skip navigation

More signal. Less noise.

Daily briefing.

ISIS undergoes its own version of l'affaire AshleyMadison as a group of young Chechen women troll the group's fighters in a mail-order bride scam.

Darkode, taken down this month by an FBI-facilitated international law enforcement effort, seems to some to be showing signs of a return. But it's easy to underestimate the difficulty of reestablishing a criminal organization, dependent as it is upon inversions of familiar business practices and values: reliable quality of service (for crooks), trust (among thieves), etc. Damballa publishes interesting grounds for skepticism about how readily "Sp3cial1st" can actually bring Darkode back. His chatter may be so much (criminal) gasconade.

The Chinese threat actors widely if unofficially believed behind the Anthem and OPM breaches apparently put another notch in their gun earlier this year: compromise of United Airlines' databases. Why United? Immunity Inc. points out that United is a principal carrier operating from Dulles International, the easy-to-use air travel hub close to the CIA's Langley headquarters.

Observers digest the significance of Hammertoss, the Russian cyberespionage tool FireEye described this week.

Solutionary points out that Shellshock is still being actively exploited in the wild.

The Zen hypervisor gets a new, and significant, patch.

The finance and insurance sectors grapple with cyber risk management.

CGI says it's considering exiting commodity IT services in favor of cyber, and is eyeing appropriate acquisitions.

The Russian government calls for international accords to cooperate against cyber terrorism. In the US, cyber legislation and policy advance amid disputes over encryption, exports, and information sharing.

Notes.

Today's issue includes events affecting China, Germany, Israel, Iraq, Russia, Syria, United Kingdom, United States.

We're filing from CyberMontgomery today, so please watch our Twitter feed (@theCyberWire) for live updates. We'll feature an account of the conference in tomorrow's issue.

Cyber Attacks, Threats, and Vulnerabilities

Chechen Girls Troll ISIS With Fake Bride Scam (Daily Beast) These three young women from the Caucasus pulled a fast one on jihadis fishing for mail-order brides

Darkode is down again, don't call a Sp3cial1st! (Damballa: the Day Before Zero) The infamous web forum darkode is back up after being taken down by law enforcement

China-Tied Hackers That Hit U.S. Said to Breach United Airlines (Bloomberg) The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines

The suspected Chinese hack on United Airlines just made the CIA's job 'much more difficult' (Business Insider) The Chinese hackers that stole the personally identifying information of more than 20 million people from the Office of Personnel Management (OPM) last year also hacked into United Airlines, Bloomberg reports

What federal employees really need to worry about after the Chinese hack (Washington Post) A new government review of what the Chinese hack of sensitive security clearance files of 21 million people means for national security is in — and some of the implications are quite grave

OPM hackers are more likely to get counterintelligence action than criminal charges, report says (Washington Post) If you are one of the 20 million-plus people — including federal employees, contractors, job candidates and their family members — whose personal information was hacked and stolen from the Office of Personnel Management, you probably want the thieves captured and hauled off to prison. Don't hold your breath on that one

A veil of secrecy masks stepped-up cyberattacks in Asia (Chicago Tribune) Once a month, cybersecurity lawyer Paul Haswell gets a call from an Asian company with the same question: We've been hacked. Who do we need to tell?

Does the Kremlin Have a New Way of Hacking the West? (Foreign Policy) highly-capable Russian hacker group with links to Russian intelligence and that is known for going after high-profile foreign and corporate targets is deploying a powerful new data theft tool against Western systems, according to a new report by a prominent American cybersecurity firm

FireEye Releases Intelligence Report Highlighting the Clever Tactics of a Likely Kremlin-Backed Threat Actor (MarketWatch) APT29 combines steganography, cloud storage, and social media services to fly under the radar of network defenders

Moonpig warns of password breach — but it may be more than their users who are at risk (We Live Security) Moonpig, the online personalised card company, has blocked the accounts of an unspecified number of customers after users' details were published online

Shellshock Flaw Still Actively Exploited: Solutionary (SecurityWeek) Shellshock, the Bash bug disclosed in September 2014, is still being exploited by threat actors, according to a report from Solutionary's Security Engineering Research Team (SERT)

Security Patches, Mitigations, and Software Updates

Xen fixes another "virtual machine escape" bug (Naked Security) The widely-used Xen hypervisor has just issued a rather important patch

