
The CyberWire Daily Briefing for 6.24.2014
The Jihadist group ISIS continues to show considerable aptitude for information operations (despite its own social media leaks discovered last week). Their opponents in the Syrian Electronic Army remain preoccupied with media site hijacking and redirection: more analysis appears today of SEA's weekend Reuters hack.
Anonymous appears to have fizzled with OpPetrol, and its spottily successful OpWorldCup has now declined into defacement of a Brazilian actress's website.
The attack on the unnamed hedge fund BAE coyly disclosed is now said to have cost the victim "millions," and is perceived as part of a larger campaign directed against not only hedge funds, but the closely allied high-frequency trading sector as well. The attackers apparent aim is to get inside traders' OODA loop, the better to profit from market manipulation.
Researchers at Kaspersky and the University of Toronto examine the controversial lawful intercept products of HackingTeam. Their study reveals, inter alia, the locations of many of the Italian company's command-and-control servers.
Heartbleed remains a concern, with estimates of vulnerable servers plateaued at 300,000. The vulnerability is being exploited in the wild: insurer Aviva is reported to be among the victims.
Some familiar malware spreads to new fields of activity. SCADA threat Havex now turns up in control systems outside its original electrical grid targets. Mobile malware SVPENG continues geographic expansion. And AskMen.com has been compromised with code injections leading to Caphaw infections.
Some smaller police departments in the southern US report ransomware attacks.
Gartner's conference spawns a clutch of new product announcements.
Notes.
Today's issue includes events affecting Australia, Canada, China, Bulgaria, Estonia, Iraq, Italy, Democratic Peoples Republic of Korea, New Zealand, Philippines, Romania, Russia, Syria, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Who is behind Isis's terrifying online propaganda operation? (The Guardian) The extremist jihadist group leading the insurgency against the Iraqi government is using apps, social media and even a feature-length movie to intimidate enemies, recruit new followers and spread its message. And its rivals — including foreign governments — are struggling to keep up
How Reuters got compromised by the Syrian Electronic Army (Frederic Jacobs) Hint: It isn't actually Reuters' fault. Earlier today, Reuters was compromised by the Syrian Electronic Army. It isn't the first time that occurs. Anyone who would try to visit a story about Syria, would be redirected to a page hosted by the Syrian Electronic Army
#OpHackingCup: Anonymous hacks website of famous Brazilian actress Glória Pires (HackRead) The online hacktivist Anonymous is back in news with another high profile hack. This time Anonymous Brasil has hacked and defaced the official website of famous Brazilian actress Glória Pires
Hedge-Fund Hack Is Part of Bigger Siege, Cyber-Experts Warn (Bloomberg) The attack on a U.S. hedge fund's network, which a cybersecurity contractor said last week disrupted the firm's high-speed trading and stole its data, is but one among many
Hedge Funds, HFT Vulnerable to Cyber Attack (Value Walk) HFT firm had their computer hacked, with hackers ironically being given an early look at their trade intentions. It was one small line in Michael Lewis's book that was most important to those closely watching the high frequency trading debate that mattered most. This line revealed the potential for HFT algorithims to fall into the "wrong hands" and cause untold economic damage. With the release of a Bloomberg report on the hacking of various hedge funds, the issue of terrorists and economic opportunists alike hacking into HFT firms and hedge funds comes squarely into focus
Researchers Go Inside HackingTeam Mobile Malware, Command Infrastructure (Threatpost) Controversial spyware commercially developed by Italy's HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work
Heartbleed Attack on BYOD Service Hit Insurance Giant Aviva (Tripwire: State of Security) The Register is reporting that the Heartbleed vulnerability was leveraged in an attack last month against a BYOD service provider, allowing the attackers to potentially cause millions in damages for insurance giant Aviva after a number of the company's fleet of employee-owned mobile devices were wiped clean
Heartbleed patching effort stalls at around 300,000 vulnerable servers (IDG via CSO) Despite a great start, the rate of patching OpenSSL servers against the critical Heartbleed vulnerability has slowed down to almost a halt. Around 300,000 servers remain vulnerable and many of them are unlikely to get patched anytime soon
Why you should still worry about Heartbleed (CSO) Experts recommend some extra precautions for businesses to avoid getting caught in a Heartbleed attack
