The CyberWire Daily Briefing 07.29.14

Cyber Attacks, Threats, and Vulnerabilities

Iraq conflict breeds cyber-war among rival factions (BBC) A cyber-civil war is being waged alongside the armed conflict in Iraq, research by security firms suggests

Russian Officials Continue to Believe All U.S. Intelligence Evidence is 'Fake' (Government Executive) Russia's Defense Ministry has called the U.S. Office of the Director of National Intelligence a bunch of liars. This comes after the U.S. released images implicating Russia in firing across the Ukrainian border

On the Not-so-new Warfare: Political Warfare vs. Hybrid Threats (War on the Rocks) The ongoing conflict in Ukraine challenges our traditional Western concepts of warfare. The current crisis, pitting the national government against separatists, Russian ultra-nationalists, proxy fighters and possibly Russian GRU personnel, does not fit neat Western categories of "war"

Amid cyber attacks on Israel, security agency wins a battle fighting back (Haaretz) The Shin Bet says it thwarted a foray against both government and nongovernment websites

Twitter hashtags are finally neutralizing the Israeli government’s propaganda (Quartz) I told CNN during a recent television interview that there hasn't been a single hot-button topic treated with more intellectually dishonest, one-sided coverage than that which the American media has given the Israel-Palestine conflict — and that includes the War on Terror, Al-Qaeda, Guantanamo Bay, NSA surveillance, and torture

Cyber warfare: The next front in the Israel-Gaza conflict? (CBS News) House Intelligence Committee Chairman Mike Rogers, R-Mich, is sounding the alarm that that cyber warfare could be the next front in the conflict between Israel and Hamas as nations allied with the Gaza-based militants look for non-military ways to aid their cause

Hackers Plundered Israeli Defense Firms that Built 'Iron Dome' Missile Defense System (KrebsOnSecurity) Three Israeli defense contractors responsible for building the "Iron Dome" missile shield currently protecting Israel from a barrage of rocket attacks were compromised by hackers and robbed of huge quantities of sensitive documents pertaining to the shield technology, KrebsOnSecurity has learned

Chinese hackers pull off Israel Iron Dome hack (IT Pro Portal) Chinese hackers have broken into the computer systems of three Israeli defence contractors instrumental in the construction of Israel's Iron Dome missile defence system

NRC Hack Attack Forces It To Shut Down Computers; Could Take A Year To Recover (Huffington Post) The National Research Council (NRC) in Ottawa shut down its entire computer network on Monday, the result of a prolonged attack from what it says are hackers in China — and it could take the agency up to a year to secure its computers

Are We Being Prepped? (Excelsior Commentary) According to Bloomberg News and Smart Grid News, yet another cyber attack occurred on the digital infrastructure of the US and Europe this month. This time the attack was no small intrusion, but a massive systems breach of thousands of power plants across the U.S. and Western Europe

Hackers seed Amazon cloud with potent denial-of-service bots (Ars Technica) Bug in open source analytics app may have compromised other services, too

Far East Targeted by Drive by Download Attack (Cisco) On the 21st of July, 2014, Cisco TRAC became aware that the website dwnews[.]com was serving malicious Adobe Flash content. This site is a Chinese language news website covering events in East Asia from a US base. The site is extremely popular, rated by Alexa's global traffic ranking as the 1759th most visited website worldwide, and the 28th most visited in South Korea. In addition the news site also receives a substantial number of visitors from Japan, the United States and China

New Android 'Fake ID' flaw empowers stealthy new class of super-malware (Apple Insider) A new Android design error discovered by Bluebox Security allows malicious apps to grab extensive control over a user's device without asking for any special permissions at installation. The problem affects virtually all Android phones sold since 2010

Instagram's Android users risk having their accounts hijacked — but is that a threat to your business? (Tripwire: The State of Security) Four years ago, a simple Firefox plugin called Firesheep demonstrated just how easy it was to break into anybody's Facebook account if they made the mistake of logging in via an unencrypted WiFi connection

