The CyberWire Daily Briefing 07.13.15
South Korean prosecutors investigate another apparent data breach at Korea Hydro & Nuclear Power Corporation.
Reports of increased cyber activity targeting (separately) both Israel and Iran circulate.
The New York Stock Exchange releases results of its investigation of last week's outage: it was a configuration issue tied to a new timestamp rollout. The incident prompts reflection on the inherent vulnerability complex software poses to the enterprises that develop and use it — Popular Science likens network outages to "new natural disasters." (For those interested in thrashing through a priori possibilities to significant but specious judgments of causation, see the PBS NewsHour piece on the outage. The comments are worth a look.)
In the US, OPM Director Archuleta's resignation Friday hasn't stopped growing concern over the scope of the breach her agency sustained. Crowdstrike (in which Google, by the way, is rumored to be making a large investment) outlines grounds for the near-universal, albeit unofficial, conclusion that Chinese intelligence services were responsible for the hack. Others point out the very large costs — personal, national, etc. — the breach will exact. (Few have noted yet what will be increasingly disturbing over the next few weeks: SF-86s contain personally identifiable information not just on people considered for clearances, but on family members and associates as well.)
Flash and Chrome zero-days associated with the Hacking Team breach are being patched. Many wonder if venerable (useful, but venerable) Flash is ultimately worth patching.
Cyber standards of care continue to evolve in insurance markets and the plaintiff's bar.
Notes.
Today's issue includes events affecting Australia, Azerbaijan, Belgium, Canada, Chile, China, Colombia, Cyprus, Czech Republic, Ecuador, Egypt, Ethiopia, European Union, France, Germany, Honduras, Hungary, Iran, Iraq, Ireland, Israel, Kazakhstan, Republic of Korea, Luxembourg, Malaysia, Mexico, Mongolia, Morocco, NATO, New Zealand, Nigeria, Oman, Panama, Poland, Russia, Saudi Arabia, Singapore, Spain, Sudan, Switzerland, Syria, Thailand, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States, and and Uzbekistan.
Cyber Attacks, Threats, and Vulnerabilities
Korea Hydro & Nuclear Power Corporation Attacked Online Again (Business Korea) Korea Hydro & Nuclear Power Corporation's internal data was circulated online again on July 8, with a self-proclaimed hacker threatening to expose the corruption of the corporation. The Public Prosecutors' Office has launched an investigation
ESET Reports Iran Hit with State-Sponsored Online Spying Scheme During 2013 (Spamfighter News) Bratislava, Slovakia-based ESET has just published a study about seemingly state-backed online spying software that was employed during 2013 for attacking PC-networks within Iran and possibly in some other countries
What prompted Israeli warning about pending cyber attack? (Haaretz) Israeli cyber systems are under attack every day of the year, so what was so special on Thursday
Computer hack reveals identity of Syrians in contact with Israel (Times of Israel) Ex-government adviser Mendi Safadi insists no oppositionists face harm after break-in to his computer, but an exposed Syrian expat fears for his family's life
NYSE: Bad software rollout — not hackers — took out the Stock Exchange (Graham Cluley) Last Wednesday, trading was halted on the New York Stock Exchange. You can probably guess what happened next, right? That's right
Creepy cyber coincidence? Probably not (PBS NewsHour) On Thursday, United Airlines, the Wall Street Journal, the popular financial blog site ZeroHedge and the New York Stock Exchange all had to shut down their services for "technical reasons." Although the Department of Homeland Security released a statement saying that there was "no sign of malicious activity" at the New York Stock Exchange, intellectual speculators quickly joined their financial peers to suggest these events were not coincidental and the result of a coordinated cyberattack
United Airlines and NYSE troubles are homegrown (Mashable) This week's New York Stock Exchange and United Airlines tech meltdowns highlighted our infrastructure vulnerabilities and prompted fresh fears of cyber-terrorism. Yet further examination reveals that it's not dark external forces we have to fear, but the enemy within
Network Outages Like NYSE, United Airlines, are the New Natural Disasters (Popular Science) The ups and downs of network infrastructure are a growing problem without a solution
Security Firm: China Is Behind the OPM Hack (Daily Beast) The U.S. government has been reluctant to pin blame for the massive espionage campaign. A leading cybersecurity company — relying on federal data — isn't being so shy
