Dallas, Texas: the latest from Women in Cybersecurity (WiCyS)
Value, Mentorship, and Opportunity: the View from WiCyS 2016 (The CyberWire) Three clear themes emerged from 2016's Women in Cyber Security Conference: recognition that cyber security is part of any business's value proposition, the importance of mentorship in career choice and development, and, finally, the reality that ability to recognize and pursue opportunity is far more important than detailed career planning
Calling All Women: The Cybersecurity Field Needs You And There's A Million Jobs Waiting (Forbes) Cybersecurity has a gender problem: Only 11% of the world’s information security workforce are women, according to the Women’s Society of Cyberjutsu (WSC) — a 501(c)3 non-profit passionate about helping and empowering women to succeed in the Cybersecurity field
Cyber Attacks, Threats, and Vulnerabilities
A cyber attack temporarily shut down the Hungarian government's website (Irish Examiner) The Hungarian government said its computer network has come under attack from outside the country, with access to several websites temporarily blocked
It’s Cyberwar, it’s Turkish vs Armenian Hackers Amid Nagorno-Karabakh Dispute (Hack Read) A group of Turkish hackers going by the online handle of Turk Hack Team (THT) have decided to side with Azerbaijan over the ongoing Nagorno-Karabakh conflict and conducted a series of cyber attacks on Armenian servers earlier today
'Cyber Jihad' Is Coming to America (Fortune) The government says it’s only a matter of time
Islamic State West Africa reaffirms loyalty to al Baghdadi (Long War Journal) The Islamic State West Africa (ISWA), which is more commonly known by its former name Boko Haram, reaffirmed its loyalty to both its local leader Abubakar Shekau and the overall leader of the Islamic State, Abu Bakr al Baghdadi
MedStar IT system mostly back to full operation after cyber attack (WTOP) MedStar Health’s IT systems are back to about 90 percent functionality after a cyber attack last week
MedStar: No Ransom Paid In Cyber Attack (WBAL) MedStar Health officials said Friday that they have not paid any kind of ransom related to a cyber attack on its computer networks
FBI investigating cyber attack on United States hospital group Medstar (Leader Call) MedStar stressed that there is no evidence patient files have been compromised and all facilities will remain open, despite the lack of access to medical records, scheduling computers, internet services, and email. The FBI is investigating, but has not said anything about the source or type of the breach
MedStar hack shows risks that come with electronic health records (Baltimore Sun) Spurred on by the federal government, hospitals in Maryland have moved quickly in recent years to roll out electronic medical records
U.S., Canada issue joint alert on 'ransomware' after hospital attacks (Reuters) The United States and Canada on Thursday issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as "ransomware," which encrypt data and demand payments for it to be unlocked
My Layman’s Terms: The Java Deserialization Vulnerability in Current Ransomware (CyberWatch) There has been a recent wave of ransomware attacks against hospitals, highly publicized and for good reason. Who the hell attacks hospitals with malicious code that locks up access to critical care systems, and puts our most vulnerable at further risk? Well, there’s more to this story than I can reveal here but I’ve been following the trend for months, and here’s what you need to know
Why your medical information is gold for hackers (ITProPortal) The popularity of personal health information (PHI) is increasing among hackers, and its value continues to escalate on the black market
Trouble paying the ransom? This ransomware provides QR code for mobile payment (Graham Cluley) This ransomware believes in making payment easy for its victims
Buying Bitcoin Ransomware for US$100 on Darknet (Bitcoins) Now that Bitcoin ransomware is becoming even more of a global threat, some researchers took it upon themselves to delve deeper into the world of underground marketplaces on the darknet and Internet criminality
Ransomware Authors Break New Ground With Petya (Dark Reading) Instead of encrypting files on disk, Petya goes for the jugular by encrypting the entire disk instead, says F-Secure
Weekly Security Roundup #71: All Ransomware Everything (Heimdal Security) In this past week, ransomware took over the scene. You’ll see that most of the security articles revolve around how easy ransomware spreads, who are the latest victims, how it evolved and how much it affects businesses
An Update on Terracotta VPN (RSA Blog) Yesterday at Black Hat Asia in Singapore, RSA Researcher Kent Backman presented an update on Terracotta, our name for a VPN service marketed in China that we originally reported on in August of 2015. Great Firewall traversal, a primary use case for Terracotta, is commonly marketed to Chinese users
How the EITest Campaign’s Path to Angler EK Evolved Over Time (Palo Alto) In October 2014, Malwarebytes identified a campaign based on thousands of compromised websites that kicked off an infection chain to Angler exploit kit (EK)
New Heap-Spray Exploit Tied to LZH Archive Decompression (Threatpost) Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-’90s and still in use today
What is Multi Vector DDos attack and why are attackers preferring it ? (CodingSec) Attacks on corporations by hackers has been quite common these days
PHP, Python still fail to spot revoked TLS certificates (Help Net Security) In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: badly designed APIs of SSL implementations and data-transport libraries
Recent Verizon Data Breach Was Preceded by Another Screw-Up (Softpedia) It appears that Verizon had problems securing MongoDB databases months before the most recent data breach that allowed hackers to steal at least 1.5 million customer records and then put them up for sale on the Dark Web
iPhone vulnerabilities find an active marketplace (San Francisco Chronicle) After a tumultuous week in which the Department of Justice dropped a controversial legal effort to force Apple to assist the FBI in unlocking an iPhone, there’s much we still don’t know
Cyberthieves’ Latest Target: Your Tax Forms (Wall Street Journal) Companies are on the lookout for an email scam that can wreak havoc on employees’ lives for years
Meet the hacker who rigged elections in 9 Latin American Countries for 8 years (Hack Read) Last month we reported how a Brazilian hacker claimed to have hacked election voting machine in the country and rigged the elections in favor of the political party in power. But, now another hacker has claimed to do the same but on a larger scale
Public warned not to use Santander cash machines by police (Telegraph) The public have been warned by police not to use Santander cash machines over fears they have been "compromised"
BitQuick confirms customer database leak during cyber attack (LeapRate) Bitcoin trading platform BitQuick, which fell victim to a cyber attack about two weeks ago, has provided an update regarding the status of customer data
SQL Injection Allowed Hacker to Steal Data of 237,000 Users from Adult Site (Hack Read) Team Skeet adult website got hacked after a hacker obtained access to its administrative functions. After the hack, the user data stored on the website was being advertised on the Dark Web
Google's Mic Drop Gag Screws Up April Fools' Day Joke (InformationWeek) Google is forced to pull a Gmail April Fools' Day joke called Mic Drop after users accidentally tell off coworkers and employers. However, the search giant had some other gags ready to go
Steam hacker says more vulnerabilities will be found, but not by him (Ars Technica) "It looks like their website hasn't been updated for years"
Security Patches, Mitigations, and Software Updates
How to update Silverlight - or uninstall it completely! (Graham Cluley) Friends don't let friends run out-of-date plugins
Red Hat Wildfly up to 10.0.0 on Windows Blacklist Filter File Information Disclosure (Vuldb.com) A vulnerability classified as problematic has been found in Red Hat WildFly up to 10.0.0 on Windows. Affected is an unknown function of the component Blacklist Filter
Cyber Trends
Security can be a competitive differentiator (CSO) Technology has opened a security Pandora's Box
Quarter of Breached Organizations Learn Through Third Parties (Information Management) Cyber attackers are gaining access to valuable, sensitive data such as login and access credentials, according to the 3rd Annual SANS Endpoint Security Survey conducted by SANS Institute and co-sponsored by Guidance Software
Preparing for a future where everything is connected to the Web (+video) (Christian Science Monitor Passcode) At an Atlantic Council event on Thursday, experts said that Internet-connected devices need to be more rigorously defended from hackers to realize their potential
Raising The Stakes For Application Security (Dark Reading) Why, if we already know most everything we need to know about exploited vulnerabilities in software, do hacks keep happening?
Cybercrime costs Dutch government, industry €10bn a year (Dutch News) Cybercrime is costing the Dutch government and private sector an estimated €10bn a year according to research by accountancy Deloitte
Marketplace
Bridging the Accountability Gap: Why We Need to Adopt a Culture of Responsibility (re/code) Businesses face a litany of existential threats: Hostile takeovers, talent departures, unpredictable customer behavior and market fluctuations — all deeply familiar risks that leaders have carefully planned for and assessed over decades. Yet these same leaders are often alarmingly unprepared for the most potentially damaging threat — a massive data breach that could mean the loss of everything … all in a matter of seconds
Security can be a competitive differentiator (CSO) Technology has opened a security Pandora's Box
Dell and EMC bare all on merger plans in massive SEC filing (CRN) Go-to-market plans, VMware, rules of engagement and partner programmes all covered in FAQ document
Cybersecurity firm could be first tech IPO in 2016 (USA Today) A cybersecurity firm could be first U.S. tech IPO in 2016
FireEye’s Poised to Grow (Scibility Media) Analyst’s predictions were for a loss of $1.30 for fiscal 2016, but when FireEye released its Q4 2015 earnings, it predicted a potentially more optimistic loss per share of around $1.20-1.27 for 2016
Israel's security industry under spotlight over reported link to San Berardino iPhone battle (Independent) The reported involvement of an Israeli cyber security firm in the iPhone unlocking battle between the FBI and Apple has put the fast-growing industry - with its military connections - into the news
CYBERBIT™, Elbit Systems' Subsidiary, Awarded Contracts Valued At An Approximately $22 Million To Supply Intelligence And Cyber Systems To A Customer In Asia-Pacific (The Street) Elbit Systems Ltd. (NASDAQ and TASE: ESLT) ("Elbit Systems"), announced today that its subsidiary, CYBERBIT Ltd. "CYBERBIT"), was awarded contracts to supply intelligence and cyber analysis and research systems for a country in Asia-Pacific for an aggregate amout of approximately $22 million. The systems will be supplied over a two- year period
Global IAM market to reach 24.55 billion by 2022 (Help Net Security) The global identity and access management (IAM) market is expected to reach USD 24.55 billion by 2022, according to Research and Markets
Wynyard Appoints Sir Iain Lobban as Cyber Security Adviser (Scoop) Wynyard Appoints Sir Iain Lobban as Strategic Adviser on Cyber Security for Its Commercial Customers
Products, Services, and Solutions
Anonymous Browsing: Avira Launches Phantom VPN for Android, Windows Users (Hack Read) Avira is known for developing the very popular, award-winning software Avira Antivirus and it seems the company has been striving to provide web users a secure environment over the web space so that their privacy is not violated nor are their computers
Healthcare organization adopts security as a utility (Network World) Use of ProtectWise enables it to acquire, manage and operate their security architecture from the cloud
Technologies, Techniques, and Standards
Neighborhood Watch: Identifying Early Indicators of the Central Bank of Bangladesh Heist (Recorded Future) As a threat intelligence analyst, the largest impact you make may be the observation of early indicators of compromise (IOCs) on other companies within your industry vertical. When you see the neighbor’s house on fire, the first thing to do is determine whether your house is on fire as well. In early hacks, this equates to “Am I being attacked or am I about to be attacked?”
A beginner's guide to encryption (Christian Science Monitor Passcode) Don't understand encryption or the policy debates around it? Let us walk you through the basics
Why SMBs need threat intelligence (Help Net Security) SMBs need threat intelligenceMost of the innovative work being done in information security comes from to small to medium sized companies
A House Divided Does Not Fall (SIGNAL: CyberEdge) Network segmentation offers a way to meet burgeoning security needs
The role of behavioural biometrics in authentication (ITProPortal) Despite its popularity, it’s well known that the password is one of the least secure forms of authentication
Implementing Disaster Recovery as a Service to avoid losing your business (IT Security Guru) Protecting a business from natural disasters and unwanted trespassers will probably come as second nature. But in the age of a digital revolution, protecting data from cyber intrusion, human error and data loss need to be top of the agenda for all businesses
Devalue data, deter cybercriminals (SC Magazine) The same motivation that has for decades convinced cat burglars to sneak in through open windows and pilfer jewels from the dresser drawers of their sleeping victims moves cybercriminals to slither around in cyberspace to steal data: It's valuable. And easy to get to
7 Cybersecurity Tips For Lawyers (Above the Law) This past week, the world learned about the big hack of Biglaw. If your employer was one of the almost 50 firms prestigious enough to be targeted by Russian hackers… congrats?
Design and Innovation
Encryption we can trust: Are we there yet? (Help Net Security) Encryption is arguably the most important single security tool that we have, but it still has some serious growing up to do
Microsoft’s disastrous Tay experiment shows the hidden dangers of AI (Quartz) Humans have a long and storied history of freaking out over the possible effects of our technologies
Academia
Military, Government Focus on Statewide Cyber Education (SIGNAL) STEM in Hawaii is boosted to sow seeds for cyber personnel
Legislation, Policy, and Regulation
UK sets up new cyber security centre to protect defence networks and systems (Domain-b) The UK is setting up a new cyber security centre designed to protect Ministry of Defense (MoD) networks and systems from ''malicious actors'
Brussels terror attacks: Why ramping up online surveillance isn’t the answer (Ars Technica) Op-ed: Brief moratorium needed on calls for new spying laws after atrocities
How Should the World Respond to Terrorism? (Defense One) We invert the classic Q&A to explore the complexities influencing global responses to terrorism today
Army tells officers to fight battlefield intelligence system in Congress (Washington Times) An internal Army memo is calling on officers to fight legislation from a Marine veteran in Congress who wants to mandate fixes to a complex intelligence computing network panned by soldiers at war
Navy withdraws intel boss nominee, furthering uncertainty (Navy Times) The Navy’s top officer is withdrawing the nomination of Rear Adm. Elizabeth Train to take over as director of naval intelligence and replace the three-star who has been hamstrung for more than two years by a lack of access to secret information
Litigation, Investigation, and Law Enforcement
Die Geheimnisse des schmutzigen Geldes (Süddeutsche Zeitung) Enge Vertraute des russischen Präsidenten Wladimir Putin haben in den vergangenen Jahren offenbar mehr als zwei Milliarden Dollar durch Das Netzwerk
Offshore Links of More than 140 Politicians and Officials Exposed (International Consortium of Investigative Journalists) A new investigation published today by ICIJ, the German newspaper Süddeutsche Zeitung and more than 100 other news organizations around the globe, reveals the offshore links of some of the planet’s most prominent people
Documents leaked from a Panamanian law firm reveal a global web of corruption (TechCrunch) t started with a single, encrypted message to the Suddeutsche Zeitung, and what it has become is, quite simply, the biggest leak of private documents yet seen on the Internet
What to Know About the ‘Panama Papers’ Leak (Time) The 11.5 million documents released this week implicate several world leaders and their families
A massive leak of documents connects Putin and other world leaders to offshore deals (Quartz) Some 72 current or former heads of state, including Russia’s President Vladimir Putin, have been linked with secret offshore deals following a leak of 11 million papers from one of the world’s largest offshore law firms, Mossack Fonseca
The five most important graphs from these Panama Papers leaks (Quartz) It’s being described as the “biggest leak in history.” Over 11 million confidential documents were released from the Panamanian law firm Mossack Fonseca, which has been described as the world’s fourth-largest provider of offshore services
FBI offers crypto assistance to local cops: “We are in this together” (Ars Technica) After iPhone unlock in San Bernardino, FBI re-assures police it will try to help
FBI takes heat for keeping iPhone hack details under wraps (Macworld via CSO) Criticism is mounting as the agency is reportedly trying its iPhone cracking method on more devices
Has Reddit been served with a National Security Letter? (Help Net Security) Reddit has published its 2015 Transparency Report, and there is one thing missing from it: the entire section about national security requests
Apple Vs. The FBI: Protecting The Poetry Of Code (InformationWeek) If the FBI had succeeded in its attempt to have Apple write a new version of iOS (FBiOS, perhaps?), then what would a tech vendor have been required to do next?
Reddit’s warrant canary is now pushing up the daisies (Naked Security) Reddit’s warrant canary has disappeared, leaving nary a metaphorical feather in its wake after it flew the company’s latest transparency report
Hillary Clinton says the FBI hasn't asked to interview her about email server (Los Angeles Times) Hillary Clinton said Sunday that the FBI has not asked to question her about her use of a private email server when she was secretary of State, a controversy that has dogged her presidential bid
U.K. man convicted of plotting to attack U.S. troops in Britain (Military Times) A British delivery driver was convicted Friday of planning to attack American military personnel in the U.K. in a plot inspired by the Islamic State militant group
Marcel Lazar aka Guccifer Hacker Facing Criminal Charges (Hack Read) Marcel Lazar, aka Guccifer, is a Romanian hacker who managed to break into computer accounts of high-profile political figures and is now paying the price of his malicious deeds
A spiritual successor to Aaron Swartz is angering publishers all over again (Ars Technica) Meet accused hacker and copyright infringer Alexandra Elbakyan
