US health insurance provider CareFirst discloses a major breach to its members. More than a million subscribers appear to have had their personal data — names, birth dates, email addresses, and subscriber identification numbers — compromised. Indicators of the attack were first detected on April 21 (CareFirst began close scrutiny of its own security shortly after the Anthem hack), but the attack itself seems to go back to June of 2014.
TrendLabs describes how East Asian servers were effectively targeted during a recent cyber campaign in the region — the attackers exploited "Auto-Start." TrendLabs also turns up another interesting bit of information in an unrelated matter: the command-and-control server for the Carbanak targeted attack campaign now resolves to an IP address associated with Russia's FSB. Whether this is a joke, blunder, or something else is unclear.
The University of London says its widely used Computer Centre was taken offline earlier this week by a "cyber attack" of unspecified nature. Service is now restored.
Dating site Adult FriendFinder has been breached, with users' personal information appearing for trade on the cyber black market.
A Google study finds that most security questions are easy to guess (and therefore not that useful).
The US indicates it will implement 2013's Wassenaar Arrangement governing trade in cyber tools. Effectively a cyber arms counter-proliferation measure, Wassenaar is making researchers nervous about legal liability.
Also in the US, the Patriot Act (which notably contains bulk collection authority) comes closer to its sunset.
The Five Eyes allegedly peered into Google Play.
Today's issue includes events affecting Australia, Bahamas, Brazil, Canada, China, Congo, Cuba, Finland, France, Germany, Grenada, India, Italy, Japan, Moldova, Morocco, Netherlands, New Zealand, Norway, Russia, Senegal, Sudan, Sweden, Switzerland, Ukraine, United Kingdom, United States.
The CyberWire will not appear Monday, as we observe the Memorial Day holiday. We'll resume regular publication Tuesday. We'll also be covering next Wednesday's Billington Corporate Cybersecurity Summit—watch for interviews and special issues devoted to the conference.
Cybersecurity Law Institute(Georgetown Law Continuing Legal Education) Please find PDF copies of documents from specific sessions linked below
FBI Director Comey, Assistant AG Caldwell Speak on Cyber Security(Georgetown Law) Attendees at the third annual Cybersecurity Law Institute, sponsored by Georgetown Law CLE on May 20 and 21, received insights and observations on cyber risk straight from the top. Day One featured FBI Director James B. Comey, who discussed the biggest threats facing the FBI in 2015, Bureau strategies for cyber security and the role of the private sector in addressing the problem
Cybersecurity Challenges(CSPAN) FBI Director James Comey spoke about Justice Department efforts to address cybersecurity challenges
US Regulators Warn of Cyber Threat to Financial System(Voice of America) U.S. regulators highlighted concerns about the potential for a cyber attack that could "significantly disrupt the workings of the financial system" as they presented an annual look at the challenges facing the economic sector
Cyber Attacks, Threats, and Vulnerabilities
Attack Gains Foothold Against East Asian Government Through "Auto Start"(TrendLabs Security Intelligence Blog) East Asian government agencies came under siege when attackers targeted several servers within their networks. The said attackers, who showed familiarity and in-depth knowledge of their agencies' network topology, tools, and software, were able to gain access to their targeted servers and install malware. After which, they used the compromised servers not only as gateways to the rest of the network but also as C&C servers. This particular attack has been active since 2014
A message from CareFirst President and CEO, Chet Burrell(CareFirst) Cyberattacks on businesses have, regrettably, become all too common. We understand that news of a cyberattack on CareFirst BlueCross BlueShield (CareFirst) is a cause of concern for our members and others with whom we do business. Maintaining the privacy and security of our members' personal information is one of our highest priorities
4 things you need to know following the CareFirst hack(Washington Business Journal) CareFirst BlueCross BlueShield officials said they've brought on stronger safeguards — namely Herndon-based cybersecurity firm Mandiant — to protect client data after disclosing Wednesday that it had joined other major health insurers in falling victim to a cyberattack
HITRUST Statement on Healthcare Industry Cyber Breach Events(HITRUST) HITRUST commonly receives inquiries about recent healthcare related cyber breaches, as HITRUST is the leading authority on healthcare information protection and operates the most active and sophisticated cyber threat intelligence sharing service for the healthcare industry, HITRUST Cyber Threat XChange (CTX). As a federally recognized Information Sharing and Analysis Organization (ISAO), we are in constant engagement with industry, law enforcement and government cyber threat intelligence sources to ensure HITRUST CTX participants have the latest indicators of compromise (IOCs)
LogJam Computer Bug Creates Another Ruckus(TechZone360) When it comes to malware and other types of computer bugs it seems like we are falling into a problematic pattern. In fact, it has made the words "wreak havoc" almost cliché
Cyber-Attack Takes ULCC Offline for Hours(Infosecurity Magazine) The University of London Computer Centre (ULCC) has been hit by a major cyber-attack, knocking out open source learning platform Moodle and numerous university websites for several hours
mSpy Denies Breach, Even as Customers Confirm It(KrebsOnSecurity) Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online. mSpy has since been quoted twice by other publications denying a breach of its systems. Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers
Google Study: Most Security Questions Easy To Hack(Newsfactor) There's a big problem with the security questions often used to help people log into Web sites, or remember or access lost passwords — questions with answers that are easy to remember are also easy for hackers to guess. That's the key finding of a study that Google recently presented at the International World Wide Web Conference in Florence, Italy
Malvertising: Silent but Deadly(Trend Micro: Simply Security) The malvertising phenomenon is not a new thing; it has been a criminal tactic for over a decade
DDoS attacks have doubled in a year, says Akamai(We Live Security) Distributed Denial of Service (DDoS) attacks are on the rise, according to cloud service provider Akamai, with more than double the number reported from this time a year ago
Bad Ads and Zero-Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices(Trend Micro Security Roundup) In the beginning of 2015, we were faced with a paradox: none of the prominent threats were new — the schemes and attacks we saw used very common cybercriminal tactics — and yet they were all still so effective. Regardless of how well individuals and organizations implemented basic security measures, the simplest of blind spots had left them exposed. Who knew online and mobile ads, over-the-counter transactions, and even basic Word documents could still cause so much trouble?
