Documents purloined and released by Snowden reportedly describe New Zealand surveillance of Pacific island nations.
AnonGhost continues its baffling efforts to support the Palestinian cause by hacking small-town America: this week it's the Latimer County, Colorado, Sheriff's turn. Such targets are probably selected because they're American and relatively poorly protected.
Apple says fixes for the FREAK vulnerability in OS X and iOS versions of Safari are coming. Lots of how-to-tell-if-you're-at-risk advice is out.
Monitoring tools (legitimate ones, like parental controls) can be used as spyware, and Microsoft reports finding malicious adaptations in downloadable games: keyloggers, screenshot grabbers, etc.
Trend Micro describes "PwnPOS" as new or at least under-the-radar point-of-sale malware. BriMorLabs objects that the malware isn't new: it's been on forensic analysts' radar for several years.
The watering hole discovered in North Korean official news sites in January may not have been the work of the obvious suspect: the Kim regime. Kaspersky believes those responsible are third-party hackers. Their code bears some similarity to Darkhotel. (The affected DPRK websites remain infected.)
The Christian Science Monitor's Passcode reports on the difficulty of attribution.
A survey by NYSE Governance Services suggests that day-to-day risk oversight has become a central concern of corporate boards.
In industry news, Novetta may be for sale, Box buys Subspace, and IBM Watson picks up AlchemyAPI for natural language processing, image recognition, and behavioral analysis.
The US and China do some mutual scowling over their respective security policies.
Former Secretary of State Clinton's non-governmental email raises eyebrows higher.
Today's issue includes events affecting Australia, Brazil, Canada, China, Fiji, French Polynesia, Kiribati, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Nauru, New Caledonia, New Zealand, Papua New Guinea, Russia, Samoa, Solomon Islands, Taiwan, Tonga, United Arab Emirates, United Kingdom, United Nations, United States, and Vanuatu.
Beware of spyware concealed inside games(Help Net Security) Monitoring tools can be used for legitimate and malicious purposes. The first category includes parental control and employee monitoring software, the second one screenshot grabbers, keyloggers, voice or video recording tools — in short, spyware
And you get a POS malware name…and you get a POS malware name…and you get a POS malware name....(BriMorLabs Blog) This morning I woke up to find Trend Micro/Trend Labs had a new post on an "old undetected PoS malware" which they have called "PwnPOS". I was interested at first, but this looks like just another case of randomly assigning names to malware and/or threat actors. Unfortunately for the folks at Trend, who usually put out pretty good work, the scraper in question (which is an executable file that I have personally seen with many names, but we will refer to it as "wnhelp.exe") is old
Revealing Anonymous and its web of contradictions(Christian Science Monitor: Passcode) The hacktivist collective Anonymous has gone through a significant evolution — shifting from Internet pranksters to prominent global activists. Gabriella Coleman explains the often misunderstood Anonymous phenomenon in her book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous"
Hacker or spy? In today's cyberattacks, finding the culprit is a troubling puzzle(Christian Science Monitor: Passcode) The Sony hack revealed the challenges of identifying perpetrators of cyberattacks, especially as hackers can masquerade as government soldiers and spies, and vice versa. It's a dangerous new dynamic for foreign relations, especially as what governments know about hackers — and how they know it — remains secret
How directors manage today's key challenges(Help Net Security) A nationwide survey of nearly 500 directors highlighted that daily risk oversight continues to be one of the central challenges facing boards, as well as an increased focus on shareholder engagement and board composition
Cloud Security Alliance New Survey Finds Financial Firms Are In Search Of A Cloud Strategy(The Street) Many financial firms are slowly putting more stock in the cloud. That's a key finding from a new Cloud Security Alliance (CSA) survey, titled How Cloud is Being Used in the Financial Sector. The survey targeted executives from banking, insurance and investment firms around the world. While the survey found that cloud computing is becoming more and more prevalent throughout the financial sector, many respondents indicated having less than 50 percent of a solidified, concerted cloud strategy with controls and security being a main concern
A New Approach To Protecting Healthcare Data Security(Healthcare Informatics) Cybercrime is a massive social and political issue, with new breaches discovered or reported almost daily. The financial and reputational costs are also massive — to the government, healthcare organizations, and patients. To tackle this problem, the vast cadre of talent in the government and within healthcare organizations should take a new approach to solving the cybersecurity problem: curtail the current "audits and penalties" approach and work together to fix the root of the problem by building an infrastructure that can truly protect this sensitive data
Defending Against Maritime Cyber Security Threats(In Homeland Security) The Maritime Cyber Security Seminar and Symposium at CCICADA wrapped up Tuesday with many takeaways provided by the various expert speakers and panelists. The symposium was co-sponsored by Rutgers University and American Military University
Law Firms to Form Cybersecurity Alliance(American Lawyer) As pressure to strengthen defenses against security breaches increases, at least five Am Law 100 and Magic Circle firms are working to form an alliance that would allow them to ultimately share information with each other about cyber threats and vulnerability
Palo Alto Revenue Soars On Growing Cybersecurity Threat(Seeking Alpha) Demand for Internet security solutions is soaring as cyber attacks are becoming more frequent and more sophisticated. Palo Alto is very well positioned in the industry and has been delivering consistently impressive revenue growth. There are as of yet no signs of slowing demand, which should provide more upside during 2015
