Maryland leads the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers.
March 3, 2016.
By The CyberWire Staff
The Ivano-Frankivsk grid hack remains a matter of intense interest. Investigation indicates that the attackers (described by observers as disciplined and sophisticated) ran a patient campaign to establish persistence in the Ukrainian utility's network and harvest control system credentials used to produce rolling blackouts in late December.
The consensus on the DROWN vulnerability is that the SSL hole is bad enough, but not quite so bad as Heartbleed.
Researchers report that Schneider Electric’s StruxureWare Building Operation software suffers from weak default credentials and a command execution bug that could enable minimally skilled hackers to disrupt building security systems.
The US continues to pursue ISIS in cyberspace, intent on disrupting the Caliphate's communications infrastructure. Effective cyber capabilities are beginning to make their appearance at the tactical level—special operations forces, specifically including the US Navy's SEALs, are taking an increasing interest in social media as vehicles for counter-ISIS information operations.
The ACLU, in an amicus brief filed regarding the FBI's request that Apple assist in giving them access to an iPhone used by a San Bernardino shooter, warns that if the Department of Justice has its way, we can all forget about trusting future software updates. What assurance, they ask, will users have that they're not being pushed another Government OS?
The pay card breach at Wendy's chain restaurants produces significant debit card losses. Credit unions are believed especially affected.
Google has issued a Chrome update.
Skids are now trying to extort Bitcoin payments from the wives of Ashley Madison customers.
Today's issue includes events affecting Iraq, Russia, Syria, Ukraine, United States.
2016 National Conference of Minority Cybersecurity Professionals(Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.
Women in Cybersecurity (WiCYS) 2016(Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.
At RSA, Carter Calls for Help with Data Security(Defense News) US Secretary of Defense Ash Carter said Wednesday that the Pentagon understands it is lagging behind the commercial sector when it comes to best practices for protecting its data
OPM hack might not have been illegal(Federal TImes) Last year, President Barack Obama and Chinese President Xi Jinping signed an agreement to prevent hacking between the countries focused on the theft of intellectual property, otherwise known as economic espionage. During a panel at the 2016 RSA Conference in San Francisco, current and former federal officials made a distinction between hacking for economic purposes as opposed to more traditional espionage between nations
RSA 2016: Cryptographers enter cyber security debate(Jane's) Cryptographers debated the future of mobile device security at the 2016 RSA Conference in San Francisco, California, on 1 March, as the US Department of Justice pushes mobile and software manufacturer Apple to unlock an iPhone for national security authorities
Only one in five orgs set up to securely manage user identities(Help Net Security) As organizations seek to capitalize on digital opportunities through rapidly developing and hosting new services online, they frequently under-invest in adequate cybersecurity measures creating significant risks, in particular governing user access
Which passwords to avoid for Internet-facing systems?(Help Net Security) For the last year or so, Rapid7 has been collecting login credentials via “Heisenberg,” a network of low-interaction honeypots that the company has set up to analyze login attempts by random, opportunistic actors
Barracuda showcases new firewall for IoT applications and deployments(Help Net Security) At RSA Conference, Barracuda announced it has expanded its next-generation firewall product family with the addition of the new Barracuda NextGen Firewall S-Series, which is designed to empower customers to connect thousands of machine endpoints, such as ATM machines or other remote devices, enabling new ‘Internet of Things’ applications and deployments
Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid(Wired) It was 3:30 p.m. last December 23, and residents of the Ivano-Frankivsk region of Western Ukraine were preparing to end their workday and head home through the cold winter streets. Inside the Prykarpattyaoblenergo control center, which distributes power to the region’s residents, operators too were nearing the end of their shift. But just as one worker was organizing papers at his desk that day, the cursor on his computer suddenly skittered across the screen of its own accord
Researchers discover major security breach in 3D printing technology(Neowin) Researchers from the University of California, Irvine have discovered what may amount to a major security breach in the 3D printing process: the source code of any 3D printer can be easily recorded and reverse engineered, allowing hackers to reverse-engineer 3D-printed objects and potentially engage in corporate espionage
Credit Unions Feeling Pinch in Wendy’s Breach(KrebsOnSecurity) A number of credit unions say they have experienced an unusually high level of debit card fraud from the breach at nationwide fast food chain Wendy’s, and that the losses so far eclipse those that came in the wake of huge card breaches at Target and Home Depot
Kaspersky Lab Denies Being a Threat to US Security(Prensa Latina) The Kaspersky computer security laboratory denied today that its products might serve the hackers to damage large networks of industrial computers in the United States, according to US media
Pentagon Cyber Campaign Against ISIS Signals A New Era In Warfare(Forbes) Secretary of Defense Ashton Carter and Joint Chiefs Chairman Joseph Dunford revealed on Monday that the military has launched a cyber campaign against the ISIS terrorist group aimed at disrupting its communications and impeding the extremist organization’s ability to coordinate operations. Although few details of the campaign were disclosed, Secretary Carter acknowledged that using digital weapons to disrupt enemy operations is “something new in warfare” that could not have occurred a generation ago
What the Cybersecurity National Action Plan gets right(Federal Times) On Feb. 9, President Barack Obama released his Cybersecurity National Action Plan, which many accurately described as the culmination of seven years of this administration’s work on a dynamic and critical topic
Cybersecurity Information Sharing Act (CISA) Guidelines: Privacy and Civil Liberties Interim Guidelines for Federal Agencies(National Law Review) Last week, we discussed the Federal government’s first steps toward implementing the Cybersecurity Information Sharing Act (CISA). Among the guidance documents released by the Department of Homeland Security and the Department of Justice were the Privacy and Civil Liberties Interim Guidelines. This guidance is designed to apply Fair Information Practice Principles (FIPPs) to Federal agency receipt, use and dissemination of cyber threat indicators consistent with CISA’s goal of protecting networks from cybersecurity threats
FBI Agent Testifies About Undercover Role in Terror Probe(ABC News) A Los Angeles undercover FBI agent posing as an Islamic State sympathizer testified Wednesday at a terrorism trial that a U.S. Air Force veteran revealed that he expected to be arrested when he returned to the United States from a trip to the Middle East
Justice Dept. grants immunity to staffer who set up Clinton email server(Washington Post) The Justice Department has granted immunity to a former State Department staffer, who worked on Hillary Clinton’s private email server, as part of a criminal investigation into the possible mishandling of classified information, according to a senior law enforcement official
Cyberstalker sentenced to 10 years in prison(Help Net Security) Michael Daniel Rubens, 31, formerly of Tallahassee, was sentenced today to 10 years in prison, a $15,000 fine, and $1,550 in restitution for cyberstalking, unauthorized access to a protected computer, and aggravated identity theft
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
International Academic Business Conference(New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...
CISO Chicago Summit(Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
Navigating Summit 2016(Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...
CISO Atlanta Summit(Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...
The Atlantic Council's Cyber 9/12 Student Challenge(Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
SANS 2016(Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21
Pwn2Own 2016(Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...
Insider Threat Symposium & Expo™(San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents...
ICCWS 2016(Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
CISO Summit France(Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...
Risk Management Summit(New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...
Artificial Intelligence and Autonomous Robotics(Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that...
Commonwealth Cybersecurity Forum 2016(London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...
Black Hat Asia 2016(Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...
SecureWorld Boston(Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...
Insider Threat Summit(Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...
TU-Automotive Cybersecurity USA 2016(Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.
Women in Cyber Security 2016(Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.