skip navigation

More signal. Less noise.

Daily briefing.

The pro-Assad Syrian Electronic Army reappears with show-the-flag defacements of Endurance Group hosting companies. Pro-ISIS hackers continue their campaign against small-town-America targets-of-opportunity. Their messaging in this Wisconsin cycle is less fluent and more violent than other sympathizers' cyber vandalism has tended to be. Saudi hackers strike the website of the US Army's Picatinny Arsenal; they appear to have no political sponsors and no motive beyond the lulz.

Nigeria has succeeded in holding elections, despite hacking and widespread bugs in the country's (reportedly untested) biometric identification system, perhaps offering a case study in resilience.

GitHub copes with a large denial-of-service attack. It appears to originate in China, and seems to target anti-censorship tools.

Interpol and Kaspersky identify a threat to the block chain on which cryptocurrencies depend.

Uber logins are appearing for sale on the black market, going price $1 each.

Optus, Australia's second largest telecom, agrees to undergo an independent audit after sustaining three privacy breaches.

Chat-based collaboration platform Slack discloses it was hacked last month, and describes remediation it's undertaking on behalf of its users.

The iOS and OS X library AFNetwork has been patched to fix a man-in-the-middle vulnerability.

A new domain, .bank, expected to appear this summer, is said to be designed to bring more security to financial transactions.

University of Alabama Birmingham researchers announce development of a gesture-based mobile security approach.

Students of globalization paradoxically call for IT autarky in the service of national security.

Europol and the FBI are both really uncomfortable with widespread crypto.

Notes.

Today's edition of the CyberWire reports events affecting Brazil, Canada, China, European Union, Germany, Iran, Israel, New Zealand, Nigeria, Oman, Russia, Saudi Arabia, Syria, United Kingdom, United Nations, United States, and Vietnam.

Dateline Women in Cybersecurity

Women in Cybersecurity 2015 (WiCyS) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option

Secure and Trustworthy Cyberspace (SaTC) (National Science Foundation) Cyberspace has transformed the daily lives of people for the better. The rush to adopt cyberspace, however, has exposed its fragility and vulnerabilities: corporations, agencies, national infrastructure and individuals have been victims of cyber-attacks. In December 2011, the National Science and Technology Council (NSTC) with the cooperation of NSF issued a broad, coordinated Federal strategic plan for cybersecurity research and development to "change the game," minimize the misuses of cyber technology, bolster education and training in cybersecurity, establish a science of cybersecurity, and transition promising cybersecurity research into practice

CyberCorps: Scholarship for Service (SFS) (National Science Foundation) The CyberCorps: Scholarship for Service (SFS) program seeks proposals that address cybersecurity education and workforce development. The Scholarship Track provides funding to award scholarships to students in cybersecurity. In return for their scholarships, recipients will work after graduation for a Federal, State, Local, or Tribal Government organization in a position related to cybersecurity for a period equal to the length of the scholarship. The Capacity Track seeks innovative proposals leading to an increase in the ability of the United States higher education enterprise to produce cybersecurity professionals

Advanced Technological Education (ATE) (National Science Foundation) With an emphasis on two-year colleges, the Advanced Technological Education (ATE) program focuses on the education of technicians for the high-technology fields that drive our nation's economy. The program involves partnerships between academic institutions and industry to promote improvement in the education of science and engineering technicians at the undergraduate and secondary school levels

Cyber Attacks, Threats, and Vulnerabilities

Syrian Electronic Army hacks Bluehost, Justhost, Hostgator, Fastdomain and Hostmonster (TechWorm) Endurance Group's Hosting Companies BlueHost, Hostgator, Justhost, FastDomain and HostMonstor Hacked By Syrian Electronic Army

Pro-ISIS hackers hack Richland County (Wisconsin) Sheriffs Dept. Website (HackRead) On March 21st, a group of pro-ISIS hackers from Morocco, going with the handle of Team System DZ hacked into the server of Wisconsin's Richland County, defacing several high-profile websites including the country's Sheriffs department website

U.S. Army Picatinny Arsenal Website Hacked by Saudi Hackers (HackRead) Saudi hackers from Team Bad Dream have hacked and defaced the official website of U.S. Army Picatinny Arsenal earlier today

