The Great Firewall is blocking Tumblr in China. Observers see this as possible preparation for this weekend’s anniversary of the Tiananmen Square massacre.
ISIS announces a ban on satellite television in Mosul, which it continues, for now, to control. The ban’s being enforced by physical destruction of satellite dishes.
A RiskIQ scan suggests that outdated Wordpress and Drupal installations are exposing large enterprises to the risk of a major data compromise. The old versions of the content management systems still in widespread use are seen as a likely source of new Panama-Papers-style leaks. (No such leaks yet, but there’s much pointing with alarm.)
Trustwave, which has been investigating the alleged Windows zero-day that’s up for auction in the black market, thinks signs point to its being a legitimate vulnerability. But investigation continues.
Elsewhere in the black market, Forcepoint notices that skid coders are selling Jigsaw ransomware’s source code for $139, which seems low even given Jigsaw’s typical $150 ransom demand. Forcepoint’s conclusion: cyberspace has its fair share of dumb money and petty, easy crime.
FireEye describes “Irongate,” ICS malware affecting Siemens PLCs. It’s being called “son of Stuxnet,” but it looks more like a proof-of-concept used in pentesting.
NATO is expected to declare cyberspace an operational domain soon. Old news, at least for prominent NATO members, but Russia Today looks on with factitious alarm. (Tip-off scare words: “German general.”)
Some cyber sector M&A activity is under discussion, and Palantir, Parsons, and SAIC all win places on large US cyber contracts.
Today's issue includes events affecting Albania, Argentina, Azerbaijan, Bahrain, Belgium, Brazil, Bulgaria, Canada, China, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Iraq, Israel, Italy, Japan, Kenya, Democratic Peoples Republic of Korea, Kuwait, Latvia, Lithuania, Luxembourg, Netherlands, New Zealand, Norway, Oman, Poland, Portugal, Qatar, Romania, Russia, Saudi Arabia, Slovakia, Slovenia, Spain, Taiwan, Turkey, United Arab Emirates, United Kingdom, United States.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, Jonathan Katz of the University of Maryland continues our education on random number generation, and Trustwave's Ziv Mador updates us on that Windows zero-day being hawked on the Russian black market. (We welcome reviews, by the way. You can provide an iTunes review here.)
Don’t Kill the Caliph! The Islamic State and the Pitfalls of Leadership Decapitation(War on the Rocks) The Islamic State in Iraq and the Levant (ISIL) has endured significant territorial losses since its peak a year ago. Additional coalition deployments, an improving information campaign, a resurgent Iraqi army, targeted financial sanctions, and tireless diplomacy have set the stage for the eventual reduction of the self-proclaimed caliphate. Concurrent with these efforts is a large manhunt to bring Abu Bakr al Baghdadi, its leader, to justice. While this is an important consideration, defeating this movement is a much more pressing and daunting task. The best way to defeat ISIL in the long term is to leave Abu Bakr in place – as the caliph who lost his kingdom
DRIDEX Poses as Fake Certificate in Latest Spam Run(TrendLabs Security Intelligence Blog) At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. Last May 25, 2016, we observed a sudden spike in DRIDEX–related spam emails after its seeming ‘hiatus.’ This spam campaign mostly affected users in the United States, Brazil, China, Germany, and Japan
Top Laptop Makers Still Don’t Seem To Care About Security(Tom's Hardware) Last year, there were quite a few security scandals that affected both Lenovo and Dell. Duo Security, a security company that offers two-factor authentication and endpoint security products, uncovered that it’s not just those two laptop companies that are putting their customers in danger of getting hacked, but others as well, including Acer, Asus, and HP
Zero Day Auction for the Masses(Trustwave SpiderLabs) Over the years we've seen practically exponential growth in the underground economy. Criminals are organizing their efforts online on a scale we haven't seen before. Capitalizing on the anonymity of private forums, cryptocurrency and anonymous networks, cybercriminals have evolved their techniques and tactics tremendously
Jigsaw ransomware source code on sale(ITWire) The author of the Jigsaw ransomware, that encrypts files on Windows systems and then deletes them over time if a ransom is not paid, is selling the source code to the malware for US$139, according to researchers at Forcepoint security labs
It’s not just you, Amazon search is down(TechCrunch) If you’ve been trying to search for something on Amazon.com for the past few hours, you’ve been receiving a “service unavailable” Error 500. That’s because Amazon is currently suffering an outage
