Anonymous counts coup against Belgian governmental sites, including the Prime Minister's own.
A new zero-day hits Adobe Flash, apparently effective even against fully patched versions. Trend Micro attributes the infections to Pawn Storm, a threat group that's operated a long-running cyber espionage campaign, many of whose targets have been journalists. Many speculate that it's a Russian government operation (apply the usual denials, disclaimers, and dudgeon).
Rapid7 and Knowledge Consulting Group report finding a command-injection vulnerability in HP's SiteScope tool.
Proofpoint warns that the Vawtrak Trojan is back, and in a more virulent form.
US-CERT issues a warning about the Dridex peer-to-peer malware, mostly implicated in theft of banking credentials. But there's some good news here as well: a British-American law enforcement operation has succeeded in disrupting the criminal network that served Dridex up.
The Poodle vulnerability that barked so loudly last year appears to be exiting with a whimper.
Symantec warns that Android ransomware authors are using Google design principles to come up with more plausible, more effective bait.
A researcher demonstrates that Wi-Fi jamming is not only easier than generally believed, but it's cheaper, too.
Microsoft, Google, Adobe, and SAP issue patches. Microsoft SQL Server 2005 approaches the end of its life.
ICS security maven Joe Weiss will make our flesh creep in tonight's Nova documentary "CyberWar Threat."
The industry continues to process Dell's acquisition of EMC. Northrop Grumman protests Raytheon's $1B DHS cyber contract. Rapid7 buys Logentries; Wombat buys ThreatSim.
Observers still puzzle over the Sino-American cyber agreement.
Today's issue includes events affecting Belgium, China, India, Russia, Thailand, Ukraine, United Kingdom, United States.
US-China cyber agreement not a cure-all, says Jeh Johnson(FierceGovernmentIT) Recent commitments between China and the United States on cybersecurity are not a cure-all for the problems between the two powers in cyberspace, said Homeland Security Department Secretary Jeh Johnson during testimony last week
Strategic Development of Special Warfare in Cyberspace(Joint Forces Quarterly) Why are regional powers such as Iran and Russia better prepared for cyber-enabled special warfare operations than the United States? How do Iran and Russia empower their tactical operators, while the United States masses its cyber-authorities and cyber-capabilities at the strategic level? Why are U.S. policies, authorities, and doctrine for cyber-enabled special operations so immature despite their first announcement over 20 years ago?2 Although these are serious questions, what is even graver for the Nation is addressing the root question: How does the United States develop a strategic cyber-enabled special warfare capability?
Alert (TA15-286A) Dridex P2P Malware(US-CERT) Dridex, a peer-to-peer (P2P) bank credential-stealing malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control (C2). The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the Dridex botnet
AV Phone Scan via Fake BSOD Web Pages(Internet Storm Center) A few days ago, I found a malicious website which tries to lure the visitor by simulating a Microsoft Windows Blue Screen of Death (BSOD) and popping up error messages within their browser
SAP Security Notes October 2015 — Review(ERPScan) SAP has released the monthly critical patch update for October 2015. This patch update closes 29 vulnerabilities in SAP products, 15 of which are high priority, some of them belong to the SAP HANA security area
Cybersecurity expectations: Myth and reality(Help Net Security) Millennials in the U.S. and U.K. have almost entirely lost trust in government and business to protect their personal information online, according to Intercede
KEYW obtains Naval task order worth up to $13.5M(Seeking Alpha) The Naval Research Laboratory has granted KEYW (KEYW +0.1%) a contract to "provide a broad range of services including development, evaluation and integration of General Purpose Electronic Test Equipment as well as program specific software development." The contract has one base year and two one-year options, and a max value of $13.5M
Cyber Command Awards CACI $14 Million Extension For Continued Support(Defense Daily) Due to a delay in United States Cyber Command effort to consolidate a number of existing separate support contracts, the command has awarded CACI International [CACI] a one-year $13.8 million extension to continue support under a current task order for IT and research
Northrop Grumman Protests $1 Billion DHS Cyber Award To Raytheon(Defense Daily) Northrop Grumman [NOC] has protested the award of a potential $1 billion contract that Raytheon [RTN] won in September from the Department of Homeland Security (DHS) for support of a network security program.The protest was filed with the Government Accountability
Cylance Adds Art Coviello, Former CEO of RSA Security, to its Board of Directors(EIN) Cylance, the company that is revolutionizing cybersecurity with products and services that proactively prevent, rather than just reactively detect, advanced persistent threats and malware, today announced that Art Coviello, formerly CEO of RSA, and Executive Chairman of RSA, the security division of EMC, has joined its Board of Directors
Latest Kaspersky products address growing threat to online privacy(Nation) Kaspersky Lab, an international security software group operating worldwide and headquarteredin Moscow, yesterday launched its |latest products for home users — Kaspersky Antivirus Software (KAS 2016) and Kaspersky Internet Security Software (KIS 2016) - with localisation for the Thai market
Microsemi Rolls Out Secure Cryptography Cores(Social-Tech) Aliso Viejo-based semiconductor developer Microsemi said this morning that it has rolled out a portfolio of IP cores, in partnership with security and cryptography provider The Athena Group
Strengthening Cyber Risk Management in Commercial Real Estate(Wall Street Journal) As commercial real estate (CRE) companies step up their use of technologies such as cloud, mobile and social media to drive tenant engagement and operational efficiency, they could be increasing their vulnerability, as well of that of their tenants, to cyber risks
What will the cyber mission force look like?(Defense Systems) The Defense Department is steadily building and training its cyber force, and while it still has a ways to go on both fronts, it is putting teams to work as they are formed, DOD officials say
7 Components for Cybersecurity Readiness(InfoRisk Today) U.S.-based Melissa Hathaway, a senior fellow at the Potomac Institute for Policy, has developed a cyber readiness index, compiled with information drawn from 125 countries to help enterprises in evolving a resilient cybersecurity model
Sanders would 'absolutely' end NSA spying(The Hill) Sen. Bernie Sanders would "absolutely" end sweeping surveillance powers at the National Security Agency, he said during the first Democratic presidential debate on Tuesday
John McAfee on the Cyber Party platform(CSO) In this segment of The Irari Report interview with security icon and presidential candidate John McAfee, Ira Winkler and Araceli Treu Gomes ask McAfee about the political party that he formed, The Cyber Party. McAfee tells Ira and Ari about the Cyber Party's platform that focuses on Privacy, Freedom and Technology
Arrest of Chinese Hackers Not a First for U.S.(KrebsOnSecurity) The Washington Post reported last week that the Chinese government has quietly arrested a handful of hackers at the urging of the U.S. government, a move described as "an unprecedented step to defuse tensions with Washington at a time when the Obama administration has threatened economic sanctions"
U.K. Politicians' Comms Not Exempt From Spy Agency Dragnets, Says Tribunal(TechCrunch) If this latest ruling by the judicial body that oversees complaints relating to the U.K's intelligence agencies doesn't ratchet up political pressure for reform of mass surveillance powers in the U.K. then surely little else will — given it pertains to the sanctity of politicians' communications
A New Way for Tech Firms to Fight Orders to Unlock Devices(Wired) Although the federal government recently backed down on its efforts to compel tech companies to install backdoors on their electronic devices, it doesn't mean the government has given up on getting access to protected phones and other devices
SECURITY: Clinton server's software had hacking risk(Press Enterprise) The private email server running in Hillary Rodham Clinton's home basement when she was secretary of state was connected to the Internet in ways that made it more vulnerable to hackers, according to data and documents reviewed by The Associated Press
Matthew Keys' Hacking Conviction May Not Survive an Appeal(Wired) The conviction of former Reuters employee Matthew Keys on hacking charges this week has renewed focus on a controversial federal law that many say prosecutors are using incorrectly and too broadly to inflate cases and trump up charges
Hacker Who Sent Me Heroin Faces Charges in U.S.(KrebsOnSecurity) A Ukrainian hacker who once hatched a plot to have heroin sent to my Virginia home and then alert police when the drugs arrived had his first appearance in a U.S. court today, after being extradited to the United States to face multiple cybercrime charges
Idaho Cyber Security Task Force begins work to stop cyber criminals(Standard Journal) Our United States military is trained and ready to defend our borders, our local police force is trained and ready to protect our communities. So who is trained and ready to protect our information — in computer servers and floating around in what is known as the cloud?
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Liability Summit(New York, New York, USA, October 21, 2015) Attendees of the CLM Cyber Liability Summit will come away with a full understanding of the risks, exposures, development of claim activity and trends in the areas specific to Data and Network Security,...
Münchner Cyber Dialog(München, Bayern, Germany, October 21, 2015) Die Konferenz stellt eine Dialogplattform zwischen Politik, Wirtschaft, Wissenschaft und Verwaltung dar, um die gesamtgesellschaftlichen Chancen und Risiken des Digitalisierungsprozesses zu erörtern.
BSides Tampa 2016(MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
ICCWS 2016(Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
ASIS 15th European Security Conference & Exhibition(London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world
The Security Culture Conference 2016(Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...
New York Metro Joint Cyber Security Conference(New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters
NASA Goddard Cyber Expo(Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to...
BSides Portland(Portland, Oregon, USA, October 16 - 17, 2015) BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal...
SecTor(Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...
Cyber Defense San Diego 2015(San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for...
2015 Cyber Risk Insights Conference(New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20,...
2015 Government Cybersecurity Forum(Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate,...
Cyber Security Summit: Boston(Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...
Swiss Cyber Storm(KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The...
DevSecCon(London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the...
2015 North American International Cyber Summit(Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight...
ICS Cyber Security Week(Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...
Cyber Awareness & Technology Days(Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...
Designing Secure Healthcare Systems(Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...
Cloud Security Alliance Summit NYC 2015(New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...
Data Breach Summit Asia 2015(Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...
Technology & Cyber Awareness Day(Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...
CyberMaryland 2015(Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015(Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...
Hackito Ergo Sum(Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.