The CyberWire Daily Briefing 12.11.14
Some familiar threats resurface in new forms or places. BlackEnergy, says ICS-CERT, is exploiting a patched Siemens SIMATIC WinCC flaw. Blue Coat exposes the workings of Inception (and suggests there's a good chance the APT is the work of a "medium-sized nation-state"). Kaspersky revisits the related, and recently active, RedOctober espionage campaign.
Sony remains as much in the news as ever, and not in a good way. While probably not "unprecedented," the attack it sustained seems to have been quite difficult to parry. Attribution's still up in the air, but the US Department of Justice is working through its investigation and toward indictments. Observers continue to speculate about the cost of the attack ($100M?). Some of that damage will be hard-to-quantify reputational loss (one lesson we might all draw is to restrain the amount of acid wit we put into our emails — cyberspace isn't the Algonquin Roundtable). Sony has begun trying to stop downloads of leaked movies.
Several new vulnerabilities are disclosed, as is some potentially suspicious reconnaissance of D-Link devices.
Readers of Cylance's report on Operation Cleaver continue to worry about Iran turning off their lights. State-conducted offensive cyber operations remain a matter of concern (and the US Department of Justice seems to be playing a long game of deterrent lawfare in the Sony case, whether or not the attack came from North Korea). Bloomberg BusinessWeek calls out Russia for a 2008 cyber attack that enabled kinetic effects on Turkish pipelines.
In industry news, Belden's buying Tripwire for $710M.
Notes.
Today's issue includes events affecting Australia, China, European Union, Iran, Ireland, Kenya, Democratic Peoples Republic of Korea, Republic of Korea, Mozambique, Netherlands, Paraguay, Romania, Russia, Sweden, Turkey, United Arab Emirates, United States, and and Venezuela.
Cyber Attacks, Threats, and Vulnerabilities
BlackEnergy Malware May Be Exploiting Patched WinCC Flaw (Threatpost) Experts at ICS-CERT say that the BlackEnergy malware that has been seen infecting human-machine interface systems may be exploiting a recently patched vulnerability in the Siemens SIMATIC WinCC software in order to compromise some systems
Blue Coat Exposes "The Inception Framework"; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Business Execs (Blue Coat) One of the most sophisticated malware attacks Blue Coat Labs has ever seen
Advanced Inception APT Malware Likely State-Sponsored (Infosecurity Magazine) A highly advanced, multi-layered advanced persistent threat (APT) is targeting individuals in strategic positions: Executives in important businesses such as oil, finance and engineering, military officers, embassy personnel and government officials. And it's spreading
Cloud Atlas: RedOctober APT is back in style (Securelist) Two years ago, we published our research into RedOctober, a complex cyber-espionage operation targeting diplomatic embassies worldwide. We named it RedOctober because we started this investigation in October 2012, an unusually hot month
RedOctober Rises Again with Cloud Atlas APT (Infosecurity Magazine) Remember RedOctober, the complex cyber-espionage operation targeting diplomatic embassies worldwide? After being outed in January 2013, the operation was promptly shut down and the network of C&Cs was dismantled. But now, the advanced persistent threat (APT) group appears to be back
DOJ: 'Increase the cost' for nation-state hackers (FCW) A top FBI cybersecurity official said the agency has yet to attribute a recent large-scale hack of Sony Pictures to North Korea. In the meantime, an assistant attorney general involved in the investigation is playing the long game, hoping that a potentially months-long probe and possible indictment would deter other cyberattackers
Did North Korea Hack Sony? It Seems Hard to Believe (Lumension Blog) There's plenty of rumours and speculation, but one thing is certain: something has gone awfully awry with the computer systems at Sony Pictures Entertainment — the television and movie subsidiary of the huge Sony Corporation
North Korea Cyber Attack on Sony — No Evidence, but Plenty of Capabilities (Daily Signal) The FBI declared on December 9 that there is "no attribution to North Korea at this point" of the massive cyber attack on Sony Pictures for its planned release of a parody film of North Korean leader Kim Jong-un. Sources close to the ongoing investigations disclosed that Pyongyang remains the principal suspect. Cyber experts concluded that there are similarities between the attack on Sony and earlier attacks against South Korean targets and that malware used included Korean language text