New Havex malware variants target industrial control system and SCADA users (IDG via CSO) A malware threat previously used in attacks against energy sector companies is now being aimed at organizations that use or develop industrial applications and machines
SVPENG: Mobile Malware Expanding to New Territories (Security Intelligence) Over the last week, the media has been reporting on a new mobile malware called SVPENG. Though widely regarded as a new threat, this malware had already been under investigation by Trusteer's security team in 2013, when it was discovered in its testing phases. It was presented and discussed February this year during IBM's Pulse conference
Medtronic Reveals They Were Targeted By Hackers, Lost Patient Records (Red Orbit) The largest stand-alone medical device manufacturer in the world has revealed that hackers had successfully infiltrated its computers, and that it had lost some patient records in separate incidents last year
P.F. Chang's Breach Went Undetected For Months (Dark Reading) Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013
Phishing Scam Targeted 75 US Airports (InformationWeek) Major cyberattack carried out in 2013 by an undisclosed nation-state sought to breach US commercial aviation networks, says Center for Internet Security report
AskMen website compromised, code injections leading to Caphaw infections (CSO) Researchers at Websense have discovered malware being served by AskMen.com, a popular portal dedicated to men. As an Alexa top 1000 website, the AskMen sees some 11.6 million visitors a month, offering the attackers a large pool of potential victims
Cyber attacks for ransom becoming more common (Gadsden Times) The Collinsville Police Department became the victim of cyber crime last week, and it is not the first time computer-savvy villains have targeted the cops
Dropbox-themed phishing is after multiple login credentials (Help Net Security) Phishing emails purportedly leading users to a file hosted on Dropbox are targeting Yahoo!, Gmail, Hotmail, and Aol email users, warns Malwarebytes' Jovi Umawing
A peek inside a commercially available Android-based botnet for hire (Webroot Threat Blog) Relying on the systematic release of DIY (do-it-yourself) mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI (return on investment) for their fraudulent activities
Google Glass Snoopers Can Steal Your Passcode With a Glance (Wired) The odds are you can't make out the PIN of that guy with the sun glaring obliquely off his iPad's screen across the coffee shop. But if he's wearing Google Glass or a smartwatch, he probably can see yours
People invested $1.2 million in an app that had no security (ZDNet) Proving that no one learned from Snapchat's security and privacy spectacle, people invested $1.2 million on an app that had no security. Despite the news it was hacked, Yo still isn't coming clean
Exposing hidden domain registrations could hurt innocent users more than criminals (IDG via CSO) Banning the use of privacy and proxy services to hide details of domain name registrants would scarcely inconvenience criminals but would have privacy implications for lawful users of those services, according to a study
F1 star Michael Schumacher dead? It's the latest sick Facebook scam (We Live Security) Scammers and fraudsters think nothing of scraping the barrel of bad taste, if they believe it will help them earn a few dollars
Beware! Sad video of woman dying during a fight is really a Facebook scam (Hot for Security) Scammers are once again attempting to make an easy buck by tricking Facebook users into sharing gruesome videos that link to money-making surveys
Security Patches, Mitigations, and Software Updates
Android Kitkat 4.4.4 released by Google to tackle OpenSSL security hole (Lumension) Less than three weeks after Google pushed out Android 4.4.3 to users of its Nexus smartphones and tablets, the technology giant has unexpectedly released factory images, binaries and source code for a new version — Android Kitkat 4.4.4 — patching a serious vulnerability in the OpenSSL cryptographic library
Imminent iOS 7.1.2 release tipped to bring major fixes (BGR) Apple is apparently getting ready to release iOS 7.1.2, a build that has already been released to mobile operators to test it and sign off on by Friday, June 27th. According to MacRumors, a public release could occur this week as soon as carriers approve of the new update
Cyber Trends
Hacker Tactic: Holding Data Hostage (New York Times) The perpetual cat-and-mouse game between computer hackers and their targets is getting nastier. Cybercriminals are getting better at circumventing firewalls and antivirus programs. More of them are resorting to ransomware, which encrypts computer data and holds it hostage until a fee is paid. Some hackers plant virus-loaded ads on legitimate websites, enabling them to remotely wipe a hard drive clean or cause it to overheat. Meanwhile, companies are being routinely targeted by attacks sponsored by the governments of Iran and China. Even small start-ups are suffering from denial-of-service extortion attacks, in which hackers threaten to disable their websites unless money is paid
