Apparent cyber-rioting flares in South Asia as Bangladeshi hackers deface high-profile Pakistani government sites.
Radicalization through social media (and other Internet resources) continues to concern governments from Russia through the UK to the US. The content remains such as to strike outsiders as depraved (and increasingly targeted at a very young audience — to children) but continues to appear effective. It (1) gives meaning to those who view their lives as meaningless ("losers to lions," in a typical American formulation) and (2) continues to erode the distinction between inspiration and direction (possibly in last week's Chattanooga murders).
Chinese and Russian hackers (some criminal, some in government service) continue to exploit vulnerabilities in Western targets. (Breathless reports of the former "using US servers" merely note the Web's long-familiar international connectivity.) Some campaigns exploit the Hacking Team breach (Italian police are said to be looking at ex-Hacking Team employees) and the consequences of the OPM hack continue to ripple outward.
An outfit (individual?) calling itself (himself? herself?) the "Impact Team" tells the infidelity impresarios of Avid Life Media (best known for AshleyMadison) that their user files have been hacked. Users should prepare to be outed. Impact Team cites various moral objections, but some observers think the casus belli is really the $19 fee AshleyMadison charges to dis-enroll.
The UCLA medical system has been breached, exposing some 4.5 million patients' data.
Symantec reports good news about spam: it's at a twelve-year low.
Today is the last day to comment on proposed US Wassenaar implementation.
Today's issue includes events affecting Australia, Bangladesh, China, Egypt, Ethiopia, Iraq, Israel, Italy, Kazakhstan, Democratic Peoples Republic of Korea, Republic of Korea, Libya, Morocco, Nigeria, Pakistan, Philippines, Russia, Saudi Arabia, Sudan, Syria, Taiwan, United Kingdom, United States, and Vietnam.
The Islamic State Comes to Russia?(War on the Rocks) The first anniversary of the Islamic State's declaration of its caliphate has been marked by quite a few successes for the group. It has achieved many victories in Syria and Iraq. In Yemen, it has come to be a strong rival to al-Qaeda. In Tunisia, it mounted yet another successful terrorist attack claiming lives of tourists
Tennessee shootings crystallize FBI terrorism concerns(AP via Military Times) The deadly shootings at military sites in Tennessee illustrate the threat that FBI officials have warned about: violence directed against a vulnerable government target by a lone gunman with apparent terrorist aspirations
School monitoring software's hard-coded encryption key exposed(Help Net Security) Impero Software is the creator and seller of "Impero Education Pro", a piece of software that's used in many UK schools to monitor school computers for extremism, and notify teachers if it finds that pupils have been looking at web material that could fall under that category
Opinion: Hacking Team breach a gold mine for criminal hackers(Christian Science Monitor Passcode) While the breach at the Italian spyware firm shines a light on the shadowy world of surveillance technology, it has also made the Web a much more dangerous place, giving criminal hackers even more tools to ply their craft
Online Cheating Site AshleyMadison Hacked(KrebsOnSecurity) Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company's user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is "Life is short. Have an affair"
The arsenal of SMS scammers, spammers and fraudsters(Help Net Security) Illicit commercial activity online has manifested into all things mobile. With revenue in the billions from mobile marketing, criminals are doing their best to harness the technology for their own monetary gain. Monetisable triggers that come from pay for performance activity on mobile such as clicks, downloads, registrations, video ads, referrals, games and surveys are driving substantial funds for scams and spam
What threats do security experts fear?(ZenMate Blog) Enterprises spend more than $70 billion dollars annually on information security. But a survey of top security experts revealed that there is a gap between the threats most feared by the experts and what management focuses on
When you'll know the Internet of Things has gone too far(Washington Post via the Daily Herald) Your toaster will soon talk to your toothbrush and your bathroom scale. They will all have a direct line to your car and to the health sensors in your smartphone. I have no idea what they will think of us or what they will gossip about, but our devices will be soon be sharing information about us — with each other and with the companies that make or support them
Their own devices(Economist) In the nascent "internet of things", security is the last thing on people's minds
