Some skids still at large who claim affiliation with Lizard Squad cozy up to the Cyber Caliphate with a weekend hack of Malaysia Airlines. Attackers deface webpages with both a chipper shout-out to ISIS and a cruel allusion to the loss of flights MH370 and MH17, then promise to release information they've gleaned from compromised servers.
Some think Lizard Squad and the Cyber Caliphate are the cyber arm of ISIS (which senior US officials have lately taken to calling, in an information operations riff, "Daesh"), but their activities seem more consistent with loosely coupled hacktivism than any effectively controlled or even committed movement.
ISIS/Daesh has attracted its own share of odium from the likes of Anonymous. Anonymous also promises to clean up the darknet with OpDeathEater — an exposure of pedophile networks. These raise policy issues worthy of consideration: cyber vigilantism, like the urge of banks to hack back against attackers, seems to arise in the perceived absence of effective action by authorities. (There's plenty of fear to go around, much of which is being carried out of Davos by Gulfstream.)
Those authorities (particularly in the US and UK) are working on policies to improve cyber security, but their efforts remain controversial. NSA reform and fear of over criminalization remain sticking points in US debate; the UK continues to worry encryption.
Several phishing scams and data compromises that are likely to lead to phishing have emerged recently: beware IRS and ATT emails.
Adobe patches the second Flash zero-day ahead of schedule.
Today's issue includes events affecting Afghanistan, Australia, China, European Union, Ghana, India, Iraq, Kenya, Democratic Peoples Republic of Korea, Malta, South Africa, Switzerland, Syria, Turkey, United Arab Emirates, United Kingdom, United States, and Yemen.
We Shouldn't Be Relying on Hackers to Stop Terrorism Financing(American Banker) The fight against terrorist financing took a fascinating turn last week as several international hacking groups announced plans to target banks, countries and individuals who had helped to finance the Islamic State, also known as ISIS or ISIL, and other terrorist organizations
Hackers can Spoof AT&T Phone Messages to steal your Information(The Hacker News) Bad news for AT&T customers! You all are vulnerable to phishing scams — thanks to AT&T's text protocols. The actual problem lies in the way AT&T handles its customer alerts via text messages, as it's very easy for cybercriminals to mimic
Dating Site Breached: 20M Credentials Stolen(Easy Solutions) A hacker calling himself "Mastermind" is claiming to be in possession of over 20 million credentials for an unnamed dating site. These credentials are claimed to be 100% valid in a posting to a paste site. Included in the list are over 7 million credentials from Hotmail, 2.5 million from Yahoo and 2.2 million from Gmail.com
MEP raises alarm over security of Malta's border control software(Independent) German MEP Cornelia Ernst has taken issue over Malta's use of the PISCES border control software, which was donated to the country by the American government in 2004, claiming that Malta's use of the software could constitute a security risk for other EU member states
Cyber attacks targeting hardware(Asia One) When Sony Pictures' computer systems were hacked in November last year, few realised that the problem went far deeper than the gossipy e-mail messages that were leaked or the delayed release of the movie The Interview
Bulletin (SB15-026) Vulnerability Summary for the Week of January 19, 2015(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Google Releases Security Updates for Chrome(US-CERT) Google has released Chrome 40.0.2214.91 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition or obtain personal information
PHP 5.6.5 Fixes Flaw Leading to Remote Code Execution(Softpedia) The latest version of PHP includes several security patches, one of them referring to a vulnerability that can be exploited by an attacker to execute code remotely on the affected machine, if certain conditions are met
The Essential Cyber Risk Elements(Live Trading News) As businesses struggle with embarrassing data breaches, this 'new normal' is spurring better information protection. Costly intrusions have a long-lasting effect, from customer impact to insurance claims and lawsuit exposure
Risk management: the key to business growth(Canberra Times) Business growth requires a solid foundation and a solid foundation is built on powerful risk-management. The message is simple. As a rule of thumb, when you cut your risk, you cut your losses and maximise profits
Family-Owned Businesses Struggle to Manage Risks(Wall Street Journal) The risks any company faces can be compounded when the business is owned by a family, and a new survey finds a big disconnect between awareness of the risks facing family-operated companies and actual policies and procedures being put in place to manage those risks
Australia's Siren Visual Delays Memories, Nodame Cantabile After Sony Cyber Attack(Anime News Network) Australian anime distributor Siren Visual announced on Sunday that it is delaying its release of Katsuhiro Otomo's Memories anthology film and the first Nodame Cantabile television anime series. Siren Visual was unable to correspond with Sony to get needed materials for both releases due to last year's hacking attack on Sony
Imminent privacy law drives cyber insurance(ITWeb) Cyber crime losses in SA are estimated at R5.8 billion for 2014, says a market observer. South African companies are increasingly looking to cyber insurance policies to cover themselves in the event of security breaches, a trend driven by the imminent introduction of the Protection of Personal Information (POPI) Act
FireEye Inc (FEYE): Beyond the Sony Hack, What's In It For Investors?(Small Cap Network) Mid cap cyber security stock FireEye Inc (NASDAQ: FEYE) has underperformed other security stocks like small cap Barracuda Networks Inc (CUDA), mid cap Fortinet Inc (FTNT) and large cap Palo Alto Networks Inc (PANW) with the latter ending the year higher and the former having a big surge in the early part of the year before ending the year lower
IBM's reorg-from-Hell launches next week(Beta News) IBM's big layoff-cum-reorganization called Project Chrome kicks-off next week when 26 percent of IBM employees will get calls from their managers followed by thick envelopes on their doorsteps
Report: IBM Employees Bracing for Massive Layoff Starting Next Week(The VAR Guy) Last October, IBM (IBM) chief executive Ginni Rometty vaguely hinted the company's self-styled makeover to analytics, cloud, mobile and security specialist could mean yet another round of layoffs, following last year's firing of 10,000 workers with another 1,700 shown the door in 2013
Five Things Wall Street Is Missing About IBM(Forbes) Anyone expecting a turnaround in IBM IBM +0.31%'s business operations must have been disappointed following the company's Q4 financial report on Tuesday. EPS and revenues continued to head south, reflecting weakness across all major geographical regions
Apple may allow Chinese government to conduct security audits on products(Slash Gear) According to a new report from The Beijing News, Apple will begin allowing the Chinese government to carry out security inspections on its devices that it sells in the country. The purpose for this agreement would be to address China's recent fears about iOS devices allowing access to sensitive information from both customers and the government. The deal was reportedly made between Apple CEO Tim Cook and Lu Wei, director of the director of Chinese State Internet Information Office
Microsoft Flunks Antivirus Tests. Who Aced Them?(Tom's Guide) Every antivirus software package promises to protect your computer from danger, but when it comes to detecting malware, there are huge differences among them. German Lab AV-TEST today (Jan. 22) released the results of its latest Windows 7-based tests, and Microsoft's free Security Essentials application came in near the bottom, while paid packages from Bitdefender, Kaspersky Lab and Trend Micro were tied at the top
Palo Alto Networks: Proactively Averting Cyber Attacks(Sys-Con) Cyber threats are becoming more advanced, persistent, and focused. The threat landscape is rapidly changing, and evolving faster than ever. Today it is difficult to determine who is winning: either those behind the cyber threats, or those fighting to prevent and remediate the threats
Searching for a Cryptocurrency Security Standard(CoinDesk) Bitstamp's recent hacking woes suggest that security in the bitcoin world seems to be getting worse, rather than better. Whether it's down to external attacks, or internal irregularities as alleged at Mt Gox, it's clear that something has to change
Dealing with High Risk Data(JDSupra) When people think of high risk data, most think of Personal Health Information and Personally Identifiable Information as it relates to HIPAA and the health care industry, but Steve Shebest's very informative article "High Risk Data: Have a Plan!" explains how high risk data can also be found in the financial, commercial, transportation, industrial, and other highly regulated sectors
'Two-step' solution locks out cyber thieves(Sacramento Bee) Kristin Judge remembers vividly when the cyberattack occurred. One Saturday morning, she woke up to find more than 1,600 messages flooding her email account. Most were congratulatory, thanking her for signing up for a newsletter, everything from equine groups to shark research to business journals
When cybersecurity makes the difference in protecting life(Beta News) We can always learn from the public and nonprofit sectors. Many times these organizations must work virtual information technology miracles, without the means available to the enterprise sector. In fact, some of their IT security lessons are particularly important, given how nomadic data has become in the age of the "cloud"
Assessing Your Risk For A Cyber Breach & Minimizing The Fallout(Manufacturing Business Technology) A staggering 43 percent of U.S. companies have experienced a data breach in the last year according to the Ponemon Institute. Despite the rise in breaches, 27 percent of companies didn't have a data breach response plan or team in place. Are you one of those companies, or are you looking to lessen the fallout should a breach or cyber-attack occur? The following are steps every manufacturing-related business should take to minimize risk
Managing Distributed Risk: A Strategy for Minimizing Risk from Third-party Engagement(RSA Blogs) If you're like most IT professionals, you've noticed that your roster of third-party providers continues to grow. Whether you're using software as a service (SaaS) applications (as virtually every organization does), offshore developers, cloud services like infrastructure as a service (IaaS) or platform as a service (PaaS), or document share solutions, you probably have a surprising amount of sensitive data in the hands of third parties. And that injects distributed risk
IST Researchers Examine Role of 'White Hat' Hackers in Cyber Warfare(Gant Daily) From the Heartbleed bug that infected many popular websites and services, to the Target security breach that compromised 40 million credit cards, malicious hackers have proved to be detrimental to companies' financial assets and reputations. To combat these malevolent attackers, or "black hats," a community of benign hackers, i.e., "white hats," has been making significant contributions to cybersecurity by detecting vulnerabilities in companies' software systems and websites and communicating their findings. Researchers at Penn State's College of Information Sciences and Technology (IST) are studying white hat behaviors and how the talents of the white hat community can be most effectively used
Vice President Biden Announces $25 Million in Funding for Cybersecurity Education at HBCUs(The White House: Office of the Vice President) Today, Vice President Biden, Secretary of Energy Ernest Moniz, and White House Science Advisor John Holdren are traveling to Norfolk State University in Norfolk, Virginia to announce that the Department of Energy will provide a $25 million grant over the next five years to support cybersecurity education. The new grant will support the creation of a new cybersecurity consortium consisting of 13 Historically Black Colleges and Universities (HBCUs), two national labs, and a k-12 school district
CyberPatriot Reveals Top 28 Teams Advancing to National Finals Competition(PRNewswire) The Air Force Association today announced 28 National Finalist teams selected to compete at the CyberPatriot National Finals Competition as the culminating event of the seventh season of the nation's largest youth cyber defense competition. Finalists will travel all-expenses-paid to Washington, DC, March 11-15, 2015, to compete for the title of National Champion, scholarships, and other recognition
With more than 200,000 unfilled jobs, colleges push cybersecurity(PBS) From UMass Boston to Vermont's Champlain College, institutes of higher education are trying to boost the number of graduates in a field that barely existed ten years ago: cybersecurity. And they're scrambling to keep up with increased cybersecurity threats
Cybersecurity Summit Highlights Risk Growth(Government Technology) Sessions at the summit held at CSU San Bernardino addressed the need to fill open positions in cybersecurity, and the need for diversity in the cybersecurity community
The Threat of International Cyber Hacking(Economy Watch) China and the US are entering a new and troubling phase of cybersecurity. The recent crash of North Korea's internet network reveals just how inexperienced world leaders are in dealing with cyber conflict. It shows how one reckless act in the cyber realm can quickly devolve into a bigger international crisis. The confusion and ambiguity surrounding this sequence of events has left the US and China entangled in a high profile cybersecurity standoff
Put a Cybercop on the Beat(US News & World Report) The U.S. government should establish a single organization to better combat cybersecurity threats
Litigation, Investigation, and Law Enforcement
Report suggests most DoD networks susceptible to mid-grade cyber threats(Federal News Radio) A new Pentagon report on the Defense Department's major systems includes some worrying assessments of DoDs overall cybersecurity posture: A troubling proportion of its IT systems appears to be vulnerable to low- or intermediate-level hackers, leaving aside the advanced persistent threats everyones worried about
Who Stole Your Identity?(Slate) Manhattan District Attorney Cyrus Vance Jr. says today's cybercriminal is yesterday's chain-snatching street hustler
Cyberdome to be Ready by March(New Indian Express) The hi-tech cyber security centre of the state police, Cyberdome, which received Government nod last August, would become a reality at Technopark by March 1
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cybergamut Technical Tuesday: Tor and the Deep Dark Web(Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
RiSK Conference 2015(Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.
Infosecurity Europe 2015(London, England, UK, June 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
CSEAN Cyber Secure Nigeria 2015 Conference(Garki Abuja, Nigeria, January 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot...
Data Connectors Los Angeles 2015(Los Angeles, California, USA, January 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
Transnational Organized Crime as a National Security Threat(Washington, DC, USA, January 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the...
ISSA CISO Forum(Atlanta, Georgia, USA, January 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are...
NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress(Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference(Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.