The CyberWire Daily Briefing 12.19.14

Cyber Attacks, Threats, and Vulnerabilities

Update on Sony Investigation (FBI National Press Office) Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment

Hackers tell Sony "The Interview may release now" — with edits (Ars Technica) As long as Kim Jong-un doesn't die, everything is cool, says Guardians of Peace

Sony's 'The Interview' Capitulation May Prevent Further Leaks, Imply New Hacker Emails (TechCrunch) Sony Pictures might be spared further embarrassment resulting from future data dumps, according to emails received by Sony executives today. CNN reports that Sony execs got a new email that matches the pattern, language and email list of previous threats and demands, but this one apparently praises Sony for its "very wise" choice in cancelling the release of The Interview

Sony hacking fallout puts all companies on alert (AP via the Idaho Statesman) Companies across the globe are on high alert to tighten up network security to avoid being the next company brought to its knees by hackers like those that executed the dramatic cyberattack against Sony Pictures Entertainment

'Sony is Snowden' for Corporations, Cybersecurity Expert Says (Wall Street Journal) The digital assault on Sony Pictures Entertainment Inc., took the possible consequences of hacking to another level because it was designed to damage the company

Security experts fear Sony attack to fuel more company extortion (Reuters via the Fiscal Times) Sony Pictures' decision to shelve the film "The Interview" in the face of cyber attacks has set a worrying precedent and is sending companies scrambling to guard sensitive data, security experts said on Thursday

Cyber security experts warn Sony hack could inspire copycats (Financial Times) The Sony Pictures cyber security breach risks unleashing a wave of copycat attacks after the entertainment company showed the impact cyber criminals could have when it cancelled the release of The Interview

The Sony Hack — A Lesson in Cyber Terrorism (Tripwire: the State of Security) This week, Sony Pictures has announced that it will not release "The Interview," a film whose controversial subject matter is alleged to be one of the motivating factors behind a recent cyber attack against the company

Sony hack timeline: How a silly comedy sparked real cyber-terror (MicroScope) Six months after North Korea condemned Sony Pictures over the production of a satirical comedy, a fairly amusing entertainment story has turned into an all-out cyber-terrorism crisis

This is far from the first time Hollywood has killed a world leader on screen (Quartz) Sony's cancellation of The Interview may be the most extreme reaction to a film that does away with a world leader, but it's not the first time Hollywood has staged a fictional killing of a world leader the US doesn't particularly like

U.S. Struggles for Response to Sony Hack (Wall Street Journal) The U.S. government is looking for ways to retaliate for North Korea's apparent hacking of Sony Pictures but is struggling for an appropriate solution, according to people familiar with the discussions

Digital dilemma: How will US respond to Sony hack? (AP via WRAL) The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle clues in the hacking tools left behind and the involvement of at least one computer in Bolivia previously traced to other attacks blamed on the North Koreans

Sony hack leaves U.S. in quandary on how to deal with North Korea (Los Angeles Times) With U.S. intelligence analysts quietly pointing to North Korea as having a hand in the destructive hack of Sony Pictures Entertainment computers, Obama administration officials scrambled Thursday to consider what, if anything, they should do in response

UPDATE 3-U.S. considers 'proportional' response to Sony hacking attack (Reuters) The United States said on Thursday a cyber attack on Sony Pictures was a serious national security matter and the Obama administration was considering a proportional response, although the White House stopped short of blaming North Korea

Why You Should Demand Proof Before Believing The U.S. Government On North Korea and Sony (Digital Dao) Yesterday evening the New York Times reported that un-named American intelligence officials have concluded that the North Korean government was "centrally involved" in the massive breach against Sony (NYSE: SNE), and that the White House hasn't yet decided how it will respond

The Sony breach may be start of new nation-state cyberattack (Computerworld) It has been an exceptional year for IT security breaches, which have become part of an escalating trend in destructive attacks. And they're going to get worse

