A guilty plea in the doxxing case against a Kosovar ISIS-sympathizer arouses new concerns that ISIS has personally identifying information on US military and government personnel.
In a different doxxing operation, hacktivists expose emails and other information exchanged among members of US police unions.
The usual cyber-rioting gutters on in the Caucasus, with Armenian and Azerbaijani patriotic hacktivists exchanging attacks.
Google monitors and controls access to Google Play, but researchers at Dr. Web warn that they've found more than sixty Trojanized games in the store.
British bank HSBC recovered over the weekend from a distributed-denial-of-service attack, but the incident was no outlier. DDoS attacks continue to proliferate: they're relatively inexpensive to mount, they can deliver either a direct extortion payoff or serve as misdirection for more serious attacks, and the growing Internet-of-things offers opportunities for botnet wranglers.
In industry news, Symantec closes the Veritas sale as it refocuses on its core security business. Fortinet's good earnings tide last week lifted the share-price boats of CyberArk and Palo Alto Networks as well. But the big news is the apparent demise over the weekend of Norse Corporation, famous for its gorgeous attack map. CEO Glines has departed, Norse's sites (including that map) are dark, and rumors suggest the company's remaining assets and operations may be folded into SolarFlare, which shares some investors with Norse.
The US and EU did not succeed in reaching a modus vivendi on Safe Harbor. National European privacy authorities are expected to announce their next move this Wednesday.
Today's issue includes events affecting Armenia, Azerbaijan, China, European Union, India, Indonesia, Iraq, Ireland, Israel, Kosovo, Malaysia, Syria, Thailand, United Kingdom, United States.
Reactions to the HSBC DDoS attack(Help Net Security) Last week HSBC's online banking website was taken down by a DDoS attack, leaving thousands of customers unable to access its services
UK Sites Pummelled by DDoS Storm in Q4(Infosecurity Magazine) UK websites suffered a sharp increase in DDoS attacks of over 20% quarter-on-quarter to become the second most targeted country in the world after the US, according to the latest stats from Imperva
Report: Cyber, EW a threat to US military's space assets(FierceGovernmentIT) While the U.S. military relies heavily on space assets for its communications, positioning, reconnaissance and other functions, many view the U.S. space architecture as a point of weakness, said a new report from a Washington, D.C.-based think tank
Security Patches, Mitigations, and Software Updates
Enhanced Mitigation Experience Toolkit (EMET) 5.5 is now available for download(TWCN) Microsoft's Security tool, Enhanced Mitigation Experience Toolkit (EMET) 5.5 is now available for download. The tool until now has been running in Beta phase which Microsoft has made available since December 19th 2015. However, this 29th January, Microsoft officially unveiled the version 5.5 with new updates and functionality
The Global State of Information Security® Survey 2016: Key themes(PWC) By now, the numbers have become numbing. Cybersecurity incidents are daily news, with reports of escalating impacts and costs that are sometimes measured in the billions. Take a look beyond the headlines, however, and you?ll find new reasons for optimism
Sources: Security Firm Norse Corp. Imploding(KrebsOnSecurity) Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff
Palo Alto, CyberArk up big following Fortinet's earnings/guidance(Seeking Alpha) Palo Alto Networks (PANW +6.4%) and CyberArk (CYBR +7.4%) are posting big gains after security tech peer and Palo Alto rival Fortinet (up 6.6%) provided above-consensus 2016 sales guidance — Q4 sales were roughly in-line — and issued 2016 billings guidance (could be conservative, given Fortinet's history) that implies 23% Y/Y growth
Symantec closes Veritas sale, adds $2B to capital return program(Seeking Alpha) As expected, the sale of Symantec's (NASDAQ:SYMC) Veritas storage software unit to P-E firm Carlyle has closed today. The closing comes nine days after Symantec announced it had agreed to a deal revision that cuts its after-tax proceeds by $1B to $5.3B
Israel's Cyber Sector Blooms in the Desert(AFP via SecurityWeek) A modern metropolis rising from Israel's Negev desert stands on the frontline of a global war against hacking and cyber crime, fulfilling an ambition of the country's founding father
How local government can manage technology risk(GCN) Drawing from research and surveys of New Jersey local government technology practices and other government-related sources, the authors both inventory the common types of technology found in local government and outline the common categories of risk that come with them
NSA Top Hacker: Here's How to Make My Life Hard(Fortune) When Rob Joyce, head of the National Security Agency's top hacking outfit, made an appearance at the brand new Usenix Enigma security conference in San Francisco this week, he didn't strike the casual onlooker as an alpha predator