Violence, hacking, and technology fails didn't keep Nigerian voters from the polls (Quartz) Nigerian voters turned out in the millions this weekend to make their choice of president, not put off by threats of violence or hours-long waits at many polling stations, due partly to untested biometric voter card technology which failed even the president

Hackers shutdown police website for third time in one week (HackRead) The DDoS attack on Finnish Police website forced the servers to remain offline for hours

GitHub battles "largest DDoS" in site's history, targeted at anti-censorship tools (Ars Technica) HTTP hijacking is being used to redirect Baidu search engine traffic into a massive DDoS

As GitHub is hit hard, experts disagree whether DDoS attacks are becoming more or less frequent (Graham Clulely) GitHub has been hit by a massive DDoS (distributed denial-of-service) attack in the last day or so, intermittently resulting in outages for developers attempting to access source code stored on the site

More concerns arise over DDoS threats facing enterprises and service providers (AppsTechNews) According to data released by distributed denial of service (DDoS) security provider Black Lotus, average packet volume for DDoS attacks increased 340% and average bit volume shot up 245% in the final quarter of 2014

Sign Up at irs.gov Before Crooks Do It For You (KrebsOnSecuirty) If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process

Researchers identify malware threat to virtual currencies (Help Net Security) INTERPOL and Kaspersky Lab have identified a threat to the blockchain in virtual transactions that could result in them being embedded with malware or other illegal data

Dark Web vendors offer up "thousands" of Uber logins starting at $1 each (Ars Technica) "Bloody hell," man tells Motherboard, who read his Uber password over the phone

Famous Adult website Xtube hacked, delivering malware to viewers (HackRead) The viewers at pornographic website XTube should now be aware of using the website as it holds malware, says Malwarebytes Labs. The users are redirected to Neutrino Exploit Kit which contains a Flash vulnerability. The malware is known to be Trojan.MSIL.ED

Malicious XML: Matryoshka Edition (Internet Storm Center) A couple of days ago I received another malicious document (078409755.doc B28EF236D901A96CFEFF9A70562C9155). Unlike the XML file I wrote about before, this one does not contain VBA macros

Nearly 90 Vietnamese websites get Shellshocked: security firm (Thanh Nien News) A global hacking scheme which exploited the computer bug "Shellshock" has affected at least 89 websites based on Linux operating system in Vietnam for the past few days

Optus Agrees to Security Systems Review Following Three Privacy Breaches (Tripwire: the State of Security) Optus, the second largest telecommunications company in Australia, has agreed to an independent audit of its information security systems following three separate privacy breaches

Symantec Says Malware Could Be Inflating Twitch Viewership (Gameinformer) Online streaming is experiencing a boom period, in terms of audience size and the number of hours those viewers spend watching their fellow gamers play, talk, and entertain. According to a report from antivirus company Symantec, there's more going on with those numbers than you might think

Puush accidentally infects Windows users with password-stealing malware (Hot for Security) Puush describes itself as a "quick and simple way to share screenshots"

Android users exposed to malware by installer hijacking vulnerability (Lumension Blog) Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware

Slack Announced It Got Hacked Sometime In February (Apex Tribune) Slack, the company responsible for developing the eponymous chat-based work platform, announced through a blog update on Friday that it has been the victim of a cyber-attack in February, during which hackers could access user profile information in one of their databases

Slack Confirms App Was Hacked, But Don't Worry, They've Got Your Back (Inquisitr) Slack is a team communication tool that was launched in 2013 by Stewart Butterfield, co-founder of the popular picture-sharing site Flickr. The Slack software was first created by Butterfield's company, Tiny Speck, for use within the company as it worked on the creation of their MMO (massively multiplayer online game) Glitch, but although the game itself is now defunct, the Slack software has become a must-have for businesses, with a reported 8,000 user signups within the first 24 hours of its launch, and 120,000 daily Slack users within its first week

Slack Hack Underlines The Importance Of Adding Extra Security Layers (ST Gist) Team messaging platform Slack confirmed a security breach. Shortly after detecting the hack, the fast-growing email replacement service said it had updated its system to include the two factor authentication feature

Github is defending itself from a massive cyber attack (Reuters via Business Insider) US coding site GitHub said on Sunday that it was deflecting most of the traffic from a days-long cyber attack that had caused intermittent outages for the social coding site, with the Wall Street Journal citing China as the source of the attack

