Maryland leads the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers.
February 25, 2016.
By The CyberWire Staff
Anonymous surfaces again in attacks on government websites in Italy's Apulia region. Their cause is opposition to the Trans Adriatic Pipeline project and its putative environmental risks.
TeaMp0is0n may be back. Someone claiming to represent the hacker crew defaced the UN's World Tourism Organization, apparently for the lulz.
The industry group running Operation Blockbuster against the Lazarus Group indicates that their research points fairly conclusively to North Korea as the source of the 2014 Sony hack. This agrees with earlier US Government attribution, and runs counter to other claims that the incident eventually involved North Korea, but began as a post-layoff protest by disgruntled employees.
CTB-Locker (also known as "Critroni") is back as a minor-league ransomware counterpart of TeslaCrypt, CryptoWall, and Locky. CTB-Locker targets websites, whose contents are routinely backed up and easily restored.
Mobile health records—an attractive option to the healthcare sector for many reasons—continue to exhibit disturbing patterns of vulnerability and poorly resourced security. But as just-released study by Independent Security Evaluators suggests that concentration on records invokes the wrong threat model. Patient health, they say, not HIPAA concerns, should drive medical cyber security.
Drupal and Palo Alto Networks have issued security updates.
The US Congress appears ready to pass substantial cyber security appropriations, and is also considering establishing a blue-ribbon panel to study the complex interplay between security and privacy.
The legal dispute between Apple and the FBI takes a surprising turn: Apple will base its case in part on Fifth Amendment protections against self-incrimination.
Today's issue includes events affecting China, Egypt, Germany, India, Iran, Ireland, Italy, Democratic Peoples Republic of Korea, Republic of Korea, Taiwan, United Kingdom, United Nations, United States.
We'll be at RSA next week. If you're going to be there, drop by booth 1145 in the South Hall and say "hello." (We'll even give you a pen, while supplies last.)
ON THE PODCAST
In today's podcast we hear from Accenture's Malek Ben Salem on biometric authentication. We also talk with Independent Security Evalutors' CEO Stephen Bono about his company's study of healthcare cyber security.
2016 National Conference of Minority Cybersecurity Professionals(Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.
Women in Cybersecurity (WiCYS) 2016(Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.
Sony Pictures hackers linked to breaches in China, India, Japan: report(Reuters) The perpetrators of the 2014 cyber attack on Sony Pictures Entertainment were not activists or disgruntled employees, and likely had attacked other targets in China, India, Japan and Taiwan, according to a coalition of security companies that jointly investigated the Sony case for more than a year
Porn clicker trojans keep flooding Google Play(We Live Security) ESET researchers have found 343 malicious porn clicker trojans, which ESET detects as Android/Clicker, on Google Play over the last seven months – and their numbers keep rising
Mousejacking: What you need to know(Naked Security) US startup Bastille Networks boldly claims to be “the first and only company to completely secure the Enterprise,” even though it doesn’t have any products on its website yet
Phishers Spoof CEO, Request W2 Forms(KrebsOnSecurity) With tax filing season in the United States well underway, scammers who specialize in tax refund fraud have a new trick up their sleeves: Spoofing emails from a target organization’s CEO, asking human resources and accounting departments for employee W-2 information
The Habits Of Hackers: When You're Most Likely To Get Attacked(LifeHacker) When are you most likely to be hit by a cyberattack? What methods and tools do cybercriminals prefer to use when they are targeting an individual or an organisation? Security specialist Proofpoint has looked at some common trends to come out of recent attacks to reveal the habits of hackers
Security Patches, Mitigations, and Software Updates
Critical Vulnerabilities in Palo Alto Networks PAN-OS(Internet Storm Center) Yesterday, Palo Alto Networks released an update to PAN-OS, which addresses five different vulnerabilities. The security researcher who identified the vulnerabilities will publish details about these issues at a conference on March 16th. You MUST patch affected systems before that date
Security Advisories(Palo Alto Networks) This section provides a listing of all security vulnerabilities identified in currently supported Palo Alto Networks products. Each vulnerability is given a criticality rating and an updated status on any updates or mitigations regarding each discovered vulnerablity. Each vulnerability listing also provides a list of the versions of PAN OS the vulnerability is known to affect
Securing Hospitals: A research study and blueprint(Independent Security Evaluators) The research results from our assessment of 12 healthcare facilities, 2 healthcare data facilities, 2 active medical devices from one manufacturer, and 2 web applications that remote adversaries can easily deploy attacks that target and compromise patient health
2015 Highlights and Trends in the Deep & Dark Web(Flashpoint) 2015 was a year of escalating activity in the Deep & Dark Web. Illicit goods marketplaces matured and new, specialized marketplaces emerged. Novel schemes for fraud and financial cybercrime appeared, as did offerings, and business models allowed a larger class of less sophisticated actors to engage in cybercrime
Twitter Can Only Lose When It Polices Abuse(Bloomberg View) Less than a year ago, in those innocent, dewy-eyed days before Donald Trump had become the front-runner for the Republican nomination, I wrote about an issue that seemed important at the time: Twitter’s harassment problem
Innovative Cybersecurity Startups Boosted by New, Big-League Investment Group(IBM Security Intelligence) It’s a cyber startup’s wildest dream: An investment group led by InfoSec powerhouses is willing to supply pro bono services along with big cash infusions. As noted by SecurityWeek, that dream will become a reality in 2016 due to Strategic Cyber Ventures (SCV), which is already seeking innovators in the authentication, mobile and intrusion detection space. So, how do cybersecurity startups get their products on SCV’s radar?
