skip navigation

More signal. Less noise.

Daily briefing.

Documents purloined and released by Snowden reportedly describe New Zealand surveillance of Pacific island nations.

AnonGhost continues its baffling efforts to support the Palestinian cause by hacking small-town America: this week it's the Latimer County, Colorado, Sheriff's turn. Such targets are probably selected because they're American and relatively poorly protected.

Apple says fixes for the FREAK vulnerability in OS X and iOS versions of Safari are coming. Lots of how-to-tell-if-you're-at-risk advice is out.

Monitoring tools (legitimate ones, like parental controls) can be used as spyware, and Microsoft reports finding malicious adaptations in downloadable games: keyloggers, screenshot grabbers, etc.

Trend Micro describes "PwnPOS" as new or at least under-the-radar point-of-sale malware. BriMorLabs objects that the malware isn't new: it's been on forensic analysts' radar for several years.

The watering hole discovered in North Korean official news sites in January may not have been the work of the obvious suspect: the Kim regime. Kaspersky believes those responsible are third-party hackers. Their code bears some similarity to Darkhotel. (The affected DPRK websites remain infected.)

The Christian Science Monitor's Passcode reports on the difficulty of attribution.

A survey by NYSE Governance Services suggests that day-to-day risk oversight has become a central concern of corporate boards.

In industry news, Novetta may be for sale, Box buys Subspace, and IBM Watson picks up AlchemyAPI for natural language processing, image recognition, and behavioral analysis.

The US and China do some mutual scowling over their respective security policies.

Former Secretary of State Clinton's non-governmental email raises eyebrows higher.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, Fiji, French Polynesia, Kiribati, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Nauru, New Caledonia, New Zealand, Papua New Guinea, Russia, Samoa, Solomon Islands, Taiwan, Tonga, United Arab Emirates, United Kingdom, United Nations, United States, and Vanuatu.

Cyber Attacks, Threats, and Vulnerabilities

New Zealand spying on Pacific islands, Snowden leaks say (BBC) New Zealand is conducting mass surveillance over its Pacific neighbours, reports citing documents leaked by US whistleblower Edward Snowden say

Larimer County Sheriff's Office Website Hacked by Pro-Palestinian Hackers (HackRead) The official website of Colorado's Larimer County Sheriff's Office ( LCSO) was hacked early Tuesday morning by famous hacking group AnonGhost

Millions of Apple and Google customers are vulnerable to a decades-old 'FREAK' hack (Business Insider) Millions of Apple and Google customers are at risk of having their confidential details stolen by hackers thanks to a newly-discovered "FREAK" vulnerability

Time to FREAK out? How to tell if you're vulnerable (Computerworld via CSO) Fixes for Safari on OS X and iOS are coming, says Apple

GoPro Wireless Network Password Exposed Through Flaw in Update URL (Softpedia) A security researcher from Israel found that the passwords for the GoPro WiFi networks can be easily retrieved through the reset mechanism available from the vendor's servers

Beware of spyware concealed inside games (Help Net Security) Monitoring tools can be used for legitimate and malicious purposes. The first category includes parental control and employee monitoring software, the second one screenshot grabbers, keyloggers, voice or video recording tools — in short, spyware

New PoS malware family discovered (Help Net Security) A new family of PoS malware has been discovered and analyzed by Trend Micro researchers

And you get a POS malware name…and you get a POS malware name…and you get a POS malware name.... (BriMorLabs Blog) This morning I woke up to find Trend Micro/Trend Labs had a new post on an "old undetected PoS malware" which they have called "PwnPOS". I was interested at first, but this looks like just another case of randomly assigning names to malware and/or threat actors. Unfortunately for the folks at Trend, who usually put out pretty good work, the scraper in question (which is an executable file that I have personally seen with many names, but we will refer to it as "wnhelp.exe") is old

North Korean Government Not Likely Behind Malware On Nation's Official News Site (Dark Reading) Contrary to initial assumptions of North Korean government involvement, watering hole attack appears to be the work of external hackers — and contains similarities to Darkhotel campaign, security researchers say

Revealing Anonymous and its web of contradictions (Christian Science Monitor: Passcode) The hacktivist collective Anonymous has gone through a significant evolution — shifting from Internet pranksters to prominent global activists. Gabriella Coleman explains the often misunderstood Anonymous phenomenon in her book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous"

