Another US healthcare insurance provider, Excellus BlueCross BlueShield, has been breached. The compromise was detected on August 5 and disclosed yesterday, but the attack occurred on December 23, 2013. 10.5 million members' personal and financial information were exposed. Excellus says that, so far, there's no evidence of fraud.
USA TODAY looks into public records and concludes that the US Energy Department was successfully attacked some 150 times between 2010 and 2014. Attribution and other details were redacted from the records the paper obtained, but observers point with concern toward threats to the power grid.
Zimperium has released Stagefright exploit code for security testing purposes.
Palo Alto describes the long-running persistence of Gh0st malware in ongoing attack campaigns.
Manufacturers and shippers turn, increasingly, to the Internet-of-things, and implementation appears to be outrunning security.
SecureAuth's Cox looks at his industry and calls for a cyber version of the Hippocratic Oath.
In industry news, US companies are looking closely at a proposed Defense Federal Acquisition Regulation rule on commercial item acquisition (DFARS Case 2013-D034), which some fear will effectively block commercial cyber companies from Government business. (And Senator McCain thinks the rule will kill SecDef Carter's outreach to Silicon Valley.)
Palo Alto beats estimates. Ironnet raises $25 million in funding.
The UN clarifies application of the laws of armed conflict to cyberspace (and does so by extending traditional precepts into the new domain).
As debate in the US kicks up over whether ISIS intelligence was massaged, India grapples with its anti-ISIS info policy.
Today's issue includes events affecting China, Germany, India, Iraq, Ireland, Syria, United Kingdom, United Nations, United States.
Today we're covering two events: the second annual Senior Executive Cyber Security Conference at the Johns Hopkins University in Baltimore, and GovConnect's Cyber 6.0 in Howard County, Maryland. Watch for live tweets throughout the day, and full conference reports tomorrow.
Defense Market Primed for M&A Activity(DefenseNews) While the defense industry is ripe for significant M&A activity, a combination of complicating factors, including the appreciation of the US dollar, makes valuation difficult, a panel of analysts told the audience at the ComDef 2015 conference
FireEye dispute with security researcher raises questions(IT World Canada) The question of whether software companies should pay bounties to people who discover bugs has been a sticky one. It has again been raised by a security researcher who is demanding a reward from network security vendor FireEye for his efforts
The Man Who Wants To Encrypt Everything(Forbes) The Los Angeles Police Department has its own Eye of Providence, a 20-foot-long flat-screen mosaic in a windowless downtown control room fed by dozens of info-streams
Research and Development
Making the 'Internet of Things' configuration more secure and easy-to-use(Phys.org) With an ever increasing number of everyday objects from our homes, workplaces and even from our wardrobes, getting connected to the Internet, known as the 'Internet of Things' (IoT), researchers from the University of Southampton have identified easy-to-use techniques to configure IoT objects, to make them more secure and hence help protect them from online attacks
Is Germany Building the Next NSA?(National Journal) Berlin is fast becoming a center for European digital-privacy experts. Next year, it will also become the home of Germany's top spy agency
Top spy bemoans loss of key information-gathering program(Washington Post) One of the disclosures based on documents leaked by Edward Snowden, the former National Security Agency contractor, prompted the shutdown of a key intelligence program in Afghanistan, the nation's top spy said Wednesday
The White House sprints to lock down data(Help Net Security) US government Chief Information Officer (CIO) Tony Scott has been working with federal agencies to complete 30-day "cyber sprints" to patch gaping holes in US Government security
Pennsylvania banking regulator creates Cybersecurity Task Force(Pennsylvania Business Daily) Pennsylvania Secretary of Banking and Securities Robin Wiessmann said Tuesday a Cybersecurity Task Force has been created to help financial services businesses address cybersecurity issues and oversee the state's financial marketplace security
Military Services Turn Blind Eye to Ashley Madison Customers(Military.com) Three weeks after U.S. troops were told they could face disciplinary action if their official email addresses were found among those hacked from the adultery website Ashley Madison, the services appear ready to drop the affair
SIN 2015(Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.
NSPW (New Security Paradigms Workshop)(Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...
Global Cyberspace Cooperation Summit VI(New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...
Intelligence and National Security Summit(Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...
Cybersecurity Innovation Forum(Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...
[New Date] Cyber 6.0(Laurel, Maryland, USA, September 10, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
2nd Annual Senior Executive Cyber Security Conference(Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives
BSides Augusta 2015(Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
Gulf Cooperation Council Cyber Security Summit(Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.
Hacker Halted 2015(Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...
EnergySec 11th Annual Security & Compliance Summit(Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...
Fraud Summit San Francisco(San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.