The US Government is said to be detecting a flurry of Iranian hacking, for the most part directed at email and social media accounts of Government officials. Press speculation connects the activity with the recent arrest of an Iranian-American businessman in Teheran on espionage charges.
ISIS operatives in social media appear to be slipping into what Gawker calls "Twitter drama" of a kind familiar to anyone who misspends too much time in such online interactions. Analysts offer thoughts on how ISIS opponents might seek to alienate ISIS members from their cause.
A Passcode opinion piece thinks the Russian threat to undersea cables "overblown," not because its difficult to cut cables (it isn't), but because the large number of such cables offers significant redundancy. Still, the US Congress is asking the Executive Branch for its assessment of that risk.
Hard-to-remove "auto-rooting" Android exploits circulate in the wild. Trojanized apps prove a threat. OmniRAT, which can afflict Windows, OS X, and Android devices, is selling for $25 a pop on the black market. New DDoS attacks are hitting email and MySQL servers.
Observers comment on the PageFair and TalkTalk incidents (PageFair gets good reviews for prompt and direct disclosure). The Parliamentary committee looking into the TalkTalk breach draws ironic comment — its own website apparently has significant vulnerabilities.
Other (fussy? unrealistic?) ironists take the UK's GCHQ to task for double-mindedness over encryption: GCHQ pushes encryption's use internally but would restrict outsiders from enjoying its benefits.
Some cyber-rattling in the US over offensive capability.
Today's issue includes events affecting China, Iran, Iraq, Ireland, Japan, Russia, Syria, United Kingdom, United States.
Dateline SINET Showcase 2015
SINET Showcase 2015(SINET) SINET Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements
Even ISIS Guys Have Twitter Drama(Gawker) The scariest thing about ISIS (if, like most Americans, you are in no actual danger of coming into contact with ISIS) is that the more members (or fanboys) you follow on Twitter, the more they resemble you and your friends, in that we are all petty idiots. Today, one militant is taking a break from building the Caliphate to beef with some guy on social media
Why the Russian threat to undersea cables is overblown(Christian Science Monitor Passcode) Even if Russian submarines clipped underwater communications cables, the Internet would survive. The global Internet operates on enough undersea fiber-optic cables to withstand sabotage from militaries, vandals, and errant anchors
Murphy, other senators want enhanced security of undersea communications cables(New London Day) A small, bipartisan group of senators including Chris Murphy, D-Conn., have written to the secretaries of defense, state and homeland security, asking for information on "steps taken to enhance the security of our vital undersea network," after recent reports of Russian ships operating near undersea fiber optic cables
A Technical Look At Dyreza(Malwarebytes Unpacked) In a previous post we presented unpacking 2 payloads delivered in a spam campaign. A malicious duet — Upatre (malware downloader) and Dyreza (credential stealer). In this post we will take a look at the core of Dyreza — and techniques that it uses
Fujitsu UK Tracks Dridex, Using Recorded Future(Recorded Future) Companies contend with an ever-changing security landscape, which brings a range of strategic and operational demands including continuously evolving external and internal threats, the risk of data leaks and loss of intellectual property, and increasing compliance and regulatory requirements
A Tale of Shifu and its Attempt to Bypass FortiSandbox(Fortinet) Over the last few months, the Shifu banking Trojan has become more common in the wild prevalent and the malware family has been getting a fair amount of attention both from researchers and the mainstream media
Malware Used to Launch DDoS Attacks(InfoRisk Today) Attackers have been using the Chikdos malware to compromise high-bandwidth MySQL servers around the world for the purpose of launching distributed denial-of-service attacks, according to security firm Symantec
Cybersecurity and the risk to reputation(Alva Group) TalkTalk's announcement of a data breach on October 22 is the latest in a long line of similar incidents which have affected companies including Sony, Ashley Madison, Barclays and Carphone Warehouse amongst others
IBM's SoftLayer Pegged as Number One Spammer(Infosecurity Magazine) IBM subsidiary SoftLayer Technologies has been accused of being the world's largest spammer with levels of unsolicited mail sent by the company rising seven times since a year ago
MobileIron blacklists Dropbox, OneDrive(IT Pro Portal) MobileIron has released a list of apps that pose the biggest security risk to enterprises and, among the blacklisted apps are Dropbox and OneDrive
Hello World Meets Hello Barbie(Dragon News) Who can honestly say they didn't, at some point in their childhood, wish their toys would come alive? Or at the very least, care for a beloved item as if it already were?