Sony Pictures Tries to Disrupt Downloads of its Stolen Files (re/code) Sony Pictures Entertainment is fighting back
Cyber Attack Could Cost Sony Studio as Much as $100 Million (re/code) Sony's movie studio could face tens of millions of dollars in costs from the massive computer hack that hobbled its operations and exposed sensitive data, according to cybersecurity experts who have studied past breaches
Sony Corporation (NYSE:SNE) Victim of another Cyber Attack: Different Group, Same Source (WallStreet.org) Guardians of Peace have struck again. The group that broke into Sony Corporation (NYSE:SNE)'s Hollywood Studios database and leaked volatile information has broken into Sony Corporation (NYSE:SNE) Playstation's online server. The group, this time called, Lizard Squad, broke into Sony Corporation (NYSE:SNE) Playstation's online store and took it offline. The hack comes barely after a week of the company's 20th century celebration of Playstation debut
Angelina Jolie branded a 'spoiled brat' by Hollywood producers targeted in cyber attack (Express) Actress Angelina Jolie has became the the latest person to fall victim to the Sony Pictures hackers
Imagine you're the CEO of a big company that has just been hacked… (Graham Cluley) Imagine you're the CEO of a big company that has just been very publicly hacked
Recursive DNS Resolvers Affected by Serious Vulnerability (SecurityWeek) Recursive Domain Name System (DNS) resolvers are plagued by a vulnerability that can be leveraged to cause them to crash due to resource exhaustion, the CERT Coordination Center at Carnegie Mellon University (CERT/CC) reported on Tuesday
Security firm finds virus pre-installed on new Gionee phones, Karbonn tabs (India Today) A malware, popularly known as virus, has been found pre-installed on several new Gionee devices and two Karbonn tablets. Researchers at Lookout, a mobile security firm that is behind the Lookout app, found a malware called DeathRing on new devices taken out of the sealed boxes
Researchers released a script to decrypt and extract LastPass Master Password (SecTechno) On DefCamp 2014 conference in Romania security researcher Alex Balan demonstrated a new way that allows attacker to grab master password on LastPass system which integrate itself in browser, mobile app or webapp. this technology gives user to have a single password that authenticate to systems
Data Sent Between Smartwatch And Smartphone Might Not Be Secure (UberGizmo) A lot of smartwatches tend to sync with smartphones. This is required as notifications from the smartphone are sent to the smartwatch, and data collected from the smartwatch, such as biometrics and health data, are sent back to the smartphone where it is then recorded in your accompanying fitness app
GMail quirk used to subvert website spam tracking (Internet Storm Center) Yesterday while reviewing our logs here at the SANS Internet Storm Center I stumbled upon these
Odd new ssh scanning, possibly for D-Link devices (Internet Storm Center) I noticed it in my own logs overnight and also had a couple of readers (both named Peter) report some odd new ssh scanning overnight
Can Iran Turn Off Your Lights? (DefenseOne) Online security company Cylance released a report last week showing that an Iranian cyber-espionage operation "Operation Cleaver" had successfully breached U.S. and foreign military, infrastructure and transportation targets
Mysterious '08 Turkey Pipeline Blast Opened New Cyberwar Era (Bloomberg) The pipeline was outfitted with sensors and cameras to monitor every step of its 1,099 miles from the Caspian Sea to the Mediterranean. The blast that blew it out of commission didn't trigger a single distress signal
Privacy Risks of Beacons (Infosec Institute) On October 6th 2014, buzzfeed.com published a report stating that Titan, a company controlling a number of New York City's phone booth advertising displays, installed tiny wireless devices called beacons in hundreds of phone booths. The beacons pinged out a Bluetooth signal that could be received by mobile phones on which certain apps are installed and activated. Such apps can identify the location of the mobile phones on the basis of the received Bluetooth signals and send targeted advertisements to the users of the phones
