The CyberWire Daily Briefing 01.14.15
Skid vs. skid, as various online jihadists swat back at Anonymous for #OpCharlieHebdo (and Anonymous attracts a little rare grudging sympathy).
Parties unknown post a fake but convincing BBC site with bogus Charlie Hedbo coverage. The site's now gone, it's purpose unclear, but observers speculate it may have been a dry run for a serious attack elsewhere.
The physical and cyber worlds converge in information operations as IS opens a recruiting drive in Afghanistan and Pakistan. IS and al Qaeda continue their depraved competition in propaganda of the deed.
US CENTCOM is back in social media, embarrassed and resolved to be more vigilant. Its sister commands EUCOM and AFRICOM look to their own accounts. Some sources report a British jihadist as the hack's prime suspect, but such speculation remains tentative. Much scare-mongering about the incident swirls online, but contrast ZeroFOX's measured take: "more smoke than fire." CENTCOM's characterization of the attack as "cybervandalism" seems the consensus (and correct) view.
IOActive finds a hard-coded SSL key in some GE Ethernet switches.
Adobe, Microsoft, and Siemens all patched products yesterday. (Observers goggle a bit at Microsoft's Telnet patch.) Google continues its curiously aggressive disclosure of other company's vulnerabilities: its spats with Microsoft and WhiteHat also continue. Many dislike Google's decision to leave older Android versions unpatched.
France increases online surveillance. US President Obama's cyber policy proposals receive mixed but on balance positive reviews. UK Prime Minister Cameron's thoughts on encryption, however, lay an egg.
Several US court cases with cyber implications proceed.
Notes.
Today's issue includes events affecting Afghanistan, China, France, Iraq, Kazakhstan, Democratic Peoples Republic of Korea, Netherlands, Pakistan, Russia, Syria, United Kingdom, United States, Uruguay, and and Yemen.
Cyber Attacks, Threats, and Vulnerabilities
It's hacker jihad: Islamist skiddies square up to Anonymous (Register) Open source Notepad caught in web graffiti crossfire
Fake BBC site disappears after bogus story on Charlie Hebdo (IDG via CSO) A fraudulent website that cloned the BBC has gone offline after it received a surge of traffic for running a bogus story concerning the violence at French satirical newspaper Charlie Hebdo
Kazakh Child Soldier Executes 'Russian Spies' in Islamic State Video (Foreign Policy) In a video released Tuesday by the Islamic State, two men described as Russian agents testify that they had attempted to spy on the militants, infiltrate their computer networks, and assassinate the group's leaders. Then a long-haired young boy calmly shoots the men in the back of the head with a handgun
Islamic State begins recruiting campaign in Pakistan, Afghanistan (McClatchy) The Islamic State formally has opened for business in the crowded militant markets of Afghanistan and Pakistan, announcing in a video over the weekend that it's established an organizational structure dominated by notoriously anti-Shiite-Muslim former commanders of the Pakistani Taliban
Al Qaeda branch claims responsibility for Charlie Hebdo attack (CNN) Al Qaeda in the Arabian Peninsula claimed responsibility Wednesday for last week's rampage that killed 12 people at France's Charlie Hebdo satirical newspaper
Key US military command's Twitter, YouTube sites back online (Washington Post) The Twitter and YouTube sites for the U.S. military's Central Command are back online after being taken over by hackers claiming to support the Islamic State militant group, and Pentagon officials are reviewing some security protocols in the wake of the breach
British hacker suspected of cyber attack on US Central Command Twitter account (Mirror) Computer whizz Junaid Hussain who fled UK to join ISIS fighters in Syria two years ago was previously jailed for hacking Tony Blair's internet accounts
EUCOM, AFRICOM keep cyber vigilance after CENTCOM hack (Stars and Stripes) Other combatant commands are closely monitoring their social media platforms after U.S. Central Command's Twitter feed was briefly taken over on Monday by hackers claiming to be affiliated with the Islamic State group
