Cyber Attacks, Threats, and Vulnerabilities
'Call of Jihad': ISIS Turns to Video Games, Hollywood to Reach Recruits (Defense One) This video shows how ISIS is increasingly appropriating images of western pop culture, portraying terror as glamorous
Social media screening for terrorism needs multiple lenses (Brookings) Since the recent tragic terrorist attack in San Bernardino, California — where a radicalized Muslim couple gunned down 14 people at a holiday office party — much attention has been focused on the wife, Tashfeen Malik, a Pakistani national. She was allowed into the US in 2014 on a type of visa for people who plan to marry American citizens
Astorino says county was never told of cyber attack on dam (Iohud Journal News) Westchester County officials were never told by their federal partners on a joint terrorism task force about a 2013 cyber attack on a dam owned by the city of Rye, County Executive Rob Astorino said Tuesday
The Juniper VPN backdoor: buggy code with a dose of shady NSA crypto (CSO Online) Or, how one backdoor was actually two
Juniper Backdoor Picture Getting Clearer (Threatpost) The NSA's subversion of encryption standards may have come home to roost
Cisco launches code review after Juniper's spyware disclosure (IDG via CSO) No unauthorized code has been found yet but the review continues
Cisco reviews code after Juniper breach; more scrutiny expected (Reuters) Networking equipment maker Cisco Systems Inc said on Monday it has launched a product review to look for tampering after rival Juniper Networks Inc's disclosure found code in firewall software that made it vulnerable to cyber attacks
Cybercriminals using Facebook to push Spy Banker trojan (SC Magazine) Cybercriminals are using the friendly face of Facebook and Twitter to distribute banking trojans that are specifically targeting Brazilians
VTech hack exposes parent's nightmare: The Internet of broken toys (Parallax) Toys are supposed to bring a sense of fun and wonder to a child's playtime, but as November's VTech Kids hack demonstrated, toys these days can also bring threats from the Internet
Torrenting Still A Thorn In Enterprise Networks (Dark Reading) A quarter of enterprises still see torrenting activity and among those, 43 percent of apps contain malicious elements
A Hidden Insider Threat: Visual Hackers (Dark Reading) Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts
Security Patches, Mitigations, and Software Updates
Joomla! 3.4.7 Released (Joomla!) Joomla! 3.4.7 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability and one low level security vulnerabilities. We strongly recommend that you update your sites immediately
Yahoo to Warn Users of State-Sponsored Attacks (Threatpost) Yahoo has announced it will follow in the footsteps of Twitter and Facebook and begin warning users when it believes their accounts have been targeted by a state-sponsored actor
New Microsoft adware rules could stop another Superfish security scare (Guardian) From March, adware on Windows will have to be easily removable and not able to hijack users' connections
Cyber Trends
5 Leaks that Shook the World in 2015 (Legaltech News) LTN revisited some of the hacks that may have gotten your data stolen this year and got experts to weigh in
2015 Ransomware Wrap-Up (Dark Reading) Here's a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year
Seven astounding technology trends for 2016 (SecurityInfoWatch) 2015 was a transformative year for technological innovation. 2106 continues that technology trend with more disruption in sight. Below is a short list of my predicted trends for the coming year
5 Data Breach Predictions for 2016 (Legaltech News) In its third annual Data Breach Industry Forecast, Experian makes five sobering predictions based on recent events and new and emerging trends
Expect Phishers to Up Their Game in 2016 (KrebsOnSecurity) Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it
Cyber security: Attack of the health hackers (FInancial Times) Breach of Anthem database, probably from China, is part of a 2015 wave of 100m hacked medical records
IoT attacks and new evasion techniques can be the emerging threats in 2016 (Financial Express) As in years past, the Internet of Things (IoT) and cloud play heavily in the predictions but new malicious tactics and strategies will create unique challenges for vendors and organizations alike
The Industrial Cyber Myth: It's No Fantasy (Dark Reading) As threats become more sophisticated, the industry is still playing catch-up
"Physical Security Professionals Must Work Closely With Cyber Experts": Nuix CTO Stuart Clarke on Combating the Cyber Threat (IFSEC Global) "The message I always give to organisations is that against a sufficiently motivated individual, your network really doesn't stand a chance," according to Stuart Clarke, CTO of Nuix
1 in 4 people will be hit by a data breach by 2020 — what are you doing to secure yourself (Naked Security) In a world where it seems like a new data breach is announced every other day, there are still plenty of people who don't think it'll happen to them
Cyber criminals gearing up for Christmas data bonanza (CRN) Data left on old devices will provide rich pickings if not wiped and disposed of correctly, Kroll Ontrack warns
Marketplace
Cybersecurity And Risk Management To Gain Traction In Security Market During 2016 (SourceSecurity) Cybersecurity is a fast-changing field and 2015 was no exception
Finance teams becoming involved in cyber risk mitigation oversight (Help Net Security) CFOs and their finance teams are toughening policies on suppliers and increasing insurance coverage as they are asked take on a larger role in defending their companies from emerging cyber risks, according to a new survey of Chartered Global Management Accountant (CGMA) designation holders
Products, Services, and Solutions
5 Big Improvements in Wireshark (eSecurity Planet) It's now even easier to use the open source Wireshark tool to analyze network traffic at the packet level, thanks to a recent upgrade
Securing the Security Companies: Protecting the Cloud With Real-Time Threat Intelligence (Recorded Future) When a cyber defense company wants to make sure its clients are safe from cyber intrusions, they turn to Recorded Future
Technologies, Techniques, and Standards
Should you buy cyber insurance? (Network World) With the number breaches reaching an all-time high in 2014 many businesses are looking to mitigate risk with insurance
NIST practice guide shows agencies how to establish trusted geolocation in the cloud (FierceGovernmentIT) Earlier this month, the National Institute of Standards and Technology issued an interagency report that effectively serves as a practice guide for agencies looking to establish trusted geolocation for cloud computing systems
How to have yourself a merry cyber-safe Christmas (BBC) In 2000, Scott Culp wrote a terrific essay on computer security
Advent tip #23: Check that Java is turned off in your browser (Naked Security) You've heard of Java
Design and Innovation
Error 451 is the new Ray Bradbury-inspired HTTP code for online censorship (PCWorld) Error code 451 tells you when content you want to see is blocked due to "legal obstacles"
Google Wants To Eliminate Password Login (InformationWeek) Google has begun testing a password-free login method that enables users to log in using their smartphones
Secure email could be the prescription for improved chronic care outcomes (FiercePracticeManagement) New survey results point to improved outcomes and more cost-effective patient contact
CyberPoint wants the Force to be with you when thinking about your firm's cyber security (Baltimore Business Journal) In a galaxy far, far away, there could be hackers trying to steal your employees' personal data or hack your company's bank accounts
Research and Development
Mobile health data security focus of $10 million NSF research project (FierceMobileHealthcare) A $10 million National Science Foundation research project aims to shore up patient data security and user confidentiality when it comes to mobile health tools
Academia
SecureRF Collaborates with University at Buffalo Mathematics Doctoral (SecureRF) Students to study Algebraic Eraser. Partnership made possible with $600,000 grant from the National Science Foundation
Legislation, Policy, and Regulation
What the EU's Data Privacy Ruling Really Means: Part One (Legaltech News) Legal tech experts weigh in on what the GDPR decision really means going forward
What the EU's Data Privacy Ruling Really Means: Part Two (Legaltech News) Legal tech experts weigh in on what the GDPR decision really means going forward
Two of the Most Important Pieces of Cyber Legislation Ever (Willis Wire) A bit like London buses — you wait for ages and then two come along — two of the most significant pieces of European legislation ever affecting cyber liability have been announced by the European Commission in the last week
Explaining U.S. Surveillance Law Protections for an EU Audience (Lawfare) In October, the European Court of Justice and its Advocate General struck down as unlawful the EU/US Safe Harbor, which since 2000 has been a major way that US-based businesses could comply with the relatively strict EU privacy laws. Concerns about the weak protections in the US surveillance system were a major basis for striking down the Safe Harbor
