skip navigation

More signal. Less noise.

Economic Alliance of Greater Baltimore

Maryland leads the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers.

Daily briefing.

Hacktivists associated with Anonymous hit the Belgian government in a widespread denial-of-service effort protesting both "corruption" and cyber bullying. In the US, another Anonymous cell releases personal information on some fifty-two Cincinnati police department employees in solidarity with protests of a recent police shooting.

Bastille Networks reports a new threat, "MouseJack." A set of nine vulnerabilities, MouseJack affects non-Bluetooth wireless keyboards and mice used by PCs, Macs, and Linux machines. Exploitation could enable attackers to enter keystrokes at will into victim machines.

Security experts warn US state utility regulators that cyber attacks on power grids won't necessarily be "obvious catastrophes," but are more likely to be "sly and discreet."

A misconfigured MongoDB installation at Virginia-based company uKnowKids.com, whose tools enable parents to monitor children's online activity, is reported to have exposed nearly two thousand children's information online.

Apple continues to resist a Federal Magistrate's order to provide the FBI with a software image file that would override the auto-erase and enforced delay security features on an iPhone used by one of the San Bernardino jihadists. Reaction remains mixed as the company and the Department of Justice continue their public dispute.

Damascus-based Jihadist groups swear allegiance to Abu Muhammad al Julani, leader of the al Nusrah Front. Al Nusrah is an al Qaeda affiliate, and thus a rival as opposed to an ally of ISIS. It also has "official Twitter accounts," which should give one pause before taking Twitter's claims of success against extremism too much credence — good intentions, but many observers hope Twitter's recognizing the enemy correctly.

Notes.

Today's issue includes events affecting Australia, Belgium, China, Germany, India, Israel, Iraq, New Zealand, Pakistan, Qatar, Saudi Arabia, South Africa, Syria, United Arab Emirates, United Kingdom, United States.

In today's CyberWire Daily Podcast we speak with the University of Maryland's Jonathan Katz, who explains iPhone encryption.

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Belgian government plagued by hackers (Politico) 'It is the first time such a whole series of short, criminal incidents has happened'

2 Damascus-based jihadist groups swear allegiance to Al Nusrah Front (Long War Journal) Two small jihadist groups based in the Syrian capital of Damascus — Ansar al Sharia and Al Muntasir Billah — have sworn allegiance to Abu Muhammad al Julani, the head of Al Nusrah Front. A spokesman for the two factions announced their fealty in a short video posted yesterday on one of Al Nusrah's official Twitter feeds

Anonymous Leaks Data of Cincinnati Police Department Officers (Hack Read) The Anon Verdict hacktivists from Anonymous leaked personal information of around 52 Cincinnati Police Department employees on Sunday — motive: death of Paul Gaston

Cybersecurity a dynamic threat with subtle, sly bad actors, experts say (SNL) Cybersecurity experts on Feb. 16 cautioned state utility regulators not to fall prey to popular notions of cyberattacks as sudden infiltrations that create obvious catastrophes; the reality is often much slower and more discreet

'MouseJack' Attack Bites Non-Bluetooth Wireless Mice (Dark Reading) PCs, Macs, and Linux machines at risk of attack that exploits unencrypted communications between wireless mice and dongles

Improved FrameWorkPOS spotted alive and well in the wild (SC Magazine) It's alive! FrameWorkPOS is still in the wild and it's better than ever with a recent campaign stealing 43,000 credit cards, according to researchers at ThreatStream Labs

The Rise of Locky: Dridex Crew Bets on Ransomware (Invincea) Earlier this month, a ransomware attack of unknown origin hit the Hollywood Presbyterian Medical Center in Southern California

Is DNSSEC causing more problems than it solves? (Register) New paper points to security protocol as vector for DDoS attacks

CVE-2013-0074/3896 (Silverlight) integrates Exploit Kits (Malware Don't Need Coffee) Angler EK is definitely on the move. It's not a huge surprise when we can speculate that the team behind is the same that was first using Cool EK (Paunch VIP customer) and is behind the Reveton threat

uKnowKids.com database error exposed sensitive information on 1,700 kids (CSO) 1,700 children and millions of messages and images were exposed

Pirated App Store client for iOS found on Apple's App Store (Help Net Security) An app called 开心日常英语 ("Happy Daily English"), which has been offered for download via Apple's official App Store, has been revealed to be a fully functional third party App Store client for iOS, offering users in mainland China a way to install modified versions of iOS apps on non-jailbroken devices

The rise of LinkedIn fraud (CSO) There is an increasing number of fraudsters and hackers who are committing cyber crimes targeting LinkedIn users

Cisco: Facebook Scams are Attackers' #1 Choice for Breaches (ZeroFOX) Research published in Cisco’s 2015 Midyear Security Report reveals that social media exploitation — Facebook scams in particular — has officially taken the crown for the most commonly used method into an organization's network