The Human Cost of the Hack on OPM and Its National Security Impact (Lawfare) By now, everyone knows about the OPM hack and the fact that the private and sensitive information compromised may make employees of the U.S. government — especially those with security clearances — more subject to blackmail, bribery, or extortion and more vulnerable to more realistic phishing attacks. But there's one more aspect that needs airing
OPM got hacked and all I got was this stupid e-mail (Ars Technica) I'm mad as hell and want to see some accountability for once
What China Can Do With The Data It Stole From 21.5 Million Americans (Think Progress) Heads have started to roll after the director of the Office of Personnel Management (OPM) resigned Friday, but the aftermath of the agency?s massive data breach are far from over
The massive China hack on US data 'will be debilitating to US intelligence for a generation' (Business Insider) Hackers stole the personally identifying information of more than 20 million people, the Office of Personnel Management (OPM) revealed on Thursday, in a breach that threatens to compromise US intelligence capabilities for years to come
What's Worse Than Losing Your Data? Losing Your Trust In It (Overt Action) The news about the Office of Personnel Management's data breach gets worse every day. As of this writing, Chinese hackers stole over 22 million personnel files from OPM, forcing Director Katherine Archuleta to resign late last week. This data breach's potential national security damage to U.S. interests is only rivaled by Edward Snowden's efforts. But the news could, in fact, be worse. There is a far more disturbing angle to the story that has not been adequately covered, namely: What if, in addition to stealing OPM's personnel records, hackers corrupted them as well?
With Data Breaches, Bad News Can Show up Well Down the Road (AP via ABC News) The revelation that the data breach at the U.S. government's personnel office was actually much worse than the government originally thought is following a familiar script
Pawn Storm: First Java Zero-Day Attack in Two Years Targets NATO & US Defense Organizations (Trend Micro: Simply Security) Overnight, Trend Micro's research teams identified a new attack in the ongoing Pawn Storm campaign that is focused on high-profile, sensitive targets
Hacking Team's Flash 0-day: Potent enough to infect actual Chrome user (Ars Technica) Government-grade attack code, including Windows exploit, now available to anyone
Update: The Hacking Team Flash Zero-Day Trifecta (Trend Micro Simply Security) Trend Micro?s researchers have reported a third zero-day vulnerability (CVE-2015-5123) in Adobe Flash, a result from last week's Hacking Team attack to the Adobe Security Team
Hacking Team Another Flash Zero-Day: CVE-2015-5122 (Security Affairs) Following the Hacking Team data breach, yet another Adobe Flash Player zero-day vulnerability has been found actively exploited in-the-wild
Adobe Flash ActionScript 3 opaqueBackground Use-After-Free Vulnerability (US-CERT) Adobe Flash Player contains a critical vulnerability within the ActionScript 3 opaqueBackground class, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected include Adobe Flash Player 9 through 18.0.0.204
APT Group UPS Targets US Government with Hacking Team Flash Exploit (Palo Alto Networks) On July 8, 2015, Unit 42 used the AutoFocus Threat Intelligence service to locate and investigate activity consistent with a spear-phishing attack targeting the US Government. The attack exploited an Adobe Flash vulnerability that stems from the zero-day vulnerabilities exposed from this month?s Hacking Team data breach
SSD Advisory — Adobe Reader Combobox Code Execution (Bot24) More powerful than other PDF software, Adobe Acrobat Reader DC is the free, trusted standard for viewing, printing, and annotating PDFs. And now, it's connected to Adobe Document Cloud — so it's easier than ever to work with PDFs on computers and mobile devices
Hacking Team Used Spammer Tricks to Resurrect Spy Network (KrebsOnSecurity) Last week, hacktivists posted online 400 GB worth of internal emails, documents and other data stolen from Hacking Team, an Italian security firm that has earned the ire of privacy and civil liberties groups for selling spy software to governments worldwide. New analysis of the leaked Hacking Team emails suggests that in 2013 the company used techniques perfected by spammers to hijack Internet address space from a spammer-friendly Internet service provider in a bid to regain control over a spy network it apparently had set up for the Italian National Military Police
Hacking Team Shows the World How Not to Stockpile Exploits (Wired) Bank robber Willie Sutton's famous line about why he robs banks — "because that?s where the money is" — was particularly apt this week after the Italian firm Hacking Team was hacked and at least two zero-day exploits the firm possessed were spilled to the public, along with about 400 gigabytes of company emails and other data