Security Training Lessons from Alexander the Great(ZeroFOX) Security training is important. I can?t think of a single person in our industry who would disagree. If you?re trying to address a recurring threat, shouldering the burden and relying on technology alone is a one-way ticket to breach-ville. But what exactly does security training look like? Is it a 30-page packet, phish testing, an annual module that every employee blows off as long as possible? Security training is hard
Basic error can reveal hidden dark web sites(Naked Security) Some dark web sites are unwittingly giving away their secret locations thanks to a basic configuration mistake that's been cropping up on regular websites for years
What is the Real Cost of "Good Enough" Security?(SecurityWeek) If you read my pieces regularly, you might have guessed that approaching security operations and incident response in a strategic, holistic, and analytical way is something I'm passionate about
Inside the Super Bowl cyber-ops headquarters(CNBC) At an undisclosed location in the San Francisco Bay Area, a team of public and private security experts is assembling a pop-up intelligence operations center for Super Bowl 50
Design and Innovation
Opinion: It's finally time to embrace Privacy by Design(Christian Science Monitor Passcode) On Data Privacy Day, it's sobering to remember how many people have been personally affected by devastating breaches. But many of those hacks could have been prevented if companies simply employed a more than 20-year-old principle known as Privacy by Design
"Don't Panic:" Making Progress on the "Going Dark" Debate(Berkman Center for Internet and Society, Harvard University) This report from the Berkman Center's Berklett Cybersecurity Project offers a new perspective on the "going dark" debate from the discussion, debate, and analyses of an unprecedentedly diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community
How Great Britain Is Handing Its Post-Snowden "Intelligence Reform"(Overt Action) The very American origins of the Edward Snowden/NSA controversy often means the episode's impact outside the U.S. is often overlooked. Yet across Europe, "intelligence reform" is occurring, although the scope of those reforms is rather uneven. American observers should nonetheless monitor these debates more carefully, since tinkering with the global signals collection architecture could have real consequences for the U.S and its allies
Why China hacks the world(Christian Science Monitor) Can aggressive espionage fuel the innovation that Beijing needs to reinvent its global role?
Curing America's China Syndrome(Light Reading) I was at the CES show in Vegas earlier this month when a C-level executive from one of the largest Tier 1 service providers in the US sat down next to me and started talking about an issue that he feels is absolutely critical to today's communications industry
Disruptive By Design: Fighting the Cyber War(SIGNAL) How to best equip cyber warfighters — both at home and abroad — is an ongoing debate complicated by persistently improved and interesting tools for cyber analysis, security and ethical hacking that makes picking the "best tool," or even "the right tool for the job," very much a matter of opinion and preference
The Cyber Threat to Nuclear Deterrence(War on the Rocks) In late 2010, when the Stuxnet worm was reported to have targeted and disabled nuclear enrichment centrifuges in Iran, a proverbial line in the sand was crossed that linked the rising awareness of cyber threats with that of the existing nuclear world
Cybersecurity is the 21st century's real battlefield(Daily Dot) The United States is under attack. Every day cyber criminals, hacktivists, and state-sponsored cyber terrorists are attempting to gain access to the valuable and sensitive information of Americans, American companies, and the government
Cloud, cyber policy documents trickle out of DoD(C4ISR & Networks) In recent days Defense Department entities publicly released documents outlining strategies and policies related to cloud practices and cyber operations, months after they were issued internally to personnel
FTC re-launches IdentityTheft.gov(FierceGovermentIT) The Federal Trade Commission on Thursday unveiled significant updates to IdentityTheft.gov, which the agency hopes will serve as a "one-stop" resource for identity theft victims
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
BSides Tampa 2016(MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium(Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...
Insider Threat Program Development Training — California(Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
OPSWAT Cyber Security Seminar(Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail(Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas(Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
SecureWorld Charlotte(Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.