Latest attack against Russian bank employees highlights the threat to financial institutions (IDG via ITWorld) Cybercriminal groups increasingly attempt to break into banks' computer networks to steal funds

Why the biggest threat to your digital security is you (Business Insider) Social engineering is the new malware

Some Xbox Live Services are Down Again (Hack Read) Some gamers on social media are complaining that they are not able to boot up their digital games due to the unavailability of Xbox live service

Deep and Dark Web: Complexity and escalating cybercriminal activity (Help Net Security) Flashpoint released an annual research report that looks to uncover the growing complexity of illicit communities and the industrialization of cybercrime over the past year

Cybercrime And Hacking Atlas (Dark Reading) A geographic guide with cybercrime threat and target trends in 10 notable countries

Cyber Trends

Apple Case Highlights Struggles CIOs Face in Balancing Privacy, Law Enforcement Requests (Wall Street Journal) As technology advances, there’s a delicate balance between individual privacy and law enforcement’s requests for information. Increasingly, it’s up to CIOs and individual organizations to navigate the governance questions

Survey Roundup: Enforcing But Not Following IT Security Rules (Wall Street Journal) A look at some recent surveys and reports dealing with risk and compliance issues

Do CIOs Underestimate Cyber Breach Recovery? (Infosecurity Magazine) A large majority (85%) of CIOs are not taking proactive steps to track down cyber threats, despite a similar number claiming to be under increasing pressure to quickly prevent, detect and respond to security incidents

BAE Systems suffers cyber attacks twice a week (Financial Times) Foreign governments are suspected of launching cyber attacks on BAE Systems roughly twice a week, according to the UK defence company, which on Monday warned that internet crime was becoming increasingly sophisticated and professional

Encrypted Internet Traffic a Key Cybersecurity Threat (SIGNAL) Malware attacks nearly doubled in 2015 to reach up to 8.19 billion

Banks are being targeted by cyber hackers (Sydney Morning Herald) Cyber-criminals are increasing attacks on Australian banks and using more sophisticated methods, says a report by computer giant Dell, suggesting heightened cyber-security vigilance and spending by financial institutions and the federal government is justified

Cyber Security in the Middle East (Infosecurity Magazine) While Middle East countries have faced humanitarian disasters for many years, a greater problem now faces these countries: cybercrime

Marketplace

World's Coolest Cybersecurity Startups Bring Their Elevator Pitches To San Francisco (Forbes) It's not too late to buy a ticket to the hottest show in cybersecurity

Anticipating the RSA Security Conference (Network World) Skills shortage, security automation, cloud security, data security, endpoint security and security analytics top my list of priorities

Looking into cyber risk insurance (IT Web) More and more businesses are coming to the conclusion that the probability of falling victim to a data breach is high

British Weapons Maker to Chase U.S. Commercial Cybersecurity Business (Wall Street Journal) BAE Systems estimates potential market to be worth $15 billion

We want to set up in the US despite ban: Huawei (CNBC) The effective ban on Huawei entering the U.S. network equipment market has not dampened the Chinese company's interest in setting up Stateside, the company's chief executive said on Monday

Trusona Launches From Stealth, Introducing Industry's First Identity-Proofing & Authentication Platform for When You Truly Need to Know (MarketWired) Founded by CEO Ori Eisen, Arizona startup secures $8M Series A round from Kleiner Perkins Caufield & Byers

Team8 Cyber Security Group Grabs $23 Million Series B (TechCrunch) Team8, the unique Israeli cyber security company that is part venture capitalist, part think tank and part startup incubator announced a $23 Million Series B round today from a variety of investors

New Cybersecurity Venture Firm Launched (Dark Reading) Former US-CERT director joins 'accelerator' Strategic Cyber Ventures LLC

Observable Networks gets USD1.625m in convertible debt funding (Financial News) Observable Networks Inc. has closed USD1.625 million in convertible debt funding from investors arranged by DH Capital, an investment banking firm serving companies in the Internet infrastructure, communications, and SaaS sectors, the company said

Cyber-Security Movers: FireEye, Barracuda Networks, and Palo Alto Networks (Bidness Etc.) Bidness Etc takes a look at today's biggest movers in the cyber-security space

Wynyard doubles loss to $44M, rights offer details due (Scoop) Wynyard Group, the crime-fighting and security software developer, doubled its loss to $44.1 million in 2015 on static revenue while reshaping its business plan to try and achieve cash break-even more quickly

FAA Concerned About 'Evolving Cyber Events' (Nextgov) The Federal Aviation Administration needs urgent help to protect its systems from evolving cyber events, according to federal contracting documents

Hotshot Cybersecurity Startup Tanium Names New CEO (Fortune) The world’s highest valued cybersecurity “unicorn” has new leadership

