ISIS mixing online inspiration with organized cells? Chinese, Russian cyber espionage campaigns. OurMine continues to market via hacking. Adwind RAT is back. FBI inquiry into State Department emails continues.
A wave of ISIS-connected terror attacks over the past weekend suggests a mix of inspiration and the directed operation of clandestine cells. They appear to represent a shift to out-of-area operations as ISIS-controlled territory shrinks.
Palo Alto reports evidence linking the MNKit exploit generator with three Chinese cyber-espionage campaigns targeting the Russian military, Tibetan communities, and Uyghur minorities.
SBDH malware appears in active espionage campaigns run against targets in five Eastern European countries, one former Soviet Republic and four ex-members of the Warsaw Pact. ESET sees several interesting features in SBDH, among them similarities to tools used in Buhtrap raids on Russian banks and the use of steganography to hide command-and-control features.
OurMine, representing itself as a white-hat security scanning outfit, hacked the Vox Media editor-in-chief’s Twitter feed to promote its services. CSO coldly reports that “most real security professionals see the group as a collective of script kiddies,” and their hacks as fallout from the recent series of credential dumps that exposed recycled passwords.
Heimdal warns that the Adwind remote access Trojan is back, infecting systems without tripping anti-virus warnings.
Two new ransomware strains appear: “Satana” follows Petya’s example and encrypts master boot records as well as files, and “Zepto” seems to have succeeded its hospital-targeting progenitor Locky.
Chinese Internet censorship tightens its grip on social media. Observers foresee continuing increase in Russian cyber offensives.
Investigation of US State Department emails grows warmer: Attorney General Lynch controversially meets with former-President Clinton; the FBI interviews the former Secretary of State.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Belgium, China, Czech Republic, Egypt, European Union, Germany, Hungary, India, Iran, Iraq, Israel, Republic of Korea, Libya, Netherlands, Nigeria, Pakistan, Poland, Romania, Russia, Slovakia, Syria, Turkey, Ukraine, United Kingdom, and United States.
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Ben Yelin on the case of a gentleman facing felony charges for hacking into a Florida elections site. Our guest is Michael Jacobs, who'll describe the National Cybersecurity Hall of Fame and explain how you can nominate someone for consideration. (As always, we welcome reviews of the podcast. You can put one up at iTunes if you're so inclined.)
Cyber Attacks, Threats, and Vulnerabilities
Exploit Generator Kit Links Three Cyber-espionage Campaigns to Originate from China (Virus Guides) A recent analysis of MNKit exploit generator reveals a connection between three cyber-espionage campaigns thought to originate from China. MNKit has been categorized as a software package with a limited circulation which can embed exploit code inside Office files in order to create custom malware. This malware builder is specially adapted for creating malicious MHTML files which take advantage of CVE-2012-0158, a five-year old vulnerability in the MS Office suite that leads to remote code execution on targeted systems
SBDH Malware Used in Cyber-Espionage Campaign in Eastern Europe (Softpedia) New malware found targeting five Eastern European states
Vox Media EIC hacked, Twitter feed promoting questionable security service (CSO) OurMine says they'll scan an entire company for $5,000
Security Alert: Adwind RAT Spotted in Targeted Attacks with Zero AV Detection (Heimdal Security) The malware economy is alive and well! And cyber criminals are making big money by using this business model
Chinese Advertiser Behind YiSpecter iOS Malware and HummingBad Android Malware (Tirate Un Ping) Yingmob supposedly controls over 85 million Android devices. A Chinese advertising company is responsible for two of the biggest waves of malware for both the Android and iOS ecosystems, a recent Check Point report reveals
New Satana ransomware encrypts user files and master boot record (CSO) It's the second ransomware threat after Petya that leaves computers unable to boot into the OS
The new heir of Locky virus Zepto ransomware makes its appearance (2Spyware) It seems that quite recently Locky virus contained the virtual community firmly within its grip. It came into the daylight as the ransomware which dared to target the data of one of the hospitals in the USA
From zero to SYSTEM on full disk encrypted Windows system (Part 1) (got 0day?) Whether you want to protect the operating system components or your personal files, a Full Disk Encryption (FDE) solution allows you to keep track of the confidentiality and integrity. One of the most commonly used FDE solutions is Microsoft Bitlocker®, which due to its integration with the Trusted Platform Module (TPM) as well as the Active Directory environment makes it both user-friendly and manageable in a corporate environment
From zero to SYSTEM on full disk encrypted Windows system (Part 2) (got 0day?) This blog post is a continuation of my previous post which can be found here. The reason I devided is because two seperate vulnerabilities come in to play in order to successfully retrieve the original user password and install your favourite malware :) So without further ado, let's escalate our privileges to SYSTEM
Android’s full-disk encryption just got much weaker—here’s why (Ars Technica) Unlike Apple's iOS, Android is vulnerable to several key-extraction techniques
More Than Half of Android Phones Vulnerable to Encryption Bypass Attacks (Duo Security) A few weeks ago, Duo Labs discussed a series of critical Android vulnerabilities published by Gal Beniamini. These attacks affect Android devices with processors manufactured by Qualcomm - and Qualcomm happens to dominate the Android market
Lenovo ThinkPad zero-day bypasses Windows security (IT News) ThnkPwn exploit gets around PC hardware protections
Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value Denial of Service (vuldb.com) CVSSv3 Temp Score 5.1. Current Exploit Price (≈) $1k-$2k. A vulnerability, which was classified as problematic, was found in Apache Struts up to 2.3.28.1/2.5.0. Affected is the function URLValidator. The manipulation of the argument url as part of a Null Value leads to a denial of service vulnerability. This is going to have an impact on availability
'Mind-blowingly awesome' Telstra phishing scam detected (CSO) The criminals are said to be very well organised and well-funded
Beware the ‘Brexit’ emails that hack into your computer and promise to protect your savings (This is Money) Cybercrime experts are warning of a surge in scams playing on Brexit fears to cheat unwary investors
Anatomy of an exploit: the Microsoft Word bug that just won’t die (Naked Security) If you’re a regular reader, you’re probably familiar with our technical papers on the topics of exploit kits and malware attacks that rely on booby-trapped Word documents
Apple iOS 9.3.3 Jailbreak Close to Being Perfected by Pangu; Chinese Hacking Team Set to Officially Release iOS 9.3.2 Jailbreak Soon! (Master Herald) Chinese jailbreak team Pangu has not released an official jailbreak since the Apple iOS 9.2 was rolled out in March this year. And so is the other popular jailbreaking team TaiG. There was one Italian hacker by the name of Luca Tedesco, who claimed to have come out with a jailbreak for Apple iOS 9.2 and up but he has never made public his exploits
More than 40,000 affected in the latest cyber attack (Health Data Management) A recent cyber attack at Stamford Podiatry Group in Connecticut put protected health information of 40,491 patients at risk
MEDJACK.2 Hospitals Under Siege (TrapX) In May, 2015 TrapX Labs released an Anatomy of Attack report that shared our research into the discovery and analysis of three targeted hospital attacks. The TrapX Labs team referred to this attack vector as MEDJACK, or “medical device hijack”
How Unvalidated Encryption Threatens Patient Data Security (Health IT Security) Proper healthcare encryption methods can be greatly beneficial to organizations as they work to improve patient data security
Incapsula battles massive 470Gbps DDoS attack - but is size still the issue? (Computerworld) One of the two largest attacks ever recorded hits Chinese gambling firm
Top 10 DDoS attack trends (Help Net Security) DDoS attacks are constantly evolving, both in terms of size as well as sophistication. Not keeping up with the changes in the DDoS attack landscape could leave your business vulnerable to attacks
The tech support scam king. 135 tech scam domains registered to one person (Graham Cluley) And there's nothing to stop them from registering more domains
Internet Bot Exposes 20 Million MTN Irancell Users’ Data (Hack Read) Personal data of 20 millinon MTN Irancell users available for public after a Telegram bot allowed anyone with a cell number of the victim to access their information
Another Popular YouTube Channel ‘LeafyIsHere’ Hacked; Defaced (Hack Read) Another day another YouTube hack
Watch 2 Chinese Installing ATM Skimmer in a Pakistani Bank (Hack Read) According to a TV report, two Chinese citizens were caught installing ATM skimmer device in a Karachi-based bank
Facebook blocks another woman named Isis because of her name (Naked Security) Facebook, much to the dismay of a 27-year-old British woman, still hasn’t gotten it through its social media noggin that somebody by the name of Isis who takes out an account is not necessarily a bloodthirsty jihadist looking to promote the Islamic State
Meet Anonymous Without the Masks in this VICELAND Documentary (Motherboard) You know its name. You’ve heard its voice. And, so to speak, you’ve seen its face
Cyber Trends
Boardroom execs still don’t know the value of data (Help Net Security) Almost two thirds of businesses still don’t know the value of critical data assets being targeted by cybercriminals
Healthcare organizations lag in sharing cyber attack info (Health Data Management) Through a presidential executive order and legislation enacted by Congress in 2015, the federal government set in motion procedures for healthcare organizations, companies in other industries and local governments to collect and share cyber threat information among themselves and with the government
Why in Industry 4.0 manufacturing needs to be better prepared for cyber attacks (IoT Tech) This year’s Hannover Messe, a leading international trade fair for industrial technology, has once again demonstrated that the idea of ‘smart’ factories is no longer a futuristic vision but concrete reality
Companies must 'take the fight to the criminals' to tackle cybercrime (Guardian) Cybercrime is becoming big business and tech firms are ‘in an arms race’ to outdo sophisticated criminal operations, report by BT and KPMG says
Australian workers bypassing secure VPN – using the Internet (ITWire) A new Australian survey shows that corporate users are avoiding VPNs despite being requested to use them for secure access to corporate networks and data
Confusion reigns around data protection requirements (Help Net Security) Confusion reigns among UK businesses around data protection requirements, according to Delphix. From June 2018, any business that offers goods and services to the EU or monitors the behaviour of EU citizens will be subject to the General Data Protection Regulation (GDPR)
Majority of businesses think their data should be stored in the UK (ITPro) But a report has revealed only 27 per cent of businesses know for certain their data is located in the UK
Marketplace
Cybersecurity Acquisitions Helping Companies Offer Integrated Solutions to Customers (Security Sales & Integration) Recent M&A activity shows companies are searching for stronger customer value proposition
'Security' Software Wrecking Your Security Is the Ultimate Irony (Fortune) Blast shields should not explode in your face
Apple winning the enterprise security race, Samsung makes push (ZDNet) According to a Tech Pro Research survey, Apple is viewed by tech decision-makers as the most secure mobile device option. Samsung is threatening Apple's lead, and Microsoft ranks well on tablets thanks to the Surface
Accenture acquires Israel-based cybersecurity firm Maglan (Consultancy) Accenture has acquired Israel-based cybersecurity firm Maglan for an undisclosed sum. The acquisition significantly boosts the firm’s cybersecurity capabilities, and will, among others, be integrated into its Cyber Fusion Centre in Israel
FireEye Inc (FEYE): Rumors Regarding a Potential Takeover Continue To Swirl (Country Caller) Takeover chatter regarding FireEye continues in the market over the announcement of major management shift
The Market Is Missing An Important Fact About This Warren Buffett Dividend Stock (Seeking Alpha) IBM is at a turning point. The market is underestimating the growing importance of the strategic imperatives and growth catalysts that these businesses represent. At the current valuation, you get two businesses for the price of one, and some spare change. At current prices, IBM is a compelling buy
Cisco's Bloated Balance Sheet: Blessing Or Curse? (Seeking Alpha) Cisco has a fortress of a balance sheet. Its cash horde continues to grow and grow. Are too many acquisitions and too much cash dragging down shareholder returns?
Mimecast CEO stays a bull after half a year as public company (IDG Connect) Peter Bauer led Mimecast to one of the last of 2015’s tech IPOs, not long before tech floats lost their buoyancy
Akamai: Is This What A Comfortable Middle Age Might Look Like? (Seeking Alpha) Akamai has become a company with normal investment parameters after spending its formative years as the poster child for the evils of the .com era
KnowBe4 Has Explosive Year-Over-Year Growth of 454% for Q2 2016 (PRWeb) KnowBe4, America’s most popular integrated security awareness training and phishing platform announced its explosive year over year growth of 454% for Q2 2016, with a record number of 655 new corporate accounts in June alone, rising to nearly 5,000 enterprise accounts combined with a very robust 86% customer retention rate
Industry veterans launch security advisory firm (CSO) Jonathan Steenland and Richard Dorough co-lead Zyston's CISO Advisory Services
Corero Network Security receives orders for DDoS-fighting system (Proactive Investors) Corero Network Security has received two orders for its SmartWall Threat Defense System from cloud hosting providers
Post-Brexit: Code42’s perspective on wider tech industry (IDG Connect) The UK’s decision to leave the European Union has led to a lot of uncertainty about what the consequences will be for the tech sector. Some tech experts believe that Britain’s tech industry will finally be able to thrive once freed from the shackles of the EU. Others believe that Brexit will just lead to more uncertainty which will only be bad for business
HackerOne Appoints Marjorie Janiewicz as Head of Global Sales and Rolls Out New Product Editions (Yahoo! Finance) HackerOne, the leading bug bounty platform provider, announced the appointment of Marjorie Janiewicz to lead the company’s sales organization
Products, Services, and Solutions
Incident Exchange -- Beyond the Traffic Light Protocol (LinkedIn) The Traffic Light Protocol (TLP) was developed as a means to facilitate information sharing by using a standardized information classification scheme. By assigning a TLP classification to a report, the originator signals how widely information can be disseminated beyond the immediate recipient. TLP has four levels
Silent Circle silently snuffs out its warrant canary — but claims it’s a “business decision” (TechCrunch) Silent Circle, the maker of encrypted messaging apps and a security hardened Android smartphone, called Blackphone, has discontinued its warrant canary
Advanced cyber threat intelligence technologies to hit our shores (Security Brief) EcleticIQ and Cosive have formed a partnership that will marry cutting-edge technology and field expertise to help organisations in the Australia, New Zealand and Asia-Pacific region
Tanium's Ralph Kahn on why security depends on an integrated hosting platform (FedScoop) Real time visibility and the ability to automate responses are essential to network security, says Tanium vice president Ralph Kahn
My Activity: a tool to see what Google knows about you (Naked Security) How much does Google really know about us?
Bitglass: Agent-less Approach for BYOD Privacy (Silicon India) In the not so distant past, Mobile Device Management (MDM) solutions were introduced as one of the essentials of enterprise security managemen
Cato Networks offers a new model for network security as a service (Network World) With the traditional network perimeter all but gone, Cato Networks has built a new perimeter in the cloud, offering network security as a service across all enterprise entities
Netherlands, South Korea get nationwide IoT network (Help Net Security) In the space of a week, the Netherlands and South Korea got their own, nationwide IoT network
Technologies, Techniques, and Standards
5 Actionable Steps We Can Learn from the SWIFT Banking Attacks (Tripwire: the State of Security) As is often the case in cybersecurity, just when you think you are writing or talking about the “issue of the day” (most recently ransomware), some other issue comes up that makes you shake your head and wonder why each of us is working so hard to secure our networks when it appears so easy for attackers to steal important data or money
The anatomy of a cyber attack & precautions to take (CIOL) Businesses in the Asia-Pacific lost an estimated $US81.3 billion in revenue due to cyber-attacks in the 12 months to September 2015, compared with $US62.3 billion in Europe and $US61.3 billion in the US, according to London-based consulting company Grant Thornton
Securing Privileged Accounts (@CloudExpoJournal) With good reason, staying on top of privileged accounts is a major concern for CISOs
Hacker Lexicon: What Is Full Disk Encryption? (Wired) There's been a lot of talk in recent years about encryption and what the FBI terms its “Going Dark” problem—its inability to read the communications of surveillance targets because more and more data is being encrypted. And while the end-to-end messaging encryption that protects data in transit in apps like WhatsApp get a lot of press, it’s a problem that applies equally a data at rest. The kind that full-disk encryption is designed to protect
SSL – the good, the bad and the visible (NetworksAsia) The explosive growth in the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, or HTTPS traffic, has been both a bane and a boon to internet usage
6 Ways to Keep Android Phones Safe (Dark Reading) Security managers have their hands full protecting Android devices, but there are common sense steps they can take to beat back attackers
Extreme online security measures to protect your digital privacy – a guide (Guardian) Mark Zuckerberg uses tape over his webcam. Even if you’re not worried about industrial espionage, there’s no such thing as too much security
5 Things To Consider With A Threat Hunting Program (Dark Reading) A change in mindset and the ability to think like a malicious hacker are two key requirements
Putting the 'Secs' into DevOps (Computer Weekly) We have already examined the ‘phenomena’ that is DevOps and asked what it really means, how it really works and how to tame this new beast here on Computer Weekly
Is Data Privacy part of your Company's Culture? (SANS Internet Storm Center) I was reading a while back about the FDIC data lost who had 5 major breaches between Oct 30, 2015 (taxpayers’ personally identifiable information) and could have been prevented with a combination of host based and network controls to prevent sensitive data from leaving the network. According to the information released, the breaches occurred because individual copied data to USB drives which then left the premises. A strong and effective security policy restricting access to USB drive could have helped prevent this. All removable drives should be encrypted and limit who can write to a removable drive for accountability
This is what you need to know before buying a router (My Gaming) Most people think of their modem as that “little grey box” that helps you get onto the internet
How to protect your data in hotels, airports and other public spaces when traveling (Chicago Tribune) The first time Jesse Harrison was hacked was around the time she logged on to a coffee shop's open WiFi network to pay a bill. She entered her credit card information and paid the bill as always. But the next day she noticed something odd - there were fraudulent charges on her statement. It looked as if her credit card information had been stolen
Think you've been targeted by an online SCAM? Follow these simple steps to stay safe (Express) Think you have been hit by an online scam? Do not panic – here are some quick top tips to make sure you stay safe
Design and Innovation
Could bitcoin hold the key to stopping ransomware? (Christian Science Monitor Passcode) Bitcoin isn’t as anonymous as many once believed, and now researchers are using the cryptocurrency’s delivery mechanism to compile dossiers on suspected hackers
The double-edged sword: US nuclear command and control modernization (Bulleting of the Atomic Scientists) Last month the General Accountability Office announced that parts of the command and control system used to manage US nuclear weapons rely on eight-inch floppy disks, an IBM Series/1 computer, and other hardware that is more than 50 years old
A Double-Edged Sword: IAM Meets IoT (IBM Security Intelligence) Many data breaches begin with bad actors stealing legitimate user credentials — a fundamental flaw in wider security systems. Logically, by locking down user identities, you can protect against stolen credentials and insider threats. But what if that threat is no longer a person or even a physical entity?
In Bill Ford’s Future, the Cars Talk to Each Other (Bloomberg) One vehicle will transmit traffic conditions to another, easing the massive congestion that worries Ford Motor Co.’s executive chairman
Research and Development
EU plans $2B investment in cybersecurity research (CSO) The European Commission wants industry to contribute three-quarters of the cash
Darpa Goes Full Tron With Its Grand Battle of the Hack Bots (Wired) On a giant flat-screen TV in an old Emeryville, California warehouse, a floating orb fires red, blue, pink, and yellow beams into a honeycomb of hexagonal blocks. The blocks are black, white, and gray, but as the beams hit them, they change—flashing, fading, absorbing color. And when they do, scores tally just above
A German university develops energy-efficient cryptographic puzzle (EconoTimes) Technology experts from Ruhr-Universität Bochum, a German-based university have developed an energy-efficient cryptographic puzzle, which is based on storage space rather than computing power
Algorithmic self-assembly of DNA tiles and its application to cryptanalysis (GECCO'02 Proceedings of the 4th Annual Conference on Genetic and Evolutionary Computation) The early promises of DNA computing to deliver a massively parallel architecture well-suited to computationally hard problems have so far been largely unkept. Indeed, it is probably fair to say that only toy problems have been addressed experimentally. Recent experimental development on algorithmic self-assembly using DNA tiles seem to offer the most promising path toward a potentially useful application of the DNA computing concept
Academia
Innovate WNY - Cyber Security Summer Camp (WGRZ) The University at Buffalo, through a grant provided by the National Science Foundation and the NSA, hosted over thirty students, this week for a cyber security summer camp
Cybercamp introduces CHS students to cybersecurity careers (Charlottesville Tomorrow) Charlottesville High School recently ran a cybercamp to expose students to computer science and cybersecurity. Seventeen students participated in the free two-and-a-half week program, which included hands-on technology projects and field trips
Promoting cyber-security education is a focus for Davenport official (MLive) An East Grand Rapids resident and city commissioner is having an impact in the field of cyber-security education
Legislation, Policy, and Regulation
China restricts online news sites from sourcing stories on social media (Ars Technica) News outlets forbidden from using "conjecture and imagination to distort the facts"
A Grim Future for Chinese Web Freedom (Foreign Policy) The unexpected departure of China's censorship evangelist is unlikely to bring about more relaxed policies towards online speech
Europol’s online censorship unit is haphazard and unaccountable says NGO (Ars Technica) IRU has now been politely asking for online terrorism content to be removed for a year
Moscow Rules of Espionage Go Global—If You Think It’s KGB, It Is (Observer) As Russian spies play rough, ignoring Putin's war against the West will only make it nastier
Russian Microaggressions Are a Test (Commentary) “Microaggression” has become a fashionable term in the academy, but it applies better in the realm of international relations, where American adversaries are constantly needling and testing the world’s sole superpower
Romania Battles State Actors in Cyberspace (SIGNAL) The NATO member aims to be a regional security center
DHS head pushes cyber reorganization (The Hill) Secretary of Homeland Security Jeh Johnson this week stumped for a proposed reorganization of the division of his agency responsible for protecting critical infrastructure from digital threats
The Lawfare Podcast: John Carlin Uses All the Tools (Lawfare) John Carlin, assistant attorney general for national security, has a new law review article out in the Harvard National Security Journal, entitled: "Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats." In it, he argues that
Donovan calls for smarter rules on cyberdefense, seizing terrorist funds (Homeland Preparedness News) With the goal of improving U.S. threat preparedness, U.S. Rep. Daniel Donovan (R-NY), who serves on the House Homeland Security Committee, recently introduced legislation to help fight potential terror attacks in urban areas and in cyberspace
The Cyber Implications of Acquisition Speed: Part III (SIGNAL) Full and open competition can improve federal procurement
Federal Agencies Continue to Shed Security Clearance Holders (Government Executive) The federal government cut the number of individuals holding security clearances by a quarter of a million people in fiscal 2015, according to a new report, marking the second consecutive year agencies have successfully followed through on an Obama administration goal to trim the cleared population
Litigation, Investigation, and Law Enforcement
Israel: Tel Aviv Cafe Attackers Inspired by Islamic State (ABC News) Israel's Shin Bet security agency says two Palestinian gunmen who carried out a deadly shooting attack at a Tel Aviv cafe last month drew inspiration from the Islamic State group
Israel accuses Facebook of complicity in West Bank violence (Chicago Tribune) Israel's police minister accused Facebook Inc. of complicity in Palestinian violence against his country after back-to-back attacks claimed the lives of a 13-year-old stabbed to death in her bed and a father of 10 killed in a drive-by shooting
As ISIS Loses Land, It Gains Ground in Overseas Terror (New York Times) In just the past few days, the Islamic State’s evolving brand of terrorism has revealed its deadly, shifting faces
More cyber issues found at FDIC (Federal News Radio) Cybersecurity problems continue to be found at the Federal Deposit Insurance Corporation. The Government Accountability Office said though the FDIC has improved several elements of its information security, it has still not created a documented process for granting or removing system access or fixed known vulnerabilities in third-party software
Palantir Takes Fight With Army To Federal Court (DefenseNews) Palantir Technologies has filed a bid protest in the US Court of Federal Claims against the US Army for issuing what it says is an unlawful procurement solicitation for the service’s next iteration of its internally developed intelligence software suite that shuts the company’s commercial offering out of the competition
