Anonymous continues to find easier targets in the civilized world than it has in ISIS: the hacktivist collective protests whaling with an attack on Icelandic government sites.
The US Government, in the form of ICS-CERT is supporting Ukraine's investigation of its recent power grid hack. Many reiterate warnings that the US power grid is comparably vulnerable. ICS expert and Applied Control Solutions Managing Partner Joe Weiss told the CyberWire about one regulatory gap he thinks should be addressed: substation cyber security. "This affected what's called low-voltage transmission and electric distribution," Weiss said. "Low-voltage transmission and electric distribution are excluded from the NERC critical infrastructure protection standards."
Digital Bond Labs describes a new way of remotely burning out variable-speed industrial motors, with obvious implications for attacks on infrastructure.
ISIS is reported to have added some new secure messaging apps: the "Amaq Agency" and "Alrwai" apps join Telegram in the ISIS toolkit. Some warn of growing ISIS cyber attack capability, but US President Obama cautions against aiding ISIS by giving them too much credit.
The President considers an Executive Order covering response to large-scale cyber incidents.
Symantec describes an upgrade to information-stealing malware Android.Bankosy, which can now evade protections of 2FA systems by establishing a bogus identity within infected devices.
Some disclosures provoke controversy: an alleged Fortinet FortiOS backdoor and allegedly vulnerable features of next-gen firewalls.
Patch Tuesday featured critical fixes from both Microsoft and Adobe.
The Crackas with Attitude appear to be back, now supporting Palestine by pestering US DNI Clapper.
Today's issue includes events affecting Austria, Brazil, Bosnia and Herzegovina, Canada, China, European Union, Germany, Iceland, Iraq, Ireland, Israel, Netherlands, Russia, Syria, Taiwan, Turkey, Ukraine, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
Government Offices suffer cyber attack(Iceland Monitor) Iceland's Government Offices suffered a major cyber-attack yesterday afternoon, similar to those conducted by internet activist group Anonymous late last year
US Helping Ukraine Investigate Power Grid Hack(Voice of America) The U.S. government said it was helping Ukraine investigate an apparent cyber attack last month on the country's power grid that caused a blackout for an estimated 80,000 customers
An Easy Way for Hackers to Remotely Burn Industrial Motors(Wired) hacks that cause physical destruction are so rare they can be counted on one hand. The infamous Stuxnet worm was the first, causing physical destruction of nuclear centrifuges in Iran in 2009. In 2014, Germany reported the second known case of physical destruction involving a furnace at a steel mill. Both of these attacks required extensive knowledge to pull off. But now a researcher has found an easy way for low-skilled hackers to cause physical damage remotely with a single action — and some of the devices his hack targets are readily accessible over the Internet
There Goes The Neighborhood — Bad Actors on GMHOST Alexander Mulgin Serginovic(Zscaler Threat Lab) Whether they encourage it or not, some network operators become known and favored by criminals such as those that operate exploit kit (EK) and malware infrastructure. After following up the Sundown EK recently pointed out by @malwareforme on the Threatglass database, we found Neutrino (looking like Angler) and other bad behavior in the same network "neighborhood"
Curious Tale of a Microsoft Silverlight Zero Day(Threatpost) Microsoft Silverlight vulnerabilities certainly don't have the same hacker cred as bugs in Adobe Flash, for example, but nonetheless, that does not diminish their value, nor does that mean they should be ignored
Hacking Team's Leak Helped Researchers Hunt Down a Zero-Day(Wired) Zero-day exploits are a hacker's best friend. They attack vulnerabilities in software that are unknown to the software maker and are therefore unpatched. Criminal hackers and intelligence agencies use zero day exploits to open a stealth door into your system, and because antivirus companies also don't know about them, the exploits can remain undetected for years before they're discovered. Until now, they've usually been uncovered only by chance
Webcam Hack Shows IoT Security Threat(eSecurity Planet) Researchers hacked a $30 webcam to establish a persistent point of access into a network, giving security pros another concern about the IoT
Inexpensive Webcam Turned into Backdoor(Threatpost) Connecting a webcam to your home or office network might seem like a harmless thing, but researchers have figured out how to turn that connected device into a backdoor
Teen Who Hacked CIA Email Is Back to Prank US Spy Chief(Motherboard) One of the "teenage hackers" who broke into the CIA director's AOL email account last year hasn't given up targeting government intelligence officials. His latest victim is the Director of National Intelligence James Clapper, Motherboard has learned
Brazil's Cybercriminals Compete for Online Infamy — Report(Infosecurity Magazine) Brazil's cybercrime underground is attracting a whole new generation of brash young aspirants happy to flaunt their wares on the Surface Web while local law enforcers are occupied with more pressing concerns, according to Trend Micro
Security Patches, Mitigations, and Software Updates
Adobe, Microsoft Push Reader, Windows Fixes(KrebsOnSecurity) Adobe and Microsoft each issued updates today to fix critical security problems with their software. Adobe's patch tackles 17 flaws in its Acrobat and PDF Reader products. Microsoft released nine update bundles to plug at least 22 security holes in Windows and associated software