After Sony Hack, is U.S. Grid Next? (WND) Experts say Pyongyang likely would need help from China

These Are The Groups Behind North Korea's Cyber Capabilities (Center for Strategic and International Studies via Business Insider) Sony Pictures Entertainment (SPE) recently announced the cancellation of the upcoming release of "The Interview." US government officials also informally acknowledged that North Korea played a central role in the cyber attacks against Sony

What drives North Korea's Cyber Army — and what's next (AP via Detroit Free Press) Most North Koreans have never even seen the Internet. But despite the country's sanctions and widespread poverty, North Korea has poured resources into training thousands of hackers

Watch out world: North Korea deep into cyber warfare, defector says (CNN) North Korea is one of the world's poorest countries, seen as well behind most everyone when it comes to most technologies and much more. Hacking may not be one of them. Scant resources or not, a defector who once worked as a computer expert for the North Korean government says that it has a vast network of hackers devoted to cyberwarfare against perceived enemies of the Stalinist state

goodbye horses (Daily Dave via Seclists) The year is almost over, and I feel like wasting my yearly DailyDave quota on a rant about this, and I hate the use the term non-ironically, NK "Cyber War" malarkey. Note I don't have time to be cohesive so this is mind vomit at best

Game Change: Three Reasons Why #SonyHack Will Change Security (Imperva via LinkedIn) Let's be honest. As wild as this year has been in InfoSec, none of us, and I mean nobody, anticipated the events that unfolded this week with the Sony hack

Destover Attack on PCs by Using Stolen Security Certificates from Sony (Spamfighter News) Kaspersky Labs has found that the huge breach carried out against Sony Pictures Entertainment has led to a seemingly side effect wherein the 'Destover' malicious program is currently wreaking havoc by utilizing one embezzled digital certificate that belonged to SPE for probably hacking PC-systems

Malware peddlers take advantage of Sony's decision to pull controversial film (Help Net Security) In the wake of Sony Pictures Entertainment's decision to scrap the theatrical release of the controversial film "The Interview" altogether, cyber criminals of another kind have move in to take advantage of the continuing interest the public has in the movie

Botched cyberattack on Syria group blamed on IS (AP) A botched cyberattack aimed at unmasking Syrian dissidents has experts worried that the Islamic State group is adding malicious software to its arsenal

New fear: ISIS killers use 'digital AK-47' malware to hunt victims (Register) New code built in-house targets innocents fending off deranged terrorists

Islamic State Repeatedly Calls For Lone Wolf, Cyber Attacks On US Homeland (Homeland Security Today) Over the past year, the dangerous rhetoric put forth by the Islamic State (IS) through media services and social media platforms has threatened attacks on the homeland

Hackers Called to Hit Swedish Government Websites with Malware (Softpedia) Hackers are asked to deploy viruses and destroy the websites

Etisalat websites hit by cyber attacks (The National) Etisalat websites appeared to have fallen victim to cyber attacks on Thursday morning, leading to questions about whether user information had been compromised

Millions at Risk from Misfortune Cookie SOHO Router Vulnerability (Dark Matters) Researchers have discovered a critical HTTP cookie management vulnerability affecting SOHO routers from multiple manufacturers that could allow an attacker to remotely take control of the devices and gain administrative privileges

Organized criminals targeting individual iPhone, Android users (CSO) A well organized criminal group is targeting both iOS and Android users with man-in-the-middle attacks

CoolReaper Revealed: A Backdoor in Coolpad Android Devices (Palo Alto Networks) Coolpad is the sixth largest manufacturer of smartphones in the world, and the third largest in China. We recently discovered that the software installed on many of Coolpad's high-end Android phones includes a backdoor which was installed and operated by Coolpad itself. Today we released a new report detailing the backdoor, which we've named "CoolReaper"

