Cyber Attacks, Threats, and Vulnerabilities
Anarchist hackers start cyber war with ISIS (The Hill) The global hacker collective known as Anonymous is storming the international political scene with a brash hacking campaign against the Islamic State in Iraq and Syria (ISIS)
Govt admits cyber attacks, but says can't identify culprits (Indian Express) India has not been able to identify the criminals behind cyber attacks against government establishments that were used to transmit classified information to overseas servers
Anthem data breach cost likely to smash $100 million barrier (ZDNet) The company's cyber insurance policy is likely to be exhausted following the theft of up to 80 million records
Anthem: Credit monitoring and identity theft services start Friday for cyber-attack victims (Albany Business Review) Millions of people affected by the cyber security breach at Anthem Inc. will be able to start enrolling Friday in credit monitoring and identity theft protection services provided through the insurer
Ex-Sony head Amy Pascal discusses 'horrible' cyber attack (BBC) The former co-chairman of Sony Pictures has spoken for the first time about the cyber attack on the studio that revealed her private emails
Attackers can bypass Windows' protections by changing a single bit (Help Net Security) Among the many vulnerabilities that Microsoft patched on Tuesday is one that can be exploited to bypass all Windows security measures by, curiously enough, modifying a single bit of the Windows operating system
Beware of hot foreign spies who want to steal your data (CSO) It's no exaggeration that sex buys intellectual property, trade secrets, customer data, and any information or network access of value
Scammers Pounce on Lovelorn Netizens Ahead of Valentine's Day (Infosecurity Magazine) Security experts have reminded lovesick netizens to keep their wits about them on the web around Valentine's Day, pointing out the growing volume of phishing and social media scams designed to con single men
Tinder says it's safe from IBM warning on dating apps (USA TODAY) Dating services Tinder and Match said they are in the clear following a dire warning by tech giant IBM about security risks it discovered in dozens of popular dating apps
Phishing attacks increasingly target financial data (Help Net Security) 28.8 percent of phishing attacks last year aimed to steal financial data from consumers, according to a new report by Kaspersky Lab. The results show how cybercriminals have shifted their focus from banks to payment systems and online shopping websites
Study: Proofpoint Reports an Increase in Malicious URLs in Unsolicited Emails (MarketWatch) Decline in overall volume of unsolicited email outweighed by dramatic increase in maliciousness
16 million mobile devices infected by malware (Help Net Security) Security threats to mobile and residential devices and attacks on communications networks rose in 2014, threatening personal and corporate privacy and information
Security Patches, Mitigations, and Software Updates
Apple's "two-step" security now protects iMessage and FaceTime, too (Naked Security) Apple has quietly extended its two-step verification feature to more of its ecosystem
Microsoft Group Policy Vulnerability Affects all Windows Computers (Threatpost) Enterprises that support remote workers need to prioritize a Microsoft security bulletin released yesterday that addresses a critical vulnerability in Group Policy
Microsoft's patch info 'blockade' pinches security staffs (ComputerWorld) Last month's shuttering of advance notifications continues to frustrate security experts
Cyber Trends
The Anthem hack shows there is no such thing as privacy in the health care industry (Brookings TechTank) Data breaches in the health care industry happen more often than you might think
IT security training is a top priority for CIOs (Help Net Security) CIOs are taking a multipronged approach to protecting sensitive company information, and the majority are currently taking or planning to take steps in the next 12 months to improve IT security at their firms, according to Robert Half Technology
New Zealand doing well according to Trend Micro's 2014 Security Threat report (Geekzone) Last year, New Zealand saw an overall decrease in the number of online security threats when compared with 2013 according to the latest research from Trend Micro. Despite decreases of online threats, New Zealanders are being urged to take a vigilant approach to cybersecurity this year
Marketplace
Cybersecurity stocks rise ahead of executive order (Seeking Alpha) President Obama is poised to sign an executive order today aimed at encouraging companies to share more information about cybersecurity threats with the government and each other
Cybersecurity Stocks in the Spotlight (Wall Street Sector Selector) Wednesday's big earnings beat by FireEye could spark significant bullishness for cybersecurity stocks
