skip navigation

More signal. Less noise.

Daily briefing.

The US Office of Personnel Management (OPM) has been breached, and the personally identifiable information (PII) of some four million current and former government workers compromised. OPM noticed the intrusion in April; it seems to have begun this past December. The FBI is investigating, and various Administration officials are saying on background that China is responsible. This is the second time in a little less than a year that OPM has reported a breach. The last incident, in July, saw attackers prospecting PII associated with people who'd applied for security clearances.

We've heard a lot from the FBI recently (at Georgetown Law, the Billington Corporate Cyber Security Summit, and the DC Metro Cyber Security Summit) about its efforts to impose costs on hackers, including hackers working for nation states, and it will be interesting to watch the Bureau's investigation unfold.

Chinese complaints about "OceanLotus" and "Unicorn Nocturne" hacking seem retrospectively like anticipatory tu quoque (shade thrown in a generally American direction).

That PII are valuable in espionage is unsurprising — the alleged Russian incursion into US IRS online services offers another example. Organizations that hold PII should understand that they're targets.

Social media also yield valuable information to reconaissance. A US Air Force general says an ISIS "moron's" selfie enabled targeting and destruction of an ISIS C2 center. (The general's crowing, alas, may help ISIS up its OPSEC game. On the other hand there's no shortage of "morons" on social media.) Ukrainian bloggers track Russian ops similarly revealed in social media.

Notes.

Today's issue includes events affecting Bahamas, Belgium, Canada, China, European Union, Iraq, Israel, Nigeria, Russia, Syria, Ukraine, United States.

Cyber Attacks, Threats, and Vulnerabilities

Chinese hackers breach federal government's personnel office (Washington Post) Chinese hackers breached the computer system of the Office of Personnel Management in December, officials said Thursday, and the agency will notify some 4 million current and former federal employees that their personal data may have been compromised

China suspected in massive breach of federal personnel data (Military Times) China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million federal workers, American officials said Thursday

Brief: 4 million federal employees affected by data breach at OPM (CSO) Administration officials have already blamed China

OPM Breach Shows Govt. Cybersecurity Remains Work in Progress (Dark Reading) Intrusion continues spate of breaches at federal organizations over past few months

Chinese ISP: China Is Victim Of Foreign State-Backed APT Group (Dark Reading) Qihoo 360 says that "OceanLotus" has been stealing information from Chinese government agencies and maritime institutions since 2012

IRS app hack 'complex and sophisticated,' commissioner says (FierceGovernmentIT) The method that hackers used to access tax return information on 104,000 taxpayers last week was "complex and sophisticated in nature," the Internal Revenue Service's commissioner told a Senate committee

Carlisle: Air Force intel uses ISIS 'moron's' social media posts to target airstrikes (Air Force Times) OPSEC isn't the Islamic State group's strong suit

Ukrainian bloggers use social media to track Russian soldiers fighting in east (Guardian) Using pictures and status updates as evidence, amateur investigators say they are gathering proof that the Kremlin is actively involved in conflict

Reconnaissance via Professional Social Networks (TrendLabs Security Intelligence Blog) Are professional social media sites the weak link in companies' security strategies?

Evil Wi-Fi captive portal could spoof Apple Pay to get users' credit card data (Ars Technica) The iPhone's auto-connection to WiFi could be used to social engineer users

Tox: Free Ransomware Toolkit Hits the Black Market (Infosec Island) Do-it-yourself malware toolkits have been available on the black market for a long time, but now researchers have discovered the first ransomware variation for creating your own extortion campaigns — and it's free to use

Critical vulnerabilities in JSON Web Token libraries (Ab0Files) Recently, while reviewing the security of various JSON Web Token implementations, I found many libraries with critical vulnerabilities allowing attackers to bypass the verification step

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected (SC Magazine) TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks. This year has already been marked by data breaches at multiple major healthcare organizations, including CareFirst BlueCross BlueShield and Anthem

Discovering connections between attackers (Help Net Security) In the last few years, Pedram Hayati, founder of Australian IT company Security Dimension, has been developing a custom honeypot intelligence system called Smart Honeypot

Attack of the 90s Kids: Chinese Teens Take On the Mobile Ransomware Trade (TrendLabs Security Intelligence Blog) A new breed of cybercriminals has surfaced in China. They are bolder and more reckless than their more experienced veteran counterparts. All born in the 90s, these neophytes are not afraid to get caught, carelessly leaving a trail of traceable contact details online