FireEye CEO expects a lot of mergers in cybersecurity industry(Economic News Daily) Today every firm wants to keep it safe and sound from cyber security vulnerabilities. This is a big issue in industry. As hacking activity is increasing day by day and it derailed many well-known firms including the likes of Target, JP Morgan Chase, Sony Pictures and others
Gary Steele Pushes Proofpoint Past Email Protection(Investor's Business Daily) Proofpoint has been on a buying spree, making relatively small but strategic acquisitions. The Sunnyvale, Calif.-based provider of security software via the cloud spent $24 million for NetCitadel and $35 million for Nexgate last year. In March, Proofpoint agreed to pay $40 million for security firm Emerging Threats
BTS Software Solutions Announces New Ownership Team(Baltimore City BizList) BTS Software Solutions, a leading software development company that uses technology to create impactful solutions for the community, is publically announcing its new majority ownership team
How to Pass-the-Hash with Mimikatz(Cobalt Strike Blog) I'm spending a lot of time with mimikatz lately. I'm fascinated by how much capability it has and I'm constantly asking myself, what's the best way to use this during a red team engagement?
Keeping passwords safe from cracking(Help Net Security) A group of researchers from Purdue University in Indiana have come up with an effective and easy-to-implement solution for protecting passwords from attackers
Illinois State recognized for cyber defense education(Illinois State University) The Center for Information Assurance and Security Education (CIASE) in Illinois State University's School of Information Technology has once again been designated as a National Center of Academic Excellence in Cyber Defense Education
Security Researchers Wary of Proposed Wassenaar Rules(Threatpost) Professional security researchers concerned about proposed changes to the Computer Fraud and Abuse Act (CFAA) that include stiff penalties for what today is considered legitimate offensive research, are worried about another impending punch to the gut
Head-Scratching Begins on Proposed Wassenaar Export Control Rules(Threatpost) Two things worth noting from yesterday's unveiling of the Bureau of Industry and Security's proposed Wassenaar rules for the U.S. that weren't so overt: a) The U.S. generally leads the way in implementing Wassenaar changes, and this time it's been beaten by the EU by almost 18 months; and b) requests for comments, such as the 60-day period that opened yesterday, are uncommon
Rand Paul's NSA Filibuster: His Notable Quotes(Real Clear Politics) In an impassioned rebuke of the National Security Agency's surveillance capabilities, Sen. Rand Paul spoke for more than 10 hours on the Senate floor Wednesday to filibuster a Patriot Act provision used to legally justify the bulk collection of telephone data
Australia a leader in hacking mobile phones, Snowden document reveals(Sydney Morning Herald) Australia's electronic espionage agency has exploited weaknesses in a mobile browser used by hundreds of millions worldwide and planned to hack into smartphones through data links to the Google and Samsung app stores, a leaked top secret intelligence document has revealed
Usama bin Ladin Document Release(IC on the Record) Today the ODNI released a sizeable tranche of documents recovered during the raid on the compound used to hide Usama bin Ladin
Confessions of a Jihadi Nerd: A Guide to Reading the New Bin Laden Documents(War on the Rocks) Today, the Office of the Director of National Intelligence released a new batch of declassified documents recovered during the raid to kill Osama Bin Laden in Pakistan. Like most terrorism researchers (nerds), I am excited to see these documents finally come to light as I think they provide a much needed window for the public to see inside al Qaeda?s operations and thinking. These documents will provide excellent primary source material for researchers and ideally yield insights into how terrorist groups operate — illuminating their vulnerabilities and offering solutions to mitigate their violence
Cracking down on poor cyber hygiene(FCW) Defense Department Chief Information Officer Terry Halvorsen is taking a no-holds-barred approach to DOD network users with sloppy cyber habits
Litigation, Investigation, and Law Enforcement
A Review of the FBI's Use of Section 215 Orders(US Department of Justice, Office of the Inspector General) This Executive Summary provides a brief overview of the results of the Department of Justice (Department or DOJ) Office of the Inspector General's (OIG) third review of the Federal Bureau of Investigation's (FBI) use of the investigative authority granted by Section 215 of the Patriot Act
Audit finds Coast Guard still lacks strong organizational approach to safeguard data(FierceHomelandSecurity) The Coast Guard has made progress in protecting personal and health data, but organizational challenges such as a lack of coordination among its privacy offices, incomplete contingency planning and infrequent security reviews of physical facilities could still put data at risk, a Homeland Security Department audit found
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
SIN 2015(Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.
SOURCE Conference(Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...
HITBSecConf2015 Amsterdam(De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...
7th International Conference on Cyber Conflict(Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...
1st Annual Billington Corporate Cybersecurity Summit(New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...
Atlanta Secure World(Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Techno Security & Forensics Investigations Conference(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...
Mobile Forensics World(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...
TakeDownCon: Capital Region 2015(East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
School on Computer-aided Cryptography(College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing...
AusCERT2015: Smarten up(RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage...
NSA SIGINT Development Conference 2015(Fort Meade, Maryland, USA, June 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...
ASIA (Annual Symposium on Information Assurance)(Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.