skip navigation

More signal. Less noise.

Daily briefing.

Shamoon, the drive-wiping malware that hit Saudi Aramco and other energy firms hard in 2012, is back, with infections reported in Saudi government systems. Saudi investigators say their forensic investigation leads them to attribute the attack to an Iranian source. The new strain of Shamoon is also being called "Disstrack," and it appears to be purely disruptive in operation, with no reports of data exfiltration.

Investigation into the Tesco Bank breach suggests to some observers that the bank's connection to its parent supermarket may have afforded the attackers their way in.

The World Anti-Doping Agency is again under cyberattack, and it's either Fancy Bear or someone masquerading as Fancy.

Palo Alto Networks' Unit 42 reports on a new Google Android Trojan, “PluginPhantom," that abuses the DroidPlugin framework. PluginPhantom, which includes a keylogger, extracts a wide range of user and device information.

Facebook is calling hogwash on Check Point Software's report of Locky ransomware being spread by images in Facebook Messenger.

Firefox has patched a zero-day that could be exploited to de-anonymize Tor users.

Germany's Interior Ministry has proposed legislation that would limit the transparency of online surveillance. Interception of jailed ISIS terrorists' communications suggests planning for unusually repellent attacks targeting children. Investigation into the alleged ISIS mole in the BfV continues; the Telegraph argues any security service might overlook red flags when recruiting for scarce language skills.

A US Defense Department report accuses Chinese security firm Boyusec of working with the PLA to embed espionage tools in its security products.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Germany, Iran, Iraq, Israel, Jamaica, Netherlands, Russia, Saudi Arabia, Syria, United Kingdom, United States.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our research partners at the University of Maryland, as Jonathan Katz describes the challenges of including encryption in ransomware. Our guest Dmitry Volkov from IB will take us through what's known about the Cobalt ATM hacks.

A special edition of our Podcast up is up, too—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.

As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.

AlienVault USM Webcast (Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville MD, USA, December 6, 2016) Your employees could be your biggest cybersecurity risk. Join us to learn more.

Cyber Attacks, Threats, and Vulnerabilities

Shamoon wiper malware returns with a vengeance (Ars Technica) Displays body of drowned Syrian boy after wiping drive; Saudi government targeted

Israeli News Channels’ Telecast Hacked; replaced with Muslims’ call to prayer (HackRead) Hackers were furious over a that bans Muslim call-to-prayer bill in the country

Deutsche Telekom attack part of global campaign on routers (Reuters) A cyber attack that infected nearly 1 million routers used to access Deutsche Telekom internet service was part of a campaign targeting web-connected devices around the globe, the German government and security researchers said on Tuesday

New Mirai Worm Knocks 900K Germans Offline (KrebsOnSecurity) More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai

SF Municipal Railway restores systems after ransomware attack (TechTarget) The San Francisco Municipal Transportation Authority restored systems without paying following a ransomware attack that allowed free rides for travelers over the weekend

Why transportation networks are especially vulnerable to ransomware (CNBC) Workers in the transportation sector are among the most vulnerable to phishing emails and the ransomware attack on San Francisco's light rail system over the Thanksgiving weekend showed the impact cybercriminals can have on municipal transportation systems

'Tesco Bank's major vulnerability is its ownership by Tesco,' claims ex-employee (Register) Links to supermarket's systems may have exposed vulnerability

UK Lenders Shared Threat Info After Tesco Bank Attack (Infosecurity Magazine) The UK’s banking sector enacted contingency plans that enabled members to share crucial intelligence following a major cyber-attack against Tesco Bank earlier this month

Bears continue to maul anti-dopers (SC Magazine) Fancy Bear are [sic] continuing to target the western sports establishment, publishing a series of emails from inside the World Anti Doping Agency, illustrating a number of small allegedly scandalous details from inside the organisation

In Break From Usual, Threat Actors Use RAT To Steal POS Data (Dark Reading) New NetWire RAT version comes with keylogger for stealing a lot more than just credit and debit card data

New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer (TrendLabs Security Intelligence Blog) In January of 2016, we found various “SmsSecurity” mobile apps that claimed to be from various banks. These apps supposedly generated one-time passwords (OTPs) that account holders could use to log into the bank; instead they turned out to be malicious apps that stole any password sent via SMS messages. These apps were also capable of receiving commands from a remote attacker, allowing them to take control of a user’s device

