A US Government audit of the Department of Homeland Security finds deficiencies in that Department's network security, particularly in the Secret Service and Immigration and Customs Enforcement. The findings call out deficiencies in training and pernicious effects of budgetary constraints.
Trend Micro reports on "Operation Iron Tiger," a presumably Chinese government action that began by targeting the Asia-Pacific region, but has recently turned its attentions to North America.
More notes appear on the Corebot botnet malware: cleverly crafted and unpleasantly elusive.
Security firms warn again of the risk of backdoored routers.
Securi observes hackers abusing Google webmaster tools to cloak and prolong their malicious activity.
A flaw in an iOS library is reported to permit writing of arbitrary files by Airdrop.
The legal conflict between FireEye and ERNW is seen as exemplifying (and clarifying) two different approaches to disclosure.
In industry news, the Carlyle Group and the Chertoff Group take a majority position in Coalfire. CRGT and Salient finalize their merger. IBM reveals more details of its positioning for the Internet-of-things market.
Nine major investment banks announce their backing of a blockchain standards initiative.
Observers are disappointed by US failure to follow up (so far) on plans to sanction China for cyber espionage. This is seen as indicative of how problematic deterrence remains in cyberspace.
Proposed US Defense acquisition regulations continue to draw industry ire. Opponents of the proposed rule find a Congressional champion in Senator McCain.
Twitter "eavesdropping" algorithms attract a class action suit.
Banks' suit against Target proceeds.
Today's issue includes events affecting China, Denmark, New Zealand, Philippines, United Kingdom, United States.
We continue our coverage of Borderless Cyber (organized by OASIS and the World Bank). Watch for live-tweeting from the event, #BorderlessCyber. Tomorrow we move on to the Sixth Annual Billington Cybersecurity Summit. Full coverage of the events will continue in the CyberWire through week's end.
Dateline Borderless Cyber 2015
Borderless Cyber 2015(OASIS) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools
Homeland Security websites vulnerable to cyber attack: audit(Reuters) The U.S. department charged with protecting government computers needs to secure its own information systems better, according to an audit released on Tuesday that showed lapses in internal systems used by the Secret Service and Immigration and Customs Enforcement
Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets(TrendLabs Security Intelligence Blog) Key individuals, who are believed to be part of a China-based attack group, have been stealing years of valuable government and corporate information from defense and high technology organizations in the US since 2013 and political and government-related entities in China, Hong Kong, and the Philippines since 2010
Bug in iOS and OSX Allows Writing of Arbitrary Files via Airdrop(Threatpost) There is a major vulnerability in a library in iOS that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog
Palo Alto launches service for protecting enterprise cloud apps(Seeking Alpha) Palo Alto Networks (PANW +2%) today announced availability of Aperture, a new security-as-a-service offering to help organizations safely enable and strengthen security for sanctioned SaaS applications, such as Box, Dropbox, Google Drive, and Salesforce
Fortinet offers up SDN security framework(ChannelLife) Fortinet has announced a new software defined network security framework, which it says is the first of its kind and provides advanced threat protection through the integration of security directly into modern data centre environments
NYU Launches Emerging Threats Initiative(Homeland Security Today) In today's era of cyberterrorism and human trafficking, Russia's annexation of Crimea and the black-flag legions of ISIS in Iraq and Syria
Legislation, Policy, and Regulation
Disconcerting U.S. Cyber Deterrence Troubles Continue(Lawfare) Two weeks ago the newspapers were filled with leaked threats that the U.S. government was "developing a package of unprecedented economic sanctions against Chinese companies and individuals who have benefited from their government's cyber theft of valuable U.S. trade secrets"
Senator McCain Urges Secretary Carter to Rescind Proposed Acquisition Rule(US Senate Armed Services Committee) U.S. Senator John McCain (R-AZ), Chairman of the Senate Armed Services Committee, sent a letter today to Secretary of Defense Ash Carter regarding a new proposed Defense Federal Acquisition Regulation rule on commercial item acquisition (DFARS Case 2013-D034). The new rule could effectively preclude any significant participation by commercial firms in defense programs
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
Hacker Halted 2015(Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...
EnergySec 11th Annual Security & Compliance Summit(Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...
Borderless Cyber 2015(Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices...
Detroit Secure World(Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Cyber Security Summit: New York(New York, New York, USA, September 17, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...
6th Annual Billington Cybersecurity Summit(Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this...
Hacker Halted(Atlanta, Georgia, USA, September 17 - 18, 2015) Hacker Halted is a global series of computer and information security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased...
Cyber Security Summit: New York(New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates...
Data Breach Investigation Summit(Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...
St. Louis SecureWorld 2015(St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.