The Panama Papers are expected to be released later today in the form of a searchable online database. Personal information thought potentially valuable to criminals, or unduly injurious to individuals’ privacy, will be redacted or otherwise rendered accessible, the ICIJ says. Canadians and New Zealanders are among the groups expected to suffer some degree of exposure.
OpIcarus continues to work its disruptive way into more banking sites, still poking around Mare Nostrum, but extending its reach to banks in Panama, Kenya, and the Bailiwick of Guernsey.
The hackers responsible for a breach at Qatar National Bank (thought to be members of a Turkish group, but the identification remains obscure) appear to have hit the UAE’s InvestBank with publication of similar information.
India accuses Pakistan’s ISI of trolling the Indian military with spyware-bearing gaming and music apps.
The US command responsible for doing things to ISIS has gone coy about cyber operations. The public spokesman for Operation Inherent Resolve is on Reddit, riffing on Fight Club’s rules. That the information operations battle will be a tough one for anti-ISIS forces is suggested by, first, widespread suspicion among Iraqis that ISIS is really a wheels-within-wheels American cat’s paw, and, second, ISIS’s angry engagement with Islamic theologians (in which disputes Ibn Rushd would have recognized resurface).
Cyber security stocks were clobbered in the market late last week, as investors found reports from bellwethers FireEye, Imperva, and CyberArk disappointing.
Twitter tells Dataminr to stop providing its social media feeds to the US Intelligence Community.
Today's issue includes events affecting Australia, Bosnia and Herzegovina, Brazil, Canada, China, France, Bailiwick of Guernsey, India, Iraq, Ireland, Israel, Kenya, Kyrgyzstan, Maldives, Netherlands, New Zealand, Pakistan, Panama, Qatar, Russia, Syria, Tajikistan, Turkey, United Arab Emirates, United Kingdom, United Nations, United States.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Ben Yelin of the University of Maryland's Center for Health and Homeland Security reviews the ways in which law struggles to keep pace with technology's advance.
OpIcarus Finds More Targets as Banks in Panama, Bosnia and Kenya Go Offline(Hack Read) It’s been over a week since Anonymous and Ghost Squad began conducting cyber attacks on banking websites worldwide. It’s the weekend now but the hacktivists aren’t taking a break; while you were sleeping they conducted distributed denial-of-service DDoS attacks on the websites of four International banks including the central bank of Kenya, National Bank of Panama, Central Bank of Bosnia and Herzegovina and Maldives Monetary Authority
UAE InvestBank Hack: Leaked Data showing passport and Credit Card Detail(Hack Read) A data file that shows and holds sensitive financial data has been published. The data, 10GB in size, was published online and seems to have been taken from a bank that is in the United Arab Emirates. The Zip file for first analysis shows that the financial information is from tens of thousands of customers with the InvestBank, which is based in Sharjah
US struggles to convince Iraqis it doesn't support IS(AP) For nearly two years, U.S. airstrikes, military advisers and weapons shipments have helped Iraqi forces roll back the Islamic State group. The U.S.-led coalition has carried out more than 5,000 airstrikes against IS targets in Iraq at a total cost of $7 billion since August 2014, including operations in Syria. On Tuesday a U.S. Navy SEAL was the third serviceman to die fighting IS in Iraq. But many Iraqis still aren't convinced the Americans are on their side
Cyber in Operation Inherent Resolve? Think ‘Fight Club.’(C4ISR & Networks) The fight against the Islamic State group, known alternately as ISIS, ISIL and Daesh, involves numerous approaches, facets, partners, tools and weapons. But if any of those involve cyber, the top spokesman for the operation isn’t saying so
Fighting the Islamic State(Defense News) Daveed Gartenstein-Ross, senior fellow at the Foundation for the Defense of Democracies, discusses the Pentagon’s strategy to combat ISIS
Islamic State's Recruitment Strategy(Defense News) Daveed Gartenstein-Ross, senior fellow at the Foundation for the Defense of Democracies, discusses the Pentagon’s strategy to combat ISIS and its recruitment strategy
Did China Just Steal $360 Billion From America?(Forbes) “The FBI has obtained information regarding multiple malicious cyber actor groups that have compromised sensitive business information from U.S. commercial and government networks through cyber espionage,” warned the law enforcement agency on the 2nd of this month. At about the same time, the Department of Homeland Security and the Defense Security Service of the Department of Defense issued similar alerts
40 million User Data from Adult Social Network Emerges on Dark Net(Hack Read) Fling.com (NSFW), an adult social network has apparently been hacked and as a result login credentials of 40,769,652 registered users have been stolen and available for sale on the Dark Web by a hacker calling himself by a vicious hacker known as “Peace of mind"
Rio Olympics Likely a Magnet for Cybercriminals(Wall Street Journal) As cybercriminals gear up for action ahead of the summer Olympic and Paralympic Games, host country Brazil and the Rio Games’ global sponsors are bracing for countless virtual showdowns
