A protest nominally organized by Anonymous — #OpC51 — took down a number of Canadian federal websites yesterday. The denial-of-service attack was intended to register opposition to that country's anti-terror legislation.
Duqu 2.0 remains under analysis. The incident prompts consideration of the ease with which false flags can be planted, and the attendant challenges of attribution.
ISIS continues to enjoy a propaganda advantage in the information war it's waging with the rest of the world. That advantage is difficult to characterize (Foreign Policy contents itself with "je ne sais quoi") but whatever it is, an effective counter narrative will require real, tangible content, not, as a former ambassador bitterly puts it, "magic social media or public diplomacy pixie dust."
The US OPM breach expands, and has now reached the personal information of Congressional staffers. Outrage expands, too, and most of it's directed against US Government IT security as implemented by the Office of Personnel Management. Former NSA (and CIA) director Michael Hayden states his opinion plainly: don't get mad at the Chinese services — those services were pursuing an entirely "legitimate foreign intelligence target." The OPM affair prompts some lessons to be drawn, best practices to be recommended.
Researchers demonstrate (and name) a new vulnerability in OS X and iOS, "Cored" or "Xara," affecting Keychain credential management.
Symantec warns of a new password recovery scan.
Tor Browser has been upgraded. Drupal addresses multiple security issues.
Australia and the US independently pursue regional cyber cooperation.
The FBI's still looking at the St. Louis Cardinals.
Today's issue includes events affecting Afghanistan, Australia, Canada, China, Germany, India, Iran, Iraq, Israel, Mexico, Russia, Syria, United Arab Emirates, United Kingdom, United States.
Analysis of CVE-2015-2360 — Duqu 2.0 Zero Day Vulnerability(TrendMicro Security Intelligence Blog) The recent Duqu 2.0 targeted attack used several zero-day vulnerabilities as part of its attack. One of the vulnerabilities used was CVE-2015-2360, which was fixed by MS15-061 as part of the June Patch Tuesday release. Like CVE-2015-1701, this is also in the Win32k.sys file, which is commonly targeted by attackers to bypass existing vulnerability mitigation techniques
Where ISIS Has Directed and Inspired Attacks Around the World(New York Times) The arrest on Saturday of a Queens college student on charges of conspiring with the Islamic State is just the most recent example of the group's global strategy, which began about one year ago and has resulted in attacks or arrests in more than a dozen countries
OPM Breach Includes Congressional Staffers(Roll Call) As government officials answered questions about the recent Office of Personnel Management data breach, former and current congressional staffers processed the notices they are receiving from the agency that they, too, were affected by the breach
Michael Hayden: "Those Records are a Legitimate Foreign Intelligence Target"(Lawfare) Don't blame the Chinese for the OPM hack, says former NSA and CIA Director Michael Hayden. If Hayden had had the ability to get the equivalent Chinese records when running CIA or NSA, he says, "I would not have thought twice. I would not have asked permission. I'd have launched the star fleet. And we'd have brought those suckers home at the speed of light." The episode, he says, "is not shame on China. This is shame on us for not protecting that kind of information." The episode is "a tremendously big deal, and my deepest emotion is embarassment"
CVE-2014-4114: Tracing the Link(ThreatGeek) In June 2015, we published Fidelis Threat Advisory #1017 and a blog post on unrelated hostile cyber criminal activity based on the exploitation of CVE-2014-4114, using a novel technique leading to zero antivirus detections for this well-known vulnerability
Security Patches, Mitigations, and Software Updates
Tor Browser 4.5.2 is released(Tor) A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory
Drupal Releases Security Updates(US-CERT) Drupal has released updates to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to gain access to a system account, including an administrator's
