Consensus continues to emerge on the coordinated cyber attack against Western Ukraine's electrical utility. SANS thinks (and others concur) that although BlackEnergy malware accompanied the attack, neither BlackEnergy nor its Killdisk module were directly used to cycle the breakers. And US officials offer a tight-jawed warning to expect more attacks on industrial control systems.
Other predictors continue to see more effective cyber warfare out of ISIS, but so far the terrorist group has shown itself more capable of information operations than of cyber operations narrowly conceived. One disturbing capability ISIS has, however, is ability to use the Internet to find journalists and others who don't toe the Caliphate's line.
Anonymous continues to be more active on the pro-cetacean front than the anti-ISIS one. This time the hacktivist collective disrupts Nissan websites in order to protest Japanese whaling.
The Crackas-with-Attitude meddling with US DNI Clapper's telephone account is under investigation. The Crackas seem to have exploited a bug in Verizon FIOS Broadband.
Cisco releases three sets of patches: Wireless LAN Controller software, Identity Services Engine software, and Aironet 1800 Series Access Points. OpenSSH 7.1p2 is also out, with a fix for a flaw that could leak private keys.
Bromium's "Endpoint Exploit Trends Report" for 2015 has just been published.
The Internet-of-things is going to be expensive to secure, analysts think: a dollar a device is one rule-of-thumb. Machine-to-machine traffic also seems poised to take up a big share of roaming connections.
US Wassenaar implementation seems likely to change, toward industry's liking.
Today's issue includes events affecting Argentina, Bahrain, Belarus, China, Ecuador, Ethiopia, Iran, Iraq, Italy, Japan, Norway, Russia, Saudi Arabia, Sudan, Syria, Ukraine, United Kingdom, United States, and Venezuela.
Will ISIS Turn to Cyber Warfare?(Government Technology) A cybersecurity software company has predicted that the terrorist group will target American businesses, utilities and presidential campaigns
Reporters Covering Truth of ISIS Rule Pursued by Executioners and Bombers(Time) The men and women who have been exposing the reality of life under in ISIS are being tracked down and murdered, according to one of the founding members of 'Raqqa Is Being Slaughtered Silently', an underground network of citizen journalists documenting life in ISIS-controlled Raqqa in northern Syria
ISIS' Illicit Networks(Cipher Brief) The Islamic State (ISIS) and the threat from terrorism has dominated the news for the past 18 months
U.S. sailor apologizes in Iran propaganda video(Navy Times) Iranian state TV released several videos Wednesday showing the 10 U.S.Navy sailors who were captured and detained after their boat drifted into waters claimed by the long-time American adversary
Another Security Flaw Found in Verizon's MyFiOS App(DSLReports) Just about a year ago we noted how Randy Westergren, senior software developer with XDA-Developers, had discovered a flaw in Verizon's MyFiOS app that exposed some Verizon customer information. The flaw also allowed attackers to view customer e-mails — and send e-mails from those accounts. While that flaw was resolved, Westergren this week stated he found another vulnerability that piggybacked off of the original flaw
Radamant Ransomware distributed via Rig EK(Cyphort Labs) A new ransomware called Radamant has been discovered in early December 2015. On December 31, we found compromised websites redirecting to Rig Exploit Kit and downloading this ransomware
Ransomware a Threat to Cloud Services, Too(KrebsOnSecurity) Ransomware — malicious software that encrypts the victim's files and holds them hostage unless and until the victim pays a ransom in Bitcoin — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services
The threat of shoulder surfing should not be underestimated(CSO) Normally when I see a column I don't agree with, I let it go. Highlighting something, whether for good or bad, brings more attention to it. However, I recently read an article criticizing security terms and tools in a way that trivializes significant security concerns. I believe it deserves to be set straight
The Silk Road's Dark-Web Dream Is Dead(Wired) Not so long ago, the Silk Road was not only a bustling black market for drugs but a living representation of every cryptoanarchist's dream: a trusted trading ground on the Internet where neither the government's laws nor the Drug War they've spawned could reach. Today, that illicit narco-utopia is long gone, its once-secret server in an evidence storage room and its creator Ross Ulbricht fighting a last ditch appeal to escape life in prison
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Updates(US-Cert) Cisco has released security updates to address vulnerabilities in Wireless LAN Controller software, Identity Services Engine software, and Aironet 1800 Series Access Points. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected device
OpenSSH 7.1p2 released with security fix for CVE-2016-0777(Internet Storm Center) OpenSSH 7.1p2 has been released with a security fix for a vulnerability recently assigned to CVE-2016-0777. CVE 2016-0777 is a client information leak that could leak private keys to a malicious server. A workaround is available for previous versions of OpenSSH