Hack of U.S. military social media accounts prompts embarrassment, review (Washington Post) The high-profile hack of two social media accounts run by the U.S. military's Central Command on Monday was an embarrassment, and has prompted the Office of the Secretary of Defense to direct its own social media managers to make sure their accounts are secure, a military official said Tuesday
Military hack: A new era of cyber vandalism? (The Hill) The Monday takeover of the U.S. Central Command (Centcom) Twitter and YouTube accounts could represent the start of a new era of cyber vandalism targeting the U.S. government, security experts said
Cyber attack on CENTCOM: Just the tip of the iceberg? (Fox News) Just yesterday, a frightening warning from General Martin Dempsey. He warned that if terrorists wage a cyber war in America, we don't have the upper hand
ISIS Compromises CENTCOM Social Media: Are You Next? (ZeroFOX Intel Brief) On Monday, January 12, 2015, hackers claiming loyalty to the Islamic State of Iraq and Syria (ISIS) compromised the Twitter account and YouTube channel of the United States Central Command (CENTCOM), whose military "Area of Responsibility" (AOR) includes the Middle East, North Africa, and Central Asia
Recent Crypto-Ransomware Attacks: A Global Threat (TrendLabs Security Intelligence Blog) We noticed a recent influx of crypto-ransomware spreading in Australia. This recent wave rings similar to the hike of infections in the Europe/Middle East/Africa (EMEA) region we wrote about in early December. Upon further research and analysis, we concluded that the attackers behind these incidents could possibly belong to the same cybercriminal gang due to the similarity in their IP addresses
GE Ethernet Switches Have Hard-Coded SSL Key (Threatpost) There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely
Oracle alerts firms to bogus malware-laden 'security patches' (V3) Hackers are targeting enterprise companies with bogus, malware-laden patches purporting to come from Oracle
Someone Hacked Glorious Leader, Kim Jong-un Game and Destroyed it (HackRead) The Glorious Leader game which lets you control North Korean dictator Kim Jong Un has been hacked, according to its developers
Crayola's Facebook page hijacked, redrawn in NSFW style (Naked Security) Cranberries, oranges, peaches, lemons, grapefruits, watermelons, pears: such evocative crayon color names, aren't they?
"Obamacare" phishing email leads to banking malware (Naked Security) Looking through the SophosLabs spamtraps recently revealed an interesting malware distribution campaign
Cyber attack on ASUCR website decreases transparency (University of California Riverside Highlander) As a result of a cyber attack that shut down the ASUCR website, members of ASUCR have decided to switch to an older server under the domain name, ASUCRexchange.ucr.edu, which still holds remnants of its old merchandise store that closed in 2012
4 Mega-Vulnerabilities Hiding in Plain Sight (Dark Reading) How four recently discovered, high-impact vulnerabilities provided "god mode" access to 90% of the Internet for 15 years, and what that means for the future
Security Patches, Mitigations, and Software Updates
Adobe, Microsoft Push Critical Security Fixes (KrebsOnSecurity) Microsoft on Tuesday posted eight security updates to fix serious security vulnerabilities in computers powered by its Windows operating system. Separately, Adobe pushed out a patch to plug at least nine holes in its Flash Player software
Adobe Patches Nine Vulnerabilities in Flash (Threatpost) Adobe today released the year's first round of security updates for Flash Player, addressing nine vulnerabilities in the software including several critical bugs that could allow an attacker to take control of an affected system
Siemens Patches SIMATIC WinCC Apps for iOS Against Password-Related Flaws (Softpedia) A total of three vulnerabilities have been removed by Siemens from the iOS version of SIMATIC WinCC Sm@rtClient, mitigating the risk of a potential attacker to extract access credentials under certain conditions
Microsoft fixes Windows security bugs in January's Patch Tuesday (ZDNet) The software giant issued 8 patches to fix security vulnerabilities in Windows, including one considered "critical" — the most severe rating
