For unclear (but probably nefarious) reasons, sockpuppets posing as recruiters on LinkedIn appear to be mapping infosec professionals' networks. Fox-IT raised the warning; F-Secure offers some analysis.
Malvertising on the British branch of Match.com is serving ransomware to the unwary.
An Android ransomware strain is now communicating over XMPP.
Bitdefender finds a cross-site-scripting vulnerability in PayPal.
ATM skimming hardware has become smaller, thinner, and harder to spot.
The trend among criminals to exploit compromised credentials and "live off the land" in enterprise networks accelerates.
Cisco patches a file overwrite issue in UCS Director and IMC Supervisor.
Richard Bejtlich reflects on Black Hat and discerns a new cyber security maxim: "If you can't protect it, don't collect it."
A Ponemon study looks at insider cyber risk and concludes that multitasking, long hours, and fatigue cause unintentional employee "negligence." (It seems, however, unfair to characterize a mistake made when worked to exhaustion as "negligence.")
Wassenaar, much execrated by the security industry, inflicts collateral damage even before delayed but long-feared US implementation takes effect: HP pulls its sponsorship from Pwn2Own for fear of crossing arms controllers. (Wassenaar's unpopular in India, too. Some think Canada got implementation about right.)
Security start-ups notice a new trend among venture capitalists: the VCs are asking about profits.
Among security start-ups themselves deception (of attackers, not VCs) is also trending.
The US prepares anti-hacking sanctions against Chinese companies, hoping attendant rancor dies down before the Obama-Xi summit.
Edward Snowden says Hillary Clinton's homebrew server damaged US national security.
Today's issue includes events affecting Australia, Canada, Cayman Islands, China, France, Germany, Iran, Israel, Russia, United Kingdom, United States.
the CyberWire staff will be taking Labor Day off. We'll be on hiatus Monday, but normal publication will resume Tuesday, September 8. And next Thursday we'll be covering the second annual Senior Executive Cyber Security Conference at the Johns Hopkins University in Baltimore.
Cyber Attacks, Threats, and Vulnerabilities
Fake recruiters on LinkedIn are targeting infosec pros(Help Net Security) "There's a group of fake recruiters on LinkedIn mapping infosec people's networks. Not sure what their goal is yet, just a heads-up to others," Yonathan Klijnsma, a threat intelligence analyst working at Dutch infosec firm Fox-IT, warned via his Twitter account
LinkedIn Sockpuppets Are Targeting Security Researchers(F-Secure Labsblog) Multiple LinkedIn accounts recently targeted numerous security specialists in an attempt to map their social graphs. Several of our researchers received these LinkedIn invitations themselves and Daavid from our Threat Intelligence team decided to investigate
PayPal stored XSS vulnerability exposed(Help Net Security) Bitdefender researchers have located a stored XSS vulnerability in PayPal that leaves the e-payment service open for hackers to upload maliciously crafted files, capable of performing attacks on registered users of the service
More ATM "Insert Skimmer" Innovations(KrebsOnSecurity) Most of us know to keep our guard up when withdrawing cash from an ATM and to look for any signs that the machine may have been tampered with
Cayman Islands — Phishing in the Caribbean?(Check & Secure) Banking in the Cayman Islands is curious to say the least… It comes as little surprise then to hear that the cyber criminals are chancing their arm, if recent phishing emails are to be believed
Google's Latest Chrome Update Emphasizes Speed And Lower Memory Usage(TechCrunch) Chrome started out as one of the least memory hungry browsers on the market, but over time, it developed a bit more of an appetite for RAM. Now, however, Google is starting to get back to basics and the latest Chrome release (version 45) focuses on making the browser faster and more efficient
New cybersecurity mantra: "If you can't protect it, don't collect it"(Brookings) In early August I attended my 11th Black Hat USA conference in sunny Las Vegas, Nevada. Black Hat is the somewhat more corporate sibling of the annual DEF CON hacker convention, which follows Black Hat. Since my first visit to both conferences in 2002, I've kept tabs on the themes expressed by computer security practitioners. This year I heard a new refrain: "If you can't protect it, don't collect it"
Children's apps and websites raise privacy concerns(Naked Security) Earlier this year the UK Information Commissioner's Office (ICO), along with 28 other data protection regulators from around the world, announced an investigation into how websites and apps — squarely aimed at children — were collecting and sharing personal information
The Kids Aren't Alright: Cyber Security and the 'Digital Natives'(Team Cymru) There seems to be two pervading extremes of opinion regarding youngsters growing up with technology. The first is that today's (and tomorrow's) children will consume code with their cornflakes, becoming an army of top-flight computer whizzes apparently by osmosis
Thailand at high risk for cyberattack(Bangkok Post) Thailand ranks ninth worldwide for web-based security threats, making it one of the most targeted countries by hackers, says Kaspersky Lab, a Moscow-based supplier of security software
The Wassenaar effect(Hindu Business Line) In December 2013, the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies extended its reach to the cyber world
Retail IoT Technology Spend to Hit $2.5 Billion by 2020(VAR Guy) By 2020, retailers will spend some $2.5 billion on Internet of Things (IoT)-related technologies such as Bluetooth-equipped beacons and radio frequency ID tags (RFID), about four times more than the $670 million expected to be spent this year
FireEye's Third Quarter Earnings Review(Seeking Alpha) Leading position and expanded product capabilities in the specialized advanced threat-detection analysis segment of the security market continue to drive organic growth
Scheitert Joe Kaeser an seinem eigenen Versprechen?(Die Welt) Siemens-Chef Joe Kaeser hat versprochen, den Rückstand auf den Erzrivalen General Electric aufzuholen. Zwei Jahre später regiert Ernüchterung, denn der Konzern hat jetzt mehr Probleme als vorher
Trustwave 'hiring like mad,' including in Canada, after acquisition(ITWorld Canada) The finalization this week of the US$810 million purchase of security vendor Trustwave by Asian provider Singtel Telecommunications means the Chicago-based company is on an expansion binge here as well as around the world to grow its managed security services
5 Growing Cyber-Security Epicenters Around the World(Entrepreneur) The recent hack of Ashley Madison reminds us just how vulnerable society is to cyber attacks. Big companies such as Target, Home Depot, Michaels, P.F. Chang's and JP Morgan fell victim to data breaches in 2014, and the attacks have continued this year
DoD's top secret smartphone expected in the fall(C4ISR & Networks) Government agencies have made significant strides in incorporating smartphones and tablets into their offices and missions, even at the Defense Department. But the caveat always has been that those devices could only be used for non-classified purposes. That's changing
IBM Lands Mobile Tech Security R&D Contract From DHS S&T(ExecutiveBiz) IBM's Thomas J. Watson Research Center has received a $1.3 million contract from the Department of Homeland Security's Science and Technology Directorate for research and development work on mobile technology security
Hands Off! NIST Helps Bring Contactless Fingerprint Technology to Market(NIST) Quickly moving through security checkpoints by showing your hand to a scanner seems straight out of science fiction, but the National Institute of Standards and Technology (NIST) is working with industry to bring fast, touchless fingerprint readers out of the lab and into the marketplace
China's Great Cannon: The Great Firewall's More Aggressive Partner(Dark Reading) Crowdstrike researchers Adam Kozy and Johannes Gilger visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders. It already hit Github, but it's poised to do so much more
Halvorsen wants to change economics of cyberspace(FCW) Defense Department CIO Terry Halvorsen on Sept. 2 called for industry help in changing the economics of cyberspace so that is more costly for hackers to inflict damage and cheaper for the Pentagon to defend itself
The Microsoft Warrant Case: A Response to Orin Kerr(Just Security) With less than a week before the Second Circuit considers the dispute between Microsoft and the government over emails stored in Ireland (an issue I have blogged about here, here, and here), I thought it worth responding to Orin Kerr's novel suggestions as to how to understand the case
Hillary Clinton, inner circle responsible for most classified emails(Washington Times) Nearly a third of the classified messages released so far from former Secretary of State Hillary Rodham Clinton's emails came from one man: Jake Sullivan, who served as her deputy chief of staff in the department, and is now the top foreign policy adviser to her presidential campaign
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SCADA Nexus 2015(Houston, Texas, USA, September 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton...
SIN 2015(Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.
NSPW (New Security Paradigms Workshop)(Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...
Global Cyberspace Cooperation Summit VI(New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...
Intelligence and National Security Summit(Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...
Cybersecurity Innovation Forum(Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...
[New Date] Cyber 6.0(Laurel, Maryland, USA, September 10, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
2nd Annual Senior Executive Cyber Security Conference(Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
BSides Augusta 2015(Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
Gulf Cooperation Council Cyber Security Summit(Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.
Hacker Halted 2015(Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...
EnergySec 11th Annual Security & Compliance Summit(Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...
Fraud Summit San Francisco(San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.