Tracking Moving Targets: Exploit Kits and CVEs (Recorded Future) One year ago a notorious programmer Paunch, who coded the Blackhole exploit kit, was arrested and charged for the distribution and sale of his wares. Blackhole was an epic Russian exploit kit, rented and used by thousands for their successful campaigns against a range of targets
Privileged Account Exploits Shift the Front Lines of Cyber Security (CyberArk) CyberArk's inaugural threat report provides an expert's vantage point into targeted cyber attacks by tapping into the experiences of seasoned threat investigators at five firms renowned for detecting, analyzing and remediating serious cyber security incidents
Palo Alto Networks Shines Spotlight on Malware Attack Vectors in Key Industries (CNN Money) Especially in education, high tech and healthcare industries, Kuluoz malware family persists
Apple Mac users encountered average of nine cyber threats in 2014 (Telegraph) The cyber threat to Apple Mac users continues to grow, with 1,499 new malicious programs detected by Kaspersky Lab in 2014
Almost a quarter of 'people' viewing online video ads are robots used by fraudsters (International Business Times) "Bot fraudsters" account for almost 25% of the views from watching online video advertisements, a new investigation into the digital advertising industry has revealed
Third-Party Bundling Made IBM Products Most Vulnerable: Study (SecurityWeek) Vulnerability intelligence company Secunia has released a new report summarizing security vulnerabilities disclosed between August and October 2014
Shellshock just one tool in hackers' cyber arsenal (WA Today) Online shoppers need to be extra vigilant against malicious links during the holiday shopping season, warns Adam Turner
Securing the Internet of Things (Dark Reading) Factors specific to IoT devices make them a unique security risk
Security Patches, Mitigations, and Software Updates
Patch Tuesday wrap-up, December 2014 — why "Important" can be Critical… (Naked Security) Adobe and Microsoft put forth their respective Patch Tuesday updates this week, bringing you their last scheduled patches of 2014
Microsoft beefs up security features for its Intune device management service (FierceMobileIT) Microsoft has updated its Intune cloud-based device management service, adding new mobile application management capabilities and a number of data security features designed to improve usability for the enterprise, according to a blog by the Microsoft Intune Team
Microsoft Enables Removal of SSL 3.0 Fallback in IE (Threatpost) Yesterday's Internet Explorer security bulletin, in addition to patching 14 vulnerabilities, also affords Windows admins the ability to disable SSL 3.0 in IE 11 for Protected Mode sites. Doing so eliminates exposure to POODLE SSL attacks
Microsoft lets YOU kill POODLE in Protected Mode sites (Register) Christmas gift to be default by Feb
Mozilla to Support Certificate Transparency in Firefox (Threatpost) Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won't be turned on by default at first
Cyber Trends
How the Internet-Addicted World Can Survive on Poisoned Fruit (IEEE Spectrum) There is no "magic bullet" for cybersecurity to ensure that hackers never steal millions of credit card numbers or cripple part of a country's power grid. The conveniences of living in an interconnected world come with inherent risks. But cybersecurity experts do have ideas for how the world can "survive on a diet of poisoned fruit" and live with its dependence upon computer systems
The media chums up with LulzSec hackers once again (Graham Cluley) It's incomprehensible to me, but the media has had a long love affair with hackers
Hacking Threatens Airline Safety: Aviation Chiefs (AFP via SecurityWeek) Cyber crime is a serious threat to safety in the skies, aviation industry heavyweights said Wednesday, vowing to fight the growing scourge before it causes a catastrophic incident
4 Worst Government Data Breaches Of 2014 (InformationWeek) Government agency breaches pale in comparison to private sector companies' problems, but government did get hacked in 2014. Look at the four biggest incidents
5 information security trends that will dominate 2015 (CIO via CSO) Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2015, information security professionals must understand these five trends
Trend Micro 2015 security predictions: new technologies under lens (Infotech Lead) Trend Micro predicts that retail and financial institutions outside the U.S will be the chief targets of cybercriminals in 2015
