Putinist separatists of CyberBerkut claim a successful hack of Ukraine's Information Ministry.
Brookings believes there are at least 46,000 ISIS-sympathizing Twitter accounts, which suggests that a lot of people sufficiently comfortable to afford time on Twitter are buying what the Caliphate's selling.
AnonGhost continues to further the Palestinian cause by banging away at small-town America, hitting the Larimer County, Colorado (population less than 300,000, area 6822 km²) Sheriff for the second time this week.
"Casper" espionage malware appears related to "Babar" and "Bunny."
The FREAK vulnerability isn't confined to Apple or Android devices. Microsoft warns that all versions of Windows are affected. Mitigations are suggested, patches en route.
As Google Play is cleaned of malicious apps, bad actors move to its "bookstore."
Luxury hotel company Mandarin Oriental sustains a credit card breach. Avecto and others think this shows the risks inherent in legacy point-of-sale systems.
Besides patching for FREAK (possibly next week) Microsoft offers fixes for problematic updates distributed in February's Patch Tuesday.
Industry observers decry a lack of incentives for companies to upgrade their network security. In fairness, failure to increase security seems driven at least as much by the difficulty of quantifying risk as by mere unwillingness to invest in defenses. (Compare Anthem's refusal of Federal IT security audits — some think this irresponsible, but others point out the costs, in money but also in security, of Government inspectors rooting around in your networks.)
An Oxford scholar suggests privateering holds better lessons for cyberspace than does Cold War deterrence.
Today's issue includes events affecting Canada, China, Estonia, European Union, France, Germany, Iran, Iraq, Israel, Palestinian Territories, Russia, Syria, Ukraine, United Arab Emirates, United Kingdom, United States.
Casper Malware: After Babar and Bunny, Another Espionage Cartoon(We Live Security) In March 2014, French newspaper Le Monde revealed that France is suspected by the Communications Security Establishment Canada (CSEC) of having developed and deployed malicious software for espionage purposes. This story was based on presentation slides leaked by Edward Snowden, which were then published by Germany's Der Spiegel in January 2015
Decoding ZeuS Disguised as an .RTF File(Phishme) While going through emails that were reported by our internal users using Reporter, I came across a particularly nasty looking phishing email that had a .doc attachment. At first when I detonated the sample in my VM, it seemed that the attackers weaponized the attachment incorrectly. After extracting and decoding the shellcode, I discovered a familiar piece of malware that has been used for some time
Mandarin Oriental suffers credit card breach(Help Net Security) Mandarin Oriental, the hotel group managing luxury hotels and resorts in Asia, Europe, the US and Latin America, has confirmed that "the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law"
Intuit Failed at 'Know Your Customer' Basics(KrebsOnSecurity) Intuit, the makers of TurboTax, recently introduced several changes to beef up the security of customer accounts following a spike in tax refund fraud at the state and federal level. Unfortunately, those changes don't go far enough. Here's a look at some of the missteps that precipitated this mess, and what the company can do differently going forward
Security: NETCONF in the Wild(Team Cymru) NETCONF, an XML-based RPC mechanism aims to help network operators programmatically manage their network devices. You will find NETCONF capabilities in network gear from a handful of common backbone network equipment providers
Bank hackers find loophole(Resource Investor) The vulnerability of banks and the global banking system — reliant as it has become on computer systems, information technology and the internet — was highlighted yet again in an important article in the Financial Times on Tuesday which was largely ignored elsewhere
The Next Cybersecurity Concern: Your Car(Traverse City Record-Eagle) In "War Games," a Seattle teenager uses his personal computer to remotely access a Department of Defense supercomputer, nearly triggering a nuclear war. Fortunately, that 1983 film, which helped make Matthew Broderick a star, was but a big-screen fantasy
Security Patches, Mitigations, and Software Updates
Microsoft Announces Work for Fixing FREAK for Windows(Windows IT Pro) This week has introduced yet another software security flaw that was left undiscovered for a long years. You can learn all about it here: Old Government Policies Influenced the FREAK Security Flaw
How DDoS attacks impact service providers(Help Net Security) There's a striking disparity between how threatened service providers feel by potential DDoS attacks and how prepared they are to mitigate one, according to a Black Lotus survey
Banking Trojans target nearly 1,500 financial institutions(Help Net Security) Nine of the most common and sophisticated financial Trojans in use are targeting 1,467 financial institutions in 86 countries, says a Symantec report compiled after the analysis of 999 configuration files from recent Trojan samples
The cyber security threat from within(The National) Today in the UAE, cybersecurity is still seen from the perspective of an external threat. Emphasis on the internal attacker is neglected, yet research shows that the risk from such internal attacks has been an increasing worry across the world
Tempered Networks raises $15 million in Series A funding(Pulse 2.0) Tempered Networks is a provider of secure connectivity for critical infrastructure and information that has raised $15 million in Series A funding led by Ignition Partners with participation from IDG Ventures. Tempered Networks has raised a total of $22 million thus far
Talent Shortage Creates Niche Market for Security Pro Elite(Dark Matters) There has been a lot of chatter in the media about the shortage of qualified security professionals with the prerequisite skills to counter threats to essential networks that have increased at a nearly exponential rate, with some studies estimating that as many as one million security positions remain unfilled worldwide
Exelis receives NSA certification for self-encrypting USB drive(MarketWatch) Exelis (NYSE: XLS) has received the National Security Agency's "secret and below" certification for a self-encrypting, secure memory stick. The drive is the newest device in a portfolio of NSA-certified Exelis information assurance products offering secure data-at-rest, data-in-transit, communications, networking and storage solutions
UK Firm Develops Search Engine For Dark Web(Sky News via Yahoo!News) The dark net and the deep web are sometimes called the parts of the internet that you cannot Google. But a British cyber security firm has developed its own search engine for both, as well as for IRC (basically, chatrooms)
Red Hat Introduces New Linux OS for Containers(Top Tech News) The world's largest open source software Relevant Products/Services provider just brought a new operating system on the market. On Thursday, Red Hat, known for its enterprise Relevant Products/Services distributions of the Linux operating system, launched its Enterprise Linux 7 Atomic Host OS. The new OS is specifically designed to run the latest generation of applications as Linux containers
Microsoft Security Essentials last in banking trojan detection test(Myce) Microsoft Security Essentials is amongst the most popular Windows virus scanners but scores low on detection of malware that tries to steal money from bank accounts, according to security researchers from MRG Effitas. They tested Security Essentials with 300 banking trojans that were found "in the wild"
Technologies, Techniques, and Standards
How Secure Are You?(Dark Reading) The NIST Cybersecurity Framework can help you understand your risks
Efforts To Team Up And Fight Off Hackers Intensify(Dark Reading) New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency — but not all of the necessary intel-sharing 'plumbing' is in place just yet
Expert tips to address third party security risks(Help Net Security) Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations
What security tools do healthcare organizations lack?(Help Net Security) The Health Information Trust Alliance (HITRUST) has completed a three-month review of its approach to cyber risk management for the healthcare industry. The effort was focused on understanding the challenges of healthcare organizations across varying levels of information protection maturity
Digital know-how most important thing for students, says Richard Branson(Computerweekly) Digital know-how is one of the most valuable things a student will take with them when leaving school, but pupils are not being consulted enough by the government on how such skills are taught, according to Richard Branson, who recently met with the Virgin Media Business Digital Youth Council
Legislation, Policy, and Regulation
Cybersecurity and the Age of Privateering: A Historical Analogy(Oxford Cyber Studies Programme) Policy literature on the insecurity of cyberspace frequently invokes comparisons to Cold War security strategy, thereby neglecting the fundamental differences between contemporary and Cold War security environments. This article develops an alternative viewpoint, exploring the analogy between cyberspace and another largely ungoverned space: the sea in the age of privateering
Big Brother (and Everyone Else) is Watching(American Interest) DARPA has developed a new data mining tool called Memex that scrapes the web in ways Google does not even try. Currently it is being used by law enforcement agencies to go after sex traffickers, but its uses could eventually be broadened
The former spy who infiltrated Congress's cyber policy debate(Christian Science Monitor: Passcode) Rep. Will Hurd of Texas brings to Washington rare hands-on expertise from the front lines of American spycraft and information security. Now, as cybersecurity issues heat up, Hurd wants to be a liaison between the intelligence community, tech sector, and lawmakers
Pentagon to focus more on hack-proofing weapons(Reuters) Cyber attacks on U.S. weapons programs and manufacturers are a "pervasive" problem that requires greater attention, the top U.S. arms buyer said Thursday, saying that he would add cybersecurity to the Pentagon's guidelines for buying weapons
How state governments are addressing cyber security(Brookings) News about successful hacks of large companies seem to have become common place. In the recent Anthem cyber attack, hackers accessed the names, birth dates, social security numbers, income, health status and many other details for companies' customers. At present, Anthem does not even know the total number of records breached but estimates it to be "tens of millions"
Judge hints at slashing Intellectual Ventures win against Symantec(Reuters) Though a Delaware federal jury last month awarded patent licensor Intellectual Ventures far less than the $298 million it had been seeking in infringement damages against security software maker Symantec Corp, a judge Wednesday said he is inclined to cut the amount even further
FTC's authority over data regulation remains unclear(FierceGovernmentIT) It's still unclear whether the Federal Trade Commission overstepped its authority when it brought legal action against Wyndham Hotels and Resorts for negligent data security standards. An appellate court heard arguments in the case this week
Legality of Electronic Signatures in the EU and the US(Infosec Institute) Electronic signatures were used for the first time in 1861 when agreements were signed by telegraphy using Morse code. In 1869, the New Hampshire Court confirmed the legality of such agreements by stating that
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Fraud Summit Chicago(Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...
Fraud Summit Boston(Boston, Massachusetts, USA, June 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include...
OISC: Ohio Information Security Conference(Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...
RiSK Conference 2015(Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.
B-Sides Vancouver(Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit(Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...
2015 North Dakota Cyber Security Conference(Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...
Philadelphia SecureWorld(Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
2015 Cyber Security Summit(McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...
BSides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11(Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...
Cyber Security Conference 2015(Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...
Fraud Summit Altanta(Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include...
CyberTech Israel 2015(Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...
Global APT Defense Summit(Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection,...
2nd Annual ISSA COS Cyber Focus Day(Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...
28th Annual FISSEA Expo(Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...
CYBERWEST: the Southwest Cybersecurity Summit(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
Fraud Summit Dubai(Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.