Against the background noise of Lizard Squad capers and Russian information operations, several vulnerabilities occupy security experts' attention.
A serious Linux flaw, "Ghost," has been found in the glibc library. The bug could allow an attacker to remotely execute malicious code on a vulnerable system. Qualys, which discovered the bug in Linux versions dating back to 2000, providently informed vendors before announcing the flaw publicly, and so patches are available.
Google doesn't dispute Core Security's report that Android Wi-Fi Direct is vulnerable to denial-of-service conditions, but it does dispute the severity of the flaw and doesn't plan to rush a patch.
Australian bug-hunter Mark Dowd has found a privacy hole in the otherwise highly private Blackphone — a specially configured text message can compromise the device.
G-DATA discerns a common hand behind Uroburos and the Project Cobra spyware campaign.
Bitdefender warns of malicious macros in MS Office documents. The documents are circulating via spam.
Apple's OS X update will address Thunderstrike and "evil maid" attacks.
In industry news, social media security start-up ZeroFOX announces its first acquisition: Vulnr — which is expected to enhance ZeroFOX's R&D capability. Darktrace thinks it's got the right metaphor for security — the human immune system — and that it's got the solutions to match the metaphor. IBM says reports of big layoffs are greatly exaggerated. Big Blue is also touting a newly developed cryptographic algorithm for identity protection.
As US cyber legislation works its way through Congress, Quartz suggests Estonia could teach the Americans a thing or two.
Today's issue includes events affecting Australia, Colombia, Estonia, European Union, Finland, France, Germany, India, Malaysia, Russia, Singapore, United Kingdom, United States.
Alleged MAS hackers also took down Microsoft, Sony(Star Online) Lizard Squad, the hacker group which claimed responsibility for taking down Malaysia Airlines' (MAS) website on Monday, has also claimed credit in the past for the hacking of Microsoft's Xbox Live and the Sony's PlayStation Network
Supposedly clean Office documents download malware(Help Net Security) Bitdefender is warning Microsoft Office users against the emergence of a new spam campaign that is looking to trick antispam filters in order to allow spam to pass freely into mailboxes. The campaign's success is elevated due to the attachment of what appears to be a 'clean' Microsoft document alongside the spam emails
Google Engineer Explains Company's Decision not to Patch Bug in Older Android Versions(Threatpost) Google has taken quite a bit of heat in recent weeks for its decision not to patch a vulnerability in the WebView component of Android in older versions, leaving hundreds of millions of users exposed to potential attacks. Now, a Google engineer is explaining the company's reasoning, saying that patching older versions of the OS can be difficult and that users can run patched browsers, even on older versions of Android
Employees would sell passwords for $150(Help Net Security) SailPoint uncovered a widespread level of employee indifference towards protecting sensitive corporate data, including personal information of customers. In fact, an alarming number of employees surveyed admitted they would sell their passwords, some for as little as $150 U.S. dollars. These stats are based on a global survey of 1,000 employees at large organizations
Insider threats changing security spending, report says(SC Magazine) The 2015 Vormetric Insider Threat Report found that a large majority of U.S. companies believe they are vulnerable to insider threats.