CIOs Consider Putting a Price Tag on Data (CIO) Figure out the dollar value of your information assets. Then you'll know what the 'I' in CIO is really worth — and how much to spend protecting it
Treat cloud, mobility as security tools rather than threats: IBM expert (CSO) Faced with dramatic change in their roles, CSOs need to re-evaluate their security strategies in terms of capitalising on the new capabilities of cloud and mobile rather than perceiving them simply as security threats, an IBM security expert has advised
Traffic lights, fridges and how they've all got it in for us (The Register) Interthreat of things
Internet of things will put pressure on enterprise security, says Proofpoint (ComputerWeekly) The internet of things (IoT) will put pressure on enterprise security because attackers will have more delivery vehicles for malware, says security firm Proofpoint
Despite Target, Retailers Still Weak On Third-Party Security (Dark Reading) A new survey from TripWire shows mixed results about retailers' security practices
Spammers increasingly targeting Montreal (Help Net Security) AdaptiveMobile released data that shows a marked increase in SMS spam across Canada in the past six months. The higher volume of SMS spam comes on the eve of the July 1st compliance deadline for Canada's Anti-Spam Legislation (CASL)
Improving transaction security for financial institutions (Help Net Security) Mobile technology is changing the way we conduct financial transactions. With more and more consumers relying on mobile technology to perform everyday activities, the mobile channel now represents nearly two out of three (65%) of all transactions for financial institutions
Former NSA Chief Warns Banks of Hacking Threats (PYMNTS.com) Keith Alexander, the former National Security Agency chief and head of the U.S. Cyber Command, recently spoke to cyber consultants about the potential dangers facing the financial industry. According to a recent Bloomberg article, Alexander retired in March, but is now trying to speak directly to banks about what they need to do to ensure national security
New report finds federal agencies ill prepared for cyber attacks (WPTV) Here's a chilling number: 46,160. That's the number of reported cyber incidents against federal agencies in 2013. Worse, that's a 30 percent increase in the last two years
A Cyber 'Axis of Evil'? (Eurasia Review) As almost all students and scholars of international relations would agree, the term "international order" is a contested one. There is not really a universally accepted definition, however, everyone, from the Ivy League scholars to the most unfamiliar individual, knows that there exists an "order" amongst the states in the international arena and that this order is preserved and maintained through various mechanisms. This international order we speak of is actually the post-WW2 order that is dominated by the Western, capitalist, liberal democracies. The "order", at times rather ostentatiously and sometimes implicitly, favors and protects the interests of the hegemonic countries, headed by the US. The international order is, in short, the order of the "international community", which is in other words, the Great Powers
Marketplace
Demand for data sovereignty puts home grown data centres in the spotlight (IT Director) The continuing revelations by former US National Security Agency employee Edward Snowden about the extent of data surveillance are rumbling like thunder around the cloud computing industry. This is likely to be more than just a passing storm in a tea cup as there could be lasting repercussions on where cloud users and providers store their data
DHS to award continuous monitoring task orders (Federal Times) As director of the Federal Network Resilience Division at the Department of Homeland Security, John Streufert oversees a $6 billion effort to secure public-sector networks against cyber threats. That effort, called the Continuous Diagnostics and Mitigation (CDM) program, aims to apply a strategic sourcing acquisition strategy toward the purchase of network sensors, dashboards, expertise and a variety of services to identify and fix the worst vulnerabilities threatening the dot-gov enterprise
SAIC looks to make cyber services easier to buy (FCW) The staying power of sequestration-level federal budgets has made the bang-for-buck sales pitch pervasive among security vendors. The message to federal clients is simple: Your dollars are scarce and, unlike our competitors, we are willing to save you money by bundling services or selling you less than we could
