ISIS undergoes its own version of l'affaire AshleyMadison as a group of young Chechen women troll the group's fighters in a mail-order bride scam.
Darkode, taken down this month by an FBI-facilitated international law enforcement effort, seems to some to be showing signs of a return. But it's easy to underestimate the difficulty of reestablishing a criminal organization, dependent as it is upon inversions of familiar business practices and values: reliable quality of service (for crooks), trust (among thieves), etc. Damballa publishes interesting grounds for skepticism about how readily "Sp3cial1st" can actually bring Darkode back. His chatter may be so much (criminal) gasconade.
The Chinese threat actors widely if unofficially believed behind the Anthem and OPM breaches apparently put another notch in their gun earlier this year: compromise of United Airlines' databases. Why United? Immunity Inc. points out that United is a principal carrier operating from Dulles International, the easy-to-use air travel hub close to the CIA's Langley headquarters.
Observers digest the significance of Hammertoss, the Russian cyberespionage tool FireEye described this week.
Solutionary points out that Shellshock is still being actively exploited in the wild.
The Zen hypervisor gets a new, and significant, patch.
The finance and insurance sectors grapple with cyber risk management.
CGI says it's considering exiting commodity IT services in favor of cyber, and is eyeing appropriate acquisitions.
The Russian government calls for international accords to cooperate against cyber terrorism. In the US, cyber legislation and policy advance amid disputes over encryption, exports, and information sharing.
Today's issue includes events affecting China, Germany, Israel, Iraq, Russia, Syria, United Kingdom, United States.
We're filing from CyberMontgomery today, so please watch our Twitter feed (@theCyberWire) for live updates. We'll feature an account of the conference in tomorrow's issue.
Does the Kremlin Have a New Way of Hacking the West?(Foreign Policy) highly-capable Russian hacker group with links to Russian intelligence and that is known for going after high-profile foreign and corporate targets is deploying a powerful new data theft tool against Western systems, according to a new report by a prominent American cybersecurity firm
Shocking? — Insurers Consider Potential Aggregate Risks from a Power Grid Attack(JDSupra) In the fast-developing cyber insurance marketplace, insurers have closely considered the possible risks and have analyzed the potential aggregation of such risks. While not the only topics of interest to insurers, these two are spotlighted in a new report which focuses on the hypothetical prospect of a cyber attack on the U.S. electric power grid and the potential type, volume, and geography of losses across multiple lines of insurance coverage
Sun Tzu 2.0: Is cyberwar the new warfare?(Help Net Security) For better or worse, the multitude of networks that help keep our world interconnected is a much different place today than it was in the past. Paradoxically, the networks that provide users with a wealth of information, transactional services and the like have also been used as a battlefield to disrupt our everyday lifestyle. From obtaining general information to managing online financial portfolios to purchasing flight tickets, there has been a groundswell of disruption to access these channels
CGI exiting low-margin markets, eyes M&A in cybersecurity(Globe and Mail) CGI Group Inc., the information systems and management consultancy, said on Wednesday it would target acquisitions in cyber security while exiting some markets entirely, as it reported third-quarter profit and revenue that missed estimates
Security Startup Tanium Enters Partnership With PwC(re/code) Security and systems management startup Tanium said today that it has inked a strategic partnership with the consulting firm PwC that will combine their capabilities in helping companies secure their systems from cyber attacks and investigate attacks that have already happened
Share files simply and securely in the cloud — Partner offering from Covata and T-Systems(Deutsche Telekom) Lists of customers, contract details, price calculations ? employees need secure and quick access to this kind of sensitive data. T-Systems and Australian data security specialist Covata are now offering a solution to this problem, from the cloud. The service is as simple to use as other file sharing offerings, but is based on enterprise grade security architecture and runs in a high-security data center operated by T-Systems in Germany. The Australian government, including the Australian Taxation Office, uses Covata to securely share information
Fortinet launches Cyber Threat Assessment programme(Telecompaper) Fortinet unveiled its new Cyber Threat Assessment programme designed to provide organisations with a detailed look into the type and number of cyber threats posing risks to their networks, yet are going undetected by their existing security products
Darktrace: Enterprise Immune System technology(CTOVision) Darktrace is one of the world's fastest-growing cyber defense companies and the leader in Enterprise Immune System technology, a new category of cyber solutions based on pioneering Bayesian mathematics developed at the University of Cambridge
The Future-Forward Cybersecurity Fix(Nextgov) Recent breaches to U.S. federal computer networks — such as the Office of Personnel Management hack — have catapulted the need for improved identity management and authenticated access to the top of the national agenda. The White House-mandated a 30-day call for action for all federal agencies: tighter control of privileged user access and multifactor authentication
