We're delighted to be able to share a little news of our own this morning.
With the support of our sponsors, academic and research partners, and the community, we're pleased to be officially launching two new podcasts (you can read the the press release here).
The CyberWire Daily Podcast is published each weekday afternoon (in time for US East Coast drive-time), and the Week-in-Review is published Fridays. Shows are available on the CyberWire website, and also on iTunes.
We've also invited distinguished academic and research organizations to partner on the educational segments of every show. Organizations wishing to become an Academic or Research Partner are invited to contact the editorial team.
Something else you might notice is the opportunity to support the CyberWire's news products through sponsorship. Many have been asking about this over the years, and as we have grown from a small cyber intelligence briefing to a global news publication with readers in more than one hundred twenty countries, we felt the timing was right to offer the opportunity to the many organizations that have become our dedicated supporters. Our aim is to continually improve the CyberWire, and keep it free for our readers and listeners.
We hope you enjoy the new podcasts. Be sure to let us know what you think.
By The CyberWire Staff
Ukraine suffers another cyber attack from, it appears, Russia, this one disabling systems at Kiev's airport. Like the December power grid hack, CERT-UA says this incident is associated with BlackEnergy malware. Meanwhile, the US Department of Homeland Security encourages US utilities to shore up their security.
Tensions between Russia and its neighbors continue to be attended by "patriotic" hacktivism, most recently from Azerbaijan, whence hackers (in solidarity with Turkey) defaced the website of Russia's embassy in Israel.
ISIS sympathizers conduct what's apparently their first action against a Chinese target, defacing Tsinghua University's website with messages calling for jihad.
ISIS messaging showed signs of becoming shakier last week. Rivalry with al Qaeda for jihadi mindshare is increasing, and sympathizers seem disillusioned by realities in the territories ISIS controls.
Digital currency exchange Cryptsy is looted of six million US dollars worth of Bitcoin.
Hyatt releases results of its investigation into point-of-sale hacks (mostly in restaurants) the chain experienced between August and December of last year. Many of the affected locations are reported to be in the Middle East and Africa.
Security analysts note a surge in PayPal "zero-dollar" invoice spam.
DDoS attacks independently strike a large torrent service and a South Korean entertainment agency. Neither appears to be serving as misdirection for larger campaigns.
Liability, regulation, and litigation continue to shape emerging cyber standards of care. Noteworthy are ongoing Safe Harbor negotiation, a US Wassenaar implementation restart, and several pending lawsuits.
The Crackas-with-Attitude take a poke at the White House science advisor.
Today's issue includes events affecting Australia, Azerbaijan, Canada, China, European Union, Finland, France, Iraq, Iran, Israel, Republic of Korea, Poland, Russia, Syria, Taiwan, Thailand, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States.
Hackers reveal flaws in cyber security framework: experts(The Nation) The recent hacking of government websites has called into question the government's cyber security standards and risked its reputation for management, but a single gateway was not a solution to that problem, cyber security specialists said yesterday
Operation DustySky(Clearsky Cyber Security) DustySky (called "NeD Worm" by its developer) is a multi-stage malware in use since May 2015. It is in use by the Molerats (aka Gaza cybergang), a politically motivated group whose main objective, we believe, is intelligence gathering. Operating since 2012, the group's activity has been reported by Norman, Kaspersky, FireEye, and PwC
German data surveillance includes Finland(Uutiset) According to leaked German intelligence documents, German intelligence agency BND monitored phone calls and possibly Internet traffic to and from Finland in the 2000s
Open sauce has zero-day bugs too(TechEye) A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is used by shedloads of Linux kernel-based operating systems and software applications and Mac OS X and Windows platforms has been spotted
Agency of 'flag row' Taiwan K-pop star under cyber attack(AFP via Yahoo! News) A South Korean entertainment company, criticised for its handling of a row over a teenage Taiwanese K-pop star forced to apologise for waving the island's flag, has had its website brought down by hackers, a spokesman said Tuesday
Security Patches, Mitigations, and Software Updates
Microsoft updates support policy: New CPUs will require Windows 10(ZDNet) In a change to its longstanding support policy, Microsoft says PCs based on new CPU architectures, including Intel's Skylake chips, will require Windows 10. A list of preferred systems will support older Windows versions on new hardware, but only for 18 months
Liability can change attitudes to corporate cybersecurity(Infosecurity Magazine) Throughout the past century we've witnessed how liability, regulation and legislation have been instrumental in improving security and safety. As Britain marks 50 years since the first seatbelt law was introduced this month, we celebrate how driver liability changed norms and saved thousands of lives
