International cyber tensions lead the day's news, and they're not confined to the fraught relationship between the United States and China.
Recorded Future provides context for the cyber tensions currently prevailing between Iran and Saudi Arabia. In the UK, the Telegraph (slightly breathlessly but not without reason) sees heightened Russian and Chinese cyber espionage as the harbinger of a renewed cold war. France considers offering Edward Snowden and Julian Assange asylum in an apparent riposte to leaks alleging US surveillance of the Élysée.
And, of course, the Office of Personnel Management (OPM) hack continues to unfold in the US. Director of National Intelligence Clapper is less shy than NSA Director Rogers in attributing the intrusion to China, and even says, "Please don't take this the wrong way — you've got to salute the Chinese for what they did," that is, pursue a legitimate foreign intelligence target.
The Senate, led by Senator McCain, continues to excoriate both OPM and its director, and indeed the increased scrutiny of the dot-gov space isn't doing much for the Government's reputation for cyber security. (It's worth clarifying, as we did yesterday and CSO does today, that Newsweek's headline pointing to an FBI breach was misleading: FBI personnel records held at OPM were compromised, but that's OPM, not the Bureau.)
Cisco and Thycotic both issue significant patches.
Congratulations are in order to PFP Cybersecurity and Fortinet, honored respectively by Gartner and Frost and Sullivan, and to CyberPoint, whose CEO EY has named an Entrepreneur of the Year.
Today's issue includes events affecting Austria, Belgium, China, Estonia, European Union, Finland, France, Germany, Iran, Ireland, Israel, Democratic Peoples Republic of Korea, Latvia, Moldova, NATO/OTAN, Netherlands, Nigeria, Norway, Poland, Russia, Saudi Arabia, Turkey, United Kingdom, United States.
Dateline SINET Innovation Summit
SINET Innovation Summit 2015: "Connecting Wall Street, Silicon Valley and the Beltway"(SINET) SINET Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental cybersecurity challenges is critical to the advancement of innovation in the cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on cybersecurity research projects
SEC commissioner urges info sharing, quick action at SINET summit(SC Magazine) "Network security is only effective 24 percent of time," Luis Aguilar, commissioner at the Securities and Exchange Commission (SEC) told an audience of mostly financial industry pros, government officials and tech firms at the SINET Innovation Summit in New York on Thursday
Regulation Systems Compliance and Integrity(US Securities and Exchange Commission) The Securities and Exchange Commission ("Commission" is adopting new Regulation Systems Compliance and Integrity ("Regulation SCI") under the Securities Exchange Act of 1934 ("Exchange Act") and conforming amendments to Regulation ATS under the Exchange Act. Regulation SCI will apply to certain self-regulatory organizations (including registered clearing agencies), alternative trading systems ("ATSs"), plan processors, and exempt clearing agencies (collectively, "SCI entities"), and will require these SCI entities to comply with requirements with respect to the automated systems central to the performance of their regulated activities
The Iranian-Saudi Conflict and Its Cyber Outlet(Recorded Future) Cyber warfare is an increasingly prominent aspect of the Iranian-Saudi hegemonic rivalry in the Middle East. Cyber attacks offer new revenge (e.g., 2012 attack on Saudi Aramco) and propaganda opportunities in this long running "cold war" type conflict
How Cyber Attack on US Personnel Office Erodes Public Confidence(Daily Signal) Americans will become even more reluctant to entrust themselves to the government's electronic records because of the widening scandal of successful cyber attacks on the federal personnel agency, an expert in digital customer satisfaction says
Stolen logins for US government agencies found all over the web(Naked Security) CIA and Google Ventures-backed private company Recorded Future says stolen government login credentials have been spotted all over the web, leading to the possible exposure of logins for 47 US government agencies spread across 89 unique domains
Default SSH Key Found in Many Cisco Security Appliances(Threatpost) Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said that all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability
Sony Should Have Seen the Hack Coming: Report(Variety) Fortune magazine, in a detailed examination of the cyber-hack that crippled Sony Pictures, is asserting that the studio was poorly prepared for the attack and should have seen it coming
Nigerian scammers are stealing millions from businesses(Help Net Security) When someone mentions advanced fee or romance scams most people immediately associate them with Nigerian scammers. But there is another type of scam that these fraudsters actively engage in: the so-called "change of supplier" scam
Q2 2015 State of Infections Report Highlights 'Click-Fraud' as Entry Route for High Risk Ransomware(Damballa) Damballa, the experts in advanced threat protection and containment, today released its Q2 2015 State of Infections Report, highlighting how a device hi-jacked for the purpose of conducting 'click-fraud' can become a conduit for more serious malware such as ransomware. The study cited an example of how a compromised device, originally exploited for the seemingly innocuous purpose of click fraud — a scam to defraud 'pay-per-click' advertisers — became part of a chain of infections, which led within two hours to the introduction of the toxic ransomware CryptoWall — the cyber equivalent of a 'wolf in sheep's clothing'
Stored XSS Flaw Patched in Thycotic Secret Server(Threatpost) Thycotic, a maker of access-control and other security products, has patched a stored cross-site scripting vulnerability in one of its products that could enable an attacker to steal a victim's stored passwords
The price of a data breach(Business Insider) Around $400 million were lost when 700 million private records from 70 organizations were exposed to hackers according to Verizon's 2015 Data Breach Investigations Report
The Internet of Things and Legal Risks(Legaltech News) Legaltech West 2015 panel will discuss the growing prominence of wearables, the Internet of Things and how they're likely to affect the practice of law
Are the Hacks on Mr. Robot Real?(Avast! Blog) Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network. The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night
The Fight for Cloud Security Supremacy(Channel Partners) If you thought the Internet of Things was set to take off, there might be an even bigger opportunity brewing for partners in cloud security
