Australia confirms a foreign intelligence service hacked its Bureau of Meteorology. TV5Monde talks about its false-flag hack. SWIFT is under attack again. Patch Tuesday notes. The latest on the US-Russian cyber showdown.
Australian official sources confirm what's long been generally believed: malware found in the Bureau of Meteorology was installed in December 2015 by an unnamed foreign intelligence service. Its intent seems to have been to pivot and establish persistence in other government networks.
France's TV5Monde talks about its March 2016 hack—apparently Russian, but flying a Caliphate false flag.
The SWIFT funds-transfer system is again under attack, this time by Carbanak's masters or someone very much like them: the "Odinaff" Trojan has been seen manipulating SWIFT logs.
Yesterday was Patch Tuesday. Microsoft addressed five zero-days in Internet Explorer, Edge, Windows and Office. This was also the first round of patching under Microsoft's new Hobson's choice patching policy. Adobe issued 81 fixes to Acrobat, Reader, and Flash.
Foreign Policy recounts the difficult-to-follow spoor of the possible Russian information operation padding around Clinton consigliere Sidney Blumenthal, WikiLeaks, and Presidential candidate Donald Trump. A Passcode op-ed thinks there's room for doubt concerning Russian responsibility for the Democratic National Committee, and that the US Intelligence Community might consider raising public confidence in its attribution by revealing more of the evidence it has. (The Moscow Times seems convinced, and in a minority view sees the episode as putting Russian President Putin in a bit of a diplomatic pickle.) US President Obama has said there will be retaliation, and he won't tell the Russians in advance what that retaliation will look like. (A raised eyebrow op-ed in Lawfare suggests the President's also not going to tell Congress.)
Notes.
Today's issue includes events affecting Australia, China, Iran, Iraq, Philippines, Russia, Syria, United Kingdom, and United States.
A note to our readers: The theme for this second week of National Cyber Security Awareness Month in the United States is, "From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace."
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Jonathan Katz from the University of Maryland will tell us what he learned on his trip to the annual crypto conference. Our guest, Joey Alonso, President of Quortum, will discuss mobile device security. (And if you enjoy the podcast, please consider giving it an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
Australia government cyber attack came from foreign intelligence service: report (Reuters) A malware attack against Australia's Bureau of Meteorology which might have spread into other government networks originated from a foreign intelligence service, an official report by the country's cyber defense agency said on Wednesday
Terrorists could launch a cyber attack within three years, report warns (Sydney Morning Herald) The government claims terrorists could be capable of launching a cyber attack on Australia "to destructive effect" within three years even though the threat of their capability is currently ranked as "low"
WikiLeaks, Sputnik, and the Story of a (Perhaps) Russian Information Operation (Foreign Policy) On Oct. 21, 2015, Hillary Clinton confidante Sid Blumenthal fired off an email with an ominous subject line — “The truth…” — to a list of undisclosed recipients
Elections at Risk in Cyberspace, Part I: Voting Lists (SIGNAL) Experts are divided on whether they are safe or to what degree they are vulnerable
How France's TV5 was almost destroyed by 'Russian hackers' (BBC) A powerful cyber-attack came close to destroying a French TV network, its director-general has told the BBC
TV5Monde was saved from airtime-KO hack by unplugging infected box (Register) French telly station boss spills les haricots on what happened
TV5 Hack Revelations (Information Security Buzz) French TV network TV5Monde has revealed additional details about the cyber attack in April that took down all 12 of its channels
Four vulnerabilities found in Dell SonicWALL Email Security virtual appliance application (Help Net Security) Digital Defense (DDI) disclosed the discovery of four security vulnerabilities found in the Dell SonicWALL Email Security virtual appliance application
Crypt888 ransomware evolving in an 'unusual' way, says AVG (Security Brief Asia) AVG has drawn attention to a strain of ransomware that it has dubbed 'Crypt888', which is breaking the evolutionary mould of other strains the security company has detected
StrongPity: APT targeting WinRAR and TrueCrypt users, Kaspersky warns (Inquirer) Insecurity nightmare has trapped more than 1,000 victims so far
WinRar and TrueCrypt Installer Dropping Malware on Users’ PCs (HackRead) Be careful when you download WinRar or Truecrypt installer – researchers have found several websites distribution malware infected files for both installers
IoT Botnet Uses HTTP Traffic to DDoS Targets (Threatpost) The IoT botnet behind some of the largest publicly recorded DDoS attacks is flooding its targets with HTTP traffic, generating more than one million requests per second in some cases, in order to bring down web applications
Internet of Things Malware Has Apparently Reached Almost All Countries on Earth (Motherboard) The malware that powered one of the worst denial of service cyberattacks of the last few years has infected internet-connected devices all over the world, reaching as many as 177 countries, according to security researchers
When DVRs Attack: A Post IoT Attack Analysis (Threatpost) Researchers examining the aftermath of last month’s massive distributed denial-of-service attack against KrebsOnSecurity.com and French hosting giant OVH have identified key flaws that contributed significantly in those attacks and have unearthed new details on how the assaults were carried out
Leaky IoT devices help hackers attack e-commerce sites (CSO) Millions of IoT devices can be used to attack e-commerce and other websites
Eko Malware Targets Facebook Users (Infosecurity Magazine) A malware called Eko has been landing in Facebook Messenger inboxes since last week
There’s Another Hacking Team Going After SWIFT Banks (On the Wire) Security researchers have uncovered evidence that there is a second group of attackers who have been targeting banks in the SWIFT network, using a new Trojan that hides SWIFT message records and overwrites the master boot record of some hard drives
Carbanak-Like Odinaff Trojan Targets SWIFT, Banks Worldwide (Infosecurity Magazine) A previously undocumented Trojan dubbed Odinaff has been spotted attacking banks and other financial targets worldwide. Odinaff attacks include the manipulation of SWIFT logs and the extensive use of hack tools
419 Attackers Leveraging New Undetected Pony Infrastructure for Possible Swift Targeting (Wapack Labs Intelligence and Analysis) Wapack labs analyzed two recent Pony/Fareit downloader samples that were submitted to Virus Total in late September
Four Applications You Should Blacklist Today (Infosecurity Magazine) This year has been a busy one for cyber-criminals. Reports indicate there have been over 500 data breaches and more than 500 million records exposed in 2016 so far
Point-of-Sale Security Still a Big Problem (eSecurity Planet) Despite growing EMV adoption, hackers still see point-of-sale (POS) systems as low-hanging fruit
WiFi Still Remains a Good Attack Vector (SANS Internet Storm Center) WiFi networks are everywhere! When we plan to visit a place or reserve a hotel for our holidays, we always check first if free WiFi is available
A Quarter of UK Police Websites Are Insecure (Infosecurity Magazine) A full quarter of UK law enforcement websites lack any form of automatic secure connection. And many are left open to POODLE attacks, despite increased spending
Obama’s Concerned an AI Could Hack America’s Nukes (Wired) During his eight years in office, President Barack Obama has seen hackers grow into a threat no president has faced before
Amazon resets customer passwords, while LeakedSource discloses massive update (CSO) Retail giant says reset is a proactive measure against recycled credentials
US-CERT Cautions Against Phishing Scams In Aftermath Of Hurricane Matthew (Dark Reading) The government agency for cyber protection provides steps to follow before opening links or attachments with Hurricane Matthew tag
Trade of online gaming currencies fuels cybercrime (Help Net Security) Though the majority of gaming companies prohibit the real-money trading of online gaming currencies, the practice is still widespread
Employee Errors Cause Most Data Breach Incidents in Cyber Attacks (WTOC) Most Cyber attacks are successful because hackers first target employees with identity theft schemes to steal their access information
7 signs your co-worker is a potential insider threat (Federal News Radio) Is there a spy in your office? Insider Threat Defense identifies behaviors that may indicate an employee is a potential insider threat
Security Patches, Mitigations, and Software Updates
Microsoft Patches Five Zero Days Under Attack (Threatpost) Microsoft today patched a handful of zero-day vulnerabilities that have been publicly attacked in Internet Explorer, Edge, Windows and Office products. The security updates were included among 10 Patch Tuesday bulletins, half of which were rated critical by Microsoft
Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flash (Threatpost) Adobe patched 81 vulnerabilities across Acrobat, Reader, and Flash on Tuesday, including a handful of critical bugs that if exploited, could allow an attacker to take control of a system
Microsoft: No More Pick-and-Choose Patching (KrebsOnSecurity) Adobe and Microsoft today each issued updates to fix critical security flaws in their products. Adobe’s got fixes for Acrobat and Flash Player ready. Microsoft’s patch bundle for October includes fixes for at least five separate “zero-day” vulnerabilities
October Patch Tuesday: Changes, urgent updates and what’s coming next (Help Net Security) The leaves aren’t the only things changing this October. Patch Tuesday is here and with it comes some interesting updates from big names in the software space
Security Company: Microsoft Patching Updates Are 'Changing the Model' (Virtualization Review) Shavlik recommends rolling out patching pilot programs
Why is Facebook (FB) Strengthening its Encryption Standards? (Zacks) After Facebook Inc (FB - Analyst Report) enabled end-to-end encryption for WhatsApp a few months back, the company has now extended the same to its Messenger platform
Cyber Trends
Executable Files, Old Exploit Kits Top Most Effective Attack Methods (Dark Reading) Researchers for the new 'Hacker's Playbook' analyzed 4 million breach methods from an attacker's point of view to gauge the real risks today to enterprises
Enterprises outsmarting themselves with security, while attackers easily use common techniques (CSO) Attackers use common techniques to steal data while companies focus too much on sophisticated attacks
How are cyberthreats evolving? (C4ISRNET) It’s no secret cyberthreats are becoming more sophisticated and tenacious in nature. Several high-level officials recently offered, from their perspectives, how these threats are evolving and how quickly they’re evolved at the seventh annual AFCEA Cybersecurity Summit in Washington on Tuesday
Experian reports many organizations still open to cyber attack (Consumer Affairs) Many have developed plans but fewer have updated them
Does your organization have an endpoint security strategy? (Help Net Secuirty) Only thirty-three percent of IT security professionals have security strategies in place to protect the growing number of endpoints on their networks, according to a recent study conducted by Dimensional Research among 500 IT security pros
Cloud and IoT adoption requires organizations to future-proof PKI implementations (Help Net Secuirty) New research by the Ponemon Institute shows an increased reliance on PKIs in today’s enterprise environment, driven by the growing use of cloud-based services and applications and the Internet of Things
SOC 2 + HITRUST: Evolving infosec demands in healthcare (Help Net Secuirty) Two-thirds of business associates are not fully prepared to meet the growing marketplace demands regarding controls for protecting healthcare information, such as patient records, according to a survey conducted by KPMG
Businesses Sacrifice Security To Get Apps Released Faster (Dark Reading) As the app economy continues to drive change in IT security, businesses struggle to meet customer demands while keeping their data secure
The impact of intelligent systems on IT teams (Help Net Secuirty) Fast track deployment of intelligent systems is well underway, according to Ipswitch. 88% of IT professionals saying their organisation has already invested in one or more intelligent solutions, from bots, through smart business applications, to full-blown expert systems
Identity-centric security: The killer app for digital transformation (Help Net Secuirty) Organizations are measuring the success of IT security beyond just breaches and compliance; they now are including business performance indicators that contribute directly to revenue growth, according to CA Technologies
97 percent of companies don’t have a GDPR plan (Help Net Secuirty) Organizations ‒ both SMBs and large enterprises ‒ lack general awareness of the requirements of the new regulation, how to prepare for it, and the impact of non-compliance on data security and business outcomes, according to Dell
Political Positions On Cybersecurity Matter To Millennials (Dark Reading) New study on millennials and cybersecurity points to a growing awareness of the field, an interest in pursuing careers in security, and the influence of cybersecurity in politics
Podcast: Thomas Rid on the 'Rise of the Machines' (Christian Science Monitor Passcode) On this episode of The Cybersecurity Podcast, New America's Peter Singer and Passcode's Sara Sorcher interview Thomas Rid, a war studies professor at King's College, about his new book, "Rise of the Machines: A Cybernetic History"
Cyberthreats hound PH companies (Business Inquirer) The Philippines is one of the three countries in Asia Pacific with the highest number of cyberthreats
Marketplace
More Than Meets the Eye? Business Transformations Reconfigure Security Spending Models (Security Intelligence) Companies are getting savvier about IT spending. Despite rosy forecasts, a recent article from The Wall Street Journal noted that cloud adoption rates are actually trending down. What’s happening?
Insurance Broker Aon Acquires Cyber-Risk Specialist Stroz Friedberg (Wall Street Journal) Insurance industry seeking ways to help clients understand and model cyber-risk
E8 Security Raises $12M for Behavior Intelligence (eWeek) The new funding round, which was led by Strategic Cyber Ventures, aims to help the company expand
Intel Security Group May Continue to Post Profits in 3Q16 (Market Realist) In the previous part of this series, we saw that Intel (INTC) expects to see improvement in its Programmable Solutions business and probably post a profit in fiscal 3Q16. Moving from a loss-making segment to a profitable segment, the Intel Security Group (or ISecG) reported a 10% sequential growth in revenue and a 340% sequential growth in operating profit in fiscal 2Q16
Cisco Systems, Inc. (NASDAQ:CSCO) Needs To Double Security Growth In Order To Outperform Street Numbers - UBS (Voice Observer) Cisco Systems, Inc. (NASDAQ:CSCO) has a current long-term guidance of 3 to 6 percent growth in revenue, while the EPS outlook suggests growth between 5 to 7 percent
Why Must Hewlett Packard Enterprise Be in Your Portfolio? (Zacks) Shares of Hewlett Packard Enterprise Company (HPE - Free Report) have been rallying since its split from the parent company, driven particularly by its massive restructuring plan
Proofpoint: Can The Company Provide Proof Of Future Profits? (Seeking Alpha) Proofpoint is a leader in the E-Mail security space. The company reported very strong numbers for its fiscal Q2. The shares reacted significantly and are now at valuation levels that are very hard to justify. The company's aspirational goal to reach $1 billion in revenues by 2020 will require growth that seems unlikely to this writer
Pulse Secure dramatically expands global channel (MarketWired) European partner community adds over 500 partners in last 12 months. New NAC Ignite programme offers more leads and project support. Growing partner community in new markets including Russia and China
Centrify Joins STOP. THINK. CONNECT.™ Partner Program (BusinessWire) Centrify, the leader in securing enterprise identities against cyberthreats, today announced that it has signed on as a partner of STOP. THINK. CONNECT.™, the global cybersecurity awareness campaign, to help all digital citizens stay safer and more secure online
Security Company Uses Tasteless Hurricane Matthew Pitch to Sell Software (Gizmodo) FireEye is a huge security company with high profile clients like Sony Pictures. But the company’s success hasn’t stopped it from doing dumb things to grab attention. For instance, sending out a sales pitch that likens the deady Hurricane Matthew with a cyber attack is a dumb thing to do
Products, Services, and Solutions
Review: FourV Systems GreySpark (Help Net Security) GreySpark is a solution for measuring and managing organizations’ IT security risk. GreySpark ingests information security metadata from a large range of existing sensors, applies the risk model to the data, and presents it in a way that’s helpful to risk and financial executives, as well as the IT people who need to drill down into details
Qualys and NTT Security Announce Strategic Partnership (Qualys) NTT Security (US) Inc. integrates the Qualys Cloud Platform for advanced analytic technologies, threat intelligence and detection
YouMail Launches API to Spur Robocall Blocking Solutions (PRNewswire) Provides wireless carriers with greater options to protect consumers and businesses
Yahoo won’t let you forward your emails to another service – but why? (Naked Secuirty) Yahoo has really been in the firing line in the past few weeks
CensorNet Releases App for Multi-Factor Authentication (MarketWired) Provides customers with additional delivery method for one-time passcodes
Reposify: An IoT search engine that you can integrate into your products (Help Net Security) With the unstoppable rise of the Internet of Things, and the still inevitable reality of their fundamental insecurity, knowing where, what and how secure they are is crucial for everybody
Nine encrypted email services reviewed (Computing) Alternative messaging for those looking to move away from Yahoo Mail to something more secure
Boldon James Gives Mac the Full Data Classification Treatment (PRNewswire) Latest release extends classification across the Microsoft Office for Mac suite of applications and confirms Boldon James Classifier as the most comprehensive data classification solution available in the market
Verizon Adds Oracle to Secure Cloud Interconnect (Light Reading) Oracle is now offering its customers reliable, secure, enterprise-class connections to its Cloud via Verizon’s Secure Cloud Interconnect services enabling enterprises to seamlessly move workloads to the Oracle Cloud
Vaultive and Gemalto Team Up to Deliver Increased Cloud Data Security Control for SaaS Applications (PRNewswire) Integrated solution delivers unified encryption and key management for cloud-hosted IT infrastructure
Technologies, Techniques, and Standards
The EU’s latest idea to secure the Internet of Things? Sticky labels (Naked Security) The EU has floated a new idea to boost the security of Internet of Things (IoT) products – get manufacturers to stick labels on them telling buyers how secure they are
OMB launching Cyber.gov for best practices repository (Federal News Radio) OMB launching Cyber.gov for best practices repository
3 Ways CISOs Can Partner with Chief Data Officers (eSecurity Planet) The CISO and the chief data officer must work well together, given the importance of secure data access. Here are tips for fostering a C-suite partnership
Best tools for red and blue teams are methodology, experience (CSO) In many ways, parenting and security have a lot in common. No book exists that provides all of the answers
Ransomware Raises The Bar Again (Dark Reading) The infamous form of attack now ranks as the top threat to financial services, but preparedness can pay off for victims
Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals (Healthcare IT News) Don’t wait another day to create a cyberthreat intelligence sharing team. Delve into the web’s dangerous corners, exchange what you find, learn from banking and defense. Just don’t presume cyberthreats won’t happen to you
Dimension Data's four simple tips for smart cybersecurity (Security Brief) Dimension Data New Zealand's CEO Jo Healey provided some simple tips for New Zealand businesses and the need to remain cybersecure, after speaking at this week's launch of the annual Connect Smart Week
How to be the cat - not the mouse - in the fight against zero-day malware (Security Brief) Zero-day malware mutations can spell disaster for networks, as they can often get in completely undetected by traditional security protection. According to security company Ixia, combatting zero-day attacks involves a continous monitoring solution that tracks originating and target IP addresses for all network traffic
Cybersecurity In The Workplace Is Everybody's Business (Nasdaq) Malicious hackers can often count on complacency and lack of awareness as their partners in crime. Fortunately, the month of October brings an opportunity for potential targets to reboot their attitudes about cybersecurity
Deception mechanisms for detecting sophisticated attacks (Help Net Security) Private information stored in document files is the most popular target for attacks coming from professional hackers, according to TopSpin Security. File traps, including Office files, recent docs and deleted docs, were touched the most times during the research
Scan Ruby-based apps for security issues with Dawnscanner (Help Net Security) Dawnscanner is an open source static analysis scanner designed to review the security of web applications written in Ruby
War stories: for your eyes only (CSO) There are few things that make for as amusing reading as an acceptable use policy
Design and Innovation
MITRE will award $50,000 for a solution that detects rogue IoT Devices (Security Affairs) MITRE has challenged the security community to devise new methods that could help in detecting rogue IoT devices on a network
Lloyds Combats Call Center Fraudsters with New Tech (Infosecurity Magazine) Lloyds Banking Group is set to roll-out new technology designed to prevent phone fraudsters tricking its call center staff into believing they’re genuine customers
Research and Development
Yahoo wants to spy on you through advertising billboards (Naked Security) Online advertising firms have been monitoring our clicks and collecting data about us for years. These days, we expect it, even if we don’t like it
Legislation, Policy, and Regulation
AI accountability needs action now, say UK MPs (TechCrunch) A UK parliamentary committee has urged the government to act proactively — and to act now — to tackle “a host of social, ethical and legal questions” arising from the rise of autonomous technologies such as artificial intelligence
