skip navigation

More signal. Less noise.

Daily briefing.

Palo Alto Networks releases results of a long-running study of cyber reconnaissance against Tibetan and Uyghur dissident groups in China. Palo Alto calls the threat group involved "Scarlet Mimic" and offers no further attribution, but other observers think the target sets fits the interests of Chinese security services.

The US is reported to be actively targeting ISIS cyber operators with airstrikes. ISIS cyber operations continue to concentrate on inspiration, a fresh and lurid instance of which appeared over the weekend in the form of a 17-minute clip of the Paris terrorists engaged in pre-attack training and local atrocities in Syria.

Anonymous remains quiet on the anti-ISIS front, but elements of the collective hit the website of Japan's Narita International Airport to protest whaling.

Azerbaijani hackers make their expected riposte to Armenia cyber-rioters, defacing Armenian diplomatic websites with images Hack Read describes as "displaying Azerbaijan's military power."

Irish government websites sustain a distributed denial-of-service campaign.

Fortinet discovers an SSH backdoor affects its FortiSwitch, FortiAnalyzer and FortiCache products as well as FortGuard.

Business Insurance describes the "patchwork" quality of conventional cyber insurance coverage. Willis Towers Watson Wire lays out what policies cover and what they don't. Business Insurance announces its innovation awards. One goes to PivotPoint Risk Analytics for its estimation and quantification of cyber value-at-risk.

Litigation also contributes to development of standards of care. One closely watched case is Affinity Gaming's suit against Trustwave, likely to prove "disruptive."

The US and the EU are in final stages of Safe Harbor renegotiation.

Notes.

Today's issue includes events affecting Armenia, Australia, Azerbaijan, China, Czech Republic, European Union, Hungary, India, Indonesia, Iraq, Ireland, Israel, Italy, Japan, Malaysia, Pakistan, Syria, Turkey, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Single group of hackers targets Uyghur, Tibetan activists (IDG via CSO) The information sought would be of most interest to a nation-state, Palo Alto said in a new report

Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists (Palo Alto Networks) Over the past seven months, Unit 42 has been investigating a series of attacks we attribute to a group we have code named "Scarlet Mimic"

Cyber, real world converge as U.S. targets ISIS hackers with bombs (Defense Systems) The notion of the cyber domain crossing over into the physical world is increasingly becoming more prolific, most famously exemplified by the Stuxnet virus that damaged part of Iran's nuclear processing ability. But the potential threat posed by ISIS is bringing new meaning to the convergence of these two domains, as the military is using air strikes against members of the group associated with hacking

Isis video threatening UK claims to show Paris attackers in Syria and Iraq (Guardian) If confirmed, video containing beheadings and target practice and showing prime minister David Cameron would establish coordination with group

The Country Club Jihad: A Study of North American Radicalization (Small Wars Journal) Using the University of Maryland National Consortium for the Study of Terrorism and Responses to Terrorism (START) Profiles of Islamist Radicals in North America (PIRaNA) dataset, this research paper examines a curious dynamic among Muslims who radicalize to the point of violence in North America

Cyber attack: Federal health ministry website hacked (Dunya News) Hackers while commiting cyber crime, hacked the website of federal health ministry and left message regarding Charsadda massacre

Azerbaijani Hackers Deface NATO-Armenia, Embassy Websites in 40 Countries (Hack Read) Azerbaijani Hackers have hacked NATO-Armenia and embassy websites in 40 countries giving a powerful reply to the Armenian hackers

Anonymous Shut Down Japanese Airport Website Against Dolphin Slaughter (Hack Read) Anonymous hackers shut down Japan's Narita International Airport website against Dolphin slaughter

Government websites targeted and shut down in cyber attack (Irish Examiner) Government departments and agencies were targeted by a cyber attack which shut down websites and has forced officials to review the protection of their internet systems

Unknown attackers are infecting home routers via dating sites (Help Net Security) Damballa researchers have spotted an active campaign aimed at infecting as many home routers possible with a worm

"66% of Android devices" vulnerable to Linux zero-day bug … or not (Naked Security) Earlier this month, a small cybersecurity company made big news after it publicly disclosed a zero-day bug in the Linux kernel

FortiGuard SSH backdoor found in more Fortinet security appliances (IDG via Computerworld) FortiSwitch, FortiAnalyzer and FortiCache were also affected

Put a password on your webcam or end up featured on Shodan's vulnerable cam feed (Network World) The IoT search engine Shodan added a new section featuring screenshots of vulnerable cams which lack password authentication and stream video