Financial Trojans in 2014 — Symantec reports a significant drop in infections (Security Affairs) Symantec revealed observed a significant drop in the number of Financial Trojans in 2014, a report includes a detailed analysis of the phenomena

Security Fail: Why Call Centers Leave Us Hanging (InformationWeek) Call centers act too much like they are running phishing scams, and it is hurting customer service and enterprise security

Cyber Trends

Hacker or spy? In today's cyberattacks, finding the culprit is a troubling puzzle (Christian Science Monitor: Passcode) The Sony hack revealed the challenges of identifying perpetrators of cyberattacks, especially as hackers can masquerade as government soldiers and spies, and vice versa. It's a dangerous new dynamic for foreign relations, especially as what governments know about hackers — and how they know it — remains secret

How directors manage today's key challenges (Help Net Security) A nationwide survey of nearly 500 directors highlighted that daily risk oversight continues to be one of the central challenges facing boards, as well as an increased focus on shareholder engagement and board composition

Cloud Security Alliance New Survey Finds Financial Firms Are In Search Of A Cloud Strategy (The Street) Many financial firms are slowly putting more stock in the cloud. That's a key finding from a new Cloud Security Alliance (CSA) survey, titled How Cloud is Being Used in the Financial Sector. The survey targeted executives from banking, insurance and investment firms around the world. While the survey found that cloud computing is becoming more and more prevalent throughout the financial sector, many respondents indicated having less than 50 percent of a solidified, concerted cloud strategy with controls and security being a main concern

A New Approach To Protecting Healthcare Data Security (Healthcare Informatics) Cybercrime is a massive social and political issue, with new breaches discovered or reported almost daily. The financial and reputational costs are also massive — to the government, healthcare organizations, and patients. To tackle this problem, the vast cadre of talent in the government and within healthcare organizations should take a new approach to solving the cybersecurity problem: curtail the current "audits and penalties" approach and work together to fix the root of the problem by building an infrastructure that can truly protect this sensitive data

Cyber attacks and data loss key concerns for supply chain relationships (Canadian Underwriter) Third-party security is a top business concern for enterprises, but there is a steep disconnect in resources available to adequately and objectively manage this security, suggested a new study released on Tuesday

Defending Against Maritime Cyber Security Threats (In Homeland Security) The Maritime Cyber Security Seminar and Symposium at CCICADA wrapped up Tuesday with many takeaways provided by the various expert speakers and panelists. The symposium was co-sponsored by Rutgers University and American Military University

Marketplace

A new breed of startups is helping hackers make millions — legally (Verge) The bug bounty business is booming

Law Firms to Form Cybersecurity Alliance (American Lawyer) As pressure to strengthen defenses against security breaches increases, at least five Am Law 100 and Magic Circle firms are working to form an alliance that would allow them to ultimately share information with each other about cyber threats and vulnerability

Cybersecurity company Novetta Solutions up for sale -sources (Reuters) Novetta Solutions LLC, a provider of software and IT services to the U.S. intelligence community, is exploring a sale which could value it at more than $650 million, including debt, according to people familiar with the matter

Box acquires secure browser startup for vertical industry push (FierceMobileIT) Subspace created a containerized web browser, targeting the BYOD market

IBM Buys AlchemyAPI: What Watson Gains (InformationWeek) IBM acquires AlchemyAPI to improve Watson's capacity for natural-language processing, image analysis, and understanding human behavior

Staffing 360 Solutions Announces Sale of Cyber 360 as Part of Company's Pathway to Profitability (Marketwired) Management continues to focus on positioning the company for growth as the sale strengthens its balance sheet and eliminates $1.6 million in liabilities

Data security firm Silicon Safe celebrates £25k Proof of Market grant (Ipswich Star) An East Anglia-based cyber security start-up has secured a £25,000 grant to help prepare its first product for the market place

Palo Alto Revenue Soars On Growing Cybersecurity Threat (Seeking Alpha) Demand for Internet security solutions is soaring as cyber attacks are becoming more frequent and more sophisticated. Palo Alto is very well positioned in the industry and has been delivering consistently impressive revenue growth. There are as of yet no signs of slowing demand, which should provide more upside during 2015

Gemalto shares drop as revenue growth disappoints (Reuters) Revenue growth steady in H2 vs. expected acceleration. Analysts concerned at lack of "real guidance" for 2015. 2017 profit goal raised following SafeNet acquisition