British Airways Executive Club members warned of hacked accounts ( Graham Cluley) Members of British Airways Executive Club are reporting that their accounts appear to have been hacked, and emptied of their Avios reward points

British Airways rewards scheme hack highlights password problem (ComputerWeekly) The hacking of British Airways' executive club frequent flyer accounts highlights the importance of using strong, unique passwords for all online accounts

BandarChor: New ransomware based on old malware family emerges (TechTarget) Antivirus vendor F-Secure discovered BandarChor, a type of ransomware based on an existing malware family

Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks (Dark Reading) A flaw in a popular router product may have exposed millions of hotel guests, says Cylance

RadioShack to auction off customer data, violating own privacy policy (Naked Security) Retail chain RadioShack is looking to cash in the information it holds on its customers as part of its bankruptcy sale

Anthem To Mail Last Batch Of Letters In Wake Of Data Heist (Hartford Courant) Anthem Inc. expects to mail the last batch of letters to customers by Monday informing them they are among the 80 million people whose personal data could have been nabbed in a cyber heist

Premera breach: Are hackers targeting more health records as credit card companies improve security? (Puget Sound Business Journal) Could the recent cyber attack on massive Puget Sound-area health insurance company Premera Blue Cross be a warning sign of more attacks on health care companies in the future?

This New Service Pinpoints Every Fake Cell Tower Spying On You (HackRead) All of the mysterious cell phone towers in the U.S. can now be pinpointed — But most of them are not the U.S. government's

Indiana's website taken out by DDoS in response to 'religious freedom' law (CSO) The state's website was up and down for most of the early afternoon on Friday

Cyber attack hits Rutgers network, causes service interruptions (NJ.com) An attack against the Rutgers University computer network was responsible for weekend interruptions in internet service, the school said Sunday

Hijacked school Twitter account turns head teacher into a porn star (Naked Security) A UK head teacher was demoted was promoted unknowingly switched jobs to become a porn star, courtesy of a bit of Twitter account hacking and a liberal dose of Photoshopping

Security Patches, Mitigations, and Software Updates

iOS, OS X Library AFNetwork Patches MTM Vulnerability (Threatpost) Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks

UPDATE: '.bank' domains, which should be more secure, are coming this summer (MarketWatch via Morningstar) As soon as this summer, you may type ".bank" at the end of your financial institution's URL instead of ".com"

Cyber Trends

'Bolted on' cybersecurity: Not enough for healthcare providers (FierceHealthIT) Shahid Shah: Built-in privacy a 'competitive differentiator' for developers

Security for Healthcare 'Internet of Things' Must Be Addressed Upfront (Health Daa Management) The explosion of networked medical devices and sensors that connect, communicate or transmit information through the Internet hold tremendous promise if security is built into the infrastructure from the outset, according to a new report

Securing the Identity of Things (IDoT) for the Internet of Things (M2M Now) In its recent report, The Identity of Things (IDoT) for the Internet of Things, Gartner lays out how it believes the Internet of Things (IoT), or what is often now referred to as the Internet of Everything (IoE), cannot and will not prosper unless organisations knuckle down and come to grips with how to manage multiple identities

Right Now, the Internet of Things is Like ohe Internet of the 1990s (Fast Company) A world of connected devices are starting to come online. Don't mistake what they do now for what they'll accomplish in the future

Security and the Internet of Things: what you need to know (Memeburn) The Internet of Things — objects and appliances with embedded sensors and chips capable of communicating online — will result in 50 billion devices being connected to the internet by 2020, according to Gartner. From fridges and bathroom scales, to fitness bands and home thermostats, the amount of 'things' connected to the internet is really taking off and it's a very exciting time for everyone. However, for many enterprises and consumers, the excitement of this new realm of connectivity is clouding the fact that, with more devices connected to the network, there comes a new array of security implications

Social engineering techniques are becoming harder to stop, experts say (TechTarget) Social engineering techniques have become increasingly sophisticated as more personal and corporate data is shared on the Internet, and traditional training techniques may not be enough to keep enterprises safe