Has your sleeping baby been indexed by this search engine? (Naked Security) If you're interested in internet insecurity, you've probably heard of Shodan

AMX Harman Disputes Deliberately Hiding Backdoor In Its Products (Dark Reading) Control systems for AV, lighting, and other equipment used widely by the White House, Fortune 100, government, and defense agencies likely affected

LeChiffre Ransomware Hits Three Indian Banks, Causes Millions in Damages (Softpedia) An unknown hacker has breached the computer systems of three banks and a pharmaceutical company and infected most of their computers with crypto-ransomware

State confirms 'cyber attack' similar to one at Flint hospital (Michigan Live) The State of Michigan has confirmed it also was the victim of a "cyber attack" last weekend

RSA Conference disables Twitter password-collecting form (Naked Security) No, RSA Conference 2016 was not snarfing up attendee Twitter passwords during conference registration process, it insisted on Friday, though it sure did look that way, as tweeted images such as this one show

'Experts' at cyber-security conference willingly gave away their Twitter passwords (Telegraph) Dozens of attendees at the RSA security conference entered plain-text Twitter passwords stored on the event's website

Railroad Association Denies Smart Train Cyber Vulnerabilities (Fortune) Railroad industry representatives are disputing a recent claim that its network security practices are inadequate

Technology Derailed (Boston Review) How for-profit industry is risking railway safety

Sainsbury's Bank web pages stuck on crappy 20th century crypto (Register) 'Someone there should be beaten to a pulp with a keyboard'

House of Cards star fears Sony hack repeat (SC Magazine) Having recently taken on the studio boss role at Relativity Studios, House of Cards star Kevin Spacey fears a hack similar to that of Sony Pictures will occur again

Bulletin (SB16-025) Vulnerability Summary for the Week of January 18, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Skype finally hides your IP address, to protect against vengeful gamers (We Live Security) Over five years ago, in November 2010, security researchers found a serious privacy vulnerability in Skype that could allow hackers to surreptitiously scoop up sensitive information about users, including victims' IP addresses and revealing their city-level location

Cyber Trends

Breaches will continue until morale improves (CSO) Sitting in my office this morning I find myself in a reflective mood

Organizations are spending ineffectively to prevent data breaches (Help Net Security) A new report by 451 Research, which polled 1,100 senior IT security executives at large enterprises worldwide, details rates of data breach and compliance failures, perceptions of threats to data, data security stances and IT security spending plans

Why porn is harmful to your mobile phone (EJInsight) Porn sites are the No. 1 security threat to your mobile phone, a study shows

One-third of Irish Data Protection Officials Admit Breach in Past Year (Legaltech News) The Irish Computer Society survey found 71 percent said the breaches were caused inadvertently by staff members

Marketplace

Cybersecurity Sector Will See Huge Growth in 2016 (The Street) Some big names, including Donald Trump and Ashley Madison, fell victim to cybercrime in 2015, along with hundreds of millions of individuals and organizations

Israeli firms have record year in cyber, raise $540 mln -report (Reuters) Jan 24 Israeli cyber security companies raised a record $540 million in 2015, up 20 percent from a year earlier, providing a boost to the country as it looks to solidify its place as a global leader in the field

The RSA keynotes: a cautionary tale (Engdget) This year's speakers aren't hackers, but they play them on TV

Conventional insurance cover for cyber risks a patchwork affair (Business Insurance) The coverage provided for cyber risks by conventional classes of insurance can be patchy, according to research carried out by the International Underwriting Association and law firm Norton Rose Fulbright L.L.P., both based in London

Guide to Network Security and Cyber Coverage (Willis Towers Watson Wire) For years, network security professionals have been saying "either you have been data breached or you just do not know that you have been data breached"

PwC strengthens cyber security practice (BBC) Business adviser PwC has strengthened its cyber security practice by buying an Edinburgh-based consultancy. PwC did not disclose how much it paid for Praxism, which specialises in identity and access management (IDaM)

Consolidation paces quickens in cyber defense market (Defense Systems) Aiming to augment its virtualized platform for cyber defense with what it calls an "intelligence-led approach" to cyber security, FireEye Inc. said this week is has completed its acquisition of privately-held iSight Partners, a leading provider of cyber threat intelligence

Jack Dorsey Confirms Departures Of Several Twitter Execs (TechCrunch) Twitter CEO Jack Dorsey has confirmed the departures of Twitter execs, who oversaw the product, engineering, media and HR teams

Confirmed: Twitter execs fly the coop (Seeking Alpha) In the wee hours of Sunday night, Twitter's (NYSE:TWTR) Chief Executive Jack Dorsey made it official: Several top-level executives are leaving