How Cybercriminals Dodge Email Authentication (TrendLabs Security Intelligence Blog) Email authentication and validation is one method that is used to help bring down the levels of spam and phishing by identifying senders so that malicious emails can be identified and discarded. Two frameworks are in common usage today; these are SPF and DKIM

ICANN HACKED: Intruders poke around global DNS innards (Register) Spear-phishing attack timing couldn't be worse for domain name overseer

Cyber Attackers Increasingly Sneaking Corporate Data Out Through DNS (eWeek) Almost 90 percent of firms have suffered an attack against their domain-name system infrastructure, and nearly half have detected data leaving their network through DNS

USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds (Threatpost) Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it's a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in a few seconds and hand control of it to the attacker

Wie Merkels Handy abgehört werden konnte (Die Zeit) Berliner Sicherheitsforscher haben die Verschlüsselung in UMTS-Netzen ausgehebelt. Möglicherweise hat die NSA auf diesem Weg einst das Zweithandy der Kanzlerin überwacht

German researchers discover a flaw that could let anyone listen to your cell calls (Washington Post) German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale — even when cellular networks are using the most advanced encryption now available

Cyberattack on German Steel Plant Caused Significant Damage: Report (SecurityWeek) An attack launched by an advanced persistent threat (APT) group against an unnamed steel plant in Germany resulted in significant damage, according a new report

Regin: Businesses must identify indicators of compromise to beat spyware, says Symantec partner (The Stack) The Stack speaks with Andrew Shea, vice president of Symantec partner and security solutions provider Conventus, about the newly discovered spyware Regin, which has been infecting global organisations for over six years

Fast Flux Networks Working and Detection, Part 1 (Infosec Institute) In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the demon Fast Flux!! In this article, we will learn about what exactly Fast Flux is, types of Fast Flux, and how Fast Flux works. In the next article of this series, we will learn about why it is difficult to detect Fast Flux in the environment, and then finally the recommended ways to detect Fast Flux

Crimeware-as-a-Service Threatens Banks (Bank Info Security) Why evolving malware families are big cause for concern

Target breach 12 months on: a year of lessons learned (WeLiveSecurity) The Target hack that was revealed one year ago today brought new levels of awareness to the problem of cybercrime. Today we review the case and its impact

Incapsula Finds Malicious Bots Account for Approximately 30 Percent of Internet Traffic (Marketwired) Annual Bot Traffic Report reveals bots remain majority of visitors to Websites; small Websites see the largest impact from bot activity

3 Low-Tech Threats That Lead to High-Profile Breaches (CSO via CIO) In an age where data security defenses are getting more and more sophisticated, there will be increased pressure for malicious parties to glean information from within the organization's walls or public places

Survey: Guest network security lacking at many businesses (TechTarget) According to WatchGuard, seven out of 10 restaurants, hotels and other businesses don't take the necessary steps to secure their guest Wi-Fi networks

Security Patches, Mitigations, and Software Updates

Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines (Threatpost) Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications

Cyber Trends

Top 5 social media security predictions for 2015 (Help Net Security) Mobile ransomware, targeted job fraud and Trojans lurking behind shocking videos are all expected to make their appearance on social media in 2015

Industry Fears Massive Losses Through Espionage (C4ISR&Networks) US military also boosting cyber workforce

Cyber Attacks on U.S. Companies in 2014 (Brian Pennington) The spate of recent data breaches at big-name companies such as JPMorgan Chase, Home Depot, and Target raises questions about the effectiveness of the private sector's information security

Private cloud tops Intel survey (ZDNet) An Intel survey has shown a marked preference for private clouds, with a virtualised datacentre a prerequisite for operating in the cloud

Many workers won't be unplugging during the holidays thanks to BYOD (FierceMobileIT) Mobility might mean increased worker productivity, but it also means employees have to be available 24/7/365. Or at least that's how it seems for many

Internet Of Everything: It's All About The Ecosystem (InformationWeek) A recent chat with my doctor revealed new insight on lifecycles of connected medical devices and the need for an integrated infrastructure to support future IoT devices