Microsoft Patches Zero-Day Windows Flaws Disclosed by Google (eWeek) The first patch Tuesday of 2015 includes a few surprises in what it contains and what it doesn't
Windows 7: Everything new is old again (Naked Security) Windows 7 logoSometimes in the security business it feels like you are always the bearer of bad news
Google discloses *another* Microsoft Windows vulnerability before a patch is ready (Graham Cluley) Earlier this month, Google controversially published proof-of-concept code, providing malicious hackers with a blueprint through which they could exploit Microsoft Windows 8.1 through a zero-day vulnerability
Google starts flame war after borking WhiteHat Aviator secure browser (Inquirer) WhiteHat Security was made red in the face after Google managed to bork what it markets as "the most secure browser by default"
How Secure Is Android if Google Won't Patch? (eSecurity Planet) A security researcher alleges that Google won't patch its older Android software for a new vulnerability. Luckily, users have options to boost security for older versions of the OS
Cyber Trends
The risks of a big man-made IT disaster are on the rise (IT World) IT services are but one human error away from a spectacular failure, and there's very little evidence to suggest that we've found a way to stop people from making mistakes
Experts pick the top 5 security threats for 2015 (PC World) Massive, high-profile data breaches pockmarked 2014, culminating in the bizarre events surrounding the hack of Sony Pictures — allegedly by North Korea in retaliation for the politically incorrect stoner comedy The Interview. That's a tough act to follow, but I'm sure 2015 will make an effort. I spoke with security experts to find out what we have to look forward to
Cisco: Complacency and Ignorance Make Staff Major Security Threat (Infosecurity Magazine) Complacency and low levels of security awareness are contributing to a major insider threat facing UK organizations today, according to new research from Cisco
New Data Illustrates Reality Of Widespread Cyberattacks (Dark Reading) All retailers, healthcare & pharmaceutical firms in new study suffered cyber attacks in the first half of 2014, FireEye found
Which Industries Observe Cybersecurity Best Practices? (Bloomberg TV) Tripwire Security Analyst Ken Westin and Blue Coat Systems Hugh Thompson discuss cybersecurity and the White Houses vision for information sharing
Endpoint Security Activities Buzzing at Enterprise Organizations (ESG) Endpoint security used to be a quasi "set-it-and-forget-it" category at many enterprise organizations. The IT operations team would provision PCs in an approved, secure configuration and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was set and dry by then
Why Healthcare Cybersecurity Cannot Ease Up in 2015 (HealthITSecurity) Regardless of an organization's size, it's essential to have comprehensive healthcare cybersecurity protections in place. More facilities are implementing the use of connected devices, such as mobile phones, tablets, and laptops. Moreover, cloud storage is gaining popularity, and more providers are connecting their systems to one another through health information exchanges (HIEs)
New Research From Aberdeen Group and Wombat Security Confirms Security Awareness and Training Measurably Reduces Cyber Security Risk (Marketwired) Monte Carlo analysis reveals that changing employee behavior reduces the risk of a security breach by 45% to 70%
Cyber Terrorism: Complexities and Consequences (Infosec Institute) While a terrorist using the Internet to bring down the critical infrastructures the United States relies on makes an outstanding Hollywood plot, there are flaws in the execution of this storyline as an actual terrorist strategy. Conway (2011) calls out three limitations on using cyber-related activities for terrorists: Technological complexity, image, and accident (Against Cyberterrorism, 2011, p. 27)
Marketplace
2015: The Year Of The Security Startup — Or Letdown (Dark Reading) While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers
Ionic Security raises $40M for the launch of its secret security platform (VentureBeat) Ionic Security just landed $40.1 million in new funding for a document-encryption platform it has built, but details on exactly how that platform works are still sketchy