Federal records hack underscores overconfidence in records management policies(FierceContentManagement) In light of the recent federal records data breach, a recent survey of 150 federal workers involved with records management takes on a whole new meaning. Fourteen federal organizations were surveyed, including the Department of Veteran's Affairs. While the VA itself wasn't hacked, an unknown number of files belonging to active and retired military members were stolen
Report: Little Being Done to Combat Insider Threats(National Defense) Despite high profile cases of employees stealing information from intelligence agencies and the military, companies and organizations are taking few steps to thwart insider threats, a recently released report said
Why break in, if you can simply login?(Help Net Security) I was asked the other day why so many security breaches are hitting the headlines and are seemingly getting larger and more frequent. The game of cyber security has changed significantly over the years and defenders are slow to modify their playbooks and tactics
Asset managers at risk from cyber-attacks(Global Investor) Asset managers, relatively protected until now, are increasingly at risk from cyber-attacks. Hannah Smithies explores what can be done to guard against new threats
Time to Embrace Cloud Security as a Service(MSPmentor) If you've heard it once, chances are, you've heard it a hundred times: organizations still hesitant to adopt to the cloud feel this way because of a perceived lack of security
The Cyber Security Market Is Still Strong (In Case You Forgot)(Benzinga) A new report by Bank of America analyst Tal Liani focuses on the latest numbers from the cybersecurity space and discusses Bank of America's outlook for several of the major cybersecurity players. The report also includes several price target hikes for cybersecurity stocks
LinkedIn Goes Public with its Private Bug Bounty(Threatpost) Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve security overall
Key Management Reshuffle Inside Microsoft(24/7 Wall Street) Microsoft Corp. (NASDAQ: MSFT) is looking to shake things up. The company plans to shift some of its senior leaders around in an effort to address evolving trends within Microsoft's space
Bird lands executive role at Symantec(MicroScope) The moment when Symantec splits into two is moving ever closer and the vendor is finalising the excutive team thay will take the business forward
Apple working with MobileIron to ship enterprise apps(FierceMobileIron) Apple has been working with MobileIron on OneTouch, a MobileIron service that packages and secures enterprise iOS apps for organizations and pushes them to their users, according to a MobileIron spokeswoman
Stale, dead apps emerging as serious mobile security risks(TechTarget) While there's plenty of information available today pertaining to enterprise cybersecurity risks and mitigation strategies, there is a lack of data specifically focused on the mobile security risks of employee devices and apps
Using Image Search Tools to Improve Your Security Program(Cyveillance Blog) Last week we discussed our expanded Global Intelligence capabilities, the first of two recent enhancements to the Cyveillance Cyber Threat Center™. Today, we will go over the second new feature, Content-based Image Retrieval (CBIR)
Why You Might Want To Encrypt Your Syslogs Now(IT Jungle) Every day millions of IBM i server events are packaged up in the syslog standard and sent offsite for safekeeping and analysis. In many cases, the syslog files are sent in plain text across the wire because, hey, they're just boring old log files, and what could anybody ever do with those, right? Wrong
Emulating the security analyst with software(Help Net Security) This is the second installation of a two-part article discussing why static security detection methods can no longer protect enterprises from advanced hacking efforts. In this installation, the author will discuss why the security industry must begin to look at a more dynamic approach to security alerts
OPM Breach Offers Tough Lessons For CIOs(InformationWeek) While your enterprise may have a chief information security officer and a robust data governance department, CIOs and IT organizations are the ones on the front lines of protecting enterprise data. What lessons can we draw from the OPM breach?
