US authorities note with displeasure that Russian ships are positioned near, and displaying an interest in, undersea cables. Cutting or tapping such cables goes back a century, but the current economic prominence of rapid data exchange over such cables makes the prospect of interfering with them more worrisome than ever.
Observers continue to note ISIS pre-eminence in information operations over opponents who simply don't get the blended appeal of transcendence and nihilism.
The TalkTalk hack (and "TalkTalk" has joined "Target," "Sony," "Ashley Madison," and "OPM" as a name now shorthand for a breach) has become the biggest current story in cyber. The original preliminary attribution of the attack to a "Russian Islamist organization" (conflating two of cyberspace's bigger bugbears) convinces few: the attack seems now to have been a straight-up criminal caper. A number of groups have claimed responsibility for the attack, and TalkTalk has received a ransom demand from one of them. The asking price seems oddly lowballed — just £80 thousand, payable in Bitcoin — but there are signs that some criminals are preparing to offer stolen data on the AlphaBay black market.
TalkTalk thinks damage to its 4 million customers may be less severe than feared, but the company's facing criticism for both security practices and breach response. The episode has prompted calls for closer government regulation; such calls are unlikely to remain confined to the UK.
Speaking of Ashley Madison, reports surface of an ongoing breach-related extortion campaign.
South Korea's actively recruiting white hats to its cyber forces.
Today's issue includes events affecting Australia, Austria, European Union, Germany, Hungary, Iran, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Switzerland, Syria, United Kingdom, United States.
The CyberWire will be covering both CyberMaryland and the National Cyber Security Hall of Fame's induction ceremonies this week. Watch for special issues beginning Wednesday.
Cyber Attacks, Threats, and Vulnerabilities
The Real Power of ISIS(Daily Beast) The West has failed utterly to understand the appeal of the ISIS narrative, much less to develop effective counter narratives
Russian Ships Near Data Cables Are Too Close for U.S. Comfort(New York Times) Russian submarines and spy ships are aggressively operating near the vital undersea cables that carry almost all global Internet communications, raising concerns among some American military and intelligence officials that the Russians might be planning to attack those lines in times of tension or conflict
TalkTalk Hackers Demanded £80K in Bitcoin(KrebsOnSecurity) TalkTalk, a British phone and broadband provider with more than four million customers, disclosed Friday that intruders had hacked its Web site and may have stolen personal and financial data
TalkTalk hires BAE Systems to investigate cyber attack(Reuters) British broadband provider TalkTalk said on Sunday it had hired defense company BAE Systems to investigate a cyber attack that may have led to the theft of personal data from its more than 4 million customers
New ransomware delivered via Windows Remote Desktop Services(Help Net Security) A new type of ransomware — dubbed LowLevel04 — is hitting users in Greece and Bulgaria. It is apparently delivered on the affected computers manually by the attackers, via Windows' built-in Remote Desktop Services (RDS) or Terminal Services
Serious Flaws Found in Janitza Power Analyzers(SecurityWeek) Researchers have uncovered several vulnerabilities in power quality measurement products from Janitza Electronics, a Germany-based company that specializes in the development of energy efficiency systems
That Little USB of Horrors(Digital Guardian) Beware USBs promising a quick recharge of your mobile device; they might also be leeching data as well
City computer hacking was just a test(Las Vegas Review-Journal) On the morning of Aug. 13, armed men disguised as janitors strolled into Las Vegas City Hall, made their way to the city's data center and started hacking into computer servers
Why IoT Security Is So Critical(TechCrunch) Twenty years ago, if you told me my phone could be used to steal the password to my email account or to take a copy of my fingerprint data, I would've laughed at you and said you watch too much James Bond
As more devices go online, hackers hunt for vulnerabilities(Baltimore Sun) The hack was simple. Terry Dunlap tapped out a few commands on his laptop and within seconds a message popped on the screen: "Done!" With a few more keystrokes, he could see what the security camera could see and swivel it at will
Five Ways Shadow IT in the cloud hurts your enterprise(Network World) According to the Skyhigh Networks Cloud Adoption & Risk Report Q2 2015, the average enterprise now uses 1,083 cloud services. That astounding figure is almost 50% higher than this time last year, and up 100% from two years ago
The Dark Web for Dummies, Part Two: Why the Dark Web Matters(ZeroFOX) In our last installment we learned about the dark web and where it came from. If you missed it, you can catch it here. In short, the dark web, as most people know it in the form of The Onion Router (or TOR), was created by the United States government as a way to help people connect to the internet anonymously
Why Corporate Boards Are Picking Women to Fill Cybersecurity Posts(Bloomberg Business) Earlier this year, American International Group Inc. added Linda Mills to its board, attracted partly by her expertise in cybersecurity. In February, Wells Fargo & Co. selected Suzanne Vautrinot for its board for similar reasons. Before that, Walgreens Boots Alliance Inc. picked Janice Babiak
Yahoo Hires Bob Lord as its CISO(Threatpost) Yahoo has filled the vacancy in its CISO office, today announcing the hiring of former Twitter and Rapid7 security executive Bob Lord
Products, Services, and Solutions
Government Acquisitions, Inc. Launches New Hyperconverged Analytics Platform Solution(Government Acquisitions) Government Acquisitions, Inc. (GAI), a leading Federal Information Technology (IT) solutions provider and small business, today announced the launch of their Hyper Converged Analytics Platform (HyperCAP) — an end-to-end data analytics solution. Integrated and optimized with best-of-breed commercial-off-the-shelf (COTS) technologies from Dell, Palo Alto Networks, Nutanix, and Splunk Inc., the HyperCAP solution enables Federal agencies to harness powerful analytics for IT and security operations
Dell extends end-to-end security offerings(ChannelWorld) Dell announced a new, full range of security solutions that enable customers to implement a comprehensive enterprise security strategy to protect their organization from evolving threats while strengthening business agility
NSA's Divorce from ECC Causing Crypto Hand-Wringing(Threatpost) The National Security Agency has long cuddled up to Elliptic Curve Cryptography, swaying standards bodies away from RSA crypto and toward ECC in the late 1990s, as well as recommending it as a strong enough solution for sensitive government agencies to use in guarding their biggest secrets
NSF grantees conclude phase one of insider threat research project(FierceGovernmentIT) Cybersecurity experts from State University of New York at Buffalo and University of Texas at Arlington have concluded the first phase of research around insider threat protection under an almost $500,000 grant from the National Science Foundation
CMU Partners with NSA Day of Cyber Program(Carnegie Mellon University News) Not much is known about a typical day at the National Security Agency (NSA), but a new initiative aims to provide U.S. middle school, high school and college students with an inside look
Schools Learn Lessons From Security Breaches(Education Week) When an employee of the Provo, Utah, school district mistakenly clicked on a phishing link in an email last year, the private data of about 500 employees were put at risk
Four things to know about new net neutrality rules(Help Net Security) Net neutrality is crucial to the future development of the Internet. It is the principle that all online traffic should be treated equally, regardless of the type of content or platforms involved
Iran slams U.S. jailing of engineer for documents smuggling(Military Times) The Iranian government has criticized a U.S. court's decision to sentence an engineer with dual citizenship to more than eight years in prison for trying to send sensitive military documents to Iran, the official IRNA news agency reported Sunday
2015 North American International Cyber Summit(Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight...
ICS Cyber Security Week(Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...
Cyber Awareness & Technology Days(Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...
Designing Secure Healthcare Systems(Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...
Technology & Cyber Awareness Day(Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...
Cloud Security Alliance Summit NYC 2015(New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...
Data Breach Summit Asia 2015(Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...
CyberMaryland 2015(Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015(Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...
Hackito Ergo Sum(Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.