The changing face of the security industry(Security Info Watch) While many organizations' executive-level security positions have historically been filled by those with law enforcement or military experience, there is a growing contingent of young security industry professionals who come from very diverse backgrounds and possess a wide variety of skill sets
Key principles for corporate digital responsibility(Help Net Security) Businesses' use of personal data from consumers is at risk and recommends key strategies and principles to properly protect consumer data, build trust and simultaneously grow their businesses
Cyber team forms at the Coast Guard Academy(New London Day) A newly formed cyber team at the Coast Guard Academy is providing a route for cadets to deepen their knowledge of computer networks — how they work, how to secure them, and how to identify vulnerabilities within them — while also earning sports credit for their participation
Legislation, Policy, and Regulation
EU-US Safe Harbor Data Flow Talks Still Sticking On Surveillance(TechCrunch) As the three-month deadline for Europe and the U.S. to agree a new transatlantic data transfer deal looms, EC officials are briefing that the U.S. needs to do more to improve transparency around its government mass surveillance programs in order to secure an agreement
Cryptographic backdoors? France says, "Non!"(Naked Security) Genuinely strong encryption — the sort of encryption that is as good as unbreakable if used correctly — is now readily available, even in consumer devices such as mobile phones
On the naughty step(Economist) A slap on the wrist for Poland is a big test for the European Union
Schneck: Export controls could hinder cyber work(Federal Times) A set of export controls, intended to promote transparency and greater responsibility in the exports of weapons systems and other technologies, poses a risk of compromising cybersecurity, according to a Department of Homeland Security official in testimony before a joint House subcommittee hearing
Uproar over Wassenaar followed by GAO report on surveillance tech sales to Iran(SC Magazine) On the heels of Tuesday's Congressional uproar over the Commerce Department's proposed changes to the Wassenaar Arrangement, the Government Accountability Office published a report of companies selling surveillance technologies to Iran, against a longstanding ban on the sale of such technologies to the Iranian government
NSA claims to meet privacy safeguards(The Hill) The National Security Agency is adequately protecting Americans' civil liberties and privacy as it shifts to a new intelligence collection program, it claimed in a transparency report released on Friday
NSA Releases USA FREEDOM Act Transparency Report(IC on the Record) The National Security Agency announced today the public release of its new report on the implementation of the USA FREEDOM Act, along with specific procedures — adopted by the U.S. Attorney General and approved by the Foreign Intelligence Surveillance Court — that are designed to protect privacy rights
China to incorporate IP violations into "social credit" system for enterprises(World Trademark Review) Chinese enterprises with a record of IP infringement may soon have that fact reflected in their credit histories. The latest indication came in December, when the country's chief administrative body, the State Council, included the idea in its "Opinion on Building a Strong IP Nation", a blueprint for future reforms
State CIOs agenda targets cybersecurity(CSO) NASCIO's federal policy agenda for new year looks to expand resources to secure critical infrastructure, recruit top talent and ease the burden of federal regulations
Firm Sues Cyber Insurer Over $480K Loss(KrebsOnSecurity) A Texas manufacturing firm is suing its cyber insurance provider for refusing to cover a $480,000 loss following an email scam that impersonated the firm's chief executive
Court refuses to dismiss Travelers cyber defense case(Business Insurance) A U.S. District Court in Utah has refused to dismiss a claim by a Travelers Cos. Inc. unit policyholder that the insurer failed to follow industry standards in its denial of defense coverage in a cyber case, in an ongoing dispute between the insurer and its policyholder
Insurer must indemnify genealogy firm that made DNA results public(Business Insurance) A genetic genealogy firm is entitled to indemnification and defense coverage by a Markel Corp. unit for the inadvertent release of personal information under its professional liability policies, and a policy exclusion related to receiving unsolicited communication does not apply, says a federal District Court
US casino operator sues cyber security company(Financial Times) Affinity Gaming, an operator of 11 casinos in four US states, is suing cyber security company Trustwave for failing to contain a breach it was hired to shut down, opening a new avenue of liability around data breaches
Secure Rail(Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Insider Threat Symposium & Expo™(San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents...
Risk Management Summit(New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...
HITBSecConf2016 Amsterdam(Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth...
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
BSides Tampa 2016(MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium(Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.