Cybersecurity 2014: The battle for mindshare (FedScoop) To be a cybersecurity reporter in 2014 was a lot like playing Bill Murray's character in the movie Groundhog Day — trapped in time, covering the same, predictable news over and over again

Die Lage der IT-Sicherheit in Deutschland 2014 (Bundesamt für Sicherheit in der Informatsionstechnik) Der Lagebericht zur IT-Sicherheit 2014 informiert über die Qualität und Quantität der Gefährdungen sowie über die sich daraus ergebenden Risiken für die Informationstechnik (IT) in Deutschland

Marketplace

Security stocks outperform after Sony cancels movie release (Seeking Alpha) FireEye (FEYE +4.9%), recently hired by Sony to probe its massive hacking incident, is rallying strongly on an up day for equities after Sony cancelled The Interview's release in response to the hack and subsequent threats on movie theater chains.Other security tech names are also outperforming: PANW +3.2%. KEYW +3.9%. FTNT +2.6%. PFPT +3.2%. Imperva (IMPV +2.6%) is adding to the Tuesday gains it saw following a Deutsche upgrade

FireEye (FEYE) Stock Rises After U.S. Authorities Link North Korea to Sony Hack (TheStreet) Shares of cyber security company FireEye (FEYE) rose 5.43% to $30.16 in late morning trading Thursday after Sony SNE canceled the release of its movie The Interview in the wake of a massive hack

Sony hack presents opportunity for San Antonio cyber expertise (San Antonio Business Journal) The hack of Sony Pictures Entertainment, which is being described as one of the worst cyberattacks ever against an American company, is shining a fresh spotlight on the need for the kind of cyber security expertise that San Antonio has to offer

Cloud security the bright spot in network security market growth (Network World Asia via SecurityAsia) Although the total network security market is growing at an annualized rate of just 3%, the data center security part of the market is growing by over 10% and the cloud security part is growing by over 20%, according to new Q3 data from Synergy Research Group

Security appliances continue growth trajectory (IT-Online) According to the International Data Corporation (IDC) Worldwide Quarterly Security Appliance Tracker, both factory revenue and unit shipments continued to grow in the third quarter of 2014 (3Q14). Worldwide vendor revenue grew 10% year over year to nearly $2,4-billion for the 20th consecutive quarter of positive growth

Webinar Recap: Making the Business Case for Threat Intelligence (Cyveillance Blog) The growth of risks and sources for those risks is making effective threat intelligence increasingly vital. Unlike other industries, old threat vectors never really disappear, so it's critical for organizations to monitor both beyond and within the perimeter

Summit Research Starts CyberArk Software (CYBR) at Sell (Street Insider) Summit Research initiates coverage on CyberArk Software (NASDAQ: CYBR) with a Sell rating and a price target of $30.00… "While we believe CyberArk has an early lead and first mover advantage in securing privileged accounts (root or system or application administrator accounts) and expect the company to grow north of 20% for next few 3-5 years, we initiate with sell due to valuation"

UPDATE: Deutsche Bank Upgrades Check Point Software Technologies (Benzinga) Analysts at Deutsche Bank upgraded Check Point Software Technologies Ltd. CHKP 0% from Hold to Buy and raised their price target from $70.00 to $90.00

Imperva Upgraded On Booming Cybersecurity Demand (Investor's Business Daily) Imperva (NYSE:IMPV) received an upgrade and price target increase on Wednesday as analysts approved new management's shift to a recurring revenue model and saw strong demand for its data security products

A cyber-success in South Florida tech: From 4-man startup to $232.5M sale (Miami Herald) Richard Dobrow founded Guarded Networks in 2000, later purchased by Perimeter, which was rebranded SilverSky. Last week, SilverSky sold for $232.5 million to defense giant BAE systems

Redskins drop plans to use Chinese-built Wi-Fi at stadium (Washington Times) Just weeks after announcing a deal to install a Wi-Fi network from China's Huawei Technologies at their 85,000-seat stadium, the Washington Redskins are moving in a different direction

Samsung and BlackBerry partnership gives enterprise users both choice and security (IT World Canada) When Samsung Electronics Co. Ltd. and BlackBerry Ltd. announced they were teaming up to provide an enterprise security solution in November, it caught some analysts and customers by surprise

Noted International Cybersecurity Expert Rami Efrati Joins Securonix Advisory Board (Securonix) Securonix today announced that Mr. Rami Efrati is the newest addition to the company's advisory board. An expert in cyber technology strategic methods, Efrati is the former Head of the Civilian Division of the Israel National Cyber Bureau in the Prime Minister's Office

Products, Services, and Solutions

Bitdefender releases free CryptoWall Immunizer (PC and Tech Authority) Bitdefender Labs has announced the availability of Bitdefender CryptoWall Immunizer, a free Windows tool which offers some protection against versions 1 and 2 of the file-encrypting malware

Quotium and VersionOne Announce a Partnership to Deliver Secure Agile Software (IT Business Net) Quotium and VersionOne announce a strategic partnership to deliver efficiently secure software in Agile development projects

Government Security News Names NetIQ Identity Manager 4.5 "Best Identity Management Platform" (PRNewswire) NetIQ Sentinel™ 7.2 recognized as "Best Security Incident & Event Management Solution" Finalist

Akamai extends DDoS cloud service to Japan (Business Cloud News) Akamai is adding another datacentre in Japan to support its cloud-based DDoS mitigation service

ElcomSoft Responds to Apple Security Measures, Adds Support for Two-Factor Authentication and iOS 8.1 (PRNewswire) ElcomSoft Co. Ltd. releases a major update to Elcomsoft Phone Breaker (formerly Elcomsoft Phone Password Breaker), a mobile forensic tool for acquiring data from Apple and BlackBerry devices, Apple iCloud and Windows Live! accounts. The new release adds acquisition support for iOS 8.1, enables full acquisition of cloud data, and enables full support for two-factor authentication schemes. In addition, the new release enables the extraction of iCloud authentication tokens from stand-alone hard drives and disk images in addition to live system analysis

Cisco Cognitive Threat Analytics on Cisco Cloud (Cisco) Cisco Cognitive Threat Analytics is a cloud-based solution that reduces time to discovery of threats operating inside the network. It addresses gaps in perimeter-based defenses by identifying the symptoms of a malware infection or data breach using behavioral analysis and anomaly detection

Wontok SafeCentral Receives Certification from Leading Online Banking Browser Security Efficacy Assessor (Virtual Strategy Magazine) Fourth consecutive certification from MRG Effitas proves Wontok's superiority against advanced financial malware threats

Technologies, Techniques, and Standards

PCI Compliance: Preparing for Version 3.0 (eSecurity Planet) When version 3.0 of the Payment Card Industry Data Security Standards becomes mandatory next month, merchants may need to make some changes

The True Cost of a Data Breach (Healthcare Info Security) Akamai's O'Connor on calculating, Communicating Costs

Time to Rethink Patching Strategies (Dark Reading) In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset

BYOD: Keeping Everyone Happy (ITProPortal) There are ways in which the roll out of BYOD initiatives can be successful and the key is in the way they are managed. With the proliferation of mobile devices and IT consumerisation, more employees will expect to work in companies that have a BYOD or CYOD (choose your own device) policy. Today's users want to have anytime, anywhere access to all the tools they need from day one. It is therefore vital for IT to educate end-users, particularly regarding security and corporate data. However, IT should avoid being too heavy handed in enforcing these policies. According to a new Gartner report , it is predicted that by 2016 roughly 20 per cent of companies will ultimately fail to find the proper balance between these dueling priorities

SDN And Security: Start Slow, But Start (Dark Reading) Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul policies

Dan Kaminsky on detecting malware with one line of code (TechTarget) Rapidly discovering and thwarting advanced targeted attacks in real time (or near-real time) is one of the most difficult challenges facing enterprises. But one of the information security industry's foremost luminaries says it may be possible to do just that with a single line of code

Wearable Tech Shakes up Access Control (eSecurity Planet) Marrying access control to wearable technology will vastly improve user experience while boosting security, says Brivo Labs

What's Wrong with Bridging Datacenters together for DR? (Internet Storm Center) With two stories on the topic of bridging datacenters, you'd think I was a real believer. And, yes, I guess I am, with a couple of important caveats

Marines test Navy's cyber range (C4ISR&Networks) The Marine Corps has tested a Navy-developed cyber range that simulates battlefield conditions

DISA Adopts Cyber Network Risk Scoring Method (ExecutiveGov) The Defense Information Systems Agency has implemented a continuous monitoring risk scoring system that will work to measure the cybersecurity risk of the agency's computer networks

Exclusive: HHS to lead 2-year DATA Act pilot (FedScoop) The Digital Accountability and Transparency Act is in full swing, with the Office of Management and Budget and the Treasury Department catching headlines in their path to issue a governmentwide set of financial data standards by May 2015. But quietly in the background, the Department of Health and Human Services is gearing up to lead a two-year pilot of the DATA Act to test how data standardization in a complex federal ecosystem works

Will CDM finally be 'the realization of IT security'? (GCN) For more than a decade, the federal government has been moving from a periodic, compliance-based approach to IT security to real-time awareness based on the continuous monitoring of IT systems and networks

VA bringing latest cyber tools to bear to improve network defenses (Federal News Radio) The Veterans Affairs Department is among the first agencies to turn on advanced cybersecurity capabilities known as Einstein 3 Accelerated

Instant visibility said to be essential to fight cyber challenges (C4ISR&Networks) Instant network visibility will be imperative to combat the cyberspace challenges U.S. Pacific Command will face, said Air Force Lt Gen James McLaughlin, deputy commander, U.S. Cyber Command (CYBERCOM) during a Dec. 10 panel discussion at AFCEA International's TechNet Asia-Pacific 2014

5 Pitfalls to Avoid When Running Your SOC (Dark Reading) The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers

Bridging the Gap Between IT Security and the Corporate Office (Recorded Future) Woody is the founder of Weathered Security. He helps companies meet information security challenges that aren't just hard technologically, but also can be hard to clearly communicate outside IT as urgent business problems

Academia

Naval Academy gets $120 million for new cyber center (Navy Times) The Naval Academy will get $120 million to build its new cyber security center… The budget, signed by President Obama this week, fully granted the academy's request for funding in fiscal year 2015, said a release from the office of Sen. Barbara Mikulski, D-Md

Cisco Continues Partnering with CyberPatriot for the Advancement of STEM (PRNewswire) The Air Force Association today announced that Cisco renewed their support for CyberPatriot, the National Youth Cyber Education Program, as a Cyber Diamond Sponsor. Cisco is a longtime contributor to CyberPatriot, providing equipment, employee mentors for participants, and hosts the Cisco Networking Challenge during the CyberPatriot National Finals Competition

Legislation, Policy, and Regulation

Feeling Vulnerable, Turkey Seeks National Cyber Solutions (Defense News) The release of secret government audio recordings by activist rivals of the ruling party — in particular from a Foreign Ministry meeting in March — has awakened Turkish officials to the need to bolster cyber capabilities

Common Threats Shape Nordic-Baltic Cyber Cooperation (Defense News) A landmark agreement between Nordic and Baltic states will deepen cyber defense cooperation across a range of initiatives to protect military and industrial infrastructure

India Still Unsure on Need for Cyber Command (Defense News) The Indian Ministry of Defence remains undecided on whether to establish a dedicated cyber command despite a push by the three military services to improve defense against network attacks from China and to build offensive cyber capabilities, a senior Indian Army officer said

Lib Dems call for encryption by default (ComputerWeekly) The UK needs to enforce encryption by default to protect citizens' privacy, according to Liberal Democrat MPs

Cyber Insurance for Critical Infrastructure (Dark Matters) You can't turn a television on today without seeing one of the nations' most beloved insurance icons "Flo" from Progressive insurance. We enjoy her whimsical plays on how to get the best price for an insurance policy, but I wonder at what point will these commercials hype "cyber"?

