Last week's WikiLeaks dump from "Vault 8" (successor to Vault 7, and still concerned with the US CIA) purports to show that the US intelligence agency was engaged in false flag operations in which its activities could be plausibly attributed to Kaspersky Lab. This hasn't served to clear Kaspersky of the suspicion it's under: the UK's GCHQ is the latest Western intelligence agency to sound a warning.
NSA and its partners in counterintelligence continue to struggle through its investigation of leaks that wound up in the Shadow Brokers' hands. Three people have been taken up by the investigation, two of whom, Hal Martin and Reality Winner, are awaiting trial. The third individual was the first one fingered, back in 2015 and shortly before the Shadow Brokers began their damaging publication of alleged NSA documents. That person has yet to be publicly identified.
The US Intelligence Community reiterates its conclusion (pace denials by President Putin) that Russian agencies indeed sought to influence US elections.
ISIS shows itself capable of defacing poorly defended school websites with slogans, but little more. Such puerile vandalism has had little effect in the past. A more serious campaign of inspiration appears to be in progress from ISIS rival al Qaeda, where Osama Bin Laden's son seeks to continue his late father's work.
Sputnik sheds crocodile tears over the largish number of senior information security positions remaining unfilled in the US Federal Government.
South Korean investigation of alleged political meddling by intelligence services takes a sharper turn.
A well-informed cybersecurity strategy is essential to keeping your organization protected, but gathering global intelligence from various sources and locations is difficult. Your organization needs a partner with deep roots in cyber threat intelligence. The LookingGlass digital library (STRATISS) of strategic intelligence reports expands your understanding of the threat landscape and delivers the intelligence your decision makers want to their fingertips. Check out our intelligence here.
ON THE PODCAST
In today's podcast, we speak with Rick Howard from our partners at Palo Alto Networks. He shares his thoughts on "vendor-in-depth" and "best-of-breed" strategies.
Earn a master’s degree in cybersecurity from SANS(Online, November 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, November 21st, at 1:00pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).
The SINET 16's Class of 2017(The CyberWire) Meet the SINET 16. The Class of 2017 seems every bit as interesting as those that have come before.
Deterring adversaries and mitigating risks in cyberspace.(The CyberWire) So how might enterprises move from resilience to active defense? Here's one way not to do it, according to panelist Richard Baich: don't listen to all the Jason Bourne wannabes running loose in the commercial sector.
Cyber Attacks, Threats, and Vulnerabilities
Hamza bin Laden lionizes his father and incites 'rebellion' in new audio message(FDD's Long War Journal) In a newly released audio message, Hamza bin Laden praises his father for spreading jihadism and attacking the US. Hamza calls on Muslims to rise up against "tyrant" rulers and wage jihad until sharia is imposed. The message was posted online just days after the CIA released a video from Hamza's wedding. The video was recovered in Osama bin Laden's Abbottabad compound.
WikiLeaks Releases Source Code of CIA Cyber-Weapon(BleepingComputer) WikiLeaks published the first-ever batch of source code for CIA cyber-weapons. The source code released today is for a toolkit named Hive, a so-called implant framework, a system that allows CIA operatives to control the malware it deploys on infected computers.
Defense chief discusses NK's cyber threats with US commander(Korea Herald) South Korean Defense Minister Song Young-moo met the head of US Cyber Command in Seoul on Thursday for discussions on North Korea, his ministry said.Song and Adm. Michael S. Rogers, who doubles as director of the National Security Agency, agreed on the importance of close coordination between the allies in the cybersecurity sector based on mutual trust and a close bond, according to the ministry.Song pointed out that...
India in the web of N Korean cyberwar(The Pioneer) Around one-fifth of North Korea’s cyber attacks originate from India, and this should set alarm bells ringing in the corridors of security establishments as well as the strategic community,
Hack Cost Equifax Only $87.5 Million — for Now(BleepingComputer) During an earnings call detailing the Q3 2017 financial results, Equifax execs said the company incurred $87.5 million in expenses related to the massive data breach it suffered earlier in the year and which it publicly disclosed in September 2017.
Security Patches, Mitigations, and Software Updates
Amazon moves to stop S3 buckets leaking business data(Security Boulevard) A long line of very public data breaches have made clear that businesses don’t need to be targeted by sophisticated hackers to have private and sensitive data splashed across the newspaper headlines.
Is your CCTV system GDPR compliant?(Help Net Security) Organisations are putting themselves at risk of breaching the GDPR not realising that the regulation covers their CCTV systems and the data they collect.
CyberPatriot competition engages youth in STEM learning(Silicon Prairie News) Cybersecurity has become one of the most critical issues throughout the world. Building interest and skills among young people in cybersecurity as well as science, technology, engineering and math (STEM) is the focus of the Air Force CyberPatriot competition. “It’s interesting to the kids and they feel like they’re accomplishing something,” said Brad White, an... Read More
Lee says probes are ‘retaliation’(Korea JoongAng Daily) Former President Lee Myung-bak criticized the probes into allegations that the National Intelligence Service and military meddled in political affairs under his administration as “political retaliation” on Sunday, one day after the arrest of his form
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Sector(Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...
Second Annual Federal IT Security Conference (FITSC)!(Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...
Federal IT Security Conference(Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...
2017 Capital Cybersecurity Summit(Tysons Corner, Virginia, USA, November 14 - 15, 2017) Join cyber experts from the FBI, DHS, Palo Alto Networks, Distil, Google, AWS, Tenable and more at the 2017 Capital Cybersecurity Summit. FBI Cyber Division Deputy Assistant Director Howard Marshall and...
Cyber Security Opportunities in Mexico Webinar(Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets...
Aviation Cyber Security(London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...
Global Conference on Cyberspace (GCCS)(New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...
AutoMobility LA(Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...
Cyber Security, Oil, Gas & Power 2017(London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.
Cyber Security Summit Los Angeles(Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.