Great Firewall blocks both ways. Old WordPress, Drupal versions threaten enterprises. A look at markets, legitimate and criminal.
The Great Firewall is blocking Tumblr in China. Observers see this as possible preparation for this weekend’s anniversary of the Tiananmen Square massacre.
ISIS announces a ban on satellite television in Mosul, which it continues, for now, to control. The ban’s being enforced by physical destruction of satellite dishes.
A RiskIQ scan suggests that outdated Wordpress and Drupal installations are exposing large enterprises to the risk of a major data compromise. The old versions of the content management systems still in widespread use are seen as a likely source of new Panama-Papers-style leaks. (No such leaks yet, but there’s much pointing with alarm.)
Trustwave, which has been investigating the alleged Windows zero-day that’s up for auction in the black market, thinks signs point to its being a legitimate vulnerability. But investigation continues.
Elsewhere in the black market, Forcepoint notices that skid coders are selling Jigsaw ransomware’s source code for $139, which seems low even given Jigsaw’s typical $150 ransom demand. Forcepoint’s conclusion: cyberspace has its fair share of dumb money and petty, easy crime.
FireEye describes “Irongate,” ICS malware affecting Siemens PLCs. It’s being called “son of Stuxnet,” but it looks more like a proof-of-concept used in pentesting.
NATO is expected to declare cyberspace an operational domain soon. Old news, at least for prominent NATO members, but Russia Today looks on with factitious alarm. (Tip-off scare words: “German general.”)
Some cyber sector M&A activity is under discussion, and Palantir, Parsons, and SAIC all win places on large US cyber contracts.
Notes.
Today's issue includes events affecting Albania, Argentina, Azerbaijan, Bahrain, Belgium, Brazil, Bulgaria, Canada, China, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Iraq, Israel, Italy, Japan, Kenya, Democratic Peoples Republic of Korea, Kuwait, Latvia, Lithuania, Luxembourg, Netherlands, New Zealand, Norway, Oman, Poland, Portugal, Qatar, Romania, Russia, Saudi Arabia, Slovakia, Slovenia, Spain, Taiwan, Turkey, United Arab Emirates, United Kingdom, and United States.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, Jonathan Katz of the University of Maryland continues our education on random number generation, and Trustwave's Ziv Mador updates us on that Windows zero-day being hawked on the Russian black market. (We welcome reviews, by the way. You can provide an iTunes review here.)
Cyber Attacks, Threats, and Vulnerabilities
Tumblr blocked in China before Tiananmen Square massacre anniversary (TechCrunch) Tumblr is now apparently inaccessible in China. GreatFire.org, a non-profit that monitors censorship by the Chinese government, first spotted the lockout earlier this week
Taiwan Ruling Party’s Website Hacked in Cyberspying Campaign (Bloomberg Technology) FireEye didn’t identify hackers, but Chinese used tool before. DPP members came under attack before January’s election
More Evidence Of Link Between Bank Attacks And North Korean Group (Dark Reading) Anomali says it has found five new pieces of malware tying the two attack groups together
Islamic State bans satellite TV in Iraq’s second-largest city, citing infidel brainwashing (Washington Post) First they imposed tough restrictions on Internet usage and cellphone networks in Iraq's second-largest city. Now Islamic State militants appear to be targeting another staple for residents there: television
Don’t Kill the Caliph! The Islamic State and the Pitfalls of Leadership Decapitation (War on the Rocks) The Islamic State in Iraq and the Levant (ISIL) has endured significant territorial losses since its peak a year ago. Additional coalition deployments, an improving information campaign, a resurgent Iraqi army, targeted financial sanctions, and tireless diplomacy have set the stage for the eventual reduction of the self-proclaimed caliphate. Concurrent with these efforts is a large manhunt to bring Abu Bakr al Baghdadi, its leader, to justice. While this is an important consideration, defeating this movement is a much more pressing and daunting task. The best way to defeat ISIL in the long term is to leave Abu Bakr in place – as the caliph who lost his kingdom
Shades Of Stuxnet Spotted In Newly Found ICS/SCADA Malware (Dark Reading) 'IronGate' discovery underlines the risk of industrial attacks yet to come
The World's Biggest Companies Use Outdated WordPress and Drupal Installations (Softpedia) Many of these face similar Panama Papers-level data breaches
Your WordPress and Drupal installs are probably obsolete (Register) Research reckons Mossack Fonseca hack may have been thanks to CMS vulns
