The CyberWire Daily Briefing 03.18.15

Summary

By The CyberWire Staff

France's government reaches for more expansive surveillance powers, but doesn't wait for legislation to shutter five websites for "condoning terrorism."

Premera, a large American health insurance company, discloses that it was the victim last year of a data breach exposing some 11 million people's personally identifiable information. The attack began in May 2014 and was discovered in January of this year. Premera has posted advice to affected customers. Observers note similarities between this incident and the Anthem case (attackers spoofed a company website in both cases.

LifeWise, another US health insurance provider, also discloses a breach. It's offering identity-theft protection to a quarter million customers, most of them in Washington, Oregon, and Arizona. Both Premera and LifeWise announce they've retained FireEye's Mandiant unit to investigate and assist with remediation. To round up today's healthcare and insurance sector breaches, Oregon-based Advantage Dental (not an insurer, but a care provider) warns 151,000 patients that a hacker has accessed their HIPAA-protected data.

The Andromeda botnet returns, and expands.

Dark web black market "Evolution" suddenly vanishes, and buyers of the contraband traded there are surprised and aggrieved to learn that a criminal market's proprietors would abscond with their funds: about $12 million in Bitcoin.

University researchers report a new way of de-anonymizing Tor users.

Synack says it's found a way around Apple's Gatekeeper.

Fresh concerns surface about airliner avionics' possible vulnerability to hacking.

D-Link patches firmware in wireless range extenders and WiFi cameras.

Raytheon appears closer to buying Websense for a reported $1 billion.

Notes.

Today's issue includes events affecting Australia, Canada, France, Germany, Iran, Ireland, New Zealand, Norway, United Kingdom, and United States.

Selected Reading

Cyber Trends

The Healthcare Internet of Things: Rewards and Risks (Atlantic Council) The Internet of Things of digital, networked technology is quickly moving to the forefront of society, the global economy, and the human experience

Legislation, Policy and Regulation

Lawmakers, policy experts blast barriers to EHR interoperability at Senate hearing (FierceEMR) Epic takes a swipe at CommonWell; Cerner calls it 'a slap in the face' to those working on problem

Dateline

IT Security Entrepreneurs Forum (ITSEF) 2015: Bridging the Gap Between Silicon Valley and the Beltway (SINET) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Products, Services, and Solutions

Covata and NSC Global launch Safe Share into the T-Systems Deutsche Telekom global marketplace at CEBIT in Hannover, Germany (Covata) Data security company Covata, industry partner NSC Global and leading telecommunications company T-Systems today teamed up at CeBIT Germany to launch Safe Share™ to the European market

Technologies, Techniques, and Standards

Pseudo Threat Intelligence — All I Want You to Know (Dark Matters) We Need to Talk About Attribution was an interesting article — the author is a well known and respected professional named Jack Daniels, who I have followed throughout the years

Marketplace

KEYW Acquires Ponte Technologies and Milestone Intelligence Group (Seeking Alpha) The KEYW Holding Corporation (Nasdaq:KEYW) announced today it has acquired Ponte Technologies, LLC (PonteTec) and Milestone Intelligence Group, Inc. (Milestone), significantly increasing its cyber capabilities for both government and commercial customers

Cyber Attacks, Threats, and Vulnerabilities

Kaspersky Lab provides updates on 'Crouching Yeti' threat group (SC Magazine) Kaspersky Lab has released new information on the threat group referred to as "Crouching Yeti" that it initially wrote about in July 2014

Hillary Clinton's E-Mail Was Vulnerable to 'Spoofing' (Bloomberg View) Hillary Clinton didn't take a basic precaution with her personal e-mail system to prevent hackers from impersonating or "spoofing" her identity in messages to close associates, according to former U.S. officials familiar with her e-mail system and other cyber-security experts

Design and Innovation

Meaningful Human Control in Weapon Systems: a Primer (Center for a New American Security) Information technology is driving rapid increases in the autonomous capabilities of unmanned systems, from self-driving cars to factory robots, and increasingly autonomous unmanned systems will play a significant role in future conflicts as well

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)

2015 Cyber Security Summit (McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees

BSides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

B-Sides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) B-Sides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients

Fraud Summit Altanta (Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include presentations on the insider cyber threat, threat intelligence, fraud-as-a-service, POS security, fraud detection through big data, and mobile banking fraud

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.