Palo Alto Networks releases results of a long-running study of cyber reconnaissance against Tibetan and Uyghur dissident groups in China. Palo Alto calls the threat group involved "Scarlet Mimic" and offers no further attribution, but other observers think the target sets fits the interests of Chinese security services.
The US is reported to be actively targeting ISIS cyber operators with airstrikes. ISIS cyber operations continue to concentrate on inspiration, a fresh and lurid instance of which appeared over the weekend in the form of a 17-minute clip of the Paris terrorists engaged in pre-attack training and local atrocities in Syria.
Anonymous remains quiet on the anti-ISIS front, but elements of the collective hit the website of Japan's Narita International Airport to protest whaling.
Azerbaijani hackers make their expected riposte to Armenia cyber-rioters, defacing Armenian diplomatic websites with images Hack Read describes as "displaying Azerbaijan's military power."
Irish government websites sustain a distributed denial-of-service campaign.
Fortinet discovers an SSH backdoor affects its FortiSwitch, FortiAnalyzer and FortiCache products as well as FortGuard.
Business Insurance describes the "patchwork" quality of conventional cyber insurance coverage. Willis Towers Watson Wire lays out what policies cover and what they don't. Business Insurance announces its innovation awards. One goes to PivotPoint Risk Analytics for its estimation and quantification of cyber value-at-risk.
Litigation also contributes to development of standards of care. One closely watched case is Affinity Gaming's suit against Trustwave, likely to prove "disruptive."
The US and the EU are in final stages of Safe Harbor renegotiation.
Today's issue includes events affecting Armenia, Australia, Azerbaijan, China, Czech Republic, European Union, Hungary, India, Indonesia, Iraq, Ireland, Israel, Italy, Japan, Malaysia, Pakistan, Syria, Turkey, United Arab Emirates, United Kingdom, United States.
Cyber, real world converge as U.S. targets ISIS hackers with bombs(Defense Systems) The notion of the cyber domain crossing over into the physical world is increasingly becoming more prolific, most famously exemplified by the Stuxnet virus that damaged part of Iran's nuclear processing ability. But the potential threat posed by ISIS is bringing new meaning to the convergence of these two domains, as the military is using air strikes against members of the group associated with hacking
The Country Club Jihad: A Study of North American Radicalization(Small Wars Journal) Using the University of Maryland National Consortium for the Study of Terrorism and Responses to Terrorism (START) Profiles of Islamist Radicals in North America (PIRaNA) dataset, this research paper examines a curious dynamic among Muslims who radicalize to the point of violence in North America
RSA Conference disables Twitter password-collecting form(Naked Security) No, RSA Conference 2016 was not snarfing up attendee Twitter passwords during conference registration process, it insisted on Friday, though it sure did look that way, as tweeted images such as this one show
House of Cards star fears Sony hack repeat(SC Magazine) Having recently taken on the studio boss role at Relativity Studios, House of Cards star Kevin Spacey fears a hack similar to that of Sony Pictures will occur again
Security Patches, Mitigations, and Software Updates
Skype finally hides your IP address, to protect against vengeful gamers(We Live Security) Over five years ago, in November 2010, security researchers found a serious privacy vulnerability in Skype that could allow hackers to surreptitiously scoop up sensitive information about users, including victims' IP addresses and revealing their city-level location
Organizations are spending ineffectively to prevent data breaches(Help Net Security) A new report by 451 Research, which polled 1,100 senior IT security executives at large enterprises worldwide, details rates of data breach and compliance failures, perceptions of threats to data, data security stances and IT security spending plans
Conventional insurance cover for cyber risks a patchwork affair(Business Insurance) The coverage provided for cyber risks by conventional classes of insurance can be patchy, according to research carried out by the International Underwriting Association and law firm Norton Rose Fulbright L.L.P., both based in London
Guide to Network Security and Cyber Coverage(Willis Towers Watson Wire) For years, network security professionals have been saying "either you have been data breached or you just do not know that you have been data breached"
PwC strengthens cyber security practice(BBC) Business adviser PwC has strengthened its cyber security practice by buying an Edinburgh-based consultancy. PwC did not disclose how much it paid for Praxism, which specialises in identity and access management (IDaM)
