ISIS continues to post grim video online, and to reach its target demographic.
The US Navy mulls implications of potential Russian undersea cable tapping (or cutting).
Anonymous begins its promised "@OperationKKK."
The DCI–AOL–account–hacking Crackas with Attitude (still at large) release to Wikileaks some information related to US President Obama's national security transition team.
Vodaphone, which indicates that it stopped a potentially more serious breach before it got too far, discloses that 1827 customers may have had their personal data exposed. The telecom has blocked affected accounts.
Security experts take a look at TalkTalk's website and say they discern at least eleven vulnerabilities there. Some speculate such vulnerabilities may have attracted last month's hackers to the telecom. In the meantime British police arrest a third suspect in connection with the incident, this one a venerable twenty-year-old. TalkTalk's CEO Harding declines to resign.
There's much talk (as there often is) about the vastly expanded attack surface the burgeoning Internet-of-things is presenting. Some of that talk is fueled by newsman Ted Koppel's study of US power grid vulnerability to cyber attack (the Washington Post has a long précis by the author).
In industry news, HP has split, and the new Hewlett Packard Enterprise invites all to think of it as a startup. Investors discuss cyber story stocks FireEye and Imperva. Hacking Team returns to the lawful intercept market. Unicorn Avast plans no IPO earlier than 2017.
EU-US Safe Harbor seems set to return. UK's surveillance bill is debated, as is the US CISA.
Today's issue includes events affecting Australia, Belgium, China, European Union, France, Iraq, Israel, Netherlands, Philippines, Russia, Sweden, Syria, Thailand, United Kingdom, United States.
We'll be headed to Washington tomorrow afternoon to cover the SINET Showcase 2015. Full reports will appear Wednesday and Thursday.
Hackers release info on Obama's national security transition team(C4ISR & Networks) The slow drip of information allegedly stolen from CIA Director John Brennan's personal email account continues to find its way onto WikiLeaks, with a list of personal information about 20 members of President Obama's transition team added to the leak in the most recent post on Oct. 26
Experts say TalkTalk had 11 serious website vulnerabilities(Financial Times) TalkTalk had at least 11 separate serious vulnerabilities in its website and may have enticed criminals to target it after revealing security weaknesses in a public tweet two months ago, according to cyber security experts with detailed knowledge of the hack attack on the telecoms group
Setting the Record Straight on Moplus SDK and the Wormhole Vulnerability(TrendLabs Security Intelligence Blog) A vulnerability known as Wormhole that reportedly affected the software development kit (SDK), Moplus by Baidu is making waves due to the severity of the impact once successfully exploited. The said vulnerability was discovered by WooYun.og, a vulnerability reporting platform in China
Critical gov't infrastructures become targets(Manila Bulletin) In developed economies, a recent study by Trend Micro showed that critical government infrastructures are increasingly compromised to cyber threats
Read more at http://www.mb.com.ph/critical-govt-infrastructures-become-targets/#1ecyxv7BJ4MWUuBj.99
The coming smart-thing apocalypse(Engadget) Like some people I know familiar with the ins and outs of digital surveillance (and startle like housecats when an app makes a geolocation request) I don't own any "smart" home items
Hacking of "Unregulated Data" Poses Big Risk to Firms(Wall Street Journal) When Sony Pictures Entertainment was hacked last year, some of the most damaging data released were emails revealing movie scripts, gossip and personal details on Hollywood stars, as well as discussions about internal investigations into potential corporate wrongdoing
Internet malwares threaten PH industries(Standard) All over the world, the threat of a digital infrastructure crashing is as valid as an earthquake decimating a 50-story building or a series of typhoons striking without any preamble, ruining everything on their path
CSOs demanding more from cybersecurity tech(CSO) CSOs and CISOs are becoming more powerful, and their wielding that power to demand more from their technology vendors, to throw out underperforming tech, and to take more risks on new and innovative approaches
U.S. Tech Giants May Blur National Security Boundaries in China Deals(New York Times) One Chinese technology company receives crucial technical guidance from a former People's Liberation Army rear admiral. Another company developed the electronics on China's first atomic bomb. A third sells technology to China's air-to-air missile research academy
Pentagon Creates Cybersecurity Exchange Program With Industry(Bloomberg) The U.S. Defense Department is sending career personnel on tours with private cybersecurity companies and bringing in specialists from those companies to gain the skills necessary to defend military networks from hackers, the Pentagon's chief information officer said
Rich A. Fennessy Appointed CEO of Kudelski Security(BusinessWire) The Kudelski Group (SIX:KUD.S), the world's leading independent provider of media content protection and value-added service technology, announced today the appointment of Rich A. Fennessy as Group Senior Vice President — and CEO of Kudelski Security
Why The Time Has Come For Penetration Testing On IBM i(IT Jungle) Home Depot's point of sale (POS) system was breached in 2014, comprising information on 53 million accounts. A year before, Target's POS was breached, putting data from at least 40 million customers in jeopardy. In both cases, the retailers were deemed "compliant" with Payment Cardholder Initiative (PCI) data security standards. But obviously there's a big difference between complying with security regulations and actually having good security, and that's true whether your shop runs on IBM i or any other platform
Security tools' effectiveness hampered by false positives(CSO) Thanks to technologies such as intrusion detection systems, services such as threat intelligence and other emerging sources of information, security programs today are gathering unprecedented amounts of data about threats and attacks
How to win the cyber security arms-race(Manchester Evening News) As shares in TalkTalk are beginning to recover following a serious security breach, we speak to north west IT firms on how to win the war again cyber attacks
Three Questions about Online Security(Talkin' Cloud) When you give your personal information to a financial institution, government or insurance company, you have a certain level of trust that they will do everything in their power to keep it safe
Disaster Recovery Starts with a Plan(Internet Storm Center) One of the security questions being asked of security professionals, by business executives these days, from both internal and external entities, is "What is the status of our Disaster Recovery plan?"
