Cyber Attacks, Threats, and Vulnerabilities
ISIL aims to launch cyberattacks on U.S. (POLITICO) Its hackers have tried to penetrate computers that regulate the nation’s electricity grid, U.S. officials say.
ISIS Cyber Attack? US Government, Planes Threatened With Malware, Hacking By Islamic State (International Business Times) The Islamic terrorist group has looked to carry out cyberattacks in 2016, according to a new report.
What Twitter Really Means for Islamic State Supporters (War on the Rocks) Abu Ahmad, one of Islamic State’s most active supporters online says he has had over 90 Twitter accounts suspended, but is not planning to slow down. He
Can we prevent terrorism by checking immigrants’ social media accounts? No. (Washington Post) In the wake of the recent San Bernardino attack, the New York Times published a story based on confidential sources that at least one of the perpetrators, Tashfeen Malik, had expressed anti-American sentiments and a desire to commit “violent jihad” on at least one social network before applying for a K-1 visa. The article implied […]
U.S. Spy Net on Israel Snares Congress (WSJ) Even as the White House two years ago said it would curtail eavesdropping on friendly heads of state, it decided to keep certain allies—such as Israel— under close watch. In the process, the NSA also swept up the content of private conversations with U.S. lawmakers.
The Cold War-Era Rules Designed to Protect U.S. Lawmakers’ Communications (WSJ) The rules governing the way the National Security Agency treats intercepted communications involving U.S. lawmakers date back to the Cold War.
Windows 10 covertly sends your disk-encryption keys to Microsoft (Boing Boing) Windows 10 covertly sends your disk-encryption keys to Microsoft
Microsoft may have your encryption key; here’s how to take it back (Ars Technica) It doesn't require you to buy a new copy of Windows.
Users No Longer Need to Jailbreak Apple iOS To Load Rogue Apps (Dark Reading) 'DarkSideLoader' app stores can side-load apps and circumvent official app stores on any iOS device.
Actor using Rig EK to deliver Qbot - update - SANS Internet Storm Center (SANS Internet Storm Center) SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.
ProxyBack Malware Converts Your PC Into Proxy (HackRead) Palo Alto Networks researchers have identified a unique malware that infects home PCs and transforms them into internet proxies using HTTP tunnel. As per
Android Malware Poses As Google App To Ditch Security Apps (HackRead) Android Malware poses as Google app to infect Android Devices and to Block Security Apps. Recently, security researchers at Symantec Corp identified a
Hacked Website of Connecticut University Caught Spreading Malware (HackRead) Simple DNS hijacking enables attackers to distribute Fake Infected Flash Player at UConn website. On Sunday, the official web portal of the University of
Hyatt Hotels Confirm Security Breach in Payments System (Payment Week) Hyatt Hotels is the latest large-scale brand to fall victim to crippling security attacks.
Someone Hacked A Freeway Sign To Display Pro-Donald Trump Message (HackRead) On Christmas Day Caltrans Freeway sign in Corona Displayed Especial Message for Donald Trump. On Christmas Day, Caltrans Freeway sign in Corona
In A Cyber Attack, Dead ATMs Would Be The Least Of It (Forbes) The electrical grid is vulnerable to cyberattacks and it may be impossible to know where one came from, so it would be very hard to deter.
Vulnerability Summary for the Week of December 21, 2015 (US-CERT) Vulnerability Summary for the Week of December 21, 2015
Security Patches, Mitigations, and Software Updates
Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: December 29, 2015 (Microsoft Support) Microsoft has released a security advisory for IT professionals about vulnerabilities in Adobe Flash Player in the following web browsers: Internet Explorer in Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 10 version 1511 Microsoft Edge in Windows 10 and Windows 10 version 1511…
Cyber Trends
As Internet Gets Faster, Volume of DDoS Attacks Grows, Akamai Reports (eWEEK) Broadband speeds aren't the only thing on the rise. The volume of security risks are also increasing, says Akamai's 3Q15 State of the Internet report.
Your Next Big Break: 2016 Data Breach Predictions (Legaltech News) LightCyber's David Thompson breaks down past breaches to find the trends for the year ahead.
The weird and wacky of 2015: strange security and privacy stories (Naked Security) These wacky stories remind us how important cybersecurity and online privacy have become in all areas of our lives.
Security's Biggest Winners and Losers in 2015 (WIRED) 2015 had several wins for privacy and security—but they were kept in check by losses and failures.
Consumers Facing New Cyber Security Challenges In Upcoming Year (WSPA) Cyber security experts are predicting what kind of hacks we might face in 2016.
This Was the Year the Media Started Doubting the Web (WIRED) As ad-blockers made publishers doubt the web, the media industry has become dependent on Facebook, Twitter, and Apple to reach readers.
Marketplace
Crystal Ball for Software in 2016; M&A, Growth, Cloud Spending—and Another Ring for Curry? (FBR Capital Industry Update) Although we expect many of the same next-generation software technologies from the past couple of years to continue garnering investor interest in 2016, we believe the vendors disproportionately poised to benefit from increasing adoption and more broad-based consumption will be front and center as these technologies inch toward becoming the core DNA of next-generation data centers for enterprises/governments worldwide. To this point, with the ongoing explosion of data, we expect vendors with strong cloud, security, and big data analytics offerings to be well positioned to capitalize on robust market growth in 2016
A New Cyber Security ETF from Global X Is on Its Way (Revised) (Zacks Investment Research) It remains to be seen whether the porposed ETF willl be able to compete with HACK and CIBR.
Michael Dell Tweets His Own Horn Ahead Of SecureWorks IPO (Forbes) Billionaire tech entrepreneur Michael Dell recently tweeted this out to his 910,000 plus followers: "My business card in 1984, year I started. 1st space 1000 sq ft, lasted 30 days. Never forget where you came from."
Mercury Systems Eyes National Security Sector With Newly Acquired Electronics Firm (GovCon Wire) Mercury Systems (Nasdaq: MRCY) has acquired privately held electronics company Lewis Innovative Tech
Avecto Wins $49M from JMI Equity to Grow Endpoint Security Strategy (Channel Futures) Endpoint security software firm Avecto has received its first external funding with $49 million in investment from JMI Equity.
Palantir and Investors Spar Over How to Cash In (WSJ) The data-mining firm has no interest in an IPO, but some employees and even co-founders are trying to sell shares anyway.
Products, Services, and Solutions
Protect your Android for free – here’s a present for your new present! (Naked Security) Got a new Droid as a present? Why not protect it with our free Android anti-virus and security app?
Technologies, Techniques, and Standards
Threat Information Sharing Is Easier With STIX (Security Intelligence) STIX is the language used to share cyberthreats, and all security professionals and organizations should know how to use it effectively.
5 Tips For Getting The Most Out Of Your Firewall (Dark Reading) Despite concerns over the effectiveness of perimeter technologies, firewalls remain a staple in the enterprise security arsenal.
Using surveys to gauge employees' security perceptions (SecurityInfoWatch.com) Despite their perceived downsides, employee security surveys can be quite beneficial
10 Tips To Protect Your Business From a Cyber Security Attack (Lawley Insurance) Follow these tips to help potentially avoid a cyber security attack and keep your business data safe from hackers during Cyber Security Awareness Month
Design and Innovation
Open Source Software's Role in Breach Prevention and Detection (eSecurity Planet) While proprietary vendors dominate the intrusion prevention and detection market, open source software plays a key role.
John McAfee Wants to Make Passwords Obsolete (Time) He's manufacturing a device that “unlocks” everything from your smartphone to your front door
Research and Development
IBM (NASDAQ:IBM) And Alphabet Move Towards Practical Quantum Computers (Amigobulls : Technology Stock Analysis) While IBM has been awarded multi-year IARPA quantum computing contract, Google has made significant steps towards developing practical quantum computers.
Legislation, Policy, and Regulation
International cyber security law developments in 2015 (Economic Times Blog) The year 2015 saw the strengthening of cyber security thought process by nations. Nations very quickly realized in 2015 that there were no international treaties, arrangements which would prevent breaches of cyber security. The absence...
The terrorist in the data (The Economist) How to balance security with privacy after the Paris attacks
North Korea’s dissident-tracking computer software is a dictator’s wet dream (Quartz) The system secretly watermarks files to show who's accessed them.
Parliament: Store Critical Data in India (InfoRiskToday) To ensure cybersecurity, a Parliamentary panel urged DeitY to relocate Internet servers for critical sectors to India. Security critics discuss the legal and
Is India Ready for an Information Sharing Act? (InfoRiskToday) As the US government enacts its Cybersecurity Information Sharing Act, the question becomes: Is India ready for such legislation? What bottlenecks await, and how
Why Tech Companies Need to Follow China's New Anti-Terrorism Law (Legaltech News) While the law “creates the duty” without defining how it will be “exercised” companies should watch how it will be written into regulation
White House finally delivers on cyber deterrence policy (FederalNewsRadio.com) The Obama administration will use law enforcement and even military force to deter cyber attacks in new policy.
Landmark Cybersecurity Legislation Included in Omnibus Package (JD Supra) Action Item: Congress included the Cybersecurity Act of 2015 (the “Act”) in the Consolidated Appropriations Act, 2016 (P.L. 114-113), passing...
Will a new cybersecurity law make us safer? (PBS NewsHour) Folded into the massive spending and tax cut bill was a significant and controversial new law on cybersecurity. The act encourages private companies to share data about hacks with the government, but it's raising questions among security advocates and privacy groups alike. Jeffrey Brown talks to James Lewis of the Center for Strategic and International Studies and Elissa Shevinsky of JeKuDo.
Cybersecurity Act of 2015 is Ineffective, Warns DB Networks (PRNewswire) Act is based on fundamentally flawed assumptions, obsolete Cybersecurity technologies
A Wake-Up Call To Fight Government Surveillance (TechCrunch) Look around any crowded place nowadays and it’s quite clear that many of us have literally become prisoners of our own devices: smartphones, tablets, laptops -- anything and everything with an Internet connection. Our lifestyles practically require us to always be on, and connected to everyone else.
Congress wants to strengthen financial sanctions against Islamic State (Stars and Stripes) With Washington at loggerheads over how to counter the Islamic State on the ground, both parties are proposing expanded financial sanctions as a strategy to assail the terrorist group's operations.
Killing the Islamic State Softly (Foreign Policy) Military power will win battles in Syria and Iraq, but only soft power can win the war.
ISIS is Not a Terrorist Organization (Small Wars Journal) The term “terrorist organization” offers little insight and limits our understanding and approach. ISIS is an insurgent organization using terrorism as a tactic.
Fighting While Friending: The Grey War Advantage of ISIS, Russia, and China (Defense One) Can democracies compete 'where powers can be fighting each other with one hand and shaking hands with the other?'
FBI Seeks to Reframe Encryption Debate (WSJ) The FBI is issuing a more direct challenge to technology companies in the wake of terror attacks in Paris and California, urging them in blunter terms to allow investigators to decrypt private communications during terror probes.
Spy agencies resist push for expanded scrutiny of top employees (Washington Post) A move by Congress to demand more details about senior spies is watered down in final bill.
Litigation, Investigation, and Law Enforcement
Pakistan launches crackdown on Isis (Financial Times) Pakistan has arrested eight alleged members of Isis near Sialkot in Punjab province, in the latest move by a south Asian government to counter the widening influence of the extremist Sunni Muslim group based in Iraq and Syria
'Silent bomber' couple guilty of plot (BBC News) A husband and wife are found guilty of plotting a terror attack in London ahead of the 10th anniversary of the 7 July bombings.
Editorial: Terrorism details can hide in plain sight (Dallas News) As Garland and San Bernardino cases reveal, what we know rises exponentially after the fact. What should we have known before?