Opinion: The troubling Stuxnet effect(Christian Science Monitor Passcode) The computer virus used against the Iranian nuclear program did not help seal the nuclear deal with Tehran. It did, however, launch a global cyberarms race
Cybersecurity Is On Everyone's Mind(CWC 70) Learn what is being done to tackle some of the exceptional challenges we will face as the Internet Of things (IOT) rapidly grows all around us. Candid talks with Chuck Brooks, formerly of Department of Homeland Security, on what lies ahead for cyber security
Proofpoint Acquires Socialware(Proofpoint) We at Proofpoint are happy to announce the acquisition of Socialware. Founded in 2009, Socialware is a leading player (along with Proofpoint's Social Media and Compliance group) in the social media security and compliance market
Oasis Systems Acquires MAR Incorporated(BayStreet) Oasis Systems, a leading provider of Information Technology, Systems Engineering and Enterprise Applications to the Department of Defense, announced today that it acquired Maryland-based MAR, Incorporated in an all-cash transaction
GRC Bullseye? RSA Updates Archer Platform(IT Trends & Analysis) EMC's RSA Security division has announced a new release (6.0) of its Archer Goverance, Risk and Compliance (GRC) Platform at this week's RSA Conference Abu Dhabi
Five moves for every new CISO's playbook(CSO) CISOs are pulling up roots and moving to new companies at a rapid pace as demand grows for leaders with cyber and information security expertise and salaries skyrocket. Many veteran infosec professionals are also joining the CISO ranks for the first time as companies add the position to their C-suites
Embedded systems face design, power, security challenges(EDN Network) As the market for embedded systems grows dramatically, all eyes are turning to embedded systems designers who are tasked with combining microprocessors, connectivity, and operating systems that span a wide range of applications from the tiniest IoT device to those embedded in large networking systems
Intel Primes The Internet Of Things Pump(InformationWeek) Intel has enhanced its Internet of Things platform, including new forms of silicon for "smart" things, partnering with other companies to put it to use
Britain Announces Plan to Update Surveillance Laws(New York Times) Stirring a fraught debate about the balance between security and privacy, the British government on Wednesday proposed tougher scrutiny over snooping by spy agencies, but also said it wanted technology companies to store data about every Briton's Internet use for a year
Down With Big Brother — UK Police to get new Cyber Powers(Check & Secure) How controllable is the internet? That really is the question for a lot of the world's most powerful governments (and some of the less powerful ones too), but it is a conundrum bordering on an obsession for the powers that be in the UK Government at the moment
UK Government Works on Restricting Encryption, Urges Staff to Use It(Motherboard) Today, the UK government will announce details of the Draft Investigatory Powers Bill, a piece of legislation that will propose sweeping surveillance powers for law enforcement. These are expected to include the retention of citizens' internet browsing history, and restrictions on encryption
President Obama: Be ready to pull the trigger on Chinese hacking(American Enterprise Institute) At the September summit between President Barack Obama and Chinese President Xi Jinping, the two leaders reached what was counted as a major breakthrough — and concession to the United States — when they agreed that "neither country's government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors"
De-escalation Is The Answer To Today's Growing Cyber Tension(TechCrunch) Leading up to Chinese President Xi Jinping's visit to the United States, media buzzed with talk of an unprecedented cybersecurity agreement on par with previous governance around the creation and handling of nuclear, chemical and biological weapons
Pentagon Contractors Developing Lethal Cyber Weapons(Nextgov) Under a forthcoming nearly half-billion-dollar military contract, computer code capable of killing adversaries is expected to be developed and deployed if necessary, according to contractors vying for the work and former Pentagon officials
Senate Passes Cybersecurity Information Sharing Act: Where Do We Go From Here?(National Defense) The U.S. Senate last week overwhelmingly passed the Cybersecurity Information Sharing Act of 2015. It is the most significant cyber security bill to pass the Senate in a decade. CISA seeks to improve the nation's cyber security posture and improve information sharing between government and industry
Homeland Security Boss Reports Progress Rolling Out Security System(Foreign Policy) Homeland Security chief Jeh Johnson had some good news Wednesday about Washington's cybersecurity efforts: 47 percent of government websites have installed advanced systems for preventing devastating hacks from countries like China. He also had some bad news: more than half of the government's sites may still be vulnerable
OPM Hires New Cyber Adviser(Nextgov) The Office of Personnel Management is hiring a new senior adviser in an effort to fulfill its cybersecurity improvement plan from the summer, the agency announced Wednesday
Oversight Committee Announces FITARA Scorecard(House Oversight and Government Reform Committee) Today, Members of the House Oversight and Government Reform Committee released a scorecard assigning letter grades to federal agencies on their implementation of the bipartisan Federal Information Technology Acquisition Reform Act (FITARA), enacted in December 2014
Litigation, Investigation, and Law Enforcement
U.K. lawmakers start inquiry into TalkTalk hack(Reuters) British lawmakers will hold an inquiry into the circumstances surrounding a cyber attack on telecom firm TalkTalk, which was initially thought to have put the private details of over 4 million customers at risk
Pentagon Farmed Out Its Coding to Russia(Daily Beast) The Pentagon was tipped off in 2011 by a longtime Army contractor that Russian computer programmers were helping to write computer software for sensitive U.S. military communications systems, setting in motion a four-year federal investigation that ended this week with a multimillion-dollar fine against two firms involved in the work
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CyberPoint 2nd Annual Women in Cyber Security Reception(Baltimore, Maryland, USA, November 19, 2015) CyberPoint International announces its 2nd Annual Women in Cyber Security Reception to be held on November 19, 2015. Bringing together women from across the region and all different points on the career...
TU-Automotive Cybersecurity USA 2016(Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.
MCRCon 2016: Some Assembly Required(Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...
4th International Internet-of-Things Expo(Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and...
RSA Conference 2015 Abu Dhabi(Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective
ICMC (the International Cryptographic Module Conference)(Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography...
After the Shift: Securing Tomorrow's Payment Technology(Washington, DC, USA, November 5, 2015) From encryption to tokenization, what does the future hold for keeping consumer data safe? Policymakers, industry leaders, and technology experts will explore the cutting edge of cyber technology and discuss...
2nd Annual Journal of Law and Cyber Warfare Conference(New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber...
Start with Security(Austin, Texas, USA, November 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will...
University of Phoenix® Technology Conference(Arlington, Virginia, USA, November 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security,...
Cyber³ Conference: Crafting Security in a less Secure World(Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders,...
FedCyber 2015(Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who...
First International Conference on Anti-Cybercrime (ICACC-2015)(Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...
Black Hat Europe(Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...
Pen Test Hackfest Summit & Training(Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.
Cybersecurity, the SEC and Compliance(New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity...
CyberCon 2015(Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data
Internet-of-Things World Forum 2015(London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
2015 U.S. Cyber Crime Conference(National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...
DefCamp6(Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.