Russian intelligence services again stand accused of snooping on European Commission negotiations concerning Ukrainian natural gas.
ISIS may be taking a beating on the battlefield, but that hasn't affected its information ops ("most successful terrorist brand ever," suggests CNN). Iraq's embassy warns South Africa to take the Caliphate's online recruiting seriously; the US FBI Director decries the terrorist group's campaign of incitement in cyberspace. ISIS spokesmen in Australia say they're "winning the minds of the young generation."
Trend Micro reports that MadAdsMedia advertising network has been compromised to serve up the Nuclear exploit kit in malvertising afflicting Internet users in Japan, Australia, and the United States.
Bloggers continue to recover from recently patched WordPress vulnerabilities.
A proof-of-concept rootkit hack of GPUs by unnamed researchers (Ars Technica calls them "pseudo-anonymous") may presage stealthier attacks in the wild.
Avast fixes its false alarm problem.
China responds to US cyber strategy. Germany's BND pulls back (somewhat) from cooperation with the US NSA.
This week's court decision in the US Second Circuit found, as Quartz puts it, bulk telephony surveillance "just illegal" ("forget unconstitutional"). There is, as a Washington Post op-ed notes, "much posturing" going on. The White House says it's considering how to work with Congress on reforms, but the Senate Majority Leader seems willing to double-down on surveillance despite the Second Circuit's ruling.
Observers of evolving US breach disclosure legislation think it will increase the glare of war. If so, get some sunglasses, Uncle Sam. (We think Marianne buys hers in Montpellier.)
Today's issue includes events affecting Australia, Brazil, China, European Union, Germany, Iraq, Israel, Japan, Russia, South Africa, Syria, Ukraine, United Kingdom, United States.
We're filing from Jailbreak in Laurel, Maryland, USA today, whence we're also live tweeting about what's (as far as we know) the first ever cyber security "summit" to be held in a working production brewery. We'll have a full report on the proceedings Monday. In the meantime, follow @thecyberwire on Twitter (#JailbreakSummit) for notes, updates, and comments throughout the day.
FBI director says Islamic State influence growing in U.S.(USA TODAY) In a dramatic assessment of the domestic threat posed by the Islamic State, FBI Director James Comey said Thursday there are "hundreds, maybe thousands" of people across the country who are receiving recruitment overtures from the terrorist group or directives to attack the U.S
Vulnerable Islamic State Still Winning Online Battle(Voice of America) Setbacks on the battlefield seem to be doing little to dent the success the Islamic State is having in the world of social media. And that's prompting a new outcry from U.S. lawmakers, who say Washington's online strategy is off-base
Ad Network Compromised, Users Victimized by Nuclear Exploit Kit(TrendLabs Security Intelligence Blog) MadAdsMedia, a US-based web advertising network, was compromised by cybercriminals to lead the visitors of sites that use their advertising platform to Adobe Flash exploits delivered by the Nuclear Exploit Kit. Up to 12,500 users per day may have been affected by this threat; three countries account for more than half of the hits: Japan, the United States, and Australia
JetPack and TwentyFifteen Vulnerable to DOM-based XSS(Sucuri Blog) Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs. The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package
CPL Malware in Brazil: somewhere between banking trojans and malicious emails(We Live Security) When we analyze the most prevalent threats in Latin America, we see the same malware families across the region. In Brazil, however, there is a different situation. Not only is Brazil one of the most populated countries in the world, but it is also one of the countries with the highest percentage of Internet users using online banking. That is why Brazil is the country where banking trojans are the number one threat
Deconstructing the 2014 Sally Beauty Breach(KrebsOnSecurity) This week, nationwide beauty products chain Sally Beauty disclosed that, for the second time in a year, it was investigating reports that hackers had broken into its networks and stolen customer credit card data. That investigation is ongoing, but I recently had an opportunity to interview a former Sally Beauty IT technician who provided a first-hand look at how the first breach in 2014 breach went down
Security Patches, Mitigations, and Software Updates
Cisco Patches Remote Code Execution Bugs in UCS Central(Threatpost) Cisco has patched a serious remote code execution vulnerability in its Unified Computing System (UCS) Central software, a data center platform that integrates processing, networking, storage and virtualization into one system
More evidence that employee negligence is security risk No. 1(GCN) What: The BakerHostetler Data Security Incident Response Report. Why: Thirty-six percent of data security incidents handled last year by the BakerHostetler law firm were due to employee negligence, making it the leading cause of security incidents. According to the firm's newly released report, other causes were outsider and insider theft, malware and phishing attacks
Infrastrukturen und Industrie im Kreuzfeuer(Security-Insider) SCADA-Systeme und Industrial Control Systems sind bedroht, diese Erkenntnis hat sich seit 2010 durchgesetzt. Stuxnet, Duqu und Flame haben bewiesen, dass sich Industrieanlagen durch Malware und Hackerangriffe manipulieren lassen. Aber wie ist der Bedrohung konkret zu begegnen?