BlockCypher Raises Seed Funding To Be The Web Services For Cryptocurrency (TechCrunch) With an eye toward making blockchain technology easy to integrate into any application, BlockCypher has raised $3 million in its first round of financing
Booz Allen Hamilton Holding Lifted to "Buy" at Bank of America (NYSE:BAH) (InterCooler) Booz Allen Hamilton Holding Co. logoBank of America upgraded shares of Booz Allen Hamilton Holding (NYSE:BAH) from a neutral rating to a buy rating in a research note released on Friday morning, TheFlyOnTheWall.com reports. They currently have $32.00 target price on the stock
A10 Networks Inc Analyst Rating Update (Stafford Daily) A10 Networks Inc (NYSE:ATEN) has received a Neutral rating from research analysts at Zacks with a rank of 3. The company has been rated an average of 1.63 by 8 Wall Street Analysts. 5 analysts have added the counter in their list of strong buys. 1 stock experts have also rated a buy. 2 broker firms see some more upside in the counter and have advised hold
Infoblox Inc Analyst Rating Update (Stafford Daily) Infoblox Inc (NYSE:BLOX) has received a Neutral rating, according to the latest recommendation of 3 from research firm, Zacks. The counter could manage an average rating of 2.33 from 9 analysts. 3 market experts have complete faith in the companys business and have marked it as a strong buy. 6 analysts have rated the company at hold
Shirlington Startup Helping Big Companies Prevent Hacking (ARL Now) One of the most promising companies in the cybersecurity space is based in a small office in Shirlington, where it helps Fortune 100 companies protect themselves from hackers
Former Department of Defense CISO Joins Palerra Board of Directors (Marketwired) Robert Lentz brings unprecedented Federal security experience to Palerra
Products, Services, and Solutions
The Free Encryption App That Wants to Replace Gmail, Dropbox, and HipChat (Wired) Cryptographers devote their careers to the science of securing your communications. Twenty-four-year-old Nadim Kobeissi has devoted his to the art of making that security as easy as possible. His software creations like Cryptocat and Minilock encrypt instant messages or shared files with three-letter-agency-level protection, with user interfaces that require Lincoln-Log-level skills. Now he's combining elements of his dead-simple apps into what he's calling his biggest release yet, a single platform designed to encrypt everything you and any group of collaborators do on the desktop
M2Mi Announced as Winner of the 2014 M2M Evolution IoT Excellence Award (PRWeb) Machine-to-Machine Intelligence (M2Mi) Corporation today announced that M2M Intelligence® the essential platform for the M2M and IoT economy, has received the 2014 M2M Evolution IoT Excellence Award for innovation
CloudPassage Announces Support for Docker (PRNewswire) Near real-time visibility and protection now available to applications and data using popular container technology
Uruguay selects Gemalto for eID secure document and issuance solution (Nasdaq) Uruguay ranked number one in Latin America in the 2014 United Nations eGovernment index
Elastica, Accuvant Reseller Agreement Extends Cloud Application Security to Leading Enterprises (CNN Money) North American security integrator chooses Elastica to provide customers with cloud application security solutions
Synnex To Distribute Promisec Endpoint Security Products (CRN) Promisec has signed a distribution agreement with Synnex as part of a broader effort to grow its channel business
Cimcor Releases CimTrak Version 2.0.6.18.1; Builds on Heritage of Integrity Monitoring Innovation (Virtual Strategy Magazine) Save your IT security team time and money with the most recent enhancements to CimTrak
Townsend Security Achieves VMware Ready™ Status (Host Review) Alliance Key Manager is a VMware Ready encryption and key management solution that helps enterprises manage risk and meet compliance requirements
EY helps Ribose Make History with First Cloud Security Alliance (CSA) STAR Attestation (PRNewswire via CNBC) The Cloud Security Alliance (CSA) today announced that global professional services organization, Ernst & Young (EY), has helped Ribose become the first company worldwide to achieve the Cloud Security Alliance Security, Trust and Assurance Registry (STAR) Attestation level of third-party assessment