PluginPhantom: New Android Trojan Abuses “DroidPlugin” Framework (Palo Alto Networks) Recently, we discovered a new Google Android Trojan named “PluginPhantom”, which steals many types of user information including: files, location data, contacts and Wi-Fi information. It also takes pictures, captures screenshots, records audios, intercepts and sends SMS messages. In addition, it can log the keyboard input by the Android accessibility service, acting as a keylogger

Computer Systems at Carleton University Shut Down due to Ransomware (HackRead) Hackers are demanding 2 bitcoin per machine or a total of 39 bitcoin for the decryption key

HDDCryptor: Subtle Updates, Still a Credible Threat (RDK Software Solutions) Since first writing about the discovery of HDDCryptor back in September, we have been tracking this ransomware closely as it has evolved. Last week, a new version was spotted in the wild, and based on our analysis, we believe that this variant is the one used in a recent attack against San Francisco Municipal Transport Agency (SFMTA)

Facebook Denies Researchers' Claim Ransomware Spreading via Images (eWeek) Researchers at Check Point Software Technologies allegedly find images spreading ransomware on social media sites, but Facebook calls their research "incorrect"

CyberArk finds Microsoft Credential Guard flawed (ITWire) Attackers with local administrator rights can harvest encrypted service credentials to achieve lateral movement and full domain compromise on Windows endpoints

New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer (Cyber Disruption) In January of 2016, we found various “SmsSecurity” mobile apps that claimed to be from various banks. These apps supposedly generated one-time passwords (OTPs) that account holders could use to log into the bank; instead they turned out to be malicious apps that stole any password sent via SMS messages. These apps were also capable of receiving commands from a remote attacker, allowing them to take control of a user’s device

Firefox 0-day exploited in the wild to unmask Tor users (Help Net Security) An anonymous user of the SIGAINT darknet email service has revealed the existence of a JavaScript exploit that is apparently being actively used to de-anonymize Tor Browser users

Tor users at risk of having their anonymity stripped via attacks exploiting Firefox zero-day (Graham Cluley) Wait a second… this looks familiar

Hello, You’ve Been Compromised: Upward Attack Trend Targeting VoIP Protocol SIP (Security Intelligence) There are numerous protocols used in voice-over-IP (VoIP) communications. According to IBM Managed Security Services (MSS) data, the most targeted VoIP protocol is Session Initiation Protocol (SIP), which accounted for over 51 percent of the security event activity analyzed in the last 12 months

IoT camera turned into a zombie in under two minutes (Naked Security) It may be the favorite easy target for those of us who like to grumble about the sad state of security in the consumer market, but there have been some egregious examples of poor security in “smart” cameras recently

Who Hacked The Lights In Ukraine? (Motherboard) On December 23 of last year, tens of thousands of people in Ukraine suffered a blackout. The culprit wasn't just another malfunction or a natural disaster—but a hacker attack. This was the first known cyberattack that took out the electric grid anywhere in the world

'Dronejacking' May be the Next Big Cyber Threat (The Bull) A big rise in drone use is likely to lead to a new wave of "dronejackings" by cybercriminals, security experts warned Tuesday

Dark Web Child Porn Sites Are Using 'Warrant Canaries' (Motherboard) For coal mines, canaries raised the alarm on toxic leaks. For tech companies, cryptographically signed messages—or warrant canaries—flag secret demands for user data. And on the dark web, they are supposed to show that a criminal site has not been infiltrated by law enforcement

Hackers reuse passwords to access 26,500 National Lottery accounts (Naked Security) Earlier this week UK National Lottery operator Camelot released a statement saying it believed hackers had accessed the accounts of around 26,500 of its 9.5 million online players

Europol Red-faced as Terror Data Appears Online (AFP) Europol admitted on Wednesday that confidential information on terror investigations were accidentally put online, as it launched a probe into what it called a "very serious incident"

Cybercriminals' Next Target: Short-Term Dangers (Part 1 of 2) (Dark Reading) With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware

Security Patches, Mitigations, and Software Updates

Tor Patched Against Zero Day Under Attack (Threatpost) Update: The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users

Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass (Threatpost) Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google’s Chrome browser

Microsoft's decision to retire security tool is myopic (Computerworld) Plan to end EMET support in mid-2018 comes under fire from security analyst

Cyber Trends

Nearly Half of IT Professionals More Concerned About Insider Threats than External Threats, with Naive Individuals and Employees Bending the Rules Driving Concerns (Preempt) Despite the perception that hackers are a company’s biggest cybersecurity threat, insiders, including careless or naïve employees, are now viewed as an equally important problem, according to new research from Preempt, pioneer of the industry’s first behavioral firewall

