Reports from the UK suggest some ISIS hacking of Government emails. (Meanwhile online jihadism keeps itself roiled by the usual cross currents of atrocity-inspiration, calls for unity against a growing array of infidels, and inside-baseball squabbles over competition for leadership authenticity.)
Damballa does some work on Corebot and finds traces of its take on criminal markets.
Effects of the Excellus breach may extend to other insurance providers. (Ziften tells us the breach is "just the latest example of how hackers are able to avoid detection and go unnoticed within a network for long periods of time.")
Those TSA-approved locks familiar to US air travelers? Pictures of masters published online have enabled 3D printing of keys.
Researchers agree Ashley Madison's security was problematic; how problematic remains up for debate (still, pretty problematic). Cracked passwords show poignant evidence of bad consciences.
More observers see a return of marque and reprisal to cyberspace, 150 years after they vanished from the high seas.
Enterprises and insurers see an escalation of cyber exposure and look for tools to assess and transfer it. Some policymakers look to the insurance sector to drive standards of care. Insurance agents are told not to be shy in presenting cyber policies.
Investors look at start-ups, watch for Palantir's IPO, and assess the sector's current high-fliers (like Palo Alto).
The US and China continue to look for a modus vivendi in cyberspace, with the US insisting on distinguishing traditional espionage from industrial for-profit spying.
Class-action breach suits are the new normal.
Today's issue includes events affecting Argentina, Brazil, China, Cyprus, European Union, Germany, India, Iran, Iraq, Ireland, Israel, Democratic Peoples Republic of Korea, Mexico, Netherlands, Pakistan, Romania, Russia, Spain, Syria, Taiwan, Ukraine, United Kingdom, United States.
This week the CyberWire will cover two events. We'll be at Borderless Cyber (organized by OASIS and the World Bank) tomorrow and Wednesday, and covering the Sixth Annual Billington Cybersecurity Summit on Thursday. We'll be live-tweeting from both events, with full coverage published in the CyberWire as the week progresses.
Cyber Attacks, Threats, and Vulnerabilities
Cabinet ministers' email hacked by Isil spies(Telegraph) Intelligence agency investigation discovers extremists linked to the Islamic State of Iraq and the Levant (Isil) have been targeting information held by some of David Cameron's most senior ministers
Stolen information using Corebot sold on Btcshop.cc?(Damballa: Day Before Zero Blog) We have been investigating several domains registered using the email address drake.lampado777@gmail[dot]com. IBM Security X-Force spotted the information-stealing malware named Corebot
Nearly 80,000 college students affected by data breach(Fox News) A data breach of a White House-recommended vendor compromised the personal information of nearly 80,000 California college students who had signed up for a mandatory online sex violence prevention course, officials revealed Tuesday
Even the FBI is worried about Internet of Things security(Network World) Amidst all the excitement about the possible benefits of the Internet of Things, a slew of warnings have been sounded by IT pros, vendors and analysts about looming security threats. Now you can add the FBI to that list of those cautioning enthusiasts
Valasek: Today's Furby Bug is Tomorrow's SCADA Vulnerability(Threatpost) Chris Valasek and Charlie Miller's car hacking research put a crunching reality on Internet of Things security, moving it beyond almost clichéd discussions of smart refrigerators leaking inconsequential data, to hackers remotely manipulating car brakes
Now is the right time for agents to talk cyber insurance(Insurance and Financial Advisor) Target, Michaels, eBay, JPMorgan Chase, the New York Times, Google, Anthem, the U.S. Government… The list of high profile data breaches grows longer each day, and doesn't include the countless number of small businesses that have their data compromised in attacks we may never hear about
Too much emphasis on threat intelligence sharing, Gula says(TechTarget) There's a lot of present-day talk about threat intelligence sharing and a lot of companies are introducing dozens of threat intelligence services, but there's too much emphasis on this side of the coin, according to Ron Gula, CEO of Tenable Security
The cost of EMV compliance(Help Net Security) Credit card companies are making the final call for US merchants to switch over to EMV chip technology in anticipation of the looming deadline
DHS awards $11M to set cyber-sharing standards(The Hill) The Department of Homeland Security on Thursday awarded an $11 million grant to the University of Texas at San Antonio to serve as the standards-setting body for new cyber information-sharing groups
Cadets get cyber training(Air Force Times) Cyber skills are an increasing part of the Air Force Academy's curriculum, said Superintendent Lt. Gen. Michelle Johnson
Legislation, Policy, and Regulation
China, US gradually move to manage cyber dispute(China Daily) While cybersecurity has been a thorny issue between China and the United States in the last few years, there are signs in the past days that both sides do not want it to spill into the overall bilateral relationship and impact negatively on the upcoming state visit to the US by President Xi Jinping
Tipping point imminent for cyber sharing legislation(Federal News Radio) A "tipping point" is coming regarding the need for legislation that will let the government and industry share information on cyber attacks, said House Intelligence Committee chairman Devin Nunes
Where Next for Government Cybersecurity?(Emergency Management) On the 14th anniversary of 9/11/01, there are plenty of reasons to be thankful regarding public safety in America. And yet, there is also a growing list of cyber threats that are grabbing news headlines. We talked with Dr. Andy Ozment, the U.S. Department of Homeland Security (DHS) Assistant Secretary, who is the new point person for the National Cybersecurity and Communications Integration Center (NCCIC)
Installation of Tor Relay in Library Attracts DHS Attention(Threatpost) The Tor Project recently started a program to help libraries install Tor relays as a way to protect the privacy of patrons and other Internet users. The program didn't get too far, however, as the first library to install a relay had to turn it off after town police officials were contacted by Department of Homeland Security agents
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
Gulf Cooperation Council Cyber Security Summit(Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.
Hacker Halted 2015(Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...
EnergySec 11th Annual Security & Compliance Summit(Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...
Fraud Summit San Francisco(San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...
Borderless Cyber 2015(Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices...
Detroit Secure World(Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Cyber Security Summit: New York(New York, New York, USA, September 17, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...
6th Annual Billington Cybersecurity Summit(Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this...
Hacker Halted(Atlanta, Georgia, USA, September 17 - 18, 2015) Hacker Halted is a global series of computer and information security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased...
Cyber Security Summit: New York(New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates...
Data Breach Investigation Summit(Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...
St. Louis SecureWorld 2015(St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
OWASP APPSECUSA(San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
MeriTalk: Cyber Security Brainstorm(Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.