Cyber Attacks, Threats, and Vulnerabilities
Watch: Hafiz Saeed launches 24X7 cyber cell, mobile app to attack India (Zee News) One of the most wanted terrorists in India for masterminding 26/11 Mumbai terror attacks, Jammat-ud-Dawah chief Hafiz Saeed has now created a 24-hour cyber cell to launch attacks on India
ISIS Hackers Sharpen Skills Used For Cyber Terror In Secret Forum (Vocativ) The forum reflects ISIS hackers' growing desire to wage war online
Turkey to Increase Security Following Cyberattacks (Voice of America) A spokesman for Turkey's president says the country will increase security following a spate of cyberattacks last week that affected government websites and some banks
Is the Turkish state ready to hire nerds for cyber wars? (Hurriyet Daily News) "From a military standpoint, it would be fair to say that a high-profile cyber weapon is the combination of a nuclear weapon, a biological weapon, a time bomb, an anti-radiation missile, special forces and a medieval sword"
Patch now! Flash-exploitin' PC-hijackin' attack spotted in the wild by Huawei bods (Register) Adobe squeezes out one last batch of security fixes for 2015
Database of 191 million U.S. voters exposed on Internet: researcher (Reuters) An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday
191 Million US Voter Registration Records Leaked In Mystery Database (Forbes) A whitehat hacker has uncovered a database sitting on the Web containing various pieces of personal information related to 191 million American citizens registered to vote
Security Sense: When is a Leak a Hack — and Does It Even Matter? (WindowsITPro) Today I woke up to news of 191 million US voter records having made a public appearance somewhere online. At first glance this appeared to be the same old story: someone hacked into a system and dumped everything either publicly or via a reporter. Same old, same old. But then it took an unexpected turn — it wasn't a hacker (at least in the traditional sense) breaking into a system somewhere, it was someone who was referred to as a "researcher"
AVG Forcibly Installs Vulnerable Chrome Extension That Exposes Users' Browsing History (Softpedia) The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more. The vulnerability was discovered by Google Project Zero researcher Tavis Ormandy, who worked with AVG for the past two weeks to fix the issue
Common payment processing protocols found to be full of flaws (Ars Technica) Stealing PINs and pillaging bank accounts are both trivial
The Fraud Tsunami Heads To The Sharing Economy (Dark Reading) When it comes to cyberfraud, online marketplaces like AirBnB can expect an uphill battle in the wake of the rollout of new chip card technology in 2016
Data breach reaches Pantex workers (Amarillo Globe-News) The National Nuclear Security Administration has confirmed a federal data breach affected some employees at Pantex Plant, potentially leaking background investigation details, fingerprints, mental health and financial history information
Veterans' information potentially compromised (Statesman Journal) The Oregon Department of Veterans' Affairs (ODVA) mailed notification on Monday, Dec. 28, to 967 Oregon veterans whose personal information may have been compromised
USCG Cyber Command warns of ransomware threat (Marine Log) Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it — and occurrences have been cropping up in the maritime domain
The next wave of cybercrime will come through your smart TV (IDG via CSO) Always on and vulnerable, smart TVs are waiting to be attacked
Tech Gifts That Security Pros Will Probably Return (Dark Reading) Insecure gifts that CISOs and other security pros are likely returning as we speak
Security Patches, Mitigations, and Software Updates
Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Adobe Fixes Flash Zero-Day Bug Discovered by Huawei (Softpedia) Adobe releases out-of-band security update
Flash Player Patch Fixes 0-Day, 18 Other Flaws (KrebsOnSecurity) Adobe has shipped a new version of its Flash Player browser plugin to close at least 19 security holes in the program, including one that is already being exploited in active attacks
Cyber Trends
How the Internet of Things Got Hacked (Wired) There was once a time when people distinguished between cyberspace, the digital world of computers and hackers, and the flesh-and-blood reality known as meatspace
What Will The Internet Of Things Be When It Grows Up? (TechCrunch) An old proverb advises, "Keep a thing seven years, and you'll find a use for it"
Will IT security be different next year? (Help Net Security) It is that time of the year again where we delve into the back of the cupboard and dust off the crystal ball as we make our predictions for the year ahead
6 Cybersecurity Insights from SC Congress (eSecurity Planet) Cyber insurance and new approaches to security patches were among topics on the agenda at the recent SC Congress
Cybersecurity in 2016 (Cipher Brief) In 2016, the gap between threat actors and the cybersecurity industry will continue to expand
15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn't (Dark Reading) Another infosec year is almost in the books. What did all the breaches, vulnerabilities, trends, and controversies teach us?
