Maryland leads the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers.
February 26, 2016.
By The CyberWire Staff
The US Government officially stated yesterday what everyone has unofficially believed for about a month and a half: the power grid in Western Ukraine was, indeed, taken down by a December cyber attack. The Government's recommendations to the electrical power industry, however, are more pointed. For example, "Organizations should isolate [industrial control system] networks from any untrusted networks, especially the Internet." The precise role BlackEnergy malware played in the attack remains unknown.
ISIS notices that Twitter and Facebook have responded to requests from Washington to do something about extremist messaging in social media. ISIS promises retaliation, specifically pledging to take down ten accounts for every account the companies disrupt.
High-Tech Bridge studies virtual private network security with passive scans, and reports that 90% of SSL VPNs are insecure.
Ransomware continues to establish itself as a widespread form of cyber larceny. Availability of anonymous networks and cryptocurrencies has made it easier to get away with the crime, the growing Internet-of-things has expanded the available attack surface, and many newly networked devices are neither designed for nor installed with security in mind. And this larceny can be grand or petty, with recent targets ranging from a major medical center to a Lutheran parish in Iowa.
Cyber risk management concerns filter up to corporate boards and C-suites. Much risk remains poorly understood—witness Independent Security Evaluators' healthcare study—even, according to Swiss Re, by the insurance industry.
Apple tells the court exactly what would be involved in creating "Government OS" for the FBI.
Today's issue includes events affecting Bahrain, Brazil, China, France, Germany, Iran, Iraq, Ireland, Oman, Pakistan, Russia, Saudi Arabia, Syria, United Kingdom, United States.
We'll be at RSA next week, covering the conference in special issues and podcasts. If you're going to be there, drop by booth 1145 in the South Hall and say "hello." (But act quickly—while supplies last, we'll even give you a swell pen. For free.)
ON THE PODCAST
In today's CyberWire podcasts, our Daily will feature a discussion with Johns Hopkins University's Joe Carrigan on private versus government data collection. And in our Week-in-Review, the University of Maryland's Markus Rauschecker talks about the prospects of a Congressional blue-ribbon panel on privacy and security. (Despite the usual media eye-rolling, Rauschecker thinks the idea has merit.)
2016 National Conference of Minority Cybersecurity Professionals(Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.
Women in Cybersecurity (WiCYS) 2016(Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.
Cyber Attacks, Threats, and Vulnerabilities
U.S. government concludes cyber attack caused Ukraine power outage(Reuters) A December power outage in Ukraine affecting 225,000 customers was the result of a cyber attack, the U.S. Department of Homeland Security said Thursday, marking the first time the U.S. government officially recognized the blackout as caused by a malicious hack
Feds advise utilities to pull plug on Internet after Ukraine attack(Washington Examiner) The Department of Homeland Security advised electric utilities Thursday that they may need to stop using the Internet altogether, after the agency found that a cyberattack that brought down Ukraine's power grid in December could have been far more devastating than reported
Ransomware rising(CSO) Ransomware has been around for decades, but has been aimed mainly at organizations or individual computers. With the devices making up the Internet of Things headed for the hundreds of billions, that is an attack surface most cybercrooks can’t resist
FighterPOS PoS Malware Gets Worm Routine(TrendLabs Security Intelligence Blog) Last April 2015, we talked about FighterPOS, a point-of-sale (PoS) malware that was used in a one-man cybercriminal operation to steal over 22,000 unique credit card numbers and affected more than 100 PoS terminals in Brazil and other countries
Security Patches, Mitigations, and Software Updates
About the security content of Apple TV 7.2.1(Apple Support) This document describes the security content of Apple TV 7.2.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available
Cybersecurity works only half of the times, researchers say(IT Pro Portal) Security firm Venafi says there isn’t a single cyber-security company in the world that can keep you safe, as all of them are trying to protect a system that’s fundamentally flawed and can be secure in roughly 50 per cent of the cases
Internet of Evil Things: The growing risks of connected devices(Help Net Security) As risk and concern around connected Internet of Things (IoT) devices continues to grow, resources and visibility into such connected devices have stagnated despite the introduction of countless new entry points for malicious actors across the enterprise, according to Pwnie Express