Avast: Inside The Brain Of An Antivirus Machine (Forbes) Avast Software is so named because, of course, the word means "stop hauling!" (so, stop malware) in the Olde English sailor parlance

CloudPassage carves out space in historic SoMa wine warehouse (SFGate) There's a demon present in a historic building South of Marke

Products, Services, and Solutions

Emsisoft Emergency Kit 11: Free dual-engine cleanup — 100% portable! (Emsisoft Blog) We're proud to present Emsisoft Emergency Kit 11, the ultimate malware cleaning toolkit. Now with native 64 bit support, it's still free of charge for private use, and the tool of choice for obtaining a second opinion about any potential infections of your computer

Kaspersky Lab and WISeKey launch a secure mobile app (IT Pro Portal) Kaspersky Lab and WISeKey have announced a new app, during the World Economic Forum in Davos, which will keep people's data safe from cybercriminals and other intruders

New tool from Cloudmark is designed to defend against spear phishing (Network World) The nature of how cyber attacks start is changing. Today's malicious actors are not merely opportunistic, they know what information they want and who to target to get at it

Technologies, Techniques, and Standards

Industrial Control Systems Under Attack (Automation World) A new ICS-CERT report outlines seven strategies to keep cyber intruders away from critical infrastructure

Tyrie calls on banks to improve their IT controls (Financial Times) Andrew Tyrie has demanded action on the state of banks' IT systems, calling for regulators to look for ways to improve security and resilience following a string of system failures

DISA test-driving smartphone encryption (C4ISR & Networks) Top leaders at the Defense Information Systems Agency know they're chasing a moving target: Mobile technology is moving quickly, and constant connectivity is expected by any young recruit and most people today

Ignore the world's worst passwords, look at how they're created instead (CSO) SplashData's worst passwords list is irrelevant for the most part; the real lesson is what makes the passwords so bad in the first place

Assessing Remote Certificates with Powershell (Internet Storm Center) Building on our last conversation about HTTPS and Powershell, let's look at another common thing you'd do with HTTPS in a system administrator, or in a security assessment or penetration test — let's assess the HTTPS certificates themselves

4 essentials to creating a world-class threat intelligence program (Tech Republic) Threat intelligence is vital to assessing your company's risk. A former Secret Service agent reveals the requirements of a successful threat intelligence program

Will Information Sharing Improve Cybersecurity? (Cipher Brief) One of the key lessons of 2015 was that cybersecurity is more important than ever — a lesson that Sony and the Office of Personnel Management learned the hard way

Trying to stay out of trouble online? Trouble may still find you. (Team Cymru) There are many myths on the subject of staying safe online, for example

Plug in, unplug, and shake: a "magical" combination! (Anti-Virus4U) What would you name as the worst kind of computer threats?

Design and Innovation

Business Insurance reveals 2016 Innovation Awards winners (Business Insurance) Business Insurance on Friday announced 10 winners of the 2016 Innovation Awards, the publication's recognition program for products and services designed for use by professional risk managers

Research and Development

DARPA awards obfuscation contract (C4ISR & Networks) DARPA has awarded a $3.7 million contract to Vencore Labs to keep hostile powers from reverse engineering captured software

Academia

New Advanced Degree in Information Security Operations Offers Tuition Discount For Feds (GovExec) Federal employees now can pursue a master?s degree in information security operations at discounted tuition rates through a new online offering from Champlain College

Army Training Aims at Cybersecurity (Military Spot) In a continuing effort to better train U.S. Army engineers in all things cyber, the Army is offering a graduate-level certificate in the Fundamentals of Cybersecurity starting Feb. 10

Legislation, Policy, and Regulation

Malaysian PM Defends Strict Security Laws to Fight Terrorism (ABC News) Malaysia's leader on Monday defended the country's strict security laws, saying they are needed to fight terrorism as the Islamic State group warned of revenge over a crackdown on its members

Vice President Biden criticizes crackdown on dissent in Turkey (Washington Post) Vice President Biden urged "a change of attitude" by the Turkish government toward its domestic critics Friday, saying that the media and all others here must be free to "challenge orthodoxy," including political and religious beliefs, if Turkey is to thrive

US-EU Safe Harbor Data-Transfer Talks Enter Final Week (TechCrunch) As negotiations on a key transatlantic data-transfer agreement enter the final week, before the EU's end of January deadline, senior US and EU officials have been discussing the state of play at the Safe Harbor talks table

