Borrowing from the ISIS playbook, al Qaeda goes online as it seeks to inspire attacks in response to the US embassy's relocation to Jerusalem.
Hacking and cybercrime show two longstanding trends: greater coordination and an increasing convergence between criminal gangs and nation-state security services.
Group-IB reports finding a Russian-speaking gang, "MoneyTaker," that's looted as much as $10 million from Russian and US banks.
Some four-hundred-sixty models of HP laptops are found to contain a keylogger pre-installed with their Synaptics Touchpad driver. Affected models include the EliteBook, ProBook, Pavilion, and Envy series. HP has issued fixes for the devices, saying that neither HP nor Synaptics has received access to customer data through the bug.
Bitcoin continues its rapid rise in value and receives commensurate criminal attention. Fortinet reports observing a phishing campaign that pretends to be marketing the Bitcoin trading application "Gunbot." Gunbot is a real, if new, trading tool, but the payload the bogus emails deliver is the malicious Orcus RAT. SANS says it's seen adult-content email contributing to the delinquency of a coin miner. And a knock-off Bitcoin wallet has made it into the Apple store.
There's nothing inherently criminal or even shady about cryptocurrencies, but any speculative bubble will draw crooks and fraudsters. One such conman, the impresario behind that PlexCoin ICO the US Securities and Exchange Commission found objectionable, has been convicted of fraud. His sentence includes both confinement and a fine.
Lots of ideas about combatting fake news circulate, but there are no obvious killer apps.
When 95% of breaches are human error, why is it on the last line of our security budget?
Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Untangling the Patchwork Cyberespionage Group(TrendLabs Security Intelligence Blog) Patchwork is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets.
Orcus RAT Campaign Targets Bitcoin Investors(Security Week) In an attempt to benefit from the recent spike in the value of Bitcoin, the authors of a remote access Trojan have started targeting Bitcoin investors with their malicious software, Fortinet has discovered.
The cryptocurrency conundrum(The Statesman) Cryptocurrency is the term used to denote a set of currencies which are a subset of digital currencies using the technique of cryptography and which exist only on the digital platform. As of July 2017, there are 900 digital currencies in existence. Bitcoin is best known of such currency formats and is based on the …
Blackbook: Another Darknet Social Media Site Hacked(DarkOwl) While shoppers were off searching for the best Black Friday deals the day after Thanksgiving, users of Blackbook, commonly considered the "Facebook of Tor," were in for a shock when their regular login screen was replaced with an ominous image and a message alerting users that Blackbook ha
Think twice before buying a connected toy(The Verge) Lots of kids will be gifted connected toys this holiday season, and while I'm all for spoiling children, I also suggest thinking about the risks that come with an internet-connected plaything. Many...
Security Patches, Mitigations, and Software Updates
Exposing Russian Interference - The Value of Real-Time Forensics(The Cipher Brief) Russian President Vladimir Putin has sought to exploit open and free U.S. cyberspace, which serves as a force multiplier for commerce and freedom of expression, with hacking and discoverable influence operations. Conducting all-source forensics following these Russian attacks on our democratic process, U.S. social media networking sites are in the incident response phase ...
The State of Cybersecurity in the Legal Industry: Are Things Improving?(Law.com) ALM Intelligence’s third annual cybersecurity study of law firms and law departments has found that law firms and law departments are increasingly being tasked by C-Suite and management to take the lead on cybersecurity. Yet, both law firms and law departments continue to struggle with their preparation and response to the cyber threat.
$322M NGA cyber contract trains war fighters, protects their eye in the sky(Fifth Domain) NGA provides intelligence on geospatial imagery and mapping information, which is used by the U.S. military for planning and response for national disasters, combat, terrorist attacks and other events. But those assets are being threatened by cyberattacks as nation-states and non-nation actors attempt to disrupt or intercept that information.
NIST Publishes Second Draft of Cybersecurity Framework(Security Week) The National Institute of Standards and Technology (NIST) announced this week that it has published a second draft of a proposed update to the “Framework for Improving Critical Infrastructure Cybersecurity,” better known as the NIST Cybersecurity Framework.
A layered approach to modern identity(Help Net Security) The modern identity is changing fast, but many organizations are slow to adopt new security approaches due to the negative impact on user experience.
Louisiana Tech opens Cyber Training Center(News@Tech) A ribbon-cutting ceremony Thursday morning at the National Cyber Research Park in Bossier City commemorated Louisiana Tech’s most recent step toward delivering both greater college and career opportunities to Shreveport-Bossier, and greater cyber support and training to both the area’s students and the nation’s military.
Here’s how Ellen Lord will reduce acquisition time by 50 percent(Defense News) The Pentagon’s top acquisition official plans to cut the time for early lead procurement by 50 percent, with a future goal of compressing the timeline of request for proposals to contract on major defense acquisition programs from two and a half years down to about 12 months.
Essye Miller named acting CIO at the Department of Defense(Fedscoop) The Department of Defense announced on Friday that it has found a new acting CIO — none other than Pentagon CISO and Deputy CIO Essye Miller. Miller steps into a role left open when President Donald Trump named John Zangardi CIO of the Department of Homeland Security back in October. Zangardi had been filling the role since …
Guide to Section 702 Value Examples(IC on the Record) Set forth below is a guide to officially released information on the value of information collected under Section 702 of the Foreign Intelligence Surveillance Act (FISA).
Report: Bangladesh asks NY Fed to join lawsuit for cyber heist(TheHill) Officials from Bangladesh's central bank encouraged counterparts from the New York Federal Reserve last month to join a lawsuit against Manila-based Rizal Commercial Banking Corp (RCBC) for its role in routing stolen funds in an $81 million cyber heist
Lawsuits Lurk if Foreign Surveillance Law Not Reauthorized(Bloomberg Law) Communications providers ordered to assist government efforts to monitor foreigners abroad may bring court challenges if the government proceeds with surveillance without Congress renewing the underlying law, former […]
Experts Look For Lessons in FDA's Pacemaker Cybersecurity Recall(Regulatory Affairs Professional Society) In a paper in JAMA this week, two experts highlight lessons that could be learned from the US Food and Drug Administration's (FDA) first major cybersecurity-related recall for a permanent implantable medical device.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Automotive ISAC Fall 2017 Summit(Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.