IoT is the password killer we've been waiting for(IT World via CSO) IoT, with its tiny screens & headless devices, will drive an authentication revolution. It's a short leap from the kind of two-factor authentication used on the Apple Watch to proximity-based authentication that does away with any user interaction. Passwords are just the canary in the coalmine
Cyber Citizenship Heads to Texas Public Middle Schools(Huffington Post) Ninety two percent of teens report going online daily — including 24 percent who say they go online "almost constantly," according to a new study from Pew Research Center; April, 2015. Today's tween and teens are given a powerful tool that enables them to connect with people, places and things globally with little to no Cyber Citizenship education. A lack of cyber education puts teens and tweens at a greater risk of human trafficking, identity theft and cyber bullying
Legislation, Policy, and Regulation
Foreign Groups Fear China Oversight Plan(New York Times) A remarkable assortment of foreign organizations set up shop in China in the decades after its emergence from isolation under Mao Zedong, offering good will, money and expertise that helped link the nation more closely to the rest of the world and turn it into the global powerhouse it is today
Industry Weighs In on Data Security, Cybersecurity Legislation(JDSupra) Members of the financial industry were able to share their positions and voice concerns at a recent hearing held by the House Committee on Financial Services. Discussing "Protecting Consumers: Financial Data Security in the Age of Computer Hackers," representatives from the Financial Services Roundtable, the Electronic Transaction Association, and the PCI Security Standards Council (as well as a voice from the retail industry and tech sector) talked about the elements of the multiple data security and privacy bills currently pending before Congress
Opinion: The reasonable expectation fallacy(Christian Science Monitor Passcode) The ability to delete yourself from the Web doesn't really matter. What really matters in the age of advanced surveillance is the right to not be correlated. Technology is always watching and capturing you, but the correlation is where the danger lies. Laws can change that, but only if enacted soon
GOP, White House clash over cyber center(The Hill) The White House is pushing back against the Republican vision for the administration's new cyber agency, claiming the GOP has bigger plans for it than the administration ever intended
Pentagon seeks to hold its IT users more accountable for cyber missteps(Federal News Radio) The Defense Department has no shortage of regulations designed to encourage and enforce good cybersecurity behavior on its own networks. But DoD's chief information officer said as of now, there are too few consequences for users who run afoul of those rules. That's about to change
Release of U.S. Coast Guard Cyber Strategy(Coast Guard Compass) For more than two centuries, the U.S. Coast Guard has harnessed innovations and leveraged new capabilities to ensure safety, security and stewardship across the maritime domain. In continuing a proud history of responding to the nation's maritime needs, the Coast Guard has fully embraced a new operating domain — cyberspace
Litigation, Investigation, and Law Enforcement
OPM: Data Breach(Full House Committee on Oversight and Government Reform) To provide Members an opportunity to gain information on the nature and extent of the recent U.S. Office of Personnel Management (OPM) data breach
Oversight chair wants officials fired over hack(The Hill) House Oversight Chairman Jason Chaffetz (R-Utah) called on President Obama to fire at least two top officials from the embattled Office of Personnel Management (OPM) over their role in the massive data breach that has rattled the government
Congress seeks to block U.S. intel from German NSA probe(Washington Times) President Obama wants to share U.S. secrets with a German parliamentary committee investigating the National Security Agency's spying in Germany. The move is in direct opposition to Congressional restrictions, which were added to the fiscal 2016 intelligence authorization bill that would block intelligence sharing
Opinion: Is Surespot the latest cryptowar victim?(Christian Science Monitor Passcode) The encrypted chat app has been mum since suggesting it was about to receive a government subpoena. Its silence implies that the government may be snooping on its users, which have included Islamic State militants
News sites can be held responsible for user comments(Naked Security) News site is responsible for hate-filled comments, says EU courtFreedom of expression and the often swill-filled comment sections it supports got slapped upside the head on Tuesday when the European Court of Human Rights (ECHR) ruled that an online news site can be fined for comments left by anonymous readers
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Global Cyberspace Cooperation Summit VI(New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...
Gulf Cooperation Council Cyber Security Summit(Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.
Information Management Conference 2015(Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative...
AFCEA Defensive Cyber Operations Symposium(Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...
2015 Community College Cyber Summit (3CS)(North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers...
Suits and Spooks All Stars 2015(New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues —...
REcon 2015(Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations...
Nuit du Hack 2015(Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges...
Fifth Annual International Cybersecurity Conference(Tel Aviv, Israel, June 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber...
Cybersecurity Executive Roundtable(Blacksburg, Virginia, USA, June 23, 2015) experts from across the country will convene at Virginia Tech to meet with rising cybersecurity talent to discuss solutions for the country's cyber workforce shortage in an executive roundtable titled...
Cyber Security for Defense(Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting...
AFCEA PNC Tech & Cyber Day(Tacoma, Washington, USA, June 25, 2015) The Armed Forces Communications & Electronics Association (AFCEA) - Pacific Northwest Chapter (PNC) will once again host the 5th Annual Information Technology & Cyber Day at Joint Base Lewis-McChord (JBLM)...
Cybersecurity Outlook 2016(Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational,...
NSA Information Assurance Symposium (IAS) 2015(Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...
US News STEM Solutions: the National Leadership Conference(San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow...
Information Assurance Symposium(Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...
Cyber Security for Healthcare Summit(Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part...
Cybergamut Tech Tuesday: The Truth About Security Your System(Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic...
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.