Sansa Security Reveals 2015 IoT Predictions (Marketwired) Sansa Security, a leading provider of embedded security technologies, today revealed the company's Internet of Things (IoT) predictions for 2015, highlighting six of the top trends to watch out for next year
Security trends you should NOT worry about in 2015, and five you should (Help Net Security) Along with its latest predictions, which examine the likelihood of common network security prophecies next year, WatchGuard's security research team also included five security trends NOT worth worrying about in 2015
IID Predicts a Far More Closed Internet in 2016 (MarketWired) Prognostication stems from government surveillance backlash and threats from rogue nations
New Trustwave Report Reveals Security Deficiencies That Increase Data Breach Risk (Marketwired) A new report from Trustwave reveals many businesses still struggle with information security deficiencies and common security weaknesses that can elevate their risk of data breaches
Which Domains Stand the Strongest Against Phishing Attacks? (CircleID) Highlights from the latest research published by the Anti-Phishing Working Group (APWG)
Hackers widen corporate scope in 2014: Kaspersky (ARN) Corporate sector targets doubled in 2014
Infographic: Three-quarters of firms say BYOD presents greatest security threat (FierceMobileIT) A full 73 percent of C-suite executives and IT pros say that BYOD presents the greatest security risk to their enterprise, according to a survey by computer accessories firm Kensington summarized in an infographic
Costs of cyber attacks hit corporations and consumers (CCTV) Cyber attacks keep happening and the cost to businesses keeps rising. The latest data from the Ponemon Institute indicated cyber attacks cost U.S. businesses nearly double what they did four years ago, with the average cost of a security breach being $12.7 million. CCTV America's Mark Niu reported from California about some contributing factors as well as innovative efforts to minimize the damage
Hacktivism and the Spread of Western Cyber Issues among Key Trends Facing Financial Institutions in Middle East and North Africa (Zawya) If 2014 was the "year of the breach," then what future cybersecurity threats await us? What's the next mode of attack, and how much worse will it be? That's the question on the minds of financial services companies as they invest in cyber protection measures, manage growing customer concerns and try to predict what's next. The sustained growth of the Middle East financial services industry depends on that industry's ability to shore up its cyber defenses and build protection on all fronts against attack
Marketplace
You Can't Go Far These Days in the Insurance World Without Hearing About Cyber (Willis Wire) Everyone wants to talk about cyber. I was recently invited to a cyber-conference in which the blurb said there were over 80 cyber products out there offered by more than 60 different providers. The promise was to debunk the myths
Silicon Valley companies paying hackers 'bounties' to find their flaws before crooks do (San Jose Mercury News) With cyberattacks seemingly getting worse every day, a bidding war has broken out between Silicon Valley tech giants and black marketeers for the talents of hackers who spot software vulnerabilities that can be used to steal everything from corporate trade secrets to consumers' financial information
The 'Way Forward' to the Cloud (DefenseNews) Policy invites commercial vendors Into DoD data centers
Belden to buy cybersecurity firm Tripwire for $710 million (Reuters) Belden Inc, a maker of networking and cable products, said it will buy Tripwire, a Portland-based cybersecurity firm, for $710 million
DB Networks Closes $17 Million Funding Round (TopTechNews) DB Networks, an innovator of cyber Relevant Products/Services security Relevant Products/Services for core networks, today announced $17 million in new financing led by Grotech Ventures of Vienna, Virginia. The round also included funding from investors Khosla Ventures and Citi Ventures. DB Networks also announced that Joe Zell, general partner at Grotech Ventures, has joined its Board of Directors
Proofpoint Receives Consensus Recommendation of "Buy" from Brokerages (NASDAQ:PFPT) (WatchListNews) Proofpoint (NASDAQ:PFPT) has been given an average rating of "Buy" by the sixteen ratings firms that are covering the stock, Analyst Ratings News reports. One investment analyst has rated the stock with a hold recommendation and fourteen have issued a buy recommendation on the company. The average 12-month target price among brokers that have issued ratings on the stock in the last year is $46.15