To guard against insider threats, organizations should focus their attention on securing data rather than endpoints, research revealed in recent report indicated
IBM India staff still battle tech blues fearing more layoffs(Economic Times) For employees of IBM India, once considered the jewel in the crown of Big Blue, the coming weeks are expected to bring yet more layoffs and soul-searching about the unsettled nature of working in the software industry which has helped create a new middle in India over the past two decades
Gemalto provides Banrisul Bank with Ezio solution for highly secure Mobile Banking(Nasdaq) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, announces that the Banco do Estado do Rio Grande do Sul (Banrisul) has deployed Gemalto's Ezio® Multi-Channel Authentication Solution to secure its expanding mBanking services. Banrisul is a leading financial institution in Brazil and will enable all of its 3.9 million customers to perform secure banking transactions using their smartphone or tablet with the highly versatile Ezio platform
Sri Lanka Telecom to Offer CYREN Cybersecurity Solution(PRNewswire) CYREN (NASDAQ: CYRN) today announced it signed Sri Lanka Telecom (SLT) as one of its latest resellers. SLT will now offer the cloud-based CYREN WebSecurity solution that provides advanced cybersecurity and zero-hour threat protection
Companies must act quickly to tackle cyber crime(ComputerWeekly) The security challenge facing organisations is how best to ensure their enterprise security in an interconnected world where employees' ability to communicate anywhere and at any time via multiple devices puts them at greater risk of cyber attack
With Colocation Security, Never Assume Anything(Data Center Knowledge) British Telecom has gone a long way from the days Britain's General Post Office sanctioned installation of the first telephone in the country in the late 1870s. Better known today as simply BT, it is a multinational giant of telecommunications and every flavor of IT infrastructure outsourcing services with about $27 billion in annual revenue
Thwarting a new breed of cyberattack(FierceCIO) Cybercrime has evolved from simply stealing information for financial gain to ruthlessly infiltrating industries with the goals of destroying intellectual property, damaging reputation and crippling critical operating function
EHR audit catches snooping employee(Healthcare IT News) Electronic health records not only enable faster access to real-time patient data; they also make it a heck of a lot easier to catch snooping employees who inappropriately view patients' confidential information, as one California hospital has observed this past week
Design and Innovation
IBM's sophisticated cryptographic algorithm protects your identity(Help Net Security) IBM researchers revealed plans for a cloud-based technology, called Identity Mixer, that uses a cryptographic algorithm to encrypt the certified identity attributes of a user, such as their age, nationality, address and credit card number in a way that allows the user to reveal only selected pieces to third parties
The impact of new EU security legislation(Help Net Security) Based on a survey of organizations from the UK, France and Germany, FireEye found that many organizations in Europe are unprepared for and challenged by cost and complexity of compliance with new European Union (EU) security legislation
Singapore ups the ante in cyber security fight(Reuters) Singapore is gearing up for a crackdown on cyber crime with the launch of a central agency and the appointment of a minister in charge of cyber security, the government said on Tuesday, as the wealthy city-state grapples with a rise in online crime
DOJ fears tech 'zone of lawlessness'(The Hill) Tech companies trying to lock government agents out of people's devices are helping to build a "zone of lawlessness," a top Justice Department official warned on Tuesday
SOFTWARE Act revision 'simplifies' health IT regulation(FierceHealthIT) A revised version of the Sensible Oversight for Technology which Advances Regulatory Efficiency (SOFTWARE) Act, currently circulating through Congress in draft form, takes a more "simple and straightforward" approach than its predecessor to health IT regulation
Feds to clarify HIPAA for mobile health developers(FierceMobileHealthcare) The U.S. Department of Health and Human Services' Office for Civil Rights is working with ACT — The App Association to provide clearer and more accessible regulatory guidance relating to the Health Insurance Portability and Accountability Act rules and address issues and concerns mHealth app developers are facing regarding federal oversight
Cybersecurity savant(The Hill) When weighing his thoughts on cyber policy, the first name that came to Michael Hayden's mind was Jim Lewis
Litigation, Investigation, and Law Enforcement
Cyber threat forces change of tack at DoJ(Financial Times) Assistant attorney-general John Carlin remembers when FBI cyber intelligence specialists sat in a locked room at the US attorney's office in Washington, cut off from criminal prosecutors in the same building
Mixed messages for VA IT(FCW) A five-month independent review found no major threats to the Department of Veterans Affairs' computer servers, and no evidence of theft of VA data. The positive review is welcome news to a department that has previously come under fire for its vulnerabilities in cyberspace
FTC targets online children's game for deceptive mental health claims(FierceMobileHealthcare) A federal agency settlement with a computer software maker regarding deceptive claims tied to a game's ability to help boost children's mental acumen illustrates the complex and overlapping aspect in government oversight regarding healthcare technology and devices
Data Breach Notification Law Even Applies to You, California Employer(JDSupra) Months before the well-publicized Sony catastrophe, California passed Assembly Bill 1710, which was signed into law on September 30, 2014, and became effective on January 1, 2015. The most discussed part of this new law applies to all California employers. In the new law, there is a subsection that states
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
CSEAN Cyber Secure Nigeria 2015 Conference(Garki Abuja, Nigeria, January 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot...
Data Connectors Los Angeles 2015(Los Angeles, California, USA, January 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
Transnational Organized Crime as a National Security Threat(Washington, DC, USA, January 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the...
ISSA CISO Forum(Atlanta, Georgia, USA, January 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are...
NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress(Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference(Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.