ISIS follows its unforgiveable murder of a journalist with a chilling intrusion into her Facebook account, which observers read as a search for her contacts.
Evidence tying disruption of Ukraine's power grid to Russia accumulates: "It is a Russian actor operating with alignment to the interest of the state," iSight Partners says. And here, too, inspiration may conceivably replace command-and-control, since iSight goes on to add, "Whether or not it's freelance, we don't know."
The user-account compromise Linode recently sustained was accompanied by denial-of-service attacks that, observers say, served as misdirection for data theft.
Talos takes a look at the Rig exploit kit and sees interesting similarities to Angler.
Lookout finds (and Google removes) thirteen malicious "Brain Test" apps from Google Play.
Check Point reports finding a vulnerability in the EZCast streaming television dongle that can provide attackers access to a user's home network. This flaw, with those recently found in some Comcast Xfinity products, arouses more consumer-level worries about the Internet-of-things.
The US Federal Government mops up issues emerging from the backdoor Juniper Networks disclosed in some products. A University of Illinois researcher reports that Juniper added the insecure algorithm that enabled the backdoor after it had already implemented a more secure algorithm.
Mozilla retreats from banning SHA-1 as it finds the consequences of deprecation more widespread than initially envisioned.
In meetings today, the US Government solicits the tech industry's help against terrorism. That industry also pushes back against proposals in the UK and elsewhere that would weaken encryption.
Today's issue includes events affecting Australia, China, France, Iraq, Japan, Russia, Syria, Ukraine, United Kingdom, United States.
Russia Suspected in First-ever Cyberattack on Ukraine's Power Grid(Voice of America) In the last months of 2015, the conflict between Russia and Ukraine over Crimea's annexation and continuing strife in Ukraine's east appeared largely to be in stalemate. But now, with the new year, it appears the conflict is heating up again, and playing out on the region's electric grids
Rigging Compromise — Rig Exploit Kit(Talos ) Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time there are numerous kits active on the Internet. RIG is one of these exploit kits that is always around delivering malicious payloads to unsuspecting users. RIG first appeared in our telemetry back in November of 2013, back then we referred to it as Goon, today it's known as RIG
WhatsApp the subject of new malware attack(Comodo) The Comodo Antispam Labs (CASL) team has identified a new malware attack targeted specifically at businesses and consumers who might use WhatsApp, a multi-platform mobile phone messaging service that uses your phone's Internet connection to chat with and call other WhatsApp users
Brain Test re-emerges: 13 apps found in Google Play(Lookout) The malware family Brain Test, unfortunately, has made a comeback. Some variants attempt to gain root privilege, and persist factory resets and other efforts to remove it, especially on rooted devices
Feds Still Scrutinizing Networks Following Juniper Networks Hack(SIGNAL) The federal government cautioned its agencies and federal contractors of a network vulnerability that could let hackers access systems. The scurry to inform agencies and instruct them to patch for vulnerabilities occurred after the discovery of unauthorized code during a review of Juniper Networks software
Fitbit, warranty fraud, and hijacked accounts(Help Net Security) Online account hijackings usually end up with the account owners being the main victims, but there are fraudsters out there who are more interested in ripping off companies than end users
4 Cyber/Risk Predictions for 2016(Hunt Scanlon Media via LinkedIn) Despite worrisome breaches in recent years, corporate America has a limited grasp of the growing and continually evolving threat of cyber incursions
Why C-Level Executives Need Training on Security Issues(Top Tech News) In the not-so-distant past, national banks proclaimed their power and security with giant pillars at their entrances, marble counters and thick glass separating bank tellers from bank patrons, and two-foot-thick vault doors that stood open during the day to show they were impenetrable
Authentic8 Expands Position in Federal Market(Power Engineering) Authentic8, creator of Silo, the cloud-based secure and policy-controlled browser, is expanding its investment in delivering solutions to the federal market. This investment comes on the heels of significant growth in the segment in 2015
ProPublica Launches the Dark Web's First Major News Site(Wired) The so-called dark web, for all its notoriety as a haven for criminals and drug dealers, is slowly starting to look more and more like a more privacy-preserving mirror of the web as a whole. Now it's gained one more upstanding member: the non-profit news organization ProPublica
Kingston releases encrypted USB with keypad access(Help Net Security) Kingston released the DataTraveler 2000 encrypted USB 3.0 Flash drive, which offers hardware encryption and PIN protection with access through an onboard alphanumeric keypad. It's available in 16GB, 32GB and 64GB capacities and is backed by a three-year warranty
ThreatStream Adds Award Winning Security Solution Tripwire to its Integrated Partner Portfolio(MarketWired via EIN News) ThreatStream®, the pioneer of an enterprise-class threat intelligence management platform, today announced the addition of Tripwire to its portfolio of integrated solution partners. Tripwire delivers advanced threat, security and compliance solutions enabling enterprises, service providers and government agencies around the world to detect, prevent and respond to cyber security threats
Figuring Out What Happened After a Data Breach(IBM Security Intelligence) What's your plan for when that inevitable network event or, worse, that data breach occurs? Is it to figure things out as you go or is it to plan things out in advance to the best of your abilities before the going gets rough?
Security breaches are inevitable, so how are you going to contain them?(IT Security Guru) Cyber security isn't working. Too many companies are being breached; and governments globally are recognising the need to invest heavily to protect vital services and infrastructure. However, today's defence in depth security models are not completely flawed; they are, perhaps, naïve
You can't stop what you can't see: Mitigating third-party vendor risk(Help Net Security) Third-party vendors are a liability for host organizations, often unwittingly creating backdoors and exposing sensitive data. In fact, according to the Ponemon Institute "Aftermath of a Data Breach Study," 53 percent of organizations felt vulnerable to another breach due to negligent third parties including vendors and outsourcers
In France, A Balancing Act Between Liberty And Security(NPR) One year ago, gunmen stormed the Paris offices of satirical newspaper Charlie Hebdo and began a three-day killing spree that would claim 17 lives. Ten months later, in November, armed Islamist radicals struck the city again, killing scores at cafes and a concert hall
U.S. Tech Giants Join Forces Against U.K. Spying Plans(Bloomberg) Major global technology and telecommunications companies, from Microsoft to Google to Vodafone, have outlined their objections to a proposed U.K. law that they say would let British intelligence agencies engage in mass surveillance and force them to give the government access to encrypted communication
Facebook Inc., Google Inc., Microsoft Corp., Twitter Inc., Yahoo Inc. — written evidence (IPB0116)(Evidence Document: Parliament) National security is an important concern for Governments. Governments have a responsibility to protect people and their privacy. We believe a legal framework can protect both. Our companies want to help establish a framework for lawful requests for data that, consistent with principles of necessity and proportionality, protects the rights of the individual and supports legitimate investigations
Global Government Surveillance Reform(Reform Government Surveillance) The undersigned companies believe that it is time for the world's governments to address the practices and laws regulating government surveillance of individuals and access to their information
The Myth Of A Secure Back Door For Encryption(Xconomy) It seems like an appealing move — give the FBI and other law enforcement agencies, as well as our spy organizations, a back door — a "golden key" —to unlock encrypted communications to help catch criminals and terrorists and to protect Americans from harm
NSA Sides With Cruz in Surveillance Fight With Rubio(Inside Sources) A representative of the National Security Agency on Thursday said NSA is "confident" its new telephone surveillance program can strike the balance between privacy and national security, while giving the agency "access to a greater volume of call records" than it had previously
New National Security Tool Activated At Challenging Time(Lawfare) Late last year, a judge of the Foreign Intelligence Surveillance Court gave the green light to the National Security Agency to start using a new tool to help the government protect against international terrorism while balancing the legitimate need to protect privacy and civil liberties
Taking stock of Obama's cyber record(Politico) As the Obama administration begins its final year, a man who was there at the beginning says the president was slow to grasp the cybersecurity challenge. "I think that they could've pressed much more quickly to get a greater sense of security across federal civilian agencies," said Paul Kurtz, who headed cybersecurity policy for Obama's 2008-2009 transition team
Policy Makers Try To Define Security, Privacy With The IoT(iDigitalTimes) As our lives become increasingly technology driven, the amount of personal data collected, shared and exchanged along with privacy/security concerns of connected devices means government officials are taking a long look at what the IoT (Internet of Things) means for users, companies and policymakers in the future
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.