Cyber Trends

Bromium Threat Report Identifies Security Risks of Popular Websites and Software ( Street Insider) News and entertainment websites unknowingly host more than 50 percent of malvertisements; Flash exploits increase 60 percent and ransomware increases 80 percent since 2014

Shocking? — Insurers Consider Potential Aggregate Risks from a Power Grid Attack (JDSupra) In the fast-developing cyber insurance marketplace, insurers have closely considered the possible risks and have analyzed the potential aggregation of such risks. While not the only topics of interest to insurers, these two are spotlighted in a new report which focuses on the hypothetical prospect of a cyber attack on the U.S. electric power grid and the potential type, volume, and geography of losses across multiple lines of insurance coverage

Banks And Insurance Companies Aware Of Cyber Risks: Opportunities Remain To Become More Resilient (Forbes) Cyberattacks and the damage they can cause are top of mind for the majority of business executives. Hardly a week, let alone a day, goes by without news of a breach or concerns about the risk of a cyber attack in one sector or another

The Evolution of Cybersecurity Requirements for the U.S. Financial Industry (Center for Strategic and International Studies) The U.S. financial sector is a major target for global cybercriminals. Cybercrime is a growing industry around the world imposing significant costs on firms that fail to implement adequate safeguards

Physical Security in Enterprise IT: A Renaissance for Cloud-Based Security (The VAR Guy) New means of physical surveillance are changing the way enterprises protect their assets. So how can channel partners get in on the ground floor of this growing industry and profit?

New Research Reveals More Than a Third of Employees Willing to Sell Private Company Data and Proprietary Information (BusinessWire) Clearswift survey confirms that organizations must have data protection policies in place that safeguard against both malicious and inadvertent insider threats

Sun Tzu 2.0: Is cyberwar the new warfare? (Help Net Security) For better or worse, the multitude of networks that help keep our world interconnected is a much different place today than it was in the past. Paradoxically, the networks that provide users with a wealth of information, transactional services and the like have also been used as a battlefield to disrupt our everyday lifestyle. From obtaining general information to managing online financial portfolios to purchasing flight tickets, there has been a groundswell of disruption to access these channels

Marketplace

CGI exiting low-margin markets, eyes M&A in cybersecurity (Globe and Mail) CGI Group Inc., the information systems and management consultancy, said on Wednesday it would target acquisitions in cyber security while exiting some markets entirely, as it reported third-quarter profit and revenue that missed estimates

'Insane' acquisition spree and Blue Coat's renaissance (Digital News Asia) Believes it has shored up its capabilities to be able to offer the 'Blue Coat stack'. Claims 'incredible growth' in Asia, particularly excited by verticals such as telcos

5 Things to Watch When FireEye Reports Earnings (Motley Fool) Pertinent themes and trends to look for in the earnings report of this high-profile cybersecurity company, which is due to report after the markets close on Thursday

Hackers give up when they go up against this cybersecurity company (Fortune) In conversation with George Kurtz, CEO of CrowdStrike

Israeli cyber sector exports soar to $3 billion in 2014 (Globes) The Israel Export Institute estimates that the revenue of nearly 250 Israeli firms in the sector will increase at a rate of 10% per year

Leidos, Cerner win 'DHMSM', DoD's $11B electronic health record contract (FierceGovHealthIT) Contract will replace legacy health IT at DoD and advance interoperability with VA's health record

Security Startup Tanium Enters Partnership With PwC (re/code) Security and systems management startup Tanium said today that it has inked a strategic partnership with the consulting firm PwC that will combine their capabilities in helping companies secure their systems from cyber attacks and investigate attacks that have already happened

Security awareness to benefit from government incentives, says former GC of Verizon (Channelnomics) Pricey government fines will force management to think security

Fidelis Cybersecurity Appoints Industry Leader Michael Evans as Chief Marketing Officer (BusinessWire) Former Mandiant and FireEye executive to lead global marketing effort for leader in advanced threat defense

Products, Services, and Solutions

Trend Micro unveils Windows 10 security portfolio (Resellernews) "At the end of the day, we are committed to securing individuals' ability to do things online safely"

G DATA Sicherheitslösungen sind kompatibel mit Windows 10 (Pressebox) Kunden können den Umstieg auf das neue Betriebssystem ohne Probleme durchführen

