ISIS sympathizers return to the cyber offensive, in a way, defacing state government sites in Wisconsin with pro-Jihad messages. CSO characterizes the attackers as “script kiddies,” which is consistent with ISIS hacktivists’ track record.
In other notes on ISIS, the Combating Terrorism Center at West Point has worked through the data stolen from the jihadist group by a disillusioned adherent. Their conclusion is that the data are genuine. The defector, “Abu Mohammed,” broke with ISIS over the group’s enslavement of Yazidi women.
A Security Research Labs white hat has demonstrated smartphones’ vulnerability to eavesdropping and geolocation. The weak point, common to most phones and carriers, lies in the SS7 routing protocol. SS7 is used by more than 800 telecommunication companies worldwide to achieve mutual interoperability.
Proofpoint reports finding a new ransomware variant, “CryptXXX,” which they’ve traced to the criminal group behind Reveton. CryptXXX is being dropped by the Angler exploit kit.
Checkpoint has released its periodic report on the prevalence of various malware strains. The familiar Conficker, Sality, and Cutwail families maintain their position atop the leaderboard. The top three mobile strains are HummingBad, AndroRAT, and Iop.
The GozNym “double-headed” financial malware being tracked by IBM Security is apparently enjoying a successful run, netting some $4 million from US and Canadian banks.
Anonymous has opened a Dark Web communication service, hoping thereby to improve hacktivist skills and coordination.
The general shortage of cyber labor is affecting the black market. Recruiting traffic is exposing more criminal enterprises to threat intelligence analysts.
Today's issue includes events affecting Algeria, Australia, Bangladesh, China, European Union, India, Iraq, Ireland, Israel, Syria, United Kingdom, United States.
We'll be covering the SINET ITSEF conference from Mountain View, California, today and tomorrow. Watch for our customary live-Tweets and special issues.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day.
Hackers can track your iPhone whatever security measures you take(Hack Read) After all the fuss about how the FBI was able to get a pass into an iPhone recently, 60 Minutes decided to do their own research. Unfortunately according to the results that were found, regardless of the strong encryption system that Apple puts on our devices, most users are still at risk
Meet the ISIS Defector Who Handed Over Stolen Personnel Files(NBC New) We've become accustomed to seeing leaked documents, stolen from governments and corporations but we never expected to get our hands on the raw intelligence treasure trove known as "The ISIS Files." The man who gave us the files was hardly a classic whistleblower
Are Two Bank Breaches Related?(InfoRiskToday) Within the span of just a few days, customers of two public sector banks lost several lakhs of rupees from their accounts to hackers. Security experts say the modus operandi used by the hackers were strikingly similar, with likely ties to one of the world's biggest banking malware variants
Anonymous Launches Dark Web Chat Service(Hack Read) The news was announced on the popular Twitter accounts of the hacktivist group and very soon it was circulating all over social media. The post stated that Deep Web will be hosting Anonymous’ chat service through which the group members will get to strengthen their position. Another important objective that the hackers aim to achieve through this new service is to “arm the current and coming generations of internet activists with education"
A History of SQL Injection (Now With More Pirates)(Duo Security) Attackers can inject SQL commands into an SQL statement via web pages, compromising the security of a web application. The commands can potentially give attackers access to usernames and passwords, or any other kind of data available in a target database
Google Finds 800,000 Websites Breached Worldwide(Dark Reading) In the past year, the search engine giant has detected close to 800,000 sites infected with drive-by download malware and other malicious content aimed at nabbing unsuspecting visitors
The Hiring Shortage Hits Black-Hat Hackers(IBM Security Intelligence) An interesting analysis in Digital Shadows recently spoke about the hiring shortage that has befallen the black-hat hacker community. While most enterprise IT managers are frustrated about getting skilled cybersecurity personnel for their own teams, there are some unexpected benefits, too
IBM’s painful transition is far from over(Quartz) IBM announced its quarterly earnings today, and as many analysts expected, the technology giant posted its 16th quarter in a row of falling sales, when compared to the same quarter the year before. IBM’s revenue for the first quarter of the year was $18.7 billion, down about 5% from a year earlier, the company said in a release
8 Cybersecurity Technologies Primed for Commercialization(Washington Business Journal) CACI International Inc. opened the books on its recent acquisition, the $1.1 billion National Security Solutions spinoff of L-3 Communications Corp. (NYSE: LLL). And while the numbers revealed don’t provide a clear picture of what CACI’s size will be when the company reports a full year of earnings NSS, it is the most intimate look at the business to date
FireEye: A Stock To Keep Your Eye On(Seeking Alpha) Being a leader in a solution to a growing problem leaves it with huge upside potential. Unhealthy past finances are taking a turn toward sustainability. Negative earnings have caused investors to oversell
Quick Heal spurts after respite in Manohar Malani case(Business Standard) Quick Heal Technologies jumped 7.44% to Rs 238.30 at 14:55 IST on BSE after the company said the First Class Judicial Magistrate observed that there was nothing on the record to show the accused Manohar Malani ever held any shares of the company