Italy's security firm suspects foreign govt behind cyber attack (India Today) Italian cyber-security firm Hacking Team said a government might have been behind a massive hack of its systems and warned that the subsequent leaking of its computer codes could prove a field day for criminals
How spyware peddler Hacking Team was publicly dismantled (Engadget) Early Monday morning, around 400GB of stolen internal company files belonging to Italian surveillance and intrusion software firm Hacking Team were distributed online through its freshly hacked Twitter account (changed to "Hacked Team")
Hacked Hacking Team team — like everyone in security — read The Register (Register) If only they'd paid more attention
WikiLeaks reveal Indian intelligence agencies seeking mass phone tapping technology (Daily Times Gazette) WikiLeaks has released yet another batch of emails and this time some of it contained emails stating that Indian intelligence agencies are trying to get a hold of sweeping interception capabilities, including mobile devices abroad
The Morpho Group Scales Up Cybersabotage Activity Anew (Droid Report) The hacker group tagged as "the Morpho group" by data and software security research companies has increased their economic espionage and sabotage activities
How the Wild Neutron Hacker Group Avoids Detection (eWeek) The hacker group known as Wild Neutron is still actively attacking companies around the world, a number of years after the group was first discovered in 2011. Both Kaspersky Lab and Symantec have reported renewed activity from Wild Neutron (Symantec now refers to the group as "Butterfly") this year
Three UAE firms targeted by 'sophisticated' cyber-bandits (Arabian Business) A sophisticated cyber group that concentrates on stealing intellectual property from large enterprises has compromised "a string of major corporations" in recent years, including three organisations "located or headquartered" in the UAE, cyber-security company Symantec has claimed
Internetbetrüger attackieren gezielt Smartphones (Stuttgarter Nachrichten) Jeder dritte Deutsche kauft mobil über das Internet ein. Das macht Smartphones zum lohnenden Angriffsziel von Online-Kriminellen. Urlaubsreisende sind besonders gefährdet
Cloudminr.io Hacked, User Database Put Up For Sale (Crytpocoin News) Users of the "cloud mining" service Cloudminr.io were greeted with an unwelcome surprise when they showed up at the site in the last several hours: a CSV (comma separated values) file containing a sample of the entire user database for the website. The whole site is apparently for sale, and the hackers appear to have full control of the server at this point
WordPress CP Multi View Event Calendar Plugin 1.1.7 — SQL Injection (Bot24) Multiple SQL Injection vulnerabilities has been detected in the Wordpress cp-multi-view-calendar plugin in version 1.1.7
A New, Innovative Ransomware Attack Spreads Using Google Drive (KnowBe4) An Eastern European cybercrime gang has started a new TorrentLocker ransomware campaign where whole websites of energy companies, government organizations and large enterprises are being scraped and rebuilt from scratch to spread ransomware using Google Drive and Yandex Disk
Ransomware Operation Kofer Mutates to Avoid Detection (Infosecurity Magazine) A massive ransomware operation named "Operation Kofer" has hit the wild — with a morphing identity bent on throwing off detection mechanisms
Hackers' capability to crash trains raises security concerns, malware could lead to train crashes in the UK (Security Affairs) Cyber attacks can crash trains. Intense security concerns have emerged, after the upgrade of the British railway network that can be affected by malware
Bulletin (SB15-194) Vulnerability Summary for the Week of July 6, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
New PHP Releases Fix Backronym MySQL Flaw (Threapost) Several new versions of PHP have been released, all of which contain a number of bug fixes, most notably a patch for the so-called BACKRONYM vulnerability in MySQL
Vulnerability Note VU#338736: Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability (CERT (SEI Carnegie Mellon) US DHS) Adobe Flash Player contains a vulnerability in the ActionScript 3 opaqueBackground property, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system
Adobe To Fix Another Hacking Team Zero-Day (KrebsOnSecurity) For the second time in a week, Adobe Systems Inc. says it plans fix a zero-day vulnerability in its Flash Player software that came to light after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that's long been accused of helping repressive regimes spy on dissident groups
The Adobe Flash Conundrum: Old Habits Die Hard (TrendLabs Security Intelligence Blog) Is it time to hop off the endless cycle of Flash vulnerabilities and updates?
Cyber Trends
Interview: What the rise of malvertising means for your business (IT Pro Portal) Recent research from end-point security firm Malwarebytes found that malvertising is one of the primary infection vectors and will be used to reach millions of consumers this year
Threat intelligence survey: 43 percent only share info internally (SC Magazine) Many information security pros said threats discovered were shared strictly within the organization, but 81 percent wanted more public-to-private sector sharing
The Dinosaurs Of Cybersecurity Are Planes, Power Grids And Hospitals (TechCrunch) As we continue down the path toward complete connectivity — in which all devices, appliances and networks connect to each other and the Internet — it is evident that much of our longstanding technology can no longer keep up
The Vague Software 'Magic' of the Internet of Things (Re/code) One of the big promises of the Internet of Things is supposed to be insight. The idea is that, by collecting all kinds of data from a myriad of connected sensors, both businesses and consumers will be able to learn more about the systems, devices and environments around them
Welcome to the Internet of Things. Please check your privacy at the door. (IT World) Several things can happen to your IoT data, and most of them are bad. Here are the biggest things you need to worry about
Identifying the five principal methods of network attacks (Help Net Security) Companies are underestimating the risk of failing to provide security training to non-technical staff
Education Sector is More Likely to Visit Malicious Websites (Infosecurity Magazine) Users in the education sector are more likely to visit compromised websites than other industries
Facebook's security chief calls for Adobe Flash to be killed off (Hot for Security) Poor old Adobe Flash. Hardly anybody seems to love it. And this isn't a new phenomenon
Marketplace
Worldwide cybersecurity market continues its upward trend (Cyber Security Caucus) The worldwide cybersecurity market continues to grow and grow as defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020
Will Cyber Security Companies shift their Headquarters out of US? (eHacking News) The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution
Enterprise Objectives for Threat Intelligence Programs (Network World) CISOs are investing in threat intelligence programs to improve secure controls, automate security operations, and establish centralized threat intelligence services within their organizations
Leaked: Google Inc To Invest $100 Million In Security Startup CrowdStrike (Bidness Etc) Google ups its cyber-security game, as it has invested $100 million in CrowdStrike
Deception security startup TrapX raises $9M (Vator News) TrapX creates lightweight, affordable emulations to help deceive and trap hackers
Who won big on Splunk buying Caspida? (Hint: One's a huge Fitbit winner, too) (Silicon Valley Business Journal) Splunk's $190 million purchase of Caspida looks like a very big win for a small group of venture investors who got in early on the very young cyber-security startup
Products, Services, and Solutions
Excess cyber liability product introduced (Business Insurance) Wholesale insurance distributors AmWINS Group Inc. has launched an excess facility to meet the demand for cyber liability insurance
Fed up with losing email to your spam folder? Gmail’s artificial intelligence wants to help (Naked Security) Google arms bulk senders with spam smarts in Gmail Postmaster ToolsNo matter how hard Google tries to keep important stuff in our Gmail inboxes and garbage filtered away into our spam folders, we still end up dumpster-diving into that spam folder to find missing email
After Monumental Breach, Banks and Even Farmers are Buying NSA-Fueled Surveillance Gear (Nextgov) Agriculture companies are now buying cyber-surveillance gear fueled by National Security Agency intelligence, according to a telecommunications company authorized to sell the technology to government and industry
BalaBit Releases Blindspotter, Real-time User Behavior Analytics Tool (Digital Journal) BalaBit, an IT security innovator specializing in advanced user monitoring technologies, today announced that its next-generation IT security tool, Blindspotter is now generally available. Blindspotter is a real-time, user behavior analytics (UBA) tool that analyzes user activities and identifies suspicious events occurring throughout IT systems. It is designed to help organizations mitigate the impact of advanced persistent threats (APTs) or identify malicious internal activity and to speed up the investigation process of any suspicious activityead more: http://www.digitaljournal.com/pr/2608614#ixzz3fmHspxzG
Does Avast slow down my computer? (Avast Blog) When your computer slows to a crawl, it is very frustrating. One of the worst things that people do when trying to restore the performance of their PC is to remove the security software. Getting rid of your protective barrier just opens you up to threats that could make things even worse
Privacy talk at DEF CON canceled under questionable circumstances (CSO) Anti-surveillance tool ProxyHam will never see the light of day
Technologies, Techniques, and Standards