The Rise Of Community-Based Information Security (Dark Reading) The more vendors, service providers, and companies' band together to fight security threats, the more difficult it will become for attacks to succeed
The Splinternet: A New Era of Censorship, Surveillance, and Cyberwarfare (The Takeaway) For more than a decade, the internet has become a seemingly borderless land of free flowing information. It began as a not so open U.S. military data system decades ago, but it evolved over time into the public digital domain it has become
Healthcare Shows High Risk From Brute Force Attacks According To Industry Report (Business Solutions) As we enter 2016 and more of the healthcare industry depends on the cloud, security specifically in this area will become even more important to your clients
Major Misconceptions About Cloud Security in European Financial Sector, New Survey Shows (IBM Security Intelligence) The ENISA report titled "Secure Use of Cloud Computing in the Finance Sector," published in December 2015, showed just how far European banks and other financial institutions lag behind with respect to perceptions and usage of cloud computing in their businesses
Cyber response mechanism: The 'achilles heel' of corporate India (India Times) As the competitiveness and need for excellence increases in the business arena, many companies are now seeing information technology (IT) seep into the DNA of their business operations
Marketplace
Top Board Priorities for 2016 (Harvard Law School Forum on Corporate Governance and Financial Regulation) Organizations are faced with many critical challenges — including rapidly changing technology, environmental risks, regulatory and legal requirements, major shifts in markets, ethical breaches, and big data and cybersecurity issues — that threaten their long-term success and sustainability
Hacking attacks hand cyber security firms the limelight (Proactive Investors) In the world of investment, one person's problem is another's opportunity
Why One Cybersecurity Investor Says No Company Is Safe (PYMNTS) In March 2015, addressing a crowd at Innovation Project 2015, retired four-star General Keith Alexander, the former director of the National Security Agency, quieted the crowd with his rather sober reality of the future of cybercrime and cybersecurity
Cyber-security and operational risk converge, says study (Banking Technology) Operational risk and cyber-security concerns are converging as a topic for risk managers, who also face a changing agenda resulting from the digital transformation of baking and financial services
Upcoming trends in the SIEM market (Help Net Security) AccelOps identified the need for a convergence of today's disparate Network Operations Center (NOC) and Security Operations Center (SOC) departments, a shift to outsource to security service providers and a desire for tools that map and analyze network infrastructure from a single-pane-of-glass view into both network operations and security
Cisco Closes $452.5M Lancope Buy; Boosts Network Security (Zacks) Cisco Systems recently completed the acquisition of network security provider Lancope, Inc. The $452.5 million cash and stock deal was announced in October
The Hottest Cybersecurity Startups Of 2015 (Forbes) In 2015, there were few hotter areas in Silicon Valley than cybersecurity
My Conversation With IBM (Seeking Alpha) IBM reached out to me after a couple of recent articles
How Akamai Survived The Darkest Era Of The Web To Become A Backbone Of The Internet (ARC) An unassailable network 17 years in the making
Products, Services, and Solutions
Raspberry Pi Foundation Says 'No' To Malware (InformationWeek) The Raspberry Pi Foundation was reportedly offered cash to put malware on its latest boards. The organization declined the offer
RiskAnalytics Tool Unites Employees Around Cybersecurity (Legaltech News) The company's enhancements to its RiskTool dashboard allow for greater oversight in employee cybersecurity training and prevention
Technologies, Techniques, and Standards
New Years Resolutions (Internet Storm Center) No, not eating more broccoli, or going to the gym… I'm referring to security related resolutions only
A Prediction of Protection: How to Protect Your Digital Assets with E-Discovery Know-How (Legaltech News) Corporations can begin safeguarding information by repurposing some of the e-discovery best practices and know-how they already have in place
6 Ways Your Smartphone Could Get You Into Legal Trouble (Legaltech News) Big law firm lawyers say these practices can cause a bit of a headache… and more
Design and Innovation
5 ways developers can exploit geospatial tech in 2016 (Venture Beat) Since the rise of geospatial technology, applications like Facebook, Uber, and Grindr (where I work), have enabled users to engage with their surroundings to connect with friends, book a room, or set up a date
Experts untangle old, new codes as encryption is eyed to fight terrorism (TribLive) Like a computer hacker for 15th century texts, Thomas Ernst sees meaning where others find only gibberish
Academia
NIIT University, PwC India inks pact for cyber security training (Hindu Business Line) NIIT University (NU) today said it has partnered consultancy firm PwC India for creating a trained talent pool of cyber security professionals in India
Cyberthon welcomes student applications (Pensacola News-Journal) Like football players getting ready for a bowl game, Angela Irby's students at Pine Forest High School Cybersecurity Academy are gearing up for Cyberthon 2016, a competition where students act as information technology professionals fending off simulated hacker attacks
Legislation, Policy, and Regulation
Engaging the International Community on Cybersecurity Standards (The White House) The administration releases a new strategy to improve the U.S. government's participation in the development and use of international standards for cybersecurity
Data Security Regulations Leave Organizations Struggling with Response Methods: Survey (Legaltech News) About 52 percent of respondents think the pending EU GDPR will result in business fines for their company, and two-thirds expect it to force changes in their European business strategy
China's New Anti-Terrorism Law May Call on Foreign Tech Firms (BloombergBusiness) China passed an anti-terrorism law that has drawn U.S. criticism for the assistance that foreign technology companies may be required to give to snooping by the Chinese authorities
China's new anti-terror law: No backdoors, but decryption on demand (Ars Technica) Companies must provide "decryption and other technical support assistance"
China's Military Intelligence System is Changing (War on the Rocks) As American families dined on turkey and stuffing, China's Central Military Commission (CMC) was hard at work in Beijing hammering out military reforms
Lawmakers push for commission on encryption (The Hill) Congress should create a national commission to investigate the difficulties encryption has created for law enforcement, a bipartisan pair of lawmakers argued Monday in a Washington Post op-ed
A modest response to a real cyberthreat (Washington Post) "Omnibus funding bill is a Privacy and Cybersecurity Failure," the Open Technology Institute declared on Dec. 16 . "Last-Minute Budget Bill Allows New Privacy-Invading Surveillance in the Name of Cybersecurity," the Intercept blared. Why did Congress, in its massive year-end budget deal, slip in a measure that Gizmodo once called "the worst privacy disaster our country has ever faced"? Because it's not
Six cybersecurity lawmakers to watch in 2016 (The Hill) On the heels of passing its most significant cybersecurity legislation in years, Congress is poised to tackle a slate of fresh digital issues in 2016
Nonprofits assail IRS for charitable-giving rules (The Hill) Nonprofit organizations and charities are sounding the alarm about a new regulatory proposal from the IRS that would encourage them to collect the Social Security numbers of their donors
Litigation, Investigation, and Law Enforcement
Silk Road founder was tracked down by a Googling tax agent (Naked Security) FBI forensics! DEA investigation! Sophisticated Tor-cracking techniques squeezed (or bought?) out of Carnegie Mellon!
Data Collection, Verification a Top-of-Mind Issue for Anti-Money Laundering Officers (Legaltech News) The LexisNexis Risk Solutions and ACAMS survey found data issues in customer-enhanced due diligence and AML risk assessments