In the US, the IRS discloses a compromise of some 100,000 taxpayers' personal information. The IRS's "Get Transcript" online service was the attackers' apparent point of entry: they were able to use stolen personally identifiable information (PII) to gain access to records. Krebs notes that tax agency issues in the US are cascading to state revenue agencies. Others note that the breach offers an object lesson in why PII are valuable in enabling other attacks.
Iran claims it thwarted a US cyber attack on its oil ministry.
Moroccan hacktivists deface sites belonging to the Nepalese embassy in the US to express distaste for US policy.
Core Security demonstrates a proof-of-concept exploit against a Windows Group Policy flaw, MS15-011, patched in February.
New Android ransomware distributed in a very aggressive campaign comes with an unusually convincing spoof of an FBI warning.
New router exploits are giving particular attention to social networks.
Dark Reading runs two interesting pieces on cyber crime. One describes the activities of a lone-wolf, petty skid, the other the high-end connections between nation-state security services and organized cyber crime.
In industry news, Bain acquires Blue Coat for a reported $2.4 billion. Homeland Security Today offers a summary of recent cyber mergers and acquisitions.
Several articles offer views on the possibilities and pitfalls of cyber threat intelligence sharing.
The White House scowls at Congress (and they're looking at you, Senator Paul) over failure to enact cyber legislation.
Target's data breach settlement with MasterCard is said to have fallen apart.
Today's issue includes events affecting Iran, Morocco, Nepal, Russia, United Arab Emirates, United Kingdom, United States.
We're covering the inaugural Billington Corporate Cyber Security Summit in New York today. We're tweeting the proceedings today; we'll have a full report in tomorrow's issue.
IRS hacker attack puts US tax payers at risk(We Live Security) The IRS, the United States government agency for collecting taxes, has admitted that for more than two months malicious hackers targeted its systems, and managed to gain access to information about more than 100,000 tax payers
IRS: Crooks Stole Data on 100K Taxpayers Via 'Get Transcript' Feature(KrebsOnSecurity) In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service (IRS) were using the IRS's own Web site to obtain taxpayer data needed to complete the phony requests. Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year
Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings(Threatpost) Attacks targeting small office and home router DNS settings, long a target for network intruders seeking to redirect web traffic to malicious sites, have for the first time been included in an exploit kit — one that specializes in cross-site request forgery attacks
Is It Possible for Passengers to Hack Commercial Aircraft?(Wired) When security researcher Chris Roberts was removed from a United fight last month after tweeting a joke about hacking the plane's inflight entertainment system, the security community was aghast at the FBI's over-reaction and United's decision to ban him from a subsequent flight
NATS failure down to bug from the 90s and redundant code(ComputerWeekly) A bug present in the National Air Traffic Services (Nats) IT system since the 1990s has been identified as the root cause of the five-hour outage of UK air traffic control on 12 December 2014, according to an independent inquiry
Why insider threats are succeeding(Help Net Securiy) Data leaks and other news events over the past few years have brought insider threats to the forefront of public attention, but most companies still lack the means or motivation to protect themselves from malicious insiders
Cybersecurity M&As And VC Investments Roundup(Homeland Security Today) The cybersecurity market is hot and growing fast, with projected growth from $71 billion in 2014 to more than $155 billion by 2019. Along with that, there's a consistent stream of mergers, acquisitions and VC investments activity
Blue Coat acquired for $2.4 billion(ChannelLife) Bain Capital, the private investment firm, has acquired Blue Coat from Thoma Bravo in an all-cash transaction valued at approximately $2.4 billion
Developers hope that new gizmo will bring an old idea back into fashion(Ars Technica) South African Security firm Thinkst is hoping to give new life to an old idea — the honeypot — in a bid to help organizations detect security breaches and intruders in their private networks. Thinkst's Canary is a simple network appliance and corresponding online monitoring service that makes it easy to set up juicy-looking targets on the corporate LAN that will sound the alarm if any attempt is made to access them
10 Threat Intelligence Goals for Financial Institutions(Recorded Future) Russell Pierce, Vice President of Cyber Security and Threat Intelligence at Regions Financial Corporation recently shared his experiences with building a threat intelligence program, and how Recorded Future contributes to its overall success
Breach detection: Five fatal flaws and how to avoid them(Help Net Security) When the Sarbanes-Oxley Act of 2002 was passed, it fell on corporate security teams to translate its requirements into technical controls. That threw the IT Security function into the deep end of the pool, and it has been sink or swim ever since
Digital Forensics and the Futuristic Scene-of-Crime(Tripwire: the State of Security) Over the years, I have written multiple articles on the subject of digital or cyber forensics and the importance it serves in supporting the modern world with regards to corporate and government incident response, first responder engagements, and more general aspects of scene-of-crime management in the digital age
Will Your Contractors Take Down Your Business?(Infosec Island) Do you know how well your vendors, business associates, contracted third parties (who I will collectively call "contractors") are protecting the information with which you've entrusted them to perform some sort of business activity? You need to know
Crystalline Cipher and cryptography snakeoil(MaldrÛid) Martijn Grooten on Twitter (with his signature sarcastic undertone) posed a weekend challenge for anyone interested in cryptography: have fun with Crystalline Cipher and show that it is fundamentally broken. Now, I've met with Martijn only once, but from that meeting I gathered that he really loves mathematics, at least as much as I do, and has a great understanding of cryptography
Open Letter to the Commerce Department and Legislators, Regarding Wassenaar(Zdziarski's Blog of Things) I am a published and respected forensics expert who pioneered the very first forensic techniques to extract data from the iPhone as early as 2008.. Since then, I have spend several years, and much of my time, assisting numerous law enforcement and military agencies around the world, including our own
Using Middle Finger Emoji In UAE: A Crime That Could Land You In Court(HackRead) If you are living in UAE, you should know the dangers of flipping middle finger at someone as it could land you in prison. Nonetheless, legal experts have now also cautioned that sending an 'emoji' finger-flick gesture in a message or on social media could also land you in hot waters
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Suits and Spooks All Stars 2015(New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues —...
New York Metro Joint Cyber Security Conference(New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters
2015 Cyber Risk Insights Conference(New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20,...
SOURCE Conference(Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...
HITBSecConf2015 Amsterdam(De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...
7th International Conference on Cyber Conflict(Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...
1st Annual Billington Corporate Cybersecurity Summit(New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...
Atlanta Secure World(Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Techno Security & Forensics Investigations Conference(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...
Mobile Forensics World(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...
TakeDownCon: Capital Region 2015(East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
School on Computer-aided Cryptography(College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing...
AusCERT2015: Smarten up(RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.