KEYW adds former Leidos executive to board (Baltimore Business Journal) KEYW Holding Corp. has expanded its board of directors with a ninth member, adding the finance executive who helped split Leidos Holdings Inc. and SAIC into two companies

Products, Services, and Solutions

Pindrop Launches the First IVR Fraud Protection Solution to Address Growing Threat to the Call Center (Yahoo! Finance) Pindrop Is the only company offering protection against fraud attacks across the entire call center in both live agent calls and IVR activity

Corero Network Security Continues to Redefine the Real–Time DDoS Detection and Mitigation Landscape with Virtual Monitoring Capabilities (NewsOn6) Corero Network Security (LSE: CNS), a leading provider of First Line of Defense® security solutions against DDoS attacks, today announced beta availability for the Corero SmartWall® Network Threat Defense — Virtual Edition (vNTD Monitor)

HITRUST CSF Certification Provides Enhanced Coverage and Reductions in Cyber Insurance Premiums (BusinessWire) HITRUST CSF Certification Provides Enhanced Coverage and Reductions in Cyber Insurance Premiums

Announcing Recorded Future for Splunk (Recorded Future) It’s no secret that many security teams who work with threat intelligence also use Splunk to analyze their security operations data

PacketFence: Free and open source network access control (Help Net Security) PacketFence is a fully supported, free and open source network access control (NAC) solution

Secure Microcontrollers from STMicroelectronics Bring Advanced Cyber Safety to Connected Cars (Nasdaq) Tamper-proof microcontrollers qualified for automotive applications protect data privacy and system integrity

Lewis Rhodes Labs Announces Cyber Microscope for Advanced Cyber Security Anomaly Detection (BusinessWire) Deployed at Sandia National Laboratories, Cyber Microscope increases detection speed and resolution by more than 100 times

Technologies, Techniques, and Standards

Proper device management could have prevented the whole FBI-Apple fight (MacWorld via CSO) Even without a comprehensive policy, just enrolling the device in an MDM system would have been enough

How the FBI could use acid and lasers to access data stored on seized iPhone (Ars Technica) Decapping techniques are effective, but they're not practical in this case

6 steps to take to evaluate cyber risk (Property Casualty 360) Daily news reports of cyber data incidents serve as a constant reminder of the growing cyber risks that companies face

What the Heck Is a CASB, and Do You Need One? (eSecurity Planet) Cloud access security brokers are a relative newcomer to the enterprise, but cloud security concerns will drive rapid adoption of CASBs

Design and Innovation

Would you use an ATM that didn't need a card…*or* a PIN? (Naked Security) There's one sort of two-factor authentication (2FA) that almost all of us know very well, and use all the time

Research and Development

On-chip random key generation done using carbon nanotubes (Ars Technica) Carbon nanotubes will randomly seed themselves into properly designed circuitry

Legislation, Policy, and Regulation

Government, private sector pushing cyber security mandate in India (Business Standard) Both the government and the Indian industry are reaching out to major cyber security companies in the US and Israel to boost internal systems

Apple vs. FBI case colors European debate about securing digital identity (IDG via CSO) Although not present at Mobile World Congress, Apple still influenced the debate

Week ahead: Encryption fight heats up (The Hill) Two lawmakers are set to reveal more details about a major encryption bill Wednesday amid a renewed debate over what role Congress should play in regulating encryption standards

Coalition aims to educate policymakers on cybersecurity (Help Net Security) A group of vendors launched the Coalition for Cybersecurity Policy and Law, a new organization that will focus on education and collaboration with policymakers on the increasingly complicated legislative and regulatory policies related to cybersecurity

Preparing the next president for the future of cyber (Federal Times) It’s mid-winter of 2018…two weeks after a cyberattack of unknown origin shuts down electrical power in most of three Northeastern states

Ex-commander: US losing ground against Islamic extremism (The Hill) The U.S. has lost ground in the fight against Islamic extremism, the former commander of U.S. forces in the Middle East said in a recent interview

Twitter reach of ISIS trimmed by account suspensions, report says (FCW) More than 125,000 accounts linked to terrorists were suspended by Twitter in a little less than a year

OPM, Education Department CIOs resign under fire from Congress (Ars Technica) OPM CIO faced grilling over hack; Education CIO was under ethics investigation

DHS cyber official: Einstein key to the future of big data at agencies (FCW) Even if the Office of Personnel Management had the latest version of the Department of Homeland Security's multibillion-dollar firewall in place last year, it still would not have prevented the massive hack of OPM that compromised the data of some 22 million Americans. Phyllis Schneck, DHS' top cybersecurity official, readily admits this

Service Chiefs Reject Proposal to Develop New Military Cyber Force (Military.com) Former NATO commander and retired Navy admiral James Stavridis speaks often of his proposal to develop a fifth U.S. military service branch — a cyber force that would own operations in the virtual domain