NAIC's New 12-Step Cybersecurity Program (Bradley Arant Bolt Cummings) The Cybersecurity Task Force of the National Association of Insurance Commissioners (NAIC) has released formal guidance outlining the data security safeguards that the insurance industry and state insurance regulators should implement to ensure that sensitive information and the industry's data infrastructure are protected from cybersecurity intrusions
Singapore Conference Aims to Produce New Aviation Cyber Security Recommendations (Avionics Today) The global aviation industry is one of the biggest and growing targets for cyber attacks, Tony Tyler, CEO of the International Air Transportation Association (IATA), said during a civil aviation cyber security conference hosted by the Singapore Ministry of Transport Wednesday
Improving Management of Privileged Access (HealthcareInfoSecurity) CISO offers a strategy to help thwart hackers
3 ways to stop insider threats in your organization (Help Net Security) No one wants their organization to be the next poster child for a major informational breach. No one wants their company to make headlines for having their data compromised or stolen. No one wants their governmental agency to become the example of what not to do in security IT
Tackling the Seven Deadly Sins of Mobile Security (Information Security Buzz) A secure and productive mobility strategy is a game changer for any business in today's connected world. It's becoming more imperative for users to gain access to corporate data on their mobile devices both inside and outside of the corporate network
The 3 best ways to protect your Social Security number from thieves (Mashable) After the Office of Personnel Management announced on Thursday that hackers got their hands on the Social Security numbers of more than 21 million Americans, it?s hard not to worry about having your identity stolen
For Social Engineering Scams, The Best Security Patch Is Education (Forbes) I lost my driver's license while out of town last month, which I assumed would put a big damper on my trip. I rarely have to brandish a photo ID when I'm at home, since I frequent the same businesses that know me by sight. I assumed that wouldn't be the case on vacation, so I braced for the worst. Imagine my surprise when I realized that losing my license had virtually no effect at all
Design and Innovation
How To Make Internet Voting Secure (Dark Reading) To be effective, an Internet voting system has to auditable every step of the way, a new study says
Weeding Out Online Bullying Is Tough, So Let Machines Do It (Wired) Online abuse: there's just so, so much of it. Social networks teem with harassment and trolling, so much so that companies have outsourced the work of content moderation to an army of laborers, typically overseas, often at an enormous mental and emotional toll to the workers themselves
How (not) to build a secure mobile messaging platform (Mikkolehtisalo) Lately there has been noticeable efforts for secure mobile messaging platforms. There are simply too many already to event start listing them. Most of the nation states seem to be working to obtain one, with or without commercial partners. Products come and go. So far I have not seen one that touches the fundamental problem that there is a difference between mass surveillance and being actually targeted by a state level aggressor. This is a post about a few things that you would have to take into account when the game was not only about mass surveillance
Research and Development
MIT's CodePhage helps computers automatically detect, devour their own bugs (Christian Science Monitor Passcode) Massachusetts Institute of Technology researchers presented a system to detect bugs in programs as they run and repair them by borrowing functionality from other applications
Is this the Holy Grail? Bitglass gets patent for searchability over encrypted files (Network World) Full encryption of files with full searchability? That's kind of the Holy Grail that everyone wishes for. Bitglass secured a patent to deliver just that
Academia
Raytheon invests in Poland's premier technical universities (PRNewswire) $100,000 donation to fund innovative learning
Legislation, Policy, and Regulation
Germany adopts cyber attack precautions (Deutsche Welle) Minimum precautions to ward off cyber attacks have been imposed on 2,000 German institutions listed as "critical infrastructure." Parliament's upper chamber has also endorsed residency for 30,000 foreigners
The cyber defense crisis (Washington Post) Anyone who has ever filled out standard form 86 will attest that it is arduous. This 127-page "Questionnaire for National Security Positions" is part of the process of being cleared to handle the secrets of the U.S. government
A successful cyber sprint, with a questionable finish line (FCW) The federal government's 30-day cybersecurity sprint will wind down this weekend, but the work is far from over
The rise of the new Crypto War (Daily Dot) James B. Comey, Jr., the seventh director of the Federal Bureau of Investigation, is afraid of the dark
Competing Bills Focus on Cybersecurity Information Sharing But Final Language and Ultimate Passage Remain Unknown (National Law Review) There are currently three major cybersecurity-related bills pending in the 114th Congress that address information sharing among private entities and between private entities and the federal government: the Protecting Cyber Networks Act (PCNA), H.R. 1560, the National Cybersecurity Protection Advancement Act of 2015 (NCPAA), H.R. 1731, and the Cyber Security Information Act of 2015 (CISA), S. 754
