Shamoon is back. So is Fancy Bear. PluginPhantom threatens Android devices. Firefox patches zero-day that threatened Tor users. US DoD says Boyusec is working for PLA espionage services.
Shamoon, the drive-wiping malware that hit Saudi Aramco and other energy firms hard in 2012, is back, with infections reported in Saudi government systems. Saudi investigators say their forensic investigation leads them to attribute the attack to an Iranian source. The new strain of Shamoon is also being called "Disstrack," and it appears to be purely disruptive in operation, with no reports of data exfiltration.
Investigation into the Tesco Bank breach suggests to some observers that the bank's connection to its parent supermarket may have afforded the attackers their way in.
The World Anti-Doping Agency is again under cyberattack, and it's either Fancy Bear or someone masquerading as Fancy.
Palo Alto Networks' Unit 42 reports on a new Google Android Trojan, “PluginPhantom," that abuses the DroidPlugin framework. PluginPhantom, which includes a keylogger, extracts a wide range of user and device information.
Facebook is calling hogwash on Check Point Software's report of Locky ransomware being spread by images in Facebook Messenger.
Firefox has patched a zero-day that could be exploited to de-anonymize Tor users.
Germany's Interior Ministry has proposed legislation that would limit the transparency of online surveillance. Interception of jailed ISIS terrorists' communications suggests planning for unusually repellent attacks targeting children. Investigation into the alleged ISIS mole in the BfV continues; the Telegraph argues any security service might overlook red flags when recruiting for scarce language skills.
A US Defense Department report accuses Chinese security firm Boyusec of working with the PLA to embed espionage tools in its security products.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, Germany, Iran, Iraq, Israel, Jamaica, Netherlands, Russia, Saudi Arabia, Syria, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our research partners at the University of Maryland, as Jonathan Katz describes the challenges of including encryption in ransomware. Our guest Dmitry Volkov from IB will take us through what's known about the Cobalt ATM hacks.
A special edition of our Podcast up is up, too—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
Shamoon wiper malware returns with a vengeance (Ars Technica) Displays body of drowned Syrian boy after wiping drive; Saudi government targeted
Israeli News Channels’ Telecast Hacked; replaced with Muslims’ call to prayer (HackRead) Hackers were furious over a that bans Muslim call-to-prayer bill in the country
Deutsche Telekom attack part of global campaign on routers (Reuters) A cyber attack that infected nearly 1 million routers used to access Deutsche Telekom internet service was part of a campaign targeting web-connected devices around the globe, the German government and security researchers said on Tuesday
New Mirai Worm Knocks 900K Germans Offline (KrebsOnSecurity) More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai
SF Municipal Railway restores systems after ransomware attack (TechTarget) The San Francisco Municipal Transportation Authority restored systems without paying following a ransomware attack that allowed free rides for travelers over the weekend
Why transportation networks are especially vulnerable to ransomware (CNBC) Workers in the transportation sector are among the most vulnerable to phishing emails and the ransomware attack on San Francisco's light rail system over the Thanksgiving weekend showed the impact cybercriminals can have on municipal transportation systems
'Tesco Bank's major vulnerability is its ownership by Tesco,' claims ex-employee (Register) Links to supermarket's systems may have exposed vulnerability
UK Lenders Shared Threat Info After Tesco Bank Attack (Infosecurity Magazine) The UK’s banking sector enacted contingency plans that enabled members to share crucial intelligence following a major cyber-attack against Tesco Bank earlier this month
Bears continue to maul anti-dopers (SC Magazine) Fancy Bear are [sic] continuing to target the western sports establishment, publishing a series of emails from inside the World Anti Doping Agency, illustrating a number of small allegedly scandalous details from inside the organisation
In Break From Usual, Threat Actors Use RAT To Steal POS Data (Dark Reading) New NetWire RAT version comes with keylogger for stealing a lot more than just credit and debit card data
New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer (TrendLabs Security Intelligence Blog) In January of 2016, we found various “SmsSecurity” mobile apps that claimed to be from various banks. These apps supposedly generated one-time passwords (OTPs) that account holders could use to log into the bank; instead they turned out to be malicious apps that stole any password sent via SMS messages. These apps were also capable of receiving commands from a remote attacker, allowing them to take control of a user’s device
PluginPhantom: New Android Trojan Abuses “DroidPlugin” Framework (Palo Alto Networks) Recently, we discovered a new Google Android Trojan named “PluginPhantom”, which steals many types of user information including: files, location data, contacts and Wi-Fi information. It also takes pictures, captures screenshots, records audios, intercepts and sends SMS messages. In addition, it can log the keyboard input by the Android accessibility service, acting as a keylogger
Computer Systems at Carleton University Shut Down due to Ransomware (HackRead) Hackers are demanding 2 bitcoin per machine or a total of 39 bitcoin for the decryption key
HDDCryptor: Subtle Updates, Still a Credible Threat (RDK Software Solutions) Since first writing about the discovery of HDDCryptor back in September, we have been tracking this ransomware closely as it has evolved. Last week, a new version was spotted in the wild, and based on our analysis, we believe that this variant is the one used in a recent attack against San Francisco Municipal Transport Agency (SFMTA)
Facebook Denies Researchers' Claim Ransomware Spreading via Images (eWeek) Researchers at Check Point Software Technologies allegedly find images spreading ransomware on social media sites, but Facebook calls their research "incorrect"
CyberArk finds Microsoft Credential Guard flawed (ITWire) Attackers with local administrator rights can harvest encrypted service credentials to achieve lateral movement and full domain compromise on Windows endpoints
New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer (Cyber Disruption) In January of 2016, we found various “SmsSecurity” mobile apps that claimed to be from various banks. These apps supposedly generated one-time passwords (OTPs) that account holders could use to log into the bank; instead they turned out to be malicious apps that stole any password sent via SMS messages. These apps were also capable of receiving commands from a remote attacker, allowing them to take control of a user’s device
Firefox 0-day exploited in the wild to unmask Tor users (Help Net Security) An anonymous user of the SIGAINT darknet email service has revealed the existence of a JavaScript exploit that is apparently being actively used to de-anonymize Tor Browser users
Tor users at risk of having their anonymity stripped via attacks exploiting Firefox zero-day (Graham Cluley) Wait a second… this looks familiar
Hello, You’ve Been Compromised: Upward Attack Trend Targeting VoIP Protocol SIP (Security Intelligence) There are numerous protocols used in voice-over-IP (VoIP) communications. According to IBM Managed Security Services (MSS) data, the most targeted VoIP protocol is Session Initiation Protocol (SIP), which accounted for over 51 percent of the security event activity analyzed in the last 12 months
IoT camera turned into a zombie in under two minutes (Naked Security) It may be the favorite easy target for those of us who like to grumble about the sad state of security in the consumer market, but there have been some egregious examples of poor security in “smart” cameras recently
Who Hacked The Lights In Ukraine? (Motherboard) On December 23 of last year, tens of thousands of people in Ukraine suffered a blackout. The culprit wasn't just another malfunction or a natural disaster—but a hacker attack. This was the first known cyberattack that took out the electric grid anywhere in the world
'Dronejacking' May be the Next Big Cyber Threat (The Bull) A big rise in drone use is likely to lead to a new wave of "dronejackings" by cybercriminals, security experts warned Tuesday
Dark Web Child Porn Sites Are Using 'Warrant Canaries' (Motherboard) For coal mines, canaries raised the alarm on toxic leaks. For tech companies, cryptographically signed messages—or warrant canaries—flag secret demands for user data. And on the dark web, they are supposed to show that a criminal site has not been infiltrated by law enforcement
Hackers reuse passwords to access 26,500 National Lottery accounts (Naked Security) Earlier this week UK National Lottery operator Camelot released a statement saying it believed hackers had accessed the accounts of around 26,500 of its 9.5 million online players
Europol Red-faced as Terror Data Appears Online (AFP) Europol admitted on Wednesday that confidential information on terror investigations were accidentally put online, as it launched a probe into what it called a "very serious incident"
Cybercriminals' Next Target: Short-Term Dangers (Part 1 of 2) (Dark Reading) With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware
Security Patches, Mitigations, and Software Updates
Tor Patched Against Zero Day Under Attack (Threatpost) Update: The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users
Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass (Threatpost) Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google’s Chrome browser
Microsoft's decision to retire security tool is myopic (Computerworld) Plan to end EMET support in mid-2018 comes under fire from security analyst
Cyber Trends
Nearly Half of IT Professionals More Concerned About Insider Threats than External Threats, with Naive Individuals and Employees Bending the Rules Driving Concerns (Preempt) Despite the perception that hackers are a company’s biggest cybersecurity threat, insiders, including careless or naïve employees, are now viewed as an equally important problem, according to new research from Preempt, pioneer of the industry’s first behavioral firewall
Mobile Devices Leave Organizations Dangerously Exposed to Cybercrime (PRNewswire) Ovum report identifies mobile as an open door for cybercriminals to attack business systems
Quick Heal® Technologies Third Quarter Threat Report Reveals Significant Increase in Android Platform Vulnerabilities and Mobile Banking Trojans (IT Business Net) Quick Heal Technologies announced results of its third quarter Threat Report today. The free report, now available on the Quick Heal website, reveals a startling increase in vulnerabilities on the Android platform and a 33 percent rise in mobile ransomware. The report also found a slight decrease in Potentially Unwanted Applications (PUA) and Adware, dropping by three percent and 12 percent respectively
Do you know which data compliance standards apply to your organization? (Help Net Security) Despite the explosion in data collection among companies in every sector and the well-documented risks of cyber threats, a new Liaison Technologies survey of nearly 500 US C-level executives and senior-level managers reveals that nearly half (47%) are unsure which information security and privacy regulations apply to their organizations
Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ... (Register) Secunia report on treadmill of security software pain
Feds Need to Bolster Cyberprotection Speed and Range (E-Commerce Times) Providing cybersecurity that is adequate to meet increasing threats has proven to be a perpetual catch-up process. Public sector agencies are particularly sensitive targets, with high visibility not only to the citizens they serve, but also to cyberattackers
Marketplace
JP Morgan: 'We would hire a reformed black hat' (Computing) And other industry hacker recruitment policies from our latest summit
Soltra saved — NC4 buys info-sharing system from banking sector (CyberScoop) Soltra, the cyberthreat information-sharing joint venture set up by financial-sector institutions, has been reprieved after it was bought by security firm NC4
Aquilent to be acquired by Booz Allen Hamilton in $250 million deal (Baltimore Sun) The management consulting giant Booz Allen Hamilton is acquiring Aquilent, a Laurel firm that has designed more than 100 websites for federal agencies, in a $250 million deal
1 Top Small-Cap Stock to Buy Now (Fox Business) Small-cap stocks can deliver explosive gains -- or sizable losses. Choose well, and these high-risk yet potentially high-reward stocks can deliver multibagger returns and turbocharge your portfolio's overall performance. But choose poorly, and a small-cap stock can produce painful losses, up to and including a complete loss of capital should the business be forced into bankruptcy
Why FireEye’s Leadership in APT Could Benefit Its Investors (Market Realist) FireEye is a leader in the APT space
FireEye Focuses on Enhancing Its Network Security Offerings (Market Realist) FireEye faces tough competition in the network security space
FireEye execs admit channel troubles (CRN) At security vendor FireEye's Partner Advisory Council earlier this year, Nick Giampietro said partners were asked, in the wake of all its challenges with the channel and the market: Is FireEye done?
NDAA Requires Army To Buy Intelligence Software Commercially (Defense NewsCyber center project a 'turning point' for Army capability, leaders say) After a federal judge put a stop to the Army’s current plan to develop its intelligence analysis framework internally, requiring it to look again at commercially available products, a provision in the conference report of the 2017 defense policy bill further pushes the Army toward buying commercial capability
HHS OIG wants help hunting cyberthreats (Federal Times) The Department of Health and Human Services inspector general is in pursuit of information about cyberthreat-hunting software
CACI nabs $79M Army task order to support information warfare directorate (Washington Technology) CACI International has won a $79 million task order to support the U.S. Army Intelligence and Information Warfare Directorate.
Cyberinc, an Aurionpro Company, invests to address Australia's growing cyber security market (Sys-Con Media) Establishes Australian headquarters in Melbourne, will collaborate with and strengthen Victoria Government's cyber security agenda
Cylance appoints Arrow as its first Australian distributor (CRN) Security vendor Cylance has appointed Arrow as its first distributor for Australia and New Zealand
Checkmarx Recognized By Deloitte Israel Technology Fast 50 2016 As Israel’s Fastest Growing Cybersecurity Company (BusinessWire) Checkmarx, a global leader in application security testing, has been selected as one of Israel's fastest growing companies in Deloitte's Fast 50 2016 awards program for the fourth year in a row. Recognized for sustained revenue growth and a deep understanding of the cybersecurity market, Checkmarx is the highest ranking cybersecurity company, placing 14th on the overall Fast 50 list
Verodin Adds Prominent Security Names to Leadership Team (BusinessWire) Andrew Barnett, Brian Contos and Kurt Stammberger join “Instrumented Security™” pioneer
CrowdStrike Appoints Industry Veteran Michael Carpenter as President of Global Sales and Field Operations (CrowdStrike) Former Tanium executive to lead CrowdStrike’s global expansion and build on unprecedented growth as demand for CrowdStrike Falcon skyrockets
Microsoft 'Father Of SDL' Named To Top Post At SAFECode (Dark Reading) Steve Lipner, the former Microsoft security leader credited with spearheading its security development lifecycle (SDL) initiative, takes on a new role as executive director at SAFECode
Products, Services, and Solutions
Optiv Security Announces Next Generation of Third-Party Risk Management Platform Evantix (Optiv) Evantix 5.0 helps organizations better scale third-party risk management programs, improve visibility into risk assessment lifecycle and track remediation issues
Palo Alto Networks Automates Cloud Security Deployment On Amazon Web Services (PRNewswire) Palo Alto Networks now supports key AWS features and joins the AWS Competency Program for Security
Actively Monitoring a Mobile Workforce with SecurityCenter (Tenable Network Security) As the boundaries of the traditional workplace expand from users in the traditional single office building to mobile road warriors and remote workers, the effectiveness of a vulnerability management program across all endpoints becomes more challenging
Infinite : Introduces Nodeware Vulnerability Management Solution (4-Traders) Nodeware's plug-and-play system simplifies and enhances security for SMBs
Zentera Systems Launches Industry's First True Cloud Security Overlay Solution Delivering Third-Party Security Capabilities to the Cloud (Broadway World) Zentera Systems, Inc., the leader in multicloud networking and security, today launched the industry's first true cloud security overlay solution that delivers third-party security capabilities to the cloud
Hypertec and RackTop Partner to Deliver a Secure Accelerated Data Workflow Integration Solution for Media and Entertainment Companies (PRNewswire) Hypertec Systems and RackTop Systems today announced a strategic partnership launching a new workflow integration system that simplifies, accelerates and secures media and entertainment companies' creative workflow
Next-gen protection against multi-vector DDoS attacks (Networks Asia) Devastating multi-vector distributed denial of service (DDoS) attacks continue to make the news. Two complex assaults on internet infrastructure company Dyn late October, that some reports claim to be in the 1.2 Tbps range, took down popular websites including Twitter, Netflix, Pinterest, Paypal, Spotify, Airbnb and Reddit
SAMRi10: Windows 10 hardening tool for thwarting network recon (Help Net Security) Microsoft researchers Itai Grady and Tal Be’ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced “Samaritan”)
The Floodgate IoT Security Toolkit is here (App Developer Magazine) Icon Labs has announced its Floodgate IoT Security Toolkit, which enables IoT edge devices to be easily and securely integrated with IoT cloud platforms, including Verizon’s ThingSpace IoT Cloud Platform, and provides security management for remote IoT devices from a single user interface
BlackBerry Watchdox: Secure File Sharing Is An Abject Necessity In Legal Services And Blackberry Shows The Way (N4BB) BlackBerrry WatchDox sets the benchmark in secure file sharing in legal services. No more photocopies or couriering large bundles of docs
Raytheon conducts demonstration of cyber and electromagnetic battle management system (GSN) Raytheon Company's (NYSE: RTN) Cyber and Electromagnetic Battle Management tool is the only electronic warfare planning and management tool to demonstrate interoperability with not only third-party software, but an entire system with completely different architecture
Technologies, Techniques, and Standards
Node.js Foundation To Oversee Node.js Security Project To Further Improve Stability for Enterprises (Yahoo!) The Node.js Foundation, a community-led and industry-backed consortium to advance the development of the Node.js platform, today announced that the Node.js Security Project will become a part of the Node.js Foundation. Under the Node.js Foundation, the Node.js Security Project will provide a unified process for discovering and disclosing security vulnerabilities found in the Node.js module ecosystem
Bypassing BitLocker during an upgrade (Naked Security) If you’ve got an iPhone, or an Android, or a Mac, or a Windows 10 computer, then you’ll know that when you do an upgrade, the device almost always reboots during the process, sometimes more than once
20 Questions Smart Security Pros Should Ask About 'Intelligence' (Dark Reading) Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential
Cybersecurity User Training That Sticks: 3 Steps (Dark Reading) People are eager for common-sense advice that gives them control over their environment and helps them stay safe online
Isolation technologies create an “air gap” to eliminate the risk of malware (Network World) Web requests are proxied to the isolation platform, which executes and renders web sessions remotely, and only a safe visual stream is sent on to users
The Purple Team Pentest (CircleID) It's not particularly clear whether a marketing intern thought he was being clever or a fatigued pentester thought she was being cynical when the term "Purple Team Pentest" was first thrown around like spaghetti at the fridge door, but it appears we're now stuck with the term for better or worse
Next level red teaming: Working behind enemy lines (Help Net Security) The term “hacker” calls forth both positive and negative mental pictures, but I can bet that there are not many people, even in the infosec community, to whom the term generates the image of a guy running through the jungle with a laptop and an automatic weapon
Worried About Getting Hacked? Here Are 3 Simple Ways To Protect Yourself (Forbes) How many passwords do you have to remember? Don’t forget the unlock codes for your phone and computer, the garage door opener, and the safe combination. Not including sign-in information for my work computer, I counted 50 separate passwords and passcodes for my husband and me
5 ways data classification can prevent an education data breach (CSO) Schools could don the dunce cap if they don’t get this test right
Design and Innovation
Is Strong Authentication Killing the SMS-Delivered Password? (Easy Solutions) Over the past few years, there has been a noticeable move away from what has been the norm for decades – communication and business conducted in person or over the phone – toward increasingly digital-only interaction
Facebook users want to continue posting from beyond the grave (Naked Security) What happens to a person’s Facebook page after they die?
Video: A bitcoin allowance teaches spending and security (Christian Science Monitor Passcode) Kryptina is one of the world's youngest users of the digital currency bitcoin. Her dad gives her a bitcoin allowance as a lesson in online security and money management
Research and Development
Georgia Tech Gets $17 Million Defense Deal For Cyberattack Attribution (Dark Reading) US Department of Defense awards research to work on technique for quick attribution of cyberattack with hard evidence
Academia
Lockheed-Virginia Tech Alliance to Focus on Cybersecurity, Electronics & Autonomy Research (ExecutiveBiz) Lockheed Martin and Virginia Tech have entered into a partnership to implement joint research projects focused on cybersecurity, microelectronics, power electronics and autonomy
Legislation, Policy, and Regulation
German Minister Proposes Data Protection Law Aimed at Limiting Privacy Rights (HackRead) The bill will also ban the citizens’ right to know what sort of data about them is being collected by the government
Scholars, infosec experts call for action on Russian hacking (CSO) In the wake of reports about Russian involvement in fake news and hacks against political targets leading up to the recent presidential election, scholars and security experts are calling for federal action
House passes intelligence bill enhancing efforts against Russia (The Hill) The House passed an annual intelligence policy authorization bill on Wednesday that includes a provision to increase scrutiny of Russia's attempts to exert covert influence around the world, after the country was accused of meddling in this year's U.S. presidential election
Extremist Content and the ICT Sector (Global Network Initiative) The role of information and communication technology (ICT) companies in responding to alleged terrorist or extremist content has become one of the most challenging issues for freedom of expression and privacy online. In July 2015, GNI launched a policy dialogue to explore key questions and considerations concerning government efforts to restrict online content with the aim of protecting public safety, and to discuss the human rights implications of such government actions
US Judges Can Now Sign Global Hacking Warrants (Motherboard) On Thursday, changes to the rules around US search warrants came into effect, meaning that magistrate judges can now authorize the hacking of computers outside of their own district
Senate fails to stop FBI's expanded hacking authority (Engadget) The FBI will have the freedom to hack computers in any jurisdiction
Opinion: The FCC needs to end warrantless cellphone spying (Christian Science Monitor) Police departments' growing use of devices known as "Stingrays" that intercept – and disrupt – people's communications represents a clear danger to Americans' privacy
Snowden: Hacking rule changes threaten Americans' rights (Washington Examiner) Changes to a little-known rule that allows law enforcement agencies like the FBI to search multiple computers with one warrant go into effect in a few hours, prompting a stern warning from former NSA contractor Edward Snowden that the rights of all Americans are in jeopardy
What would it take to declare the electromagnetic spectrum a domain of warfare? (C4ISRNET) Cyber was recently declared a domain of warfare five years ago, making it the fifth operational domain with land, sea, air and space. There is now also discussion of donning the electromagnetic spectrum (EMS) its own operational domain of warfare
These senators are hoping to divide Cyber Command from the NSA (CyberScoop) A bipartisan amendment introduced Tuesday in the Senate to the 2017 National Defense Authorization Act seeks to elevate U.S. Cyber Command to a combatant command. The status upgrade would cause Cyber Command to become independent of the NSA, receive additional resources and assume different leadership than currently installed
How Should Trump Handle the U.S. Cybersecurity Crisis? (Top Tech News) They've stolen money from banks in England, knocked out electrical power in the Ukraine and interfered with the latest presidential election cycle in the United States
America wonders what path Trump will tread on cybersecurity (Naked Security) Trying to predict the shape of cybersecurity under President Trump is a frustrating exercise for industry professionals. But given what’s at stake, we asked some to give it a try anyway, or at least offer the president-elect some advice
Don’t Put the Pentagon in Charge of Private Industry’s Cybersecurity (Defense One) There are few ways that the military could intervene effectively without doing more harm than good
The Coming War on ‘Radical Islam’ (Defense One) How President-elect Trump’s government could change America’s approach to terrorism
It will soon be illegal to punish customers who criticize businesses online (Ars Technica) Consumer Review Fairness Act bans customer gag clauses, awaits Obama signature
Cyber center project a 'turning point' for Army capability, leaders say (Army Times) The groundbreaking for Army Cyber Command’s new complex at Fort Gordon, Georgia, represents a crucial turning point for the nation’s ability to fight in the cyber domain and diminish gaps in capability, Army leaders said Tuesday at the event
Gov’t to strengthen legislation to protect personal information in cyberspace (Jamaica Observer) The Government will be making changes to critical pieces of legislation that will enable a more robust framework in protecting personal information in cyberspace
Litigation, Investigation, and Law Enforcement
China Cybersecurity Firm Linked With Country’s Intel Agency For Espionage (Dark Reading) Boyusec is working with China's intelligence services and military to doctor security products for spying, says Pentagon report
All western spy agencies, including MI5, are vulnerable to infiltration by Islamists. Here's why (Telegraph) he news that the German security service, the Bundesamt für Verfassungsschutz (BfV) may have been penetrated by an Islamist terrorist organisation will come as no surprise to western counter-intelligence analysts. In fact it will serve only as an unpleasant reminder of the vulnerability of such agencies when entrance and vetting standards are compromised in an effort to acquire language skills
Arrested German spy was a onetime gay porn actor — and a secret Islamist (Washington Post) Two weeks ago, German intelligence agents noticed an unusual user in a chat room known as a digital hideout for Islamic militants. The man claimed to be one of them — and said he was a German spy. He was offering to help Islamists infiltrate his agency’s defenses to stage a strike
„Darf ich Eis nach Scharia würzen, um Kinder zu töten?“ (Welt) Dschihadistischer Dialog in Kinderschrift: Zwei junge Salafisten aus NRW haben selbst in der Haft noch ihre Mord- und Vergewaltigungsfantasien ausgetauscht. Auch mal verziert mit Herzchen und Blumen
Trump says Ohio campus attacker 'should not have been in' US (BBC) Donald Trump has said a Somali refugee student who went on a rampage at an Ohio campus on Monday "should not have been in our country"
Ohio man sentenced in plot to kill government employees in support of ISIS (Federal Times) The Department of Justice has sentenced a West Chester, Ohio, man for attempting to kill officers and U.S. government employees, conspiracy to provide material support to a foreign terrorist organization, and possession of a firearm in furtherance of a crime of violence
Petraeus would have to notify probation officer if offered State job (Washington Examiner) Retired Gen. David Petraeus, one of the remaining four candidates President-elect Trump is considering for secretary of state, would have to notify his probation officer of his new job if offered the position
Navy asks Hewlett Packard to pay up for personal data breach (Navy Times) The Navy is pressing private contractor Hewlett Packard Enterprise to pay for credit monitoring services for sailors affected by a data breach that exposed more than 130,000 social security numbers, a defense official familiar with the ongoing investigation said
Largest Producer Of Child Pornography Ever Prosecuted In Minnesota Sentenced To 38 Years In Prison (US Department of Justice) Anton Martynenko targeted more than 150 children in “sextortion” scheme
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Upcoming Events
CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.
AlienVault USM Webcast (Online, Dec 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of host-based monitoring.
Cyber Threats Master Class (Turin, Italy, Dec 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding of new security threats to states and citizens. The focus of the course is on cyber threats, internet governance and the role of media. Application deadline is October 2, 2016.
Disrupt London (London, England, UK, Dec 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators. Disrupt gathers the best and brightest entrepreneurs, investors, hackers, and tech fans for on-stage interviews, the Startup Battlefield competition, a 24-hour Hackathon, Startup Alley, Hardware Alley, and After Parties.
US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, Dec 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey is increasing resources in the public and private sectors to tackle these complex cyber threats. Apply now for this mission. Recruitment for the mission will begin immediately and conclude no later than September 16, 2016. The U.S. Department of Commerce will review applications and make selection decisions on a rolling basis beginning May 2, 2016 until the maximum of 20 participants is selected. Applications received after September 16, 2016 will be considered only if space and scheduling constraints permit.
NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, Dec 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half of all cyber attacks targeted companies with less than 1,000 employees. The majority of these breaches are caused accidentally by internal employees or contractors, which means that, whether their intent is malicious or not, people represent the greatest risk to a company's cyber security. Join us for the December 6th NCCoE Speaker Series and learn from the leading experts, including Mitre's Principal Behavioral Psychologist Dr. Deanna Caputo, how you can keep your business safe from these costly and preventable breaches.
Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, Dec 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.
Infosecurity Magazine Conference (Boston, Massachusetts, USA, Dec 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information, practical case studies and strategic and tactical insight
Practical Privacy Series 2016 (Washingto, DC, USA, Dec 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly good sessions right now—we can’t wait to share them with you!
CISO Southern Cal (Los Angeles, California, USA, Dec 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
SANS Cyber Defense Initiative 2016 (Washington, DC, USA , Dec 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative 2016 will feature courses in IT security, security management, IT audit, penetration testing, and computer forensics, including short courses that can be taken with a long course to enhance your training. Every course, evening talk, and special event is designed to equip you with cutting-edge knowledge and skills required to combat today's cyber criminals. SANS events offer you a unique opportunity to learn from the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately
Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, Dec 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how this research can be used to enable innovation. The main aims of the conference are: To highlight the innovative research happening globally with three main themes: Privacy, Security and Trust. Academics from across the globe will come together to discuss solutions related to PST risks and to showcase the research methods that are able to minimise future cybercrime issues. To foster new ideas and conversation in order to reduce the amount of PST issues globally and to create enduring change in the behaviour and attitudes towards PST. To draw together PST practitioners, researchers, and government to showcase the latest PST research outputs and initiatives. We envisage that industry participants will implement the PST initiatives that are discussed and showcased at the conference into their practice.