Consolidation paces quickens in cyber defense market(Defense Systems) Aiming to augment its virtualized platform for cyber defense with what it calls an "intelligence-led approach" to cyber security, FireEye Inc. said this week is has completed its acquisition of privately-held iSight Partners, a leading provider of cyber threat intelligence
Emsisoft Emergency Kit 11: Free dual-engine cleanup — 100% portable!(Emsisoft Blog) We're proud to present Emsisoft Emergency Kit 11, the ultimate malware cleaning toolkit. Now with native 64 bit support, it's still free of charge for private use, and the tool of choice for obtaining a second opinion about any potential infections of your computer
Tyrie calls on banks to improve their IT controls(Financial Times) Andrew Tyrie has demanded action on the state of banks' IT systems, calling for regulators to look for ways to improve security and resilience following a string of system failures
DISA test-driving smartphone encryption(C4ISR & Networks) Top leaders at the Defense Information Systems Agency know they're chasing a moving target: Mobile technology is moving quickly, and constant connectivity is expected by any young recruit and most people today
Assessing Remote Certificates with Powershell(Internet Storm Center) Building on our last conversation about HTTPS and Powershell, let's look at another common thing you'd do with HTTPS in a system administrator, or in a security assessment or penetration test — let's assess the HTTPS certificates themselves
Army Training Aims at Cybersecurity(Military Spot) In a continuing effort to better train U.S. Army engineers in all things cyber, the Army is offering a graduate-level certificate in the Fundamentals of Cybersecurity starting Feb. 10
Vice President Biden criticizes crackdown on dissent in Turkey(Washington Post) Vice President Biden urged "a change of attitude" by the Turkish government toward its domestic critics Friday, saying that the media and all others here must be free to "challenge orthodoxy," including political and religious beliefs, if Turkey is to thrive
US-EU Safe Harbor Data-Transfer Talks Enter Final Week(TechCrunch) As negotiations on a key transatlantic data-transfer agreement enter the final week, before the EU's end of January deadline, senior US and EU officials have been discussing the state of play at the Safe Harbor talks table
Loretta Lynch: US Is Not Seeking Backdoor Access To Encrypted Communication But Wants Silicon Valley's Help(International Business Times) Top U.S. government and law enforcement officials are not trying to secure unfettered access to WhatsApp, Apple iMessage or any other major encrypted communication service, U.S. Attorney General Loretta Lynch said Friday. Lynch, speaking at the World Economic Forum in Davos, Switzerland, also said Silicon Valley is cooperating with the government in the privacy vs. surveillance debate, though she admitted both sides are "struggling with the issue"
ODNI Releases 2016 Signals Intelligence Reform Progress Report(IC on the Record) The Office of the Director of National Intelligence released today the 2016 Progress Report on Changes to Signals Intelligence Activities. The report acknowledges the second anniversary of Presidential Policy Directive 28 on Signals Intelligence Activities
Pentagon to take over control of background investigation information(Washington Post) The Defense Department will take over responsibility for storing sensitive information on millions of federal employees and others from the Office of Personnel Management and the government will create a new entity to oversee background investigations, Obama administration officials announced Friday
FBI ran website sharing thousands of child porn images(USA Today) For nearly two weeks last year, the FBI operated what it described as one of the Internet's largest child pornography websites, allowing users to download thousands of illicit images and videos from a government site in the Washington suburbs
Cyber recommendations neglected at FBI, says report(FierceGovernmentIT) A handful of recommendations the Justice Department Inspector General offered to bolster cybersecurity at the FBI remained open about two months following a report on the FBI's Next Generation Cyber Initiative
Hillary's team copied intel off top-secret server to email(New York Post) The FBI is investigating whether members of Hillary Clinton's inner circle "cut and pasted" material from the government's classified network so that it could be sent to her private e-mail address, former State Department security officials say
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
BSides Tampa 2016(MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium(Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...
Insider Threat Program Development Training — California(Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
Secure Rail(Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas(Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.