One-in-Six Advocate Prison for CEOs and Board Members After Breaches (Dark Matters) In a recent survey of security professionals conducted at the e-Crime Congress, 16% of respondents said they support laws that would result prison sentences for executives and Boards of Directors for any negligence on their part following a major data breach

How much do data breaches cost big companies? Shockingly little (Fortune) From Sony to Target, big companies that were hacked felt barely a dent to their bottom line, an analysis reveals

Half of enterprises have no budget at all for mobile security, survey finds (ZDNet) Study finds companies gung-ho about mobility and mobile apps, but only throw pennies out to secure them

Executive Success: Hacking attacks need new tactics (New Zealand Herald) Breaches are almost unavoidable, so focus on your response, advises cyber expert

Crossing the Cybersecurity Trust Chasm (TechCrunch) Kudos to the President for visiting Silicon Valley last month and drawing the attention of the nation to a new world of continuous cyber attacks

Data Breach Lessons for Security in Human Resources (Dark Matters) The Anthem breach has brought forth class action lawsuits in at least 3 states (Alabama, Georgia, and California), and has spurred employee concerns and demands for a response from Anthem as well as the employer

Ignorance could be bliss for next generations of business (ZDNet) The conditions are ripe for businesses and services to do away with wanting to get their hands on as much of their users' information as possible

100% of UK Organisations Surveyed Suffer Multiple Attacks on Keys and Certificates According to Venafi and Ponemon Institute Research (Information Security Buzz) The Ponemon Institute and Venafi today released the UK results of the 2015 Cost of Failed Trust Report, the only research of its kind to examine the Internet system of trust

Marketplace

Firms can't afford to fail at cybersecurity (Crain's Clevelend Business) Several major data breaches made national headlines last year in the bank sector, but it's not the only segment within the overall financial services industry seeing costs mount for cybersecurity

Secrecy on the Set: Hollywood Embraces Digital Security (New York Times) For years, Lulu Zezza has played one of the toughest roles in Hollywood

What types of companies are seeking IT security training, and why? (IT Security Guru) It's a common belief that security training is one of the largest bugbears for CISOs. Why do you think this is, and how can it be resolved? I must step back a couple of decades to argue who needs IT security training and why

Security Innovation raises $4M to expand Internet of Things software business (Boston Business Journal) Security Innovation, a Wilmington-based security software firm, said Friday that it raised $4 million in funding to expand its software offerings focusing on the burgeoning connected devices industry

This Baltimore company wants to protect your children on social media (Baltimore Business Journal) Scott Winn and Karl MacMillan spent most of their careers building the intelligence systems that protect the federal government, its agencies and military from predators

Lockheed Martin: Increasing Presence In The Promising Cybersecurity Sector (Seeking Alpha) Lockheed Martin is wisely taking advantage of society's increasing cybersecurity needs by bolstering its own cybersecurity segment

Hoh crosses from Symantec to FireEye (IT Wire) Security vendor FireEye has appointed former Symantec senior sales executive Eric Hoh as the first president of its Asia Pacific Japan business

Infoblox Appoints Alan Conley as Chief Technology Officer (BusinessWire) Infoblox Inc. (NYSE:BLOX), the network control company, today announced that Alan Conley has joined Infoblox as executive vice president and chief technology officer, effective immediately. Conley is responsible for technology strategy and initiatives at Infoblox

Products, Services, and Solutions

Car hacking made cheaper and easier (Help Net Security) Fiddling with your car's innards will soon become easier and cheaper than ever before, as Eric Evenchick has created and made available hardware and software design files for CANtact, an open source CAN bus tool that can be manufactured for less than $100

Bitdefender Wins Perfect Score from AV-TEST for Both Consumer and Business Solutions (NewsWire Today) Bitdefender, the creator of innovative antivirus software solutions, obtained a perfect score in all categories in the latest round of independent testing for both business and consumer solutions

KPMG Announces New Strategic Collaboration with Microsoft (CNW) Strategic collaboration to deliver new generation of data and analytics, cloud and business solutions

Technologies, Techniques, and Standards

Protecting Critical Infrastructure from Threats (Process and Control Today) According to research performed by Lloyd's of London insurer, Aegis London, "in the first half of the 2013 fiscal year, the US Department of Homeland Security's Industrial Control Systems-Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China"

