Nation-state hacking continues to roil international relations. Kaspersky thinks, on the basis of an upswing in "Chinese-speaking APTs," that China's shifting its attention from US to Russian target sets. For his part, US DNI Clapper says Chinese cyber espionage against American targets continues unabated — he characterizes the data theft as a "hemorrhage."
Reports out of Israel again accuse Iran of cyber espionage: accounts of senior officers, scientists, and Gulf-area human rights activists are said to have been targeted in a now-shuttered campaign controlled from Tehran.
The Russian hackers behind a wave of ATM heists — probably the "Metel" gang — are said to have manipulated ruble-dollar exchange rates at a Russian regional bank last year by gaining illicit access to trading terminals.
Ransomware — especially CryptoWall — continues to plague businesses.
Law firms are being targeted by Skype malware (the T9000 backdoor described recently by Palo Alto Networks).
Yesterday was Patch Tuesday. Adobe, Google, and Microsoft all issued fixes. Microsoft published thirteen patches, six of them for critical remote-code execution vulnerabilities.
Investment analysts look at recently depressed share prices of cyber security firms, and many explain the drop as caused by general market nerves, some specific disappointing notes, and collateral damage from a pullback in related IT sectors. Encouraging signs continued strong VC interest in cyber startups.
In the US, Congressional appetite for restricting encryption appears to be waning.
The President's budget includes some big spending on cyber. The White House has also proposed a "National Cyber Security Action Plan," to generally favorable reviews.
Today's issue includes events affecting China, Croatia, Indonesia, Iran, Iraq, Israel, New Zealand, Russia, Syria, United Kingdom, United States.
Hackers Get Employee Records at Justice and Homeland Security Depts.(New York Times) In the latest cyberattack targeting the federal government, an intruder gained access to information for thousands of employees at the Justice Department and the Department of Homeland Security, but officials said Monday that there was no indication that sensitive information had been stolen
New Scandal Involving Croatian Security Intelligence Agency(Total Croatia News) Another day, another scandal in the Croatian intelligence community. Jutarnji List has published an article about the results of an intelligence analysis about the disclosure of the identity of Security Intelligence Agency (SOA) agents to managers of foreign companies, as well as about the leak of information vital to national security
Security Patches, Mitigations, and Software Updates
Vulnerability Response: A Tale of Two Vendors(CyberPoint SRT Blog) It was the best of timelines (the other was the worst of timelines…) Greg Linares of CyberPoint's SRT (Security Research Team) recently had one of the vulnerabilities he discovered patched by the vendor, Microsoft. Having worked directly with Microsoft (specifically with its MSRC unit) for almost a decade, we've seen Microsoft improve their responsiveness on behalf of their customers, and we've also seen them respond very positively towards vulnerabilities researchers who submit issues
Small businesses warned of cyber attack impact(PRW) New research out today from cross-government campaign Cyber Streetwise and professional service firm KPMG has claimed small businesses are underestimating the impact a cyber attack could have on their reputation
How Much Would You Pay to Prevent a Breach?(re/code) In a country divided by the upcoming election, President Obama garnered bipartisan support for a significant budget increase this week: $5 billion in additional cyber security spending
FireEye up 9% following pre-earnings BTIG upgrade(Seeking Alpha) Believing the company can turn cash-flow positive in 2016 as its reigns in spending growth, BTIG's Joel Fishbein has upgraded FireEye (NASDAQ:FEYE) to Buy ahead of tomorrow afternoon's Q4 report
9-Figure Deals Lift Cybersecurity Investments To An All-Time High(In Homeland Security) Investments into cybersecurity startups and emerging players grew by 235% over the past five years, reaching an all-time high of $3.8 billion in 2015 — according to CB Insights. VCs and corporate investors moved the needle to nine-figures on some of the larger deals
Stay safe with our Facebook cheat sheet(We Live Security) Once upon a time, it was possible to prevent personal data from getting into the hands of the wrong person by using a paper shredder and a bit of common sense
Obama to seek dramatic boost in cyber funding(The Hill) President Obama on Tuesday is expected to request a dramatic boost in federal funding for cybersecurity, according to multiple Hill offices, industry representatives and digital privacy advocates
White House reveals plan to bolster American cybersecurity(Christian Science Monitor Passcode) The Cybersecurity National Action Plan, which will be announced Tuesday, comes as the government scrambles to improve its own cybersecurity in the wake of the massive breach on the Office of Personnel Management
Obama's cyber security plan puts spotlight on users(San Jose Mercury News) President Obama's new $19 billion information technology budget could be a boon to Silicon Valley security companies but also reflects the realization that the weakest point of many computer networks is the user
White House Strikes Right Chord on Privacy and Individual Security(Center for Democracy and Technology) Today, the White House announced a new federal initiative called the Cybersecurity National Action Plan (CNAP) encompassing a substantial new cybersecurity budget request and two new Executive Orders that would establish a Cybersecurity Commission and a cross-government Privacy Council
NSA to shake up its defensive, offensive game(Christian Science Monitor Passcode) The NSA is shifting toward a fully integrated offensive and defensive operation, meaning its spies could be brushing shoulders with its cybersecurity agents
Pentagon budget targets futuristic capabilities(C4ISR & Networks) Seeking to strike a balance between current operations, fiscal uncertainty and next-generation weapons and systems, the Defense Department is aiming for a "healthy" science and technology program in its fiscal 2017 budget to develop future technologies
Cyber training a key point in 2017 DoD budget(C4ISR & Networks) To take on changing types of enemies and evolving forms of warfare, Defense Department officials are moving ahead with at least three major joint training programs in the fiscal 2017 budget request as part of a broader redirection of resources to cyber
Enterprise IT, advanced tech top intel budget goals(C4ISR & Networks) The intelligence community's budget priorities look similar to those leading the funding wish lists across the Defense Department: cutting-edge technology to take on evolving enemies, investment in future capabilities and balancing sustainment with leaning forward
President asks for $89.9B for IT in 2017 budget(Federal Times) The budget request released by President Barack Obama on Feb. 9 includes just shy of $90 billion for IT programs and operations, representing approximately 2.2 percent of the $4.15 trillion proposal
Give Up Your Data to Cure Disease(New York Times) How far would you go to protect your health records? Your privacy matters, of course, but consider this: Mass data can inform medicine like nothing else and save countless lives, including, perhaps, your own
US Education CIO Admits To 'Unacceptable' Behavior(InformationWeek) US Department of Education CIO Danny Harris was grilled by lawmakers about possible ethics violations. Meanwhile the department, which has a lending budget the size of Citibank, was still said to be vulnerable to security threats
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
Insider Threat Program Development Training — California(Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
Secure Rail(Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas(Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
SecureWorld Charlotte(Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.