This Hacked Kid's Toy Opens Garage Doors in Seconds (Wired) Americans' garages, those sacred suburban havens of automobiles and expensive tools, are probably more important to us than many of our online accounts

Exploit kit roundup — early June 2015, (Thu, Jun 4th) (Varanoid) Security Operation Center (SOC) analysts investigate alerts on suspicious network activity. However, these analysts might not run across exploit kit (EK) traffic that often

DDoS attackers targeting IT services, cloud providers (FierceITSecurity) Distributed denial of service attacks are increasingly targeting IT services and cloud providers, according to the first quarter 2015 DDoS trends report from Verisign

Political deleted-tweet archive shuttered by Twitter over "privacy expectation" (Ars Technica) Politwoop's API access revoked without warning; had archived posts, deletion times

Security Patches, Mitigations, and Software Updates

Adware-Laden Skype Botnet Disrupted (Threatpost) Skype, Microsoft's now ubiquitous video/messenger program, has long been a go-to destination for attackers looking to peddle their malware

Microsoft will add SSH support to PowerShell (Help Net Security) Third time's the charm for Microsoft's PowerShell team, as they will — after two previous attempts unsuccessful due to leadership and culture — finally implement SSH support

Cyber Trends

We stand on the brink of global cyber war, warns encryption guru (Register) Schneier: Sony hack 'high skill, high focused'

Cyber theft could lead to another financial crisis (Beta News) In the digital age, money is rapidly evolving into lines of computer code which can easily be hacked, ransomed or stolen by organized criminal gangs (OCGs)

Shadow IT is prevalent in government agencies (Help Net Security) Despite clear benefits of cloud services — greater collaboration, agility, and cost savings — federal agencies are slow to migrate to the cloud due to security concerns. As a result, employees adopt cloud services on their own, creating shadow IT

HSB Study Shows 69 Percent of Businesses Experienced Hacking Incidents in the Last Year (BusinessWire) Cyber poll finds risk managers not confident about resources dedicated to combat hacking

RFID gets renewed attention with spotlight on IoT (FierceRetailIT) An old killer app rides again. Radio frequency identification (RFID) will become a key component of the Internet of Things (IoT) because it bridges the physical and digital worlds, enabling the identification of objects and linking them to the internet

Cost of an average Canadian data breach is $5.3 million: Study (IT World Canada) CSOs who need a weapon to convince management to up the IT security budget can throw this at them: The average cost to an organization of a data breach in Canada last year was just over CDN$5.3 million — about $2 million higher than the global average

Marketplace

Incident response spend up as firms recognise cyber attacks are inevitable (ComputerWeekly) Study shows shift to spending on threat detection and response is overdue, with nearly 40% of firms admitting they have no incident response plan

Schedule 70 adding sections for health IT, cybersecurity (Federal Times) After the release of a special item number (SIN) for cloud products and services on IT Schedule 70, the General Services Administration is now looking to create two more SINs for targeted technologies, namely health IT and cybersecurity

Microsoft lets EU governments inspect source code for security issues (ComputerWorld) European governments will be able to review the source code of Microsoft products to confirm they don't contain security backdoors at a transparency center the company opened in Brussels on Wednesday

The HP split by the numbers: 2,800 apps and 75,000 APIs (IDG via ITWorld) Hewlett-Packard has given a glimpse of what the company's separation looks like from an internal IT perspective, and not surprisingly, there are some big numbers involved

Antivirus Firm Avast Mulls Acquisitions, Listing Amid Expansion Plans (Wall Street Journal) Avast is growing at a time when its competitors are struggling, chief executive says

Security vendor sets up shop in Ottawa (CDN) Amsterdam's best known security vendor AVG Technologies has opened a state-of-the-art facility in Ottawa

Products, Services, and Solutions

Microsoft ships ATP security product to protect corporate emails from zero-day threats (FierceITSecurity) Because email remains a primary way for employees to communicate, it will be an ongoing security concern for IT teams

SurfWatch Labs Launches Cyber Risk Cloud to Allow Organizations to Submit, Store, Analyze and Share Their Evaluated Cyber Intelligence Across Their Enterprise (PRWeb) SurfWatch Labs, a provider of cyber risk intelligence solutions, today announced the general availability of SurfWatch Cyber Risk Cloud, which allows organizations to compare their evaluated cyber event data to a broader set of intelligence for enriched risk management analysis and insights

Big data analytics needed to fight hack attacks, says HP (V3) Cyber security and preventing the damage hackers can cause to enterprises is a big data problem requiring analytics to solve, according to HP

