Tweets surrounding the jihadist attempt on cartoonists in Texas continue to draw scrutiny as at least one ISIS online representative (twenty-year-old Abu Hussain al-Britani, a.k.a. Junaid Hussain, a.k.a. TriCk) seems to have shown some advance knowledge of the attempted attack and to be warning that more's coming ("You ain't seen nothing yet"). CNN describes al-Britani as "zany," which we suppose is one way to put it. As always it's difficult to distinguish command-and-control from inspiration from cheerleading. (Americans do tend to overestimate the effect of cheerleading, but it seems to be having its successes at least as far as online recruiting goes.)
A less ambiguous ISIS connection is to spearphishing, a technique that, the InfoSec Institute notes, the Caliphate has already used to ferret out opposition figures and hostile journalists. It's also an attractive route into industrial control systems.
A former CIA executive claims in a new book that ISIS learned from Snowden's leaks how to avoid US surveillance.
Anonymous appears to be continuing its action against the Baltimore Police Department.
Messaging app LINE was used as bait in attacks against targets in more than seven countries.
WordPress vulnerabilities, now patched, are being actively exploited in the wild.
Lenovo patches bugs in its Systems Update Service.
Enterprise vulnerabilities accessed via their SAP implementations are worth a look, especially as SAP ties itself more closely to the Internet-of-things.
Seeking Alpha calls security a bubble, but a bubble unlikely to pop anytime soon.
The US Second Circuit rules against NSA bulk surveillance.
Today's issue includes events affecting Canada, China, Colombia, Estonia, France, Georgia, Germany, India, Indonesia, Iraq, Israel, Japan, Democratic Peoples Republic of Korea, Latvia, Lithuania, Mexico, Netherlands, Romania, Russia, Syria, Taiwan, Ukraine, United Kingdom, United States.
Gunman's final tweet, hashtag hinted at Texas assault on cartoon contest(US News and World Report) About 20 minutes before the shooting at a Texas cartoon contest that featured images of the Prophet Muhammad, a final tweet posted on an account linked to one of the gunmen said: "May Allah accept us as mujahideen," or holy warriors. Among the hashtags used by the account was "#texasattack."
CIA's Ex-No. 2 Says ISIS 'Learned From Snowden'(Daily Beast) The former deputy director of the CIA says in a new book that the NSA contractor's disclosures allowed the forerunners of the terrorist group to evade electronic surveillance
Spearphishing: A New Weapon in Cyber Terrorism(Infosec Institute) Spear phishing and its evolutions like the watering hole attack represent one of the most insidious attack techniques adopted by the majority of threat actors in cyber space
Anonymous Leaks Emails, Passwords Of Baltimore Police Department(HackRead) The online hacktivist Anonymous claims to leak emails and passwords of Baltimore Police Department (BPD) against the death of Freddie Gray, a 25-year-old African American Baltimore resident who died on April 19, 2015, a week after being arrested by the BPD
Messaging Application LINE Used as a Decoy for Targeted Attack(TrendLabs Security Intelligence Blog) A popular mobile messaging application, LINE was used as a bait to lure targets in a targeted attack which hit Taiwan government. LINE, an application that offers free calls and chat messages is commonly used in countries such as Taiwan, Japan, Indonesia, India, United States, Mexico, and Colombia among others
Rombertik: This malware can destroy your PC if detected(F.Business) Researchers have discovered a new malware 'Rombertik' that has "multiple layers of obfuscation and anti-analysis functionality." This functionality was designed to evade both static and dynamic analysis tools, make debugging difficult
A New Covert Channel over Cellular Voice Channel in Smartphones(Rochester Institute of Technology) Investigating network covert channels in smartphones has become increasingly important as smartphones have recently replaced the role of traditional computers. Smartphones are subject to traditional computer network covert channel techniques. Smartphones also introduce new sets of covert channel techniques as they add more capabilities and multiple network connections. This work presents a new network covert channel in smartphones