Can three ex-NSA snoops stop the worst hacks before they start? (Fortune) A cyber security startup has raised millions from Kleiner Perkins and others to battle "spear phishing" cyber attacks
Is Darktrace the Future of Cybersecurity? (Computer Business Review) Market Profile: Formed by ex-spooks, this company is causing a stir in the industry
Pinnacle makes Astute move to improve marketing (MicroScope) Having got the backing of shareholders to raise further funds to support a turnaround strategy Pinnacle Technology Group has followed that move up with the appointment of a demand generation specialist to help it gain further growth
CenturyLink Awarded New DHS EINSTEIN 3 Accelerated Task Order (MyArkLaMiss) CenturyLink, Inc. (NYSE: CTL) recently was awarded a task order from the U.S. Department of Homeland Security's Office of Cybersecurity and Communications to provide Intrusion Prevention Security Services, known as EINSTEIN 3 Accelerated (E³A) protections, to U.S. federal civilian agencies
Products, Services, and Solutions
Intel Launches Internet Of Things Platform (InformationWeek) Chipmaker wants to shape the way Internet-connected devices are designed, deployed, and managed
Report: Android Security Apps Improving (PC Magazine) While there aren't nearly as many malicious applications aimed at Android devices as there are targeting Windows, that's no reason to be complacent. If one of those malware apps hits your phone, you've got trouble whether it's common or not. AV-Test Institute rated 31 Android security applications and found that for the most part they're even more effective than when last tested
Imperva Expands Protection Against Distributed Denial of Service Attacks (Dark Reading) New DDoS services add infrastructure protection and name server protection to DDoS capabilities
Box Counters Dropbox With Enterprise Security Initiative (InformationWeek) Box launches Box Trust, a network of verified security vendors, and a new app to secure content accessed from mobile devices
AlgoSec Streamlines Connectivity Management for Data Center Migrations (Virtual Strategy Magazine) New version of the AlgoSec Security Management Suite delivers unprecedented visualization of application connectivity across the data center
Fortinet Launches New Rugged, Industrial-grade Devices to Connect and Secure Critical Infrastructure (OppTrends) Expanded line offers the only integrated solution of network, security and wireless devices for industrial customers that operate in harsh physical environments
South River Technologies Releases WebDrive for Mobile as a Free App (Marketwired) South River Technologies, Inc. (SRT), an innovator in secure file transfer, has announced the availability of version 3.0 of its WebDrive mobile app for iOS and Android. The WebDrive app can be downloaded for free for iPads and iPhones in the Apple App Store and for Android devices at the Google Play Store
Contact Solutions, IDology, and Pindrop Security Team Up to Cut IVR Fraud (CRM) The three firms have paired up to offer Adaptive Fraud Protection as part of Contact Solutions' IVR service
Denim Group Enhances ThreadFix to Deepen Application Vulnerability Management and Remediation Capabilities (Reuters) Denim Group, the leading secure software development company, today announced the latest version of ThreadFix, the company's software vulnerability management tool for application developers and security professionals
Capstone Disassembly Engine v3.0 Released (ToolsWatch) Capstone is a lightweight multi-platform, multi-architecture disassembly framework
Technologies, Techniques, and Standards
10 strategies to protect patient information (Help Net Security) Data breaches, lawsuits, medical identity theft — all cringe-worthy realities — and the threats to patient data have never been greater. With cybercrime targeting healthcare, organizations are challenged to manage and protect sensitive patient data — protected health information (PHI)
DoD sets sights on standardized data output (FierceGovernmentIT) Defense Department Acting Chief Information Officer Terry Halvorsen is working with commanders, including U.S. Cyber Commander Adm. Michael Rogers, to set cyber technical and mission standards across the department. A core focus of the effort is standardizing the way data is output, said Halvorsen during a Dec. 5 press call
Pro tip: Disable Apple Pay from Find My iPhone (TechRepublic) Learn how to protect your Apple Pay cards when you misplace or have your iPhone or iPad stolen. It's an easy way to ensure maximum protection in worse-case scenarios
Design and Innovation
Can Google's ReCAPTCHA Swat The Bots? (InformationWeek) New API promises to cut down on the annoyance factor of proving to websites we're human
Facebook head of AI wants to stop you from posting things you may later regret (Naked Security) Facebook artificial intelligence (AI) could someday stop you in your tracks as you drunkenly post photos of yourself at a party for all the world (and your mom, and your boss) to see
Research and Development
DARPA seeks proposals on how to better counter advanced persistent cyber threats (FierceGovernmentIT) Researchers at the Defense Department are seeking proposals to improve the understanding of complex computing environments with an eye toward identifying and preventing sophisticated and advanced cyber attacks
DARPA Issues BAA on $60M Funding Opportunity for Transparent Computing R&D (ExecutiveGov) The Defense Advanced Research Projects Agency's Information Innovation Office has issued a broad agency announcement on a funding opportunity worth an estimated $60 million for research and development work on transparent computing
DARPA Seeks to Authenticate Military Embedded Systems Through Virtual Lab (ExecutiveGov) The Defense Advanced Research Projects Agency has created a "virtual lab" to develop assessment methods for government and industry researchers to ensure that embedded chips in military equipment are tamper-proof
DHS Seeks Method to Automate Cyber Defense (ExecutiveBiz) The Department of Homeland Security has reached out to industry for ideas on how to automatically defend cyber systems and networks against attacks
Academia
Kenya: Nine Kenyan Students to Benefit From Huawei's 'Seeds for the Future' Program (All Africa) Huawei Technologies (Kenya) in collaboration with the Ministry of Information & Technology has sent-off the first beneficiaries of the "Huawei Seeds for the Future" Internship program
Legislation, Policy, and Regulation
Federal data security bill heads to Obama's desk (The Hill) The first cyber-specific bill of the lame-duck session will head to President Obama's desk after the House on Wednesday night approved an update to federal information security laws
House clears intelligence authorization bill (The Hill) The House on Wednesday cleared the intelligence authorization for fiscal 2015 with little opposition a day after the release of a Senate report asserting that the CIA used torture on detainees and misled lawmakers
Backroom Move Strips 'Backdoor' NSA Spying Ban From Spending Bill (Huffington Post) Congressional leaders have quietly deleted a measure meant to stop the National Security Agency's "backdoor" surveillance of American communications from a major spending bill
GSA lands $35M for 'civilian cyber campus' in massive spending bill (Washington Business Journal) The massive omnibus spending bill includes $35 million for the General Services Administration to plan and design a civilian cyber campus somewhere in Greater Washington
Why DC is Getting a $35M Cybersecurity Campus (In the Capital) Washington D.C. will get a $35 million cybersecurity center to help beat back digital attacks on civilians as part of the budget passed on Tuesday night by the House of Representatives. The center is being built at the request of the General Services Administration to bring together law enforcement and private companies to share information and tactics to fight cyberattacks
In Princeton University talk, NSA watchdog defends agency's work (True Jersey) George Ellard, inspector general of the National Security Agency, defended the agency's work in a talk at Princeton University Tuesday, including the NSA's controversial eavesdropping on German Chancellor Angela Merkel's private cellphone
Cyber Mission Force Under Construction (SIGNAL) Teams are standing up, but experience remains to be gleaned
Network Visibility Key to Security, Per CYBERCOM (SIGNAL) Knowing what is happening in real time is a requisite
When should unauthorized computer access be authorized? (Help Net Security) Recently, the decentralized hacktivist collective, Anonymous, launched an attack campaign called Operation KKK (#OpKKK), targeting the racist hate group called the Klu Klux Klan
Litigation, Investigation, and Law Enforcement
