Spiegel reports that the Bundesnachrichtendienst (BND) has in fact conducted electronic surveillance of allies, which Spiegel thinks reflects badly on the agency, given Chancellor Merkel's assertions to the contrary.
Australian MPs are up in arms over allegations that Russian and Chinese intelligence services attempted (with unclear success) to penetrate shipbuilders in France, Germany, and Japan (all of whom are bidding to construct Australia's next generation of submarine).
The Twitter account of Israel's Ha'aretz may have been briefly hijacked by Palestinian hacktivists.
The Crackas-with-Attitude (doubling down on their avowed pro-Palestinian inspiration) resurfaced Friday to claim they'd gotten into the Joint Automated Booking System (JABS), a portal used by US law enforcement authorities. So far their claim is supported by an apparent JABS screenshot.
Anonymous retracts some of #OpKKK's Ku Klux Klan outings.
FoxGlove Security reports finding remote code remote code execution vulnerabilities in the Java library Apache Commons Collections.
Recorded Future documents Flash's popularity with cyber criminals: it contributes eight of the top ten vulnerabilities used in exploit kits this year.
SINET 16 winner Onapsis reports vulnerabilities in SAP HANA systems, and offers mitigations.
Another SINET 16 winner, Secure Islands, is acquired by Microsoft.
BlueCoat is reported to be purchasing Elastica.
Stock analysts continue to look at last week's cyber selloff, especially FireEye's decline. Most see FireEye's drop as caused by stiffer competition (and some see difficulty integrating Mandiant) but FireEye executives add to their positions in their company.
Europe thinks the next move in Safe Harbor goes to the Americans.
Today's issue includes events affecting Angola, Argentina, Australia, Austria, Belgium, Canada, China, European Union, France, Germany, Greece, Bailiwick of Guernsey, India, Israel, Italy, Japan, Bailiwick of Jersey, Isle of Man, Mozambique, NATO, Palestine, Philippines, Portugal, Russia, South Africa, Spain, Sweden, Switzerland, Taiwan, United Kingdom, United States, Vatican.
We'll be observing Veterans Day this Wednesday, and the CyberWire will take a day off. We'll resume normal publication Thursday.
Cyber Attacks, Threats, and Vulnerabilities
Governments and NGOs: Germany Spied on Friends and Vatican(Spiegel) Efforts to spy on friends and allies by Germany's foreign intelligence agency, the BND, were more extensive than previously reported. SPIEGEL has learned the agency monitored European and American government ministries and the Vatican
Anonymous "unhoods" alleged KKK members but innocents are smeared(Naked Security) Members of the loose hacker collective Anonymous followed through on a pledge to release the names of members of the Ku Klux Klan, but #OpKKK was flawed from the get-go by uncoordinated document dumps and smearing of innocent people who are in no way connected to the KKK
Leaky mobile phones are 'betraying' us(Naked Security) Mobile apps are regularly leaking information to third parties, according to research from the Massachusetts Institute of Technology (MIT), Harvard, and Carnegie-Mellon
Is Your Business Still Running Infected Apple Apps?(Small Business Trends) When Apple found out XcodeGhost had infected more than 4,000 applications in its Apple Store recently, the company took immediate actions to identify the infected apps and remove them from its App Store. Apple then released a set of new security features to stop this activity
DRIDEX: Down, But Not Out(TrendLabs Security Intelligence Blog) On October 13, American and British law enforcement took action against the notorious DRIDEX botnet with the goal of stopping the activities of the notorious online banking threat
Encrypted email provider ProtonMail caves in to extortion, hands over $6000(Naked Security) Swiss–based encrypted email provider ProtonMail — developed at the CERN research facility in 2013 to withstand surveillance by the world's increasingly inquisitive intelligence agencies — has revealed that it handed over 15 bitcoins (about $6000/£4000) to stop a Distributed Denial of Service (DDoS) attack
Ransomware Now Gunning for Your Web Sites(KredsOnSecurity) One of the more common and destructive computer crimes to emerge over the past few years involves ransomware — malicious code that quietly scrambles all of the infected user's documents and files with very strong encryption
The kernel of the argument(Washington Post) Fast, flexible and free, Linux is taking over the online world. But there is growing unease about security weaknesses
The Top 5 Data Breach Vulnerabilities(Forbes) In previous blogs I've focused on some very specific data breaches and specific defense mechanisms. I often find CEOs, particularly owners of small businesses, who don't know how to approach security, or even if they have a firewall in place
Security Like the Dickens(PYMNTS) With the holiday shopping season upon us and projections for consumer spending looking rosy, retailers are certainly keeping a keen eye on security issues that could shake consumer confidence and cut into profits
FireEye: Is the Selling Deluge Overdone?(Motley Fool) The rapidly growing cybersecurity company missed expectations on a key metric and lowered full-year guidance. Did investors overreact in the ensuing sell-off?
FireEye's Stock Is Collapsing for One Key Reason(DCInno) Mandiant, an Alexandria, Va.-based cyber forensics company that was acquired in January 2014, may be at the heart of FireEye's (FEYE) recent stock woes, according to FBR Capital Markets analysts
CloudFlare Supplies Security At Network's Edge(InformationWeek) CloudFlare is a startup that has invested in security-as-a-service, and distributes it with a low latency to the edge of the network. Microsoft, Google, and others have taken notice
Why Depending on Cyber Risk Assessments is a Risk(SecurityWeek) Just this past week, a recent study hit the news that concluded — as many studies have before it — that the Transportation Security Administration (TSA) is fundamentally not effective at making air travel more secure in a post-9/11 world
EMV's Real Disruption Is for Online Payments(Payments Source) The EMV deadline has come and gone, and customers and retailers alike are realizing that they need to understand and adapt to the new payment reality both online and offline
Japan to heighten cyber security(Daijiworld) Prime Minister Shinzo Abe on Friday said Japan will take all possible measures to heighten computer security ahead of next year's G-7 summit and the Tokyo Olympics in 2020
DoD issues cyber-risk memo for weapons-buying(C4ISR & Networks) The Defense Department's acquisition chief is targeting the integration of cybersecurity into military acquisition, recently issuing new guidance that revises existing policies and emphasizes information assurance and systems resiliency
GCHQ and NCA join forces to police dark web(ComputerWeekly) GCHQ and the National Crime Agency are to track down paedophiles and serious online criminals by using the techniques and expertise used to find terrorists
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Energy Tech 2015(Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its...
Public Sector Cybersecurity Summit 2015(Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government...
NSA RCTCON(Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
FedCyber 2015(Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who...
First International Conference on Anti-Cybercrime (ICACC-2015)(Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...
Black Hat Europe(Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...
2015 U.S. Cyber Crime Conference(National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...
Pen Test Hackfest Summit & Training(Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.
CyberCon 2015(Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data
Cybersecurity, the SEC and Compliance(New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity...
Internt-of-Things World Forum 2015(London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
Internet-of-Things World Forum 2015(London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.