Loretta Lynch to Accept F.B.I. Recommendations in Clinton Email Inquiry (New York Times) Attorney General Loretta E. Lynch, conceding that her airport meeting with former President Bill Clinton this week had cast a shadow over a federal investigation of Hillary Clinton’s personal email account, said Friday that she would accept whatever recommendations that career prosecutors and the F.B.I. director make about whether to bring charges in the case
EXCLUSIVE: Security Source Details Bill Clinton Maneuver to Meet Loretta Lynch (Observer) Former president delayed Phoenix takeoff to snare '20-25 minute encounter' with Attorney General
Awkward Encounters: Clinton and Lynch Weren’t Talking Grandkids and Golf (Observer) She’s going with 'The Axelrodian Optics Gambit'
White House: Clinton email probe is 'shielded' from political interference (The Hill) The White House on Friday insisted the administration is keeping its distance from the FBI’s investigation into Hillary Clinton’s use of a private email server
WH defends Lynch's record after Clinton meeting (The Hill) The White House on Friday defended the record of Attorney General Loretta Lynch and declined to weigh in on whether she erred in meeting with former President Bill Clinton on an airport tarmac in Phoenix earlier this week
Clinton met with FBI over email probe (Washington Examiner) Hillary Clinton's campaign confirmed Saturday that she met with the FBI about her email practices while secretary of state, which has been the subject of an investigation
President Obama should pardon Edward Snowden before leaving office (Verge) For the last three years, one month, and seven days, Edward Snowden has been living in exile from the United States
During Tenure In Russia, Edward Snowden Has Kept A Low Profile (NPR) It's been three years since Edward Snowden landed at Moscow's Sheremetyevo Airport and began a new life in exile. NPR has an update on his strange tenure in Russia
Snowden ist ein Russen-Agent (Bild) In den drei Jahren, die seit Edward Snowdens Eintreffen in Moskau vergangen sind, wurde viel und Kontrovers über die Beziehung zwischen ihm und seinen Gastgebern spekuliert. Jetzt gibt es endlich Fakten
U.S. Probes Chinese Ownership of CIA-Linked Insurance Company (Newsweek) Federal investigators are taking a close look at the Chinese ownership of an American insurance company that has been selling legal liability insurance to senior CIA, FBI and other intelligence officials and operatives for decades
NCS Computech allegations were to damage IPO process: Quick Heal (Money Control) The suit filed by NCS Computech against Quick Heal has been dismissed by the court. Suit claimed intellectual property rights to the brand name "Total Security" by NCS
Second man pleads guilty of hacking entertainment industry celebrities (CSO) The two are, however, not charged with the actual leaks of the videos and photographs
Former U.S. Secret Service agent suspected in additional Bitcoin thefts (Reuters) A Secret Service agent who stole money seized by the government in the investigation of underground drug bazaar Silk Road is now suspected of stealing money in at least two other cases, according to court filings unsealed on Thursday
Hacker Should Beware Bogus UPS Couriers Bearing Handcuffs... (Graham Cluley) Alexander J Martin of The Register describes the arrest of British student Lauri Love, who allegedly hacked the FBI and NSA, and is wanted for extradition by the United States
Fembots land Ashley Madison in hot water with the FTC (Graham Cluley) Have you been flirting with a computer program behind your wife's back?
Google twists the knife, asks for sanctions against Oracle attorney (Ars Technica) What Google doesn't want you to know: It pays Apple $1 billion to be on the iPhone
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
Cybercon 2016 (Washington, DC, USA, Nov 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.
Upcoming Events
ISS World South Africa (Johannesburg, South Africa, Jul 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
SINET Innovation Summit 2016 (New York, New York, USA, Jul 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
CyberSec 2016 (New York, New York, USA, Jul 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.
Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), Jul 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, Jul 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.
Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, Jul 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend
SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, Jul 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.
SANS San Jose 2016 (San Jose, California, USA , Jul 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!
AfricaHackOn (Nairobi, Kenya, Jul 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.