Retail, Financial Sectors Team Up on Formal Info-Sharing (Infosecurity Magazine) Retailers are throwing their cyber-hats in with the financial services community when it comes to information-sharing, with the establishment of an intelligence-sharing portal that will link the two industries? key players

The multiple benefits of IT auditing (Help Net Security) Regulatory compliance requirements provide instructions for organizations on how to protect the data of their employees, business operations, and customers that are stored on their servers. The process of satisfying compliance requirements starts with IT auditing, performed either by an internal or external professional auditor using specialized software

Using Web Session Analysis to Prevent Fraud (RSA: Speaking of Security) Every organization that relies on websites and web applications to do business is a potential target for hackers. According to ePayment management company CyberSource, total revenue loss to eCommerce merchants in North America in 2012 amounted to $3.5 billion, up $100 million from the previous year

Mitigating the Consequences of Data Loss with Service Automation (Information Security Buzz) In today's digital age, companies increasingly utilize various external platforms to store and access corporate data. In fact, according to Forbes magazine more than half of all companies in the United States now use some form of Cloud Computing to conduct daily operations

Cyber Hunting: 5 Tips To Bag Your Prey (Dark Reading) Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm

How secure is your Wi-Fi? 3 things small businesses need to know (Naked Security) If you don't have a wireless network in your business, you might as well be in the dark ages — or that's what your employees, customers and guests will tell you

Don't buy insurance after the fire: Protecting your business against DDoS attacks (IT Pro Portal) The threat of cyber-attacks has been brought to the attention of the public with the activity of cyber-criminals such as the Lizard Squad, which has used DDoS attacks to bring down the networks of corporate giants such as: Sony Playstation, Microsoft Xbox and Malaysian Airlines in recent months

Crowdsourcing your bug bounty program (Help Net Security) In this interview, David Levin, Director of Information Security at Western Union, talks about crowdsourcing their bug bounty program and the lessons learned along the way

Hadoop Security Still Evolving (eSecurity Planet) While organizations' use of Hadoop has become more sophisticated, associated security practices have not kept pace

10 practical security tips for DevOps (Help Net Security) More organizations are embracing DevOps and automation to realize compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery

The 7 Deadly Sins of Security Policy Change Management (Virtualizaion Review) Committing one or more of them could significantly damage your IT environment

3 Bad Security Habits that Make CISOs Crazy (eSecurity Planet) Every CISO can relate to these bad security habits found in most organizations. But what can CISOs do to change them?

Making the Business Case for Advanced Threat Protection: Resource (SecurityWeek) We know you get it. Today's cyber threats require advanced security. Our traditional network and endpoint defenses are clearly outmatched and don't stand a chance at preventing, investigating, or remediating today's targeted attacks

5 simple internet safety tips from one of Google's information security engineers (Business Insider) Justin Schuh knows a thing or two about internet security best practices

On the Frontlines of Cyber War (Augusta Magazine) By the time you finish this sentence, computer hackers from around the globe will have made at least 1,000 attempts to breach the Pentagon?s electronic wall

Cyber Shield 2015 tests Ohio's Computer Network Defense Team (DVIDS) In March members of the Ohio National Guard Computer Network Defense Team joined other National Guard states? cyber defenders here for Cyber Shield 2015, an exercise designed to develop the defensive skills of the Soldiers and Airmen tasked with securing their organizations? computer networks

Design and Innovation

"Look at me" — forget fingerprints, here comes a Samsung tablet with iris recognition (Naked Security) A press release just issued by SRI International suggests that future Samsung mobile devices may be moving towards iris recognition for biometric authentication

Single-use Yahoo Passwords — Good or Bad? (TrendLabs Security Intelligence Blog) Yahoo recently rolled out a new way for users to access their services without entering a password. Their new system uses a cellphone to authenticate the user. Instead of entering a password, the user receives a verification code via text message on their phone. (The user would have provided their phone number to Yahoo when setting this option up.) Once the user receives this code, they enter it on the Yahoo login page and voilà!, they’re logged in

Research and Development

New mobile-malware detection technique uses gestures (IDG via CSO) Mobile malware is a growing problem, but researchers from University of Alabama at Birmingham have figured out a new way of detecting when shady mobile apps get up to no good, such as trying to call premium-rate numbers unbeknowst to a phone's owner