New ransomware modifications increase 14%(Help Net Security) Kaspersky Lab detected 2,896 new ransomware modifications during the first quarter, which is an increase of 14 percent on the previous quarter. In addition, the number of attempted ransomware attacks increased by 30 percent
Hotel malware caught checking in(Enterprise Times) Less than a week after warning that hotels were being constantly targeted by hackers, Panda Security managed to catch an attack in the act. The attack came in the form of a phishing email to an employee at an unnamed hotel and was, according to a Panda Security press release, captured by its Adaptive Defence 360 security software
Power networks on high alert amid cyber threats(Sydney Morning Herald) Electricity network companies face having to further beef up their defences against cyber attacks as the rise of small-scale renewable power generation increases the vulnerability of the grid to attack
Crooks Grab W-2s from Credit Bureau Equifax(KrebsOnSecurity) Identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees on Thursday
Internet of Fail: How modern devices expose our lives(Help Net Security) Should you sync your family’s calendar to your refrigerator or have it display photos? Samsung believes you should. They also think you need cameras that display the food inside, to help during shopping. Sure, these features can make life easier, but how would you feel about someone accessing this information? What could a stranger do if he knew you’re out of the house tomorrow night?
How small businesses approach risk mitigation and response(Help Net Security) CSID released the findings of a survey recently conducted for small businesses (under 10 employees) to determine sentiment and concerns from small business owners around cyber security and how this population is approaching risk mitigation and response
Don't Just Click, It Could be a Trick(Slam the Online Scam) According to the National Cyber Security Alliance, an astonishing one in five small businesses falls victim to cyber crime each year
Cybersecurity stocks sell off after FireEye, Imperva, and CyberArk report(Seeking Alpha) Palo Alto Networks (PANW -3.7%), Proofpoint (PFPT -3.6%), Rapid7 (RPD -2.1%), Identiv (INVE -7.5%), and Vasco (VDSI -3.1%) are selling off after security tech peers FireEye (down 18.8%), Imperva (down 25.2%), and CyberArk (up 1.5%) delivered their Q1 reports.FireEye, likely the biggest culprit behind the selloff, posted mixed Q1 results (sales missed, EPS beat), offered light Q2 and full-year revenue guidance (full-year billings guidance was affirmed), and announced (as part of a larger management shakeup) Kevin Mandia is replacing Dave DeWalt as CEO
Veering Off Topic With CloudLock CEO Gil Zimmermann(Xconomy) Next up in my series of meandering conversations with tech leaders: CloudLock CEO Gil Zimmermann. Zimmermann co-founded the cloud security software company in 2007 as Aprigo and shifted it to its current name and product focus in 2011. The firm, based in Waltham, MA, has raised some $35 million from investors, and its products are now being used by more than 6 million employees of large enterprise companies, according to CloudLock’s website
CSRA Alliance for Fort Gordon gets new director(Augusta Chronicle) The CSRA Alliance for Fort Gordon, the region’s military advocacy organization, announced Friday that retiring Executive Director Thom Tuckey will be replaced by a 32-year Army veteran whose last assignment was serving as senior enlisted adviser to Fort Gordon’s commanding general
Products, Services, and Solutions
Inmarsat plans to launch cyber security app(Marine Electronics & Communications) Inmarsat is planning to launch a cyber security service as the first application on its new Fleet Xpress satellite communications solution for shipping. The London-based company has been working with Singapore Telecommunications (Singtel) to develop a specialised application for reducing the risk of cyber attacks on ships
Microsoft-Centric Innovators Gridstore and 5nine Software Showcase Advanced Security With HyperConverged Infrastructure(Marketwired) Gridstore®, the leader in hyper-converged all flash infrastructure for the Microsoft Cloud-Inspired Datacenter and 5nine Software, the leading global Hyper-V virtualization security and management provider, today announced they will be presenting their recently launched integrated solution that delivers advanced security for hyperconverged infrastructure at the upcoming Microsoft Cloud and Hosting Summit, May 10-12 at the Hyatt Regency in Bellevue, Washington
FedRAMP Authorization Given to Dell Services Federal Government’s Cloud(Washington Executive) On April 22nd Dell Services Federal Government’s (DSFG) cloud offering received the Federal Risk and Authorization Management Program (FedRAMP) authorization which means that Dell Cloud for U.S. Government (DSG), DSFG’s multi-tenant cloud platform has met the security standards and requirements of the Federal Information Security Management ACT (FISMA)
ZENEDGE Open Sources Linux Kernel Extension for Cybersecurity(PRWeb) ZENEDGE, a leading provider of cloud-based, Artificial Intelligence (AI) driven cybersecurity solutions, announced today that the Company is contributing a Linux kernel extension called Zentables-addons to open source, developed to increase the capacity to block IP addresses behind an HTTP load balancer, such as HA Proxy or Amazon ELB
PCI DSS 3.2: Making the Move to MFA(Dark Reading) PCI DSS has always required that any untrusted, remote access into the cardholder data environment use multi-factor authentication. Now version 3.2 takes it one step further
Banks work around the clock to thwart cyber crooks(Las Cruces Sun-News) The Department of Homeland Security in 2004 deemed October as National Cyber Security Awareness Month — a time to raise public consciousness about the ever-more-sophisticated ways in which criminals are trying to steal from working people, businesses and the financial institutions in which they put their money for safekeeping
Changing Your Password Too Often Exposes You to Hackers(Biz Tech Mojo) Security experts often advise computer users to update their passwords periodically to stay safe from hackers but surprisingly, a Britain's security service claims that your online data is even safer if you avoid changing your password routinely
Prep for next-gen encryption should start yesterday(GCN) The National Institute of Standards and Technology is getting nervous about quantum computers and what they might mean for the cryptographic systems that protect both public and private data. Once seen as far off -- if not borderline science fiction -- quantum computing now seems a much closer reality
Research and Development
IARPA funding brings ideas ‘from disbelief to doubt’(Federal Times) The Intelligence Advanced Research Projects Activity has opened up its annual broad agency announcement calling for submissions of the most bleeding-edge technologies and ideas the private sector has to offer
Microsoft to speak about ‘Digital Terror’ at Security Council Meet(Go Android Apps) Microsoft to speak about ‘Digital Terror’ at Security Council Meet: From the UN Security Council Microsoft has accepted the invitation to address a special debate next week on the counter- terrorism and confronting the ‘digital terror’, UN diplomats said
France beefs up defences against corporate espionage(Financial Times) France is boosting its fight against corporate espionage after belatedly realising that some of its largest trading partners have been extensively spying on its companies, according to the country’s corporate intelligence chief
Obama's Cyberdoctrine(Foreign Affairs) As the administration of U.S. President Barack Obama begins to wind down, much of Washington’s national security community is working to deliver the next president with fresh ideas on cybersecurity. No matter what these groups recommend, the next president would do well to recognize that the Obama administration has found what is likely the only workable strategy: making it a private sector responsibility
State's school for cyber(FCW) Training State Department Foreign Service officers on cybersecurity is expensive, time consuming, and a logistical headache. But the department's top cyber official says that it's a critical investment in overseas work
Hacker Lexicon: Stingrays, the Spy Tool the Government Tried, and Failed, to Hide(Wired) Stingrays, a secretive law enforcement surveillance tool, are one of the most controversial technologies in the government’s spy kit. But prosecutors and law enforcement agencies around the country have exerted such great effort to deceive courts and the public about stingrays that learning how and when the technology is used is difficult
Tajikistan Detains Four Alleged Islamic State Supporters(Radio Free Europe/Radio Liberty) Tajik authorities say they have detained four suspected supporters of the Islamic State (IS) extremist group who were allegedly planning to carry out terrorist attacks in the country during the celebrations marking Victory Day on May 9
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
IP EXPO Europe(London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own...
MCRCon 2016: Some Assembly Required(Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...
CISO UK(London, England, UK, May 10, 2016) We're in an historic transition — one marked by challenges, but filled with possibility. Preparing for the upturn and making the right decisions in times of change can better position your enterprise...
SecureWorld Houston(Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Guarding the Grid(Washington, DC, USA, May 12, 2016) Protecting the power grid from today's cyber threats has become one of the nation's top national security priorities. Nowhere was this more evident than in the aftermath of the cyberattack in Ukraine that...
Telegraph Cyber Security(London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity
DCOI 2016(Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...
ISSA LA Eighth Annual Information Security Summit(Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...
HITBSecConf2016 Amsterdam(Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth...
Enfuse 2016(Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...
Cybersecurity Law Institute(Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...
4th Annual Cybersecurity Law Institute(Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...
SecureWorld Atlanta(Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.