Risk IT and services spending to reach $78.6 Billion in 2015(Help Net Security) According to a new IDC Financial Insights forecast, worldwide risk information technologies and services (RITS) spending will reach $78.6 billion in 2015 and is expected to reach $96.3 billion by 2018 at a compound annual growth rate (CAGR) of 6.97% during the 2013-2018 forecast period
CyberArk: A Pure Cybersecurity Play(Seeking Alpha) There has been an explosion in the number of cybersecurity threats in recent years, leaving both governments and corporations vulnerable to data breaches that are both embarrassing and damaging
UK is leading the way at the forefront of cyber security(IT Pro Portal) The RSA Conference has grown significantly in size and stature in recent years, fuelled by the news of seemingly endless security breaches and the real effects being felt by business leaders across the world. With such a laser-like focus on security issues, events such as RSA have become must-attend affairs for enterprises and public sector organisations alike
Porter Novelli's PNProtect Cybersecurity Crisis Management Offering to Help Clients Predict, Prepare for, Manage and Recover from Digital Attacks(PRNewswire) Global public relations leader Porter Novelli (PN) announces the launch of PNProtect, a full-service cybersecurity offering to help clients predict, prepare for, identify, monitor, manage and recover from online threats and attacks. Powered by Rook Security, a best-in-class cybersecurity technology company, PNProtect addresses what is fast becoming the biggest dual threat to businesses: online attacks and the resulting reputation damage. Whether you're trying to predict your company's level of risk, deal with an active crisis or recover from a breach, PNProtect will help manage and mitigate the issues along the way
Classification and protection of unstructured data(Help Net Securiity) In this podcast recorded at RSA Conference 2015, Stephane Charbonneau, CTO of TITUS, talks about TITUS Classification Suite 4, a significant new release of its flagship data identification and information protection suite.
Technologies, Techniques, and Standards
Best Practices for Victim Response and Reporting of Cyber Incidents(US Department of Justice Cybersecurity Unit) Any Internet-connected organization can fall prey to a disruptive network intrusion or costly cyber attack. A quick, effective response to cyber incidents can prove critical to minimizing the resulting harm and expediting recovery. The best time to plan such a response is now, before an incident occurs
Rethinking & Repackaging iOS Apps: Part 2(Bishop Fox) In the first part of our series, we looked at how to modify an iOS application binary by inserting load commands to inject custom dynamic libraries. In Part 2, we take this a step further by introducing a toolchain designed to make some of our favorite iOS application hacking tools available on non-jailbroken devices
APTs: The fine balance of control and monitoring(Help Net Security) Security is not about winning the war. It is more like insurance, it's about how we handle risks. In order to successfully handle the risk of Advanced Persistent Threats (APTs) we need to focus on the high stake targets that we want to protect. The challenge, then, is to build a multi-layered security architecture with the right balance of control and monitoring technologies that can prevent any lower-impact threats from escalating into a full blown attack
Five reasons threat intelligence fails today, and how to overcome them(ChannelWorld) As cyber security threats have become increasingly sophisticated and pervasive, it's become impossible to identify and defend against every probable attack with traditional security budgets. That's where threat intelligence comes in. Effective use of threat intelligence is a way for businesses to pool their resources and overcome internal technical or resource limitations. Theoretically, it allows companies to "crowd source" security and stay one step ahead of malicious entities
Insiders — The Threat Right in Your Blind Spot(Information Security Buzz) While you're standing on the ramparts of your enterprise perimeter, scanning for bad guys, there may well be a threat right in your blind spot: Insiders. Maybe it's someone truly malicious
Remediation is the Foundation of your Security Strategy!(LinkedIn) In many ways, this year's RSA conference was overwhelming. In other ways, it was a disappointment in how the market is providing solutions to mitigate our security risks. As several colleagues have pointed out, "remediation" is a huge gaps at 2015 RSA,
Who's Watching You? Video Surveillance-User Beware!(Willis Wire) I routinely find myself being called upon to provide advice regarding the various benefits and risks associated with the applications of video surveillance, particularly the possible exposures to property owners or other key stakeholders regarding its use
How to Win the Cloud Security Game by Balancing Risk with Agility(Trend Micro Simply Security) The cloud is changing the way organizations around the world do IT. Attracted by lower costs, improved efficiency, and faster development and deployment times for apps, users everywhere are migrating to this new computing model in droves, with or without the blessing of IT. Yet security is a top concern due to the loss of control of a physical infrastructure
Design and Innovation
What you really accept when you use How-Old.net(Trend Micro Countermeasures) Microsoft had an apparently unexpected hit on their hands with the unveiling of the "How Old Do I Look?" service at the Microsoft Build conference last week. By the weekend my Facebook feed was filling up with friends from all over the globe sharing the results of their own submissions to the service. For the three of you that haven't come across this viral hit recently, "How Old Do I Look" allows a user to upload a photo and will attempt to correctly guess the age of the subject of the picture, with the results ranging from the spectacularly awful to the incredibly accurate