Security Updates Available for Adobe Acrobat and Reader(Adobe Security Bulletin) Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Linux Kernel 4.4 Long-Term Support officially released(FierceCIO) Work continues on the Linux front with the scheduled release of the latest Linux 4.4 kernel, the linchpin of Linux distributions worldwide. Linux 4.4 sports relatively minor changes, according to Linus Torvalds, though its designation as a Long Term-Support release is notable
Cybersecurity and M&A — Part Three: Cyber Insurance(Canadian Mergers and Acquisitions) In the second installment of this series we offered a brief review of cybersecurity provisions and considerations in M&A transaction agreements, and in the first installment of this series we offered a brief review of cybersecurity issues that can arise in the course of M&A transactions and discussed the importance of cybersecurity due diligence by the buyer. This third installment will focus on cyber-insurance and some specific considerations relating to cyber insurance that targets and acquirers should make in the context of M&A transactions
Israel cyber-security expertise lures growing share of investment(Financial Times) Israel racked up cyber-security sales worth $3.5bn to $4bn last year and attracted about 20 per cent of global private-sector investment in the burgeoning industry — putting its companies second only to their US counterparts — according to the country's top cyber official
Distil Networks Gets Human Touch With ScrapeSentry Acquisition(TechCrunch) Distil Networks has always been about about automated, intelligent bot detection. Rival ScrapeSentry has gone at it from a different angle, using human analysts to help customers understand bot behavior. Today those two approaches came together when Distil acquired ScrapeSentry in a stock and cash deal
Slack Hires Former Palantir Information Security Chief to Boost Its Defenses(Monitor Daily) Following the data leak from almost a year ago, the company has extensively increased its security measures in order to thwart any future attacks on its information servers. In order to further do so, Slack hires former Palantir information security chief to boost its defenses, a person by the name of Geoff Belknap
The FFIEC Cybersecurity Assessment Tool(CTOvision) The FFIEC (Federal Financial Institutions Examination Council) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB), and to make recommendations to promote uniformity in the supervision of financial institutions
Compliance does not equal security(Computerworld) A security manager needs a philosophy about how to address security issues, and I find that many elements of mine can be reduced to a few words that almost amount to mantras: "Obey the rule of least privilege," "A company is only as strong as its weakest link," "Security is a process, not a point solution" and "Trust but verify"
Maynooth University to be central hub for 5G and IoT testing(Silicon Republic) As part of the CONNECT national research centre for telecommunications, Maynooth University is to be the site of a new national radio test facility with aims of developing devices for 5G connectivity and the internet of things (IoT)
Legislation, Policy, and Regulation
Obama: 'Over-the-top' claims about ISIS plays into their hands(The Hill) President Obama in his final State of the Union address called protecting the American people from terrorists "priority No. 1" but sought to downplay what he said was "over-the-top" hype over the Islamic State in Iraq and Syria's (ISIS) strength
Report: Cyber response executive order in the works(FierceGovernmentIT) President Obama will issue an executive order or presidential directive within several months that provides federal agencies guidance on the appropriate response to a catastrophic cyberattack
International Action Against DD4BC Cybercriminal Group(Europol) On 15 and 16 December, law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom joined forces with Europol in the framework of an operation against the cybercriminal group DD4BC (Distributed Denial of Service — DDoS — for Bitcoin)
Africa: New EU-Funded Project to Help Counter Transnational Organised Crime in Africa(All Africa) Over the next three years, the Institute for Security Studies (ISS) and its partners will be working across Africa to better understand transnational organised crime, and how to deal with it. In November 2015, the European Union (EU) Commission awarded the ISS, UN Office on Drugs and Crime and INTERPOL a grant to enhance African capacity to respond more effectively to transnational organised crime
Brazil's Digital Backlash(New York Times) A São Paulo judge sent shock waves across Brazil last month with a ruling that required Brazilian telecommunications operators to block the use of the instant messaging platform WhatsApp for 48 hours
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CISO UK(London, England, UK, May 10, 2016) We're in an historic transition — one marked by challenges, but filled with possibility. Preparing for the upturn and making the right decisions in times of change can better position your enterprise...
CISO New Jersey(Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...
CISO Toronto(Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
CISO GAS(Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...
CISO Charlotte(Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions
CISO DC(Washington, DC, USA, November 17, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.