Axcient's Strategy Shift Grabbing Sales From Symantec and NetApp(Forbes) "Who is our customer?" seems to be a fundamental question that would be hard to get wrong. But in the real world the answer is often not simple — sometimes the customer who determines the rate at which your business grows is your independent distributor, rather than your product's end-user
Cybersecurity Jobs are in High Demand; Got What it Takes?((ISC)² Blog) With security attacks dominating news headlines, it's no secret that global cybersecurity professionals are in high demand. According to the (ISC)² 2013 Global Information Security Workforce Study, two out of three C-level respondents reported security staff shortages
New platform helps fend off high volume cyber attacks(Beta News) Cyber attacks are getting bigger and more complex and are targeting many different types of organization and industry. This means defending against them is more than ever a major concern for businesses
Avast announces two apps that will clean up, speed up your phone(Android Community) Anybody who's anybody in the smartphone and mobile device industry is at the MWC 2015 in Barcelona, including famed antivirus and security software experts Avast who have themselves just announced two new mobile apps that will aim to "clean up" our phones. "Avast GrimeFighter" is a no-nonsense clean up app, while "Avast Battery Saver" says it all in the name
Cuckoo Sandbox 1.2(Cuckoo Blog) A number of new tools, forks, services and products emulating our efforts have been appearing casting some shadows and doubts on the future of our project. Fear not, we are as committed as ever to produce one of the best free software resources to the malware research community
China and US cross swords over software backdoors(ComputerWeekly) China has rejected US president Barack Obama's criticism of its plans to force technology firms that want to trade in China to share their encryption keys and put backdoors in their software
Rights Groups Call For New UN Privacy Watchdog(Infosecurity Magazine) Over 60 rights and public interest groups have joined forces to lobby governments around the world into persuading the United Nations to establish a dedicated privacy watchdog
Cyber commands coordinate strategies(C4iSR and Networks) As the number of serious online attacks multiply, U.S. Cyber Command (CYBERCOM) and its subordinate commands, including the 24th Air Force, 10th Fleet and Army Cyber Command, are developing joint strategies to both defend their networks and strike against confirmed adversaries
Exclusive: Energy Department Gets New CIO(Nextgov) The Energy Department has selected its next chief information officer. Agency officials confirmed to Nextgov that Michael Johnson, currently the assistant director for intelligence programs at the Office of Science and Technology Policy, will replace Energy's interim CIO, Don Adcock
Litigation, Investigation, and Law Enforcement
Clinton’s E-Mail Built for Privacy Though Not Security(Bloomberg Business) A week before becoming secretary of state, Hillary Clinton set up a private e-mail system that gave her a high level of control over communications, including the ability to erase messages completely, according to security experts who have examined Internet records
Hillary Clinton's personal email account looks bad now. But it was even worse at the time(Vox) The New York Times report that Hillary Clinton used a personal rather than governmental email account during her four years at the State Department looks bad. In addition to creating a security risk, this practice circumvented (though may or may not have outright violated) federal record-keeping regulations that are meant to keep government business transparent
Why Clinton's private email account was a danger to national security(Vox) Most of the criticism following the revelation that Hillary Clinton used a personal email account for official business as Secretary of State has been based on suspicions that she was trying to evade transparency laws that require federal officials to preserve their communications
Person in custody in Maryland shootings, damaged NSA building(AP via Stars and Stripes) A person believed responsible for shootings along highways over the last two weeks in the Baltimore-Washington area, including shots that damaged a National Security Agency building, is in custody, the FBI said early Wednesday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Fraud Summit Altanta(Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include...
Global APT Defense Summit(Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection,...
Fraud Summit Dubai(Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...
Fraud Summit London(London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include...
Boston SecureWorld(Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Mercury Proposers' Day Conference(IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of...
OISC: Ohio Information Security Conference(Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...
RiSK Conference 2015(Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.
B-Sides Vancouver(Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit(Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...
2015 North Dakota Cyber Security Conference(Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...
Philadelphia SecureWorld(Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
2015 Cyber Security Summit(McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...
BSides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11(Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...
Cyber Security Conference 2015(Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...
CyberTech Israel 2015(Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...
2nd Annual ISSA COS Cyber Focus Day(Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...
28th Annual FISSEA Expo(Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...
CYBERWEST: the Southwest Cybersecurity Summit(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.