Android Banker malware goes social: Targets multiple banks and WhatsApp users (Zscaler) During a regular hunt for malware, our researchers came across an interesting malicious Android app that portrayed itself as an online app for the reputable Russian bank Sberbank, which is the largest bank in Russia and Eastern Europe
DRIDEX Poses as Fake Certificate in Latest Spam Run (TrendLabs Security Intelligence Blog) At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. Last May 25, 2016, we observed a sudden spike in DRIDEX–related spam emails after its seeming ‘hiatus.’ This spam campaign mostly affected users in the United States, Brazil, China, Germany, and Japan
TeamViewer users reporting unauthorized access, hack suspected (CSO) Users are reporting unauthorized connections, but TeamViewer blames them for the troubles
Myspace Crowned King of Mega Breaches, With More Likely to Come (Tech News World) Myspace and Tumblr this week emerged as the latest in a string of mega breaches that resulted in the theft of millions of user IDs -- not just recently but years ago
Top Laptop Makers Still Don’t Seem To Care About Security (Tom's Hardware) Last year, there were quite a few security scandals that affected both Lenovo and Dell. Duo Security, a security company that offers two-factor authentication and endpoint security products, uncovered that it’s not just those two laptop companies that are putting their customers in danger of getting hacked, but others as well, including Acer, Asus, and HP
Mac security: Why cyber threats are mounting for Apple computers (Computer Business Review) Analysis: 2015 was the watershed year for Mac malware, but are businesses doing enough to protect themselves?
Newly discovered zero-day exploit affects almost every version of Windows (BGR) Researchers from Trustwave’s SpiderLabs research team recently discovered a new zero-day exploit that affects all versions of Windows from Windows 2000 all the way up to Windows 10
Zero Day Auction for the Masses (Trustwave SpiderLabs) Over the years we've seen practically exponential growth in the underground economy. Criminals are organizing their efforts online on a scale we haven't seen before. Capitalizing on the anonymity of private forums, cryptocurrency and anonymous networks, cybercriminals have evolved their techniques and tactics tremendously
Jigsaw ransomware source code on sale (ITWire) The author of the Jigsaw ransomware, that encrypts files on Windows systems and then deletes them over time if a ransom is not paid, is selling the source code to the malware for US$139, according to researchers at Forcepoint security labs
“Zcrypt” – the ransomware that’s also a computer virus (Naked Security) SophosLabs just pointed out to us a new piece of ransomware with an interesting twist
Top Ransomware campaign managers stand to make $90k annually (CSO) Mostly automated, Ransomware campaigns require very little skill and offer decent payouts - even for the lower-tier criminals
Ransomware as a Service: Inside an Organized Russian Ransomware Campaign (Flashpoint) In the course of monitoring an organized Russian ransomware campaign, Flashpoint analysts were able to gain significant visibility into the tactics, techniques, and procedures employed by a campaign boss operating a ransomware scheme out of Russia
Anonymous Linked Team Hacks Kenyan Oil Firm Against Police Brutality (HackRead) Anonymous doesn’t cease to make headlines this year. Only yesterday we learnt that it has topped the list of most active hacker group in the first half of 2016 and today we are reporting that World Hacker Team (WHT) has strike again
It’s not just you, Amazon search is down (TechCrunch) If you’ve been trying to search for something on Amazon.com for the past few hours, you’ve been receiving a “service unavailable” Error 500. That’s because Amazon is currently suffering an outage
Nearly 90,000 Bay area patients' records at risk (WTSP) We all have to trust our doctors with very private information. For many, that's been compromised by a cyberattack. Nearly 90-000 thousand Bay area patients may be at risk
University of Calgary Network Suffers Malware Attack (HackRead) The computer servers at the University of Calgary, Canada, has suffered a sophisticated malware attack impacting its IT infrastructure this Saturday(28th May) when officials noticed suspicious activity and warned students not to use any computers issued by the university
Security Patches, Mitigations, and Software Updates
Lenovo advises users to remove a vulnerable support tool preinstalled on their systems (IDG via CSO) Lenovo Accelerator Application contains a high-risk vulnerability that allows remote code execution
