Security incidents happen at the seams, between tools and teams. Unite your people, processes, and technologies behind an intelligence-driven defense. Attend this ThreatConnect webinar to learn how.
June 7, 2016.
By The CyberWire Staff
As ISIS continues to devour its leaders, facing as it does increasing pressure, the Caliphate’s rivals in al Qaeda return to Twitter. Their message is the familiar call to jihad, albeit more pedantically put than ISIS would have framed it.
More than 100 million accounts from the Russo-centric social media platform VK (formerly Vkontakte) have been leaked and are now being hawked on the dark web. Following the past three weeks’ revelations concerning LinkedIn, Tumblr, and MySpace, the incident offers another reason to change passwords (and not reuse them).
Applicants for US visas are being phished by impostors serving up a remote-access Trojan (QRAT), F-Secure reports.
Researchers at Pen Test Partners demonstrate a proof-of-concept WiFi hack of the Mitsubishi Outlander hybrid SUV. They didn’t gain access to the car’s Controller Area Network (CAN), but what they got was disturbing enough that it moved Mitsubishi to advise customers to disable their Outlander’s WiFi until a firmware update is pushed to them.
The Angler exploit kit has grown more evasive, and incorporated Silverlight and Flash exploits into it toolset.
Google fixes eight critical and twenty-eight high-risk Android vulnerabilities in its June update.
Recent attacks circumstantially linked to Pakistan lend urgency to calls in India for establishment of a cyber command.
Hamburg’s Data Protection Commissioner has assessed fines for violations of Germany’s data protection laws.
In the US, the Justice Department has offered a Federal judge a second secret filing in the FBI’s investigation of former Secretary of State Hillary Clinton’s email practices.
Today's issue includes events affecting Bangladesh, European Union, Germany, India, Japan, Democratic Peoples Republic of Korea, Malaysia, New Zealand, Pakistan, Singapore, Sri Lanka, Switzerland, United States.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. This afternoon you'll hear our conversation with Raytheon's Dave Amsler who'll take us through the results of his company's study, just released, on why, when, and how companies engage with managed security services providers. And Dale Drew from our partners at Level 3 Communications tells us about the increase in malicious traffic they're observing in Latin America. (If you feel so inclined, please give us an iTunes review.)
Security experts find hacking backdoor to Facebook Messenger(Gold Coast Bulletin) Security experts today will reveal a major flaw in Facebook Messenger that is set to have major legal ramifications, including judicial decisions being sent back to the appeal court and commercial agreements sent into disarray
100 milion VK accounts put up for sale(Help Net Security) Another “historic” mega breach has been revealed as someone who goes by the alias “Tessa88@exploit.im” has begun selling info tied to 100 milion VK accounts
Password Re-user? Get Ready to Get Busy(KrebsOnSecurity) In the wake of megabreaches at some of the Internet’s most-recognized destinations, don’t be surprised if you receive password reset requests from numerous companies that didn’t experience a breach: Some big name companies — including Facebook and Netflix — are in the habit of combing through huge data leak troves for credentials that match those of their customers and then forcing a password reset for those users
Qarallax RAT: Spying On US Visa Applicants(F-Secure: News from the Lab) Travelers applying for a US Visa in Switzerland were recently targeted by cyber-criminals linked to a malware called QRAT. Twitter user @hkashfi posted a Tweet saying that one of his friends received a file (US Travel Docs Information.jar) from someone posing as USTRAVELDOCS.COM support personnel using the Skype account ustravelidocs-switzerland (notice the “i” between “travel” and “docs”)
789% year-over-year spike in malware and phishing(Help Net Security) An analysis of phishing email campaigns from the first three months of 2016 has seen a 6.3 million increase in raw numbers, due primarily to a ransomware upsurge against the last quarter of 2015. That is a 789% jump
Ransomware Goes After Manufacturing(eWeek) A Fortinet research report finds that manufacturers are increasingly under attack from ransomware as older vulnerabilities provide easy access
What Businesses Can Learn from the SWIFT Cyber Attack(Huffington Post) Like bacteria that mutates in order to thrive against powerful antibiotics, threats in today’s cyber-environment are constantly changing to exploit new vulnerabilities. But just like antibiotics must evolve, our systems for protecting digital security - at personal, commercial and government levels - must change with the times and be equally active, robust, and innovative
Proactive threat hunting: Detect, isolate and eradicate(Help Net Security) Organizations worldwide wait until they fall victim to a damaging cyber attack before engaging a provider of managed security services, or MSS, according to Raytheon. Two-thirds of survey respondents indicated that not until there is a significant data loss from an IT security breach are their organizations motivated to engage a vendor
NZ dodges cyber attack bullet(New Zealand Herald) New Zealand is one of the least affected countries in Asia Pacific when it comes to cyber attacks, but harmful software is circulating around the globe in massive numbers
NTT Announce Formation of MSSP(Infosecurity Magazine) NTT has announced the formation of NTT Security Corporation, a specialized security company to deliver Managed Security Services (MSS) and specialized security expertise
Raytheon Hits 52-Week High on Investments, Foreign Sales(Zacks) Shares of Raytheon Company (RTN - Analyst Report) scaled a new 52-week high of $133.98 on Jun 3, before closing a little lower at $133.86. With a market cap of around $39.75 billion, the company has seen its shares gain roughly 8.7% in the past one year, outperforming the 2.7% gain of the S&P 500 over the same period
Telia Carrier and Ericsson sign global IoT backbone agreement(PRNewswire) As the Internet of Things (IoT) ecosystem continues to evolve, Telia Carrier and Ericsson have signed an agreement that highlights the critical role international carriers have to play. Telia Carrier will provide backhaul and interconnect solutions to Ericsson's Device Connection Platform via a dedicated IoT backbone
iguaz.io Unveils Worlds First Virtualized Data Services Architecture(News Channel 10) iguaz.io, the disruptive company challenging the status quo for big data, the Internet of Things (IoT) and cloud-native applications, today unveiled its vision and architecture for revolutionizing data services for both private and public clouds. This new architecture makes data services and big data tools consumable for mainstream enterprises that have been unable to harness them because of their complexity and internal IT skills gaps
0patch: Microscopic cures for big security holes(Help Net Security) Software vulnerabilities are one of today’s most significant information security issues. Disclosing high profile vulnerabilities has become tremendously rewarding, to the point that some vendors are devising marketing campaigns that include a logo and a catchy name, regardless of the seriousness of the flaw
3 ways CIOs can protect users against cyber attacks(CIO) Cyber attacks in the recent past have been causing huge losses in revenues for enterprise and also for individuals transacting online. While there have been technology developments to secure the web, the loopholes are many still, for the hackers to exploit. Mobile banking apps have been the latest hunting ground for many cyber criminals
Pathway To The New Era of Quantum Computing(CTOvision) The world of computing has witnessed seismic advancements since the invention of the electronic calculator in the 1960s. The past few years in information processing have been especially transformational
Legislation, Policy, and Regulation
New Indian Cyber Command Urged Following Recent Attacks(Defense News) Amid media reports of a suspected cyberattack by a Pakistan-based group targeting the Indian government, some officials and analysts here are calling for progress on a proposed tri-service command on cybersecurity that is still pending approval by the Ministry of Defense
Opinion: Is your data really safer in Europe?(Christian Science Monitor Passcode) The European privacy watchdog's rebuke of the EU-US data transfer deal known as Privacy Shield should prompt reforms on both sides of the Atlantic. In the meantime, we’d rather our data reside in the US, subject to publicly available legal frameworks, judicial oversight, and a strong tradition of civil society watchdogs
Sen. Whitehouse proposes cyber IG for civilian agencies(FCW) An overarching inspector general for cybersecurity would attract top-notch talent, according to Sen. Sheldon Whitehouse (D-R.I.).
There should be a single inspector general charged with auditing cybersecurity practices across federal civilian networks, according to Sen. Sheldon Whitehouse (D-R.I.). That approach would be a dramatic shift from the current practice of having each agency's IG office handle information security probes
President's Commentary: First and Foremost, Educate for Cyber(SIGNAL) When we closely examine U.S. cybersecurity policy, one point stands out. Many in the public, industry and government are not well-educated or informed about the causes and effects of our cybersecurity failings or their remedies. These knowledge gaps differ among and within each sector, but cumulatively they add up to the vulnerable state of affairs that defines securing our national cyberspace. Policy must be continually assessed, focused and adjusted to meet the needs of this dynamic domain
Three Years Later: How Snowden Helped the U.S. Intelligence Community(Lawfare) Three years ago today, The Guardian published the first story based on the huge archive of documents that that Edward Snowden stole from the National Security Agency while working as an NSA contractor. Then-Attorney General Holder’s Justice Department quickly charged Snowden with felonies for theft of government property and mishandling classified information. Last week, however, Holder praised Snowden. “I think that he actually performed a public service by raising the debate that we engaged in and by the changes that we made,” Holder said
Senior State Dept. officer, now Iran deal coordinator, deposed about Clinton email(Washington Post) A senior State Department official who oversaw executive operations during Hillary Clinton’s tenure as secretary from 2009 to 2013 told lawyers in a civil lawsuit that he was aware of her private email server, but had no reason to think it was used for government business, according to a transcript released Monday
Why legal departments begrudge the cloud(CSO) Legal professionals are by their nature a skeptical and cautious lot, but the sharp rise in cloud-based applications being used by enterprises and law firms, as well as recent high-profile law firm security breaches, has many legal professionals reticent about entering cloud engagements
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CyberTexas(San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...
BSides Canberra(Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.
ISS World Europe(Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...
Data Breach & Fraud Prevention Summit Asia(Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the
New York State Cyber Security Conference(Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...
LegalSEC Summit 2016(Baltimore, Maryland, USA, June 9 - 10, 2016) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The...
SecureWorld Portland(Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Cybersecurity and Financial Services: Understanding the Risks(San Diego, California, USA, June 9, 2016) Join San Diego's KCD PR for a conversation on a hot topic for every business operating in the Fintech and Financial Services space: Cybersecurity. The nature of cybersecurity breaches is continuously changing...
SIFMA Cyber Law Seminar(New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...
Cleared Job Fair(Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...
SANSFIRE 2016(Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...
Show Me Con(St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...
CISO DC(Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...
Cyber Security Opportunities in Turkey Webinar(Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk.
Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks. ...
The Security Culture Conference 2016(Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...
TECHEXPO Top Secret Hiring Event(Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence,...
2016 CyberWeek(Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...
Cyber Security for Critical Assets LATAM(Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...
Cyber 7.0(Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...
Security of Things World(Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...
SANS Salt Lake City 2016(Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...
DC / Metro Cyber Security Summit(Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
TECHEXPO Cyber Security Hiring Event(Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.