Andreessen Invests in Cybersecurity Firm (Wall Street Journal) Tanium, Which Helps Pinpoint IT Threats, Gets $90 Million. Venture-capital firm Andreessen Horowitz is placing its second-biggest bet ever on an unheralded tool for corporate-technology departments. The firm, known for backing Facebook Inc. and Pinterest Inc., among others, is investing $90 million in Tanium Inc., which helps companies pinpoint security threats and manage their sprawling computer networks. Andreessen Horowitz's investment values seven-year-old Tanium at $900 million
Qualys Joins Forces With the Council on CyberSecurity to Promote the Adoption of Cybersecurity Best Practices (MarketWatch) Qualys Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced it has joined the Council on CyberSecurity (CCS) as a Founding Member. Through this partnership Qualys will work with the Council to lay the foundation that is urgently needed to create security for all users in cyberspace
Ribose joins CSA to promote international standards for cloud security June 23 7:50 2014 (Broadway World) Ribose, a start-up redefining the way people collaborate, has joined the Cloud Security Alliance (CSA) to help promote security in cloud computing. CSA developed the first industry-accepted standard for cloud security, the Cloud Controls Matrix (CCM), and its other members include tech luminaries such as Amazon, HP and Microsoft
UK Football Club to Deploy CYREN WebSecurity SecaaS Solution to Boost Online Defenses (MarketWatch) New CYREN distribution partner VCW Security scores its first Security as a Service deal
Extending Cybersecurity in Romania (SIGNAL) Contract makes necessary products available in that country while current and new developments also protect other parts of the globe
MacAulay-Brown, Inc. Opens Fort Gordon Office (GlobeNewsWire) Expansion enables company to better serve United States Army Cyber Command, Intelligence Community and Signal Corps
Security skills shortage is real, and it's not going away anytime soon (Computerworld via CSO) There's good news and bad on the cybersecurity skills availability front
Why coding schools may be a solution to the tech talent shortage (TechRepublic) When approached correctly, coding schools might be the answer to staffing entry-level positions on your development team. We talk to a cofounder of one coding school to learn more
Products, Services, and Solutions
Cisco releases source code for experimental block cipher (Help Net Security) A team of Cisco software engineers has created a new encryption scheme, and has released it to the public along with the caveat that this new block cypher is not ready for production, i.e. is still in the experimental phase
Splunk and Syncsort Alliance Delivers Machine Data Insights from Mainframes (MarketWatch) Alliance unlocks mainframe data; enables collection and analysis of IBM zOS data
Webroot Introduces Next Generation Threat Intelligence Services for Enterprises (Broadway World) Webroot, the market leader in cloud-based, real-time internet threat detection, today announced expansion of its enterprise-class security solutions with the introduction of BrightCloud Security Services for Enterprise, a new portfolio of services which makes Webroot's industry-leading threat intelligence available to enterprises through integration with popular network security and management platforms
Protegrity Announces More Flexible, Efficient Data Security Platform (MarketWatch) New release builds on industry leading technology and innovation
ePLDT ties up with Check Point (Business World) Philippine Long Distance Telephone Co. (PLDT) said its unit ePLDT has tied up with Check Point Software Technologies in a bid to strengthen its network security offering
LightCyber and Check Point Firewall Integration Helps Enterprises Remediate Breaches (Digital Journal) LightCyber Magna Expands Its Advanced Breach Detection to Mitigate and Contain Attacks Using Industry-leading Check Point Firewall Software Blade
Vorstack Automates Security Operations to Increase Value of Threat Intelligence (Digital Journal) Vorstack, provider of a new breed of enterprise security products, announced today the release of Vorstack Automation and Collaboration Platform (ACP) 3.0, which plays an integral role in helping companies shorten discovery time and reduce complexity of identifying security risks
Panda guarantees complete protection (Business Cloud) Anyone with experience of computer security knows there is no perfect solution but Panda Security are guaranteeing they know better
Hapsis Annonce Sa Nouvelle Offre: Plan de Continuité d'Actitité et de Gestion de Crise (Hapsis Blog) Dans le cadre du renforcement de nos expertises et afin de répondre à la demande de nos clients, nous proposons des prestations en matière de Continuité d'Activité et de Gestion de Crise