Microsoft Unveils Office 365 Advanced Security Management (Forbes) Many organizations have embraced Office 365—with all of the perks and benefits it includes. The cloud-based components of Office 365 introduce some unique security concerns as well, though, so Microsoft has developed Office 365 Advanced Security Management to address those concerns and enable businesses to use Office 365 with more confidence
The Microsoft approach to security is not going to work, warns Secure Cloudlink (Cloud Computing Intelligence) The Microsoft approach to passwords, which involves the creation of a list of passwords that users are forbidden to use with online accounts, is still not fit for purpose
JVN#48847535 Trend Micro enterprise products multiple vulnerabilities (JVN) Multiple enterprise products provided by Trend Micro Incorporated contain multiple vulnerabilities
Periscope trolls now subject to flash mob jury of their peers (Naked Security) Are you being a trolling slimeball on Periscope? Get ready to face a flash mob jury of your peers who can shut you down in a matter of seconds
Cyber Trends
Report: IT Professionals Far Removed From Reality On Security (Dark Reading) Lumeta research says 90% want to detect cyber incidents that may cause breaches within one day
It’s Back for Spring 2016: The Annual Verizon Data Breach Investigations Report (JD Supra) Last year around this time we examined the results of Verizon’s annual Data Breach Investigations Report (DBIR)
Clinton's cyber-security lapse part of broad U.S. challenge: column (USA Today) Hillary Clinton, like a long and growing list of American leaders in business and government, left important digital data she was ultimately responsible for vulnerable to online attackers
Cyberattacks on the rise across the GCC Region (CPI Financial) FireEye, Inc. recently revealed key insights on the state of cyber attacks across the EMEA (Europe, Middle East and Africa) region, particularly in the countries of the GCC (Gulf Cooperation Council)
Marketplace
Obama Administration's National Cyber Plan Could Mean Big Business (Nextgov) A federal effort to clean up cyber practices may soon spur a boom in business for tech vendors
Palantir wins SOCOM intel contract (C4ISR & Networks) Palantir Technologies has been awarded a $221.1 million U.S. Special Operations Command (USSOCOM) contract for intelligence software
SAIC Awarded USCYBERCOM Support Contract (BusinessWire) Company to provide cyber operations support services
Pasadena-Based Parsons Wins U.S. Cyber Command Prime Contract (Pasadena Now) Parsons has been awarded a multiple-award, indefinite delivery/indefinite quantity (MA/IDIQ) contract by the General Services Administration to support the United States Cyber Command (USCYBERCOM). Under this 5-year, multimillion-dollar prime contract, Parsons will deliver services to support the defensive and offensive cyber missions of USCYBERCOM
Symantec Cost Cuts To Target Operational Efficiencies, Product Portfolio Reassessment, Research Report Says (CRN) Symantec has preached a return to operational efficiency and profitability since its split from Veritas earlier this year, and now partners have some clarity about where some of those cuts might occur
IBM buys Israeli application discovery firm EZSource (ZDNet) Big Blue plans to add EZSource's technology to its API management solutions, including z/OS Connect and IBM API
ServiceNow Snaps Up Security Software Startup (Fortune) It’s the second acquisition in the past two months
ServiceNow buys security intelligence software firm BrightPoint Security (Seeking Alpha) As part of its continuing expansion into the security operations software market, ServiceNow (NOW +1.4%) is buying BrightPoint Security, provider of a "security command platform" (known as Sentinel) that helps companies manage threat information, automate threat detection and risk analysis, and share intelligence
SolarWinds Buys LogicNow To Create MSP Solutions Powerhouse (CRN) SolarWinds has purchased IT services management firm LogicNow and will combine it with remote management and monitoring (RMM) competitor SolarWinds N-Able to boost capabilities and scale
China’s Huawei Coy About Its Ties to Israeli Firm (Wall Street Journal) Toga Networks is developing range of tools related to storage and information security
Infoblox Said to Hire Morgan Stanley for Activist Defense (Bloomberg) Investment bank’s hiring said may delay possible company sale. Thoma Bravo approached Infoblox with a takeover offer in May
Why Analysts Distrust Palo Alto Networks, Despite Earnings Beats (The Street) This cybersecurity company appears promising, but should investors avoid this seemingly strong technology stock?