FireEye Is "First in the Door" on Big Cyberattacks (AP via ABC News) As hackers invade the computer systems of major companies with greater frequency and their corporate victims scramble to contain the damage and prevent future intrusions, these are boom times for cybersecurity sleuths
FireEye is in demand in high-profile hacks, but Wall Street is looking for profits (AP via the Brandon Sun) As hackers invade the computer systems of major companies with greater frequency and their corporate victims scramble to contain the damage and prevent future intrusions, these are boom times for cybersecurity sleuths
Clearlake Capital Group to Acquire FrontRange Solutions; Will Merge FrontRange with Lumension To Form HEAT Software (BusinessWire) HEAT Software will offer comprehensive service management and unified endpoint management software solutions
Pwn2Own hacking contest shrinks exploit prize pool (CSO) HP and Google put up $465,000 in cash prizes for long-running browser hacking challenge
Duo Security Hires Former Zendesk COO Zack Urlocker To Run Operations (TechCrunch) Two-factor authentication startup Duo Security recently raised a $12 million round of funding to quickly grow its business and customer base. To help with that, the company hired seasoned tech exec Zack Urlocker as its new chief operating officer
Cyphort Hires Denise Hayman as New Vice President of Worldwide Sales (Fort Mill Times) Technology veteran Denise Hayman brings 25 years of diverse security experience to ATD innovator
Products, Services, and Solutions
Not Sure If It's Safe To Leave Your Home? There's An App For That! (Albawaba) The Lebanese Army was presented the award for the best mobile phone application relating to security and safety in Arab countries at the Third Arab Governmental Summit in Dubai, the state-run National News Agency said Wednesday
VirusTotal sets up huge AV whitelist to minimize false positives (Help Net Security) One of the worst things that can happen to a software developer, and especially if they are a small firm or a single individual, is for their program to be falsely detected as malicious by popular AV solutions
iovation Launches Device-Based Authentication to Reduce Account Takeover Threats and Avoid Unnecessary Customer Challenges (MarketWired) By using the customer's device as a second factor of authentication, businesses can reduce operational cost, increase security and minimize customer friction
Tripwire Expands Adaptive Threat Protection Ecosystem (BusinessWire) Industry leader delivers integrated, automated view of cybersecurity risk
Facebook ThreatExchange Platform Latest Hope for Information Sharing (Threatpost) Facebook, with its giant infrastructure and its equally wide view into Internet attacks, has built an information-sharing platform that it hopes will entice other big technology companies to join and contribute threat data and indicators of compromise
Facebook's new ThreatExchange will rally companies to squash internet badness (Naked Security) On Thursday, Facebook launched ThreatExchange, a platform for companies to easily collaborate on security threats
Technologies, Techniques, and Standards
NIST Cybersecurity Framework Turns One, Logging Success (Infosecurity Magazine) The NIST Cybersecurity Framework turns 1 on Feb. 12 tomorrow, fulfilling its initial goal of acting as a voluntary framework to improve cybersecurity for critical infrastructure in the United States
How Anthem Shared Key Markers Of Its Cyberattack (Dark Reading) Insurer shared the MD5 malware hashes, IP addresses, and email addresses used by its attackers
Anthem Hack: Lessons For IT Leaders (InformationWeek) There are two key lessons that IT can learn from the Anthem breach
Improving Cyber Security Literacy in Boards & Executives (Tripwire: the State of Security) The recent Anthem hack that may have compromised 80 million people's personal health information reveals just how mainstream data breaches have become in recent years. In response to this rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today's cyber threats and how they might adversely affect their business
The limits of prevention-centric security programs (Help Net Security) In an analysis of tens of thousands of malicious files, Damballa discovered that it can take more than six months for traditional AV tools to create signatures for 100% of the files
The hackers we know… Ethical hacking and how it can help your client (Inside Counsel) Ethical hackers gain entrance to systems with the ultimate aim of making defenses stronger rather than exploiting them
How much corporate data access should BYOD users have? (TechTarget) Mobile access to company data is one of the surest ways to boost productivity, but IT often has to weigh those benefits against
Shadow Cloud Services: Seeing the Light (Midsize Insider) What lurks in the shadows? For many midsize companies, it is the specter of unapproved cloud services leveraged by end-users needlessly putting both corporate data and cloud-based networks at risk. As it becomes clear just how far shadow cloud services extend, a question emerges: Can IT professionals regain control, or is this free-for-all here to stay?