Mobile Devices Leave Organizations Dangerously Exposed to Cybercrime (PRNewswire) Ovum report identifies mobile as an open door for cybercriminals to attack business systems

Quick Heal® Technologies Third Quarter Threat Report Reveals Significant Increase in Android Platform Vulnerabilities and Mobile Banking Trojans (IT Business Net) Quick Heal Technologies announced results of its third quarter Threat Report today. The free report, now available on the Quick Heal website, reveals a startling increase in vulnerabilities on the Android platform and a 33 percent rise in mobile ransomware. The report also found a slight decrease in Potentially Unwanted Applications (PUA) and Adware, dropping by three percent and 12 percent respectively

Do you know which data compliance standards apply to your organization? (Help Net Security) Despite the explosion in data collection among companies in every sector and the well-documented risks of cyber threats, a new Liaison Technologies survey of nearly 500 US C-level executives and senior-level managers reveals that nearly half (47%) are unsure which information security and privacy regulations apply to their organizations

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ... (Register) Secunia report on treadmill of security software pain

Feds Need to Bolster Cyberprotection Speed and Range (E-Commerce Times) Providing cybersecurity that is adequate to meet increasing threats has proven to be a perpetual catch-up process. Public sector agencies are particularly sensitive targets, with high visibility not only to the citizens they serve, but also to cyberattackers

Marketplace

JP Morgan: 'We would hire a reformed black hat' (Computing) And other industry hacker recruitment policies from our latest summit

Soltra saved — NC4 buys info-sharing system from banking sector (CyberScoop) Soltra, the cyberthreat information-sharing joint venture set up by financial-sector institutions, has been reprieved after it was bought by security firm NC4

Aquilent to be acquired by Booz Allen Hamilton in $250 million deal (Baltimore Sun) The management consulting giant Booz Allen Hamilton is acquiring Aquilent, a Laurel firm that has designed more than 100 websites for federal agencies, in a $250 million deal

1 Top Small-Cap Stock to Buy Now (Fox Business) Small-cap stocks can deliver explosive gains -- or sizable losses. Choose well, and these high-risk yet potentially high-reward stocks can deliver multibagger returns and turbocharge your portfolio's overall performance. But choose poorly, and a small-cap stock can produce painful losses, up to and including a complete loss of capital should the business be forced into bankruptcy

Why FireEye’s Leadership in APT Could Benefit Its Investors (Market Realist) FireEye is a leader in the APT space

FireEye Focuses on Enhancing Its Network Security Offerings (Market Realist) FireEye faces tough competition in the network security space

FireEye execs admit channel troubles (CRN) At security vendor FireEye's Partner Advisory Council earlier this year, Nick Giampietro said partners were asked, in the wake of all its challenges with the channel and the market: Is FireEye done?

NDAA Requires Army To Buy Intelligence Software Commercially (Defense NewsCyber center project a 'turning point' for Army capability, leaders say) After a federal judge put a stop to the Army’s current plan to develop its intelligence analysis framework internally, requiring it to look again at commercially available products, a provision in the conference report of the 2017 defense policy bill further pushes the Army toward buying commercial capability

HHS OIG wants help hunting cyberthreats (Federal Times) The Department of Health and Human Services inspector general is in pursuit of information about cyberthreat-hunting software

CACI nabs $79M Army task order to support information warfare directorate (Washington Technology) CACI International has won a $79 million task order to support the U.S. Army Intelligence and Information Warfare Directorate.

Cyberinc, an Aurionpro Company, invests to address Australia's growing cyber security market (Sys-Con Media) Establishes Australian headquarters in Melbourne, will collaborate with and strengthen Victoria Government's cyber security agenda

Cylance appoints Arrow as its first Australian distributor (CRN) Security vendor Cylance has appointed Arrow as its first distributor for Australia and New Zealand

Checkmarx Recognized By Deloitte Israel Technology Fast 50 2016 As Israel’s Fastest Growing Cybersecurity Company (BusinessWire) Checkmarx, a global leader in application security testing, has been selected as one of Israel's fastest growing companies in Deloitte's Fast 50 2016 awards program for the fourth year in a row. Recognized for sustained revenue growth and a deep understanding of the cybersecurity market, Checkmarx is the highest ranking cybersecurity company, placing 14th on the overall Fast 50 list