The day is not far for four factor authentication: Gemalto(CIOL) Atul Singh, Regional Director, India sub-continent, Banking, Transport & Telecom Solutions, Gemalto, in a free-wheeling interview with CIOL, discusses newer demands from the BFSI segment on security vendors, and the importance of four factor authentication
Businesses braced for bout of regulation on cyber security(Financial Times) Companies around the world are bracing themselves for an avalanche of cyber security regulation, as governments scramble to introduce rules forcing corporate groups to build stronger defences against catastrophic hacks
Thai military stresses need for cyber vigilance(Thai Visa News) The military yesterday stressed the need for cybersecurity readiness at the national level, as the country still only maintains preparedness at the military and ministry level
Digital Minister demands "Kite Marks" for Websites(Check & Secure) Since the colossal data breach that has brought TalkTalk to its knees in recent weeks, the first voices of discontent can be heard ringing from the front benches of the House of Commons. Something must be done, say the government, to improve the nation's cyber security. Surely, the answer is regulation and standardisation of website security measures. Or is it?
Federal cyber strategy plan released(Federal Times) Cybersecurity has become a central focus for the federal government and now agencies have new guidance on where their cybersecurity posture should be and how to get there
Modernizing Federal Cybersecurity(The White House) Today, the Administration directed a series of actions to continue strengthening Federal cybersecurity & modernizing the government's technology infrastructure
The impact of the Senate's passage of the CISA(Security InfoWatch) On Tuesday, the U.S. Senate overwhelmingly passed the Cybersecurity Information Sharing Act (CISA), which, in short, is designed to fight the growing problem of corporate data breaches by allowing individual companies to share their cybersecurity threat data with the government, which would theoretically use it to defend the target company and others facing similar attacks
Smooth sailing for cyberbill? Not so fast(Washington Examiner) The Senate's overwhelming passage of cybersecurity legislation last week should set the stage for quick final action on an issue of vital importance to the nation's economy and security
Stop CISA!(Network World) Fundamentally flawed cybersecurity legislation will have a marginal impact of risk mitigation while further eroding privacy protection and U.S. credibility abroad
Real-world roadblocks to implementing CISA(Help Net Security) The recent approval of CISA (the Cybersecurity Information Sharing Act) by the US Congress and Senate is paving the way for broader security collaboration
Crypto is For Everyone — and American History Proves It(EFF) Over the last year, law enforcement officials around the world have been pressing hard on the notion that without a magical "backdoor" to access the content of any and all encrypted communications by ordinary people, they'll be totally incapable of fulfilling their duties to investigate crime and protect the public
What new DMCA rules mean for medical device research(Christian Science Monitor Passcode) This week the Library of Congress issued exemptions to the Digital Millennium Copyright Act that pave the way for independent researchers to begin examining medical devices for software flaws
DNI Releases Budget Figure for the 2015 National Intelligence Program(IC on the Record) Consistent with 50 U.S.C. 3306(b), the Director of National Intelligence is disclosing to the public the aggregate amount of funds appropriated by Congress to the National Intelligence Program for Fiscal Year 2015 not later than 30 days after the end of the fiscal year
The European Parliament is Wrong on Edward Snowden and National Security(Daily Signal) On Oct. 29, the European Parliament approved a resolution (passed by 285 votes to 281) calling "on European Union Member States to drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties, in recognition of his status as whistleblower and international human rights defender"
Litigation, Investigation, and Law Enforcement
Full 4th Circuit will hear cellphone tracking appeal(Daily Record) In a case involving convicted Baltimore bank robbers, the full 4th U.S. Circuit Court of Appeals said it will consider whether police need a search warrant to get the cellphone-tower records of suspected criminals in an effort to track down their whereabouts when the crime was committed
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Inside Data Science 2015(Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and...
NICE 2015 Conference and Expo(San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...
SINET Showcase 2015: "Highlighting and Advancing Innovation"(Washington, DC, USA, November 3 - 4, 2015) SINET Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators...
4th International Internet-of-Things Expo(Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and...
RSA Conference 2015 Abu Dhabi(Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective
ICMC (the International Cryptographic Module Conference)(Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography...
2nd Annual Journal of Law and Cyber Warfare Conference(New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber...
Start with Security(Austin, Texas, USA, November 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will...
After the Shift: Securing Tomorrow's Payment Technology(Washington, DC, USA, November 5, 2015) From encryption to tokenization, what does the future hold for keeping consumer data safe? Policymakers, industry leaders, and technology experts will explore the cutting edge of cyber technology and discuss...
University of Phoenix® Technology Conference(Arlington, Virginia, USA, November 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security,...
Cyber³ Conference: Crafting Security in a less Secure World(Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders,...
FedCyber 2015(Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who...
First International Conference on Anti-Cybercrime (ICACC-2015)(Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...
Black Hat Europe(Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.