Twitter notifies some 10,000 subscribers that a password recovery bug may have exposed their personal information last week. Twitter also says it immediately fixed the vulnerability, and warns users not to attempt exploitation.
FireEye fixes a whitelisting issue in its NX, FX, EX, and AX products, and Google issues an update for Chrome.
Google's Project Zero says that some Comodo products are accompanied by a weakly secured VCN associated with a technical support program.
Sucuri warns that the pingback feature in older WordPress sites is being used to execute layer 7 DDoS attacks against servers. They recommend disabling pingback.
Observers fear that Hollywood Presbyterian's payment of $17,000 ransom to free its systems may incentivize other ransomware crime. But others note that the hospital was in a tough spot — they had, after all, an obligation to recover and resume patient care.
Locky ransomware continues to spread. Researchers note that it's targeting German-speakers.
Foscam IP security cameras are said to be engaging in a lot of undesirable peer-to-peer chatter. It may prove difficult for most users to disable the baked-in P-2-P functionality.
IOActive reports an inexpensive proof-of-concept exploit that could disable sensors networked in SimpliSafe's home security system.
In the US, industry and tech groups remain unhappy with the Wassenaar cyber arms control accord. They're pressing the Secretary of State to renegotiate the agreement.
Apple and the FBI remain at loggerheads over a court order that would compel Apple's help in unlocking the San Bernardino jihadists' iPhone. Observers see uncharted legal waters.
Today's issue includes events affecting Austria, China, Germany, Iran, Iraq, Israel, Syria, United States.
ON THE PODCAST
Today's CyberWire Daily Podcast will have more on what's at stake in the case of the San Bernardino jihadists' iPhone. Listen for the Daily podcast later this afternoon, and to the Week-in-Review that will follow it shortly. On the Daily, we talk to the University of Maryland's Markus Rauschecker on the legal and policy implications of cloud security. In the Week-in-Review, we hear from Maryland's Jonathan Katz on the challenges students face upon entering the cyber labor force. We also speak with Wandera's Michael Covington about the true costs of enterprise mobile.
Is your WordPress site being misused for DDoS attacks?(Help Net Security) Many WordPress websites are still being misused to perform layer 7 DDoS attacks against target servers, even though preventing them from participating in these attacks is as simple as disabling the pingback feature
Remotely Disabling a Wireless Burglar Alarm(IOActive) Countless movies feature hackers remotely turning off security systems in order to infiltrate buildings without being noticed. But how realistic are these depictions? Time to find out
This is Why People Fear the 'Internet of Things'(KrebsOnSecurity) Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware
The Linux GNU C Library Vulnerability: What It Is, How To Fix It(TrendLabs Security Intelligence Blog) Earlier this week, the maintainers of the GNU C Library (known as glibc, an open-source software library widely used in Linux systems) announced that they had released a fix for a vulnerability introduced in 2008 that allowed a buffer overflow to take place
Cheating site Ashley Madison is popular with Air Force(Air Force Times) The hack of notorious cheating website Ashley Madison, whose uber-classy motto is "Life is short. Have an Affair," is continuing to cause embarrassment around the country. And now, it's the Air Force's turn
CensorNet acquires SMS PASSCODE(Channel EMEA) CensorNet, the complete cloud security company, today announces that it has acquired Danish based multi-factor authentication vendor SMS PASSCODE in a closed deal
Solicitation Number: NAMA-16-RFI-0001: Social Media Archiving Tool(FedBizOpps) NARA issues this Request for Information (RFI) package to obtain technical information about a commercially available tool capable of capturing, managing, and preserving social media data in compliance with applicable federal records management and eDiscovery laws
Farsight Security Announces Farsight DNSDB App for Splunk®(Marketwired) In a significant industry milestone, today Farsight Security, Inc. announced the release of Farsight DNSDB℠ App for Splunk® to enable security analysts to improve the speed, accuracy and global view of their digital investigations for faster risk mitigation and prevention
BioCatch warns of RAT-in-the-Mobile malware(Finextra) BioCatch, the global leader in Behavioral Authentication and Malware Detection, announced today that its behavioral authentication platform is the first to successfully detect Remote Access and RAT-in-the-Mobile (RitM) malware, in real time
Creating a common cyber lexicon: Harder than it looks(C4ISR & Networks) The Defense Department and service components in recent years have released many documents, directives and guidance on operating in cyberspace, and a common goal in most of them includes reaching a consensus in the language and terminology used for the cyber domain
W3C launches effort to replace passwords(Help Net Security) The World Wide Web Consortium (W3C) is launching a new standards effort in web authentication that aims to offer a more secure and flexible alternative to password-based logins on the Web
For New Cybersecurity Pilot Program, Collaboration Is Key(Government Technology) The goal is to develop advanced technology to identify, defend and prevent cyberattacks more efficiently and effectively — and deliver a working prototype by 2018 that other institutions and industries, such as banks and government agencies, can use
DHS Ready to Share Intelligence With Private Sector(Technewsworld) The U.S. Department of Homeland Security this month will start sharing threat information with a small number of hand-picked companies under the newly enacted Cybersecurity Information Sharing Act
ODNI task force and DoD partner to fight insider threats(C4ISR & Networks) The Office of the Director of National Intelligence's National Insider Threat Task Force is working closely with the Department of Defense to figure out how 43 of its components can build solid insider threat programs
Silicon Valley cybersecurity companies weigh in on Apple encryption dispute(Silicon Valley Business Journal) A judge's order to Apple Inc. that it must provide "reasonable technical assistance" to investigators aiming to unlock an iPhone owned by one of the San Bernardino shooters has prompted Silicon Valley cybersecurity experts to express their support for CEO Tim Cook's resistance, arguing that such a demand wouldn't be isolated
Apple Letter on iPhone Security Draws Muted Tech Industry Response(New York Times) After a federal court ordered Apple to help unlock an iPhone used by an attacker in a December mass shooting in San Bernardino, Calif., the company's chief executive, Timothy D. Cook, penned a passionate letter warning of far-reaching implications beyond the case
AT&T, Verizon Have Different Obligations Than Apple(Nasdaq) For U.S. phone companies like AT&T Inc. and Verizon Communications Inc., the notion of resisting a court order like Apple Inc. Chief Executive Tim Cook recently did is probably inconceivable. The reason is legal
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Commonwealth Cybersecurity Forum 2016(London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
Cybersecurity: Defense Sector Summit(Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...
International Academic Business Conference(New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...
CISO Chicago Summit(Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.