Symantec Rubbishes Comodo Claims of SSL Dominance (Computer Business Review) Squabble breaks out between digital certificate issuers over data

Axcient's Strategy Shift Grabbing Sales From Symantec and NetApp (Forbes) "Who is our customer?" seems to be a fundamental question that would be hard to get wrong. But in the real world the answer is often not simple — sometimes the customer who determines the rate at which your business grows is your independent distributor, rather than your product's end-user

Cybersecurity Jobs are in High Demand; Got What it Takes? ((ISC)² Blog) With security attacks dominating news headlines, it's no secret that global cybersecurity professionals are in high demand. According to the (ISC)² 2013 Global Information Security Workforce Study, two out of three C-level respondents reported security staff shortages

Products, Services, and Solutions

MRG Effitas releases latest Online Banking Browser Security report (Beta News) Security research company MRG Effitas has released its Q4 2014 Online Banking Browser Security report, awarding certification to the top four products: Kaspersky Internet Security, Quarri POQ, Webroot SecureAnywhere and Zemana Antilogger

New platform helps fend off high volume cyber attacks (Beta News) Cyber attacks are getting bigger and more complex and are targeting many different types of organization and industry. This means defending against them is more than ever a major concern for businesses

Perforce and Interset Deliver Industry's First Intellectual Property Threat Detection Integrated with Source Code and Content Management (IT Business Net) Helix threat detection uses behavioral analytics to safeguard source code and other intellectual property against insider threats, account takeovers and malicious attacks

BitSight Delivers Enhanced Capabilities for Security Ratings Platform (IT Business Net) Continued innovation further strengthens BitSight's core offerings and enables easy integration into vendor risk practices and processes

Bluebox Security Raises Bar for Mobile Security With Dynamic App Integrity (MarketWired) New layer of defense protects mobile applications and corporate data in compromised environments

Avast announces two apps that will clean up, speed up your phone (Android Community) Anybody who's anybody in the smartphone and mobile device industry is at the MWC 2015 in Barcelona, including famed antivirus and security software experts Avast who have themselves just announced two new mobile apps that will aim to "clean up" our phones. "Avast GrimeFighter" is a no-nonsense clean up app, while "Avast Battery Saver" says it all in the name

Catbird, Mirantis Partner For OpenStack Security (Talkin' Cloud) Catbird provides software-defined security for virtual infrastructures

Cuckoo Sandbox 1.2 (Cuckoo Blog) A number of new tools, forks, services and products emulating our efforts have been appearing casting some shadows and doubts on the future of our project. Fear not, we are as committed as ever to produce one of the best free software resources to the malware research community

Vane — WordPress Vulnerability Scanner (A GPL fork of WPScan) (Kitploit) Vane is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan

Technologies, Techniques, and Standards

Automation in the Incident Response Process: Creating an Effective Long-Term Plan (SANS Institute) With the right resources in place, attackers can be detected more accurately and efficiently, mitigating damage and data loss from inevitable network attacks. This paper presents a proper process and procedure for incident response that includes the use of automation tools

Cryptography Fundamentals, Part 5 – Certificate Authentication (Infosec Institute) Here's how to verify that the certificate is from the original sender with GnuPG

3 ways to advocate for data security at your company (Help Net Security) There's an unfortunate tendency among many businesses to rank data security well below other functions

Academia

A Guide to Easy Cybersecurity for Journalists (PBS) Northeastern University's Media Innovation program has one goal: Retrain journalists for the digital age

Legislation, Policy, and Regulation

Iran Wants to Befriend Google (Global Voices) Iran has a habit of blocking, unblocking and sometimes re-blocking Google platforms inside the country

Obama Says Tech Companies Won't Be Willing to Comply With Chinese Measures (Wall Street Journal) U.S. officials have already said they are worried about proposed Chinese measures that they say will hurt U.S. companies. Now President Barack Obama has made clear that those worries go straight to the top

China and US cross swords over software backdoors (ComputerWeekly) China has rejected US president Barack Obama's criticism of its plans to force technology firms that want to trade in China to share their encryption keys and put backdoors in their software

Rights Groups Call For New UN Privacy Watchdog (Infosecurity Magazine) Over 60 rights and public interest groups have joined forces to lobby governments around the world into persuading the United Nations to establish a dedicated privacy watchdog