The USA FREEDOM ACT And The Price We Pay for Security (Mint Press News) The US Senate voted on a bill that would heavily reform the NSA's methods of data collecting and the protection of privacy in the United States

Privacy advocates split over new limits on foreign data retention (Russia Today) ​A bill that's expected to soon be signed into law by President Barack Obama will codify rules for collecting the communications of Americans, and privacy activists are split over whether it's a step forward or back for reining in surveillance

Sony hack could mean new Senate subcommittee (Military Times) Actors Seth Rogen and James Franco could become the focus of national security discussions on Capitol Hill next year

Cybersecurity…At Least There Is One Thing Congress Can Agree On (JD Supra Business Advisor) While most political observers were focused last week on the debates surrounding passage of the so-called "Cromnibus" spending bill, less noted was the fact that the U.S. Congress managed to pass a number of cyber-security bills in a rare moment of bipartisanship and cooperation between the House of Representatives and the Senate

Patrick Meehan, rising congressional star on cybersecurity (The Hill) Legislation to improve the cybersecurity of critical infrastructure has been a much-discussed topic in the last decade during various congressional sessions. Unfortunately, numerous hearings amounted to little more than banter — until now. Last week, several pieces of cybersecurity legislation were sent to the president's desk for signing

Missouri vs NSA: New Bill Would Ban "Material Support or Resources" (Tenth Ammendment Center) With Congress not only failing to rein in National Security Agency (NSA) spying, but actually expanding its power in a recent funding bill, many privacy activists are looking to the states to take action to block warrantless surveillance programs. A bill filed today in Missouri would not only support efforts to turn of NSA's water in Utah, but have some practical effect in the Show Me State should it pass

Litigation, Investigation, and Law Enforcement

FBI moves cyberthreats to top of law-enforcement agenda (Homeland Security News Wire) FBI director James Comey said combatting cybercrime and other cyber threats are now top FBI priority

Banks Sue Kmart Over Credit Card Data Breach (Courthouse News Service) Kmart's failure to protect customer information with "elementary" security measures left banks liable for the resulting fraud, a federal class action claims

Digital Rights Group Goes After NSA (Sputnik US) In its ongoing public relations struggle, the NSA will soon have to defend itself in court. A digital rights group, Electronic Frontier Foundation (EFF) is bringing forth a motion against the National Security Agency on Friday over the agency's Internet data collection program

Report: DoD Bomb Hunters Pried into US Firms, Citizens (DefenseNews) During some of the bloodiest days of US combat in Afghanistan and the roadside bomb threat there, the Pentagon's Joint IED Defeat Organization (JIEDDO) "improperly collected" intelligence on US citizens and corporations to try to stem the threat, a Pentagon Inspector General (IG) report has found

Microsoft files suit against alleged tech support scammers (IDG via CSO) Microsoft is finally cracking down on scammers who offer to fix non-existent computer problems for hundreds of dollars. In a first strike, Microsoft sued several U.S. companies it said are involved in fake tech support scams

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Upcoming Events

Cybersecurity World Conference (New York, New York, USA, Jan 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting the information of today's enterprises and government agencies, respectively. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, cyber security in the Internet of Things age, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks

FloCon 2015 (Portland, Oregon, USA, Jan 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, Jan 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris Inglis, former Deputy Director of the National Security Agency

FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics