In apparent support of their military objectives in the Syrian Civil War, Iran deploys AndroRAT and DroidJack against regional Android users. Recorded Future has details.
Passcode reflects on the career of late ISIS operative Junaid Hussain. While widely called a "hacker," his coding skills were, Passcode notes, "mediocre." And that didn't matter at all — he was by all accounts a successful information operator, making a strong contribution to ISIS success at inspiring followers.
Those Americans who contrast ISIS's evident success with their own disappointing national record at information operations (surprising enough, given that the field's basically marketing in battledress) may take some comfort by seeing them done badly elsewhere. See, for example, a campaign out of China designed to drum up international approval of the PRC's new Five Year Plan: it's Woody Guthrie refracted through Scooby Doo. Complete with a hootenanny atop a VW van.
Aljazeera asks whether it's possible to disrupt the Internet by cutting undersea cables. The short answer is "yes," especially given that techniques for doing so have been well understood for a century. Russian naval vessels appear to be taking an interest in cables that many in the West find disquieting. Disruption isn't the only threat here — the US NSA notes the possibility of interception, data manipulation, and infrastructure attack.
British police arrest a 15-year-old for the TalkTalk hack as TalkTalk struggles to recover.
Dridex is definitely back, and active in France.
The US and EU move closer to restoration of some version of Safe Harbor.
Today's issue includes events affecting Australia, Bahrain, Brazil, China, Czech Republic, European Union, France, Germany, Iran, Iraq, Ireland, Republic of Korea, Kuwait, Oman, Qatar, Saudi Arabia, Singapore, Slovakia, Switzerland, Syria, United Arab Emirates, United Kingdom, United States.
The CyberWire will be covering both CyberMaryland and the National Cyber Security Hall of Fame's induction ceremonies this week. Watch for special issues this week, and live-tweeting from the conference.
Opinion: The shocking mediocrity of Islamic State 'hacker' Junaid Hussain(Christian Science Monitor Passcode) The Islamic State militant Junaid Hussain killed in a British drone strike displayed little technical knowhow. But even though an unskilled coder, he was more effective at spreading the militants' message over social media and ultimately proved to be an effective role model
Arrest re: TalkTalk investigation(Metropolitan Police) An arrest has been made in connection with the investigation into alleged data theft from the TalkTalk website
15-Year-Old Arrested For TalkTalk Attack(Dark Reading) U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO
TalkTalk breach: CEO dismisses encryption, 15-year-old arrested(TalkTalk breach: CEO dismisses encryption, 15-year-old arrested) There's been a lot of strange developments in the days since last week's cyberattack on UK telecom TalkTalk, in which an unknown number of customers may have had their personal data accessed
Hackers release info on Obama's national security transition team(Federal Times) The slow drip of information allegedly stolen from CIA Director John Brennan's personal email account continues to find its way onto WikiLeaks, with a list of personal information about 20 members of President Obama's transition team added to the leak in the most recent post on Oct. 26
Alleged Hacker Behind John Brennan Email Breach: 'I Don't Want To Go To Jail'(Motherboard) It's been five days since a group of teenage hackers only known as "Crackas With Attitude" (CWA) claimed to have broken into the email account of CIA Director John Brennan. The hackers initially boasted about their feat on Twitter, exposing some US intelligence members personal information, before getting their accounts suspended
U.S. military cyber security fails to make the grade(Netcraft) The United States Department of Defense is still issuing SHA-1 signed certificates for use by military agencies, despite this practice being banned by NIST for security reasons nearly two years ago
TrueCrypt Travails Continue(eSecurity Planet) Two serious bugs later, almost no one thinks it is a good idea to use TrueCrypt. But what are your options?
Valuing A Data Breach Victim(TechCrunch) In the relentless world of public breach reporting, there's a fixation on the number of accounts affected; the higher the number, the larger the impact. But from a victim's perspective, does it make a difference if your information was included in a breach alongside 10,000 or 50,000,000 others?
Why cybersecurity cannot be overlooked(Control Global) Effective cybersecurity requires ceaseless monitoring and evaluation of network data and traffic to identify and head off evolving intrusions and potential attacks, but improved tools are making it simpler and easier
IT admits obstacles to user mobility due to security concerns(Help Net Security) Organizations are challenged to meet demands for greater mobility as 92% of IT departments worldwide still restrict users from accessing sensitive corporate data and resources from mobile devices, according to a global survey of 900 IT decision makers by Gemalto
A Security Protocol for the Internet of Things(IBM Security Intelligence Blog) The Internet of Things (IoT) is growing by leaps and bounds every day. But as the IoT grows, so do the security vulnerabilities of the linked objects. A security protocol to protect IoT devices will always be needed
3 steps to prepare for next hack or breach(Federal News Radio) The daily headlines are no longer full of news on the Office of Personnel Management (OPM) breach, and agency executives across all levels of government want to keep it that way
Complex passwords not the key to securing data: IBM(SC Magazine) Companies that force employees to create complicated and hard to remember passwords are taking the wrong approach to ensure corporate security, according to a report by an IBM Security Intelligence researcher
WhatsApp collects phone numbers, call duration, and more!(Help Net Security) A recent network forensic examination of popular messaging service WhatsApp is offering new details on the data that can be collected from the app's network from its new calling feature: such as phone numbers and phone call duration, and highlights areas for future research and study
DHS banks on data repository for cyber insurance(FCW) The Department of Homeland Security got interested in encouraging a cybersecurity insurance market about four years ago after officials realized that "regulating our way out of cyber risk was probably not going to happen," said Tom Finan, a senior cybersecurity strategist and counsel at DHS
How Fintech Can Win On Financial Crime(TechCrunch) Juan Zarate, a former Treasury official and now adviser to Coinbase, writes in his book Treasury's War that "financial warfare…has started to form a central part of international security strategies." By understanding the financial networks underpinning drug cartels, terrorist organizations and rogue nations, U.S. law enforcement and the Treasury Department have been able to pursue more sophisticated strategies aimed at disrupting them
Venezuela Accuses Website of Cyberterrorism(Courthouse News Service) Venezuela's central bank claims a website run by exiles is committing cyberterrorism by reporting a fraudulent bolivar-to-dollar exchange rate to destabilize the country's economy
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ICS Cyber Security Week(Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...
Cyber Awareness & Technology Days(Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...
Designing Secure Healthcare Systems(Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...
Technology & Cyber Awareness Day(Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...
Cloud Security Alliance Summit NYC 2015(New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...
Data Breach Summit Asia 2015(Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...
CyberMaryland 2015(Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015(Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...
Hackito Ergo Sum(Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...
Inside Data Science 2015(Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and...
NICE 2015 Conference and Expo(San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.