The CyberWire Daily Briefing 04.05.16

Summary

By The CyberWire Staff

Kremlin dismissal of the Panama Papers scandal as mere "Putinophobia" cooked up by the US to discredit Russia's president aside, most other governments are taking the leaked documents seriously. At least seven countries have opened investigations into the data around the world open investigations into the data released by investigative reporters at Süddeutsche Zeitung and its media partners. Iceland's government may fall as a result of the scandal, and Süddeutsche Zeitung says that more revelations are coming. So far the leaked documents purport to show that Panamanian law firm Mossack Fonseca was connected with about 215,000 shell companies.

Anonymous prepares for its annual operation against Israeli websites. April 7 is the now traditional date dedicated to expressing hacktivist support for Palestinian interests. Israeli sites are bracing for the expected attacks.

Internal audits suggest that US State Department passport and visa databases remain vulnerable to compromise, although so far at least no leaks appear to have occurred.

The Taliban's Islamist propaganda app made it into the Google Play Store, where it remained for two days until Google noticed what was up and ejected the Taliban for violations of terms and conditions.

Google patched yesterday, closing eight vulnerabilities it characterized as "critical."

In industry news, Dell SecureWorks prepares for its April IPO. Layoffs continue at IBM, and may reach 14,000 in fiscal 2016. Palo Alto Networks expands its partner program.

The FBI offers other law enforcement agencies help gaining access to smart phones. UK police seem content with more traditional investigative methods.

Notes.

Today's issue includes events affecting Argentina, Australia, Austria, British Virgin Islands, China, Egypt, Finland, France, Germany, Iceland, Israel, Morocco, Netherlands, Niue, Panama, Qatar, Russia, Saudi Arabia, Serbia, Spain, Sweden, Turkey, Ukraine, United Kingdom, and United States.

This week we're covering two cyber security conferences: the Billington CyberSecurity INTERNATIONAL Summitin Washington, DC, today, and the CAMI Cyber Risk Management 360 conference in Baltimore, Maryland, on Thursday. Watch for our usual live-Tweets and extras.

On the Podcast

Catch the CyberWire's Podcast this afternoon, in which we'll talk with Yoni Shohet, CEO and co-founder of SCADAfence.SCADAFence about the challenges of securing industrial control systems in manufacturing processes. We'll also hear from the University of Maryland's Markus Rauschecker about how standards are established in legal cases regarding cyber security.

Sponsored Events

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016)

Selected Reading

Cyber Trends

The Next Big Thing: Who Drives the Security Agenda? (IBM Security Intelligence) “What came first, the chicken or the egg?” is a metaphysical mystery

More IoT device security woes in latest Bitdefender research (IoT Tech) New research shows that the move to smart homes is actually putting householders at risk of privacy theft after the discovery that a number of commonly used Internet of Things (IoT) consumer devices are vulnerable to cyber attack

IT Admins Just As Bad, If Not Worse, Than Employees At Changing Passwords (TechWeek Europe) Administrators change their security credentials less frequently than user passwords, survey at RSA Conference finds

Legislation, Policy and Regulation

UK military to pony up $57M for new cybersecurity center (FierceGovernmentIT) The U.K. Ministry of Defense plans to spend more than 40 million pounds ($57 million) on a new cybersecurity operations center to safeguard the ministry's networks and systems against cyberthreats

Four cyber defense challenges for the next administration (C4ISR & Networks) A fair portion of the modern military runs on silicon. We have even begun to refer to the modern battlespace as the digital battlefield

Opinion: The NSA must adapt to survive the Digital Age (Christian Science Monitor) National Security Agency Director Adm. Mike Rogers has undertaken an incredibly important overhaul of the agency – a plan known as NSA21 – that will ensure it remains well ahead of America's adversaries

The Pentagon doesn't know who’s in charge for responding to a massive cyber attack (Navy Times) The Pentagon does not have a clear chain of command for responding to a massive cyber attack on domestic targets in the United States, according to the federal government's principal watchdog

U.S. 10th Fleet CO Tighe Likely Nominee for Top Navy Intel Job; Previous Nominee Train Withdrawn (USNI News) The Pentagon is set to nominate the head of the Navy’s operational cyber arm to lead the service’s intelligence community, a person familiar with the nomination process told USNI News on Friday

Flag Officer Assignments (US Department of Defense) The Secretary of the Navy Ray Mabus and Chief of Naval Operations Adm. John M. Richardson announced today the following assignments: Rear Adm. Sean R. Filipowski will be assigned as deputy director, Signal Intelligence Directorate, National Security Agency, Fort Meade, Maryland

Products, Services, and Solutions

SECUDE Announces a New Release of Its SAP Data Protection Solution Halocore (Marketwired) Halocore facilitates the tracking and analyzing of all download activity from SAP applications, helping SAP customers identify sensitive data exports and prevent potential data loss

Palo Alto Networks and PwC Help Organizations Establish Breach Prevention Security Posture (PR Newswire) Palo Alto Networks® (NYSE: PANW), the next-generation security company, and PwC's Cybersecurity and Privacy practice are joining forces to help customer organizations establish security architectures, organizational structures and computing processes optimized to prevent cyber breaches

Recorded Future Announces Integration with Palo Alto Networks (PRNewswire) Customers gain real-time threat intelligence context from the Web; Live demonstration at Ignite 2016

ProtectWise Announces Integration With Palo Alto Networks (PRNewswire) Integration to provide increased visibility, threat detection and optimized incident response workflows for customers

Webroot and Cloud Harmonics Partner to Empower the Channel with Next-Generation Threat Intelligence (PRNewswire) Webroot BrightCloud Threat Intelligence for Palo Alto Networks Firewalls expands Cloud Harmonics' Enterprise Protection Product portfolio

A Day In The Life Of A Security Analyst (Dark Reading) 'The network doesn't lie' and host detection systems are also key tools for the analyst

Improving the response to cyber threats (Enterprise Times) Guidance Software has announced EnCase Endpoint Security v5.12, the latest version of its security software solution

CensorNet Offers Adaptive Multi-Factor Authentication Solution Through CenturyLink's Cloud Marketplace (Marketwired) CensorNet, the complete cloud security company, today announced its certification under the CenturyLink Cloud Marketplace Provider Program

DoD Certifies Fidelis Threat Defense Offering (ExecutiveBiz) A Fidelis Cybersecurity-designed threat defense offering has been added to the Defense Department’s list of products certified for interoperability and information assurance via an assessment stage

Calculate the cost and probability of a DDoS attack (Help Net Security) DDoS attacks are becoming increasingly larger, more complex, and perpetrated by cyber extortionist instead of hacktivists and vandals, according to a recent survey from Arbor Networks

Technologies, Techniques, and Standards

CAs Needs To Force Rules Around Trust (Dark Reading) Google Symantec flap reveals worrisome weakness in the CA system

War on Multiple Fronts: A Holistic Approach to Cybersecurity (Legaltech News) Success is adopting a holistic approach to managing threats on multiple fronts

In Search of Data Protection, Enterprises Look to Cybersecurity Frameworks: Survey (Legaltech News) Increases in industry-agnostic cyberattacks abound, with enterprises scrambling to protect their digital foundations. Does the NIST framework hold the answer?

The dangers of bad cyber threat intelligence programs (Help Net Security) I love a surprise ending in a movie. Whether I’m watching drama, action, or sci-fi, there’s nothing better than a plot twist you can’t predict

Wave of Cyberattacks on Hospitals Offers IT Security Lessons for MSPs (MSP Mentor) At least 14 U.S. hospitals have become victims of cyberattacks during the past six weeks, with some paying thousands of dollars in ransoms to regain access to locked data files and crippled networks

Marketplace

Cyber Insurance Rates Drop With Decrease In Big Data Breaches (Dark Reading) Insurers cut cyber insurance rates during the first quarter of 2016 as high-profile hacks subsided, Reuters reports

Israeli cybersecurity grabs 8% global market share (Globes) 20% of all Israeli high-tech companies are engaged in cybersecurity, making it the country's biggest sector

Dell's SecureWorks plans April IPO (CIO Dive) SecureWorks Corp., a cybersecurity firm owned by Dell Inc., plans to launch its IPO this month, according to a report from the Wall Street Journal

Dell To End The IPO Drought, But Is SecureWorks A Buy? (Seeking Alpha) Dell’s SecureWorks is expected to go public soon. The 18-year-old cyber security company has a net loss, disappointing margins, and questionable ability to operate independently from its parent company. Even though cyber security is a great segment for the long haul, SecureWorks is not the best peak right now

IBM Layoffs Hit Canada, Europe, Australia; US Likely Next (InformationWeek) IBM layoffs are hitting employees in Canada, Europe, and Australia. Another round of US layoffs is reportedly "imminent"

Bromium Delivering on Promise of Byzantine Fault Tolerance (eWeek) In 2011, Simon Crosby helped found security vendor Bromium, with the promise of enabling what is known in computer science as Byzantine fault tolerance

Pasadena-Based Guidance Software Founder Writes to Stockholders to Help Improve Company (Pasadena Business Now) Guidance Software Inc. founder and largest stockholder Shawn H. McCreight has written publicly to fellow stockholders of the Pasadena-based company to ask for their “help in turning this company around"

Brocade's Ruckus acquisition aims to set a standard for the Internet of things (Silicon Valley Business Journal) Brocade Communications Systems on Monday agreed to buy Wi-Fi equipment maker Ruckus Wireless in a cash and stock deal worth approximately $1.5 billion

DHS seeks vendors to support NextGen cybersecurity operations center (Federal Times) The Department of Homeland Security released the final request for proposals for its $395 million contract to support the agency’s network security services

Corero Network Security PLC wins European contract (Proactive Investors) More good news for the cyber security firm, whose shares are up almost three-fifths this year

Telesoft opens extreme cyber lab in Annapolis Junction (Telecompaper) Telesoft Technologies, a Cyber Defense and Network Visibility vendor, announced the official opening of a new extreme cyber laboratory and offices based in Annapolis Junction, Maryland

Research and Development

Prevent Neighbors from Stealing Your Bandwidth with This New Wi-Fi (Hack Read) We all love it totally when we hear about new WiFi routers that offer extensive range and far-reaching signals

Security Patches, Mitigations, and Software Updates

Google’s Nexus security update for April fixes 8 critical Android bugs (TechCrunch) Google is releasing the monthly security update for its Nexus Android devices today and with it, it is also announcing a list of the security vulnerabilities it has patched in this release

Google Patches Old Flaw Exploited by Rooting Application (Threatpost) Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices

Cyber Attacks, Threats, and Vulnerabilities

Massive Law Firm Hack Reveals Rich Hiding Money (eWeek) Hackers allegedly stole more than 11.5 million documents from the Panamanian law firm of Mossack Fonseca, detailing the workings of offshore accounts for many politicians and the rich, and delivered the information to journalists

Here’s What We Know About the ‘Panama Papers’ (New York TImes) On Sunday a group of global news organizations published articles based on a trove of leaked confidential documents from a law firm in Panama. They exposed how some of the world’s most powerful people were said to have used offshore bank accounts to conceal their wealth or avoid taxes

The Names in the Panama Papers (The Atlantic) Documents leaked Sunday from a Panama-based firm purport to show corruption and questionable business practices of world leaders, politicians, and others

Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices (Dark Reading) Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella

A guide to the biggest data leak in history (Guardian) What is Mossack Fonseca, how big is it, and who uses offshore firms? Key questions about one of the biggest ever data leaks

Siemens prüft nach Enthüllungen auch mögliche Ansprüche (MIttelbayerische) Der Elektrokonzern Siemens sieht sich nach den Enthüllungen zu Briefkastenfirmen im Ausland weiterhin als potenziell Geschädigter und will auch mögliche Ansprüche prüfen

Kremlin rejects Panama leaks as ‘Putinophobia’ (Financial Times) The Kremlin dismissed a report about billions of dollars in offshore funds circulating among intimates of Vladimir Putin as a case of “Putinophobia” whipped up by the US to discredit the Russian president

The Panama Papers could cause Iceland’s government to collapse (Quartz) The release of the Panama Papers will have a huge impact around the world. But Iceland deserves some particular attention

The Panama Papers reveal some own goals by soccer’s elite—including Lionel Messi (Quartz) The Panama Papers have provided unprecedented access into the world’s elite’s tax affairs. A number of current and former heads of state, as well as celebrities have been linked with tax avoidance and money laundering—including, unsurprisingly, some of soccer’s elite

Israel Prepares for Cyberattack Aimed to ‘Punish Zionist Entity’ for ‘Crimes Against Humanity’ (Allgemeiner) Ahead of what has become an annual cyberattack against Israel by pro-Palestinian hackers, video clips have been circulating in various languages warning about Thursday’s imminent disruption of networks identified as being associated with the Jewish state, the Hebrew news site Walla reported on Sunday

Did hacktivists really just expose half of Turkey's entire population to ID theft? (Register) A trove of leaked information, purported to be the entire Turkish citizenship database, has been leaked

Vulnerabilities in visa database could put up to 290M personal records at risk (FierceGovernmentIT) A visa database with over 290 million records could be vulnerable to hackers breaching, stealing and even doctoring official visa applications, the U.S. State Department found through an internal study on the matter

The Taliban app’s publication points to holes in Google’s app review process (TechCrunch) A propaganda application developed by the Islamist fundamentalist group the Taliban was live on the Google Play store for two days before being booted, raising questions about Google’s app review process, which today includes a combination of human editors and algorithms

‘Surreptitious Sharing’ Android API Flaw Leaks Data, Private Keys (Threatpost) Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys

New ransomware with an old trick: “Petya” parties like it’s 1989 (Naked Security) Here’s a ransomware story with a difference. Petya is modern-day malware that locks you out of your data, much like TeslaCrypt or Locky, but does it the hard way

HTTP compression continues to put encrypted communications at risk (IDG via CSO) Researchers improve the BREACH attack to extract sensitive data from encrypted HTTPS connections faster

The latest version of iOS lets anyone see your contacts and photos on certain iPhones (Quartz) You might want to wait before downloading the latest version of Apple’s operating system for iPhones

Sources: Trump Hotels Breached Again (Krebs on Security) Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year

Finnish Defense Ministry Hit by DDoS Cyber Attack (Defense News) Finland’s Ministry of Defence (MoD) is reviewing its IT security infrastructure in the wake of a distributed denial of service (DDoS) attack on its main website

A cyber attack turned out the lights on 80,000. What can stop them? (Reuters) In the middle of the afternoon on Dec. 23, at least 80,000 Ukrainians suddenly lost access to electricity. It was, U.S. officials and other analysts believe, the most dramatic escalation in several years of the quietly growing international confrontation in cyberspace

Bulletin (SB16-095) Vulnerability Summary for the Week of March 28, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

Bossier students learning cyber security (KSLA) Cyber security is a flourishing industry, and the threat of cyber attacks is growing right along with it

Litigation, Investigation, and Enforcement

FBI offering iPhone cracking services to federal agencies, local law enforcement (FierceGovernmentIT) Now that the Federal Bureau of Investigation apparently has its own way to bypass the security of Apple iPhones, it is starting to offer that capability as a service to other federal agencies, including law enforcement, around the country

To dodge crypto, undercover UK cops simply asked to see terror convict’s iPhone (Ars Technica) No need for backdoors or weakened encryption when clever policing does the job

Was an Asian government reading Hillary Clinton’s emails in February 2009? (Washington Post) I continue to be fascinated by the very early chapters of the Hillary Clinton homebrew email saga. For one simple reason: the clintonemail.com server apparently didn’t have the digital certificate needed to encrypt communications until late March 2009 — more than two months after the server was up and running, and after Secretary Clinton’s swearing-in on January 22

Former DHS Official: ‘Very Real Probability’ Asian Intelligence Services Read Unsecured Clinton E-Mails (Law Newz) Former DHS Official: ‘Very Real Probability’ Asian Intelligence Services Read Unsecured Clinton E-Mails

Clinton case shines light on danger to national secrets (The Hill) The sheer volume of mobile phones, laptops and tablets used by federal officials is making it difficult to stop leaks of classified information, officials worry

Hillary's 'classified' smokescreen hides real crime: Column (USA Today) Stewart Baker, writing for The Volokh Conspiracy Blog at the Washington Post on Monday, raises some largely overlooked, yet potentially very troubling issues related to Hillary Clinton’s use of private server while serving as Secretary of State

Top Silk Road 2.0 admin “DoctorClu” pleads guilty, could face 8 years in prison (Ars Technica) Brian Farell told feds: "You're not going to find much of a bigger fish than me"

Court Lifts Stay in Finjan v. Symantec (EIN News) Trial to proceed against Symantec on eight of Finjan's U.S. patents

Design and Innovation

Is the blockchain good for security? (CSO) The blockchain is now being hyped as the solution to all inefficient information processing systems

The Password In Your Eyes: Has Iris Identity Authentication Finally Arrived? (Legaltech News) More reliable than most biometrics, Iris-identity authentication solutions are catching on, with one company looking to turn the technology into an everyday utility

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading US and global corporate and government executives

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National Security, the Honorable John P. Carlin keynote along with experts from The FBI, The US Secret Service, Intel Security and dozens more. The invited attendees will have a catered breakfast, lunch & cocktail reception with fellow business leaders. Limited Passes still available, for 50% off use promo code cyberwire50 at CyberSummitUSA.com (just $125 with code).

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education

Cyber Risk Management 360 (Baltimore, Maryland, USA, April 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event designed to help keep Maryland’s businesses cyber secure and connect them with Maryland’s cybersecurity providers. Join us for an information-packed cybersecurity panel discussion followed by a business exchange and networking hour during which attendees can visit sponsor and MD cybersecurity company exhibits.

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.

Spring Conference 2016: Creating a Cybersecurity Communtiy (Los Angeles, California, USA, April 11, 2016) The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing and security professionals.The Spring Conference is the leading Information Systems IT governance, control, security and assurance event for the Southern California area.

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based Security is the must attend symposium of its kind in 2016 on this critical new reality.

Federal Security Summit 2016 (Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per month, and 66% of these breaches take up to a year to be discovered. With over 200,000 new malicious programs created daily, what are agencies doing to fight off cyber attacks and keep systems secure? This interactive working breakfast panel will share best practices and solutions.

Workforce 2.0: How to Cultivate Cybersecurity Professionals (Baltimore, Maryland, USA, April 12, 2016) Please join Passcode along with White House Chief Information Officer Tony Scott and other leading figures in digital security to explore the newest ideas and approaches to close the cybersecurity skills gap. At the event, Passcode will also launch its new Security Culture section that will unpack and illustrate the far-reaching and increasingly important role that digital security plays in daily life.

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations

QuBit Conference (Prague, the Czech Republic, April 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Panama Papers' fallout continues. Industry news includes layoffs and an IPO.