Top Survival Tips For IE End-Of-Life(Dark Reading) If an immediate upgrade to the latest version is not an option for all your machines running Internet Explorer, here's how to mitigate your risk
Endpoint Exploitation Trends 2015(Bromium) With the conclusion of 2015, we have the opportunity to review one of the busiest years for cyber security in recent memory. IT security teams were on guard, working hard to defend against various attacks, from the Hacking Team's data trove of zero-days and surveillance Trojans to an explosive surge in ransomware attacks and malvertising
Surge in endpoints drives need for security(Help Net Security) The two most transformative trends impacting IT service providers (ITSPs) are endpoint growth and demand for security services according to a new Autotask survey of more than 1,100 global ITSPs
Data breaches caused more often by known vulnerabilities; IT and security at odds(FierceBigData) A new survey of more than 300 C-level executives, conducted by BMC and Forbes Insights, revealed that known vulnerabilities are the leading cause of exposure to data breaches rather than new or emerging threats. Why are known vulnerabilities still a threat? Surprisingly, the threats and breaches continue due to internal frictions over what should be done and in what order
The Cost of a Data Breach and How to Avoid Paying it(Information Security Buzz) Over the past 12 months there have been several high-profile data breaches which have hit the headlines. Recently, almost 157,000 TalkTalk customers had their personal details hacked. A small percentage of the stolen data, including names and addresses, were put up for sale shortly after the attack
Business Confidence in Cloud Security Grows(Infosecurity Magazine) Businesses are increasingly comfortable with security measures put in place to protect cloud services and the data housed with them, new research has revealed, and most companies have formal policies for moving processes to the virtual realm. CISOs are also starting to play a critical role as the cloud takes over
Health Care GCs Should Brace for Major Data Breaches(Corporate Counsel) The health care industry suffered its largest data breaches ever in 2015, and should be getting ready for more large-scale attacks in 2016, according to cybersecurity attorney Mary Grob of McGuireWoods
IT Security Comes in From the Cold(Handelsblatt International Edition) Spy scandals and leaks have led to a growing demand for secure communication technology in Germany, resulting in the growth of specialist IT security firms. Now a Munich startup has Apple interested in an app that provides encryption for iPhones
Thoughts on Media Reports Around Check Point and CyberArk Walking Down the Aisle(FBR Flash) Last night, Israeli news source Haaretz reported Check Point (CHKP) could be in initial talks to acquire CyberArk (CYBR), a market leader in privileged account security. With $3.6 billion of cash in its coffer and steadily growing, Check Point has ample powder to do a deal of this size (&126;$1.5 billion) while strategically making sense
Proofpoint, Rapid7 outperform following CyberArk M&A report(Seeking Alpha) On a day the Nasdaq is down 2.8%, Proofpoint (PFPT +0.9%) and Rapid7 (RPD +1.9%) have managed to stay green following a report stating security software peer CyberArk (up 20.5%) is in preliminary talks to be acquired by Check Point
FireEye Has A Commanding Lead In A Promising Industry(Seeking Alpha) FireEye has a strong grip on the rapidly growing specialized threat protection and analysis market. While financial issues continue to plague FireEye, these issues will likely start to subside moving forward. Although competition from the likes of Palo Alto Networks will pose a big challenge for FireEye, the company is more than capable of maintaining a strong market position
Formula Systems and IAI Agree to Acquire TSG for US$50 Million(PRNewswire) Formula Systems (1985) Ltd. (NASDAQ: FORTY), a leading software consulting services, computer-based business solutions and proprietary software products holding company, today announced that Israel Aerospace Industries (IAI) and Formula have entered into a definitive agreement for the purchase of TSG — a subsidiary and the military arm of Ness Technologies, engaged in the fields of command and control systems, intelligence, homeland security and cyber security
Vencore Lands $96M EAGLE II IT Sustainment Order(GovConWire) The Department of Homeland Security has awarded Vencore a five-year, $96 million task order to sustain information technology systems and applications for the U.S. Citizenship and Immigration Services agency
Spy Specialist Booz Allen Targets Data Skills Gap(Datanami) Seeking to address the growing shortage of data scientists as demand for those skills explodes, leading U.S. security specialist Booz Allen Hamilton released a data science platform aimed at "democratizing data" via a simplified analytics system
Dashlane's Redesigned Software Can Now Automatically Update Your Passwords Across 500 Websites(TechCrunch) Dashlane, a password manager application that competes with the likes of 1Password and LastPass, among others, has just rolled out a significant update which not only gives the software a new look-and-feel, but also makes it capable of automatically updating your passwords on over 500 websites, thanks to the additional support for 300 more sites included in this release
Planning, Training and Automation Are Key to Successful Cyber Hunting(SIGNAL) The season to hunt white-tailed deer draws to a close, and being an avid hunter, I'm already planning for the next season using information gleaned from this go-around in addition to maps, data from trail cameras, temperature input, moon phase and the movement patterns of game. While planning tools are plentiful, they mean little without automation on the back end to make sense of it all
Distinguishing Threat Intelligence From Threat Data(SecurityWeek) Threat intelligence feeds have become a major component of many organizations' cybersecurity diet. A wide variety of security vendors offer up an equally wide assortment of threat feeds of the latest malware payloads, malicious domains, websites, IP addresses, and host-based indicators of compromise (IoCs)
Sharing information to boost cyber security(ITWeb) Today's cyber criminals share with each other. Whether they share ideas, code or compromised systems, and whether for a price or for free, the point is they collaborate effectively
To Stop Data Breaches, Prioritize Employee Education(Chief Learning Officer) The work of learning leaders may revolve around building organizational knowledge and skill development crucial to company success, but new research shows few are educating employees around smaller, seemingly innocuous behaviors that can have costly implications
Security: The reason to move to the cloud(ITProPortal) Rob Alexander, CIO of the large US financial firm Capital One, stood on stage at the AWS re:Invent event and told the audience "We can operate more securely on AWS than we can in our own data centres"
When Outsourcing Cyber Services Makes Sense(Govtech Works) Cybercrime costs the U.S. economy some $100 billion a year, according to the Center for Strategic and International Studies. And the threats only grow more intense, while at the same time, regulatory and compliance issues grow more complex. Economic uncertainty and the Cybersecurity Information Sharing Act signed into law in December cloud the revenue outlook for public and private sector institutions, alike
Buying More Security Products Won't Keep Your IT Safe(Lifehacker) Security vendors are constantly bringing out new offerings aimed at protecting organisations from the ever growing threat of cyberattacks. But it's not a numbers game and snapping up all of the latest and "greatest" security products won't guarantee your business will be protected from cybercriminals
The Boy Who Could Change the World(Electronic Frontier Foundation) "One of the minor puzzles of American life is what question to ask people at parties and suchly to get to know them," a nineteen-year-old Aaron Swartz wrote in 2006
Cornell Tech forms cybersecurity research team(Cornell Chronicle) Cornell Tech has formed one of the world's leading research groups specializing in cybersecurity, privacy and cryptography. The four scientists in the group are known for their influence on industry, nonprofit and government practice, as well as for their highly cited, award-winning research
Legislation, Policy, and Regulation
"Closing that Internet Up": The Rise of Cyber Repression(Council on Foreign Relations) Donald Trump calls for "closing that Internet up" due to the rise of Islamic extremism, Hillary Clinton says the same thing, just a bit more diplomatically, asking the great disrupters to go to work disrupting the so-called Islamic State
Opinion: Britain can't pwn the world(Christian Science Monitor) The draft Investigatory Powers Bill gives Britain the power to prohibit companies from providing truly secure online communications, thus undermining the Web. But no country should have the right to pwn — hacker speak for "own" — the Internet
Wassenaar Arrangement could get a redo over cyber(FCW) Federal officials and industry experts who testified before a joint hearing of two House subcommittees on Jan. 12 agreed with lawmakers that the government should re-evaluate its support for an international arrangement that imposes export controls on intrusion and surveillance technologies among participating countries
U.S. must keep pace with China in cyberspace(FCW) Congress needs to act if the United States is to keep pace with China's investments in cyberspace, said Texas Republican Mac Thornberry, chairman of the House Armed Services Committee
Lessons from 2015: investor-centered compliance takes center stage in U.S.(Reuters) The course of regulatory developments in the United States in 2015 showed a decided focus on investor protections, tracking illicit financial flows, protecting data and ensuring overall cyber security. Furthermore, there was continuing discussion of the independence and financial commitment firms must give to compliance leadership
Classified report, JRSS review amid DISA's hard look at cyber(C4ISR & Networks) The Defense Information Systems Agency is coordinating with the DoD CIO office, the National Security Agency and the military services in a sweeping review of cyber capabilities that could steer Defense Department operations in cyberspace going forward
Stacey Dixon Joins IARPA as Deputy Director(ExecutiveGov) Stacey Dixon, former deputy director of the InnoVision organization at the National Geospatial-Intelligence Agency , has joined the Intelligence Advanced Research Projects Activity as deputy director
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.