"Onion" ransomware the next Cryptolocker: Kaspersky (CSO) Kaspersky Lab has uncovered a type of encrypting ransomware that attempts to hide its malicious nature

A peek into Police Locker's distribution infrastructure (Help Net Security) An analysis of the distribution infrastructure for the bothersome Android "Police Locker" ransomware has revealed that the attackers behind it are not putting all of their eggs in one basket, and have been looking to target Internet users using a variety of devices and software

Defunct Koler ransom Trojan attacked 200,000 Android users in matter of weeks (TechWorld) C&C analysis spots 150,000 potential victims in US alone

Koler — The 'Police' ransomware for Android (Kaspersky Lab) At the beginning of May 2014, we detected a new mobile ransomware named AndroidOS.Koler.a. As the name suggests, this affects mobile devices running Google's Android operating system

Changes in the Asprox Botnet (Fortinet) Asprox, a.k.a. Zortob, is an old botnet that was uncovered in 2007. It is known to spread by arriving as an attachment in spam emails that purport to be from well-known companies. The attachment itself is disguised as a legitimate document file by using icons such as those of a .doc or .pdf file

A toast to the "Be Healthy" phishing group (Hack and Flash) This post diverges from my last three posts, and outlines a phishing group that I ran into when helping out reddit user(s) with a phishing attempt. Being a security professional, and currently working for a company that deals with bad guys over social media, the Steam platform fits nicely within the context of what I work with and how we deal with these platforms being launching sites for attackers

Phishing scam steals Finnish bank passwords, earns big money (Avast! Blog) Earlier this month, we told you about a spear phishing campaign specifically targeting banking customers in Czech Republic, and now a similar scam is targeting bank customers in Finland

How Cybercrime Exploits Digital Certificates (Infosec Institute) What is a digital certificate? The digital certificate is a critical component of a public key infrastructure. It is an electronic document that associates the individual identity of a person to the public key associated with it

14 antivirus apps found to have security problems (The Register) Vendors just don't care, says researcher, after finding basic boo-boos in security software

Dropbox disabling links to possible PDF malware, reports Cyren (FierceEnterpriseCommunications) The distribution sources for potentially malicious documents are actively working to disable their distribution. But a Dropbox security alert seems to indicate that's making customers mad

Internet of things big security worry, says HP (ZDNet) HP found 25 vulnerabilities per device including everything from TVs to thermostats to home alarms and scales

Aussie hackers get Doom working on an ATM (The Inquirer) Deny plans for Bubble Bobble on a tumble dryer

Bulletin (SB14-209) Vulnerability Summary for the Week of July 21, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

July's Broken Office 365 Update Gets a Fix (Windows IT Pro) The past couple months has been rough for the Office 365/2013 team at Microsoft. In June, Patch Tuesday broke Office 2013 click-to-run installations, and then in July, updates caused apps in the Office 365 ProPlus suite to just stop working. The solution at the time was to just uninstall and reinstall Office. Just uninstall and reinstall Office? Microsoft may not realize, but that's a huge problem and a big pain for customers to have to use the wipe-and-reload methods of yesteryear

Cyber Trends

For cyber-defense, automation alone is not enough (Federal Times) For years the IT community has been building walls and digging moats to keep out an especially damaging form of cyber attack: the advanced persistent threat, or APT. Now the emphasis has changed. Rather than focus on outside invaders, security experts have set their sights on internal vulnerability

Despite shocks, organisations still not making security a continuous process: Bussiere (CSO) The ongoing spate of high-profile data thefts is spurring companies to action but much of it is still reactionary and short-lived due to a lack of technical understanding about the security technologies now available on the market, according to one security industry architect

Insecure Connections: Enterprises hacked after neglecting third-party risks (CSO) Third-party security is continuously lacking, yet few leaders show concern or take action

CISOs obsess over malware outbreaks, data breaches (FierceCIO) Worries over malware outbreaks and data breaches continue to keep CISOs up at night, which isn't surprising considering that most organizations report they can't find an acceptable security solution

Stop the Delusion: Security Compliance isn't Synonymous with Bullet-Proof Security (Bitdefender Business Insights) The ongoing history of credit card breaches at major card processing organizations continuously begs a simple question; do organizations treat compliance as their security high-water mark?