University of Calgary Network Suffers Malware Attack(HackRead) The computer servers at the University of Calgary, Canada, has suffered a sophisticated malware attack impacting its IT infrastructure this Saturday(28th May) when officials noticed suspicious activity and warned students not to use any computers issued by the university
Security Patches, Mitigations, and Software Updates
Microsoft Unveils Office 365 Advanced Security Management(Forbes) Many organizations have embraced Office 365—with all of the perks and benefits it includes. The cloud-based components of Office 365 introduce some unique security concerns as well, though, so Microsoft has developed Office 365 Advanced Security Management to address those concerns and enable businesses to use Office 365 with more confidence
Cyberattacks on the rise across the GCC Region(CPI Financial) FireEye, Inc. recently revealed key insights on the state of cyber attacks across the EMEA (Europe, Middle East and Africa) region, particularly in the countries of the GCC (Gulf Cooperation Council)
Pasadena-Based Parsons Wins U.S. Cyber Command Prime Contract(Pasadena Now) Parsons has been awarded a multiple-award, indefinite delivery/indefinite quantity (MA/IDIQ) contract by the General Services Administration to support the United States Cyber Command (USCYBERCOM). Under this 5-year, multimillion-dollar prime contract, Parsons will deliver services to support the defensive and offensive cyber missions of USCYBERCOM
ServiceNow buys security intelligence software firm BrightPoint Security(Seeking Alpha) As part of its continuing expansion into the security operations software market, ServiceNow (NOW +1.4%) is buying BrightPoint Security, provider of a "security command platform" (known as Sentinel) that helps companies manage threat information, automate threat detection and risk analysis, and share intelligence
Anup Ghosh's Invincea 'Learns' To Solve Cybercrime(Forbes) It is said that there are two types of companies in the world: those that know they’ve been hacked, and those that don’t. “That’s essentially a defeatist attitude that there’s nothing you can do about it,” said entrepreneur and Invincea founder, Anup Ghosh. “Most of these attacks are imminently solvable”
Trend Micro to fight against ransomware(ITWeb) Internet and cloud security provider Trend Micro, has released a free tool – which it says will help Internet users and organisations fight back against the dangers of ransomware
Cybersecurity Industry Leaders Partner With Cybrary(HS Today) Over a dozen cutting-edge cybersecurity companies—including ZeroFOX, Talos, Tripwire, AlienVault, and other major players—have partnered with Cybrary to provide their educational and thought leadership content to what is now the largest cybersecurity community on the Web
Synaptics’ Turnkey USB Fingerprint Solution Adds Simple and Secure Authentication to Notebook PCs(Globe Newswire) Synaptics Incorporated (NASDAQ:SYNA), the leading developer of human interface solutions, today announced a new ultra-small form factor USB module that enables Natural ID™ secure fingerprint authentication on any notebook PC. Synaptics’ USB dongle is a turnkey solution for OEMs, ODMs and private labels, enabling them to offer their customers an easy to use and inexpensive fingerprint alternative for PCs lacking integrated biometric sensors
Visa/MasterCard-Equipped mPOS Lands In Middle East(PYMNTS) Cybersecurity company Thales announced on Tuesday (May 31) that its payShield 9000 hardware security modules (HSMs) will be used by payments technology company Swiftch to help secure the first Visa Ready and MasterCard self-certified mPOS solution throughout the United Arab Emirates (UAE)
Live safe Internet with Azercell!(Azer News) Azercell has started cooperation with Kaspersky Lab in the field of internet security, which is aimed to draw a special attention to the protection of children fro cyber treats. Three new products by Azercell will allow the users of all ages to feel safer on the Internet
Experian ships new fraud and ID plug-and-play platform(Finextra) Experian, the leading global information services company, today unveiled the fraud and identity industry's first open platform designed to catch fraud faster, improve compliance and enhance the customer experience
The OPSEC Opportunity(Digital Shadows) Operations Security (OPSEC) has long been a key tactic used by commercial and military organizations to protect their privacy and anonymity. The United States formalized OPSEC in 1988 with President Reagan’s National Operations Security Program. The premise of OPSEC is pretty simple: deny adversaries information that could be used to do harm to an organization or individual. During my last trip to the United Kingdom, I visited the famous World War II code-breaking site Bletchley Park. I took the following photo that sums up wartime OPSEC well
IoT Security Must be Factored in to your Business Continuity Plans(Information Security Buzz) The Internet of Things (IoT) industry must establish a common set of security standards of which to adhere, according to Oscar Arean, technical operations manager at disaster recovery provider Databarracks. Arean also argues that IoT risks should feature in organisations’ continuity plans if they want to be protected
