The US military puts protections in place for service members and their families in the wake of ISIS "kill-list" threats. While attacks are still regarded as relatively improbable, the incident is another small information operations success for ISIS. Recent US counter-operations (notably a leafleting campaign over Syria) seem to be taking a page from the traditional psywar playbook. A US Government study finds the Americans losing the info ops competition with both ISIS and Russia, and one wonders why, given their national expertise in both marketing and media.
Cylance finds and discloses a vulnerability in ANTlabs' widely used hotel guest Wi-Fi system InnGate. In other hotel cyber news, Bancsec researchers report a cross-site request forgery vulnerability in Hilton's newly revamped (for better security) Hilton Honors system.
Google's and Mozilla's warnings about CNNIC unauthorized certificates are censored on Chinese websites.
Brian Krebs believes he's found clues to the identity of fraud-enabling Antidetect tool — Pavel Vladimirovich (last name redacted) is out there looking for a job and incautiously leaking his crimeware chops.
Security firms look at recent surges in spam and what these reveal about botnet assembly and operation.
The Kreditech breach is thought to hold interesting technical lessons on MongoDB issues and equally interesting anthropological lessons on the security implications of "hipster-tech."
Red Canary and Phishme land venture investments. The Financial Times describes a new breed of business-intelligence company that looks much like a cyber version of private investigators.
DARPA advances cyber security automation.
The UN appoints a data privacy rapporteur.
Today's issue includes events affecting Australia, China, European Union, Germany, Iraq, Israel, Luxembourg, Netherlands, New Zealand, Russia, South Africa, Turkey, United Arab Emirates, United Kingdom, United Nations, United States.
Dateline Women in Cybersecurity
Women in Cybersecurity 2015(WiCyS) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option
Cyber Attacks, Threats, and Vulnerabilities
Navy: Precautions in place to protect those on IS 'kill list'(Navy Times) The Navy says precautions are in place to protect 36 sailors whose names and addresses were posted on an Islamic State group supporter's website this week, a revelation that provoked concern and outrage among military members and their families
ISIS proves savvy in social media, cyber-domain(Defense Systems) The military has had its hands full combating ISIS on the battlefield in both Iraq and Syria, attempting to use air power to push the group back from territorial gains. Aside from the difficulties of engaging in another gritty urban combat environment, with the help of 60 nations participating in the U.S.-led coalition, ISIS has also proven themselves adept in the cyber realm — a scary prospect
U.S. drops propaganda bomb on ISIL(USA TODAY) The Pentagon has launched a propaganda program in Syria aimed at creating fissures among Islamic State fighters by dropping 60,000 leaflets at the center of the militants' power base
U.S. losing 'information war' to Russia, other rivals: study(Reuters) The United States is losing an information war to Russia, Islamic State and other rivals, says a new report that calls for a strengthening in U.S. counter-propaganda efforts and an overhaul of the government's international broadcasting arm
CNNIC censored Google and Mozilla's posts about CNNIC CA(GreatFire) This week, Google found unauthorized digital certificates for several Google domains, the root CA of which is CNNIC. Google and Mozilla both publicly disclosed this security incident and published blog posts(Google, Mozilla). However, Chinese translations of Google's and Mozilla's blog posts were censored on the Chinese Internet
Certificate security — is anything real?(IT Security Guru) If communications are monitored and encryption is still Pretty Good, is the bigger challenge not only maintaining control of keys, but ensuring that those deem the websites to be safe are trusted at all?
Who Is the Antidetect Author?(KrebsOnSecurity) Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video for Antidetect showing the software being used to buy products online with stolen credit cards. Today, we'll take a closer look at clues to a possible real-life identity of this tool's creator
Huge spam operation on Twitter uncovered(Help Net Security) What does it take to execute a successful spam operation peddling diet pills of questionable effectiveness? For one spammer, it took some 750,000 fake Twitter accounts
Kreditech Investigates Insider Breach(KrebsOnSecurity) Kreditech, a consumer finance startup that specializes in lending to "unbanked" consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants' personal and financial records online
Google, Microsoft Warn of Fake Security Certificates(Top Tech News) Despite the hefty competition between the two companies, Google and Microsoft can agree on at least one thing: there are fake SSL certificates floating around that bad actors could use to spoof content and execute man-in-the-middle or phishing attacks against unsuspecting consumers
Toying with Your Security and Privacy(Dark Matters) Like most things in life, privacy is becoming more and more valuable these days as we continue to experience less of it. While twenty years ago the only electronic devices that were interactive in our homes were microwaves and Tamagotchis, we now face the era of the internet of things (IoT) living large with smart TV's, refrigerators, wearables and many other gadgets that talk, listen, feel and monitor our every move — including Barbie?
How companies secure their cloud data(Help Net Security) As companies accelerate their adoption of the cloud, the cloud data footprint is expected to grow to 6.5 zettabytes by 2018. This rapid migration of data into the cloud creates the need for insight into both cloud adoption trends and cloud data security issues
A new breed of commercial intelligence company(Financial Times) At dawn on a cold, grey March morning in London's Mayfair, 135 police officers burst into the homes and offices associated with Vincent and Robert Tchenguiz, the property moguls, in the glare of paparazzi flash bulbs. It is 2011 and the raid has been orchestrated by the Serious Fraud Office to gather evidence against the brothers for their alleged involvement in the collapse of Kaupthing, the Icelandic bank, three years previously. In moments like these there is only one question: who you gonna call?
Hackers Slam Blue Coat Claiming It 'Pressured Security Researcher Into Cancelling Talk On Its Tech'(Forbes) The final Syscan Conference in Singapore kicked off today with a message for a particular security company. According to reports from conference attendees, Thomas Lim, founder of the event where professional hackers give talks on their latest research, encouraged attendees to send Tweets containing the following: "F**k you, Blue Coat". Many did. Others had their own variations on the same theme
CipherCloud Responds to Cloud Security Opportunities Created by Stricter Privacy Laws in the Dutch Market(PRNewswire) CipherCloud, a leader in cloud security, is expanding its European presence into the Netherlands. The new offices in Amsterdam will include sales, channel and professional services teams to enhance collaboration with customers and to drive go-to-market initiatives in the Netherlands, where enterprise cloud is projected to grow to €1.2 billion in 2016. CipherCloud's entry into this market enables Dutch organisations to prepare for stronger breach penalties, set to take effect under the European Data Protection Regulation
Products, Services, and Solutions
Bureaucrats press troops to use inferior intel system(Indiana Gazette) Military bureaucrats have been trying to force an unpopular government-built intelligence system on special operations units deploying to war zones while blocking soldiers from using the commercial alternative they say they need, according to government records and interviews
Blue Coat's cloud-based Global Intelligence Network now integrates with entire portfolio(First Post) Blue Coat Systems, Inc., enterprise security solution provider, announced that its cloud-based Global Intelligence Network now integrates Blue Coat's entire portfolio, including the Norman Shark sandboxing technology and Solera Networks forensics and incident response products recently acquired by Blue Coat. All products now feed and receive threat information on a continuous basis, providing security professionals real-time intelligence that allows them to more effectively blocks threats. This leads to reduced attacks and a more effective advanced threat defense
Encryption Solutions for the New World(Infosec Institute) Keeping personal information secure and protected remains a top priority for computer users who now rely heavily on information systems to manage a large part of their personal and business lives. One of the ways to make sure only authorized users have access to information is the use of encryption, a process that transforms data from "cleartext to ciphertext" and back as a means to keep it secret from others. This is done through a combination of hardware- and software-based encryption. The scope is always the prevention of unintended data leakage
Would You Rather, Part 1: Authenticate Users or Monitor Transactions?(RSA: Speaking of Security) There is a popular conversational game that children play typically known as "Would You Rather," in which someone asks you to choose between two options and explain your reasons for making that choice. For example, "would you rather be rich or famous?" Or "if you could have one superpower, would you rather have superhuman strength or be able to fly?" The fun is in discussing and debating your reasons with friends
Banks and IT security: The elements of success(Help Net Security) In this interview, Nathan Horn-Mitchem, VP, Information Security Officer at Provident Bank, talks about delivering and maintaining IT security for 80 branches of the bank, discusses how data breaches re-shaped their data protection strategies, and more
Five Ways to Keep Your Data Safe Right Now(ACLU) There seems to be a new data breach in the news every week — a major company hacked, millions of usernames, passwords or credit card numbers stolen. There isn't much that you, as an individual, can do to stop hackers from stealing the data you entrust to companies. However, there are some easy things you can do to significantly reduce the harm from such breaches
Keeping Small Businesses' Networks Current and Secure(Information Security Buzz) The technology that enables our businesses evolves so often that it is seemingly obsolete just when you think you have it deployed and operating properly. But keeping your technology current and taking advantage of innovations and advances, especially as an SMB, is a "must have" to remain competitive in a digital age. With all this new technology promising immediate and dramatic results, one aspect that can easily be overlooked is keeping the core network current and secure
Design and Innovation
Behavioral biometrics: The password you can't forget(Help Net Security) This year's Mobile World Congress featured more biometrics technology than ever before, with the launch of Google's Android Pay and Samsung Pay both unveiling technology that enables payments through fingerprint verification. There can be no doubt that biometrics is creeping into the consumer conscience, but are biometrics ready for the enterprise?
UN to appoint watchdog to focus on privacy in digital age(IDG via PC World) The Human Rights Council of the United Nations has voted in favor of a resolution backed by Germany and Brazil to appoint an independent watchdog or 'special rapporteur' to monitor privacy rights in the digital age
Organised cyber crime rises in SA(IT Web) Organised cyber crime is becoming a serious problem in SA, impacting on the local economy against the background of an increase in cyber attacks and security breaches around the world
Here's what happens when a hacker gets mistaken for a spy(The Verge) Last July, Celil Unuver got an unexpected call from the Turkish police. They couldn't find him at his office, the policeman said, and they would like him to come to the cybercrime bureau as soon as possible. Unuver is a security researcher, focusing on vulnerabilities in industrial systems, but he soon realized someone thought he was up to something more sinister: selling valuable cyberweapons to the US and Israel. It was an accusation of high treason
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
ShowMeCon 2015(St. Louis, Missouri, USA, June 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into...
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
Kansas City Secure World(Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Coast Guard Intelligence Industry Day(Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...
10th Annual Cyber and Information Security Research Conference(Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...
Cyber Threats Masterclass(Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...
InfoSec Southwest 2015(Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...
Cybergamut Tech Tuesday: Tor and the Deep Dark Web(Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
Cyber Security Summit: Industrial Sector & Governments(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...
Cyber Security Summit: Financial Services(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...
INTERPOL World 2015(Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...
Mid-Atlantic ISSA Security Conference 2015(Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...
IIT Cyber Forensics and Security Conference and Expo(Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...
RSA Conference 2015(San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference(Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.
Security Forum 2015(Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...
CyberTexas / CyberIOT(San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...
INTEROP Las Vegas(Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.