Trend Micro reports finding indications that hackers who hit Ukraine's power grid made preliminary attacks against that country's mines and railroads. The US Deputy Energy Secretary unambiguously attributes the grid hacks to the Russian government.
A study of patriotic hacktivism in India and Pakistan convinces Recorded Future that the calendar can help predict surges in cyber-rioting.
Hacktivists induce breaches in, separately, Chile and Bolivia. Both incidents are said to be devoted to exposing government corruption and slovenly data security practices, but declared motives should probably be treated with caution. As Leo Taddeo, CSO of Cryptzone said, in connection with recent social engineering at the FBI, you don't know much about hackers' motivation "until they're charged and arrested, at which point you can ask them."
British police have arrested a teenager who's allegedly one of the Crackas with Attitude who doxed senior officials of the US Intelligence Community last year.
Carbanak and other threats continue to plague the financial sector. ThreatMetrix thinks bot attacks are the rising threat to banks, with the potential to cost millions in lost business.
Mozilla patches Firefox and Firefox ESR. Observers look at Patch Tuesday and conclude that older versions of Microsoft Internet Explorer are now "officially vulnerable."
As the Internet-of-things expands, standards bodies continue to evolve security guidelines. Automation World says it sees signs of an approach to security that's less IT-centric than those hitherto applied to IoT systems.
Finland considers increasing its cyber offensive capability. Some policymakers in India and Taiwan mull cyber militias.
Today's issue includes events affecting Bolivia, Canada, Chile, China, European Union, Finland, France, Ghana, India, Netherlands, Nigeria, Pakistan, Russia, South Africa, Taiwan, Ukraine, United Kingdom, United States, and Vietnam.
the CyberWire will take Monday off, in observance of Washington's birthday. We'll be back as usual on Tuesday with both our Daily News Brief and Daily Podcast. Enjoy the holiday, America.
ON THE PODCAST
In today's Daily Podcast, we'll hear from the University of Maryland's Jonathan Katz on provable security. In our Week-in-Review Podcast, the University of Maryland's Markus Rauschecker will describe the Federal Trade Commission's role in regulating cyber security, and Brown University's Alan Usas will talk about what went into preparing that university's new executive master's in cybersecurity. Both podcasts will be up later this afternoon.
KillDisk and BlackEnergy Are Not Just Energy Sector Threats(TrendLabs Security Intelligence Blog) Our new intelligence on BlackEnergy expands previous findings on the first wide-scale coordinated attack against industrial networks. Based on our research that we will further outline below, attackers behind the outages in two power facilities in Ukraine in December likely attempted similar attacks against a mining company and a large railway operator in Ukraine
Fraudsters Tap Kohl's Cash for Cold Cash(KrebsOnSecurity) Scam artists have been using hacked accounts from retailer Kohls.com to order high-priced, bulky merchandise that is then shipped to the victim's home
Is Tax Preparation Software Safe to Use?(Bloomberg BNA) Tax season is one of the most popular times for people to become victims of scams. According to the IRS, tax refund fraud is expected to soar this tax season, reaching $21 billion this year compared to just $6.5 billion two years ago
A Guide on 5 Common LinkedIn Scams(Tripwire: the State of Security) The fact that scammers haunt social media platforms like Facebook and Twitter is not surprising — at the heart of those platforms lies the drive to broaden one's horizons
6 Cyber Secrets Setting You Up for Betrayal(IT Business Edge) Valentine's Day is near. And while love is grand, the fact is that human nature can sometimes cause heartbreak. Research shows that one in five people are keeping a major secret — such as infidelity or money troubles — from their spouse. Deceit can be a deal breaker
The Dangers of Online Dating: Watch Out for 'Sweetheart Scammers'(Hack Read) Once an almost unheard-of phenomenon, online dating is today a go-to resource for many busy, career-oriented individuals for finding their true love and future partners. While many succeed in finding their loved ones using this relatively new medium, many become victims to what is known as 'romance' or 'sweetheart' scams
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates(US-CERT) The Mozilla Foundation has released security updates to address vulnerabilities in Firefox and Firefox ESR. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system
Deloitte: Cybersecurity Moves to the Offensive(Infosecurity Magazine) Organizations with a sophisticated approach to cybersecurity are no longer satisfied with locking the doors after the robbery has been committed. There is instead a distinct shift toward offense
Voter targeting becomes voter surveillance(CSO) Political campaigns have always sought to shape their message to attract specific groups of voters. But big data analytics now makes it possible to create personal profiles of individual voters. And that is raising concerns among privacy advocates
CyberArk, FireEye Both Miss With EPS Guidance, Shares Fall Late(Investors Business Daily) CyberArk Software (CYBR) stock crashed late Thursday despite the firm's Q4 beat after its earnings outlook lagged, while fellow security vendor FireEye (FEYE) came up just short on Q4 sales and missed with its Q1 bottom-line guidance
FireEye reports record revenue, shows no signs of slowing down(Channel Life) FireEye has reported record billings and revenue for the fourth quarter and fiscal year 2015, and says expanding platform adoption drove record annual operating cash flow, while recent iSight partners and Invotas acquisitions extended the company's addressable market
Why FireEye Stock Should Be Soaring Higher After Q4 Earnings(Seeking Alpha) FireEye reported very strong Q4 earnings and gave bullish guidance. Still, the stock is currently down 5% in after-hours trading. Investors in FireEye fail to realize all the major improvements at the company and the opportunity that now rests in its stock price
Zero-Day Exploit (ZDE) prevention for all systems(ITWire) Check Point has developed SandBlast Agent that integrates new protections and advanced forensics to secure end-point devices and accelerate incident response. In short protection from ZDEs
Finland Aiming To Add Offensive Edge To Cyberwar Arsenal(Defense News) The planned reform of Finland's cyber defense and intelligence gathering laws will likely include new provisions to give the military and national security services new effective legal tools to launch offensive operations against hostile attacks in the cyberwarfare space
The FBI's Encryption 'Debate' Is Going Nowhere(Motherboard) It's been a year and a half since US law enforcement agencies resumed their campaign trying to ban strong end-to-end encryption, and it's pretty clear that the resulting "debate" is going nowhere
Cyber, counterterror to be 'cornerstones' of DHS(The Hill) Homeland Security Secretary Jeh Johnson said on Thursday that improving the nation's cybersecurity and protecting against terrorism remain two of the department's "cornerstones" in the final year of the Obama administration
Facebook Steps Up Efforts Against Terrorism(Nasdaq) Hours after the December shootings in San Bernardino, Calif., Mark Wallace asked his employees at the nonprofit Counter Extremism Project to comb social media for profiles of the alleged attackers
Security and the Internet of Things(Just Security) On Tuesday, the Obama administration announced a program to better secure the "Internet of Things" and also highlighted the opportunities networked devices provide for the US intelligence community
Senate committee endorses student privacy bill(AP via Education Week) A state Senate committee has endorsed a proposed bill that would prohibit teachers and school officials from prying into students' private personal social media accounts
Google extends 'right to be forgotten' to all domains(Naked Security) Ever since 2014, when an EU court decreed that people have the right to be forgotten online, Google has tried to slice and dice the requests: it would bury search results for its subsidiary in a given country, only on that country's Google subsidiary, instead of submerging search results on all its domains
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Pwn2Own 2016(Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...
Black Hat Asia 2016(Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...
ISC West 2016(Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products.
Black Hat USA 2016(Las Vegas, Nevada, USA, August 3 - 4, 2016) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners...
Annual Privacy Forum 2016 Annual Privacy Forum 2016(Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.