Share files simply and securely in the cloud — Partner offering from Covata and T-Systems (Deutsche Telekom) Lists of customers, contract details, price calculations ? employees need secure and quick access to this kind of sensitive data. T-Systems and Australian data security specialist Covata are now offering a solution to this problem, from the cloud. The service is as simple to use as other file sharing offerings, but is based on enterprise grade security architecture and runs in a high-security data center operated by T-Systems in Germany. The Australian government, including the Australian Taxation Office, uses Covata to securely share information

TeleSign SDK streamlines verification on mobiles (Betanews) Many of the latest cyber attacks focus on mobile platforms as they're often seen as inherently less secure, particularly when handling account logins and important transactions

Guidance Software Becomes Founding Member of Blue Coat Endpoint Alliance Ecosystem (Marketwatch) Deep endpoint visibility delivered by EnCase® is crucial element of end-to-end security approach

Centripetal Networks Inc. Announces Strategic Partnership with iSIGHT Partners (Benzinga) Centripetal's high-performance RuleGate® appliance operationalizes cyber threat intelligence from iSIGHT's ThreatScape® services to deliver actionable threat intelligence

Fortinet launches Cyber Threat Assessment programme (Telecompaper) Fortinet unveiled its new Cyber Threat Assessment programme designed to provide organisations with a detailed look into the type and number of cyber threats posing risks to their networks, yet are going undetected by their existing security products

CyberX Launches its Industrial Threat Intelligence Platform (PRNewswire) The new initiative aim is to enhance secure adoption of the Industrial Internet by providing unprecedented insights of cyber security threats in operational networks

Darktrace: Enterprise Immune System technology (CTOVision) Darktrace is one of the world's fastest-growing cyber defense companies and the leader in Enterprise Immune System technology, a new category of cyber solutions based on pioneering Bayesian mathematics developed at the University of Cambridge

Rackspace cooking up security-secret-sharing cloud cabal (Register) Top-tier clouds invited into information-sharing club to speed defence deployment

Technologies, Techniques, and Standards

Can thinking like cyberattackers improve organizations' security? (TechTarget) Getting in the minds of cyberattackers can help organizations mount better defenses against attacks. Here are some ways to accomplish this

Keeping European datacentres safe from cyber attacks (ComputerWeekly) European datacentre operators must take a proactive approach to preventing cyber attacks as hackers increasingly target their facilities

The Future-Forward Cybersecurity Fix (Nextgov) Recent breaches to U.S. federal computer networks — such as the Office of Personnel Management hack — have catapulted the need for improved identity management and authenticated access to the top of the national agenda. The White House-mandated a 30-day call for action for all federal agencies: tighter control of privileged user access and multifactor authentication

Securing connected machines, what is there to know? (M2M Now) The ability to hook devices or machines up to the internet helps critical infrastructure providers speed up manual processes, increase productivity, and grow the business. However, connecting to the Internet eliminates the "air gap" that kept critical networks safe for years, placing them within reach of cyber attackers. The best protection against potential data theft or industrial sabotage is collective, actionable intelligence

Travel Security: It's a Tough World in the Competitive Trenches (IBM Security Intelligence) You are ultimately responsible for your travel security, be it physical or technical. But this is a tall order. You are most vulnerable when you move and travel because you operate outside of your daily pattern of life, including connecting to the Internet via a third-party service provider with which you may not be familiar

Applied Cyber Intelligence: A Theory on Intelligence Sharing (Dark Matters) There has been an identified need to share Cyber Intelligence. The history of the discussion dates back a number of years and the actual timeline is out of the scope of this study

10 Security Mistakes Nearly Everyone's Guilty Of (Information Security Buzz) When it comes to data security, attackers continue to exploit the biggest weakness of all — people. ESET Ireland looks at 10 security mistakes humans continue to make on a daily basis

A Security Awareness and Training Policy Checklist (Infosec Institute) Your organization may already have security training and awareness (STA) program, or (this is less likely nowadays) you may have to build one from scratch

Connecting the Cyber-Threat Dots Through Big Data (Smart Data Collective) The managed security services market has been in play for more than a decade. Not surprisingly, it continues to show vibrant growth, fueled in part by cloud-related factors. Research and Markets, in a January 2015 report, estimated that market growth will run from $14.3 billion in 2014 to $31.9 billion by 2019 (with a CAGR of 17.3%). Growth for security services touches just about every industry, and all sizes of organizations

Research and Development

Scientists in Greece Design Cryptographic E-Voting Platform (Wall Street Journal) 2,500 years after they first designed democracy's core operating system of one person one vote, the Greeks are giving it an upgrade