Kaspersky Lab Announces New Version of Security Solution for OS X (BusinessWire) Kaspersky Internet Security for Mac now offers safe money protection to Mac users
Bottomline Technologies offering cyber fraud and risk services following Intellinx acquisition (Finextra) Bottomline Technologies (NASDAQ: EPAY), a leading provider of cloud-based payment, invoice, and digital banking solutions, today announced that it is now offering comprehensive cyber fraud and risk management solutions as a result of the acquisition of Intellinx, Ltd
Technologies, Techniques, and Standards
Gitrob Combs GitHub Repositories for Secret Company Data (Threatpost) Free online code repositories such as GitHub provide a valuable collaboration service for enterprise developers. But it's also a trove of potentially sensitive company and project information that's likely to warrant attention from hackers
Gitrob: Putting the Open Source in OSINT (Michael Henriksen) Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined
Shodan exposes IoT vulnerabilities (CSO) The Shodan search engine is the Google for the Internet of Things, a playground for hackers and terrorists -- and, maybe, a useful tool for companies looking to lock down their own environment
Open Wi-Fi hotspots — Threats and Mitigations (PacketStorm Security) Users must update to better security measures while connecting to open Wi-Fi hot-spots as they turn out to be more risky than useful. It would come across as a cause of concern to know that 42% of wireless 802.11 access points come with no security mechanisms. By this we mean they are not even protected by WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access)
Cost of breach vs. cost of deployment (Help Net Security) In security terms, 2014 read like a who's who of data breaches. Huge, global companies like Target, eBay and Coca-Cola have succumbed to data loss. Public services like the US Postal Service have also been left exposed. Others do not want to follow suit in 2015
Cyber Risk: Pre-Loss Planning (Willis Wire) The threat of cyber risk (financial loss, disruption, or reputational damage caused by a failure of an organization's information technology systems) is an increasingly critical issue that almost all organizations are faced with today. The recent data failures suffered have made it apparent that the immediate impact of determining the cause of the failure and the expense to fix the failure are major concerns, but by no means the only concerns
BBB Shares Five Resolutions for a Scam Free New Year (Nebraska TV) The Better Business Bureau wants to help consumers have a scam free year. To help, BBB serving Nebraska, South Dakota, The Kansas Plains and Southwest Iowa is sharing five resolutions to stay scam free in 2015
Academia
AACC hopes to connect students to state's 30,000 cyber job openings (Capital Gazette) Mikulski, community colleges discuss ways to link students to Maryland's 30,000 vacancies in cyber industry
With big data invading campus, universities risk unfairly profiling their students (Christian Science Monitor: Passcode) Obama's proposed Student Digital Privacy Act aims to limit what schools can do with data collected from apps used in K-12 classrooms. But college students are just as vulnerable to privacy violations
Legislation, Policy, and Regulation
France to beef up its surveillance powers (The Local (France)) Prime Minister Manuel Valls has said that France is now engaged in a "war on terrorism", announcing plans to ramp up intelligence capabilities, aimed at amending the faults that lead to the country's "clear failings" over the Paris terror attacks
After Charlie, security and intelligence reform in a world of big data (The Hill) The twin terror attacks last week on the satirical magazine Charlie Hebdo and the Hyper Cacher kosher grocery store in Paris are, once again, leading to questions about the efficacy of intelligence operations against terrorist groups. This is not just a French problem; it affects the governments of all civilized nations
How Should The US Respond To Cyber Attacks? (Task and Purpose) Given cyber warfare's inherently asymmetric nature, do the traditional laws of armed conflict still hold true?