LockPath Included as a Visionary in Gartner's 2016 Magic Quadrant for IT Risk Management Solutions (Marketwired) LockPath®, a leader in governance, risk management and compliance (GRC) solutions, today announced that the company has been recognized in Gartner, Inc.'s Magic Quadrant for IT Risk Management (ITRM) Solutions
Anup Ghosh's Invincea 'Learns' To Solve Cybercrime (Forbes) It is said that there are two types of companies in the world: those that know they’ve been hacked, and those that don’t. “That’s essentially a defeatist attitude that there’s nothing you can do about it,” said entrepreneur and Invincea founder, Anup Ghosh. “Most of these attacks are imminently solvable”
TransVoyant Brings New Jobs to Northern Virginia (PRWeb) Big data analytics firm set to double in size in 2016 to keep pace with customer demand
Former National Intelligence Expert Launches Darktrace in Canada (CNW) Darktrace, the leader in Enterprise Immune System technology, has established an office in Toronto, led by David Masson, who has over twenty years of security and intelligence experience with both the Canadian and UK governments
LightCyber Brings Behavioral Attack Detection to German Businesses to Thwart Data Breaches by Finding Attackers Early (BusinessWire) Establishes European headquarters, appoints executive leadership and inaugurates EU Data Cloud
Cisco Shuffles Roles of Four Executives (Wall Street Journal) David Goeckeler takes on oversight of core networking hardware business; Mario Mazzola, Prem Jain and Luca Cafiero become advisers
Coalfire Appoints Patrick Kehoe as Chief Marketing Officer (BusinessWire) Cybersecurity industry veteran brings more than 25 years’ experience to Colorado-based risk management and compliance services leader
Products, Services, and Solutions
PivotPoint Risk Analytics and Marsh Enter Into an Agreement for Enhanced Cyber Risk Services (Globe Newswire) Marsh to integrate CyVaR into cyber risk advisory services for clients
STEALTHbits Releases Stand-Alone File Activity Monitoring Product for Windows and NAS Users (Yahoo! Finance) Product easily and efficiently records access and change activities for data stored on Windows, NetApp, EMC, and Hitachi file systems
Symantec warns encryption and privacy are not the same (ZDNet) Symantec is extending its Encryption Everywhere program to Australia, offering domain validated TLS/SSL certificates for free to lift global website encryption rates to 100 percent by 2018
Trend Micro to fight against ransomware (ITWeb) Internet and cloud security provider Trend Micro, has released a free tool – which it says will help Internet users and organisations fight back against the dangers of ransomware
Cybersecurity Industry Leaders Partner With Cybrary (HS Today) Over a dozen cutting-edge cybersecurity companies—including ZeroFOX, Talos, Tripwire, AlienVault, and other major players—have partnered with Cybrary to provide their educational and thought leadership content to what is now the largest cybersecurity community on the Web
Ionic Security To Deliver High-Assurance Global Data Protection & Control Services In Minutes For Regulated Industries In Collaboration With AWS (BusinessWire) Ionic Security Inc., a pioneer of high-assurance data protection and control, announced today that it has collaborated with Amazon Web Services (AWS) to deliver its hybrid high-assurance global data protection and control services via AWS Marketplace on the industry’s most secure infrastructure platform
Synaptics’ Turnkey USB Fingerprint Solution Adds Simple and Secure Authentication to Notebook PCs (Globe Newswire) Synaptics Incorporated (NASDAQ:SYNA), the leading developer of human interface solutions, today announced a new ultra-small form factor USB module that enables Natural ID™ secure fingerprint authentication on any notebook PC. Synaptics’ USB dongle is a turnkey solution for OEMs, ODMs and private labels, enabling them to offer their customers an easy to use and inexpensive fingerprint alternative for PCs lacking integrated biometric sensors
How to Protect Your Website From XSS Vulnerabilities With IBM Application Security (IBM Security Intelligence) Almost everything can be done online nowadays, and even some of the oldest professions in the world are modernizing and moving to the Web. Application security is becoming more and more important with the online enablement of all kinds of new services
