ICS-CERT releases updates on BlackEnergy and the associated attacks on Ukraine's power grid. There's general agreement that the episode exposes an unpleasantly high degree of vulnerability in utilities. New standards for critical infrastructure protection are under development.
Two security companies are dealing with flaws in their products. Malwarebytes works to patch its Anti-Malware product for man-in-the-middle and privilege-escalation vulnerabilities Google researchers discovered. Google researchers have also called out Comodo's "Chromodo" secure browser for disabling same-origin policy and hijacking DNS sessions.
Check Point releases its research into a code validation bypass flaw in eBay. eBay has said the vulnerability amounts to little and won't be patched. Check Point disagrees.
Open Effect and the University of Toronto's Citizen Lab release a study of fitness wearables. Locational privacy seems the major issue among their findings.
A data breach at Landry's and Golden Nugget, corporate parents of US restaurant chains Bubba Gump Shrimp, Saltgrass Steak, and McCormick & Schmick's, exposed customer pay cards used at its locations between May and December of last year.
Some 5200 online Neiman Marcus customer accounts were accessed by hackers late last year.
The US and the EU, after letting Safe Harbor lapse over the weekend, have agreed to a new data transfer agreement, "Privacy Shield."
The EU moves to restrict anonymous Bitcoin transactions.
The proposed 2017 US Defense budget contains some $7 billion in cyber spending.
AnonSec hacktivists say they've hacked NASA, looking for signs of its complicity in a "chem-trail" conspiracy. NASA says AnonSec's claims are overblown.
Today's issue includes events affecting Australia, China, European Union, Japan, Philippines, Russia, Ukraine, United Kingdom, United States.
URLZone Back, Targeting Banks in Japan(Threatpost) After a good two to three years of relative silence, the gang behind the banking Trojan URLZone has become more active over the past few months and taken aim at banks across Europe and beginning last month, Japan
Hackers claim to have hacked NASA, hijacked one of its drones(Help Net Security) AnonSec hackers claim that they have breached a number of NASA's systems, and they have published a data trove containing video recordings made by the agency's aircrafts and drones, the drone's flight logs, and the names, email addresses and telephone numbers of some 2,400 agency employees
NASA Denies Hackers Hijacked Its Drone(InformationWeek) The space agency insists AnonSec didn't commandeer a NASA Global Hawk drone, but it's still looking into claims its network was hacked
Hackers Target Pastebin.com with Powerful DDoS Attack(Hack Read) Pastebin.com is a world renowned online platform where users can store plain text but it is often under cyber attacks from hackers and cyber criminals. On 30th January 2016 someone started carrying a series of powerful Distributed Denial-of-Service attack (DDoS) on Pastebin.com forcing the platform to go offline
Neiman Marcus admits to another breach of customer data(FierceITSecurity) Attackers were able to breach the websites of Neiman Marcus and affiliated stores and steal personal information from customers, including contact information, purchase history, and the last four digits of credit card numbers
The £1,000,000 ransomware demand that wasn't(Graham Cluley) Several folks in the computer security industry raised their eyebrows when reading recent reports that a UK council had been hit hard by ransomware, taking regular services offline
Inside the Super Bowl cyber-ops headquarters(CNBC) At an undisclosed location in the San Francisco Bay Area, a team of public and private security experts is assembling a pop-up intelligence operations center for Super Bowl 50
Security Patches, Mitigations, and Software Updates
Your board and cyber risk: Reimagining security protocols from the top down(Help Net Security) As scrutiny of well-known financial services firms' security practices continues to make news, the SEC has chosen to turn its attention to risks facing a certain subset of the industry — registered broker-dealers and investment advisers — who according to public reports, continue to face cybersecurity breaches related to weaknesses in basic controls
Raytheon: Wait For A Pullback Then Go Long(Seeking Alpha) Raytheon operates in the shadows of the larger defense contractors and therefore doesn't get much attention from investors. The company had a great 2015 and is estimating great growth in 2016 and beyond. They have a well diversified portfolio of products and are growing internationally and domestically. Their foray into commercial off-the-shelf cyber security products will give Raytheon access to a lucrative and long-lasting market
A New Cybersecurity ETF From Global X Is On Its Way (Revised)(Seeking Alpha) The year 2015 may have been soft for the cybersecurity ETFs, but the craze for issuing more cybersecurity funds has not abated at all. Issuers are still seeing long-term prospects in it. Most recently, ETF issuer Global X announced plans to dip its toes into the space and filed for a cybersecurity ETF
V3 Startup Spotlight: Data security firm Silicon:SAFE(V3) Big data is becoming a valuable commodity, so it is no surprise to see startups specialising in products and services to protect that data. Silicon:SAFE is one such company in the early stages of product development
Tor: What Lies Beneath the Onion's Skin(IBM Security Intelligence) Tor, an acronym for The Onion Router, is free software for anonymous online communication that masks a user's identity by hiding the originating and destination IP addresses of messages sent through it
5 New Rules to Make Escalations More Effective and Efficient(SecurityWeek) There is a new adage in the security world: don't assume you will be hacked, but assume you have already been hacked. This forces security professionals to re-examine the validity of the Cyber Kill Chain model — which reinforces traditional, perimeter-focused, malware-prevention thinking — and develop new strategies to deal with persistent and smart attackers, including insider threats
Crypto Colonizing: B of A's Blockchain-Patent Strategy(American Banker) Bank of America's blockchain patent push shows how bankers' attitudes toward the technology of cryptocurrencies have changed over the last few years — from dismissing it, to sizing it up to trying to protect their interests in it
EU, US Agree to New Internet 'Privacy Shield'(SecurityWeek) The EU and United States struck a new deal Tuesday on data transfers relied on by Facebook and Google, after Europe's top court struck down the previous pact for failing to protect users from US spying
Pentagon chief: 2017 budget includes $7B for cyber(FCW) To better train the Defense Department's cybersecurity personnel and develop more offensive tools, the department's fiscal 2017 budget request includes nearly $7 billion for cyberspace operations, said Defense Secretary Ash Carter
National Security Agency plans major reorganization(Washington Post) The National Security Agency, the largest electronic spy agency in the world, is undertaking a major reorganization, merging its offensive and defensive organizations in the hope of making them more adept at facing the digital threats of the 21st century, according to current and former officials
NSA's TAO Head on Internet Offense and Defense(Schneier on Security) Rob Joyce, the head of the NSA's Tailored Access Operations (TAO) group — basically the country's chief hacker — spoke in public earlier this week. He talked both about how the NSA hacks into networks, and what network defenders can do to protect themselves. Here's a video of the talk, and here are two good summaries
US to Rework Arms Control Rule on Exporting Hacker Tools(ABC News) The U.S. government is rewriting a proposal under arms control rules from 20 years ago to make it simpler to export tools related to hacking and surveillance software since they are also used to secure computer networks
Guilty Plea in Attempted Cyber-Attack on US Govt. Computers(ABC News) A former Nuclear Regulatory Commission scientist pleaded guilty Tuesday to a federal computer crime, admitting that he attempted to launch a cyber-attack on government computers by sending employees emails that he thought contained a virus
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
BSides Tampa 2016(MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium(Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...
Insider Threat Program Development Training — California(Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
OPSWAT Cyber Security Seminar(Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail(Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas(Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
SecureWorld Charlotte(Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.