skip navigation

More signal. Less noise.

Economic Alliance of Greater Baltimore

Maryland leads the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers.

Daily briefing.

The "Naikon" threat group, active for more than a year in Southeast Asia, seems to have ceased operations, or at least dropped from sight, according to Kaspersky, which has been tracking them.

ISIS appears to be earning money through various forms of currency manipulation. Senior US officials have repeatedly promised over the week that American cyber attacks will substantially degrade ISIS capabilities. One wonders whether the US cyber offensive against ISIS communications (which according to reports is having effect) will eventually turn to interdiction of Halawa monetary remittance systems.

The attack on Western Ukraine's power grid last December attract further analysis. Recorded Future reports what it's learned from open sources about BlackEnergy and related attack traffic.

The Triada Trojan currently afflicting Android devices is, according to researchers at Kaspersky Labs, "as complex as any Windows malware." Kaspersky sees the growing complexity and sophistication of mobile malware as a reflection of criminals diverting their attention toward relatively poorly protected mobile devices.

Cisco updated its switches Wednesday. Among the fixes was removal of weak static credentials.

In industry news, observers are struck by a growing degree of cooperation among companies one might normally expect to have a purely competitive relationship.

In the continuing dispute between Apple and the FBI over Government OS, Apple has picked up a surprisingly large number of partisans among former senior US intelligence and security officials.

The French parliament has moved to pre-empt a similar legal face-off with legislation designed to punish companies whose encryption impeded police investigations.

Notes.

Today's issue includes events affecting Cambodia, China, France, Indonesia, Iraq, Laos, Malaysia, Myanmar, Nepal, Philippines, Russia, Singapore, Syria, Thailand, Ukraine, United Kingdom, United States, and Vietnam.

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Dateline RSA 2016

Photo gallery: RSA Conference 2016 Expo – Moscone South (Help Net Security) Here are a few photos from the Expo floor of Moscone South

Former US intelligence director backs end-to-end encryption (Irish Times) Introducing weakened iOS code would be like ‘creating a bacterial biological weapon’

Former Top Government Officials Side With Apple In FBI Legal Battle (Fortune) It’s not just technology companies and privacy groups that are siding with Apple in its legal battle with the FBI over a locked iPhone used by a terrorist during the San Bernardino attacks

RSA Conference 2016: A chat with the UK’s cyber envoy to the U.S. (Stack) Over at RSA Conference 2016, The Stack’s security editor, Richard Morrell, meets and talks with the British Cyber Envoy to the United States, and takes a deeper look at one of the most interesting British companies making an impression at San Francisco this week

Threat Intelligence: Humans turning data into actionable intelligence (CSO) It takes a human element to make real-world judgement calls on threat data

Authentication: One Size Does Not FIt All (RSA Blogs) I’ve been coming to the RSA conference on and off (mostly on) for more than 15 years, and each year there seems to be more strong authentication vendors demonstrating new and interesting approaches to authenticating end users

Researcher demonstrates hijacking of police drone (Help Net Security) A security researcher has demonstrated to the RSA Conference crowd how he – or anyone, for that matter – can take over control of a drone used by the Dutch police and make it do anything the rightful owner can

Cybercrime trends point to growing sophistication (TechTarget) Cybercrime trends point to an alarming increase in advanced social engineering techniques and customized, targeted document-based malware attacks in 2016, according to Sophos research

RSA 2016: Malware Still Prevalent on Corporate Network, Proofpoint Warns (SC Magazine) RSA 2016: Malware Still Prevalent on Corporate Network, Proofpoint Warns

Security is ‘easy': Just ask someone at RSA (We Live Security) It might seem cliché but the biggest vulnerability companies face today is not technological; it's human. Unfortunately, not much has changed in the past half-century

RSA 2016: Vendor badge scanning apps contain security bypass vulnerability (SC Magazine) Bluebox Security researchers spotted a security bypass vulnerability in the kiosk management application used on the RSA Conference 2016 vendor badge scanning devices

The Irony of Poor Security at RSA 2016 (Bluebox) “If you develop an app, it’s usually a best practice to not leave a hardcoded password in your code"

Hewlett Packard Enterprise Tech Chief Talks Up 'the Machine' (Fortune) The company’s secret cybersecurity weapon

CloudLock Launches Industry's First Adaptive CASB Security Platform (MarketWired) CloudLock unveils largest cloud security orchestration ecosystem to deliver rxpanded native CASB multi-mode offering