This cybersecurity IPO is on fire(CNN Money) Business is booming in the cyber security world and Wall Street loves it. Just look at how investors are gobbling up shares of Rapid7 (RPD), the latest company to cash in on the breach bonanza by selling its shares to the public
4 ASX Cyber Security Stocks for a Growing Trend(The Bull) The Information Age has ushered in dramatic changes in the way we live and work, and it is far from over. The following figure from US based software giant Oracle Inc. shows the stunning increases in data available to consumers, businesses, and government organisations to the year 2020
Lack of digital talent adds to cybersecurity problems(Washington Post) A big problem exposed by a massive data breach at the Office of Personal Management (OPM) is the woeful state of the federal government's cybersecurity. It's not comforting when the Obama administration's chief information officer says Uncle Sam's information technology needs bubble wrap and Band-Aids to help counter cyberattacks
The Daily Record announces Most Admired CEOs(Daily Record) The Daily Record has announced its Most Admired CEOs for 2015. The 32 honorees will be recognized during an awards event Sept. 17 at the BWI Hilton. The list includes top CEOs and nonprofit executive directors throughout Maryland
Courion Announces David Earhart as Chief Executive Officer(Marketwatch) Courion®, the market-leading provider of intelligent identity governance and administration (IGA) solutions, named David Earhart as its new chief executive officer and a member of the board of directors. Earhart's extensive background in security and identity and access management (IAM) positions him well to lead Courion's corporate strategy and execution across all business functions
BGP Security Alerts Coming to Twitter(Theatpost) Enterprises in the throes of a denial-of-service attack, or suspicious about the integrity of their Internet traffic, will soon have a free data feed available that cuts through the noise produced by normal Internet routing over BGP, the Border Gateway Protocol
A comparative view of cloud-based DDoS protection services(Help Net Security) Six months ago we experienced a 30Gb/sec and 60M PPS attack that was targeting over 1000 IPs on our network. Although we eventually stopped the attack with the aid of our upstream providers, a number of our customers asked us why we didn't have a DDoS protection service in place. We decided on NTT's service due to their scale and network capacity. However, this solution was meant only to protect our network in times of need, and not to protect individual customers on a 24/7 basis. One customer revealed that above all else, DDoS attacks are what keep him up at night
Effective Response Plan Key to Surviving a Data Breach(Benzinga) The struggle the Office of Personnel Management is still having in the aftermath of having records on 21.5 million people compromised shows just how important an effective emergency response plan is for any organization with valuable digital assets. From preparedness through notification, Global Digital Forensics offers solutions to help businesses navigate a data breach from A to Z
Samy Kamkar's ProxyGambit Picks up for Defunct ProxyHam(Threatpost) Without fail in the weeks leading up to Black Hat and DEF CON, there are inevitably talks that are either pulled by organizers, cancelled by presenters, or strong suggestions are made that the talks don't happen. This year's first casualty, Ben Caudill's scheduled DEF CON demonstration of ProxyHam, has already fanned some seriously speculative flames from the research and anti-surveillance camps about exactly why the talk isn't happening
Technologies, Techniques, and Standards
Handing Over the Keys to the Castle: OPM Demonstrated that Antiquated Security Practices Harm National Security(Institute for Critical Infrastructure Technology) In this digital age, information is secured, coveted, and exfiltrated by nation states, hacktivists, and ambitious actors because, now more than ever, knowledge is power. Modern needs dictate that only authorized users know information, that authorized users can access information instantaneously, and that the integrity of information is certain. In opposition to these aspirations, an incessant tide of cybersecurity threats, spread across an unfathomably complex cyber-threat landscape, batter the defenses around any valuable store of information
After the big OPM hack, now what?(Navy Times) It started as a massive breach of data that affected roughly the entire active federal workforce. But the hack of the Office of Personnel Management's massive government employee database has ballooned into a behemoth — possibly affecting everyone who has applied for a security clearance in the past 15 years
The Multinationalism of Malware Forensics(LIFARS) Gone are the days when hackers only used American-made tools written only in English. Recently, native language tools and exploits started gaining momentum in the ever growing sphere of multinational cybercrime. Criminals are now developing their own tools in their own language