Visa/MasterCard-Equipped mPOS Lands In Middle East (PYMNTS) Cybersecurity company Thales announced on Tuesday (May 31) that its payShield 9000 hardware security modules (HSMs) will be used by payments technology company Swiftch to help secure the first Visa Ready and MasterCard self-certified mPOS solution throughout the United Arab Emirates (UAE)
Live safe Internet with Azercell! (Azer News) Azercell has started cooperation with Kaspersky Lab in the field of internet security, which is aimed to draw a special attention to the protection of children fro cyber treats. Three new products by Azercell will allow the users of all ages to feel safer on the Internet
Experian ships new fraud and ID plug-and-play platform (Finextra) Experian, the leading global information services company, today unveiled the fraud and identity industry's first open platform designed to catch fraud faster, improve compliance and enhance the customer experience
Proofpoint Announces Intelligent Supervision and Compliance Gateway to Help Customers with FINRA and SEC Audits (Globe Newswire) Cloud-based Intelligent Supervision is the first compliance monitoring platform to reduce audit time by 35 percent. Compliance Gateway provides mandatory evidence and simplifies the audit process
Coalfire Accredited as a CSA STAR Certification Assessor (BusinessWire) To assess and grade the security measures of cloud providers
Alert Logic Partners With Mitsui for Japan Expansion (MarketWired) Global business conglomerate to deliver alert logic security-as-a-service solutions to companies in Japan
LightCyber Shines a Light on Real Threats (eSecurity Planet) Gonen Fink, CEO of LightCyber explains how his firm's technology helps to solve the a key missing piece of the security alert mystery
Technologies, Techniques, and Standards
The Double-Sided Coin Of OPSEC (Dark Reading) Defenders must worry about their own operations security but can also learn a lot from attackers' OPSEC practices
Corporates can learn from criminals and spies. No, no, we're talking about OPSEC (Register) The jokes write themselves
The OPSEC Opportunity (Digital Shadows) Operations Security (OPSEC) has long been a key tactic used by commercial and military organizations to protect their privacy and anonymity. The United States formalized OPSEC in 1988 with President Reagan’s National Operations Security Program. The premise of OPSEC is pretty simple: deny adversaries information that could be used to do harm to an organization or individual. During my last trip to the United Kingdom, I visited the famous World War II code-breaking site Bletchley Park. I took the following photo that sums up wartime OPSEC well
Cyberinsurance: Assessing risks and defining policies (TechTarget) Cyberinsurance is sparking interest from enterprises, but how are security risks assessed for policies? Sean Martin takes a closer look at the process
4 Steps to Achieve MFA Everywhere (Dark Reading) What would it take to move authentication processes beyond sole reliance on passwords? Here's how to begin the journey
Understanding the Need for Encryption (Security Sales & Integration) Learn why modern encryption algorithms play a vital role in assuring data security
Resources For Helping Physical Security Professionals With Cybersecurity (SourceSecurity) There are resources to help guide an organization’s management of cybersecurity risks, most prominently from the National Institute of Standards and Technology (NIST) and the U.S. Department of Homeland Security
IoT Security Must be Factored in to your Business Continuity Plans (Information Security Buzz) The Internet of Things (IoT) industry must establish a common set of security standards of which to adhere, according to Oscar Arean, technical operations manager at disaster recovery provider Databarracks. Arean also argues that IoT risks should feature in organisations’ continuity plans if they want to be protected
The worst attacks are the ones you don't even know to look for (CSO Australia) Network-security tools have long focused on identifying compromises that they recognise from past encounters, but what do you do about the attacks that you’ve never seen before – or even thought to look for?