Trend Micro Cloud App Security integrates with Box, Dropbox and Google Drive (Help Net Security) Trend Micro announced the expansion of its Cloud App Security at the RSA Conference

Secure passwords for privileged accounts with Bomgar Vault (Help Net Security) At RSA Conference 2016 Bomgar announced the new Bomgar Vault, which helps companies secure, manage, and administer shared credentials for privileged users and IT vendors

Digital Identity Graph helps detect fraud, cyberattacks (Help Net Security) ThreatMetrix announced at RSA Conference the newest innovation in the fight against global cybercrime – the Digital Identity Graph, a framework for anonymized global digital identities on the internet

RSA: Dell SecureWorks DCEPT Delivers Honey Tokens to Hackers (eSecurity Planet) Dell launches new open source tool that uses Docker containers to help organizations identity credential thefts from memory

Graham Cluley wins top blogging award at RSA Conference (Graham Cluley) "Unaccustomed as I am to writing headlines about myself in the third person"

Comilion Selected as Hot Company for Security Collaboration by Cyber Defense Magazine (BusinessWire) Annual CDM Infosec Awards were presented at RSA Conference 2016

Cyber Attacks, Threats, and Vulnerabilities

Cyberespionage group that hit PH and Southeast Asia ‘disappears’ (Inquirer) From 2009 up to 2015, a single group of people has successfully hacked into computers of various government agencies of Southeast Asian countries and steal data without being caught

ISIS 'making millions' by gaming forex markets (CNBC) The militant group that calls itself Islamic State (ISIS) is exploiting national banking operations in Iraq and could be making up to $25 million a month in Middle Eastern money markets, according to experts

Is the Islamic State Hurting? The President’s Point Man on ISIS Speaks Out (New Yorker) For the first time since its blitz across Syria and Iraq, in 2014, the Islamic State is on the defensive in both countries

How hackers attacked Ukraine's power grid: Implications for Industrial IoT security (ZDNet) The December 2015 cyberattacks on Ukranian power utilities were rare in that actual damage was inflicted. But there's ample evidence of widespread infiltration into organisations' operational system

Shedding Light on BlackEnergy With Open Source Intelligence (Recorded Future) If you’re like me, you don’t have access to the malware samples that infected the Ukrainian ICS (industrial control system) networks. You also don’t have packet captures or event logs to try to recreate the series of events that lead to over 200,000 people losing power in late December of last year

Attacks are basically the same no matter the industry (CSO) In 2007, the Aurora generator test showed that a cyber attack could cause physical damage to a power grid, but January's attack in Ukraine awakened security professionals to the reality of the risks to the energy sector

How Stuxnet, the first weapons-grade malware, kicked off a cyber arms race (Digital Trends) How we view a weapon is always determined by who wields it, and where they’re pointing it

VulDB: Rockwell Automation Allen-Bradley Allen-Bradley CompactLogix 1769-L up to 28.010 cross site scripting (SCIP) vulnerability was found in Rockwell Automation Allen-Bradley Allen-Bradley CompactLogix 1769-L up to 28.010. It has been classified as problematic. This affects an unknown function. The manipulation with an unknown input leads to a cross site scripting vulnerability. This is going to have an impact on integrity

27 million online dating passwords allegedly sold on the dark web (Graham Cluley) Hacker says he removed four million fake profiles before selling the data to others

Android Triada trojan 'as complex as any Windows malware' (V3) Security firm Kaspersky has found a trojan that poses a risk to some 60 percent of Android devices

The continual evolution of mobile malware (Kaspersky Blog) Nowadays PCs are protected much better than before

Why Bitcoin is not the root cause of ransomware (CoinCenter) Ransomware has been around for a while—turns out it’s about twenty years older than Bitcoin—but it’s been in the news again recently because of a particularly upsetting case involving a Los Angeles Hospital

Two Castles apology after site hit by ‘cyber attack’ (Kenilworth Weekly) Organisers of the Two Castles 10k have apologised to runners after two days of persistent website issues and ‘a cyber attack from Eastern Europe’

Security Patches, Mitigations, and Software Updates

Cisco removes weak default static credentials from its switches (Help Net Security) Cisco has released on Wednesday a bucketload of software updates for a wide variety of its products, fixing vulnerabilities of different types and severity