Mathematicians adapt Knapsack Code to take on Quantum-level Cyber Attacks (Scientific Computing) Mathematicians have designed an encryption code capable of fending off the phenomenal hacking power of a quantum computer. Using high-level number theory and cryptography, the researchers reworked an infamous old cipher called the knapsack code to create an online security system better prepared for future demands

Username, password combo may be biggest data breach problem (Fosters) Researchers at the Dartmouth College's Institute for Security, Technology, and Society (ISTS) are exploring the weak links, vulnerabilities and economies of scale that have led to the data breach epidemic, and researchers are urging organizations to eliminate the use of vulnerable legacy identity schemes based on username and passwords combinations as a method of authenticating employees and customers, replacing them with stronger identity technologies opaque to attackers

Goodbye GPS? DARPA preparing alternative position-tracking technology (ITWorld) Finding GPS unreliable in certain situations, the U.S. government is placing a high priority on developing a more reliable real-time position tracking technology whose signals won't disappear in blind spots and can't be jammed

HARES: Hardened Anti-Reverse Engineering (Assured Information Security, Inc.) This paper provides a technical overview of the HARES software protection research effort performed by Assured Information Security. HARES is an anti reverse-engineering technique that uses on-CPU encryption [6] in conjunction with Intel x86 TLBsplitting in order to significantly increase the effort required to obtain the clear-text assembly instructions that comprise the target x86 application

Academia

Israel Partners With Lockheed Martin on National Cybersecurity Curriculum (JNS via Allgemeiner) The Israeli Ministry of Education announced a partnership with the U.S. defense firm Lockheed Martin to enrich Israel?s cybersecurity curriculum for high school students

Rutgers receives federal grant for homeland security studies program (NJ.com) Rutgers University has been awarded a $1.95 million federal grant to fund its newly established department of homeland security studies

Legislation, Policy, and Regulation

ICT users must be encouraged to protect data, network integrity: Information Technology Authority CEO (Times of Oman) Cooperation between governments and the private sector and all users of ICT must be encouraged in order to determine the best way to protect data and network integrity, considering the current and potential dangers that threaten information and communication technology, said Dr. Salim Sultan Al Ruzaiqi, CEO of the Information Technology Authority (ITA)

NSA Spy Agency Behind "Malware" Infection of Computer Hardware Used by "Enemies" of the U.S.? (Global Research) IT independence is national security

US Used Zero-Day Exploits Before It Had Policies for Them (Wired) Around the same time the US and Israel were already developing and unleashing Stuxnet on computers in Iran, using five zero-day exploits to get the digital weapon onto machines there, the government realized it needed a policy for how it should handle zero-day vulnerabilities, according to a new document obtained by the Electronic Frontier Foundation

Cyberspying under attack from all sides as ECJ and UN lose patience (Silicon Republic) A day after the European Court of Justice (ECJ) revealed Safe Harbour for what it is — ridiculous — the UN has agreed to appoint a special investigator to look into digital spying and violations of online privacy

Leave Facebook if you value your privacy, says EU (Naked Security) Citizens within the European Union (EU) have been advised to close their Facebook accounts if they wish to keep their private information away from the prying eyes of the US security services

Security Clash Grows In U.S., Eases In U.K. (Seeking Alpha) Bottom line: Washington's raising of Beijing's foreign technology restrictions to the WTO and London's acceptance of Huawei equipment could add to pressure on all parties to soften their restrictive actions over use of foreign technology

Before leak, NSA mulled ending phone program (Military Times) The National Security Agency considered abandoning its secret program to collect and store American calling records in the months before leaker Edward Snowden revealed the practice, current and former intelligence officials say, because some officials believed the costs outweighed the meager counterterrorism benefits

Why Doesn?t the Intelligence Community Care Whether Its Surveillance Programs Work? (Defense One) The new cybersecurity bill joins a long list of efforts launched without adequate thought

Amending Patriot Act would secure citizens' liberty: Editorial (MassLive) The USA Patriot Act was signed into law on Oct. 26, 2001, just a bit more than six weeks after the terrorist attacks of Sept. 11