Research and Development
Facebook Echo Chamber Isn't Facebook's Fault, Says Facebook(Wired) Does the Internet help facilitate an echo chamber? In an age where so much of the information that we see online is filtered through opaque algorithms, the fear is that we only get exposed to viewpoints with which we already agree. Behemoths like Facebook and Google show you new stuff based on what you've previously liked, the argument goes. And so we get stuck in a polarizing cycle that stifles discourse. We only see what we want to see
A Chinese Response to the Department of Defense?s New Cyber Strategy(Council on Foreign Relations: Net Politics) Last week, a Chinese Ministry of Defense spokesman condemned the Pentagon's new cybersecurity strategy. Geng Yansheng not only opposed the "groundless accusations" about Chinese cyber espionage contained in the strategy, but also suggested it "will further escalate tensions and trigger an arms race in cyberspace." Geng called on the United States to promote common security and mutual trust, rather than "seeking absolute security for itself"
Germany Spies, U.S. Denies(BloombergView) Reports of German spying on European corporate targets at the behest of the U.S. have led to calls that Chancellor Angela Merkel was hypocritical for complaining about U.S. spying on Germany. Well, yes — but the hypocrisy of politicians hardly comes as a shock. What's more striking about the recent revelations is their targets — and what they say about U.S. government claims that it doesn't spy on behalf of private U.S. corporations
Cybersecurity bill more likely to promote information overload than prevent cyberattacks(The Hill) A growing number of information security and hacking incidents emphasize the importance of improving U.S. cybersecurity practices. But many computer security experts are concerned that the Cybersecurity Information Sharing Act of 2015 (CISA) is unlikely to meaningfully prevent cyberattacks as supporters claim. Rather, it will provide another avenue for federal offices to extract private data without addressing our root cybersecurity vulnerabilities
Researchers create searchable database of intelligence operators(Help Net Security) The researchers behind Transparency Toolkit, a venture whose goal is to develop source software to collect and analyze publicly available data on surveillance and human rights abuses, have released ICWATCH, a collection of 27,094 resumes of people working in the intelligence community
American Civil Liberties Union et al. v. James R. Clapper et al.(United States Court of Appeals for the Second Circuit) Plaintiffs?appellants American Civil Liberties Union and American Civil Liberties Union Foundation, and New York Civil Liberties Union and New York Civil Liberties Union Foundation, appeal from a decision of the United States District Court for the Southern District of New York (William H. Pauley, III, Judge) granting defendants?appellees' motion to dismiss and denying plaintiffs?appellants' request for a preliminary injunction. The district court held that § 215 of the PATRIOT Act impliedly precludes judicial review; that plaintiffs?appellants' statutory claims regarding the scope of § 215 would in any event fail on the merits; and that § 215 does not violate the Fourth or First Amendments to the United States Constitution. We disagree in part, and hold that § 215 and the statutory scheme to which it relates do not preclude judicial review, and that the bulk telephone metadata program is not authorized by § 215. We therefore VACATE the judgment of the district court and REMAND for further proceedings consistent with this opinion
Posturing on the National Security Agency ruling(Washington Post) The Post reports: :A federal appeals court on Thursday ruled that the National Security Agency's collection of millions of Americans' phone records violates the Patriot Act, the first appeals court to weigh in on a controversial surveillance program that has divided Congress and ignited a national debate over the proper scope of the government's spy powers
If you have a Verizon phone, you may be able to sue the NSA(Fusion) Today, a federal appeals court ruled that the bulk phone metadata collection program run by the National Security Agency that was brought to light thanks to the leaks of former contractor Edward Snowden was illegal, and not covered by Section 215 of the Patriot Act. But the ruling went further than that; it said, essentially, that anyone whose data was collected as part of the program, called PRISM, may be allowed to sue the NSA for harvesting their data
Information Management Conference 2015(Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative...
ISSA CISO Forum: Third Party Oversight(Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...
OWASP APPSECUSA(San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
Apple Security Talks & Craft Beer(Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics...
DzHack Event 2015(Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology...
NG Security Summit(San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.
12th CISO Summit & Roundtable Geneva 2015(Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions...
MCRCon(Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon...
Houston Secure World(Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
QuBit 2015 Cybersecurity Conference(Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...
THOTCON 0x6(Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...
International Conference on Cyber Security (ICCS) 2015(Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.