United Should Thank, Not Ban, Researcher Who Pointed Out a Major Security Flaw(Slate) I'm about to board a United Airlines 747 in Frankfurt, on my way to San Francisco. Last night, the airline sent me an email saying that the flight would be equipped with Wi-Fi. Until last week I'd have been glad for that, as I have a lot of work to do and could use the roughly 11-hour flight to get some of it done. I'm wishing United would turn off the wireless connection altogether
Macro Malware: When Old Tricks Still Work, Part 2(TrendLabs Security Intelligence Blog) In the first part of this series, we discussed about the macro malware we have recently seen in the threat landscape. This second entry will delve deeper into the techniques or routines of macro malware
Patch Tuesday Facelift End of an Era(Threatpost) Scheduled patch deliveries are so last decade — and thankfully, it looks like they're over when it comes to Microsoft Patch Tuesday
Microsoft Exec Blasts Google for Lax Android Security(CIO Today) While announcing new security Relevant Products/Services features set to arrive later this year with the release of Windows 10, Microsoft Relevant Products/Services executive Terry Myerson also took the opportunity to slam Google for its "no responsibility" approach toward Android operating system updates. Myerson, the executive vice resident of operating systems, made his comments Monday during the opening day of the Microsoft Ignite conference in Chicago
Sobering News on Cybersecurity(ECT.coop) Here's a sobering thought: "A data breach at a 10,000-member system would cost anywhere from $500,000 to $1 million to remediate. And that's if the cooperative isn't sued"
How Big Will The Security Bubble Get?(Seeking Alpha) Computer security stocks are in a bubble. Palo Alto Networks is the LinkedIn of the security bubble. Bubbles don't have to pop upon identification. They can get bigger. This one probably will
FireEye Beats Expectations: Growth Might Have Set A Floor(Seeking Alpha) FireEye posted good first quarter results that managed to beat on both top and bottom line guidance. The market, however, appears to be not too happy about the company's top line growth which has slowed down. The company's current growth is close to what it's capable of sustaining over the long term. The company's operating expenses are expected to fall by a significant margin this year while its losses are expected to pare back. Investors should take any further pullback in FireEye shares as a buying opportunity
RightsWATCH Wins at Info Security Products Guide Global Excellence Awards(Realwire) Watchful Software, a leading provider of data-centric information security solutions, today announced that Info Security Products Guide, an industry-leading information security research, and advisory guide has named RightsWATCH a winner in its 11th Annual Global Excellence Awards. RightsWATCH took the Silver Award in the Data Loss Prevention category
Swivel Secure launches OneTouch Authentication(StreetInsider) Swivel Secure, a global leader in adaptive multi-factor authentication, has supplemented its market leading range of deployment options with the launch of OneTouch, a new rapid authentication mobile app
BAE to deliver tactical SIGINT systems(C4ISR & Networks) BAE Systems will produce 12 Tactical Signals Intelligence Payload systems under a $70 million contract that also includes engineering support services, according to the company. The systems will serve the U.S. Army and Special Operations Command
Why You Need a Disciplined Response to Digital Forensics(Tripwire: the State of Security) With acceptance that the prospect of unauthorised incursion, hacks and/or compromise of corporate, and personal systems is to now be expected, it would seem to make good sense to accommodate mechanisms with which the organisation may respond to such manifestation as and when they are encountered
The importance of data loss prevention for OS X(Help Net Security) Apple products have increasingly gained popularity in enterprise environments due to perception that they are so secure they will never get attacked and no data will be leaked, but will they become a bigger target due to their growing market share?
The Art of Logging(Internet Storm Center) Handling log files is not a new topic. For a long time, people should know that taking care of your logs is a must have. They are very valuable when you need to investigate an incident. But, if collecting events and storing them for later processing is one point, events must be properly generated to be able to investigate suspicious activities
Meet The Darpa-Backed Hackers Building A Google For Every Web Weakness(Forbes) Hacker culture is dying. A scene that used to be replete with anticorporate sentiment and profreedom ideals is being sold out by cybersecurity capitalists more concerned with making a quick buck selling ways to exploit computers, websites and phones than actually protecting Web denizens. That, at least, is how Alejandro Caceres sees it. Caceres is the 30-year-old cofounder of a software firm called Hyperion Gray, which he started with his girlfriend and business development partner, Amanda Towler, in their poky Arlington, Va. apartment
The Challenge Of Figuring Out The Right Big Data Questions(Forbes) You know the great thing about databases? You ask them a question — or, to be more technical, you generate a query — and the answer comes back. That's highly simplified, of course, because for your query to be successful, it has to at least match the data therein
Beware of Leaky Apps(CFO) Executives of companies developing apps need to know that developers often fall short on security, a Verizon official says
Research and Development
Making Credit Cards Unhackable(eSecurity Planet) Credit card credentials are easy to obtain and difficult to secure. An unhackable credit card could be on the horizon, thanks to technology based on quantum computing
Russia's Greatest Weapon May Be Its Hackers(Newsweek) In hacker jargon, it's called a "cyber-to-physical effect." It's when a hacker reaches out from the virtual world into the real one — often with catastrophic consequences. The Americans and Israelis pioneered the technique back in 2009 when the Stuxnet program infiltrated Iranian computer systems and wrecked thousands of uranium-enriching centrifuges. But now other players —especially the Russians and Chinese — are getting into the game of remotely using computer networks to destroy infrastructure and threaten human lives. Last year, according to a report by Germany's Federal Office for Information Security, a blast furnace melted down in an unnamed industrial city in Germany after a digital attack on its control systems, causing "massive damage"
Rethinking Section 660: Democracy, Police, and U.S. Foreign Assistance(War on the Rocks) Last month the incumbent president of Burundi, Pierre Nkurunziza, was selected as his party's nominee in the presidential elections to be held in late June. This would be Nkurunziza's third term, in violation of Burundii's peace agreement and constitution. Even though the nomination was validated by the constitutional court, it appears that this decision was obtained through threats and intimidation. While these political machinations are worrisome, the public unrest and the police response to that unrest are more worrisome as Burundi faces the worst political and violent crisis since the end of its civil war in 2005
US Navy Cyber Launches Strategic Plan(Defense News) The commander of US Navy Cyber announced a five-year strategy, and like the Pentagon's cyber strategy announcement two weeks earlier, acknowledged the dire need for talented workers with the skills to fend off the nation's foes
Navy, Marine Cyber Fought Off All Net Attackers Since 2013(Breaking Defense) When Iran hacked the Navy-Marine Corps Intranet in fall 2013, it shook up the sea services' approach to cybersecurity. Thanks to that new vigilance, their networks have fended off every subsequent attack, the head of Navy Cyber Command said today
Senate Confirms May as 15th NIST Director(NIST) On May 4, 2015, the U.S. Senate confirmed Willie E. May as the second Under Secretary of Commerce for Standards and Technology and the 15th director of the National Institute of Standards and Technology (NIST). May has been serving as acting director since June 2014. He has worked at NIST since 1971, leading research activities in chemical and biological measurement science activities prior to serving as associate director for laboratory programs and principal deputy to the NIST director
German opposition targets Merkel ally in US spy scandal(AFP via Yahoo! News) Germany's opposition kept up its attack on Angela Merkel's government Wednesday, charging that it did nothing to stop its foreign intelligence service spy on European politicians and companies for the United States
Spamming diet pill pusher Sale Slash has assets frozen by FTC(Naked Security) The US Federal Trade Commission (FTC) has slapped down a Californian outfit they accuse of using massive spamming campaigns, backed by fake celebrity endorsements, phony news sites and unproven claims, to market a range of dodgy diet drugs
Grooveshark is back already. Or is it?(Naked Security) Music-streaming site Grooveshark.com was forced to shutter itself last week after thrashing out a deal with record companies who sued the service over the alleged copyright violation of close to 5000 songs
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Information Management Conference 2015(Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative...
DaytonDefense Ohio Cyber Dialogue with Industry Conference(Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an...
Suits and Spooks London(London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...
Fraud Summit London(London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include...
Apple Security Talks & Craft Beer(Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics...
DzHack Event 2015(Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology...
12th CISO Summit & Roundtable Geneva 2015(Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions...
NG Security Summit(San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.
MCRCon(Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon...
Houston Secure World(Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
QuBit 2015 Cybersecurity Conference(Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...
THOTCON 0x6(Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...
International Conference on Cyber Security (ICCS) 2015(Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.
FS-ISAC & BITS Annual Summit(Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
2015 Cyber Risk Insights Conference — Chicago(Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...
IEEE Symposium on Security and Privacy(San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...
Fraud Summit Chicago(Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...
3rd Annual Georgetown Cybersecurity Law Institute(Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...
AFCEA Spring Intelligence Symposium 2015(Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence...
SOURCE Conference(Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...
7th International Conference on Cyber Conflict(Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...
HITBSecConf2015 Amsterdam(De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...
1st Annual Billington Corporate Cybersecurity Summit(New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...
Atlanta Secure World(Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Techno Security & Forensics Investigations Conference(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...
Mobile Forensics World(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.