Microsoft: US would be outraged if another nation ransacked its servers (Naked Security) OK, Microsoft has said to the US government, so you want us to crack open our servers, even though they're on Irish soil. You've got a warrant, and you say it gives you the legal power to force us to dig out a users' email and hand it over, even though Irish and European data protection laws protect that content
MENA financial institutions in war against cyber crimes (Arabian Gazette) The outgoing Year 2014 presented a major threat of cyber crimes including hacktivism and spread of western cyber issues to the financial institutions operating in the Middle East and North Africa (MENA) region and future challenges keep haunting the bigwigs of the U.A.E. financial sector
Wall Street Cyber-Attack Defenses Face Closer Scrutiny by Lawsky (Bloomberg BusinessWeek) Wall Street banks will face tougher scrutiny of their cybersecurity measures as New York's banking regulator is working to avert repeats of high-profile hackings of financial firms including JPMorgan Chase & Co
Target found negligent in data breach (FierceRetailIT) It's been one year since Target's (NYSE:TGT) data breach disrupted the retailer's holiday season, and now a Minnesota District Court has found Target negligent, paving the way for lawsuits as banks and financial institutions potentially seek compensation
Game Changer: Court Rules that Target is Liable for Not Preventing Breach (Damballa: the Day Before Zero) Almost one year to the day after Target suffered a breach during peak 2013 holiday shopping, a Minnesota court just handed them a lump of coal. In a ruling announced on December 2, 2014, the court said that Target can be sued for failing to prevent their data breach. Their rationale was: Target can be viewed as negligent for failing to heed warnings from its FireEye prevention system and for disabling the inline blocking feature
In re: Target Corporation Customer Data Security Breach Litigation, (United States District Court: District of Minnesota) This matter is before the Court on Defendant Target Corporation's Motion to Dismiss the Consolidated Amended Class Action Complaint (Docket No. 163) in the Financial Institution Cases. For the reasons that follow, the Motion is granted in part and denied in part
Potential Security Concerns in Comcast Hotspot Class-Action (Threatpost) Cable and Internet service conglomerate Comcast is facing a class-action lawsuit stemming from its use of customer routers as personal home Wi-Fi networks as well as public-facing wireless hotspots available for other Comcast-Xfinity customers
What Comes After The Pirate Bay Is A Lot More Important Than Whether It's Up Or Down (TechDirt) As noted, a police raid in Sweden took down The Pirate Bay yesterday and that's getting lots of attention. In addition, Peter Sunde, the former spokesperson for the site, is getting plenty of attention for a blog post he wrote in which he notes that he's happy it's down and he hopes it stays down forever
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Security Division 2014 R&D Showcase and Technical Workshop (Washington, DC, USA, Dec 16 - 18, 2014) The cybersecurity threat continues to evolve and in order to keep ahead of the threat, new cutting-edge cybersecurity technologies are needed. DHS S&T's Cyber Security Division (CSD) is funding many R&D efforts through academia, small businesses, industry and government and national labs. Each year CSD gathers these researchers along with our stakeholders and partners to present the status of the research CSD is funding, enable collaboration among the researchers and government agencies, and to connect the technologies to transition partners. This year, we are excited to include an R&D Showcase featuring 11 innovative technologies selected from the CSD portfolio that addresses today's complex cybersecurity challenges and have the potential for transition into the marketplace
Upcoming Events
ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, Dec 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters, and works-in-progress. Our speakers, presenters and instructors are experts involved in applied security work and research. Collectively, we explore practical solutions for computer security challenges across all phases of the system life cycle. ACSAC highlights the overall threat landscape, latest hacks and exploits, and the best prevention and defense innovations
ICFPT 2014 (Shanghai, China, Dec 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices promise the flexibility of software with the performance of hardware