Verodin Adds Prominent Security Names to Leadership Team (BusinessWire) Andrew Barnett, Brian Contos and Kurt Stammberger join “Instrumented Security™” pioneer

CrowdStrike Appoints Industry Veteran Michael Carpenter as President of Global Sales and Field Operations (CrowdStrike) Former Tanium executive to lead CrowdStrike’s global expansion and build on unprecedented growth as demand for CrowdStrike Falcon skyrockets

Microsoft 'Father Of SDL' Named To Top Post At SAFECode (Dark Reading) Steve Lipner, the former Microsoft security leader credited with spearheading its security development lifecycle (SDL) initiative, takes on a new role as executive director at SAFECode

Products, Services, and Solutions

Optiv Security Announces Next Generation of Third-Party Risk Management Platform Evantix (Optiv) Evantix 5.0 helps organizations better scale third-party risk management programs, improve visibility into risk assessment lifecycle and track remediation issues

Palo Alto Networks Automates Cloud Security Deployment On Amazon Web Services (PRNewswire) Palo Alto Networks now supports key AWS features and joins the AWS Competency Program for Security

Actively Monitoring a Mobile Workforce with SecurityCenter (Tenable Network Security) As the boundaries of the traditional workplace expand from users in the traditional single office building to mobile road warriors and remote workers, the effectiveness of a vulnerability management program across all endpoints becomes more challenging

Infinite : Introduces Nodeware Vulnerability Management Solution (4-Traders) Nodeware's plug-and-play system simplifies and enhances security for SMBs

Zentera Systems Launches Industry's First True Cloud Security Overlay Solution Delivering Third-Party Security Capabilities to the Cloud (Broadway World) Zentera Systems, Inc., the leader in multicloud networking and security, today launched the industry's first true cloud security overlay solution that delivers third-party security capabilities to the cloud

Hypertec and RackTop Partner to Deliver a Secure Accelerated Data Workflow Integration Solution for Media and Entertainment Companies (PRNewswire) Hypertec Systems and RackTop Systems today announced a strategic partnership launching a new workflow integration system that simplifies, accelerates and secures media and entertainment companies' creative workflow

Next-gen protection against multi-vector DDoS attacks (Networks Asia) Devastating multi-vector distributed denial of service (DDoS) attacks continue to make the news. Two complex assaults on internet infrastructure company Dyn late October, that some reports claim to be in the 1.2 Tbps range, took down popular websites including Twitter, Netflix, Pinterest, Paypal, Spotify, Airbnb and Reddit

SAMRi10: Windows 10 hardening tool for thwarting network recon (Help Net Security) Microsoft researchers Itai Grady and Tal Be’ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced “Samaritan”)

The Floodgate IoT Security Toolkit is here (App Developer Magazine) Icon Labs has announced its Floodgate IoT Security Toolkit, which enables IoT edge devices to be easily and securely integrated with IoT cloud platforms, including Verizon’s ThingSpace IoT Cloud Platform, and provides security management for remote IoT devices from a single user interface

BlackBerry Watchdox: Secure File Sharing Is An Abject Necessity In Legal Services And Blackberry Shows The Way (N4BB) BlackBerrry WatchDox sets the benchmark in secure file sharing in legal services. No more photocopies or couriering large bundles of docs

Raytheon conducts demonstration of cyber and electromagnetic battle management system (GSN) Raytheon Company's (NYSE: RTN) Cyber and Electromagnetic Battle Management tool is the only electronic warfare planning and management tool to demonstrate interoperability with not only third-party software, but an entire system with completely different architecture

Technologies, Techniques, and Standards

Node.js Foundation To Oversee Node.js Security Project To Further Improve Stability for Enterprises (Yahoo!) The Node.js Foundation, a community-led and industry-backed consortium to advance the development of the Node.js platform, today announced that the Node.js Security Project will become a part of the Node.js Foundation. Under the Node.js Foundation, the Node.js Security Project will provide a unified process for discovering and disclosing security vulnerabilities found in the Node.js module ecosystem

Bypassing BitLocker during an upgrade (Naked Security) If you’ve got an iPhone, or an Android, or a Mac, or a Windows 10 computer, then you’ll know that when you do an upgrade, the device almost always reboots during the process, sometimes more than once

20 Questions Smart Security Pros Should Ask About 'Intelligence' (Dark Reading) Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential

Cybersecurity User Training That Sticks: 3 Steps (Dark Reading) People are eager for common-sense advice that gives them control over their environment and helps them stay safe online