Facebook is Listening to Users’ Conversations, Here’s How to Stop it(HackRead) Facebook seems to have decided to leave no stone unturned in making its advertising campaigns wide-ranged and perfectly targeted. Previously we reported about the lawsuit filed against the social network for taking a sneak peek into private communications of its users in order to conduct relevant advertising and generate maximum Likes
Hacker Lexicon: What Is Fuzzing?(Wired) Hackers sometimes portray their work as a precise process of learning every detail of a system—even better than its designer—then reaching deep into it to exploit secret flaws
Google’s Training Its AI to Be Android’s Security Guard(Wired) When Adrian Ludwig describes the ideal approach to computer security, he pulls out an analogy. But it’s not a lock or a firewall or a moat around a castle. Computer security, he says, should work like the credit card business
Why gaze tracking startup Cogisen is eyeing the Internet of Things(TechCrunch) How will you interact with the Internet of Things in your smart home of the future? Perhaps by looking your connected air conditioning unit in the lens from the comfort of your sofa and fanning your face with your hand to tell it to crank up its cooling jets
CyberPatriot IX Registers 1,000 Teams in Record-Breaking Time(PRNewswire) The Air Force Association (AFA) today announced that CyberPatriot, AFA's premier STEM education initiative, has reached 1,000 registered teams for the CyberPatriot IX National Youth Cyber Defense Competition in record-breaking time. Registration is open until October 5th
Yahoo Publishes National Security Letters After FBI Drops Gag Orders(Wired) The FBI has been issuing national security letters for decades. The controversial subpoenas, which allow the feds to obtain customer records and transaction data from internet service providers and other companies without a court order, come with a perpetual gag order that prevents recipients from disclosing that they’ve received an NSL
Mir Islam – the Guy the Govt Says Swatted My Home – to be Sentenced June 22(KrebsOnSecurity) On March 14, 2013 our humble home in Annandale, Va. was “swatted” — that is to say, surrounded by a heavily-armed police force that was responding to fraudulent reports of a hostage situation at our residence. Later this month the government will sentence 21-year-old hacker named Mir Islam for that stunt and for leading a criminal conspiracy allegedly engaged in a pattern of swatting, identity theft and wire fraud
Online dating scam drags woman into Argentinian prison for 2.5 years(Naked Security) Last September, we brought you an online dating tale with a happy ending: guy falls in love with a buxom blonde/millionaire heiress who friends him on Facebook, gets ready to send her a wad of cash so she can supposedly come to the US (which she somehow needed in spite of that rich daddy of hers), dumps his fiancée, and gets saved in the nick of time by aforementioned dumped fiancée
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security Opportunities in Turkey Webinar(Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk.
Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks. ...
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
SecureWorld Atlanta(Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...
Innovations in Cybersecurity Education Workshop 2016(Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity...
ISS World Europe(Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...
Data Breach & Fraud Prevention Summit Asia(Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the
New York State Cyber Security Conference(Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...
SecureWorld Portland(Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
SIFMA Cyber Law Seminar(New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...
Cleared Job Fair(Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...
SANSFIRE 2016(Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...
Show Me Con(St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...
CISO DC(Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...
The Security Culture Conference 2016(Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...
TECHEXPO Top Secret Hiring Event(Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence,...
2016 CyberWeek(Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...
Cyber Security for Critical Assets LATAM(Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...
Cyber 7.0(Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...
Security of Things World(Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...
SANS Salt Lake City 2016(Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...
DC / Metro Cyber Security Summit(Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
TECHEXPO Cyber Security Hiring Event(Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.