Securing connected machines, what is there to know?(M2M Now) The ability to hook devices or machines up to the internet helps critical infrastructure providers speed up manual processes, increase productivity, and grow the business. However, connecting to the Internet eliminates the "air gap" that kept critical networks safe for years, placing them within reach of cyber attackers. The best protection against potential data theft or industrial sabotage is collective, actionable intelligence
Travel Security: It's a Tough World in the Competitive Trenches(IBM Security Intelligence) You are ultimately responsible for your travel security, be it physical or technical. But this is a tall order. You are most vulnerable when you move and travel because you operate outside of your daily pattern of life, including connecting to the Internet via a third-party service provider with which you may not be familiar
10 Security Mistakes Nearly Everyone's Guilty Of(Information Security Buzz) When it comes to data security, attackers continue to exploit the biggest weakness of all — people. ESET Ireland looks at 10 security mistakes humans continue to make on a daily basis
Connecting the Cyber-Threat Dots Through Big Data(Smart Data Collective) The managed security services market has been in play for more than a decade. Not surprisingly, it continues to show vibrant growth, fueled in part by cloud-related factors. Research and Markets, in a January 2015 report, estimated that market growth will run from $14.3 billion in 2014 to $31.9 billion by 2019 (with a CAGR of 17.3%). Growth for security services touches just about every industry, and all sizes of organizations
New Army cyber officers hack improvements into DARPA's 'Plan X'(Army News Service) "Do you have a map in your car? When was the last time you looked at a compass? Imagine a day when we don't have that technology such as the Global Positioning System, better known as GPS. These are the things we worry about," Capt. James McColl said
EFF: War for Cryptography and Privacy is Raging(Hacked) The Electronic Frontier Foundation says that although the government is in many cases aware of the value of cryptography, they are opposing it. The UK government is an example they make frequent use of since the country is looking at banning cryptography that does not give the government a back door
Experts say tech industry has duty to counter extremism, but against imposing legal onus(FierceGovernmentIT) Former Homeland Security Secretary Michael Chertoff said social media companies may have a social obligation to suppress videos of beheadings by terrorist groups and report information to law enforcement that a user might commit a violent act, but he said he was "nervous" about imposing any legal duty or regulatory mechanism on companies to take such actions
Reform Defense acquisition to reflect cyber age(The Hill) Securing our nation from cyber threats requires identifying and addressing the root causes of our vulnerabilities. One such cause is the defense procurement process, which is hallmarked by delays and under inclusiveness. The Department of Defense and Congress must work together to speed up the process and allow additional players in the game in order to acquire advanced technology to effectively fight the digital war that is now upon us
National Guard Cyber Capability Grows Nationwide(DoD News) Just as the National Guard provides warfighting forces for the Army and Air Force and help during state and federal emergencies, Guardsmen now are ramping up their role in the nation's escalating cybersecurity fight, according to the chief of the National Guard Bureau
Litigation, Investigation, and Law Enforcement
Will the Real Victim Stand Up?(Digital Guardian) Class action suits over data breaches continue to be met with conflicting results — but what effect does this have on corporations' responsibility for consumer data protection?
Why do email policies of local governments seem so sketchy?(FierceContentManagement) A new policy in St. Paul, Minnesota allows city employees to "delete [email messages] as soon as their purpose is served" or within six months. Messages moved to trash or junk folders will evaporate in a mere two weeks. In a not-at-all-shocking turn of events, public watchdog groups are voicing their concern
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
PragueCrunch IV: The Enpraguening(Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...
Black Hat USA(Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...
ISSA CISO Forum: Third Party Oversight(Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...
BSides Las Vegas(Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...
Defcon 23(Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
3rd Annual Psyber Behavioral Analysis Symposium(Fort Meade, Maryland, USA, August 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium...
USENIX Security(Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...
5th Annual Cyber Security Training & Technology Forum (CSTTF)(Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...
Decepticon 2015(Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...
AFCEA OKC Technology & Cyber Security Day(Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...
Power Grid Cyber Security Exchange 2015(San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...
2015 HTCIA International Conference & Training Expo(Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015(Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.