Opinion: Obama's consumer 'bill of rights' should spark national dialogue about privacy (Christian Science Monitor: Passcode) The Obama administration's proposed Consumer Privacy Bill of Rights should be viewed as the basis for starting a national conversation about stronger data protections laws, which are crucial as there is no future in which less data will be collected and used

Clock Ticking For Congress To Produce NSA Surveillance Reform (National Journal) Core provisions of the post-9/11 Patriot Act expire on June 1, including the legal authority needed to carry out mass surveillance of domestic metadata

GOP rep: Why would industry share cyber data with government? (The Hill) For the second time in as many weeks, Rep. Curt Clawson (R-Fla.) expressed wariness at the notion of legislation to increase the public-private exchange of cybersecurity information

Obama signs Homeland Security funding bill into law (AP via KLTV) President Barack Obama has signed a law funding the Homeland Security Department through the end of the budget year

Suddenly, net neutrality doesn't look so great for 5G (PC World) Net neutrality and 5G may be on a collision course as the mobile industry tries to prepare for a wide range of mobile applications with differing needs

Cyber commands coordinate strategies (C4iSR and Networks) As the number of serious online attacks multiply, U.S. Cyber Command (CYBERCOM) and its subordinate commands, including the 24th Air Force, 10th Fleet and Army Cyber Command, are developing joint strategies to both defend their networks and strike against confirmed adversaries

Exclusive: Energy Department Gets New CIO (Nextgov) The Energy Department has selected its next chief information officer. Agency officials confirmed to Nextgov that Michael Johnson, currently the assistant director for intelligence programs at the Office of Science and Technology Policy, will replace Energy's interim CIO, Don Adcock

Litigation, Investigation, and Law Enforcement

Clinton’s E-Mail Built for Privacy Though Not Security (Bloomberg Business) A week before becoming secretary of state, Hillary Clinton set up a private e-mail system that gave her a high level of control over communications, including the ability to erase messages completely, according to security experts who have examined Internet records

Hillary Clinton's personal email account looks bad now. But it was even worse at the time (Vox) The New York Times report that Hillary Clinton used a personal rather than governmental email account during her four years at the State Department looks bad. In addition to creating a security risk, this practice circumvented (though may or may not have outright violated) federal record-keeping regulations that are meant to keep government business transparent

Why Clinton's private email account was a danger to national security (Vox) Most of the criticism following the revelation that Hillary Clinton used a personal email account for official business as Secretary of State has been based on suspicions that she was trying to evade transparency laws that require federal officials to preserve their communications

Hillary Clinton's emails: Emblematic of larger issues? (Fedscoop) The former secretary of state is not the first Obama administration official to get into hot water over her use of email

Reston-based financial services association joins Microsoft in lawsuit against hackers (Washington Business Journal) A Reston-based financial services association has joined Microsoft Corp. in a civil lawsuit targeting the shadowy criminal group behind the "Ramnit botnet," a global web of interconnected computers used to steal cash and personal information

Person in custody in Maryland shootings, damaged NSA building (AP via Stars and Stripes) A person believed responsible for shootings along highways over the last two weeks in the Baltimore-Washington area, including shots that damaged a National Security Agency building, is in custody, the FBI said early Wednesday

Rook Security's Security Operations Leader, Tom Gorup, Appointed as Indiana Infragard IT Sector Chief (BusinessWire) Former U.S. Army infantry squad leader turned security pro to lead private sector cybersecurity collaboration with FBI

Twitter troll fired, another suspended after Curt Schilling names and shames them (Naked Security) You know that old advice about dealing with trolls by ignoring them, instead of feeding them the attention they want?

Facebook rant lands US man in UAE jail (BBC) An expat American has been arrested in the United Arab Emirates for comments he posted on Facebook while in the US

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Fraud Summit Altanta (Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include...

Global APT Defense Summit (Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection,...

Fraud Summit Dubai (Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include...

Upcoming Events

Boston SecureWorld (Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Mercury Proposers' Day Conference (IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of...

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, March 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security...

Cyber Security Opportunities in Japan, S. Korea and Taiwan Webinar (Online, March 10, 2015) Export.gov, of the US Department of Commerce, invites you to listen to experts from the Japan, South Korea and Taiwan and learn how to position your company for success in these countries. Learn about...

The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, March 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown...

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...

RiSK Conference 2015 (Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Insider Threat 2015 Summit (Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs...

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

2015 Cyber Security Summit (McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...

BSides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.