China says tech firms have nothing to fear from anti-terror law (Business Insurance) Technology companies have nothing to fear from China's new anti-terrorism law which aims to prevent and probe terror activities and does not affect their copyright, China's Foreign Ministry said on Wednesday, rebuffing U.S. criticism as unwarranted
Tech Sector Fights Back as U.S. Approves CISA, UK, China Consider Proposals (Legaltech News) New intelligence gathering initiatives have led to a chorus of concern from the tech sector and privacy advocates
Apple disses British surveillance bill (Deutsche Welle) Apple is opposing provisions in a draft UK law that would weaken online encryption by requiring built-in cyber "backdoors" for government spies. The US e-gadgets company says backdoors harm rather than help security
Debate Likely to Continue Into 2016 on Companies Providing Info to Law Enforcement (Legaltech News) It is likely legislators will continue to debate proposals requiring companies to provide info to law enforcement and intelligence officials — if suspected terrorism is involved
U.S., European Aviation Authorities at Odds Over Cybersecurity (Wall Street Journal) U.S. and European aviation authorities are at odds over one of the industry's hot-button issues: devising ways to protect an array of aircraft from potential cyberattacks
FAA Finally Admits Names And Home Addresses In Drone Registry Will Be Publicly Available (Forbes) The FAA finally confirmed this afternoon that model aircraft registrants' names and home addresses will be public
FAA takes drone registration offline for maintenance ahead of surge in demand (ITWorld) The FAA said the site would be offline during the night hours of Tuesday and Wednesday
The Pentagon's Law of War for Cyberspace (The Diplomat) Beyond the targeting of civil nuclear power plants
E.W. Priestap Named FBI HQ Counterintelligence Division Assistant Director (ExecutiveGov) E.W. Priestap, formerly deputy assistant director of the FBI intelligence directorate's intelligence operations branch, has received appointment as assistant director of the counterintelligence division at the bureau's headquarters
Australian government tells citizens to turn off two-factor authentication (Ars Technica) When going abroad, turn off additional security. What could possibly go wrong?
Litigation, Investigation, and Law Enforcement
First on CNN: Newly discovered hack has U.S. fearing foreign infiltration (CNN) A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years
Wyndham settlement: No fine, but more power to the FTC (CSO) On the face of it, Wyndham Hotels and Resorts dodged a major bullet from the Federal Trade Commission (FTC)
Oracle ordered to admit it deceived users over Java security updates for years (Hot for Security) We all know that one of the pillars of computer security is keeping your software up-to-date
Clinton campaign sweats out data breach damage (Politico) Hillary Clinton's team is unsettled by what Bernie Sanders' staffers might have seen in their sneak peek
Bank of America gets Twitter to delete journalist's joke, says he violated copyright (Ars Technica) "I have no way of guessing what the objection was really about"
Kim Dotcom Ruled Eligible For Extradition to US, Will Appeal (Wired) After a ten week trial and more than 3 years after the raid on Kim Dotcom's mansion, a New Zealand judge has denied an extradition stay for Kim Dotcom and his three business associates
Bahamas man accused of hacking celebs, stealing movie scripts & sex tapes (Ars Technica) Suspect offered "a very popular celebrity SSN along with 30 unreleased tracks"
Cops crush claimed karaoke copyright crooks' conspiracy (Naked Security) 'Twas the night before Christmas, and all through the station, London police couldn't give a figgy pudding about anybody's plans for a homemade karaoke sing-along
IT manager has his bikes stolen after cycling app reveals his home address (We Live Security) Hopefully by now, many of us have woken up to the danger of revealing too much personal information on social networks
Grindr being used to target and rob gay men (Naked Security) Thieves are using the popular gay dating app Grindr to target and rob men
Keller Rohrback Investigates Hello Kitty Database Cyber Attack (BusinessWIre) Attorney Advertising. Keller Rohrback L.L.P. is investigating recent reports that the popular website SanrioTown[dot]com — the official website for Hello Kitty and other Sanrio (OTC Pink:SNROF) toy brands — fell victim to a cyber attack that left over three million users' personal information at risk. The majority of users are children