Cloud API security: How to interface with DevOps (TechTarget) Security professionals need to get acquainted with cloud API security options available to development and operation teams regardless of the services they use
Software-Defined Perimeter Essentials (Network World) SDP depends on well-thought-out policies, strong authentication, and diligent data collection and analysis
Facebook is Listening to Users’ Conversations, Here’s How to Stop it (HackRead) Facebook seems to have decided to leave no stone unturned in making its advertising campaigns wide-ranged and perfectly targeted. Previously we reported about the lawsuit filed against the social network for taking a sneak peek into private communications of its users in order to conduct relevant advertising and generate maximum Likes
What does a security awareness training program need to include? (TechTarget) An effective security awareness training program can make a significant difference in enterprises security. Expert Mike O. Villegas discusses what makes a good program
Hacker Lexicon: What Is Fuzzing? (Wired) Hackers sometimes portray their work as a precise process of learning every detail of a system—even better than its designer—then reaching deep into it to exploit secret flaws
What 17 years as an infosec trainer have taught me (Help Net Security) July 2016 shall see me complete 17 years in the infosec training circuit. It has been an amazing journey, with humble beginnings
Design and Innovation
Google’s Training Its AI to Be Android’s Security Guard (Wired) When Adrian Ludwig describes the ideal approach to computer security, he pulls out an analogy. But it’s not a lock or a firewall or a moat around a castle. Computer security, he says, should work like the credit card business
China’s Great Firewall is Harming Innovation, Scholars Say (Time) President Xi Jinping wants China to transform into the world’s leading science and technology power. But scholars say online censorship is stifling such innovation
The CIA Accelerates Innovation (SIGNAL) A new directorate focuses on digital technologies across the agency’s spectrum of operations and analysis
Why gaze tracking startup Cogisen is eyeing the Internet of Things (TechCrunch) How will you interact with the Internet of Things in your smart home of the future? Perhaps by looking your connected air conditioning unit in the lens from the comfort of your sofa and fanning your face with your hand to tell it to crank up its cooling jets
Academia
CyberPatriot IX Registers 1,000 Teams in Record-Breaking Time (PRNewswire) The Air Force Association (AFA) today announced that CyberPatriot, AFA's premier STEM education initiative, has reached 1,000 registered teams for the CyberPatriot IX National Youth Cyber Defense Competition in record-breaking time. Registration is open until October 5th
IBM, George Washington University Partner on Cyber & Homeland Security Task Forces (GovConWire) IBM‘s (NYSE: IBM) Center for the Business of Government has partnered with George Washington University’s Center for Cyber and Homeland Security to set up four task forces that work to support relevant policy research and analysis efforts, ExecutiveBiz reported Tuesday
Computer Education Key To America's Safety & Security In Our Increasingly Connected Society (Forbes) Several years ago former defense secretary Leon Panetta warned about the growing threat of cyber attacks
Legislation, Policy, and Regulation
NATO likely to declare cyberspace a warfare domain at Warsaw summit – German general (Russia Today) The upcoming NATO summit in Poland is likely to enter the history books as the event where cyberspace was officially declared an operational warzone, according to the military official in charge of building Germany’s cyber command
The Cyber Threat: China, Russia Undeterred by Weak Obama Cyber Security Policy (Washington Free Beacon) Congress pushes back against ineffective ‘deterrence by denial’ strategy
U.S. takes further steps to block North Korea's access to financial system (Reuters) The United States on Wednesday declared North Korea a "primary money laundering concern" and moved to further block its ability to use the U.S. and world financial systems to fund its weapons programs
Will The U.S. Government’s Cybersecurity Plan Keep The Manufacturing Industry Safe? (Manufacturing Business Technology) In February, President Obama unveiled his proposal for the Cybersecurity National Action Plan (CNAP), which seeks to address the wide variety of cyber threats facing the national government, in addition to the country’s private sector and civilian population
Litigation, Investigation, and Law Enforcement
Espionage cited as the US Federal Reserve reports 50-plus breaches from 2011 to 2015 (IDG via CSO) Potential rewards for hacking central bank are high for attackers who have a sophisticated skill set
How experts track global cyber criminals (Financial Times) Identifying culprits is fraught with error, as recent attacks on banks show
Russia says arrests hacker gang who defrauded banks of millions (Reuters) Russia's FSB security service said on Wednesday it had helped detain a gang of about 50 hackers who stole over 1.7 billion roubles ($25.33 million) from the accounts of various Russian financial institutions
The UK Is Using Bulk Interception to Catch Criminals—And Not Telling Them (Motherboard) UK authorities are collecting and analysing data in bulk to identify suspected child exploitation offenders on the dark web, but are not informing defendants of how they were caught
