Debate over both the reality and morality of the alleged airliner hack the US FBI's investigating continues. The emerging consensus seems to hold that white-hat proof-of-concept hacking of flight control systems, however well-intentioned, is too risky. (What other consensus could reasonably be reached?) Observers note that United's bug bounty program, for example, explicitly excludes such probing. Coincidentally Aviation Week publishes a sad, sobering story: the magazine's sources tell them that buggy fuel-transfer and trim-control software may have contributed to the engine failure seen in the recent, lethal loss of an Airbus A400M military transport being tested prior to delivery to Turkey.
Islamist messages continue to appear on small, poorly defended networks in the New World. The Cyb3r CommandOS deface sites in Minnesota; they seem at least as animated by a (somewhat gloomy) form of the lulz as they do zeal for jihad. The Bahamas' government — sites in the country were recently vandalized — is urged by citizens to take the threat as seriously as possible.
Ransomware continues to take its toll. Costs are in the tens of thousands (but victims' begging with the criminals is poignant).
In industry news, CSC's board indicates it will split the company in two. Analysts look at Symantec's prospects once it completes its own planned split.
Cyber legislation advances in the US Congress. There appears considerable support for aspects of the measures that will foster increased information sharing. Quartz publishes a long analysis from TruSTAR on why such sharing is as welcome as it is "overdue."
Today's issue includes events affecting Bahamas, China, France, Philippines, Russia, Saudi Arabia, Turkey, United States.
The CyberWire is covering the third annual Georgetown Cybersecurity Law Institute in Washington, DC, today and tomorrow. Watch for special issues Thursday and Friday.
Cyber Attacks, Threats, and Vulnerabilities
Software Cut Off Fuel Supply In Stricken A400M(Aviation Week) The crash of an Airbus A400M airlifter that killed four people on May 9 may have been caused by new software that cut off the engine-fuel supply, industry sources have said
Their View: Don't punish plane hacker: Learn from him(Centre Daily TImes) Bringing down a plane carrying hundreds of passengers doesn't require a suicidal pilot, a missile or a terrorist bomb. Apparently, a guy with a computer may be able to pull it off by hacking into the airliner's entertainment system
Arvig Hackers: 'We Did This for Islam'(Velley News Live) Lisa Green with Arvig Communications confirms their website was attacked Tuesday morning. She says the homepage was replaced with a picture from a group called Cyb3r CommandOS
Vulnerability found in IBM statistical analysis suite(IT World Canada) CISOs worry about vulnerabilities in the most commonly-attacked platforms in their inventory — Web servers, password databases, Flash, operating systems and productivity software. They rarely think about other applications
Steganography and Malware: Final Thoughts(TrendLabs Security Intelligence Blog) Steganography will only become more popular, especially among the more industrious malware groups out there. For an attacker, the ability to hide stuff in plain sight is like peanut butter on chocolate: it makes their favorite thing even better
DDoS attackers testing tools on IPv6(FierceITSecurity) Attackers are beginning to test their ability to launch distributed of denial of service attacks over the new IPv6 Internet protocol
Security Patches, Mitigations, and Software Updates
Stable Channel Update(Chrome Releases) The Chrome team is happy to announce the promotion of Chrome 43 to the stable channel for Windows, Mac and Linux. Chrome 43.0.2357.65 contains a number of fixes and improvements. A list of changes is available in the log
The cybersecurity domino effect(Help Net Security) RedSeal unveiled its survey of high-ranking executives that illustrates widespread concern regarding the potential effects of cyberattacks in corporate America
Why Companies Need to Learn How to Share(Information Security Buzz) For many years, members of this industry have been wary about sharing their intellectual property with others. They believed doing so would jeopardize their competitive differentiation and business opportunities
'The user is today's new corporate security perimeter(CIO) 'The security perimeter in organisations is dissolving - IT and security management can no longer count on well-defined network security perimeters to protect their organisations,' according to the latest Global Threat Intelligence report
The Benefits and Limits of Cyber Value-at-Risk(Wall Street Journal) Many CIOs across industries struggle to answer questions about cyber risk posed by their executive teams and boards of directors: How likely are we to experience a damaging attack?
Symantec Security Has A Growth Problem(Seeking Alpha) Symantec will soon be splitting up into two standalone companies. The security division is suffering from weak sales, and does not seem to be profiting from surging enterprise demand. At the moment, the prospects of the standalone security company don't look particularly good
Secure smart devices for the holiday season(Help Net Security) Summer is almost here and many are currently considering taking their beloved smart devices with them on their travels. However, the risks of doing so are sizeable
Congress wants companies facing cyber attacks to share data, and it's not a moment too soon(Quartz) Successful executives know that putting together the right team is a key element in achieving goals and overcoming challenges. In fact, walk into any CEO's office and you are likely to find a number of books on teamwork sitting on the bookshelf. But corporate managers aren't the only ones who recognize the value of collaboration. We've learned the hard way that hackers and other bad actors in cyberspace have become proficient in finding ways to collaborate and share information in real-time on exploits and other offensive strategies
The importance of good threat intelligence(Help Net Security) The cyber-threats our organizations face are continuing to evolve, partly in respect to the broadening motivations behind attacks, and partly due to the increased sophistication of the attacks themselves
MicroTech sues HP over Autonomy debacle(MicroScope) It was revealed on Monday that MicroTech is suing Hewlett-Packard for $16.6m in unpaid invoices from Autonomy. Invoices that HP claims never actually existed
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FS-ISAC & BITS Annual Summit(Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
2015 Honeynet Project Workshop(Stavanger, Norway, May 18 - 20, 2015) Each year the Honeynet Project annual workshop brings together top information security experts from around the globe to present their latest research efforts and discuss insights and strategies to combat...
3rd Annual Georgetown Cybersecurity Law Institute(Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...
AFCEA Spring Intelligence Symposium 2015(Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence...
SOURCE Conference(Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...
HITBSecConf2015 Amsterdam(De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...
7th International Conference on Cyber Conflict(Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...
1st Annual Billington Corporate Cybersecurity Summit(New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...
Atlanta Secure World(Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Techno Security & Forensics Investigations Conference(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...
Mobile Forensics World(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.