The evolving U.S. cybersecurity landscape: what firms want to know (Lexology) Following a year of high-profile data breaches, the Securities and Exchange Commission (SEC) announced on January 13, 2015 that, for the second consecutive year, its Office of Compliance Inspections and Examinations (OCIE) priorities would include a focus on cybersecurity controls.1 The same day, the Obama Administration (Administration) announced two cybersecurity legislative proposals of importance to the financial services industry. Given this expanding focus on cybersecurity, this article: (i) addresses the results of OCIE?s 2014 cybersecurity examination sweep and discusses OCIE?s second wave of cybersecurity exams; (ii) summarizes the Administration's recent legislative proposals; and (iii) suggests questions firms may wish to consider in response to these important developments

Russell Slifer Named Commerce Deputy Undersecretary for Intellectual Property (ExecutiveGov) Russell Slifer, formerly director of the U.S. Patent and Trademark Office's Rocky Mountain regional office in Denver, has been named the Commerce Department's deputy undersecretary for intellectual property and USPTO deputy director

Litigation, Investigation, and Law Enforcement

How Lloyd's joined the war on global terror (Telegraph) Expertise won from IRA attacks in the Nineties is helping address threats from Islamic States and others

Socom tracking money that funds violent extremists (Tampa Tribune) The issue of how violent extremist organizations get their money can't get enough attention. Especially with the growing nexus between groups like the Iranian-backed Hizballah and drug trafficking organizations, who operate in the same shadowy spaces

Europol chief warns on computer encryption (BBC) A European police chief says the sophisticated online communications are the biggest problem for security agencies tackling terrorism

FBI Pleads for Crypto Subversion in Congressional Budget Hearing (Threatpost) In a House Appropriations subcommittee hearing this morning on the FBI budget for the upcoming fiscal year, FBI Director James Comey was again critical of new encryption features from Apple and Google that he claims would make it impossible for law enforcement to access the contents of mobile device communications

Law-Enforcement Requests for Microsoft Data Drop in 2014 (eWeek) While the number of requests is down since last year, Microsoft renewed its call for more transparency in government efforts to obtain customer data

Chairman Wheeler Predicts FCC Will Beat Legal Challenge To Net Neutrality (TehcCrunch) Now that the FCC is the subject of several lawsuits, and its leader, Chairman Tom Wheeler, was dragged in front of Congress repeatedly to answer the same battery of inanity, it's worth checking in to see how the agency is feeling. Is it confident that its recent vote to reclassify broadband under Title II of the Telecommunications Act will hold?

Safari users win right to sue Google over secret cookies (Naked Security) In a landmark case that could determine if Google can be held accountable in the UK, Google has lost an appeal to stop the country's consumers from being able to sue over alleged misuse of privacy settings in Apple's Safari browser

PayPal in trouble over Weapons of Mass Destruction (sort of) (Naked Security) When you think of "detection" in the context of computer security, you probably think of dodgy data such as spam emails and malware downloads

Plenty Of Fish hooked by Canada's anti-spam laws, faces 48k penalty (Naked Security) Canada's strict anti-spam laws have come down hard on another offender, with the operators of dating website Plenty Of Fish paying a $48,000 penalty for failing to provide proper unsubscribe options in emails sent to its users

We're All In This Together: Share Your Cybercrime Stories (CMSWire) What's the best defense against cybercrime? Surprisingly, it might be a big mouth

Darknet Sheep Marketplace website owner arrested (Security Affairs) Thomas Jiřikovský suspected of owning the black marketplace Sheep Marketplace, an alternative for Silk Road, was arrested while trying to buy a luxury house

13-year-old Minecraft player confesses to swatting, police say (Ars Technica) "There were 20-plus officers there… We basically surrounded the house"

Prisoner escapes by faking an email ordering his release (BoingBoing) Neil Moore was locked up in England's notorious Wandsworth Prison when he used a smuggled cellphone to send an email to the prison that appeared to come from a court clerk who was ordering his release on parole

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...

SCADA Nexus 2015 (Houston, Texas, USA, September 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton...

Upcoming Events

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...

Kansas City Secure World (Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Cyber Insurance and Corporate Governance: Facing New Threats (Brooklyn, New York, USA, April 2, 2015) Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable — and vulnerable — assets...

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks...

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...

Cyber Security Summit: Financial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges...

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of...

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence...

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.