Study of EU's cybersecurity approach highlights need for sharing (FierceGovernmentIT) The increase in cyberthreats means the public and private sectors of European Union member states need to collaborate, but only a fraction of them have set up partnerships, working groups or forums, a new report found

What's Known About China's Shadowy New 'Combat' Force (Defense One) On the last day of 2015, China overhauled the way its military was structured, creating a new force that's received very little attention in the foreign press

Loretta Lynch: US Is Not Seeking Backdoor Access To Encrypted Communication But Wants Silicon Valley's Help (International Business Times) Top U.S. government and law enforcement officials are not trying to secure unfettered access to WhatsApp, Apple iMessage or any other major encrypted communication service, U.S. Attorney General Loretta Lynch said Friday. Lynch, speaking at the World Economic Forum in Davos, Switzerland, also said Silicon Valley is cooperating with the government in the privacy vs. surveillance debate, though she admitted both sides are "struggling with the issue"

NSA Takes Pro-Encryption Stance: Can It Spy On Your Encrypted Data? (TechTimes) The National Security Agency (NSA) is easing its stance on encrypted data. The agency's director Mike Rogers shared his thoughts on the ongoing debate surrounding encryption and revealed that the NSA is now in favor of encrypted data

ODNI Releases 2016 Signals Intelligence Reform Progress Report (IC on the Record) The Office of the Director of National Intelligence released today the 2016 Progress Report on Changes to Signals Intelligence Activities. The report acknowledges the second anniversary of Presidential Policy Directive 28 on Signals Intelligence Activities

Declassified documents reveal scope of Defense Department's cyber strategy (Christian Science Monitor Passcode) The Pentagon has declassified several confidential documents that reveal a lack of authority in Cyber Command that experts say may hamper the nascent cyber force

Pentagon to take over control of background investigation information (Washington Post) The Defense Department will take over responsibility for storing sensitive information on millions of federal employees and others from the Office of Personnel Management and the government will create a new entity to oversee background investigations, Obama administration officials announced Friday

DHS defends biometrics effort as Congress calls for action (FierceGovernmentIT) A day after a Homeland Security Department report showed that most U.S. visitors do not overstay their visas, a Senate subcommittee said a biometric exit system is crucial

Power Wars: How Obama justified, expanded Bush-era surveillance (Ars Technica) Review: Veteran national security reporter has inside scoop on Obama White House

5 Things Congress Should Learn From New State Privacy Bills (Wired) When Congress feels the need to compromise Americans' privacy in the name of security — as in the case of the Patriot Act in 2001 or the Cybersecurity Information Sharing Act last month — it moves remarkably fast

Litigation, Investigation, and Law Enforcement

Cybersecurity Services Lawsuit Introduces New Liability Exposure for IT Firms (Legaltech News) Regardless of the outcome of the case, it's a wakeup call to service providers to ensure they can effectively deliver the services they promise

Hungarian government guilty of snooping on its citizens (SC Magazine) The European Court of Human Rights has found the Hungarian government guilty of violating article eight of the European Convention of Human rights: the right to privacy

FBI ran website sharing thousands of child porn images (USA Today) For nearly two weeks last year, the FBI operated what it described as one of the Internet's largest child pornography websites, allowing users to download thousands of illicit images and videos from a government site in the Washington suburbs

Cyber recommendations neglected at FBI, says report (FierceGovernmentIT) A handful of recommendations the Justice Department Inspector General offered to bolster cybersecurity at the FBI remained open about two months following a report on the FBI's Next Generation Cyber Initiative

Hillary's team copied intel off top-secret server to email (New York Post) The FBI is investigating whether members of Hillary Clinton's inner circle "cut and pasted" material from the government's classified network so that it could be sent to her private e-mail address, former State Department security officials say

Man held for hacking social media account (The National) Police arrested a man who allegedly hacked a girl's social media account, stole her photos and videos and used them for blackmail

Man accused of mocking the UAE and its martyrs online (The National) A man is on trial at the Federal Supreme Court for a poem he allegedly posted online that ridiculed the UAE and its martyrs

Italian police shut down fake Prada website (Reuters) Italian police said on Friday they had shut down a website selling fake products carrying the high-fashion Prada label

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

Upcoming Events

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...

ESA 2016 Leadership Summit (Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...

National Cybersecurity Center of Excellence to Celebrate Opening of Newly Remodeled Facility (Rockville, Maryland, USA, February 8, 2016) The National Cybersecurity Center of Excellence is celebrating its dedication on February 8, 2016 at the center's newly remodeled facility at 9700 Great Seneca Highway

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

Secure Rail (Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.