting hacktivists

Silk Road 2.0 deputy arrested after 6-month attack on Tor (Naked Security) With the trial of alleged Silk Road mastermind Ross Ulbricht under way for a second week, Department of Homeland Security (DHS) agents have also now arrested the alleged deputy of the illegal drug bazaar's reboot, Silk Road 2.0

Ulbricht Confessed to Running Silk Road, His College Friend Testifies (Wired) As the the trial of alleged Silk Road mastermind Ross Ulbricht unfolds, its transcript has read like a manual of things not to do when running a secret, billion-dollar online drug conspiracy. But on Thursday, the jury heard about the most human of all the human errors Ulbricht may have made: confessing his creation to an in-real-life friend

Court Rules in Favor of Breached Retailer (BankInfoSecurity) Processor, merchant bank, liable for more breach expenses

Stars who were phone-hacked by Mirror newspapers receive "substantial damages" (Graham Cluley) A group of celebrities have received what are described as "substantial damages" to settle phone hacking claims from Mirror Group Newspapers (MGN), the publishers of the Daily Mirror, Sunday Mirror and Sunday People

Madonna hacking suspect arrested by Israeli police (We Live Security) Israeli police, working in co-operation with the FBI, have arrested a 38-year-old man who allegedly hacked into computer systems and stole unfinished versions of songs from Madonna's upcoming "Rebel Heart" album, leaking the Material Girl's material online

Cyberdome to be Ready by March (New Indian Express) The hi-tech cyber security centre of the state police, Cyberdome, which received Government nod last August, would become a reality at Technopark by March 1

In Illinois, misbehaving students may be required to give teachers their Facebook passwords (BoingBoing) In Illinois, school districts are informing parents that a new law may mean that school officials can demand social media passwords of students if the kids are suspects in cases of cyberbullying, or breaking other school rules

Cough up your social media password or go to jail (CSO) There are times when laws go well beyond rational thought. This week I read about one such law that has me rather put out is one from the legislature in Illinois

Supreme Court Rules in Favor of Federal Air Marshal Whistleblower & Upholds Whistleblower Law (Dissenter) A federal air marshal whistleblower won an important Supreme Court victory on January 21 when justices voted 7-2 that his disclosures were covered by the Whistleblower Protection Act (WPA) and had not been "specifically prohibited by the law," as the government claimed

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the...

NullCon Conference 2015 (Goa, India, February 6 - 7, 2015) Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto — "The...

Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...

Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, February 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port...

DEFCON | OWASP International Information Security Meet (Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security...

Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

Upcoming Events

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...

Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, January 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal,...

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, January 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives...

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...

CSEAN Cyber Secure Nigeria 2015 Conference (Garki Abuja, Nigeria, January 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot...

Data Connectors Los Angeles 2015 (Los Angeles, California, USA, January 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...

Transnational Organized Crime as a National Security Threat (Washington, DC, USA, January 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the...

ISSA CISO Forum (Atlanta, Georgia, USA, January 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are...

NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied...

Cyber Threat Intelligence Summit (Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

Nullcon 2015 (Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

ICISSP 2015 (Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...

2015 Cyber Risk Insights Conference — London (London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.