Why You Don't Need 2 Factor Authentication(Sakurity) 2FA, as many other things in infosec, is full of myths and stereotypes. I stumbled upon this link where lots of people demand bitbucket to add 2FA. For what? Let's talk about some myths of 2FA
It's the Data, Stupid!(Shodan Blog) I would like to take a moment to discuss databases. Most people use Shodan to find devices that have web servers, but for a few years now I've also been crawling the Internet for various database software. I usually mention this during my talks and I've tried to raise awareness of it over the years with mixed results
3 Steps to Unsharing and Protecting Sensitive Data(SafeNet Blog) In today's global economy, data is king. Organizations are mining their available data to personalize customer experiences, automate processes, outperform the competition, and guide other important business initiatives and decisions. As a result, they're not only producing more of it, but they're also storing, processing, and distributing it in more places
RedStar OS Watermarking(Insinuator) During the last few months information about one of North Koreas operating systems was leaked. It is a Linux based OS that tries to simulate the look and feel of a Mac. Some of it's features have already been discussed on various blog posts and news articles. We thought we would take a short look at the OS. This blog post contains some of the results
Sigcheck and VirusTotal(Internet Storm Center) Continuing my diary entries on Sysinternals tools with VirusTotal support, I'm taking a look at sigcheck
Phishing Your Employees: Clever way to Promote Cyber Awareness(HackerNews) Employees are the weakest link when it comes to enterprise security, and unfortunately hackers realized this years ago. All an attacker needs to use some social engineering tactics against employees of companies and organizations they want to target
U.S. Cyber Challenge and Delaware Universities to Host Cybersecurity Boot Camp & Competition(USCC) Program endeavors to solve cybersecurity workforce shortage. U.S. Cyber Challenge (USCC) will host its sixth annual State of Delaware Summer Cyber Camp program in collaboration with the University of Delaware, Delaware State University, Wilmington University, Delaware Technical Community College (Delaware Tech) and the Delaware Department of Technology and Information (DTI) from July 20-24, 2015
You Need to Speak Up For Internet Security. Right Now.(Wired) An Ethiopian journalist living in the U.S. was spied on by his own government. A pro-democracy activist in Dubai was beaten repeatedly by thugs after his computer was infected with surveillance software. An American who criticized the Turkish government was monitored by officials there
Is a Uniform Federal Data Breach Law Really Necessary?(JDSupra) In June 2015, the United States Office of Personnel Management announced a massive data breach. Estimates are that the breach compromises the personal information of up to 18 million current, former and potential federal employees. This data breach joined the growing list of mega breaches that has many calling for a single, federal, uniform data breach notification law, to replace and preempt the current so-called "patchwork" of state laws that exist in all but a handful of states
Ex-employees probed for attack on Hacking Team(Tech 2 First Post) Milan prosecutors are investigating six former employees of surveillance software maker Hacking Team in connection with a massive attack on the data system of the Italian cyber-security firm, sources familiar with the case said on Friday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
The APTs are coming(New York, New York, USA, July 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort,...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
PragueCrunch IV: The Enpraguening(Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...
Black Hat USA(Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...
ISSA CISO Forum: Third Party Oversight(Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...
BSides Las Vegas(Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...
Defcon 23(Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security(Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...
5th Annual Cyber Security Training & Technology Forum (CSTTF)(Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...
Decepticon 2015(Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...
AFCEA OKC Technology & Cyber Security Day(Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...
Power Grid Cyber Security Exchange 2015(San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...
2015 HTCIA International Conference & Training Expo(Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015(Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.