Palantir Technologies Intrigues Investors Despite Its Mysteries(New York Times) Palantir Technologies' mystery inflates its valuation. The firm, a private data analytics company backed and beloved by government intelligence, is raising $500 million in fresh cash, giving it a potential valuation of $20 billion and landing it fairly high on the list of so-called unicorns
Exclusive: SRA International seeks $2 billion sale or IPO(Reuters) SRA International Inc is exploring a sale or initial public offering that could value the U.S. defense information technology company at around $2 billion, including debt, people familiar with the matter said on Thursday
Security Firm Sophos To Raise $125M In UK IPO, Valuing It At $1.6B(TechCrunch) Sophos, the security company that makes antivirus software, firewall hardware and other products for networks, individual users and servers, is going public this morning on the London Stock Exchange, with Sophos Group plc to trade as "SOPH." In its initial public offering, the company will sell 34.8% of its shares at 225 pence each (or 156,521,740 shares). It plans to raise $125 million on a valuation of £1.013 billion ($1.6 billion) — making it the latest tech "unicorn" to come out of the UK
How to Land Yourself in A Dream Career in Cybersecurity(Cisco Blogs) Last week I had the wonderful honor of being a presenter in the Cisco Networking Academy Find Yourself in The Future Series. To date this series has attracted over 9000 live attendees, which is testament to the extremely high levels of interest in technology careers in this region as well as the extraordinary efforts of the APAC marketing team. One figure blew me away in particular: 70% of attendees are interested in pursuing careers in cybersecurity
EY Entrepreneur of the Year winners revealed(Baltimore Business Journal) The buzz word was growth at this year's EY Entrepreneur of the Year awards on Thursday night in Baltimore as seven companies took home top honors in the annual competition that rewards innovation and financial performance
Invincea Tackles Endpoint Security With First Installment Of Monthly Threat Report(Homeland Security Today) New technology threats and dangerous trends spring up on a daily basis, including numerous incidents threatening endpoint security. Within the past week alone, there have been weaponized Word documents endpoints in Japan. And a recent trend has emerged where Facebook passwords are stolen, accounts infiltrated and malware spread via multiple pathways without detection
Defensive and Offensive Security Domains(Dark Matters) Talk to most security consultants and the theme of their advice would be to park your goods in the middle of the road and then deploy sentries to defend against the incoming
How do you recover from a hack?(WeLiveSecurity) Recent high-profile data breaches at the US Office of Personnel Management (OPM), Adult Friend Finder and the German Parliament illustrate criminals' insatiable appetite for data and financial reward
GPS celebrates its 20th anniversary(FierceGovernmentIT) The Global Positioning System — another technological tool most of us have come to unconsciously rely on every day — is turning 20
Design and Innovation
Real-Time Cyber Attacks worldwide(Capital Technologies) A new website demonstrates in a fascinating way the cyber attacks in real time. The result is taken as a computer game or a science from Terminator
Carter: NATO must gird for cyber battlefield(Stars and Stripes) NATO needs to better prepare for unconventional hybrid threats, even as it heightens its military readiness, U.S. Defense Secretary Ash Carter said Thursday
US partners with Estonia on cybersecurity, digital services(FierceGovernmentIT) Speaking in Talinn, Estonia, Defense Department Secretary Ash Carter announced a new initiative to bolster NATO's cybersecurity efforts, while 18F employees met with Estonian technologists in Washington to learn from one another's digital services offerings
Privacy outcry over proposal to reveal website owners' identities(Naked Security) Privacy outcry over proposal to reveal website owners' identitiesPeople fighting for their privacy rights are deluging domain overseer ICANN with comments opposing a proposal that would strip the rights of commercial domains to use proxy services to shield registrants' true identities and addresses
DHS rushes to complete cyber defense programs for agencies(Federal News Radio) The Department of Homeland Security says it is ramping up its efforts to detect cyber threats against agencies both inside their networks and at the points at which they intersect with the public Internet. One key element of the government's threat detection strategy almost will be entirely in place by the end of September
Coast Guard Unveils New Cyber Strategy(Military.com) The Coast Guard's leadership has outlined a new cyber strategy while renewing long-standing complaints that a lack of funding has hamstrung proven efforts to interdict drug trafficking
France may offer Edward Snowden, Julian Assange asylum(Stuff) France's Justice Minister has canvassed possible asylum for WikiLeaks founder Julian Assange and former US intelligence contractor Edward Snowden as WikiLeaks and French newspapers promise further revelations of US espionage against the French government and private companies
Turkish cyber attack suspect appears in New York court(AFP via the Hurriyet Daily News) A 33-year-old Turkish man extradited to New York appeared in court on June 24 on charges that he organized three cyber attacks costing the global financial system $55 million, prosecutors said
FBI Rounding Up Islamic State Suspects(BloombergView) The FBI has been rounding up more potential "lone wolf" terrorists, Congressional leaders and the Justice Department say, in response to the perception of a mounting threat of domestic attacks inspired by the Islamic State
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Buy-Side Technology North American Summit(New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges...
Cyber Security for Defense(Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting...
Cybersecurity Outlook 2016(Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational,...
NSA Information Assurance Symposium (IAS) 2015(Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...
US News STEM Solutions: the National Leadership Conference(San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow...
Information Assurance Symposium(Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...
Cyber Security for Healthcare Summit(Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part...
Cybergamut Tech Tuesday: The Truth About Security Your System(Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic...
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.