The curtain parts a bit on the implausibly deniable Russian espionage operation "Pawn Storm." It apparently established rogue VPN and SFTP servers to monitor Netherlands Safety Board employees investigating the crash of MH17, the Malaysian 777 shot down over Eastern Ukraine in July of last year. The airliner is widely thought to have been destroyed by nominal separatists operating under Russian military direction. (Russian authorities deny the charge.)
Wikileaks' DCI document dump continues to strike observers as pointless (and the CIA as illegal): NBC News, for example, describes the material as "neither classified nor revelatory." The "Crackas with Attitude" who claimed responsibility for the socially engineered caper remain at large, for now...straight outta...Nutley? Ronkonkoma?
TalkTalk suffers a breach which the major UK telecom calls "significant, and may affect several million customers. An Islamist group based in Russia claims credit, but it's early for attribution. Much of the material compromised may have been unencrypted.
More British online retailers join Aria in facing denial-of-service disruptions. Aria's offer of a reward for action against the extortionists prompts much discussion. Some observers remind the community that there are well-understood mitigations for DDoS attacks.
A major malvertising campaign is targeting German users of popular services including eBay and T-Online.
Joomla patches an SQLi flaw. Users find issues in recent Apple upgrades of El Capitan (Office for Mac problems) and Google's "tweaks" to Google App Engine for Java (sandbox escapes).
China moves to consolidate its cyber organizations as it negotiates a cyber deal with the UK.
Today's issue includes events affecting China, Iraq, Netherlands, Russia, Syria, United Kingdom, United States.
We'll be covering CyberMaryland next week. Watch for special issues devoted to the conference and some of the other events planned for Baltimore next week, including the induction of the National Cyber Security Hall of Fame's class of 2015.
Can bounty hunters stop the DDoS gangs?(SC Magazine) Is the idea of putting a cash bounty on hackers an effective way to disrupt or stop DDoS attacks, or a vigilante action that takes time and money from the business of protecting networks?
Think twice about Android root(Help Net Security) In recent years the practice of Android rooting, that is the process of allowing an Android phone or tablet to bypass restrictions set by carriers, operating systems or hardware manufacturers, has become increasingly popular
Nuclear, grid regulators compare notes on cyberdefense(E&E News) Regulators of the nation's nuclear plants and high-voltage power lines met yesterday for a top-level review of threats and hurdles each faces from cyberattacks, natural disasters and the grid's disruptive transitions
High Severity Flaws Found in iniNet ICS Software(SecurityWeek) Swiss-based visualization and automation solutions provider iniNet Solutions GmbH has released updates to address several vulnerabilities identified by Positive Technologies researchers in some of the company's products
Tech-savvy users are actually the worst offenders(Help Net Security) Even as businesses and the federal government have made cybersecurity a high priority, 93% of office workers engage in some form of unsafe online habits that could jeopardise their employer or their customers, according to Intermedia
The Scary Truth About Data Breach Fatigue: It's Here to Stay(Credit.com) Increasingly, in the aftermath of a big news data security item — whether it takes the form of a high-profile mega breach (think: Office of Personnel Management, Anthem, Sony Pictures, Home Depot, Target) or a low-tech data grab — an odd phenomenon happens
DARPA sets its sights on image manipulation(Naked Security) Thank goodness TMZ revealed that the Hollywood Life UNTOUCHED AND PRE-PHOTOSHOP images of Kim Kardashian's butt-baring photo from Paper magazine last year were fake
Britain's Former Spy Chief Talks Terrorism, Mass Surveillance(Here and Now) Sir John Sawers led MI6, the United Kingdom's government intelligence agency from 2009 to 2014. Now chairman of Macro Advisory Partners, Britain's former top spy talks with Here & Now's Jeremy Hobson about terrorism, mass surveillance and geopolitics
Controversial cyber security bill advances in Senate(Reuters via Business Insurance) A long-delayed bill that would make it easier for corporations to share information about cyber attacks with each other or the government without fear of lawsuits advanced in the U.S. Senate with strong support from members of both parties on Thursday
A 'Cyber Party' with John McAfee and the White House Cybersecurity Czar(New America) For October's National Cybersecurity Awareness Month, The Cybersecurity Podcast team is bringing you an hour-long special episode featuring White House Cybersecurity Coordinator Michael Daniel, and John McAfee, the security pioneer who just founded his own political party — the Cyber Party — and is running for President of the United States
FBI director dodges questions about Clinton's email(Washington Examiner) Federal Bureau of Investigation Director James Comey appeared before a House Judiciary Committee Thursday morning, but refused to answer questions pertaining to the FBI's investigation into Hillary Clinton's use of a private email server
FBI's Advice on Cryptolocker? Just Pay The Ransom.(Security Ledger) The nation's top law enforcement agency is warning companies that they may not be able to get their data back from cyber criminals who use Cryptolocker and other malware without paying a ransom
Should C-level execs face prison for data breaches?(IT Pro Portal) As data theft disclosures hit the headlines in 2015, organisations' dependence on security professionals and senior managers to protect their networks and business critical data has come under serious scrutiny
New charge in Minnesota Islamic State case(KIMT) Five Minnesota men accused of plotting to join the Islamic State group are charged with a new count of conspiracy to commit murder outside the United States, according to a superseding indictment filed Wednesday that offers new details about steps the men took as they allegedly planned to get to Syria
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybersecurity, the SEC and Compliance(New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity...
Cyber Defense San Diego 2015(San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for...
Ruxcon 2015(Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...
2015 North American International Cyber Summit(Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight...
ICS Cyber Security Week(Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...
Cyber Awareness & Technology Days(Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...
Designing Secure Healthcare Systems(Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...
Technology & Cyber Awareness Day(Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...
Cloud Security Alliance Summit NYC 2015(New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...
Data Breach Summit Asia 2015(Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...
CyberMaryland 2015(Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015(Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...
Hackito Ergo Sum(Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.