Cyber Trends

IoT Security: Industry Finally Waking Up To The Dangers (InformationWeek) For the last several years, Internet of Things security has been one of the most hotly debated topics at Mobile World Congress. This year, however, IoT security took on a new sense of urgency as more devices are being connected and the technology turns mainstream

Cyber onslaught threatens to overwhelm healthcare (Help Net Security) Healthcare organizations average about one cyber attack per month, say the result of the recent Ponemon study on the state of cybersecurity in healthcare organizations

Marketplace

Cybersecurity no longer merger afterthought (CSO) As little as four years ago, only about a third of companies considered cybersecurity when planning a merger. Today, that percentage has flipped

Why Cybersecurity Vendors Are Teaming Up (Motley Fool) Although puzzling at first, the recent partnership announcements in cybersecurity is a good thing for the industry and investors

Deloitte Highlights Israel's Rise as 'Blockchain Hotspot' (CoinDesk) A new report from global professional services firm Deloitte focuses on Israel's development into a blockchain hub, outlining the work of a number of startups working on distributed ledger solutions across a variety of industries

Personnel rift: Job recruitment (SC Magazine) Corporate cybersecurity has a problem

Why you need more than money to get top security talent (CSO) David Darrow from CSID explains how to attract and retain security talent in highly competitive markets with something other than money

Scrambling for Cybersecurity Leaders is Big Business for Recruiters (Executive Search Review) In the mid-1990s, when Joyce Brocaglia took on her first assignment to help build an information security operation for Citibank, it was a very different world

Winners Announced for Duo's Women in Security Awards 2016 (PRNewswire) Recognizing the women who are transforming the security industry

CACI makes U.K. cyber deal (Washington Technology) While CACI International may be digesting its largest acquisition ever – the $550 million purchase of L-3 national security business – its U.K. subsidiary has shown the copy is always on the look out for another deal

Q&A: Bruce Schneier on joining IBM, IoT woes, and Apple v the FBI (Register) It's going to get worse before it gets better

Finland's F-Secure looks for cyber growth, acquisitions (Reuters) Finnish data security company F-Secure (FSC1V.HE) is seeking to grow in the European cyber security market with the help of acquisitions, its chief executive said

OATI Counsel Jerrod Montoya Elected President of InfraGard Minnesota Members Alliance (PRWeb) Open Access Technology International, Inc. proudly announces the election of Jerrod Montoya to lead InfraGard Minnesota Members Alliance

Engility appoints former Raytheon executive Lynn Dugle as CEO (Lawyer Herald) Engility Holdings Inc. has announced its new CEO after Tony Smeraglinolo stepped down. It declared former Raytheon Intelligence, Information and Services president Lynn Dugle for the job aiming for organic growth and repayment of debt

Products, Services, and Solutions

Check Point Unveils Powerful New Management Platform, Simplifying Complexity of Security through Consolidation (CSO) Built from the ground-up, the new R80 security platform revolutionises the way IT leaders can better consolidate processes, policies and technology for smarter, more proactive protection

FireEye Unveils Mandiant Cyber Assessment Service for Industrial Control Systems (GovConWire) FireEye (Nasdaq: FEYE) will offer a new cybersecurity assessment service to help operators of industrial control systems determine risks in their network environments, ExecutiveBiz reported Tuesday

Technologies, Techniques, and Standards

Five things to consider before building a threat intelligence program (CSO) Threat intelligence isn't easy, but there are some things and organization can do to get a program started

Make threat intelligence meaningful: A 4-point plan (InfoWorld) Threat intelligence is a hot topic, but it requires a ton of work to be operational and effective. Here's how to steer clear of the traps

Panda Security Guide Helps Businesses Avoid Cyber-Extortion (eWeek) The report defines cyber extortion as a form of blackmail in which victims of an IT attack are forced to pay to avoid its effects

4 healthcare data breach lessons to take to heart (Becker's Health IT and CIO Review) Hospitals, health systems, payers and any organization with stewardship of healthcare data are prime targets for cyberattacks

HIMSS16: Cybersecurity success hinges on strength of CISO-CMIO relationship (FierceHealthIT) A hospital's success in cybersecurity is only as good as the relationship between its chief information security officer and its chief medical information officer, according to Hospital Corporation of America CISO Paul Connelly

10 Ways to Help Our Parents With Online Security (Heimdal) My parents are bright, intelligent people, curious to explore how modern stuff works

Design and Innovation

Is DevOps the Holy Grail for information security? (CSO) DevOps is the computing philosophy that, through unified agile software development and business operations, you can improve your products and time to market. But does it actually improve information security?