Defense Department Embraces 'Good Enough' for Mobile Security (SIGNAL) Devices are not the issue: Department wants industry solutions to protect the data
The Lawfare Podcast: Admiral Bob Day on Cybersecurity and Accountability (Lawfare) Last month, I attended a briefing given by members of the Virginia Cyber Commission hosted by the Northern Virginia Technology Council. I was impressed by what I heard. So we invited the Commission's Executive Director, Rear Admiral Bob Day (USCG, Ret.) to come tell us more about the Commission's work and the upcoming release of its report later this month. But first, some background on the Commission
At The NSA, A Rising Star's Commitment To Faith — And Public Service (NPR) As Chief Risk Officer at the National Security Agency, Anne Neuberger has reason to think carefully about questions of how far the agency should go in collecting intelligence: Not far enough, and U.S. national security is at risk. Too far, and Americans' civil liberties are at risk
America's secret weapon against cyber attacks? Try a new military for cyber crimes (Fortune) It is time for the nation to create a sixth branch of the military dedicated to cyber security with its own service academy
Litigation, Investigation, and Law Enforcement
New Case Highlights Deep Hole in Cyber Insurance Policies (JDSupra) Insurance policies covering data breach liability began appearing roughly ten years ago. We noted then a troublesome provision in some forms that seemed to exclude coverage for the insured's failure to maintain data security
CIOs Will Have to Defend Cybersecurity Policies in Court (Wall Street Journal) Time to lawyer up, CIOs. As Donna Seymour, CIO of the U.S. Office of Personnel Management faces a lawsuit for her role in failing to protect millions of personal data files of employees, CIOs generally should expect to be sued in increasing numbers over cybersecurity issues, one attorney says
Europol and Spanish police dismantled a very active cyber gang (Security Affairs) A joint effort of the Europol with the Spanish Police allowed to dismantle a very active cyber criminal gang operating in Barcellona
How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack (BGPMon) As part of the Hacking Team fall out and all the details published on Wikileaks, it became public knowledge that Hacking Team helped one of their customers Special Operations Group (ROS), regain access to Remote Access Tool (RAT) clients. ROS recommended using BGP hijacking and Hacking Team helped with the setup of new RAT CnC servers
Nigerians suspected in cybercrime attacks (The National) Police have apprehended three Nigerians suspected of launching cybercrimes in the United States
Four men arrested by Cyber Crime Unit (KNOE) Attorney General James D. "Buddy" Caldwell announced Friday that four men have been arrested for crimes against children following joint law enforcement investigations involving the Attorney General's Cyber Crime Unit
Prosecutors: Convicted Navy pilot offered secrets to China (Navy Times) Prosecutors allege a Navy pilot and Top Gun grad offered military secrets to Chinese officials if they would break him out of jail after he was found guilty of producing child pornography
Lad who attacked Spamhaus in DDoS attack avoids prison, given a second chance (Naked Security) Just over two years ago, we wrote about a massive DDoS attack against Spamhaus
How 153 robocalls cost one company $229,500 (Naked Security) One of the biggest annoyances of the modern era has to be the amount of spam we receive. Coming in many forms, we have become quite adept at filtering it out, using tech to deal with the email variety and the bin for the paper-based form
The Pirate Bay Founders Free of Criminal Copyright Case (Hacker News) The four co-founders of The Pirate Bay, the world's most popular torrent website, have been cleared of charges alleging criminal copyright infringement and abuse of electronic communications in a Belgian court
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Securing Your Digital Assets (New York, New York, USA, Jul 14, 2015) Privacy and data security are a growing concern across all industries, and any breach of corporate or personal digital assets threatens financial and reputational harm. With all of the news and educational offerings, you're probably aware of the vulnerabilities. But cyber security is not a task, it is a process. So what procedures do you have to put in place to plug the loopholes? Our expert panel will discuss some of the best current options for implementing effective digital safeguards
The APTs are coming (New York, New York, USA, Jul 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort, and vArmour for an informative breakfast discussion on the most effective solutions available for stopping advanced threats
Upcoming Events
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, Jul 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered preventative tools ineffective. The ultimate goal — disrupting and stopping attacks — has continued to elude security experts. The next stage in the industry's evolution is to move to a stance of "dynamic defense," which combines the ability to detect an attack and fully understand its scope and potential impact on the business, and then use the information to disrupt the attack before adversaries can accomplish their goals
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers