The Director of the US NSA describes recent intrusions into unclassified Pentagon networks as "sophisticated" and "persistent," but also as successfully contained. Russian intelligence services are the usual suspects; observers fret that the incident represents a mild opening gambit in a soon-to-become more serious cyber conflict.
Speaking of Russia, Turla is back, and found exploiting satellite Internet connections for an affordable command-and-control network.
South Korean media outlets are afflicted with variants of the Shadow Force backdoor.
The financial sector receives the unwelcome ministrations of cyber criminal groups with quite different approaches. "DD4BC" continues its Bitcoin extortion of financial institutions, threatening denial-of-service against those who fail to pay up. The familiar Anunak/Carbanak threat group revisits banks and casinos with an evolved set of tools.
Android ransomware, resident within a malicious "adult" app, takes a user's picture and displays it in the ransom demand. The Android.Trojan.MKero.A makes a comeback, subscribing victims to unwanted premium SMS services. Bitdefender notes that the malware puts human criminals into the loop, thereby bypassing security features like CAPTCHA designed to weed out bots.
WhatsApp quickly patches vulnerabilities outside researchers found in WhatsApp Web.
Yesterday, of course, was also Microsoft's Patch Tuesday, with five "critical" and seven "important" vulnerabilities addressed.
Not-for-profits recognize fundraisers' vulnerability to cyber attack.
FireEye looks increasingly to the US Federal market as a font of profitability.
As sanctions remain under consideration, the US Justice Department is rumored to be preparing indictments of Chinese cyber operators.
John McAfee announces his candidacy for the US Presidency.
Today's issue includes events affecting China, France, Germany, Iran, Israel, Republic of Korea, Russia, United States.
Tomorrow we'll be covering two events: the second annual Senior Executive Cyber Security Conference at the Johns Hopkins University in Baltimore, and GovConnect's Cyber 6.0 in Howard County, Maryland. Watch for live tweets tomorrow and full conference reports soon thereafter.
Russian Spy Gang Hijacks Satellite Links to Steal Data(Wired) If you're a state-sponsored hacker siphoning data from targeted computers, the last thing you want is for someone to locate your command-and-control server and shut it down, halting your ability to communicate with infected machines and steal data
Turla APT Group Abusing Satellite Internet Links(Threatpost) Poorly secured satellite-based Internet links are being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, researchers at Kaspersky Lab said today
Security update available for Adobe Shockwave Player(Adobe Security Bulletin) Adobe has released a security update for Adobe Shockwave Player. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Cloud Security Alliance touts data breach sharing scheme(Whatech) The US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks
6 ways to become more resilient to cyber-security threats(CGMA Magazine) Large banks have fairly strong cyber-security controls in place, but cyber-criminals are changing their strategy and the financial sector remains difficult to secure against cyber-attacks, according to a special report by Thomson Reuters' risk management business
The Cost of Malware Containment(Information Security Buzz) The volume and severity of threats is increasing every year, which means that it's more important than ever to detect active infections swiftly
A Tricky Path to Quantum-Safe Encryption(Quanta Magazine) In the drive to safeguard data from future quantum computers, cryptographers have stumbled upon a thin red line between security and efficiency
U.S. Cyber Command Chief Details Plans to Meet Cyberspace Threats(DoD News) The commander of U.S. Cyber Command has stressed the need for the command to integrate its capabilities into all aspects of the national security effort, and today Navy Adm. Michael S. Rogers released the Cybercom vision statement, describing how the command will do just that
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
MeriTalk: Cyber Security Brainstorm(Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section,...
2015 Government Cybersecurity Forum(Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate,...
Data Breach Summit Asia 2015(Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...
2nd Annual Journal of Law and Cyber Warfare Conference(New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber...
FedCyber 2015(Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who...
SIN 2015(Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.
NSPW (New Security Paradigms Workshop)(Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...
Global Cyberspace Cooperation Summit VI(New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...
Intelligence and National Security Summit(Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...
Cybersecurity Innovation Forum(Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...
[New Date] Cyber 6.0(Laurel, Maryland, USA, September 10, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
2nd Annual Senior Executive Cyber Security Conference(Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
BSides Augusta 2015(Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.