Cloud-based solutions that protect against zero day attacks (Help Net Security) BAE Systems Applied Intelligence announced at Infosecurity Europe 2015 that it is bringing cloud-based cyber security to commercial organisations in Europe for the first time

Alliance Key Manager for VMware Validated for PCI DSS in VMware (PRWeb) Townsend Security's encryption and key management solution validated by Coalfire for use in VMware environments according to PCI DSS

Proofpoint Launching Threat Response 3.0, First Integrated Threat Response and Intelligence Platform (MarketWatch) Proofpoint, Inc., PFPT, -2.89% a leading next-generation security and compliance company, today announced that it is developing a pioneering, integrated threat response and advanced threat intelligence platform

Guidance Software Releases Tableau™ T8u Forensic USB 3.0 Bridge (MarketWatch) New digital forensic bridge enables forensic imaging in excess of 300 MB per second

Firewalls for SMBs that chew through encrypted streams (Help Net Security) At Infosecurity Europe 2015, WatchGuard Technologies announced a new series of enterprise-strength firewalls engineered specifically to protect small- and medium-sized businesses

How to turn on two-factor authentication on over 100 popular online services (Help Net Security) TeleSign launched Turn It On, a new campaign featuring a guide to two-factor authentication and providing step-by-step instructions for turning on 2FA for over a 100 popular social networking, banking, cloud computing and other online services that offer the 2FA option

Plex Mounts Huge DigiCert Encryption Install for Media Streaming (Infosecurity Magazine) DigiCert, a global certificate authority, has partnered with Plex media streaming solution to provide publicly trusted certificates to enhance security with end-to-end encryption. From now on, every Plex video and music streaming packet leaving and entering a user's network is encrypted, and its recipient verified

Boys & Girls Club Teens Take on Cyber Safety during National Internet Safety Month (PRNewswire) As kids grow up in this digital age, keeping up with the latest trends and technology is a part of everyday life

The Cynja Creates a New Comic Strip Promoting Cyber Safety for Kids (PRNewswire) Multi-platform media company, The Cynja®, announces the launch of its new weekly cyber comic strip

Technologies, Techniques, and Standards

After breaches, higher-ed schools adopt two-factor authentication (Network World via CSO) Boston University and University of Iowa tighten protection of user credentials with two-factor authentication

Pixiewps — Bruteforce Offline the WPS Pin (Pixie Dust Attack) (Kitploit) Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). It is meant for educational purposes only

Heartbleed SSL bug Scanning using Nmap on Kali Linux (Hacking Tutorials) This tutorial shows you how to scan a target for the well known Heartbleed SSL Bug using Nmap on Kali Linux

Emergency Security Band-Aids with Systemtap (Security Blog) Software security vulnerabilities are a fact of life. So is the subsequent publicity, package updates, and suffering service restarts. Administrators are used to it, and users bear it, and it's a default and traditional method

Exploiting to Securing: The Role of DNS in Business (Information Security Buzz) How businesses can defend their network from APTs that exploit DNS

Partners should standardize SMB security framework – LabTech (Channelnomics) CEO tells Channelnomics SMBs being targeted more and more

#infosec15: Focus on People Not Tech for Best Threat Intelligence (Infosecurity Magazine) Effective security controls, network-level visibility and talent are vital underpinnings to good threat intelligence, but IT teams need intellectual rigor rather than whizz bang tools to get the best results, according to a panel of experts

Which Web Application Security Best Practice Really Matters? (eSecurity Planet) Organizations want to build more secure Web applications, but they are having trouble identifying development best practices that really make a difference

Time to Unlock 18 Valuable Cyber Security Tips for Gamers (Heimdal) In the late 2000s, malware was just starting to creep into online games and affect players looking for some good fun

Most Secure Password? It Will Surprise You (eSecurity Planet) A seven character password with special characters can be hacked in less than three minutes

Help kids overcome cyber bullying trauma (See and Say) With cases of cyber bullying on the rise, experts believe that empathising and having an open conversation is the ideal way to deal with children who have undergone the traumatic experience, which often causes them to become withdrawn, secretive, aggressive, depressed or even prone to self-harm

Research and Development

Your Brain Waves Could Replace Passwords (TechCrunch) Researchers at Binghamton University have discovered that, with a bit of training, your computer can identify you based on the way your brain reacts to certain words. This means that instead of a password you could simply listen to a few words and unlock your super secret files

