Among the many large (and old) breaches under discussion this week was one that appears bogus. Some identity theft protection companies warned their customers that Dropbox had been breached, citing figures of around 73 million usernames and passwords compromised. But this seems untrue: the lost data appear to have come from the Tumblr breach.
Researchers say password manager KeePass 2’s update check is vulnerable to man-in-the-middle exploitation.
Familiar banking Trojan Dridex is circulating (mostly in North America) impersonating a PFX certificate file and thereby evading detection by many antivirus programs.
Check & Secure looks at reports of locked devices and bank account theft and thinks it sees the common factor: possible issues with TeamViewer.
WordPress is under active attack as hackers exploit a zero-day in its mobile detector plugin.
The FBI warns that traditional, albeit electronically enabled, extortion is on the rise. Criminals threaten to release stolen, potentially embarrassing information.
Adware insinuated into the Google Play Store targets fútbol fans.
A Washington Redskins trainer’s (apparently unencrypted) laptop containing current, former, and even potential players’ medical information was stolen last month.
Google releases Chrome 51.0.2704.79, fixing fifteen vulnerabilities affecting Windows, Linux, and OS X systems.
In industry news, Blue Coat filed its expected IPO yesterday as Bain Capital takes the company public.
As US schools approach summer vacation, the Air Force Association is offering eighty-five cyber boot camps across the country.
Wired runs an op-ed proposing securitized cyber insurance as a vehicle for improving cyber security (and national behavior in cyberspace).
Today's issue includes events affecting Albania, Belgium, Bulgaria, Canada, China, Croatia, Czech Republic, Denmark, Egypt, Estonia, France, Germany, Greece, Hungary, Iceland, India, Iran, Israel, Italy, Latvia, Lithuania, Luxembourg, Malaysia, Netherlands, Norway, Palestine, Poland, Portugal, Romania, Russia, Slovakia, Slovenia, Spain, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, Ben Yelin from the University of Maryland's Center for Health and Homeland Security discusses the long-term legal ramifications of a pending lawsuit against Facebook that involves the company's facial recognition products. We also talk about the state of the cyber profession with Joseph Billingsley, founder of the Military Cyber Professional Association. (If you enjoy the Podcast, please share your enjoyment with an iTunes review.)
TeamViewer – smells like a hack(Check & Secure) Reports emerged over the last week of users being locked out of their computers and having their bank and PayPal accounts emptied. The common factor connecting many of these is that they are users of TeamViewer, the remote access and control technology used by over a billion people worldwide
Dropbox Smeared in Week of Megabreaches(KrebsOnSecurity) Last week, LifeLock and several other identity theft protection firms erroneously alerted their customers to a breach at cloud storage giant Dropbox.com — an incident that reportedly exposed some 73 million usernames and passwords. The only problem with that notification was that Dropbox didn’t have a breach; the data appears instead to have come from another breach revealed this week at social network Tumblr
New Zero-Day Exploit Hits the Malware Market(IBM Security Intelligence) How do black-hat hackers make money from their zero-day exploits? One method is to come up with some sort of wrapper code that would deliver it. The Angler rootkit, for example, has a history of doing this; last year, it introduced four zero-days as a part of its offering while still constantly refreshing its list of new exploits
Security Patches, Mitigations, and Software Updates
Google Chrome update includes 15 security fixes(Help Net Security) Google has released Chrome 51.0.2704.79 to address multiple vulnerabilities for Windows, Linux, and OS X. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system
You Should Go Check Facebook’s New Privacy Settings(Wired) Last week, Facebook introduced a way to show ads across the web to everyone, not just its own users. At the same time, it added a new privacy setting for people already on Facebook to limit how their activity on the social network shows up in ads elsewhere. It gets confusing! Here’s what’s up
Surprise! Most IoT products have inadequate security(Help Net Security) While the IoT era of products brings innumerable advances and modern conveniences to the lives of consumers, the connected nature of these products creates unintentional ports to other sensitive and critical systems, data, and devices. When security is insufficient in even seemingly harmless household appliances, wearables, or other IoT products, it presents endemic vulnerabilities and risks
Security Threats Hiding In Plain Sight(Dark Reading) IT professionals would rather manage external threats than worry about insiders, a recent survey by Soha finds. But singular focus when it comes to security can end up being a costly mistake
Tech moguls declare era of artificial intelligence(Interaksyon) Artificial intelligence and machine learning will create computers so sophisticated and godlike that humans will need to implant “neural laces” in their brains to keep up, Tesla Motors and SpaceX CEO Elon Musk told a crowd of tech leaders this week
Cyber risks for utilities, networks, and smart factories escalate(Help Net Security) Three utilities companies in the Ukraine, the Israel National Electricity Authority and most recently a German nuclear power plant have suffered cyber attacks in recent months. As energy, transportation, telecommunication and manufacturing companies become more reliant on automation, robotics and connected networks, they are also increasingly vulnerable to cyber attacks
What is the actual value of a CISO?(Help Net Security) CISO worthFor some people, it’s hard to understand what keeps them up at night. For you, the CISO, things are much clearer. Your 3:47 am thoughts are filled with data breaches, malware, and uninterested employees
‘Vendor overload’ adds to CISO burnout(CSO) A ‘gold rush’ in the development of security products can have CISOs facing more than a thousand product pitches. Experts say the key is to focus on what an organization needs, not what vendors are selling
The 10 Baggers In Cybersecurity(Seeking Alpha) The threat to America's national security does not come from ISIS, Iran, Russia or China. It is an online hack attack. That is the view of General Keith B. Alexander, who recently retired as the head of U.S. Cyber Command after a lifetime in the intelligence business. I discovered a long time ago that a retired general can be one of the most valuable sources of information about long-term capital market trends
Rapid7 CEO Aims to Secure the Future(eWeek) Corey Thomas, CEO of Rapid7, discusses how his company is moving forward post-IPO and balancing the needs of the open-source community with growing the business