Lunarline Launches Innovative Pen Testing Platform at 2014 Gartner Summit (MarketWatch) Lunarline, Inc. a leading cyber security firm, has announced plans to unveil Sniper — a new pen testing tool — during the 2014 Gartner Security & Risk Management Summit
Marsh cyber coverage includes fires, explosions, machinery breakdowns (Business Insurance) Marsh L.L.P. has launched a cyber insurance product for the energy industry underwritten by insurers and reinsurers in London and Europe
eSentire Launches SEC Response Readiness Service Ahead of SEC Cybersecurity Examinations for U.S. Fund Managers (Digital Journal) eSentire, the leader in active threat protection solutions and managed services, today announced a new service to prepare registered broker-dealers and registered investment advisors for pending U.S. Securities and Exchange Commission (SEC) examinations specific to cybersecurity
AlertEnterprise™ Demonstrates First Enterprise-Proven IT-OT Security Intelligence Platform at Gartner Security & Risk Management Summit, June 23-25. (MarketWatch) Enterprise Sentry™ delivers unified critical infrastructure protection across cyber, OT / SCADA and physical pecurity
Cabinet Office and Capita joint venture to offer cyber security training for boards and CEOs (Computing) The Cabinet Office and Capita's joint venture Axelos has moved into the cyber security space to offer training to boards and CEOs
5 Free Tools for Compliance Management (eSecurity Planet) Most IT pros consider compliance a hassle. Yet the tools of compliance can empower security technologies and simplify risk management. Better yet, some of those tools are free
Technologies, Techniques, and Standards
Top 4 Takeaways from the "Live Bait: How to Prevent, Detect, and Respond to Phishing Emails" Webcast (Rapid7 Security Street) In this week's webcast, Lital Asher-Dotan and Christian Kirsch tackled the hot topic, "Live Bait: How to Prevent, Detect, and Respond to Phishing Emails". Phishing has risen from #9 to #3 in the Verizon Data Breach Investigations Report on the most common attack vectors. Phishing attacks are often successful because it only takes error on the part of one user to compromise an entire organization. Read on to learn what security professionals should focus on to prevent, detect, and respond to phishing attacks effectively
Forget malware — stolen credentials are the real enterprise threat (VentureBeat) Focusing on malware detection as a frontline cybersecurity strategy puts IT security teams in a never-ending game of cat and mouse. A report from Pandalabs earlier this year found that 30 million new malware threats were created in 2013 — an average of 82,000 per day. Keeping pace with this rate of malware creation requires continuous upgrades to the latest cybersecurity defense technologies, the very same ones that malware developers are constantly finding new ways around. Fighting this unwinnable battle not only strains precious cybersecurity resources, but it also leaves a company vulnerable to an even greater threat: stolen credentials
Security Everywhere: One Unmanaged Desktop Is All It Takes (Information Security Buzz) An unpatched and unmonitored Windows desktop is an open gateway for viruses and trojans to sneak onto your network. Besides malware, these desktops can also act as a portal for malevolent users to steal or delete critical company data. If a criminal hacker can access your machine, they will try different options to steal company data or gain access to your network looking for bigger prizes
Security Essentials? Basics? Fundamentals? Bare Minimum? (Gartner Blogs) Let's think together — what technologies and practices constitute information security essentials? The question is actually bitchingly hard — so think before answering! One way to think of this is to imagine somebody describing his security capabilities to you, and when they miss something from that list you go "ZOMG!!! No way you missed X! What are you, stupid or something?! STOP talking to me and go deploy/do/buy that now!!!"
Does de-identification work or not? (FierceBigData) In a FierceBigData article which ran last Wednesday, Pam Baker posed some compelling questions regarding a recent "Big Data and Innovation, Setting the Record Straight:De-identification Does Work" whitepaper released by Ann Cavoukian, the Ontario information and privacy commissioner, and Daniel Castro, Information Technology and Innovation Foundation Senior Analyst. Of these, the most salient question was also the simplest: "Does de-identification work or not?"
What is the job of Chief Information Security Officer (CISO) in ISO 27001? (ISO 27001 & ISO 22301 Blog) It may sound rather funny, but ISO 27001 does not require a company to nominate a Chief Information Security Officer, or any other person who would coordinate information security (e.g., Information security officer, Security manager, etc.)