Navy Wants to Unplug From Some Networks to Stay Ahead of Cyberattacks (Military.com) For the Navy, the best defense against a high-tech enemy may be a low-tech strategy

Health Care Needs To Do a Better Job Encrypting Data: Report (Wall Street Journal) Health-care organizations need to do a better job encrypting sensitive personal information such as medical records and Social Security numbers, according to a report by California Attorney General Kamala Harris

Litigation, Investigation, and Law Enforcement

iOS Security iOS 9.0 or later (iOS Security Guide) Apple designed the iOS platform with security at its core

FAQ: Here’s What You Need to Know About The Apple, FBI Dispute (Dark Reading) The case marks a watershed moment in the debate over national security interests and privacy rights

The Lowdown on the Apple-FBI Showdown (KrebsOnSecurity) Many readers have asked for a primer summarizing the privacy and security issues at stake in the the dispute between Apple and the U.S. Justice Department

Resetting terrorist's Apple ID password wasn't a screwup, says FBI (Naked Security) No, the FBI says, changing the password on the San Bernardino terrorist's iCloud account was not a screwup

FBI boss to Apple backers: 'Stop saying the world is ending' (MarketWatch) James Comey argues agency won't 'set a master key loose'

Apple to US govt: Withdraw demand for iPhone unlocking, we all need to talk first (Help Net Security) The battle between Apple and the US Justice Department continues, as the company still refuses to help the feds access the contents of a PIN-locked iPhone used by gunman Syed Farook in the way described in the court order

Jeff Kagan: Apple, FBI Privacy Debate Alive for Years (Equities) The Apple vs. FBI debate may go on for years

The U.S. Government Is About To Start A Tech Civil War… We're Siding With Apple (TechCrunch) Tim Cook’s open letter to customers about the FBI's request to create a backdoor with iOS has set off a critical conversation about privacy in America

Apple Has Already Won. Now It Should Crack the San Bernadino iPhone (IEEE Spectrum) Unless you've been completely off the grid for a week, you already know the FBI has obtained a court order requiring Apple to create a special operating system that lacks certain security features and to load it on the iPhone 5c found in the possession of one of the San Bernardino terrorists — all for the purpose of gathering evidence

Opinion: Why Apple isn't acting in the public's interest (Christian Science Monitor Passcode) To find the right balance between privacy and national security, we should focus on solutions that include responsible government involvement and don't rest on Apple's current marketing strategy. That way we can forge lasting privacy protections

Apple Seems to Be Losing PR Battle Over Unlocking iPhone (re/code) Apple appears to be losing the public perception battle in its dispute with the Department of Justice, with the majority of those surveyed by Pew Research saying the company should unlock the iPhone used by one of the shooters in the San Bernardino terrorist attack

Apple, FBI, and the Burden of Forensic Methodology (Zdziarski's Blog of Things) Recently, FBI got a court order that compels Apple to create a forensics tool; this tool would let FBI brute force the PIN on a suspect’s device

Mark Zuckerberg on Apple vs. FBI: 'We're sympathetic with Apple' (Macworld via CSO) "I don't think requiring backdoors is going to increase security," said Facebook's CEO at Mobile World Congress

Bill Gates pokes holes in Apple's argument against the FBI (Quartz) Microsoft co-founder Bill Gates appears to have taken a contrarian stance in the battle brewing between Apple and the FBI: In a video interview with the Financial Times (paywall) he speaks supportively of the government agency's position in the face of widespread opposition from the tech world

Bill Gates: 'Blindsided' By Reports I Back FBI on Apple (BloombergBusiness) Bill Gates, co-founder at Microsoft and co-chair at Bill and Melinda Gates Foundation, addresses his view of Apple's battle against an FBI court order to unlock an iPhone belonging to a shooter involved in the San Bernardino, California terror attack and the need for a balance between privacy and government access

Why the Government needs to leave Apple and Google Encryption Alone (Gartner Blog Network) The cat is already out of the bag with all of the advancements in encryption software

Manhattan DA: Expect more encryption court orders (The Hill) The Manhattan district attorney's office is considering seeking court orders to unlock encrypted smartphones in several cases

German police allowed to use its own "federal Trojan" (Help Net Security) The German Interior Ministry has approved for investigative use a spying Trojan developed by the German Federal Criminal Police (a so-called "federal Trojan"). In fact, it could end up being used as early as this week

Neuer Bundestrojaner kurz vor Genehmigung (Deutschlandfunk) Bald könnte der Staat wieder in die Rechner verdächtiger Bürger eindringen

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Navigating Summit 2016 (Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...

Upcoming Events

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Chicago Summit (Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Navigating Summit 2016 (Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...

CISO Atlanta Summit (Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.