IBM bets its future on cognitive computing(Science Business) After four years of falling revenues, the old-stager of the computer industry is remaking itself around the artificial intelligence machine Watson. A new lab in Munich will spearhead the strategy of using AI to make sense of data from billions of internet-connected devices
Myntex Mitigates Massive DDoS Attacks With Radware Cloud DDoS Protection(Globe Newswire) Myntex has fought back against massive cyber-attacks it has endured from multiple, simultaneous attackers with Cloud DDoS Protection Services from Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions ensuring optimal service level for applications in virtual, cloud, and software-defined data centers
Cyber Crime in for a hard time(Times of India) Cyber-security company Symantec Corp. has announced the availability of 'Encryption Everywhere'- a website security package available through web hosting providers
Markit strengthens KY3P with BitSight Security Ratings(Finextra) MarkitMarkit (MRKT), a leading global provider of financial information services today announced a partnership with BitSight Technologies, the standard in Security Ratings, to enhance its Know Your Third Party (KY3P) platform
Securing IoT devices(SC Magazine) The Internet of Things (IoT) introduces a large number of new devices that can be a game changer for an organization, but unfortunately many are designed for convenience and functionality without security in mind
10 Ways to Prepare for Cyber-Warfare(CIO Insight) If you cannot see an attack, how are you expected to stop it? If you were a detective in the physical world, would you rather investigate a burglary using random photographs of what might have occurred, or by using surveillance video of the actual event?
The Immutability of Math and How Almost Everything Else Will Pass(Forbes) But is downplaying the importance of math a sustainable message for future generations of engineers? Right now, there’s a cultural push to untie the historical link between advanced math and programming that could partially deter engineers from entering the field. But those who have a strong foundation in math will have the best jobs of the future. Let’s stop separating math from programming for short-term relief and, instead, focus on fundamental, unchanging truths with which we’ll engineer the future
NATO Weighs Making Cyber Wartime Domain(Defense News) July’s NATO Warsaw Summit will come with a major focus on cyber-related capabilities, and could conclude with a new definition of cyberspace as a warfighting domain – reinforcing the idea that a cyber-attack on a partner could trigger an Article 5 invocation
USMC wrestles with responsibility of owning network(FCW) In 2013, the Marine Corps took ownership of its computer networks after years of relying on the Navy Marine Corps Intranet. Three years later, the Corps is still training up its acquisition personnel, whose skills had deteriorated in the dozen years prior to that seismic shift in IT management, according to Daniel Corbin, the Corps' chief technology adviser for command, control, communications and computer
Six Things You Need to Know Before Collecting Biometric Information(National Law Review) Illinois and Texas recently enacted laws regulating the collection and use of biometric information (e., information based on an individual’s biometric identifiers, such as iris scans, fingerprints, voiceprints, or facial geometry) and a number of other states, including New York and California, are considering adopting such statutes
With Remote Hacking, the Government’s Particularity Problem Isn’t Going Away(Just Security) Electronic surveillance succeeds because it is secret. When the government seeks to record “what is whispered in the closet,” in the words of Justice Brandeis, it must use clandestine methods. Since at least 1928, when Brandeis wrote his United States v. Olmstead dissent, it has been understood that unseen surveillance also provides a “subtler and more far-reaching means of invasion of privacy” than physical searches. Recognition of this dual nature — effective but invasive — has driven evolution of the law
FBI Kept Demanding Email Records Despite DOJ Saying It Needed a Warrant(Intercept) The secret government requests for customer information Yahoo made public Wednesday reveal that the FBI is still demanding email records from companies without a warrant, despite being told by Justice Department lawyers in 2008 that it doesn’t have the lawful authority to do so
Some officials worry about briefing Trump, fearing spilled secrets(Reuters) Some U.S. intelligence officials are concerned that Donald Trump's "shoot from the hip" style could pose national security risks as they prepare to give him a routine pre-election briefing once he is formally anointed as the Republican presidential nominee
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cybersecurity and Financial Services: Understanding the Risks(San Diego, California, USA, June 9, 2016) Join San Diego's KCD PR for a conversation on a hot topic for every business operating in the Fintech and Financial Services space: Cybersecurity. The nature of cybersecurity breaches is continuously changing...
Innovations in Cybersecurity Education Workshop 2016(Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity...
ISS World Europe(Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...
Data Breach & Fraud Prevention Summit Asia(Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the
New York State Cyber Security Conference(Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...
SecureWorld Portland(Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
SIFMA Cyber Law Seminar(New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...
Cleared Job Fair(Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...
SANSFIRE 2016(Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...
Show Me Con(St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...
CISO DC(Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...
Cyber Security Opportunities in Turkey Webinar(Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk.
Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks. ...
The Security Culture Conference 2016(Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...
TECHEXPO Top Secret Hiring Event(Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence,...
2016 CyberWeek(Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...
Cyber Security for Critical Assets LATAM(Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...
Cyber 7.0(Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...
Security of Things World(Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...
SANS Salt Lake City 2016(Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...
DC / Metro Cyber Security Summit(Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
TECHEXPO Cyber Security Hiring Event(Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.