Using Words To Battle Cyber Losses (Wall Street Journal) Words matter when it comes to cybersecurity. With security concerns dominating today's corporate planning from the Board on down, the CIO often comes in as a technical expert, providing an analysis of the threat environment and what measures should be taken to prevent successful cyberattacks. And of course, the CIO is there to explain what happened when the inevitable successful attack happens. However, CIOs can do much more — and better protect the corporate bottom line — with just a little thought and some assistance from their lawyers. By using some careful contract language developed in collaboration with counsel and contract administrators, CIOs can be in a prime position to shift liability away from their company in the event of a successful cyberattack
Design and Innovation
Spy satellite agency wants to tap video game technology (USA TODAY) The National Reconnaissance Office (NRO), the secretive agency that launches and runs the nation's spy satellite system, is looking at technology developed by the video game industry to help it improve how it gathers and analyzes intelligence data, according to a research proposal released Monday
Research and Development
Faces Are the New Passwords (New York Magazine) One of the nine faces above is familiar to me, but the rest aren't. Can you pick it out? The answer is at the bottom of this post, and I don't like your odds. This grid is a "facelock," an alternative to the password system most websites use, and a study being published tomorrow in the journal PeerJ suggests that facelocks are a promising method of ensuring online security
The Shadow Internet That's 100 Times Faster Than Google Fiber (Wired) When Google chief financial officer Patrick Pichette said the tech giant might bring 10 gigabits per second internet connections to American homes, it seemed like science fiction. That's about 1,000 times faster than today's home connections. But for NASA, it's downright slow
Steganographic Key Leakage Through Payload Metadata (Cisco Blogs) Steganography is the ancient art of invisible communication, where the goal is to hide the very fact that you are trying to hide something. It adds another layer of protection after cryptography, because encrypted message looks like gibberish and everyone immediately notices that you want to hide something. Steganography embeds the (encrypted) secret message into an innocuous looking object such that the final communication looks perfectly normal. The "analog" form of steganography is the art of writing with invisible ink. The digital version hides the message by a subtle modification of the cover object. Probably the most researched area in digital steganography uses digital images as a cover media into which the message is inserted. The oldest (and very detectable) technique replaces the least significant bit (of each colour channel) with the communicated message. Shown below, the first picture is the cover object and the second one is the stego object
Academia
Planned cyber center includes USNA's first classified facility (Navy Times) A state-of-the-art cyber operations center planned for the Naval Academy would allow midshipmen to view classified information and watch cyber attacks as they happen, said Capt. Paul Tortora, director of academy's Center for Cyber Security Studies
Utica College Receives Endorsements From NSA, Department Of Homeland Security (WIBX) Utica College has been designated as a National Center of Academic Excellence in Information Assurance And Cyber Defense Education by the National Security Agency and the Department of Homeland Security
University leads the way with cyber security (Voxy) One of the world's leading cyber security academics says the University of Waikato is "leading the way" in helping fill an ever-growing shortage of cyber security professionals
Legislation, Policy, and Regulation
NSA critics hail votes as game-changers (The Hill) Lawmakers and privacy advocates who are fighting to restrain the National Security Agency (NSA) say the tide is turning in their favor
State Measure Takes Aim at Cooperation with NSA (NBCSanDiego) There would be no welcome mat in California for the National Security Agency under a measure now making its way through the state Legislature
Spam in Canada goes "strictly opt-in" in one week — with only THREE YEARS to comply (Naked Security) A few days ago, a Naked Security reader sent us a spammy-looking email that he assumed was some sort of phish, or at least the start of some kind of social engineering exercise intended to induce him to visit an unwanted website
Senate takes one last shot at legalizing cell phone unlocking (Ars Technica) Consumers can unlock their phones, and even ask for help doing so
Litigation, Investigation, and Law Enforcement
Seizing data for 2.5 years amounts to "general warrant," court says (Ars Technica) Decision limits government powers to search seized computer data carte blanche
Tax, security info at cyber attack risk (Australian Associated Press via the Daily Mail) Tax and social security records and national security information remains vulnerable to cyber attacks, a new report shows. An auditor-general review of seven major government agencies found that none complied with the required cyber security measures which were due to be in place by mid-2014. The agencies included the Australian Tax Office, Department of Foreign Affairs and Trade, Australian Bureau of Statistics, Customs, Australian Financial Security Authority, the Department of Human Services and IP Australia
Why Edward Snowden deserves a fair and open trial (Russia Today) A year after his defection, first to Hong Kong and then to Russia, former National Security Agency contractor Edward Snowden continues to make headlines and expose new secrets
Massachusetts Man Pleads Guilty to Computer Hacking and Credit Card Theft (US Department of Justice, Office of Public Affairs) A Massachusetts man pleaded guilty today to hacking into computer networks around the country — including networks belonging to law enforcement agencies, a local police department and a local college — to obtain highly sensitive law enforcement data and alter academic records. He also pleaded guilty to obtaining stolen credit, debit and payment card numbers
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
AFCEA International Cyber Symposium (Baltimore, Maryland, USA, Jun 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.
AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, Jan 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information Technology Expo set to take place at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2014. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn about cyber security best practices and remediation strategies.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.
SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, Jul 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.
2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, Jul 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.
SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.
Security Startup Speed Lunch DC (Washington, DC, USA, Jul 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.