US Director of National Intelligence Clapper, submitting his resignation (as as he's long intended to do—it will take effect at the change in Presidential administrations) also says that Russian cyber operations against US-election-related targets slowed after the US Intelligence Community took formal, public notice of them. Whether any such curtailment was a win for naming-and-shaming or for threatened retaliation is unknown.
Those interested in seeing what an insider threat looks like in action may find a good (by which we mean bad) example in UK mobile phone provider Three. Three, which has 8.8 million customers, had noticed an increase in handset fraud in recent months. This week the company disclosed that about six million customers' personal information had been breached by hackers using employee login credentials—that information includes name, phone number, address, and date-of-birth. (For a sense of scale, the 2015 TalkTalk breach affected roughly 157,000 accounts.) How the hackers got the employee credentials is unclear, but once in, effectively they operated as insiders. Three arrests have been made, according to the National Crime Authority: "a 48-year old man from Orpington, Kent and a 39-year old man from Ashton-under-Lyne, Manchester on suspicion of computer misuse offences, and a 35-year old man from Moston, Manchester on suspicion of attempting to pervert the course of justice."
Chinese authorities make the case for their new Internet controls at the Wuzhen World Internet Conference as "fair and equitable," and also as bringing "Chinese wisdom" to cyberspace, which is one way of looking at it.
Today's issue includes events affecting China, India, Philippines, Russia, United Kingdom, United States.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Virginia Tech's Hume Center, as Charles Clancy talks about the Virginia Cyber Range, an initiative of the Commonwealth of Virginia. Our guest, Sara Sorcher of the Christian Science Monitor's Passcode, speculates about what we can expect in the way of cyber policy from the Trump administration. As always, if you enjoy the podcast, please consider giving it an iTunes review.
AlienVault USM Webcast(Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.
Cyber Attacks, Threats, and Vulnerabilities
Intel chief: Russia eased hacking after U.S. accused Kremlin(Military Times) Director of National Intelligence James Clapper said Thursday that Russia curtailed its election-related cyberactivity after the Obama administration accused Moscow of trying to interfere with the presidential race. The top U.S. intelligence official also said he had formally submitted a resignation letter effective at the end of President Barack Obama's term
CyberArk Labs: Exploiting Domain-Level Service Credentials(CSO) CyberArk (NASDAQ: CYBR) today unveiled new research from CyberArk Labs detailing what it considers to be a significant risk across all Windows endpoints, including those on Windows 10 with Credential Guard enabled. The exploit could allow cyber attackers to harvest encrypted service credentials from the registry and inject them into a new malicious service to achieve lateral movement and full domain compromise
Dealing with the DDoS botnet threat raises serious policy questions(Disruptive Asia) Five Russian banks have been battered by DDoS attacks, with a Mirai botnet being blamed for the incident. The state of IoT security (or collective lack thereof) seems on track to provoke national responses to the sorry state of affairs, but how will an emerging industry avoid having the margins legislated out of it by governments sick of rolling outages?
iOS 10 Passcode Bypass Can Access Photos, Contacts(Threatpost) A vulnerability in Apple’s iOS versions 8, 9, and 10 could allow an attacker to access photos and contacts on a locked iPhone, according to two sources that posted videos showing how the password bypass works. According to both sources, the vulnerability also impacts the most recent version of iOS 10.2 beta 3
iPhones Secretly Send Call History to Apple, Security Firm Says(Intercept) Apple emerged as a guardian of user privacy this year after fighting FBI demands to help crack into San Bernardino shooter Syed Rizwan Farook’s iPhone. The company has gone to great lengths to secure customer data in recent years, by implementing better encryption for all phones and refusing to undermine that encryption
Remove the Microsoft Security Essentials Tech Support Scam(Bleeping Computer) The Microsoft Security Essentials Tech Support Scam is a Trojan from the Trojan.Tech-Support-Scam family that displays a fake Windows alert stating that Microsoft Security Essentials detected a problem with a file on your computer. This alert will cover your screen and not allow you to access your desktop and programs while pretending to be an error message when trying to boot Windows
Data integrity, the next big threat(SC Magazine) Imagine in a 2016 remake of the classic film Gaslight, a young security professional is driven to the brink of insanity – and impending disaster – by a cyber schemer who unbeknownst to IT security has over time moved around and corrupted bits of data, manipulating, let's say, the design of a jumbo jetliner or perhaps the composition of a vaccine, to execute an unspeakable attack
Security Patches, Mitigations, and Software Updates
Google Removing SHA-1 Support in Chrome 56(Threatpost) The home stretch for SHA-1 deprecation is in full effect with Google on Wednesday announcing its final deprecation deadlines for the Chrome browser, and a cryptographic services provider warning that there’s still a long way to go to get sites off SHA-1 certificates
Questions and Answers: the 2017 Security Landscape(FireEye) In 2017, cyber security battles may favor criminals even more as the Internet of Things (IoT) continues to expand possible avenues of attack. The 2017 security predictions from FireEye include insights on
Security remains significant hurdle for industry cloud efforts(RCR Wireless News) One of the bigger challenges facing the continued move towards cloud platforms by telecom operators is security. In the old world of hardware, as long as the door remained physically locked, security was a no-brainer. But, in the new world of software, operators are increasingly having to rely on new solutions in order to manage security in a cloud environment
What Does the Role of CISO Look Like in 2016?(Infosecurity Magazine) The IT landscape continues to change, between the growth of the Internet of Things and the increasing frequency and complexity of cyber-threats. Technology is evolving more rapidly than before and we now have vast amounts of data at our disposal
Invincea Raises $10M in Funding(FINSMES) Invincea, a Fairfax, Va.-based machine learning next-generation antivirus company, raised $10M in funding. The round was led by ORIX Growth Capital and Comerica Bank, with participation from New Atlantic Ventures, and Harbert Ventures
Webroot Continues Strong Growth in Fiscal First Quarter(PRNewswire) Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today announced double-digit year-over-year bookings growth in its first fiscal quarter ending September 30, 2016
One Bright Spot For Cisco Systems(Benzinga) Following the release of fiscal year first quarter results by Cisco Systems, Inc. NASDAQCSCO, MKM Partners highlighted security as one bright spot for the company
Symantec gets a shiny Coat of Blue(Channel World) We’re pleased with the strong leadership bench in place inside the C-suite and across the organization, says Sanjay Rohatgi, SVP, APJ at Symantec
BAE Systems launches cyber risk tool(Australian Defense Magazine) BAE Systems has launched research into the cyber security preparedness of Australian businesses, and an online Cyber Risk tool to better understand their cyber security readiness
Symantec Unveils The Future Of Endpoint Security(Curaçao Chronicle) Symantec Corp. (NASDAQ: SYMC), the world's leading cyber security company, today announced Symantec Endpoint Protection 14, the next evolution in endpoint innovation from the leader in endpoint security
Radware Partners With Tencent Cloud to Offer Chinese Customers Cyber Security Solutions(Globe NewsWire) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions ensuring optimal service levels for applications in virtual, cloud, and software-defined data centers announced that, it has recently entered into a partnership with Tencent Holdings Ltd. (OTC:TCEHY) to offer cloud security solutions for Chinese-based Tencent Cloud application services, private Cloud services market as well as DDoS protection for overseas customers
RPost's RMail Adds Cyber-Security to Microsoft Outlook Everywhere(Yahoo!) RPost's upgraded RMail cyber-security product is now available a click away for individuals and businesses worldwide that use any version of Microsoft Outlook. RMail has now been added to the largest Microsoft online stores and technology distribution channels
Technologies, Techniques, and Standards
US Government Releases New IoT Security Guidance(Infosecurity Magazine) The US Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) both this week released new guidance documents designed to improve IoT security
Business strategy and innovation framework for the industrial IoT(Help Net Security) The Industrial Internet Consortium (IIC), the global, member-supported organization that promotes the accelerated growth of the Industrial Internet of Things (IIoT), announced the publication of the Business Strategy and Innovation Framework (BSIF). The BSIF helps enterprises to identify and analyze issues that must be addressed to capitalize on the opportunities emerging within the IIoT
Gang Up on the Problem, Not Each Other(Threatpost) The imaginary world in which an artificial intelligence can kill a person by adjusting the insulin from his pump to a deadly dose may not be here yet, but we now live in a world where people can hack an insulin pump to adjust the insulin to a deadly dose, or use a heart-rate monitor to send life-threatening shocks to a pacemaker
Cyber Risks Mount: Preventive Measures for Manufacturers(ORBA) Computer security.Cyber-attacks are on the rise and manufacturing companies are not immune. Manufacturers who rely on automation, robotics and connected networks are especially vulnerable. Here are some examples of cyber-attacks and how you can protect your business to minimize the associated risks
Xi’s initiatives on cyberspace governance highlight Chinese wisdom: People’s Daily(Global Times) The goal of building an equal, innovative, open and safer cyberspace that Chinese President Xi Jinping put forward for global Internet governance at the start of the World Internet Conference (WIC) injects Chinese wisdom into the construction of a cyberspace community of common destiny, the People's Daily commented on Thursday
Trump picks conservative loyalists for attorney general, CIA(Reuters) U.S. President-elect Donald Trump picked three conservative loyalists with hard-line views on immigration and counter-terrorism to lead his national security and law enforcement teams, including U.S. Senator Jeff Sessions for attorney general and Representative Mike Pompeo as CIA director
Director of National Intelligence James Clapper Resigns(Wired) For month, James Clapper—the nation’s top spy—has been literally counting down the days until he leaves office. Some mornings when he briefs the president, he’ll even do a fist-bump with Barack Obama after telling him the precise number of days left, Clapper told WIRED in an exclusive interview
DISA takes on new mission sets with changing world(C4ISRNET) While the Defense Information Systems Agency already handles an immensely important dossier, their portfolio and mission will change, according to Maj. Gen. Sarah Zabel, the agency’s vice director. Zabel briefed members of industry during DISA’s annual Forecast to Industry event in Baltimore on Nov. 17
DISA's behind-the-scenes role in hacking the Pentagon(C4ISRNET) The Defense Department has touted its "hack the Pentagon" bug bounty program, which is also the first in the federal government, as a wide success in appealing to the public to find network vulnerabilities. While led by the Defense Digital Service within the Pentagon, the Defense Information Systems Agency played a role in the success of this first-ever initiative as well and will continue to do so, officials said
Army Secretary Sees 'More Work' Ahead in Tapping Commercial Vendors(Defense News) The Army has struggled to build its comfort level in buying commercial off-the-shelf products, often arguing too much has to be changed to meet military standards, and the service is up against having to work contracts through a sluggish acquisition process for which commercial industry doesn’t have the patience
Adobe Fined $1M in Multistate Suit Over 2013 Breach; No Jail for Spamhaus Attacker(KrebsOnSecurity) Adobe will pay just $1 million to settle a lawsuit filed by 15 state attorneys general over its huge 2013 data breach that exposed payment records on approximately 38 million people. In other news, the 39-year-old Dutchman responsible for coordinating an epic, weeks-long distributed denial-of-service attack against anti-spam provider Spamhaus in 2013 will avoid any jail time for his crimes thanks to a court ruling in Amsterdam this week
IRS Demands Identities of All Coinbase Traders Over Three Year Period(Motherboard) In bitcoin-related investigations, authorities will often follow the digital trail of an illegal transaction or suspicious user back to a specific account at a bitcoin trading company. From here, investigators will likely subpoena the company for records about that particular user, so they can then properly identify the person suspected of a crime
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Healthcare CyberSecurity Summit & Training 2016(Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...
Data Breach & Fraud Prevention Summit Asia(Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the
SCSC Cyber Security Conclave 2.0 Conference and Exhibition(Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...
4th Ethiopia Banking & ICT Summit(Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...
Insider Threat Program Development Training For NISPOM CC 2(Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...
Internet of Things (IoT)(Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...
CIFI Security Summit(Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...
AlienVault USM Webcast(Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...
Cyber Threats Master Class(Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...
Disrupt London(London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.