DARPA Taps Raytheon, Vencore Subsidiaries for IP Cyber Research Program (GovConWire) The Defense Advanced Research Projects Agency has awarded Raytheon's (NYSE: RTN) BBN Technologies subsidiary and Vencore's Applied Communication Sciences separate research contracts under the Edge-Directed Cyber Technologies for Reliable Mission program

Stopping Malware (Newswise) [DHS] S&T to demonstrate malware detection technologies

Academia

Gurgaon varsity rolls out 2-year masters degree in cybersecurity (Times of India) The Gurgaon-based ITM University has introduced a masters degree in cybersecurity. The course, the university claims, is the first of its kind in Delhi-NCR, though institutes in other Indian cities do offer such courses

Legislation, Policy, and Regulation

After Partial NSA Reform, Expanded Internet Surveillance Of Americans Emerges (TechCrunch) The Obama administration expanded the National Security Agency's (NSA) warrantless surveillance of Americans' international web traffic in pursuit of Internet hackers, the New York Times reported Thursday

Edward Snowden: The World Says No to Surveillance (New York Times) Two years ago today, three journalists and I worked nervously in a Hong Kong hotel room, waiting to see how the world would react to the revelation that the National Security Agency had been making records of nearly every phone call in the United States

FBI official calls for legal remedy to access encrypted communications in House hearing on terrorism (FierceHomelandSecurity) A senior FBI counterterrorism official emphasized the need for federal law enforcement officials to have the capability to legally access encrypted devices without the use of backdoors for investigating potential terrorist incidents

The FBI is not able to monitor ISIS's encrypted communications (Security Affairs) The FBI warned lawmakers there was no way to monitor encrypted online communications among sympathizers of the ISIS, it urges a law to give them more powers

Congress to Hold Hearing On 'Terrorism Gone Viral' After Garland Shooting (NBC 5 Dallas Fort Worth) Federal officials are holding a hearing Wednesday on terrorists' use of social media in the aftermath of the deadly May 3 shooting at a Prophet Muhammad cartoon contest in Garland

Jocelyn Samuels: Privacy and data sharing can coexist (FierceHealthIT) OCR Director also says agency faces resource constraints as it moves forward with second round of HIPAA audits

Health Datapalooza: Government officials talk public health data, information blocking (FierceHealthIT) Government leaders spoke about the importance of empowering communities and patients through public health data as well as the need to ensure that health information is protected during Health Datapalooza this week

Army rolls out path for cyber operations specialty, retention bonuses to bolster cyber workforce (FierceGovernmentIT) Eligible members of the Army's active duty and enlisted personnel now have a clear path for reclassifying as cyber operations specialists

California passes law requiring warrant to search computers, cellphones and tablets (Naked Security) The hodgepodge of US state and federal laws about phone searches, some of which say that police need a warrant and some of which say they don't, just got a bit messier

Litigation, Investigation, and Law Enforcement

Should We Hack Back? The DOJ on Preventing and Combating Cybercrime (National Law Review) "No," says U.S. Assistant Attorney General Leslie R. Caldwell. At the most recent Cybersecurity Law Institute held at Georgetown University Law Center in late May, the head of the U.S. Department of Justice's (DOJ) Criminal Division offered guidance to attendees on how to prevent and combat cybercrime

The Internet Of Things (You Can Sue About) (Forbes) In a world where connected devices will soon outnumber connected users six to one, attention must be paid to the security of those connections

Exclusive: Inside Washington's Quest to Bring Down Edward Snowden (Vice News) A bipartisan group of Washington lawmakers solicited details from Pentagon officials that they could use to "damage" former NSA contractor Edward Snowden's "credibility in the press and the court of public opinion"

Amnesty Launches "Don't Punish Edward Snowden" Campaign (HackRead) The Amnesty International (United Kingdom) launched an online petition in support of ex-NSA spy and now a whistleblower Mr. Edward Snowden, urging people from around the world to help organization reach 20,000 signatures

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, June 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...

Seventh Annual Information Security Summit (Los Angeles, California, USA, June 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive,...

ShowMeCon (St. Louis, Missouri, USA, June 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into...

Cloud Identity Summit 2015 (La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the...

NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, June 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia,...

Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, June 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by...

Fraud Summit Boston (Boston, Massachusetts, USA, June 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include...

CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, June 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors...

19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, June 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still...

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative...

Cornerstones of Trust 2015 (San Mateo, California, USA, June 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations...

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers...

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues —...

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations...

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges...

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting...

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring...

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational,...

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow...

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part...

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.