Isolation technologies create an “air gap” to eliminate the risk of malware (Network World) Web requests are proxied to the isolation platform, which executes and renders web sessions remotely, and only a safe visual stream is sent on to users

The Purple Team Pentest (CircleID) It's not particularly clear whether a marketing intern thought he was being clever or a fatigued pentester thought she was being cynical when the term "Purple Team Pentest" was first thrown around like spaghetti at the fridge door, but it appears we're now stuck with the term for better or worse

Next level red teaming: Working behind enemy lines (Help Net Security) The term “hacker” calls forth both positive and negative mental pictures, but I can bet that there are not many people, even in the infosec community, to whom the term generates the image of a guy running through the jungle with a laptop and an automatic weapon

Worried About Getting Hacked? Here Are 3 Simple Ways To Protect Yourself (Forbes) How many passwords do you have to remember? Don’t forget the unlock codes for your phone and computer, the garage door opener, and the safe combination. Not including sign-in information for my work computer, I counted 50 separate passwords and passcodes for my husband and me

5 ways data classification can prevent an education data breach (CSO) Schools could don the dunce cap if they don’t get this test right

Design and Innovation

Is Strong Authentication Killing the SMS-Delivered Password? (Easy Solutions) Over the past few years, there has been a noticeable move away from what has been the norm for decades – communication and business conducted in person or over the phone – toward increasingly digital-only interaction

Facebook users want to continue posting from beyond the grave (Naked Security) What happens to a person’s Facebook page after they die?

Video: A bitcoin allowance teaches spending and security (Christian Science Monitor Passcode) Kryptina is one of the world's youngest users of the digital currency bitcoin. Her dad gives her a bitcoin allowance as a lesson in online security and money management

Research and Development

Georgia Tech Gets $17 Million Defense Deal For Cyberattack Attribution (Dark Reading) US Department of Defense awards research to work on technique for quick attribution of cyberattack with hard evidence

Academia

Lockheed-Virginia Tech Alliance to Focus on Cybersecurity, Electronics & Autonomy Research (ExecutiveBiz) Lockheed Martin and Virginia Tech have entered into a partnership to implement joint research projects focused on cybersecurity, microelectronics, power electronics and autonomy

Legislation, Policy, and Regulation

German Minister Proposes Data Protection Law Aimed at Limiting Privacy Rights (HackRead) The bill will also ban the citizens’ right to know what sort of data about them is being collected by the government

Scholars, infosec experts call for action on Russian hacking (CSO) In the wake of reports about Russian involvement in fake news and hacks against political targets leading up to the recent presidential election, scholars and security experts are calling for federal action

House passes intelligence bill enhancing efforts against Russia (The Hill) The House passed an annual intelligence policy authorization bill on Wednesday that includes a provision to increase scrutiny of Russia's attempts to exert covert influence around the world, after the country was accused of meddling in this year's U.S. presidential election

Extremist Content and the ICT Sector (Global Network Initiative) The role of information and communication technology (ICT) companies in responding to alleged terrorist or extremist content has become one of the most challenging issues for freedom of expression and privacy online. In July 2015, GNI launched a policy dialogue to explore key questions and considerations concerning government efforts to restrict online content with the aim of protecting public safety, and to discuss the human rights implications of such government actions

US Judges Can Now Sign Global Hacking Warrants (Motherboard) On Thursday, changes to the rules around US search warrants came into effect, meaning that magistrate judges can now authorize the hacking of computers outside of their own district

Senate fails to stop FBI's expanded hacking authority (Engadget) The FBI will have the freedom to hack computers in any jurisdiction

Opinion: The FCC needs to end warrantless cellphone spying (Christian Science Monitor) Police departments' growing use of devices known as "Stingrays" that intercept – and disrupt – people's communications represents a clear danger to Americans' privacy

Snowden: Hacking rule changes threaten Americans' rights (Washington Examiner) Changes to a little-known rule that allows law enforcement agencies like the FBI to search multiple computers with one warrant go into effect in a few hours, prompting a stern warning from former NSA contractor Edward Snowden that the rights of all Americans are in jeopardy

What would it take to declare the electromagnetic spectrum a domain of warfare? (C4ISRNET) Cyber was recently declared a domain of warfare five years ago, making it the fifth operational domain with land, sea, air and space. There is now also discussion of donning the electromagnetic spectrum (EMS) its own operational domain of warfare