Swiss Re chief cautions on cyber security risks(Financial Times) Cyber security risks are far from being understood by the global insurers and could pose a threat rather than underwriting opportunity, according to the departing boss of Swiss Re, one of the world’s biggest reinsurance companies
Palo Alto's earnings arrive early; results beat, guidance mixed(Seeking Alpha) Palo Alto Networks (PANW +9.7%): FQ2 EPS of $0.40 beats by $0.01. Revenue of $334.7M (+53.8% Y/Y) beats by $16.38M.Expects FQ3 revenue of $335M-$339M (+43%-45% Y/Y) and EPS of $0.41-$0.42 vs. a consensus of $334.6M and $0.45.Shares spiked higher before getting halted
Veterans can get free training for cybersecurity jobs(Military Times) Military veterans who are interested in cybersecurity jobs can receive free training in the field through a special program. Omaha Internet security firm Solutionary is sponsoring an intensive six-week training program for veterans who qualify as long as they agree to work for the Omaha company for at least two years
BrightPoint Threat Intelligence Exchange Speeds Machine-Learning Results(NewsFactor) BrightPoint Security™, a leading Threat Intelligence Platform provider for automation, threat analytics, and sharing threat insight into critical cyber threats, today announced the latest release of its Sentinel Security Command Platform, advancing the speed and depth of threat intelligence data now available for security analysts and their executives
Apple Hires Lead Dev of Snowden’s Favorite Messaging App(Wired) Anyone wondering if Apple was going to be cowed by the FBI’s ongoing pressures might find some relief in the company’s most recent hire: Frederic Jacobs, previously a lead developer for Signal, one of the most secure messaging apps there is
iPhone Encryption: 5 Ways It's Changed Over Time(InformationWeek) Apple's battle with the FBI has put iPhone encryption in the spotlight. However, some might be surprised that the company's encryption efforts have evolved slowly and are not that different from those of other smartphone makers. Here's a look at the 5 phases of the process so far
Obama Administration Set to Expand Sharing of Data That N.S.A. Intercepts(New York Times) The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other American intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations
Apple responds in iPhone unlocking case: US seeks “dangerous” powers(Naked Security) Apple filed a motion in a California court yesterday, asking the judge to throw out the order compelling Apple to assist the FBI in unlocking an encrypted iPhone, and calling the US government’s demands a “dangerous” overreach of its constitutional powers
Privacy at what cost? Apple vs the US government(CSO) It’s now more than two months after Tashfeen Malik and Syed Rizwan Farook shot and killed 14 people and injured 21 others at the Inland Regional Center in San Bernardino, Calif., before being shot to death by police
Apple vs. FBI: “Just This Once”?(Just Security) I wrote about the FBI’s attempt to force Apple to write an iPhone hacking tool for the bureau over at Time last week — and go read that if you’re getting caught up on the case — but we’ve had some added developments over the weekend worth noting
Taking a bite at the Apple(Economist) The FBI’s legal battle with the maker of iPhones is an escalation of a long-simmering conflict about encryption and security
Clinton Email Issues Shake Up State Dept. FOIA Operations(Government Executive) As unanswered questions about her private email server continue shadowing Hillary Clinton’s presidential campaign, the State Department she once led remains on the receiving end of criticisms, legal actions and disclosure requests involving the Freedom of Information Act
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cybersecurity and Privacy Protection Conference(Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information...
Telegraph Cyber Security(London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity
Cyber Security for Critical Assets LATAM(Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
Cybersecurity: Defense Sector Summit(Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...
International Academic Business Conference(New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...
CISO Chicago Summit(Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
Navigating Summit 2016(Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...
CISO Atlanta Summit(Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...
The Atlantic Council's Cyber 9/12 Student Challenge(Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
SANS 2016(Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21
Pwn2Own 2016(Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.