Stopping the Next Cyber-Attack (Bloomberg View) Cybervandalism, cyberterrorism, cyberwarfare. No matter what you call the recent attacks against Sony Pictures, we weren't ready. And we won't be ready until our nation — with the government and industry working together — takes action to defend itself
Is banning encryption a crazy plan or an absolute necessity? The reality is much more complicated than that (ZDNet) David Cameron's impossible dream ignores the realities of communication in a hyper connected world
Wanted: end-to-end encryption (with a backdoor for this crazy guy) (Graham Cluley) UK Prime Minister David Cameron is worried that people are encrypting their communications, and that he (and indeed, law enforcement agencies) can't see what you're saying
David Cameron in 'cloud cuckoo land' over encrypted messaging apps ban (Guardian) The prime minister's pledge to give security services access to encrypted communications is 'crazy', experts say
Encryption is not the Enemy (Threatpost) There are few things scarier these days than a politician stepping in front of a microphone, taking a deep breath and opening his mouth to pontificate on security. A long list of American elected officials have reinforced this, and on Monday, UK Prime Minister David Cameron jumped to the head of this undistinguished line with his dangerous statement that encrypted communications shouldn't be allowed
No, the NSA Isn't Like the Stasi — And Comparing Them Is Treacherous (Wired) Ever since Edward Snowden handed thousands of National Security Agency documents over to filmmaker Laura Poitras and writer Glenn Greenwald in a Hong Kong hotel room, the NSA's mass surveillance of domestic phone calls and Internet traffic has been widely compared to the abuses of East Germany's secret police, the Stasi
SECURING CYBERSPACE — President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts (White House: Office of the Press Secretary) Since the start of his Administration, when he issued the Cyberspace Policy Review — the first top-to-bottom, Administration-wide review of cybersecurity — President Obama has led efforts to better prepare our government, our economy, and our nation as a whole for the growing cyber threats we face
Obama unveils cybersecurity proposals: 'Cyber threats are urgent and growing danger' (Guardian) Proposed legislation will allow companies to share information with government agencies including NSA, with which White House admitted there were 'overlapping issues'
Toward Better Privacy, Data Breach Laws (KrebsOnSecurity) President Obama on Monday outlined a proposal that would require companies to inform their customers of a data breach within 30 days of discovering their information has been hacked. But depending on what is put in and left out of any implementing legislation, the effort could well lead to more voluminous but less useful disclosure. Here are a few thoughts about how a federal breach law could produce fewer yet more meaningful notice that may actually help prevent future breaches
Obama's cybersecurity plan rehashes proposals maligned by privacy groups (Christian Science Monitor: Passcode) The president will flesh out his cybersecurity agenda during his upcoming State of the Union address. But so far the initiatives appear to be little different from previous proposals on breach notification and information sharing
President Obama's New Cybersecurity Proposal Is Already Facing Skepticism (National Journal) The information-sharing proposal to be announced Tuesday comes in the wake of last year's Sony hack — but already has privacy advocates sounding alarms
Cyber security expert says businesses, government need to do much more to counter hackers (ABC 7: the Denver Channel) A Colorado based cyber security expert says President Obama's efforts to protect consumers from hackers are "a step in the right direction but no where near the end of the journey"
Leidos' Rob Zitz: White House Should Push for Govt-Industry Cyber Intell Exchange (ExecutiveBiz) Rob Zitz, chief systems architect at Leidos, said he hopes that President Barack Obama would urge public and private organizations to bolster sharing of cyber threat intelligence, the Washington Business Journal reported Monday
Can the Government Protect Companies From Hackers? (Bloomberg TV) Include Security Founder Erik Cabetas and Whitehat Security Vice President Robert Hansen discuss the role of government in cyber protection Bloomberg's Cory Johnson on "Bloomberg West"
SEC weighs cybersecurity disclosure rules (The Hill) The Securities and Exchange Commission is advancing measures that would require publicly owned companies to disclose more information about their cybersecurity vulnerabilities, including data breaches
White House: Obama Will Fight Media To Stop Anti-Jihad Articles (Daily Caller) President Barack Obama has a moral responsibility to push back on the nation's journalism community when it is planning to publish anti-jihadi articles that might cause a jihadi attack against the nation's defenses forces, the White House's press secretary said Jan. 12