CISOs Are Like Sheep to the Slaughter (BlogInfoSec) It took almost 10 years, but my claim that the role of the CISO is to take the blame when something goes awry, even if only marginally attributable to information security, goes awry has at last been substantially validated

The CIA Fears the Internet of Things (Nextgov) The major themes defining geo-security for the coming decades were explored at a forum on "The Future of Warfare" at the Aspen Security Forum on Thursday

De-Identification: A Critical Debate (Future of Privacy Forum) Ann Cavoukian and Dan Castro recently published a report titled Big Data and Innovation, Setting the Record Straight: De-Identification Does Work. Arvind Narayanan and Edward Felten wrote a critique of this report, which they highlighted on Freedom to Tinker. Today Khaled El Emam and Luk Arbuckle respond on the FPF blog with this guest post

The big war — 100 years in retrospect (with a cyber angle) (LinkedIn) Today (July 28th) the world will commemorate the centennial of the "Big war". That war (more known today as WWI) was revolutionary in many means, and to some it was the event that signaled the coming of the modern age. It is always tempting (and quite cheesy) to look and find similarities between the past and our own times, but in this case there are some striking resemblances between today and a century ago

Marketplace

Tech Companies Reel as NSA's Spying Tarnishes Reputations (Bloomberg) U.S. technology companies are in danger of losing more business to foreign competitors if the National Security Agency's power to spy on customers isn't curbed, the New America Foundation said in a report today

Cybersecurity wird zum Dealbreaker bei M&A-Deals (Finance) Das Thema Cybersecurity erfährt bei M&A-Deals eine immer größere Bedeutung. Es ist zu einem der wichtigsten Dealbreaker geworden, wie eine Untersuchung der Kanzlei Freshfields Bruckhaus Deringer zeigt, die FINANCE exklusiv vorliegt

BlackBerry acquires Secusmart, ups voice security ante (ZDNet) BlackBerry's acquisition of German software firm Secusmart is aimed at securing voice and data and putting better mobile security in every president and chancellor's hand

Why Microsoft (MSFT) Stock Is Declining Today (The Street) Microsoft (MSFT_) shares are down -1% to $44.04 after announcing that Chinese government officials have made unexpected visits to the company's Chinese offices. Microsoft has faced China's ire since former National Security Agency contractor Edward Snowden revealed spying programs that use U.S. companies' technology for espionage

There's no longer any doubt that Microsoft is in China's crosshairs (Quartz) Chinese authorities have launched an anti-monopoly investigation into Microsoft's business in China, according to a statement from a government regulator today

New ThreatStream CEO Wants to Solve SIEM Challenge (eSecurity Planet) ArcSight founder joins security vendor to fill gaps that SIEM doesn't solve

Deloitte ranked #1 globally by revenue in security consulting (Saudi Gazette) Deloitte Touche Tohmatsu Limited (DTTL) ranked number one globally, based on revenue, in Security Consulting Services by Gartner for the second consecutive year in their recently released market share analysis entitled Market Share: Security Consulting Services, Worldwide, 2013, published recently

Sqrrl Recognized by CRN as a 2014 Emerging Vendor (PRWeb) List highlights hottest tech startups impacting the IT channel, technology industry

The NSA's Cyber-King Goes Corporate (Foreign Policy) Here's why Keith Alexander thinks he's worth a million dollars a month

Thomas Kennedy Named Raytheon Board Chairman (GovConWire) Thomas Kennedy, CEO of Raytheon (NYSE: RTN), has been elected to serve as chairman of the company's board of directors beginning on Oct. 1

Craig Nixon Appointed Constellis Group CEO (GovConWire) Retired Army Brig. Gen. Craig Nixon has been named CEO of Constellis Group, the parent company of Triple Canopy and other security contractors

Products, Services, and Solutions

Oracle in-memory option creates licensing pain and audit risk (ComputerWeekly) A former Oracle employee has highlighted a major issue in the way the new Oracle Database 12c Release 12.1.0.2 is licensed, which could result in unlicensed usage

Is the WEDG the Answer to Post-Snowden Data Paranoia? Its Inventor Remains Hopeful (CIO) The British entrepreneur behind the innovative WEDG secure storage box for the 'post-Snowden era' has told Techworld he remains upbeat about its chances despite still being some way short of the £90,000 ($150,000) set for the project on Kickstarter

Cisco, IBM constructs high-performance SAN to offer managed backup services (Computer Technology Review) Cisco Systems teamed with IBM to offer products and technologies that help ensure high availability, reliability and security for building scalable storage networks, and permit optimized distance extension over regional, metro, and long-distance optical and IP networks

Check Point expands its data center security leadership with new 13800 and 21800 gateways (Data Quest) Blazing-fast gateways deliver best-in-class performance and superior multi-layer security

Skyhigh Networks and SafeNet Team Up to Deliver Flexible Key Management Solutions to Protect Data in the Cloud (MarketWatch) Skyhigh Networks , the Cloud Visibility and Enablement Company, today announced a collaboration with SafeNet to deliver flexible and secure key management solutions to protect corporate data in the cloud. By working together, Skyhigh Networks and SafeNet enable enterprises to leverage on-premise or cloud-based models for encrypting data while retaining full control of their encryption keys, thereby meeting their corporate and regulatory compliance requirements. The cloud-based model for data security provides immediate scale, minimizes network latency, and avoids the expensive upfront investment and limits of on-premise deployments

Thales Partners with Guidance Software to Deliver Critical Incident Response and Digital Investigations to the UK Market (Wall Street Journal) Guidance Software, (NASDAQ:GUID), the World Leader in Digital Investigations™, announced today a partnership with Thales to deliver a full range of best-in-class endpoint security and incident response products and services to the UK market. EnCase products extend the Thales portfolio to identify threats that would otherwise go unnoticed, and to quickly perform incident response and recovery

Virtru launches killer NSA-grade encryption for enterprise (Venture Beat) Virtru wants to protect your business data in the cloud

Technologies, Techniques, and Standards

Bring Your Own Device (BYOD) Design Considerations Guide (Microsoft TechNet) This guide provides the system architect and system designer with a collection of critical design considerations that need to be addressed before designing a Bring Your Own Device (BYOD) infrastructure that enables employees to use their own devices and protects the company's data

Security Think Tank: How to build a resilient defence against cyber attacks (ComputerWeekly) Organisations are facing new and unpredictable cyber threats, which can appear overnight and are difficult to prevent. According to PwC's 11th Annual Global Information Security Survey, the number of security incidents detected climbed by 25% from 2012 to 2013 and the average losses per incidents by 23% over the same period

DARPA-derived secure microkernel goes open source tomorrow (Register) Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit

Efficacy of MemoryProtection against use-after-free vulnerabilities (HP) As of the July 2014 patch of Internet Explorer, Microsoft has taken a major step in the evolution of exploit mitigations built into its browser. The new mitigation technology is called MemoryProtection (or MemProtect, for short) and has been shown to be quite effective against a range of use-after-free (UAF) vulnerabilities. Not all UAFs are equally affected, however. Here we'll discuss what MemoryProtection is and how it operates, and evaluate its effectiveness against various types of UAFs

Weak Password Advice From Microsoft (Dark Reading) Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business

Professionalizing Cybersecurity: A path to universal standards and status (Pell Center for International Relations and Public Policy) The Internet, together with the information communications technology (ICT) that underpins it, has revolutionized our world and opened new opportunities for the global economy and civilization at large. Our reliance on this complex infrastructure, however, has also exposed new vulnerabilities and opened the door to a wide range of nefarious cyber activities by a spectrum of hackers, criminals, terrorists, state and non-state actors. Government agencies and private-sector companies alike have been victims of cyber thefts of sensitive information, cybercrime, and cyber disruption (e.g. denial-of-service attacks). The nation's critical infrastructure, including the electric power grid, air traffic control systems, financial systems, and communication networks, is vulnerable to cyber attacks. Compounding the problem is the reality that, as computing and communications technologies become more ubiquitous throughout society, the incentives to compromise the security of these systems will continue to rise

How to remove Neurowise (Best Tech Tips) Most of users download different software to surf the web easier. Some of the extensions are really helpful and are able to surprise their users with beneficial windfalls. But sometimes browser add-ons can be downloaded with manifold freeware making users be surprised with the new installed program. If you have the same problem and you want to remove the popping up windows with the objectionable add-on that creates them, so we will tell you what to do. Here you will find several effective instructions that will help you to remove Neurowise from your computer

Cybercrime Exposed Part 1: The Security Risks of Phishing (TrendLabs Security Intelligence Blog) While new threats are emerging that hit new avenues or targets like PoS systems and cryptocurrencies, old threats like phishing remains to be an effective means of gathering user data. A simple spam email that leverages holidays, online shopping, release of anticipated gadgets, and hot/current news items can redirect unsuspecting users to survey scams and phishing pages that ask for their credentials and personal identifiable information (PII). A very recent example of this is the attacks we saw leveraging the interest around the World Cup

Cisco Executive: An Internet Troll Is Ruining My Life And Now I'm Fighting Back (Business Insider) What if you woke up one day and found that someone had posted a litany of unfounded accusations about you on a website?

When Cyber Thieves Disrupt Your Life — Online Financial Threats (Trend Micro: Simply Security) I was supposed to publish a blog today that discusses our recent report, Operation Emmental, which disclosed details about a cybercrime organization that put together an elaborate online banking theft operation whereby they socially engineered the victims using DNS Changers, phishing sites, and mobile apps to obtain 2-factor authentication codes. This report highlights the needs for individuals to be vigilant with their financial accounts, especially online

Use "Stranger Danger" Logic To Stop Your Kids From Infecting Your PC (Lifehacker) The concept of malware can be pretty difficult for children to get their heads around (especially if their parents happen to be Luddites.) Here are some simple tactics from BitDefender's Andrei Taflan that should lead to safer surfing

Research and Development

How To Spot A Social Bot On Twitter (MIT Technology Review) Social bots are sending a significant amount of information through the Twittersphere. Now there's a tool to help identify them

Not by Technical Means Alone: The Multidisciplinary Challenge of Studying Information Controls (IEEE Internet Computing) The study of information controls is a multidisciplinary challenge. Technical measurements are essential to such a study, but they do not provide insight into why regimes enact controls or what those controls' social and political effects might be. Investigating these questions requires that researchers pay attention to ideas, values, and power relations. Interpreting technical data using contextual knowledge and social science methods can lead to greater insights into information controls than either technical or social science approaches alone. The OpenNet Initiative has been developing a mixed-methods approach to the study of information controls since 2003. This article presents our approach through a series of case studies and concludes with a discussion of methodological challenges and recommendations for the field moving forward

Monitoring Arms Control Compliance With Web Intelligence (Recorded Future) Can we find insights for defense against chemical and biological weapon threats by analyzing livestock disease outbreaks and public health crises? Research by Maynard Holliday of Sandia National Labs points the way forward

Need More Langsec Background? (Probably) (Trustifier) Some important work has been spearheaded out of Dartmouth College, termed Language-Theoretic security, or Langsec. For many in infosec, the first introduction to the term was Dan Geer's mention of it in some few keynote speeches or talks that he has given

Air Force seeks moving-target cyber defense (C4ISR & Networks) The Air Force is hunting for Moving Target Defenses (MTD) for its networks. The $9.9 million Command and Control of Proactive Defense (C2PD) solicitation, by the Air Force Research Laboratory's Information Directorate, describes Moving Target Defenses as "cyber agility techniques" that "offer a capability to assure the network and Air Force missions"

Academia

Fairfax County Public Schools Receives CyberPatriot Center of Excellence Award (MarketWatch) The Air Force Association's CyberPatriot presented Fairfax County Public Schools (FCPS) with the Center of Excellence Award on Thursday, July 24th at George C. Marshall High School in Falls Church, Virginia

Legislation, Policy, and Regulation

Leaked Cybercrime Law Could Undo Tunisia's Pioneer Status on Internet Rights (Global Voices) A leaked copy of Tunisia's new cybercrime draft law [ar] shows signs that the country's major achievements in the field of Internet freedom may soon come undone

Privacy fears as Australian surveillance laws are dragged into the digital era (Guardian) How will police and security services monitor our communications? Will they be allowed to mine metadata? Will it be regulated? Key questions as parliament reshapes outdated laws

ICO slaps UK big data firms with fresh data protection guidelines (ITProPortal) UK organisations dealing in big data have been issued with a list of data protection requirements by the Information Commissioner's Office [ICO] that link closely to the Data Protection Act

'Big data must operate within data protection law,' says watchdog, 'and here's how' (ZDNet) If the field of big data looks like a huge opportunity to those looking to harvest intelligence, then the Information Commissioner has three words for them: not so fast

3 Bills To Protect Critical Infrastructure From Cyber Attack Passed By House (HS Today) The House overwhelmingly passed three bills Monday "to strengthen efforts to combat cyber attacks on our critical infrastructure through the distribution of cyber threat information, the development and procurement of new technologies and support for the Department of Homleand Security's (DHS) cybersecurity workforce

FISMA Reform Efforts Aim For Balance Between CDM And FISMA (Business Solutions) Legislation aimed at modernizing the 12-year-old Federal Information Security Management Act (FISMA), introduced by committee chairman, Sen. Tom Carper (D-Del.), and ranking member Sen. Tom Coburn (R-Okla.), has passed a vote by the Senate Homeland Security and Governmental Affairs Committee on June 25 and is with Senate committee

Why Privacy Advocates Aren't Celebrating The Senate’s Groundbreaking NSA Surveillance Bill Just Yet (Think Progress) The U.S. Senate is expected to make huge strides Tuesday by introducing a new bill that could curtail the National Security Agency's (NSA's) ability to collect mass amounts of data. But while the new bill was reached in compromise and promises significant changes in favor of individual privacy, advocates worry it could be stripped down as previous bills were

Personal Privacy Is Only One of the Costs of NSA Surveillance (Wired) There is no doubt the integrity of our communications and the privacy of our online activities have been the biggest casualty of the NSA's unfettered surveillance of our digital lives. But the ongoing revelations of government eavesdropping has had a profound impact on the economy, the security of the internet and the credibility of the U.S. government's leadership when it comes to online governance

Hill Hurts Innovation, Just Like DoD — But We Can Change: Forbes, Langevin (Breaking Defense) "We have the presumption we're going to have the competitive edge when it comes to technology," said Rep. Randy Forbes, "[that] just because we've had it in the last several decades that somehow or other we're destined to have it in the future." That's a dangerous mistake, Forbes said Thursday at the Carnegie Endowment, where he and Rep. Jim Langevin spoke on how the Pentagon needs to innovate

Senate panel orders scrutiny of alleged EHR 'information-blocking' (FierceHealthIT) Allegations fly that some vendors are impeding interoperability

Oversight, Is That You? (Defense News) Over drinks with several government watchdogs, a recent House Armed Services Committee hearing almost immediately came up

The Security Community Needs Effective, Targeted Cybercrime Laws (Information Security Buzz) Let me tell you about Dave*. We met a while back and would chat whenever we happened to run into each other. That is, until one day I mentioned a cyber security event for high school students that I was planning called 1NTERRUPT. His eyes lit up, after which the conversation steered towards the technical details. I was astonished by how clearly he knew his stuff. Finally, I stopped and said, "I thought you were a painter. How do you know all this?" He smiled, and said, "Yeah, about that"

Litigation, Investigation, and Law Enforcement

Microsoft offices in China raided over monopoly allegations (The Verge) Four of Microsoft's offices in China were raided yesterday as part of an anti-monopoly investigation. China's State Administration for Industry and Commerce (SAIC) has revealed that around 100 officials made unannounced visits to Microsoft's offices in China, seeking information on Microsoft's security features and the way it bundles software. Microsoft was quick to issue a statement yesterday when news of the raids broke, noting that the software maker would "actively cooperate" with the government

Sharing knowledge to tackle online banking fraud (ComputerWeekly) Banks and law enforcement agencies (LEAs) are working to prevent, detect and prosecute this crime. Hurdles they have to overcome include restrictive legislation, such as data protection, international treaties on cyber crime and fraud prosecution laws, slow communication between banks and LEAs, and the speed at which fraudsters take advantage of weaknesses in the system

Banks as Cybercrime Fighters? (BankInfoSecurity) Karl Schimmeck of the Securities Industry and Financial Markets Association won't discuss reports about the group's alleged backing of formation of a cyberwar council, but says financial institutions must play a role in protecting critical infrastructure

Dusty pre-Facebook, pre-Twitter laws will do for social media crimes (The Register) Brit MPs say decades-old legislation is 'fit for purpose'

Piracy police hijack ads on copyright infringing websites (CNET) British police have come up with a new way of cutting off funding to websites that illegally share music and movies

Consumer Groups Urge FTC to Halt Facebook Data Collection Program (Threatpost) A collection of privacy and consumer groups from the United States and Europe has asked the Federal Trade Commission to force Facebook to suspend a recently installed program that mines information on sites that users' visit around the Web in order to serve them interest-based ads. The groups say that Facebook's program "directly contradicts its previous

Survey: Journalists, lawyers change habits to avoid NSA snooping (The Hill) Spying programs, such as those at the National Security Agency, are making journalists and lawyers change the way they do business, according to a new report from critics of the snooping

Obama's crackdown on leakers damages constitutional protections, activists say (Bellingham Herald) Recent revelations of the U.S. government's pervasive surveillance program and its crackdown on leaks are making it increasingly difficult for American journalists and lawyers to do their jobs, the advocacy group Human Rights Watch and the American Civil Liberties Union said in a report released Monday

Before You Blow the Whistle — Read This (Lawyers and Settlements) Computer systems analyst and former National Security Agency contractor, Edward Snowden, unleashed an unprecedented volume of government secrets and became the world's best-known whistleblower

One hoax press release, one $300 million hole in mining company (Naked Security) Australian bank, ANZ, is involved in funding Whitehaven Coal's open cut coal mine in northwest New South Wales (NSW)

Report: DOD workers with access to secrets owe $730M in taxes (The Hill) About 83,000 Pentagon employees and contractors who held or were eligible for secret clearances had more than $730 million in unpaid taxes as of June 2012, according to an internal government audit

Hacker and UFO hunter Gary McKinnon launches SEO business (ComputerWeekly) UK hacker Gary McKinnon is offering his services as an online search expert after winning a 10-year battle against extradition to the US for breaking into military computers to look for evidence of UFOs

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Black Hat USA 2014 (, Jan 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning, networking, and skill building. Join us for four intense days of Trainings and two jam-packed days of Briefings.

SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, Aug 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction

STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, Aug 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour to educate consumers and businesses about adding layers of security to their everyday online activities

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August 5, 2014 to Wednesday, August 6, 2014 at the DoubleTree by Hilton, Colorado Springs, Colorado.

BSidesLV 2014 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in a Barrel World Championship Social Engineering Capture The Flag, uncensored talks, and proximity to the other big InfoSec conferences in the world.

Passwords14 (Las Vegas, Nevada, USA, Aug 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.

DEF CON 22 (Las Vegas, Nevada, USA, Aug 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

South Africa Banking and ICT Summit (Lusaka, Zambia, Aug 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to implement these new solutions into your organization.

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, Aug 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, Aug 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.

Resilience Week (Denver, Colorado, USA, Aug 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

c0c0n: International Information Security and Hacking Conference (, Jan 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.

The Hackers Conference (New Delhi, India, Aug 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.