These senators are hoping to divide Cyber Command from the NSA (CyberScoop) A bipartisan amendment introduced Tuesday in the Senate to the 2017 National Defense Authorization Act seeks to elevate U.S. Cyber Command to a combatant command. The status upgrade would cause Cyber Command to become independent of the NSA, receive additional resources and assume different leadership than currently installed

How Should Trump Handle the U.S. Cybersecurity Crisis? (Top Tech News) They've stolen money from banks in England, knocked out electrical power in the Ukraine and interfered with the latest presidential election cycle in the United States

America wonders what path Trump will tread on cybersecurity (Naked Security) Trying to predict the shape of cybersecurity under President Trump is a frustrating exercise for industry professionals. But given what’s at stake, we asked some to give it a try anyway, or at least offer the president-elect some advice

Don’t Put the Pentagon in Charge of Private Industry’s Cybersecurity (Defense One) There are few ways that the military could intervene effectively without doing more harm than good

The Coming War on ‘Radical Islam’ (Defense One) How President-elect Trump’s government could change America’s approach to terrorism

It will soon be illegal to punish customers who criticize businesses online (Ars Technica) Consumer Review Fairness Act bans customer gag clauses, awaits Obama signature

Cyber center project a 'turning point' for Army capability, leaders say (Army Times) The groundbreaking for Army Cyber Command’s new complex at Fort Gordon, Georgia, represents a crucial turning point for the nation’s ability to fight in the cyber domain and diminish gaps in capability, Army leaders said Tuesday at the event

Gov’t to strengthen legislation to protect personal information in cyberspace (Jamaica Observer) The Government will be making changes to critical pieces of legislation that will enable a more robust framework in protecting personal information in cyberspace

Litigation, Investigation, and Law Enforcement

China Cybersecurity Firm Linked With Country’s Intel Agency For Espionage (Dark Reading) Boyusec is working with China's intelligence services and military to doctor security products for spying, says Pentagon report

All western spy agencies, including MI5, are vulnerable to infiltration by Islamists. Here's why (Telegraph) he news that the German security service, the Bundesamt für Verfassungsschutz (BfV) may have been penetrated by an Islamist terrorist organisation will come as no surprise to western counter-intelligence analysts. In fact it will serve only as an unpleasant reminder of the vulnerability of such agencies when entrance and vetting standards are compromised in an effort to acquire language skills

Arrested German spy was a onetime gay porn actor — and a secret Islamist (Washington Post) Two weeks ago, German intelligence agents noticed an unusual user in a chat room known as a digital hideout for Islamic militants. The man claimed to be one of them — and said he was a German spy. He was offering to help Islamists infiltrate his agency’s defenses to stage a strike

„Darf ich Eis nach Scharia würzen, um Kinder zu töten?“ (Welt) Dschihadistischer Dialog in Kinderschrift: Zwei junge Salafisten aus NRW haben selbst in der Haft noch ihre Mord- und Vergewaltigungsfantasien ausgetauscht. Auch mal verziert mit Herzchen und Blumen

Trump says Ohio campus attacker 'should not have been in' US (BBC) Donald Trump has said a Somali refugee student who went on a rampage at an Ohio campus on Monday "should not have been in our country"

Ohio man sentenced in plot to kill government employees in support of ISIS (Federal Times) The Department of Justice has sentenced a West Chester, Ohio, man for attempting to kill officers and U.S. government employees, conspiracy to provide material support to a foreign terrorist organization, and possession of a firearm in furtherance of a crime of violence

Petraeus would have to notify probation officer if offered State job (Washington Examiner) Retired Gen. David Petraeus, one of the remaining four candidates President-elect Trump is considering for secretary of state, would have to notify his probation officer of his new job if offered the position

Navy asks Hewlett Packard to pay up for personal data breach (Navy Times) The Navy is pressing private contractor Hewlett Packard Enterprise to pay for credit monitoring services for sailors affected by a data breach that exposed more than 130,000 social security numbers, a defense official familiar with the ongoing investigation said

Largest Producer Of Child Pornography Ever Prosecuted In Minnesota Sentenced To 38 Years In Prison (US Department of Justice) Anton Martynenko targeted more than 150 children in “sextortion” scheme

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Upcoming Events

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...

AlienVault USM Webcast (Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...

Cyber Threats Master Class (Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...

Disrupt London (London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.

US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, December 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half...

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, December 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine...

Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...

Practical Privacy Series 2016 (Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...

CISO Southern Cal (Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

SANS Cyber Defense Initiative 2016 (Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...

Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.