Vera secures $17 million in series B financing(Help Net Security) Vera, a top 10 finalist for the Innovation Sandbox competition at RSA Conference 2016, has closed $17 million in Series B financing, led by Sutter Hill Ventures, with participation from existing investors Battery Ventures, Clear Venture Partners, and Amplify Partners
New KEYW CEO starts overhaul with $12M sale of business line(Baltimore Business Journal) Hanover-based cybersecurity and intelligence contractor KEYW Holding Corp. is selling one of its business lines for $12 million and looking at unloading another, it said Wednesday as it released fourth-quarter earnings capping a tumultuous year
Iron Bow Secures U.S. Army’s $5B ITES-3H Contract(Sys-Con Media) Iron Bow Technologies, an information technology solutions provider, today announced that the United States Army Contracting Command has awarded the company the Information Technology Enterprise Solutions-3 Hardware (ITES-3H) contract, valued at $5 billion
Air Force awards SIGINT contract(C4ISR & Networks) Assured Information Security has been awarded a $9.8 million Air Force contract for research into signals intelligence (SIGINT)
Operationalizing Threat Intelligence at the Network Layer(Cyveillance Blog) By integrating threat intelligence into the network layer, security and network operations teams often find that both their effectiveness and efficiencies improve. Today we are pleased to announce an update to LookingGlass’ suite of threat mitigation applications dubbed the ‘NetX’ product line
BlackBerry Launches New Professional Cybersecurity Services Practice to Expand Portfolio(BlackBerry) BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader in secure mobile communications, today announced the launch of its new Professional Cybersecurity Services practice that will further expand BlackBerry’s security portfolio by offering organizations new consulting services, tools and best practices to assess and thwart ever-changing cybersecurity risks
Defending Your Network Against DDoS Attacks(Tripwire: the State of Security) There is nothing more frustrating to a customer or client who is unable to access the website of a company, bank or retailer. Multiple emails and attempts to “check out” often lead to the viewpoint of “forget them; I will just go to another e-retailer to see if they have it in stock"
‘Ten Commandments’ of Cyber Security Can Enhance Safety(Knowledge@Wharton) Hacker attacks such as the one on Hollywood Presbyterian Medical Center show how easily digital platforms can be turned against organizations, but taking 10 steps can augment security, write RANE founder David Lawrence and his co-authors in this opinion piece
Apple Is Said to Be Working on an iPhone Even It Can’t Hack(New York Times) Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts
Appropriators appear to back more cyber spending(FCW) Lawmakers at a budget hearing appeared cautious but receptive to proposed increases to the Department of Homeland Security's cybersecurity budget as Secretary Jeh Johnson continued to pitch them on the progress made last year
Justice asks for $38M to build encryption-breaking tools(Federal Times) No matter which way it goes, no one believes the current court (and public) battle between Apple and the FBI over access to an iPhone used by a terrorist involved in the San Bernardino shooting will be the end of the debate over encryption
Washington Has a Very Washington-Like Solution for the Apple-FBI Crypto War(Foreign Policy) Despite being locked in an acrimonious fight over the government’s ability to access encrypted communications, both Apple and the FBI say they agree on one basic principle: the need to strike a balance between privacy and national security interests. The problem is that no one can agree on what that should look like
The privacy vs. security battle, reignited(PBS Newshour) As Apple’s standoff with federal courts reignites the debate over privacy versus security, some may wonder just how much American intelligence policies have changed since Sept. 11. Hari Sreenivasan talks with former CIA Director Michael Hayden about the constitutional cost of national security, the efficacy of drone strikes and the human element within the Central Intelligence Agency
Apple May Use a First Amendment Defense in That FBI Case. And It Just Might Work(Wired) Apple's lawyers indicated yesterday that they plan to use a First Amendment defense in the San Bernardino iPhone case, arguing that if code is speech, then the government is compelling the company to say something it doesn’t want to by forcing it to cooperate in cracking the phone’s password. That might sound like a weak argument on which to hang a critical data privacy case. But experts say the company might actually be onto something
Verizon supports 'strong encryption with no backdoors': CEO(Reuters) Verizon Communications Inc supports "the availability of strong encryption with no backdoors," Chief Executive Lowell McAdam said on Wednesday, weighing in the showdown between Apple Inc and U.S. authorities over mobile device encryption
Spy agencies say Clinton emails closely matched top secret documents: sources(Reuters) U.S. spy agencies have told Congress that Hillary Clinton's home computer server contained some emails that should have been treated as "top secret" because their wording matched sections of some of the government's most highly classified documents, four sources familiar with the agency reports said
FBI subpoenaed Carnegie Mellon University for Tor-using suspect’s IP address(Help Net Security) A court order in the case of U.S. vs Brian Farrell, a man charged with conspiracy to distribute illegal drugs while he was allegedly an administrator of the Silk Road 2.0 website, has provided official confirmation that the FBI identified him thanks to the IP address provided by the Software Engineering Institute of Carnegie Mellon University, who did some research on the Tor network
FTC And Asus Settle Router Security Case(Threatpost) The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers that left the personal data of 12,900 consumers’ publicly available
Cybersecurity and Privacy Protection Conference(Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information...
Community College Cyber Summit (3CS)(Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
Cybersecurity: Defense Sector Summit(Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...
International Academic Business Conference(New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...
CISO Chicago Summit(Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
Navigating Summit 2016(Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...
CISO Atlanta Summit(Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...
The Atlantic Council's Cyber 9/12 Student Challenge(Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.