More emerges on the FBI's renewed investigation of emails that allegedly transited from former Secretary of State Clinton's private server to a laptop used by former New York Representative Anthony Wiener. WikiLeaks continues to make good on its promise to release discreditable documents related to the Clinton campaign; Julian Assange denies that he's getting those documents from Russia. Sources tell various news outlets that FBI investigators have high confidence that five unnamed foreign intelligence services succeeded in compromising the former Secretary's now decommissioned private server.
Concerns about Russian influence on US elections continue. Among those concerns are the prospect of distributed denial-of-service campaigns against election-related targets. DDoS fears have risen since the Mirai Internet-of-things botnet attacks last month. Bitdefender reports finding an exploitable vulnerability in widely used web cameras. MalwareMustDie warns against the IoT-focused Linux/IRCTelnet malware. The Online Trust Association says the DDoS against Dyn could have been "easily" prevented with better secured IoT devices, which is no doubt true, but mopping up the very large number of insecure devices is a far from trivial challenge.
Sophos has acquired Irish security analytics shop Barricade. A much larger acquisition has also been announced: Broadcom is buying Brocade for $5.5 billion,
NICE (the National Initiative for Cybersecurity Education) is meeting this week in Kansas City. NIST has used the occasion to launch not only its CyberSeek jobs map, but a draft Cybersecurity Workforce Framework. NSA and its LifeJourney partner is offering a Day of Cyber for students: registrations have passed five million.
Today's issue includes events affecting China, India, Ireland, New Zealand, Russia, Singapore, United Kingdom, United States.
A note to our readers: We're in Washington today covering the SINET Showcase 2016. Watch for full coverage in upcoming issues.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today our partner Jonathan Katz from the University of Maryland will describe an experiment Google ran, pitting several AIs against each other in an encryption challenge. Our guest is MetTel's Edward Fox, discussing the role telecommunications companies play in cyber security. As always, if you enjoy the podcast, please consider giving it an iTunes review.
TECHEXPO Cyber Security Hiring Event(McLean, VA, USA, November 2, 2016) Our professional hiring events have benefited nearly a million attendees since 1993. We look forward to helping you advance your career and saving you time in your job search by providing you the opportunity to meet face to face with the nation's leading companies.
Malware Detection: How to Spot Infections Early with AlienVault USM(Live Webcast, November 3, 2016) While malware has been a thorn in the side of IT pros for years, some of the recent variants observed by the AlienVault Labs security research team, like CoreBot, have the ability to modify themselves on the fly, making them nearly impossible to detect with traditional preventative security measures. Join us for a live demo to learn about the most common types of malware, and how you can detect infections quickly with AlienVault USM.
Dateline SINET Showcase 2106
SINET Showcase(SINET) We believe that effective Cybersecurity is required to facilitate economic growth, protect critical infrastructure and maintain political stability. To accomplish this objective, SINET is dedicated to building a cohesive, worldwide Cybersecurity community with the goal of accelerating innovation through collaboration. SINET is a catalyst that connects senior level private and government security professionals with solution providers, buyers, researchers and investors
SINET 16 Innovator Award Overview(SINET) Each year, SINET evaluates the technologies and products of hundreds of emerging Cybersecurity companies from all over the world, and selects the 16 most innovative and compelling companies. These 16 companies, known as the SINET 16 Innovators, are invited to present their products and solutions on stage in Washington D.C. at our annual SINET Showcase
Kremlin Hackers Are Exploiting Microsoft's Unpatched Zero-Day(Infosecurity Magazine) Microsoft has identified the Russian APT group known as Fancy Bear as using a Windows zero-day to attack unnamed organizations. Some say it’s an attempt to manipulate the outcome of next week’s US election by targeting political organizations
Bitdefender Found Critical Vulnerabilities In IoT Cameras(Toms Hardware) Bitdefender announced that it discovered critical vulnerabilities in an unidentified manufacturer's Internet of Things (IoT) cameras that could threaten the privacy of their owners and enable distributed denial of service (DDoS) attacks
Linux/IRCTelnet creates new, powerful IoT DDoS botnet(Help Net Security) Linux/IRCTelnet (new Aidra), a new piece of Linux malware targeting IoT devices and turning them into DDoS-capable bots, has been spotted and analyzed by one of the researchers who share their discoveries on the MalwareMustDie! blog
