The CyberWire Daily Briefing 08.02.16

Summary

By The CyberWire Staff

The University of Toronto’s Citizen Lab and researchers at FireEye see signs of Iranian cyberespionage targeting anti-Assad Syrian dissidents. Elsewhere in the region, an Israeli hacker—probably a hacktivist—breaches Iranian ISP Daba and leaks user credentials.

Russia positions itself as an injured party amid speculation that US security services have compromised some significant Russian networks, and perhaps have found their way into the Cozy Bear and Fancy Bear as well. (The bears are, respectively, thought to be FSB and GRU operations.) For its part the US mulls how (indeed, whether) to respond to Russia’s apparent intrusion into various Democratic Party networks. WikiLeaks’ Julian Assange refuses to say where he got the documents he’s dumping, but he does say WikiLeaks has a lot more material from Hillary Clinton’s campaign. They’ll be releasing it soon, at their discretion.

Researchers report an SSL certificate flaw in the Kaspersky Safe Browser iOS app that could expose users to man-in-the-middle attacks.

Social engineers are turning to “QRLjacking,” a newly popular way of compromising accounts.

The Afraidgate ransomware operators are still using the Neutrino exploit kit, but are shifting from CyrptXXX to Locky.

Researchers continue their scrutiny of the AdGholas malvertising campaign, with particular attention given to the means by which its operators cover their tracks.

ISIS has increased its use of Portuguese in inspirational traffic, the Rio Olympics being the obvious target.

INTERPOL takes down a Nigerian scammer with assistance from Trend Micro and Fortinet.

An FBI tech pleads guilty to spying for China.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, Colombia, India, Iran, Israel, Kosovo, Malaysia, Mexico, Nigeria, Peru, Romania, Russia, South Africa, South Sudan, Switzerland, Syria, Thailand, Trinidad and Tobago, Turkey, United Kingdom, United States and Uzbekistan

A note to our readers: We're at Black Hat this week, talking to people and keeping our ears open, as usual. You'll see coverage in our daily briefings, and you'll hear updates in our podcasts.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from Ben Yelin of the University of Maryland's Center for Health and Homeland Security, who'll outline the implications of a recent ruling in Microsoft's favor over data privacy overseas. Our guest, Spirent's Sameer Dixit, will describe what they're seeing on emerging threat patterns and what you can do to protect yourself. (If you enjoy the podcast, please consider giving it an iTunes review.)

Sponsored Events

CyberTexas Job Fair (San Antonio, TX, USA, August 23, 2016) Top companies looking for cybersecurity professionals, cleared or non-cleared career opportunities.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain (Baltimore, MD, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Selected Reading

Cyber Trends

DIA cyber officer profiles global threat actors (C4ISRNET) The cyber threat is all around us, from nation-states to terrorist groups to hacktivists motivated by social change and individuals looking to make a name for themselves. Understanding each group and their motivations is key to defending and responding in cyberspace

CIA Cyber Official Sees Data Flood as Both Godsend and Danger (Bloomberg Technology) When he started at the CIA, Sean Roche recalls how little solid data the U.S. spy agency had on what was going on inside the Kremlin

Most Healthcare Breaches Can Be Traced to One of Three Factors (Information Management) Almost three out of every four healthcare data breaches can be linked to three common security problems, and managing those types of issues can greatly impact overall security performance

Salted Hash: Phishing study reveals frightening password habits (CSO) Research shows that most passwords are poorly constructed and resemble basic PINs

Passwords Protect Your Business, but Who’s Protecting Them? (AVG) When we asked AVG Business customers in the US and UK how they keep company passwords safe, we were surprised to learn just how many of them … simply don’t

Legislation, Policy and Regulation

Bring cyberwarfare further out of the shadows (Washington Post) Thousands of U.S. businesses and other institutions have been besieged by cyberattacks in recent years. But the penetration of the Democratic National Committee stands out. The theft of internal emails, attributed by some to Russia, and the use of those emails to sow discord in the middle of a presidential campaign, deserve a strong response from the United States. Along with the massive attack on Sony Pictures Entertainment and the colossal theft of sensitive records from the Office of Personnel Management, the DNC hack is a sign of how dangerous and real this field of conflict has become

US weighs costs of implicating Russia in DNC cyber-attack (Raw Story) Wary of a global confrontation with Russia, U.S. President Barack Obama must carefully weigh how to respond to what security experts believe was Moscow’s involvement in the hacking of Democratic Party organizations, U.S. officials said