New Army cyber officers hack improvements into DARPA's 'Plan X' (Army News Service) "Do you have a map in your car? When was the last time you looked at a compass? Imagine a day when we don't have that technology such as the Global Positioning System, better known as GPS. These are the things we worry about," Capt. James McColl said

Legislation, Policy, and Regulation

Russia calls for global coordination to counter cyber terrorist activity (Xinhua) Security services worldwide must coordinate their efforts in cyberspace to prevent the Internet from becoming a weapon for terrorists, Russian Federal Security Service chief Alexander Bortnikov said Wednesday

How should the U.S. respond to state-sponsored cyberattacks? (CIO) A new poll suggests the general public views the growing threats from nation-states as significant, but they may be off base in terms of their prescriptions for how to respond

The US is rewriting its controversial zero-day export policy (The Verge) Experts say the rules would weaken defensive security tools

Senators wrap DHS cyber bills together in bid for floor time (The Hill) A Senate committee on Wednesday approved a cybersecurity bill that would give the Department of Homeland Security (DHS) considerable powers to defend government networks from hackers

Senators push bill to authorize EINSTEIN 3A, shore up 'insufficient cybersecurity practices' governmentwide (FierceGovernmentIT) Leaders of the Senate Homeland Security and Governmental Affairs Committee introduced Monday a bipartisan bill that would grant federal agencies clear legal authority in utilizing EINSTEIN, the Homeland Security Department's continuous diagnostics and monitoring system

White House Preps New Cyber Policy Dealing with Federal Contractors (Nextgov) The Obama administration is preparing to release a new policy to homogenize the way vendors secure agency data

EFF: War for Cryptography and Privacy is Raging (Hacked) The Electronic Frontier Foundation says that although the government is in many cases aware of the value of cryptography, they are opposing it. The UK government is an example they make frequent use of since the country is looking at banning cryptography that does not give the government a back door

Experts say tech industry has duty to counter extremism, but against imposing legal onus (FierceGovernmentIT) Former Homeland Security Secretary Michael Chertoff said social media companies may have a social obligation to suppress videos of beheadings by terrorist groups and report information to law enforcement that a user might commit a violent act, but he said he was "nervous" about imposing any legal duty or regulatory mechanism on companies to take such actions

Reform Defense acquisition to reflect cyber age (The Hill) Securing our nation from cyber threats requires identifying and addressing the root causes of our vulnerabilities. One such cause is the defense procurement process, which is hallmarked by delays and under inclusiveness. The Department of Defense and Congress must work together to speed up the process and allow additional players in the game in order to acquire advanced technology to effectively fight the digital war that is now upon us

National Guard Cyber Capability Grows Nationwide (DoD News) Just as the National Guard provides warfighting forces for the Army and Air Force and help during state and federal emergencies, Guardsmen now are ramping up their role in the nation's escalating cybersecurity fight, according to the chief of the National Guard Bureau

Litigation, Investigation, and Law Enforcement

Will the Real Victim Stand Up? (Digital Guardian) Class action suits over data breaches continue to be met with conflicting results — but what effect does this have on corporations' responsibility for consumer data protection?

Facebook ordered to allow pseudonyms by privacy watchdog (Naked Security) Good news for every Little Miss Hot Mess and Jemmaroid von Laalaa out there: a German privacy watchdog has ordered Facebook to allow users to take out accounts under pseudonyms

Five Suspects Reportedly Connected to the JPMorgan Chase Breach (Legaltech News) Reports said two of the men?s names were somehow mentioned in connection with an inquiry into the JPMorgan Chase breach

Investigation Follows Claims of Hacking at Planned Parenthood (Legaltech News) The cyber-attack comes soon after controversy erupted over Planned Parenthood statements recorded in edited undercover videos by The Center for Medical Progress

Why do email policies of local governments seem so sketchy? (FierceContentManagement) A new policy in St. Paul, Minnesota allows city employees to "delete [email messages] as soon as their purpose is served" or within six months. Messages moved to trash or junk folders will evaporate in a mere two weeks. In a not-at-all-shocking turn of events, public watchdog groups are voicing their concern

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, July 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers

PragueCrunch IV: The Enpraguening (Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...

ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...

BSides Las Vegas (Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...

Defcon 23 (Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information

3rd Annual Psyber Behavioral Analysis Symposium (Fort Meade, Maryland, USA, August 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium...

USENIX Security (Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...

Decepticon 2015 (Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.