Russian Spycraft: How the Kremlin Hacked Its Way Into a Crisis (Moscow Times) Last Friday the U.S. Intelligence Community (USIC) publicly named the Russian government for directing "the recent compromises of emails from U.S. persons and institutions, including from U.S. political organizations." It claimed that the disclosures of hacked emails "on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are intended to interfere with the U.S. election process", while "only Russia’s most senior officials could have authorized these activities"
U.S. will retaliate against Russia for hacking, White House says (McClatchyDC) The Obama administration plans a “proportional” response to punish Russia for hacking into the Democratic National Committee and other cyberattacks aimed at disrupting Nov. 8 elections, a White House spokesman said Monday
After Attributing a Cyberattack to Russia, the Most Likely Response Is Non Cyber (Council on Foreign Relations) Almost four months after the cybersecurity firm CrowdStrike claimed that two Russian hacker groups were behind the theft of data from computers at the Democratic National Committee and other political organizations, the U.S. government has publicly attributed the attacks to Russia
Thoughts on White House Pledge to Respond to DNC Hack (Lawfare) Yesterday Josh Earnest pledged that the United States would “will ensure that our response is proportional” to Russia’s hack of DNC emails, which the United States has concluded was “intended to interfere with the US election process.” Earnest said the President would “consider a response that is proportional." He added that "[i]t is unlikely that our response would be announced in advance," and said it was “possible that the president can choose response options that we never announce.” Several questions and reactions
Opinion: Trump has a point about 'the cyber' (Christian Science Monitor Passcode) During the last two presidential debates, Donald Trump cast doubt on US claims that Russia carried out cyberattacks on political organizations. But without clear evidence from the government, how can the public really be sure it was Moscow?
Does NSA support of CYBERCOM blur lines? (C4ISRNET) The Title 10 versus Title 50 debate has long surrounded the way intelligence and covert activity is conducted in accordance with the law. A key issue surrounding intelligence and war fighting efforts is the blurring of lines clearly identified in statutes
Current Cybersecurity Capabilities Make it ‘Too Easy’ for Enemy Hackers, Experts Say (Meritalk) In light of the rapid evolution of current threats to government information, current government cyber culture is making it too easy for hackers to target government information, according to cybersecurity experts
DHS Secretary On Department’s Election Cybersecurity Services (Homeland Security Today) Thirty-three state and 11 county or local election agencies have asked the Department of Homeland Security (DHS) about its cybersecurity services
“A First Amendment in the Digital Age”—Peter Zenger Lecture (Just Security) I had the honor of delivering the inaugural Peter Zenger lecture at Columbia Journalism School last week. The lecture is named for a newspaper publisher who was tried for libel in the 1730s for printing articles mocking and criticizing William Cosby, New York’s royal governor. Many historians consider Zenger’s acquittal to have been a milestone in the development of American press freedom. In my lecture last week, I offered some thoughts about digital-age threats to the freedoms of speech and the press, focusing mainly on government surveillance and secrecy
Federal cybersecurity workforce should be more than just IT degrees (Federal News Radio) Whether you’re dealing with payroll systems on earth or satellites in the sky, when it comes to federal cybersecurity hiring, think outside the job description
Marine Corps cyber acquisition just got faster (DVIDS) This summer Marine Corps Systems Command’s Cyber Advisory Team completed its first emergency cyber acquisition as part of a new process designed to more quickly respond to the cyber warfighting needs of the force
For Secret Service CIO, cybersecurity is the mission (Federal Times) After 34 years in the Marine Corps and a short stint in the private sector, Kevin Nally still wanted to serve his country. As the former Marine Corps chief information officer, leading the U.S. Secret Service’s IT management was a perfect fit
States Play Central Role In Thwarting Cyber Attacks (Business Solutions) Governor McAuliffe says states and governors “play a critical role” in the fight against cyber attacks
Attorney general announces Cyber Crime Center initiative in Fresno (Fresno Business Journal) Attorney General Kamala Harris visited Fresno yesterday afternoon to announce the creation of the California Cyber Crime Center (C4)
Australian government blind to true cyberthreat on industry (CSO) The government relies heavily on the voluntary reporting of incidents by the private sector
Litigation, Investigation, and Law Enforcement
Why Yahoo's breach could turn the SEC into a cybersecurity tiger (The Hill) The U.S. Securities and Exchange Commission (SEC) has 500 million new reasons to examine the rules on when companies must disclose cyber risks and attacks
Facebook, Twitter cut access to monitoring tool used by police (CSO) Geofeedia has been marketing itself as a surveillance tool for law enforcement
Facebook, Instagram, and Twitter Provided Data Access for a Surveillance Product Marketed to Target Activists of Color (ACLU) The ACLU of California has obtained records showing that Twitter, Facebook, and Instagram provided user data access to Geofeedia, a developer of a social media monitoring product that we have seen marketed to law enforcement as a tool to monitor activists and protesters
UK prosecutors get new guidelines for pursuing cyberbullies, stalkers (Help Net Security) Cyber bullying, virtual mobbing, doxxing, cyber stalking and harassment, revenge pornography – these are just some of the behaviors that the Internet and social media have enabled
Civil liberties group urges Verizon to shore up Yahoo user protection (Reuters) An international civil liberties group that has worked with web companies on human rights and surveillance issues is asking Verizon Communications Inc to examine a secret email scanning program run by its acquisition target Yahoo Inc and improve on its user protection record
Wells Fargo employees may have been creating fake accounts since 2005 (Ars Technica) But the company is ready to put the scandal behind it, execs said on a Monday call
Defense attorneys instructed on lawfirm cyber security at IDC conference (Madison-St. Clair Record) Defense attorney Steven Puiszis instructed fellow litigators on how to tighten up cyber security in their firms, noting that law firms are a popular target for hackers
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
AFCEA CyberSecurity Summit (Washington, DC, USA, Oct 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia
AppSecUSA 2016 (Washington, DC, USA, Oct 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.
Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.
Tech Talk: Blockchain & Bitcoin (Laurel, Maryland, USA, Oct 17, 2016) Join Novetta and Chainanalysis at Jailbreak Brewery to learn about Bitcoin, a digital currency, and Blockchain, the technology that makes it all work. Rub elbows with like-minded techies and enjoy ice cold beer - Don’t miss out.
Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, Oct 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.
Cyber Ready 2016 (McDill Air Force Base, Florida, USA, Oct 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.
EDGE2016 Security Conference (Knoxville, Tennessee, USA, Oct 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.
SecureWorld St. Louis (St. Louis, Missouri, USA, Oct 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
CyberTini at CyberMaryland (Baltimore, Maryland, USA, Oct 19, 2016) The bwtech@UMBC Cyber Incubator will be hosting a CyberTini as the official opening event of the CyberMaryland Conference on the evening of October 19, 2016 at the Columbus Center in Baltimore’s Inner Harbor. The Columbus Center is just a few blocks from the Baltimore Hilton Hotel where the CyberMaryland Conference is taking place, and attendance at the CyberTini is estimated to be 250 or more. The event will begin at 5pm the night before the CyberMaryland Conference and will run until approximately 7:30pm.
Los Angeles Cyber Security Summit (Los Angeles, California, USA, Oct 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
CyberMaryland 2016 (Baltimore, Maryland, USA, Oct 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.
CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, Oct 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
18th Annual AT&T Cybersecurity Conference (New York, New York, USA, Oct 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them. That’s why we’re hosting the 18th Annual AT&T Cybersecurity Conference.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
14th Annual EWF National Conference (Scottsdale, Arizona, USA, Oct 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Security By Design (McLean, Virginia, USA, Oct 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.