Yahoo Publishes National Security Letters After FBI Drops Gag Orders (Wired) The FBI has been issuing national security letters for decades. The controversial subpoenas, which allow the feds to obtain customer records and transaction data from internet service providers and other companies without a court order, come with a perpetual gag order that prevents recipients from disclosing that they’ve received an NSL
Prosecutors say San Bernardino attacker’s friend had ties to group arrested for 2012 terror plot (Washington Post) Federal authorities say they have discovered connections between a friend of the San Bernardino attacker charged with conspiring to carry out other attacks with him and a group of men arrested years earlier in California as part of a different plot
The National-Security Exposé So Secret Even Edward Snowden Didn’t Know About It (Nation) A former senior Pentagon official shows how broken our whistleblower system really is
Mir Islam – the Guy the Govt Says Swatted My Home – to be Sentenced June 22 (KrebsOnSecurity) On March 14, 2013 our humble home in Annandale, Va. was “swatted” — that is to say, surrounded by a heavily-armed police force that was responding to fraudulent reports of a hostage situation at our residence. Later this month the government will sentence 21-year-old hacker named Mir Islam for that stunt and for leading a criminal conspiracy allegedly engaged in a pattern of swatting, identity theft and wire fraud
Online dating scam drags woman into Argentinian prison for 2.5 years (Naked Security) Last September, we brought you an online dating tale with a happy ending: guy falls in love with a buxom blonde/millionaire heiress who friends him on Facebook, gets ready to send her a wad of cash so she can supposedly come to the US (which she somehow needed in spite of that rich daddy of hers), dumps his fiancée, and gets saved in the nick of time by aforementioned dumped fiancée
Like us on Facebook or break your lease, threatens apartment complex (Naked Security) Ever have somebody in your life who tries to control you? Maybe they use fear, intimidation, and guilt to manipulate you into doing something not necessarily in your best interest
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Security Opportunities in Turkey Webinar (Online, Jun 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk. Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks.
US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, Dec 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey is increasing resources in the public and private sectors to tackle these complex cyber threats. Apply now for this mission. Recruitment for the mission will begin immediately and conclude no later than September 16, 2016. The U.S. Department of Commerce will review applications and make selection decisions on a rolling basis beginning May 2, 2016 until the maximum of 20 participants is selected. Applications received after September 16, 2016 will be considered only if space and scheduling constraints permit.
Upcoming Events
SecureWorld Atlanta (Atlanta, Georgia, USA , Jun 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Innovations in Cybersecurity Education Workshop 2016 (Halethorpe, Maryland, USA, Jun 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity at high schools, colleges, and community colleges. Anyone is welcome to attend, including teachers, students, administrators, researchers, and government officials. It will highlight master teachers and ongoing educational projects, including an effort at the US Naval Academy to teach cybersecurity to all midshipmen. The workshop will feature hands-on learning activities, including secure programming, cyber competition, and an educational game. The workshop is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials. Lunch will be provided.
ISS World Europe (Prague, Czech Republic, Jun 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.
New York State Cyber Security Conference (Albany, New York, USA, Jun 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.
SecureWorld Portland (Portland, Oregon, USA, Jun 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SIFMA Cyber Law Seminar (New York, New York, USA, Jun 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.
Cleared Job Fair (Tysons Corner, Virginia, USA, Jun 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.
SANSFIRE 2016 (Washington, DC, USA , Jun 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, Jun 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’
Show Me Con (St. Charles, Missouri, USA, Jun 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker?s viewpoint
CISO DC (Washington, DC, USA, Jun 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.
The Security Culture Conference 2016 (Oslo, Norway, Jun 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.
TECHEXPO Top Secret Hiring Event (Baltimore, Maryland, USA, Jun 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill open positions from companies including BAE Systems, CACI, Deloitte, CGI, Prosync, OnyxPoint, ShoreIT Solutions, Varen Technologies and many more.
2016 CyberWeek (Tel Aviv, Israel, Jun 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.
National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, Jun 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.
Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, Jun 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.
Cyber 7.0 (Laurel, Maryland, USA, Jun 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.
Security of Things World (Berlin, Germany, Jun 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , Jun 27 - Jul 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!
DC / Metro Cyber Security Summit (Washington, DC, USA, Jun 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, Jun 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.