US Senator Makes a Plea for Chip-and-PIN Cards (Infosecurity Magazine) In the wake of an unprecedented spate of damaging data breaches and point-of-sale (PoS) hacks, Sen. Mark R. Warner (D-Va.), a member of the Senate Banking Committee, has sent a letter to federal banking regulators questioning the lack of follow-up to better protect consumers. He also called for chip-and-PIN technology to be implemented across the board
Meet the Congressman Who Will Watch Our Spies (Bloomberg View) Representative Devin Nunes may not be well known outside of his California congressional district or the Washington beltway, but he is about to become one of the most important figures in the U.S. national security state
DISA To Defend DoD Networks In New Role (DefenseNews) The Pentagon is standing up a new headquarters within the Defense Information Systems Agency (DISA) that will assume responsibility for defending military networks and will reach initial operating capability this week
DISA endpoint security approach evolves with technology (C4ISR & Networks) As network endpoints multiply and evolve, DISA strives to maintain bulletproof protection
DISA's Hawkins to retire this year (C4ISR & Networks) Defense Information Systems Agency Director Lt. Gen. Ronnie Hawkins Jr. expects to retire by the end of 2015
Marine Corps Cyber Commander Chosen for Top DIA Post (DoD News) The first Marine Corps officer to lead the Defense Intelligence Agency will take command later this month, Pentagon spokesman Army Col. Steve Warren told reporters today
NJ law requires health insurance carriers to encrypt sensitive data (SC Magazine) New Jersey has passed a law requiring health insurance carriers to encrypt sensitive patient data
Litigation, Investigation, and Law Enforcement
France arrests 54 for defending terror; announces crackdown (AP) France ordered prosecutors around the country Wednesday to crack down on hate speech, anti-Semitism and glorifying terrorism, announcing that 54 people had been arrested for those offenses since the Paris terror attacks
Court rules NSA doesn't have to divulge what records it has (Washington Times) A federal judge on Tuesday said the National Security Agency is not obligated to confirm nor deny it has someone's specific phone records, shooting down a conservative think tank's effort to try to use the spy agency to reveal secrets that other federal agencies want kept hidden
Trial Begins for Former C.I.A. Official Accused of Breaching National Security (New York Times) The Justice Department on Tuesday pressed ahead with the prosecution of a former Central Intelligence Agency official, a day after it said it would not force a reporter for The New York Times to testify at the trial
In Defense of David Petraeus (Politico) So he might have slipped a few secrets to his biographer/lover. Who am I to judge?
Silk Road stunner: Ulbricht admits founding the site, but says he isn't DPR (Ars Technica) Ulbricht made the site, left, and was "lured back" to be the "ultimate fall guy"
Go time: Silk Road jury picked (Ars Technica) Alleged drug kingpin Ross Ulbricht faces decades behind bars if convicted
Man gets 10 years in prison after perpetrating website sales scam (Ars Technica) John Winston Boone stole $1.3M from 18 people, over domains like paloalto.org
Russian Hacking Suspect Seeks Block to Extradition to US (AP via ABC News) The lawyer for a Russian accused by U.S. authorities of involvement in a huge computer hack that stole and sold at least 160 million credit and debit-card numbers called on a Dutch judge Tuesday to ban his extradition to the United States
Most Famous Hackers of all Time (Ethical Hacking) The hacking now a days became a very cool career in the eyes of the young generation. With the biggest companies like Sony, JP Morgan, Yahoo, CNN. NewYork Times, Ebay all hacked in the past even with their millions of dollars investment on securing their Websites. The Hackers in the peoples eyes are the most coolest persons on the planet
Apple, Google reach new deal to end U.S. lawsuit over poaching (Reuters) Four Silicon Valley companies including Apple Inc and Google Inc have agreed to a new settlement that would resolve an antitrust class action lawsuit by tech workers, who accused the firms of conspiring to avoid poaching each other's employees
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams
Upcoming Events
FloCon 2015 (Portland, Oregon, USA, Jan 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, Jan 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris Inglis, former Deputy Director of the National Security Agency
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt
IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, Jan 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners
4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics
AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals
Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets
Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics