A scholar argues that ISIS information operations succeed because the brutality of the group's "apocalyptic vision" is well adapted to transmission through social media.
Apple and others, including Amazon and Baidu, continue efforts to exorcise XcodeGhost from app stores, but the infestation is proving unpleasantly durable.
Google deals with Trojanized games (including versions of "Plants versus Zombies" and "Candy Crush") in Google Play. Other Android exploits (SMS Trojans) show a new predilection for assaults on financial accounts.
Heimdal warns that Cryptolocker 2 ransomware vectors are spoofing communications from Denmark's post office.
British Columbia's Education Ministry loses an unencrypted hard drive containing personal information on "millions" of the province's citizens.
Mozilla issues a Firefox patch.
Details emerge on Volkswagen's clean diesel software scandal, with observers drawing lessons for ICS security.
Market researchers find that customers in fact leave businesses' websites if they perceive security problems. In other industry news, venture capital continues to flow into security start-ups. Damballa looks at Zerodium's Halloween bounty of $1 million for iOS exploits (and says in effect "we told you so").
Cyber information sharing remains a centerpiece of emerging standards of care (and CSOs say they're not waiting for government to lead), but breach response is fast gaining, as are "holistic" approaches to security.
As the US and China prepare for their summit, China's President Xi sweet talks the US tech industry during a stopover in Seattle, emphasizing cyber cooperation. China denies cyber industrial espionage, but observers see subjunctive and bureaucratic misdirection in the denials.
Today's issue includes events affecting Canada, China, Denmark, India, Indonesia, Italy, Malaysia, Singapore, South Africa, Thailand, United Kingdom, United States.
The US National Cyber Security Hall of Fame has announced its class of 2015. Congratulations to those honored: Cynthia E. Irvine (NPS), Jerome H. Saltzer (MIT), Ron Ross (NIST), Steven B. Lipner (Microsoft), and Susan Landau (WPI).
Cyber Attacks, Threats, and Vulnerabilities
ISIS Brutality Rooted in an Apocalyptic Vision(USNI News) The extreme radical beliefs and brutal actions that caused al Qaeda in Iraq to fail earlier remain the heart of the success of today's Islamic State in Iraq and Syria (ISIS or ISIL), all because the political context of a decade ago and today have changed, a leading scholar on Islamic terrorism said Monday
Android trojan drops in, despite Google's Bouncer(We Live Security) We at ESET recently discovered an interesting stealth attack on Android users, an app that is a regular game but with one interesting addition: the application was bundled with another application with the name systemdata or resourcea and that's certainly a bit fishy
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates for Firefox(US-CERT) The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system
National Cyber Security Hall of Fame Announces 2015 Inductees(National Cyber Security Hall of Fame) The National Cyber Security Hall of Fame has released the names of five innovators who will be inducted into the Hall of Fame at its award ceremony on Thursday, October 29, at the Four Seasons Hotel in Baltimore, Maryland
Top 3 Reasons for the Increase in Data Breaches(Information Security Buzz) The past few years have seen a steady increase in major hacking incidents, with high-profile breaches at corporations like Target, Sony Pictures and Home Depot as well as the US government making headlines worldwide
Follow the Data: Dissecting Data Breaches and Debunking the Myths(TrendLabs Security Intelligence Blog) Data breaches are daily news items. Reports of data breaches affecting governments, hospitals, universities, financial institutions, retailers, and recently an extra-marital affairs site, dominate the news with increasing frequency
$1M Offered for iOS 9 Exploit: Damballa's prediction comes true(Damballa: the Day Before Zero) A few days ago, a mainstream media channel asked the Damballa Threat Discovery Center our opinion about the newest and biggest cyber threats facing US business and law enforcement. We responded that the business of Zero Day exploits is on the rise
Why It's Insane To Trust Static Analysis(Dark Reading) If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts
From Hacker to IoT Security Hero? Red Balloon Floats New Solution(Enterprise Tech) The same person who once hacked HP printers and other telecommunications products to demonstrate the vulnerability of embedded devices has now developed a platform-independent real-time host-based intrusion defense system designed to secure all embedded products, regardless of vendor or operating system
Chinese president emphasizes cybersecurity during Seattle visit(Los Angeles Times) In a policy address peppered with Hollywood allusions and assurances of China's economic health, President Xi Jinping pledged Tuesday that his country would protect the rights of foreign investors and vowed that the nation would "never close its open door to the world"
On U.S. visit, China's president seeks to reassure on trade, security(Reuters) Chinese President Xi Jinping, facing a skeptical audience on the first day of a week-long U.S. visit, sought to reassure business and government officials on Tuesday over a long list of irritants, from economic reform to cyber attacks, human rights and commercial theft
Conflict Flavors Obama's Meeting With Chinese Leader(New York Times) For the past two years, the critical question confronting the Obama administration about Xi Jinping, the Chinese president who defied American predictions by challenging the United States' superpower status early and directly, has been how forcefully to respond
Federal CISOs Propose New Efforts to Shore Up Cybersecurity(Threatpost) Nearly six months removed from the OPM hack and with many government departments still reeling when it comes to security, several federal chief information security officers volunteered a handful of new ideas at last week's Billington Cybersecurity Summit in Washington, D.C to combat future hacks and improve overall security in the private sector
The British Library Did Not Need to Self-Censor(Just Security) I enjoyed reading Shaheed Fatima's excellent post from last week about the British Library's decision not to accept the digital archive of materials collected by the Taliban Sources Project
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Data Breach Investigation Summit(Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...
St. Louis SecureWorld 2015(St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
OWASP APPSECUSA(San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications
MeriTalk: Cyber Security Brainstorm(Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section,...
Business Insurance Cyber Risk Summit 2015(San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...
CYBERSEC European Cybersecurity Forum(Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC...
ASIS International(Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...
(ISC)² Security Congress(Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from...
Cloud Security Alliance Congress at P.S.R.(Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical...
Threat Intelligence Summit 2015(ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply...
VB2015(Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical...
IT Security one2one Summit(Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.