Israel not protected from DNC-style hacks under new Cybersecurity laws (Jerusalem Post) Foreign Affairs and Defense Committee chairman Avi Dichter: I'm not exaggerating in saying the central threat of the early 21st century is cyber threats

Snapping up cheap spy tools, nations 'monitoring everyone' (AP via Yahoo! News) It was a national scandal. Peru's then-vice president accused two domestic intelligence agents of staking her out. Then, a top congressman blamed the spy agency for a break-in at his office. News stories showed the agency had collected data on hundreds of influential Peruvians

Privacy Activists Launch Database to Track Global Sales of Surveillance Tech (Motherboard) The surveillance industry is notoriously secretive and opaque. But on Tuesday, activists at Privacy International released a searchable database on over 500 surveillance companies, including many of their brochures and export data

Chinese Online Videos: The U.S. Wants to Start a Color Revolution Here (Foreign Policy) A new social media push calls on netizens to stay vigilant against American meddling

In an Effort to Maintain U.S. Ties, Turkey Softens Its Tone (New York Times) In the two weeks since a failed coup, Turkish officials and the pro-government media have whipped up anti-American sentiment by suggesting that the United States played some role in the botched conspiracy to topple the government

Erdogan wants spy agency under his control (Al Arabiya) President Recep Tayyip Erdogan on Saturday said he wanted to introduce constitutional changes to bring the Turkish spy agency and military chief of staff directly under his control after the failed coup

NATO’s Quest for Cyber Solutions Highlighted at NITEC Conference (SIGNAL) As NATO grapples with mounting security threats—both conventional and irregular—the concerned alliance is tussling to deliver a unified strategy for information warfare and dominance in the face of increasingly sophisticated cyberspace technologies exploiting its vulnerabilities

McCaul applauds Obama administration directive on federal cyber incident coordination (Ripon Advance) U.S. Rep. Michael McCaul (R-TX) said on Tuesday that the Obama administration’s release of a framework for federal cyber incident coordination was an “important first step forward”

Social Security Administration Now Requires Two-Factor Authentication (KrebsOnSecurity) The U.S. Social Security Administration announced last week that it will now require a cell phone number from all Americans who wish to manage their retirement benefits at ssa.gov. Unfortunately, the new security measure does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven’t yet created accounts for themselves

Reporting Significant Compliance Issues Involving Personal Information Under PPD-28 to the DNI (IC on the Record) AUTHORITY: The National Security Act of 1947, as amended

Clinton and Trump's intelligence briefings aren't anything to worry about (VICE News) Presidential candidates Hillary Clinton and Donald Trump will begin receiving top secret briefings from the US intelligence community in the coming days, and that's leading some big names in Washington — and some people around the country — to say they shouldn't go forward because neither candidate can be trusted with sensitive classified information

Dateline

Weclome to Black Hat USA 2016 (Black Hat) Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 3-4)

The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse (Wired) Almost exactly a year ago, Chrysler announced a recall for 1.4 million vehicles after a pair of hackers demonstrated to WIRED that they could remotely hijack a Jeep’s digital systems over the Internet. For Chrysler, the fix was embarrassing and costly. But now those two researchers have returned with work that asks Chrysler and the automotive industry to imagine an alternate reality, one where instead of reporting their research to the automaker so it could be fixed, they had kept working on it in secret—the way malicious hackers would have. In doing so, they’ve developed a new hack that offers a sobering lesson: It could have been—and still could be—much worse

New Technique Checks Mitigation Bypasses Earlier (Threatpost) It wasn’t long ago that ROP, or return-oriented programming, was a hacker’s best friend when it came to bypassing mitigations against memory-based attacks such as DEP and ASLR

Browser Exploits Increasingly Go For The Jugular (Dark Reading) Black Hat USA panel to discuss browser attacks, which now go from browser userland to root privileges in no time flat

Terbium Labs Presents “Using Threat Intelligence to Improve Your Enterprise Defenses” at Black Hat 2016 (Press Release Rocket) CEO Danny Rogers joins Dark Reading's Tim Wilson for an informative talk and workshop during security mega conference

Managed threat hunting service evicts adversaries from enterprise networks (Help Net Security) Accenture and Endgame have created a threat hunting service for clients, and will be demonstrating how it works at Black Hat USA 2016

Kaspersky says Bug Bounty is best practice – puts up rewards (IT Wire) The best way to find vulnerabilities are via a bug bounty big enough to attract white and black hatters so Kaspersky is stumping up with the cash

Armor Anywhere: Managed security for any cloud (Help Net Security) As growing businesses increasingly rely on public, private and hybrid cloud platforms in addition to internal infrastructures, at Armor is launching Armor Anywhere to keep sensitive data safe

Forcepoint™ Showcases "Security from the Inside Out" at Black Hat USA 2016 (PRNewswire) Live demonstrations include Insider Threat, DLP, Cross Domain, Web & Email Content Security and Next Generation Firewall products at Booth 700

PFP releases system for detecting SYNful Knock (PRNewswire) PFP Cybersecurity, a provider of an IoT platform to ensure trust, today announced it will demonstrate a simple solution for continuously monitoring and securing enterprise router racks in data centers

Coalfire Announces Participation at Black Hat USA 2016 (BusinessWire) Cyber risk leader to sponsor and present at the world’s biggest info security conference

SafeBreach to Present at Black Hat USA 2016 (MarketWired) Company named a finalist in the "Most Innovative Startup" category for Dark Reading's Inaugural Best of Black Hat Awards Program

whiteCryption and Pen Test Partners to Show Mobile and IoT Hacks, and How to Secure Apps at Black Hat 2016 (BusinessWire) whiteCryption, an Intertrust company that provides advanced application security solutions, and Pen Test Partners, an elite group of high-end penetration testers, will demonstrate hacks to mobile apps, home security cameras and other IoT devices, and discuss how to defend against such hacks using whiteCryption products at whiteCryption Booth #232 during the Black Hat 2016 conference

Trend Micro Experts at Black Hat 2016 to Discuss Ransomware and Critical Vulnerabilities (BusinessWire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software, today announced its participation in Black Hat USA 2016, taking place July 30 – August 4. Raimund Genes, chief technology officer, and Ed Cabrera, chief cybersecurity officer, will be on-hand to discuss various booth presentations throughout the event demonstrating ransomware attacks, along with threat researchers detailing their experience with WPAD and kernel exploits

Products, Services, and Solutions

Cylance Launches Managed Security Service Provider (MSSP) Program (PRNewswire) Provides access to CylancePROTECT® cyber attack prevention capabilities for smaller organizations

ThreadFix: Software vulnerability aggregation and management system (Help Net Security) ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems

Forcepoint™ Delivers Better Security Coverage for Mobile Workers with Direct Connect Endpoint for TRITON® AP-WEB Cloud (PRNewswire) Roaming employees get fast, reliable and secure access at public hotspots; organizations get better enforcement, ongoing visibility and accurate geolocation of users

Technologies, Techniques, and Standards

Mobile Security Models: The Seven Fundamentals (Samsung Insights) Every organization today needs to have a mobile security road map. According to the 2016 Mobile Security & Business Transformation Study from ISMG, 99 percent of enterprise workers currently use mobile devices to perform their work tasks

How industry can help DoD with new intel policy (C4ISRNET) While speaking at the 2016 DoD Intelligence Information Systems (DoDIIS) conference in Atlanta, Defense Department Senior Intelligence Oversight Official Michael Mahar outlined major changes to the policy governing how the department manages, retains and disseminates information on U.S. citizens. Those changes will require some significant technological advancement and DoD is looking to the private sector to help

3 Steps Towards Building Cyber Resilience Into Critical Infrastructure (Dark Reading) The integration of asset management, incident response processes and education is critical to improving the industrial control system cybersecurity landscape

Marketplace

What your cyber risk profile tells insurers (Network World) The purpose of a cyber risk profile is to assess your organization's insurability. The work you do upfront can go a long way toward ensuring you get adequate cyber insurance coverage and a better rate to boot

Cisco Completes Acquisition of CloudLock (Infosecurity Magazine) Cisco has announced that it has completed the acquisition of cloud data security company CloudLock

Symantec Completes Acquisition of Blue Coat to Define the Future of Cyber Security (BusinessWire) Cyber security visionary Greg Clark becomes CEO, leading industry’s largest pure play cyber security company

Verizon to Acquire Fleetmatics for $2.4B (Security Sales & Integration) The telecom giant said buying the GPS vehicle tracking firm Fleetmatics will widen its expansion into the connected vehicle and fleet management market

BRIEF-WISeKey signs a binding agreement to acquire IoT integrated circuits and semiconductor business from Inside Secure (Reuters) WISeKey signs a binding agreement to acquire IoT integrated circuits and semiconductor business from Inside Secure

ARM expands IoT security team (ComputerWeekly) Chip maker continues to boost its internet of things security capabilties by expanding its Israeli engineering team

NTT Security Opens its Doors as a Standalone Business (Infosecurity Magazine) Global telecom giant NTT is expanding its focus to cybersecurity. NTT Security Corp. has officially spread its wings and taken flight as a standalone, specialized security company

CyberX Raises $9 Million to Protect the Industrial Internet (PRNewswire) CyberX, the leading provider of cybersecurity solutions for the Industrial IoT, announced today the completion of a $9M USD funding round. The round was led by Flint Capital, including existing investors Glilot Capital Partners, Swarth Group, GlenRock, newly joined ff Venture Capital (ffVC) and additional angel investors. CyberX was founded by Omer Schneider and Nir Giller, both veterans of the Israeli Elite Cyber Security Unit

LockPath Evaluated in Gartner’s 2016 Magic Quadrant for Business Continuity Management Planning Software, Worldwide (LockPath) LockPath®, a leader in governance, risk management and compliance (GRC) solutions, today announced it has been recognized in Gartner, Inc.’s Magic Quadrant for Business Continuity Management Planning (BCMP) Software, Worldwide

3 of my favourite tech small caps to buy today (Motley Fool) Technology companies can make fantastic investments. They are less cyclical than retail and financial businesses as most charge customers ongoing fees and the products they provide are often non-discretionary. They are also less capital intensive than miners and are not susceptible to regulatory risks like many companies in the healthcare sector

Silent Circle woes highlight challenge of turning digital privacy into profits (Christian Science Monitor Passcode) While the company is among the most celebrated secure communications providers, its near bankruptcy underscores the difficulties for startups selling digital privacy tools

Raytheon opens new cyber center in Augusta, Georgia (Yahoo! Finance) Raytheon Company (RTN) has opened its newest cyber facility in Augusta, Georgia, to deliver a wide range of cybersecurity capabilities to the U.S. Department of Defense, particularly the U.S. Army Cyber Command as it relocates to Fort Gordon

Cybersecurity, coding are high on employer wish list (Benefits Pro) Jobseekers, listen up: Cybersecurity ought to be at the top of your skills list

Research and Development

Can machines keep us safe from cyber-attack? (BBC) After robot cars and robot rescue workers, US research agency Darpa is turning its attention to robot hackers

Security Patches, Mitigations, and Software Updates

Google Domain Enables HSTS Protection (Threatpost) Google is adding HTTP Strict Transport Security (or HSTS) to the Google.com domain, an extra layer of protection that prevents visitors from using a less secure HTTP connection

Google Patches Dozens of Critical Qualcomm Components Flaws (Threatpost) Google today patched more than three-dozen critical vulnerabilities in Qualcomm components embedded in the Android operating system, all of them allowing attackers to gain a foothold on devices to launch further attacks

Android will now send push notifications when new devices are added to your account (TechCrunch) Google today rolled out a new feature for Android users designed to keep their accounts more secure: notifications about newly added devices. That is, when a new device is added to your Google account, you’ll receive a push notification on your current Android device about the security event. The notification will ask, “Did you just sign in?” If the activity appears suspicious, you’ll then be able to take immediate action

Cyber Attacks, Threats, and Vulnerabilities

Experts see Iranian link in attempt to hack Syrian dissident (AP) Syrian opposition activist Noura Al-Ameer was combing through her emails late one night when a message caught her eye. The sender was "Assadcrimes" and he promised information about Iranian meddling in the Middle East. But the email seemed odd

Iranian ISP ‘Daba’ Hacked by Israeli Hacker; Login Data Leaked (Hack Read) Iranian internet service provider Daba has suffered a data breach in which an israeli hacker has leaked login credentials of thousands of registered users

As ISIS Posts in Portuguese, U.S. and Brazil Bolster Olympics Security (New York Times) Worried about possible terrorist attacks at the Olympics in Rio de Janeiro, Brazil’s government is working closely with American law enforcement and intelligence services to identify threats and thwart potential disasters at the Games

How ISIS Defectors Can Help Us Beat Terror (Time) They can help reveal the truth

Russia: Hey, don’t blame us, 20 of our government organizations were hacked too (Computerworld) The FBI is investigating a previously unreported cyberattack on the Democratic Congressional Campaign Committee (DCCC); like the earlier Democratic National Committee (DNC) breach, Russia denied any involvement

US counter-attacks Russian cyber efforts (Fudzilla) NSA target Putin’s hackers

The cyberwar begins: US believed to 'hack back' at Russia following Democratic Party email leaks (International Business Times) The FSB claimed to have found 'professional' spyware on roughly 20 agency systems

Assange: WikiLeaks has more Clinton campaign material (Washington Examiner) The founder of the WikiLeaks confirmed Monday that his group has more material on Hillary Clinton, and that he's looking to "publish it in batches" over the coming weeks

The Same Russian Hackers Hit the DNC and the DCCC, Security Firms Say (Foreign Policy) Cybersecurity companies studying the breach of the Democratic National Committee and the Democratic Congressional Campaign Committee have found evidence indicating that the same group of Russian hackers breached both groups’ computer systems

DNC Staffer got pop-up messages alerting of “state-sponsored actors” (Ars Technica) Attack on congressional campaign committee tied to "Fancy Bear" hack of DNC

Clinton Campaign: Voter Analytics Program Compromised, Not Internal Systems (Dark Reading) First the DNC, then the DCCC, and now the Clinton campaign have all been compromised by Russian attackers

Avanan Researchers Explain How Gmail Exploit Allowed DNC and Clinton Campaign Email Attack (Globe Newswire) The email hacks of the Democratic National Committee (DNC) and Hillary Clinton campaign highlight a pervasive problem with cloud-based email security, according to cloud security researchers at Avanan

Kaspersky Safe Browser iOS app sports MITM SSL certificate bug (Help Net Security) Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name

QRLJacking: A new attack vector for hijacking online accounts (Help Net Security) We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use

Afraidgate campaign switches from CryptXXX to Locky Ransomware (Security Affairs) Operators behind the Afraidgate campaign continue to leverage on Neutrino EK, but switches from CryptXXX to Locky Ransomware

Crypto Malware: Responding To Machine-Timescale Breaches (Dark Reading) The game has changed again with hackers' ability to steal your data at record speeds and cripple your organization before the first alert

Innovative techniques allow malvertising campaigns to run for years (Help Net Security) A threat actor dubbed AdGholas has been mounting successful malvertising campaigns by using innovative targeting and obfuscation techniques, and has been infecting thousands of victims every day since 2015 – and possibly even earlier

The AdGholas malvertising network was using steganography, researchers reveal (Graham Cluley) Attacks leveraged advanced filtering techniques to target victims

36000 SAP systems exposed online, most open to attacks (Help Net Security) ERPScan released the first comprehensive SAP Cybersecurity Threat Report, which covers three main angles: Product Security, Implementation Security, and Security Awareness

Secure messaging app Telegram leaks anything pasted in to it (Naked Security) Security researcher Kirill Firsov found a data leak in the popular messaging app Telegram. The flaw lead to text that was cut-and-pasted into the MacOS version of the app being written to the device’s syslog

Disney’s “Playdom” games forum breached, passwords plundered (Naked Security) Playdom is an online games company that was acquired by Disney back in 2010

How one man could have taken down Imgur (Naked Security) Security researcher Nathan Malcolm did a bit of digging and found a way to hack the image-hosting site Imgur

Yahoo 'Aware' Hacker Is Advertising 200 Million Supposed Accounts on Dark Web (Motherboard) A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is “aware” of the hacker’s claims, but has not confirmed nor denied the legitimacy of the data

The dangerous cost of ‘free’ Wi-Fi (Tech Hive) If it seems too good to be true, it probably is

Twitter Account of Pokémon Go’s Developer Hacked by OurMine (Hack Read) John Hanke, Niantic’s CEO, has become the apple of every gamer’s eyes since he introduced the incredibly popular Pokémon Go game

Brands warned to beware Olympic cyber attacks (Drapers) Brands and sponsors for the Olympic and Paralympic Games 2016 are being warned to stay vigilant ahead of the launch on Friday, after a surge in “test” attacks on networks in Rio

Cybercrime infrastructure being ramped up in Brazil ahead of Olympics (PCWorld) The number of malicious URLs in Brazil surged by 83 percent from April to June

Rio Olympics a Sporting Ground for Fraudsters (Infosecurity Magazine) As over half a million fans descend on Rio for the summer Olympics kicking off on Friday, experienced fraudsters will be eyeing the deluge of international audiences drawn to this major sporting event, warns ACI Worldwide

This is what Apple should tell you when you lose your iPhone! (Medium) Two weeks ago, I was on holiday in Turin, Italy and made a boo boo. I forgot my phone in our rental car for a two hour visit to a local outdoors spa (Acquajoy, great fun especially for the kids!). The end result was unfortunate: when we returned to the car, a window was smashed and my iPhone stolen

The Threat to America’s Electrical Grid Is Much Bigger Than You Can Possibly Imagine (Foreign Policy) But it’s not Russian hackers you should be worried about

Litigation, Investigation, and Enforcement

White-Hat Hacking Group Founder Arrested In China (Dark Reading) Chinese police crack down on 'ethical hacking' community for undisclosed reasons, detain 10 members

FBI tech pleads guilty to acting as agent of China (Fox News) A veteran FBI electronics technician – who had top secret clearance – pleaded guilty on Monday to one count of acting as an agent of China, and faces up to 10 years in prison

Charges Against Cleric Put Iran's Balkan Activities Under Spotlight (Radio Free Europe/Radio Liberty) Iran's promotion of its brand of Shi'ite Islam across the Middle East has been obvious for decades, but such activities in Europe largely managed to fly under the radar

Ringleader of global network behind thousands of online scams arrested in Nigeria (Interpol) The head of an international criminal network behind thousands of online frauds has been arrested in a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission (EFCC)

Fortinet FortiGuard Labs Cyber Threat Research Helps Uncover Fraudsters Behind Thousands of Online Scams Totaling More Than $60 Million (MarketWired) Successful operation to combat cybercriminals Is the result of close cyber threat information cooperation between Fortinet and INTERPOL

Trend Micro Partners with INTERPOL in Arrest of Nigerian Cybercriminal Leader (BusinessWire) Trend Micro Incorporated (TYO: 4704), a global leader in security software and solutions, today announced its collaboration in the arrest of the head of an international criminal network suspected of stealing more than $60 million through business email compromise (BEC) scams and CEO fraud

Cyber Fraud: The Unpunished Crime (Infosecurity Magazine) A recent report from the Fraud Advisory Panel discovered that victims suffer an average loss of £101,000 to cyber-fraud; yet a staggering one in three cases are not passed on for further investigation

Facebook ordered to refund parents for accidental in-app purchases (Naked Security) Has your credit card balance ever been loaded up with things like gunslinging chickens or picnic-lugging bears, all bound for a game or app like FarmVille, all courtesy of your online-game-loving offspring?

Carder crook “Sir King Cash” now faces up to 12 years in jail (Naked Security) A UK-based cybercrook who operated online as “Sir King Cash” has been hit with a court demand to pay back more than £500,000 of his ill-gotten gains

Glassdoor sued by user whose email was ‘leaked’ instead of BCC’ed (TechCrunch) A little over a week ago, Glassdoor began emailing its users to let them know of an update to the site’s terms of service. But rather than BCC’ing its anonymous reviewers, Glassdoor dumped their email addresses into a regular ol’ CC field, effectively outing at least 600,000 members of the site

To Catch a Pikachu: NY Governor moves to ban sex offenders from Pokémon GO (TechCrunch) When you think about it, the ability for someone to put a “lure” on a spot of their choosing and attract young Pokémon fans to their location is slightly disturbing — which is why New York Governor Andrew Cuomo is trying to ban paroled sex offenders from playing Pokémon GO and other online games

Design and Innovation

Why Smartphones Are Now Adding Iris Scanners (Motherboard) For those who value their privacy, Samsung might be making it a little harder for someone to break into your phone. If you’ve ever configured your smartphone to offer up that 6-digit entry code, you’ll be pleased to know that the conglomerate has its eyes set on retinal scanning technology. But as we approach the release of the Galaxy Note 7, scheduled to be revealed on Tuesday in New York, London, and Rio, it's fitting to wonder exactly how secure this relatively new breed of biometrics might be

You can change a bank password any time you like. You can’t change your voice. (Hot for Security) Barclays is abolishing passwords for its telephone banking customers in favour of voice recognition

OpenAI Is Calling for Techie Cops to Battle Code Gone Rogue (Wired) OpenIA the Elon Musk-backed startup that wants to give away its artificial intelligence research, also wants to make sure AI isn’t used for nefarious purposes. That’s why it wants to create a new kind of police force: call them the AI cops

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues

upcoming Events

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)

SANS Boston 2016 (Boston, Massachusetts, USA , August 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton, Digital Hands, IPSecure, Inc., ISHPI, L-3 - West, Lockheed Martin, the Los Alamos National Laboratory, MacAulay-Brown, Inc., STG, Inc., and Tensley Consulting, Inc. will be among the employers attending.

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.