Research and Development

These engineers are developing artificially intelligent hackers (Guardian) In a sign of the autonomous security of the future, a $2m contest wants teams to build a system that can exploit rivals’ vulnerabilities while fixing its own

China's Quantum Satellite Could Change Cryptography Forever (Popular Science) Quess could hold the key to uncrackable communications

What is Quantum Cryptography? (Popular Science) And can it make codes truly unbreakable?

Academia

College Hackers Compete to Shine Spotlight on Cybersecurity (ABC News) Students from MIT and Britain's University of Cambridge will spend the weekend hacking one another's computers, with the blessing of their national leaders

Legislation, Policy, and Regulation

French parliament votes to penalise smartphone makers over encryption (Guardian) Deputies move to punish companies that refuse to hand over encrypted data in wake of US legal battle between Apple and FBI

Banks' Hands Tied as Basel Tightens Rules on Operational Risk (BloombergBusiness) Banks’ options for gauging the risk of incurring losses from events such as fraud, cybercrime and litigation are set to shrink as the Basel Committee on Banking Supervision tries to stop firms gaming the rules

US says cyber battle against ISIS will 'black these guys out' (CSO) The action against ISIS is the first time the DOD has acknowledged an active offensive cybercampaign

2013 Amendments to Wassenaar Arrangement Need Rewording, US State Dept. Concedes (The Wire) The US Department of State agreed on March 1 to renegotiate the terms of an international agreement that were found to severely impinge on software development, signalling a victory for cybersecurity researchers

US to renegotiate rules on exporting “intrusion software” (Ars Technica) Inter-agency panel decides just fixing US implementation of export controls isn't enough

Apple, FBI, Congress: 5 Burning Questions Raised (InformationWeek) As Apple and the FBI struggle over matters of encryption, privacy and security, a House Judiciary Committee hearing helped to highlight several questions in need of answers

DHS cyber official: Federal CISO needs legal authority (FedScoop) The federal CISO will elevate the voice of agency CISOs. But without legal backing, they will have trouble getting the same seat at the table that CIOs have now, DHS' Mark Kneidinger said

Integration of Cyberspace Capabilities Into Tactical Units (Military Spot) The Army’s efforts to integrate operational cyberspace capabilities into its tactical units took another big step forward during a recent training rotation at the National Training Center at Fort Irwin, California

Litigation, Investigation, and Law Enforcement

San Bernardino prosecutor raises concerns about ‘cyber pathogen’ in terrorist's iPhone (CSO) Experts are questioning whether such a thing as a 'cyber pathogen' at all exists

Op-Ed: Apple Shows Why the All Writs Act Cannot Decide The Encryption Debate (Legaltech News) Judge Pym's order could represent a disruption in Apple’s business and therefore an unreasonable burden

Rep. Issa Criticizes FBI's Strategy To Get Into Terrorist's iPhone (NPR) David Greene talks to Rep. Darrell Issa about his perspective on encryption, specifically the showdown between Apple and the FBI over unlocking the iPhone of one of the San Bernardino shooters

NSA Is Mysteriously Absent From FBI-Apple Fight (Intercept) The Federal Bureau of Investigation insisted that it was helpless

Cybersecurity and the Internet of Things (Lexology) The "Internet of Things", commonly referred to as the "IoT", is a phrase that loosely describes the growing body of Internet-connected devices, gadgets, and other items that do not fit the traditional concept of a "computer"

Report: FBI Investigating Whether Clinton Aides Retyped Classified Info Into Emails (Washington Free Beacon) In its investigation into whether classified information was sent using Hillary Clinton’s private email server, the FBI is reportedly looking at whether aides to the former secretary of state retyped information from classified sources into emails then sent to Clinton’s unsecured system

State Dept. Releases Personnel File For Hillary’s Private Server Technician (Daily Caller) The State Department has released the personnel file for Bryan Pagliano, the IT worker who managed Hillary Clinton’s private email server

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Chicago Summit (Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Navigating Summit 2016 (Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...

CISO Atlanta Summit (Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

SANS 2016 (Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 ...

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM),...

Pwn2Own 2016 (Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...

Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents...

ICCWS 2016 (Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that...

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, March 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce.

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.