DDoS attack on Dyn could have been prevented(CSO) The Online Trust Association says the recent DDoS attack that took down portions of the internet for several hours could have been “easily” avoided by improving the security of IoT devices
Belkin’s WeMo Gear Can Hack Android Phones(Threatpost) A SQL injection vulnerability is present in Belkin’s WeMo home automation firmware that could allow a third party with local access to a network to gain root access to devices such as light switches, lightbulbs, security cameras and coffee makers
Sundown Exploit Kit ‘Larger Threat Than People Realize’(Threatpost) It’s been a tumultuous summer for exploit kits with the demise of Angler, Neutrino and Nuclear, for years each responsible for massive amounts of dollar losses and malware infections. Now, Cisco Talos security researchers are bracing for new entrants to fill the void, starting with the Sundown exploit kit
Computer Virus Cripples UK Hospital System(KrebsOnSecurity) Citing a computer virus outbreak, a hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities. The incident came as U.K. leaders detailed a national cyber security strategy that promises billions in cybersecurity spending, new special police units to pursue organized online gangs, and the possibility of retaliation for major attacks
What We Can Learn From a $1.5M Cyber Theft at a Cambridge Company(BostInno) If you work in tech, it's practically a rite of passage to be briefed on the dos and don'ts of cyber security. It's common practice for businesses to train their employees on how to flag and thwart cyber attack attempts. And yet these instances still occur. Case in point: A company located in Kendall Square recently experienced a cyber attack that almost resulted in a loss of more than $1.5 million
Merchants and financial institutions deal with escalating cyber attacks(Help Net Security) Unsurprisingly, the Q3 2016 ThreatMetrix report shows a sharp increase in the number and complexity of cyber attacks. During what is traditionally a slow quarter, researchers analyzed nearly 5 billion transactions, and stopped approximately 130 million attacks in real time – a 40 percent increase over 2015
When smartphone upgrades go wrong(Help Net Security) As the holiday shopping season kicks into full gear around the world, industry analysts predict low prices, discounts and promotions will entice shoppers to buy the latest tech gadgets and electronics, including smartphones and tablets
Security Patches, Mitigations, and Software Updates
Android 7.0 Nougat Update: How Safe Is Your Android Phone?(Bitbag) Earlier this year, Check Point Software Technologies highlighted a serious security flaw present on all Android-based devices. Check Point stated that the flaw can provide root-level access on mobile devices to anyone who hacks it. This is why Google has been busy of late releasing updates that were finally culminated by the release of Android 7.0 Nougat
Broadcom Limited to Acquire Brocade Communications Systems Inc. for $5.9 Billion(GlobeNewswire) Broadcom Limited (Nasdaq:AVGO) and Brocade Communications Systems, Inc. (Nasdaq:BRCD) today announced that they have entered into a definitive agreement under which Broadcom will acquire Brocade, a leader in Fibre Channel storage area network (“FC SAN”) switching and IP networking, for $12.75 per share in an all-cash transaction valued at approximately $5.5 billion, plus $0.4 billion of net debt
Sophos Acquires Security Analytics Start-Up in Ireland(Marketwired) Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced that it has acquired Barricade, a pioneering start-up with a powerful behavior-based analytics engine built on machine learning techniques. The team and technology from Barricade will strengthen Sophos' synchronized security capabilities and its next-generation network and endpoint protection portfolio
Atos and Siemens join forces to rebuke IIoT cyber criminals(Consultancy.uk) Cyber attacks result in considerable damage to companies across the globe. The roll out of the Industrial Internet of Things is expected to see additional avenues for attack opening up, resulting in the potential for more losses and making defence more difficult. In a bid to assess the potential threat, and to provide security solutions for manufacturers, Atos and Siemens have joined forces
How feds can sign up for new OPM breach coverage(Federal Times) Federal employees impacted by last year’s cyber hack of the Office of Personnel Management have a month to re-enroll for credit and identity monitoring protections offered by the agency
Uninstall PERL File Extension Ransomware(Virus Guides) I wrote this article to help you remove PERL File Extension Ransomware. This PERL File Extension Ransomware removal guide works for all Windows versions
Joint efforts to enhance cyber security(Shanghai Daily) The issue of cyber security takes on a high profile as firms and government bureaus have joined together to strengthen it, Shanghai Daily learned during the China International Industry Fair yesterday
UK in $2.3 billion plan to ‘strike back’ at hackers(AFP via Interaksyon) Finance minister Philip Hammond on Tuesday warned Britain will “strike back” against states hacking into strategic networks in order to avoid a military showdown, as part of a new cyber-defence plan
Some Cyber Regulations Are Excessive. Not This One(American Banker) Regulation should always be a last resort. Too many rules — or lack of coordination between federal, state and industry rules — can do more harm than good. But there are also times when minimum requirements make sense. When done right and in the right circumstances, rules can protect consumers and businesses
Defeating Enemies at the Speed of Cyber, Not Speed of Budgets(SIGNAL) The military that can control and deny access to and use of the electromagnetic spectrum will be the victors of the next war, predicts Maj. Gen. Earl Matthews, USAF, (Ret.), former director of cyberspace operations and chief information security officer for the Air Force
DISA director: Military still figuring out how to fight in cyberspace(C4ISRNET) Despite the cyber mission force recently reaching initial operational capability, the military is still determining how it will fight in cyberspace. According to Lt. Gen. Alan Lynn, director of the Defense Information Systems Agency and commander of Joint Force Headquarters – Department of Defense Information Networks, the force still has work to do
Army sees cyberspace as nation’s next warfront(Redstone Rocket) Threats from cyberspace are real, consistent and evolving. President Barack Obama said cyber threats pose one of the gravest national security dangers faced by the United States
Army's IT must be more maneuverable across domains(C4ISRNET) The Army's taking notice of the changing operational landscapes emerging. Part of this recognition involves the new push toward a multi-domain battle concept, one that recognizes the force must move beyond its traditional air-land battle to fight in air, land, littoral space and cyberspace
DHS faces a sea change(FCW) The Department of Homeland Security, which is approaching its 15th birthday, needs to make some critical management decisions if it's going to keep up with galloping technology, according to one of its veteran managers
Commentary: Does the FBI think Russia hacked Weiner’s computer?(Reuters) There are many reasons why Federal Bureau of Investigation Director James Comey could be interested in the Hillary Clinton-Huma Abedin emails on Anthony Weiner's home computer. The majority of those reasons for Comey's involvement have been laid out across the media spectrum
State defends coordinating with Clinton camp on emails(Washington Examiner) The State Department on Wednesday denied any wrongdoing after emails hacked from John Podesta's private account revealed that the department coordinated with Hillary Clinton's presidential campaign before news broke of her use of a private email server
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CyberCon 2016(Washington, DC, USA, November 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the...
GTEC(Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual...
Black Hat Europe 2016(London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days...
ISSA International Conference(Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
SINET Showcase 2016: Highlighting and Advancing Innovation(Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators...
3rd Annual Journal of Law and Cyber Warfare Conference(New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from
Security of Things World USA(San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in...
2nd Annual Summit: Global Cyber Security Leaders(Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping...
IAPP Europe Data Protection Congress 2016(Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional...
SANS Miami 2016(Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing...
Federal IT Security Conference(Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private...
11th Annual API Cybersecurity Conference & Expo(Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter...
SecureWorld Seattle(Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...
Israel HLS and Cyber 2016(Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...
SANS Healthcare CyberSecurity Summit & Training 2016(Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...
Infosec 2016(Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face...
Commercial Cyber Forum: Insider Threat(Odenton, Maryland, USA, November 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.
Kaspersky Academy Talent Lab(Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists...
CISO Charlotte(Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions
Pharma Blockchain Bootcamp(Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it...
Cybercon 2016(Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.
Versus 16(San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...
Data Breach & Fraud Prevention Summit Asia(Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the
SCSC Cyber Security Conclave 2.0 Conference and Exhibition(Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...
4th Ethiopia Banking & ICT Summit(Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...
Internet of Things (IoT)(Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...
CIFI Security Summit(Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.