Feds Prep for Cybersecurity Buying Spree(E-Commerce Times) The U.S. government's objectives for improving cybersecurity are taking shape in updated contracting procedures, contracts and projected increases in spending. Several recent developments have underscored the federal commitment to bolstering the protection of IT resources
Nessus Vulnerability Scanner Now Monitors Docker Containers(Techspective) The de facto leader when it comes to vulnerability management is Nessus from Tenable Network Security. The de facto leader when it comes to container ecosystems is Docker. Now you can combine the two because Nessus 6.6 allows you to monitor and protect Docker containers and the container environment
Technologies, Techniques, and Standards
Coping in a 'Code Yellow' World with Threat Intelligence(Infosecurity Magazine) The Cooper Colour Code was a system invented in the 1980s by a former US Marine to classify awareness to danger. Today, Jeff Cooper’s Code is taught to the military, police and private security forces worldwide, with white, yellow, orange and red used to describe four different combat mindsets
Meet MIT's New Cyber-Attack Detection Tool(PC Magazine) Cyber crime never sleeps, but researchers from MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) and machine-learning start-up PatternEx are working to thwart the next big attack
NSA crowns U.S. Military Academy in 16th cyberdefense exercise(Military Embedded Systems) National Security Agency (NSA) officials announced the U.S. Military Academy at West Point as the winner of the NSA's 16th Annual Cyber Defense Exercise (CDX). NSA's CDX - sponsored by NSA's Information Assurance Directorate (IAD) - challenged service academy teams to protect networks that were designed, built, and configured at their respective schools
Strategies to Tackle New Age Cybercrime(InfoRiskToday) India needs at least $4 billion in public-private partnership mode by 2019 to address cybercrime-related challenges at individual and organizational levels, estimates a new study by Associated Chambers of Commerce and Industry of India and Mahindra Special Services Group
DoD taking multi-pronged mobility approach(C4ISR & Networks) Security is top priority as the Defense Department continues to embrace mobility, and officials are looking at multiple paths toward an end goal that empowers troops and personnel
Obama Cybersecurity Panel May Not Be Effective(Bloomberg BNA) President Barack Obama's chosen candidates for a new commission may not have the appropriate experience to provide effective recommendations for improving U.S. cybersecurity, an industry insider told Bloomberg BNA
Familiar face returns to Cyber Command(FCW) After two years as commanding general of the Army's Intelligence and Security Command, Maj. Gen. George J. Franz III is heading back to Cyber Command, where he will be director of operations, the Pentagon announced
Bangladesh says 20 foreigners involved in theft from NY Fed(AP) Bangladesh investigators have determined that at least 20 foreigners were involved in the cybertheft of $101 million from the Bangladesh central bank's account in the Federal Reserve Bank of New York, a senior investigator said Monday
Barletta chairs hearing on protecting the U.S. electrical grid(Homeland Preparedness News) The Subcommittee on Economic Development, Public Buildings and Emergency Management, chaired by U.S. Rep. Lou Barletta (R-PA), held a hearing entitled “Blackout! Are We Prepared to Manage the Aftermath of a Cyber-Attack or Other Failure of the Electrical Grid?” on Thursday to examine the potential consequences of a massive cyber attack on the U.S
How 'Britain's FBI' hacks into computers to catch criminals and cyber-gangs(International Business Times) In a rare glimpse into the scope of its active surveillance operations, the UK's National Crime Agency (NCA), also dubbed the 'British FBI', has outlined some examples of the computer hacking and snooping techniques it uses to help catch crooks involved in everything from financial cybercrime to sextortion schemes
CSO 50 Conference and Awards(Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share...
2016 Cybersecurity Symposium( Coeur d’Alene, Idaho, USA, April 18 - 20, 2016) The Cybersecurity Symposium: Your Security, Your Future is an opportunity for academic researchers and software and system developers from industry and government to meet and discuss state of the art processes...
Amsterdam 2016 FIRST Technical Colloquium(Amsterdam, the Netherlands, April 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the...
Security & Counter Terror Expo 2016(London, England, UK, April 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees...
SINET IT Security Entrepreneurs Forum (ITSEF) 2016(Mountain View, California, USA, April 19 - 20, 2016) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet...
SecureWorld Philadelphia(King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...
Army SIGINT(Fort Meade, Maryland, USA, April 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees...
6th European Data Protection Days (EDPD)(Berlin, Germany, April 25 - 26, 2016) The EDPD Conference will provide participants from the business side with all the important news and updates for the international data protection business at a high level. These include key developments...
CISO San Francisco(San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions...
Staying Ahead of the Curve - Securing a Nation Amid Change(Washington, DC, USA, April 26, 2016) A discussion of the changing cybersecurity landscape, featuring a keynote by General Keith Alexander, former Director, National Security Agency, and a panel discussion of the challenges facing Federal...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.