Research and Development
White House goal: Kill the password (The Hill) The White House is funding efforts to wipe out the password as the primary security code used to access sensitive data online
Legislation, Policy, and Regulation
VPN and Tor Ban Looming on the Horizon for Russia (Torrent Freak) Russia blocks websites on a very large-scale but citizens often circumvent those blocks using VPNs, TOR and other anonymizing tools. The country is now looking at ways of bringing this to an end, with Russia's main web-blocking body supporting a worrying proposal by a Russian MP to ban use of these tools
Obama to focus on cybersecurity in heart of Silicon Valley (Associated Press) Responding to unprecedented data breaches and cyberattacks, President Barack Obama is trying to spark alliances between policymakers who want to regulate the online world and tech innovators who traditionally shun Beltway bureaucracies
Obama set for cyber push (The Hill) The Obama administration is making a major push to spur the private sector to share more cyber threat data in hopes of making its own cybersecurity agenda more appealing on Capitol Hill
Obama recruits tech giants for new cybersecurity efforts (CBS News) The federal government can't protect your cyber data by itself
Top tech CEOs to snub Obama cyber summit (The Hill) The CEOs of Google, Yahoo and Facebook have declined invitations to attend President Obama's tech summit Friday at Stanford University
The White House Is Creating a New Agency to Fight Cyberattacks (The Diplomat) A new office shows the central role that cybersecurity plays in the White House's national security calculus
Administration's New Cyber Threat Center Replaces Old Cyber Threat Center (Electronic Frontier Foundation) This week the Obama administration is releasing its second Executive Order in as many years on computer ("cyber") security, which reports are saying will create a new department in the intelligence community to handle computer security threat information sharing. Officials are hailing the center as "new" and unprecedented. It's not
Republican senator pushes bill to require warrants for emails (The Hill) Sen. Orrin Hatch (R-Utah) is preparing to reintroduce a bill to increase email privacy protections and set limits on the government's access to content stored overseas
Senate confirms Obama's pick for Pentagon chief (AP via KLTV) The Senate on Thursday confirmed President Barack Obama's choice to run the Pentagon, handing Ash Carter the unenviable task of steering the military as the United States confronts Islamic State militants, conflict in Ukraine and other worldwide threats
FAA to establish aircraft cyber security working group (Runway Girl Network) The US Federal Aviation Administration is establishing a new industry working group to provide guidance on how to bolster aircraft cyber security as concerns mount over the potential for e-enabled aircraft to be hacked
It's time to operationalize cyber domain knowledge (C4ISR & Networks) The military has had a growing awareness of cyber warfare and its implications; now is the time to operationalize that knowledge, said ADM Michelle Howard, Vice Chief of Naval Operations, speaking at WEST 2015
Cyber Conflicts Will Test Military Readiness (USNI) Confrontations await in cyberspace, and those encounters will test military readiness, speakers said Wednesday at the WEST 2015 convention
'Revenge porn' to be made illegal in England and Wales (Naked Security) Those who post revenge porn videos and photos on the internet could face up to two years in prison, thanks to a new law announced today in England and Wales
Litigation, Investigation, and Law Enforcement
TurboTax Fraud May Impact Federal Returns Too, FBI Investigating (Forbes) Tax filing season arrived with a bang this year, punctuated by a big uptick in fears about fraud. There was nearly a bank run when TurboTax had to suspend filing state tax returns over fraud concerns. It would be bad enough to find that someone had filed 'your' tax return in your state and scooped up your refund. But all indications were that this was just a state tax problem, not a federal one
