The Diplomat has an interesting piece on allegations that Chinese intelligence services hacked the international court that's adjudicating South China Sea territorial claims. The author notes, in a reflective contrarian way, that attribution may not be as difficult as "myth" would have it, and that one can anticipate state attacks with relatively high confidence. (And warns that among the things to anticipate in this case is a patriotic cyber riot out of China.)
The North Antrim teenager arrested in connection with the TalkTalk hack is out on bail as the Metropolitan Police continue their investigation. There may be other arrests, but observers note that the attack TalkTalk sustained combined distributed denial-of-service and SQL injection — neither difficult to mount (nor terribly difficult, others add, to parry).
US Director of Central Intelligence Brennan says, with justice, that the successful attack on his personal email account simply illustrates how universal the risk is.
Several ongoing cyber crimes troll for victims using bogus receipts (a spoofed IKEA receipt is proving a Dridex vector), fax notifications, etc. Criminals also continue using major events (like the World Series) as phishbait. Attractive targets to them are unpatched or seldom-used (and often-overlooked) systems.
In industry news, uptake of cyber insurance has roughly tripled over the last year. Intel buys Saffron as an IoT play, and analysts give good reviews to Cisco's purchase of Lancope.
Cyber information-sharing legislation advances in the US Senate, to predictably mixed reviews, some complaining of new potential for surveillance, others hailing better collaborative defense.
Today's issue includes events affecting China, Netherlands, Philippines, Russia, United States.
Our coverage of CyberMaryland 2015 will continue tomorrow and Friday.
Dateline CyberMaryland 2015
CyberMaryland 2015: Collaborate, Educate, Innovate(National Cyber Security Hall of Fame and the Federal Business Council) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations
Cyber Moves from the Server Room to the Board Room(The CyberWire) The CyberWire spoke with the Federal Business Council's David Powell who's co-chair of the CyberMaryland conference. We asked him for a look at what we might expect of this year's conference, opening today in Baltimore. He ranged over technological innovation, cyber security as an ecosystem, the proper subsidiarity with which communities in that ecosystem flourish, and, above all, development of a strong, well-trained cyber labor force. Here's what he had to say
Venture funding in focus at CyberMaryland 2015(Daily Record) The CyberMaryland Conference scheduled for Oct. 28-29 at the Baltimore Convention Center will host two sessions focused on securing venture funding for startup and late stage cyber security companies
Hexis Cyber Solutions to Attend the Upcoming CyberMaryland 2015 Conference(Nasdaq) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, will be participating in this year's annual CyberMaryland Conference 2015, taking place on Wednesday, October 28 and Thursday, October 29 at the Baltimore Convention Center
Less TalkTalk, more ActionAction(MicroScope) As the 15-year old alleged to have been behind the attack on TalkTalk is released on bail, MicroScope picks through the debris left in the wake of the hacking scandal
Fax notification email aims to infect your PC(Hot for Security) Computer users have often been warned to be wary of opening unsolicited email attachments because of the risk of malware infection, and yet many continue to be infected via precisely this method
Neither Snow Nor Rain Nor MITM…An Empirical Analysis of Email Delivery Security(IMC'15) The SMTP protocol is responsible for carrying some of users' most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC
Cybercriminals Look for a World Series Home Run(Infosecurity Magazine) Will you be watching the World Series this week, as the Kansas City Royals take on the New York Mets in what many see as a match-up for the ages? Cyber-criminals sure hope so, and plan on scoring big off unsuspecting victims
Security Patches, Mitigations, and Software Updates
Security update available for Adobe Shockwave Player(Adobe Security Bulletin) Adobe has released a security update for Adobe Shockwave Player. This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system
Cybersecurity Then and Now: Perspectives from DHS Cyber Trailblazer John Felker(In Homeland Security) Leading cybersecurity expert John Felker is at the national forefront of raising public awareness to address the escalating cyber threats and mitigate the damage they pose to countless organizations and citizens worldwide. Felker honed his expertise over decades of leading the U.S. Coast Guard's strategic cyber program, building leadership coalitions, and developing critical intelligence and cybersecurity policy
What Will We Do About the Cybersecurity Pearl Harbor? (EnterpriseTech) When I first started to equate the massive and consequential breaches suffered during the recent past with multiple Pearl Harbors, a few people thought I was over dramatic and asked me to tone it down
Cyber insurance uptake nearly triples: Survey(Business Insurance) The number of companies buying cyber insurance has nearly tripled this year compared with last year, according to a boards of directors survey that was released Tuesday
Millennials and Cybersecurity Careers(Data Center Journal) Technology companies are increasingly prone to fishing for government assistance in producing potential employees with certain skills
Welcome Back Symantec(Forbes) It has been a long road but it appears that Symantec has finally re-focused on its core business of securing its customers
ARM Rebranded As Credence Security(Zaywa) ARM, the leading speciality distributor of cyber security and digital forensics solutions, announced yesterday that effective immediately, it will be rebranded as Credence Security
Infoblox Bolsters Its DNS Protection System(LightReading) Infoblox Inc. (NYSE:BLOX), the network control company, today announced enhancements to its carrier-grade DNS solution portfolio to block more types of attacks against service providers and deliver a better subscriber experience
Thycotic Offers Organizations Free Privileged Password Security Policy Template(Virtual Strategy Magazine) Thycotic, a provider of privileged account management solutions for over three thousand organizations world-wide, announced today that it has released a free privileged password security policy template for any organization seeking to implement an official privileged account management policy
CompTIA Gets NIST Research Grant for Cyber Jobs Heat Map(ExecutiveGov) The National Institute of Standards and Technology has awarded the Computing Technology Industry Association a three-year grant to perform research and develop a tool that will help visualize the supply and demand of cybersecurity jobs in the country
Legislation, Policy, and Regulation
Is better defense the answer to the China cyber threat?(C4I@R & Networks) While the U.S. and China in September reached a "common understanding" to stem China's ongoing cyber theft of U.S. intellectual property, the deal focused on economic interests — and left unaddressed the onslaught of attacks on the government, many of which are attributed to China
An American strategy for the Internet(American Enterprise Institute) As the Senate finally prepares to vote on the Cybersecurity Information Sharing Act (CISA) legislation, it is important to keep in mind that CISA alone will not solve our problems with respect to cyberspace
Cyber info sharing bill passes Senate, heads to conference(Federal Times) After working through the last remaining amendments up for consideration, the Senate voted 74-21 to pass the Cybersecurity Information Sharing Act (CISA) on Oct. 27, moving forward on the biggest piece of cybersecurity legislation to reach the floor this year
Facebook accused of 'secretly lobbying' for cyber bill(The Hill) Facebook is "secretly lobbying" for a major cyber bill set for a final Senate vote Tuesday despite growing opposition to the bill among tech companies, according to a digital rights advocacy group fighting against the measure
How can we decide on surveillance and privacy when we can't see the whole picture?(Help Net Security) "The surveillance of communications faces a legitimization crisis," says James Losey, a fellow with the Open Technology Institute, the technology program of the New America Foundation, and currently a PhD candidate with the School of International Studies and the Department of Media Studies at Stockholm University in Sweden
2016 Presidential Candidate Security Investigation(Infosec Institute) InfoSec Institute has assessed the security posture of 16 of the presidential candidates' websites. This is an indicator of the level of security awareness the candidate and the campaign staff has
How Fintech Can Win On Financial Crime(TechCrunch) Juan Zarate, a former Treasury official and now adviser to Coinbase, writes in his book Treasury's War that "financial warfare…has started to form a central part of international security strategies." By understanding the financial networks underpinning drug cartels, terrorist organizations and rogue nations, U.S. law enforcement and the Treasury Department have been able to pursue more sophisticated strategies aimed at disrupting them
Venezuela Accuses Website of Cyberterrorism(Courthouse News Service) Venezuela's central bank claims a website run by exiles is committing cyberterrorism by reporting a fraudulent bolivar-to-dollar exchange rate to destabilize the country's economy
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ICS Cyber Security Week(Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...
Cyber Awareness & Technology Days(Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...
Designing Secure Healthcare Systems(Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...
Technology & Cyber Awareness Day(Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...
Cloud Security Alliance Summit NYC 2015(New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...
Data Breach Summit Asia 2015(Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...
CyberMaryland 2015(Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015(Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...
Hackito Ergo Sum(Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...
Inside Data Science 2015(Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and...
NICE 2015 Conference and Expo(San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...
SINET Showcase 2015: "Highlighting and Advancing Innovation"(Washington, DC, USA, November 3 - 4, 2015) SINET Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators...
4th International Internet-of-Things Expo(Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.