Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over 4 million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions. Learn more at cylance.com
June 14, 2016.
By The CyberWire Staff
Investigation into the Orlando massacre continues, and the expected online spoor of jihadist radicalization surfaces. The inspiration ISIS provides online obviates most need for traditional command-and-control, and its success depends not at all on conventional post-modern promises of comfort, the good life, etc. The message is death, the promise transcendence.
Unusually repellent scammers have already opened false donation sites asking for Bitcoin on behalf of victims. Give warily and selectively.
A Kurdish hacktivist has (arguably unhelpfully) defaced Dell subdomains in Europe with messages denouncing the Turkish Republic and the Islamic State.
The North Korean hack of South Korean enterprises seems to have been a mixture of espionage and document destruction. Concerns that this was battlespace preparation for a wider, more serious attack, persist.
The Molerats Palestinian hacktivists, were discovered and identified when security firm ClearSky found that one of the Molerats malware developers had neglected to erase the properties of a Word document.
Developments in the cyber criminal market include an uptick in mobile app collusion (manipulation of several apps in an attack on smartphone users), new capabilities and targets for the Vawtrak banking Trojan, the apparent (and unexplained) fall from criminal favor of the Angler exploit kit (business has shifted to Neutrino), and a bear market in Windows zero-days.
Samsung fixes a takeover issue in its PCs.
Microsoft will patch later today.
Symantec’s acquisition of Blue Coat prompts M&A speculation about CyberArk, Check Point, FireEye, Imperva, and Proofpoint. ManTech is acquiring the computer network operations practice of Oceans Edge.
Today's issue includes events affecting China, France, India, Iraq, Ireland, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Kosovo, Netherlands, Palestinian Territories, Syria, Tunisia, Turkey, United Kingdom, United States.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, Ben Yelin from the University of Maryland's Center for Health and Homeland Security discusses a recent ruling limiting the FBI’s ability to use hacking to gather evidence. And our guest, Zscaler's Deepen Desai gives us some insight into malicious Microsoft macros. (If you feel so inclined, please give us an iTunes review.)
The dynamics of mobile app collusion and malicious activities(Help Net Security) Mobile app collusion happens when cybercriminals manipulate two or more apps to orchestrate attacks on smartphone owners. McAfee Labs has observed such behavior across more than 5,000 versions of 21 apps designed to provide useful user services such as mobile video streaming, health monitoring, and travel planninging, and travel planning
Vawtrak banking Trojan shifts to new targets(Help Net Security) The Vawtrak banking Trojan (aka Snifula) is slowly but surely becoming a serious threat. With version 2, the malware has acquired the capability to target even more users, a modular architecture, and better obfuscation
ATM Insert Skimmers In Action(KrebsOnSecurity) KrebsOnSecurity has featured several recent posts on “insert skimmers,” ATM skimming devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot. I’m revisiting the subject again because I’ve recently acquired how-to videos produced by two different insert skimmer peddlers, and these silent movies show a great deal more than words can tell about how insert skimmers do their dirty work
Cytegic Special Intelligence Update: UEFA Euro 2016 Cyber Threat Landscape(Cytegic) The following report represents the most interesting and active cyber-trends that DyTA analyzed in advance of the UEFA Euro 2016 tournament in France, which starts June 10th and runs through July 10th. As part of our research, we have analyzed key trends around similar major sporting events over the past 12-18 months that display consistent, repeatable trends and patterns
Security Patches, Mitigations, and Software Updates
12 Tips for Securing Cyber Insurance Coverage(Dark Reading) As cyber insurance grows more available and popular it is also becoming increasingly complex and confusing. Our slideshow offers guidelines on how to get insurance, get decent coverage, and avoid limitations in coverage
Symantec To Buy Blue Coat; Are CyberArk, Imperva, Proofpoint Next?(Investor's Business Daily) No. 3 cybersecurity firm Symantec (SYMC) could overtake rivals Check Point Software Technology (CHKP) and Palo Alto Networks (PANW) in terms of market cap, thanks to its $4.65 billion plan to acquire privately held Blue Coat Systems, a cloud security firm
UAE- EFS Facilities Services acquires SecurePlus(Khaleej Times) EFS Facilities Services, a regional leader in delivering integrated facilities management services across the Middle East, Africa, South Asia and Turkey, announced on Sunday the acquisition of SecurePlus, a UAE-based security services provider established in 2005
AI-based cybersecurity startup reaches $1B valuation(CIO Dive) Cylance announced it successfully raised $100 million in Series D funding. The latest round places Cylance in the 'unicorn' club of young companies with $1 billion valuations. The company’s CylancePROTECT product uses artificial intelligence to predict how cybercriminals can attack networks
Wombat Security Selected as a 2016 Red Herring Top 100 North America Winner(Marketwired) Wombat Security Technologies ("Wombat"), the leading provider of SaaS-based cyber security awareness and training solutions, today announced that it has been selected as a winner of Red Herring's Top 100 North America award, a prestigious list recognizing the leading private companies from the North American business region that celebrates startups' innovations and technologies across their respective industries
Salesforce.com Appoints Trey Ford As Security Head(CXOtoday News Desk) Computer hacking expert, Trey Ford will be joining Salesforce.com as head of trust starting Monday. He will be a part of the company’s Heroku unit and will address its cyber security and reliability related requirements
VMWare Beefs Up Security, Workspace ONE, Acquires Arkin(Marketwired via Channel Partners) VMware, Inc. (NYSE: VMW), a global leader in cloud infrastructure and business mobility, today announced five leading cloud access security broker (CASB) leaders have joined the Mobile Security Alliance. The addition of Blue Coat Systems, Inc., CloudLock, Netskope, Palo Alto Networks and Skyhigh Networks adds to the growing support from security industry leaders for the VMware AirWatch® Enterprise Mobility Management™ (EMM) platform to collaboratively solve the challenge of mobile and cloud security
MobileIron Provides Mobile Security for Munich Airport(PRNewswire) Mobile enterprise security leader MobileIron (NASDAQ: MOBL) ensures that Munich Airport employees can safely use the organization's growing number of applications on their mobile devices. The focus of the mobile initiative is securely mobilizing intranet and SAP processes
PCI DSS 3.2: The evolution continues(CSO) The security standard for the payment card industry remains controversial, but even critics have welcomed some of the new requirements – especially expanded multi-factor authentication
China, US Hold Talks to Bridge Cybersecurity Differences(AP via ABC News) Chinese and American officials said Tuesday they're committed to bridging their differences on cybersecurity and moving to implement recent agreements, as they held talks amid complaints over China-based hacking operations that the U.S. says may have already cost U.S. companies tens of billions of dollar
House Homeland Security Committee Approves Slew of Cybersecurity Proposals; Moves for the Creation of New Cybersecurity Agency(Cyber Security Caucus) The U.S. House of Representatives Homeland Security Committee approved four cyber-security related bills on Wednesday, including one which could create a new federal cybersecurity agency. Most significantly, the Committee unanimously approved H.R. 5390 – a bill which aims to transform the Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) into a full-blown operational agency. The proposed Cybersecurity and Infrastructure Protection Agency would “realign and streamline” federal cybersecurity initiatives, and implement the Cybersecurity Information Sharing Act (CISA), which passed in December
Presidential Candidates Told to Prioritize Internet Freedom(Motherboard) A coalition of leading public interest and civil rights groups on Monday released an internet policy platform designed to pressure the 2016 presidential candidates into prioritizing online free speech, access, privacy, and openness
How Did the FBI Miss Omar Mateen?(Foreign Policy) Law enforcement did all it could, but post-9/11 restrictions on “probable cause” limit the FBI’s ability to investigate would-be terrorists
In Orlando, as in Fort Hood, FBI might have missed signs(Austin American Statesman) As they did eight years earlier in the Fort Hood shootings, federal investigators looking into Orlando, Fla., nightclub shooter Omar Mateen cleared a terrorism suspect who went on to commit mass murder
Omar Mateen may not have understood the difference between ISIS, al-Qaeda and Hezbollah(Wahington Post) In the early hours of Sunday morning, Omar Mateen killed at least 49 people during an attack on the popular gay nightclub Pulse in Orlando. During the attack, Mateen placed a 911 call and told the operator that his actions were motivated by his hardcore Islamist beliefs. However, Mateen's comments about Islam suggested that while his viewpoints were no doubt extreme, they were also confused, perhaps even incoherent
Nominations are now open: National Cyber Security Hall of Fame(Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry.
SANSFIRE 2016(Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...
Show Me Con(St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...
CISO DC(Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...
Cyber Security Opportunities in Turkey Webinar(Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk.
Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks. ...
The Security Culture Conference 2016(Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...
TECHEXPO Top Secret Hiring Event(Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence,...
2016 CyberWeek(Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...
Cyber Security for Critical Assets LATAM(Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...
Cyber 7.0(Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...
Security of Things World(Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...
SANS Salt Lake City 2016(Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...
DC / Metro Cyber Security Summit(Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
TECHEXPO Cyber Security Hiring Event(Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.