Cyber Attacks, Threats, and Vulnerabilities
Belgian government plagued by hackers (Politico) 'It is the first time such a whole series of short, criminal incidents has happened'
2 Damascus-based jihadist groups swear allegiance to Al Nusrah Front (Long War Journal) Two small jihadist groups based in the Syrian capital of Damascus — Ansar al Sharia and Al Muntasir Billah — have sworn allegiance to Abu Muhammad al Julani, the head of Al Nusrah Front. A spokesman for the two factions announced their fealty in a short video posted yesterday on one of Al Nusrah's official Twitter feeds
Anonymous Leaks Data of Cincinnati Police Department Officers (Hack Read) The Anon Verdict hacktivists from Anonymous leaked personal information of around 52 Cincinnati Police Department employees on Sunday — motive: death of Paul Gaston
Cybersecurity a dynamic threat with subtle, sly bad actors, experts say (SNL) Cybersecurity experts on Feb. 16 cautioned state utility regulators not to fall prey to popular notions of cyberattacks as sudden infiltrations that create obvious catastrophes; the reality is often much slower and more discreet
'MouseJack' Attack Bites Non-Bluetooth Wireless Mice (Dark Reading) PCs, Macs, and Linux machines at risk of attack that exploits unencrypted communications between wireless mice and dongles
Improved FrameWorkPOS spotted alive and well in the wild (SC Magazine) It's alive! FrameWorkPOS is still in the wild and it's better than ever with a recent campaign stealing 43,000 credit cards, according to researchers at ThreatStream Labs
The Rise of Locky: Dridex Crew Bets on Ransomware (Invincea) Earlier this month, a ransomware attack of unknown origin hit the Hollywood Presbyterian Medical Center in Southern California
Is DNSSEC causing more problems than it solves? (Register) New paper points to security protocol as vector for DDoS attacks
CVE-2013-0074/3896 (Silverlight) integrates Exploit Kits (Malware Don't Need Coffee) Angler EK is definitely on the move. It's not a huge surprise when we can speculate that the team behind is the same that was first using Cool EK (Paunch VIP customer) and is behind the Reveton threat
uKnowKids.com database error exposed sensitive information on 1,700 kids (CSO) 1,700 children and millions of messages and images were exposed
Pirated App Store client for iOS found on Apple's App Store (Help Net Security) An app called 开心日常英语 ("Happy Daily English"), which has been offered for download via Apple's official App Store, has been revealed to be a fully functional third party App Store client for iOS, offering users in mainland China a way to install modified versions of iOS apps on non-jailbroken devices
The rise of LinkedIn fraud (CSO) There is an increasing number of fraudsters and hackers who are committing cyber crimes targeting LinkedIn users
Cisco: Facebook Scams are Attackers' #1 Choice for Breaches (ZeroFOX) Research published in Cisco’s 2015 Midyear Security Report reveals that social media exploitation — Facebook scams in particular — has officially taken the crown for the most commonly used method into an organization's network
Latest attack against Russian bank employees highlights the threat to financial institutions (IDG via ITWorld) Cybercriminal groups increasingly attempt to break into banks' computer networks to steal funds
Why the biggest threat to your digital security is you (Business Insider) Social engineering is the new malware
Some Xbox Live Services are Down Again (Hack Read) Some gamers on social media are complaining that they are not able to boot up their digital games due to the unavailability of Xbox live service
Deep and Dark Web: Complexity and escalating cybercriminal activity (Help Net Security) Flashpoint released an annual research report that looks to uncover the growing complexity of illicit communities and the industrialization of cybercrime over the past year
Cybercrime And Hacking Atlas (Dark Reading) A geographic guide with cybercrime threat and target trends in 10 notable countries
Cyber Trends
Apple Case Highlights Struggles CIOs Face in Balancing Privacy, Law Enforcement Requests (Wall Street Journal) As technology advances, there’s a delicate balance between individual privacy and law enforcement’s requests for information. Increasingly, it’s up to CIOs and individual organizations to navigate the governance questions
Survey Roundup: Enforcing But Not Following IT Security Rules (Wall Street Journal) A look at some recent surveys and reports dealing with risk and compliance issues
Do CIOs Underestimate Cyber Breach Recovery? (Infosecurity Magazine) A large majority (85%) of CIOs are not taking proactive steps to track down cyber threats, despite a similar number claiming to be under increasing pressure to quickly prevent, detect and respond to security incidents
BAE Systems suffers cyber attacks twice a week (Financial Times) Foreign governments are suspected of launching cyber attacks on BAE Systems roughly twice a week, according to the UK defence company, which on Monday warned that internet crime was becoming increasingly sophisticated and professional
Encrypted Internet Traffic a Key Cybersecurity Threat (SIGNAL) Malware attacks nearly doubled in 2015 to reach up to 8.19 billion
Banks are being targeted by cyber hackers (Sydney Morning Herald) Cyber-criminals are increasing attacks on Australian banks and using more sophisticated methods, says a report by computer giant Dell, suggesting heightened cyber-security vigilance and spending by financial institutions and the federal government is justified
Cyber Security in the Middle East (Infosecurity Magazine) While Middle East countries have faced humanitarian disasters for many years, a greater problem now faces these countries: cybercrime
Marketplace
World's Coolest Cybersecurity Startups Bring Their Elevator Pitches To San Francisco (Forbes) It's not too late to buy a ticket to the hottest show in cybersecurity
Anticipating the RSA Security Conference (Network World) Skills shortage, security automation, cloud security, data security, endpoint security and security analytics top my list of priorities
Looking into cyber risk insurance (IT Web) More and more businesses are coming to the conclusion that the probability of falling victim to a data breach is high
British Weapons Maker to Chase U.S. Commercial Cybersecurity Business (Wall Street Journal) BAE Systems estimates potential market to be worth $15 billion
We want to set up in the US despite ban: Huawei (CNBC) The effective ban on Huawei entering the U.S. network equipment market has not dampened the Chinese company's interest in setting up Stateside, the company's chief executive said on Monday
Trusona Launches From Stealth, Introducing Industry's First Identity-Proofing & Authentication Platform for When You Truly Need to Know (MarketWired) Founded by CEO Ori Eisen, Arizona startup secures $8M Series A round from Kleiner Perkins Caufield & Byers
Team8 Cyber Security Group Grabs $23 Million Series B (TechCrunch) Team8, the unique Israeli cyber security company that is part venture capitalist, part think tank and part startup incubator announced a $23 Million Series B round today from a variety of investors
New Cybersecurity Venture Firm Launched (Dark Reading) Former US-CERT director joins 'accelerator' Strategic Cyber Ventures LLC
Observable Networks gets USD1.625m in convertible debt funding (Financial News) Observable Networks Inc. has closed USD1.625 million in convertible debt funding from investors arranged by DH Capital, an investment banking firm serving companies in the Internet infrastructure, communications, and SaaS sectors, the company said
Cyber-Security Movers: FireEye, Barracuda Networks, and Palo Alto Networks (Bidness Etc.) Bidness Etc takes a look at today's biggest movers in the cyber-security space
Wynyard doubles loss to $44M, rights offer details due (Scoop) Wynyard Group, the crime-fighting and security software developer, doubled its loss to $44.1 million in 2015 on static revenue while reshaping its business plan to try and achieve cash break-even more quickly
FAA Concerned About 'Evolving Cyber Events' (Nextgov) The Federal Aviation Administration needs urgent help to protect its systems from evolving cyber events, according to federal contracting documents
Hotshot Cybersecurity Startup Tanium Names New CEO (Fortune) The world’s highest valued cybersecurity “unicorn” has new leadership
KEYW adds former Leidos executive to board (Baltimore Business Journal) KEYW Holding Corp. has expanded its board of directors with a ninth member, adding the finance executive who helped split Leidos Holdings Inc. and SAIC into two companies
Products, Services, and Solutions
Pindrop Launches the First IVR Fraud Protection Solution to Address Growing Threat to the Call Center (Yahoo! Finance) Pindrop Is the only company offering protection against fraud attacks across the entire call center in both live agent calls and IVR activity
Corero Network Security Continues to Redefine the Real–Time DDoS Detection and Mitigation Landscape with Virtual Monitoring Capabilities (NewsOn6) Corero Network Security (LSE: CNS), a leading provider of First Line of Defense® security solutions against DDoS attacks, today announced beta availability for the Corero SmartWall® Network Threat Defense — Virtual Edition (vNTD Monitor)
HITRUST CSF Certification Provides Enhanced Coverage and Reductions in Cyber Insurance Premiums (BusinessWire) HITRUST CSF Certification Provides Enhanced Coverage and Reductions in Cyber Insurance Premiums
Announcing Recorded Future for Splunk (Recorded Future) It’s no secret that many security teams who work with threat intelligence also use Splunk to analyze their security operations data
PacketFence: Free and open source network access control (Help Net Security) PacketFence is a fully supported, free and open source network access control (NAC) solution
Secure Microcontrollers from STMicroelectronics Bring Advanced Cyber Safety to Connected Cars (Nasdaq) Tamper-proof microcontrollers qualified for automotive applications protect data privacy and system integrity
Lewis Rhodes Labs Announces Cyber Microscope for Advanced Cyber Security Anomaly Detection (BusinessWire) Deployed at Sandia National Laboratories, Cyber Microscope increases detection speed and resolution by more than 100 times
Technologies, Techniques, and Standards
Proper device management could have prevented the whole FBI-Apple fight (MacWorld via CSO) Even without a comprehensive policy, just enrolling the device in an MDM system would have been enough
How the FBI could use acid and lasers to access data stored on seized iPhone (Ars Technica) Decapping techniques are effective, but they're not practical in this case
6 steps to take to evaluate cyber risk (Property Casualty 360) Daily news reports of cyber data incidents serve as a constant reminder of the growing cyber risks that companies face
What the Heck Is a CASB, and Do You Need One? (eSecurity Planet) Cloud access security brokers are a relative newcomer to the enterprise, but cloud security concerns will drive rapid adoption of CASBs
Design and Innovation
Would you use an ATM that didn't need a card…*or* a PIN? (Naked Security) There's one sort of two-factor authentication (2FA) that almost all of us know very well, and use all the time
Research and Development
On-chip random key generation done using carbon nanotubes (Ars Technica) Carbon nanotubes will randomly seed themselves into properly designed circuitry
Legislation, Policy, and Regulation
Government, private sector pushing cyber security mandate in India (Business Standard) Both the government and the Indian industry are reaching out to major cyber security companies in the US and Israel to boost internal systems
Apple vs. FBI case colors European debate about securing digital identity (IDG via CSO) Although not present at Mobile World Congress, Apple still influenced the debate
Week ahead: Encryption fight heats up (The Hill) Two lawmakers are set to reveal more details about a major encryption bill Wednesday amid a renewed debate over what role Congress should play in regulating encryption standards
Coalition aims to educate policymakers on cybersecurity (Help Net Security) A group of vendors launched the Coalition for Cybersecurity Policy and Law, a new organization that will focus on education and collaboration with policymakers on the increasingly complicated legislative and regulatory policies related to cybersecurity
Preparing the next president for the future of cyber (Federal Times) It’s mid-winter of 2018…two weeks after a cyberattack of unknown origin shuts down electrical power in most of three Northeastern states
Ex-commander: US losing ground against Islamic extremism (The Hill) The U.S. has lost ground in the fight against Islamic extremism, the former commander of U.S. forces in the Middle East said in a recent interview
Twitter reach of ISIS trimmed by account suspensions, report says (FCW) More than 125,000 accounts linked to terrorists were suspended by Twitter in a little less than a year
OPM, Education Department CIOs resign under fire from Congress (Ars Technica) OPM CIO faced grilling over hack; Education CIO was under ethics investigation
DHS cyber official: Einstein key to the future of big data at agencies (FCW) Even if the Office of Personnel Management had the latest version of the Department of Homeland Security's multibillion-dollar firewall in place last year, it still would not have prevented the massive hack of OPM that compromised the data of some 22 million Americans. Phyllis Schneck, DHS' top cybersecurity official, readily admits this
Service Chiefs Reject Proposal to Develop New Military Cyber Force (Military.com) Former NATO commander and retired Navy admiral James Stavridis speaks often of his proposal to develop a fifth U.S. military service branch — a cyber force that would own operations in the virtual domain
Navy Wants to Unplug From Some Networks to Stay Ahead of Cyberattacks (Military.com) For the Navy, the best defense against a high-tech enemy may be a low-tech strategy
Health Care Needs To Do a Better Job Encrypting Data: Report (Wall Street Journal) Health-care organizations need to do a better job encrypting sensitive personal information such as medical records and Social Security numbers, according to a report by California Attorney General Kamala Harris
Litigation, Investigation, and Law Enforcement
iOS Security iOS 9.0 or later (iOS Security Guide) Apple designed the iOS platform with security at its core
FAQ: Here’s What You Need to Know About The Apple, FBI Dispute (Dark Reading) The case marks a watershed moment in the debate over national security interests and privacy rights
The Lowdown on the Apple-FBI Showdown (KrebsOnSecurity) Many readers have asked for a primer summarizing the privacy and security issues at stake in the the dispute between Apple and the U.S. Justice Department
Resetting terrorist's Apple ID password wasn't a screwup, says FBI (Naked Security) No, the FBI says, changing the password on the San Bernardino terrorist's iCloud account was not a screwup
FBI boss to Apple backers: 'Stop saying the world is ending' (MarketWatch) James Comey argues agency won't 'set a master key loose'
Apple to US govt: Withdraw demand for iPhone unlocking, we all need to talk first (Help Net Security) The battle between Apple and the US Justice Department continues, as the company still refuses to help the feds access the contents of a PIN-locked iPhone used by gunman Syed Farook in the way described in the court order
Jeff Kagan: Apple, FBI Privacy Debate Alive for Years (Equities) The Apple vs. FBI debate may go on for years
The U.S. Government Is About To Start A Tech Civil War… We're Siding With Apple (TechCrunch) Tim Cook’s open letter to customers about the FBI's request to create a backdoor with iOS has set off a critical conversation about privacy in America
Apple Has Already Won. Now It Should Crack the San Bernadino iPhone (IEEE Spectrum) Unless you've been completely off the grid for a week, you already know the FBI has obtained a court order requiring Apple to create a special operating system that lacks certain security features and to load it on the iPhone 5c found in the possession of one of the San Bernardino terrorists — all for the purpose of gathering evidence
Opinion: Why Apple isn't acting in the public's interest (Christian Science Monitor Passcode) To find the right balance between privacy and national security, we should focus on solutions that include responsible government involvement and don't rest on Apple's current marketing strategy. That way we can forge lasting privacy protections
Apple Seems to Be Losing PR Battle Over Unlocking iPhone (re/code) Apple appears to be losing the public perception battle in its dispute with the Department of Justice, with the majority of those surveyed by Pew Research saying the company should unlock the iPhone used by one of the shooters in the San Bernardino terrorist attack
Apple, FBI, and the Burden of Forensic Methodology (Zdziarski's Blog of Things) Recently, FBI got a court order that compels Apple to create a forensics tool; this tool would let FBI brute force the PIN on a suspect’s device
Mark Zuckerberg on Apple vs. FBI: 'We're sympathetic with Apple' (Macworld via CSO) "I don't think requiring backdoors is going to increase security," said Facebook's CEO at Mobile World Congress
Bill Gates pokes holes in Apple's argument against the FBI (Quartz) Microsoft co-founder Bill Gates appears to have taken a contrarian stance in the battle brewing between Apple and the FBI: In a video interview with the Financial Times (paywall) he speaks supportively of the government agency's position in the face of widespread opposition from the tech world
Bill Gates: 'Blindsided' By Reports I Back FBI on Apple (BloombergBusiness) Bill Gates, co-founder at Microsoft and co-chair at Bill and Melinda Gates Foundation, addresses his view of Apple's battle against an FBI court order to unlock an iPhone belonging to a shooter involved in the San Bernardino, California terror attack and the need for a balance between privacy and government access
Why the Government needs to leave Apple and Google Encryption Alone (Gartner Blog Network) The cat is already out of the bag with all of the advancements in encryption software
Manhattan DA: Expect more encryption court orders (The Hill) The Manhattan district attorney's office is considering seeking court orders to unlock encrypted smartphones in several cases
German police allowed to use its own "federal Trojan" (Help Net Security) The German Interior Ministry has approved for investigative use a spying Trojan developed by the German Federal Criminal Police (a so-called "federal Trojan"). In fact, it could end up being used as early as this week
Neuer Bundestrojaner kurz vor Genehmigung (Deutschlandfunk) Bald könnte der Staat wieder in die Rechner verdächtiger Bürger eindringen