The CyberWire Daily Briefing 01.17.17

Summary

By The CyberWire Staff

The Russian authorities continue their pious denials of hacking in the service of espionage and influence, but few other governments take such protestations of good citizenship seriously. France and Estonia in particular are working to shore up defenses—France is particularly concerned about its May 2017 elections. The US is mulling its response during this final week of Presidential transition. There's also been a reliable sighting of Fancy Bear sniffing and pawing through Norwegian military and foreign ministry targets.

Last month's takedown of portions of Ukraine's power grid remains spooky, prompting a number of "It could happen here" stories as observers fear that the hack was a dress rehearsal for an attack with widespread consequences. Contrarian observers make the sound point that squirrels have caused thousands of blackouts while hackers seem responsible for about two. There's surely some breathless fear, uncertainty, and dread around, but it's worth noting that botnet-driven DDoS with widespread effect was also seen by some as FUD until Mirai hit.

Palo Alto has identified and is following a second wave of Shamoon attacks. Intel Security notices that some apps available on Google Play are stealing Turkish users' Instagram credentials and collecting them in a remote server.

WhatsApp's usability feature, incorrectly but perhaps understandably thought by some to be a backdoor, receives security scrutiny.

The attackers who hit MongoDB last week have apparently turned their attention to ElasticSearch servers, more than 2500 of which have been infected with ransomware.

A sophisticated Gmail phishing campaign is in progress.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, France, Germany, India, Japan, Netherlands, Norway, Russia, Turkey, Ukraine, United Kingdom, United States

On the Podcast

In today's CyberWire podcast we hear from our partners at Level 3, as Dale Drew explains BGP flowspec and DDoS.

If you've been enjoying the podcasts, please consider giving us an iTunes review.

A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.

Sponsored Events

Cyber Security Lunch & Learn (Norfolk, VA, USA, February 2, 2017) Learn how to build a better security incident response program in 2017 from a SANS instructor and enterprise CISO! Earn CPE Credits.

Women in Cyber Security (Tucson, AZ, USA, March 31 - April 1, 2017) With support from various industry, government and academic partners, WiCyS has become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Selected Reading

Cyber Trends

The cyberspace tipping point (Seattle times) This realm is where we now spend increasing hours of our day, shopping, dating, news-seeking. And it’s where our president-elect and the leader of ISIS can communicate with tens of millions — without editors, fact-checkers, libel lawyers or other filters

Data Privacy Day reminds digital citizens to better manage their privacy (Help Net Security) Many consumers do not fully understand how their information is collected, used and stored by the devices, apps and websites they use every day

Legislation, Policy and Regulation

China tightens control over app stores (CSO) China had ordered Apple to remove a New York Times app earlier this month

Japan gropes for cyberattack solution as victims suffer in silence (Japan Times) Last November, chilling news made headlines nationwide — the internal communications network of the Defense Ministry and Self-Defense Forces had been hacked in September, possibly by another nation

France takes steps to prevent an election hack attack (France 24) Alarmed by allegations of Russian meddling in the 2016 US presidential race, French authorities have warned political parties against the threat of cyber attacks as the country prepares to elect a new president in May

Bill to designate cyberspace as security environment (Baltic Course) The Ministry of the Interior is seeking opinions on a draft document setting out Estonia's security policy fundamentals, which designates cyberspace as another dimension of the security environment alongside land, territorial waters and airspace

Deeper malicious intent seen in 'public' cyberwar (Bangkok Post) Compared with the alleged Russian hacks of the Democratic National Committee and other US targets, another important cyber theft that has also been tentatively attributed to Russia is getting far less attention

Russia denies existence of cyber attack units (IHS Jane's 360) Amid a growing scandal in the United States over Russian attempts to interfere in the 8 November presidential election, Moscow has denied the existence of both its 'cyber corps' or the assertion that any Russian government entity engages in attacks on foreign computer systems

Ash Carter on Russia hacking: U.S. could go beyond cyber response (CBS News) Outgoing Defense Secretary Ash Carter has been openly critical of what he says have been Russian efforts to sow seeds of global instability

How America Can Beat Russia in Cyber War, Despite Trump (Wired) Hackers working on behalf of the Russian government have attacked a wide variety of American citizens and institutions. Targets have included the Democratic National Committee, the Republican National Committee, prominent Democratic and Republican officials, and university and academic research programs

Trump’s effort to end era where US is ‘hacked by everybody’ (CNN Wire via WHNT) The incoming Trump administration has promised to create a brand new “hacking defense” policy to protect the federal government and American companies

Podcast: How Congress can fight Russian hackers (Christian Science Monitor Passcode) The Cybersecurity Podcast team interviews Rep. Jim Langevin (D) about the cybersecurity challenges ahead after intelligence agencies came out with a report detailing Russia's involvement in the hacks of Democratic political organizations

Why Elections Are Now Classified as 'Critical Infrastructure' (Atlantic) President Obama’s homeland-security adviser hinted that it might help deter foreign cyberattacks

Why it matters to call voting booths 'critical infrastructure' (Christian Science Monitor Passcode) The Department of Homeland Security designated 'election infrastructure' among the country's most valuable and critical industries and sectors. That could trigger greater protections at the ballot box against malicious hackers

DHS move on election security unlikely to survive transition (CyberScoop) The controversial decision by the Department of Homeland Security to designate the nation’s election system as “critical infrastructure” has touched off a firestorm of opposition, and the incoming Trump administration has all but promised to overturn it

How Rudy Giuliani will advise Trump on cybersecurity (Christian Science Monitor Passcode) The former New York mayor will pull together experts from a community that appears skeptical of cybersecurity under a Trump presidency

Inquirer Editorial: Cyber security too important to give Giuliani the job (Philadelphia Inquirer) President-elect Donald Trump must divorce his being allergic to the suggestion that Russian hackers tried to help him win the election from the need to respond to intelligence agency evidence of cyber attacks on this nation

Cyber backers see hope in Kelly nomination (Washington Examiner) The Department of Homeland Security has been positioned in recent years as the lead civilian agency on cybersecurity, and keeping it in that spot is a top priority for its congressional overseers

Mike Pompeo, CIA nominee, has barely talked about cybersecurity (CyberScoop) After five years in Congress and a lengthy confirmation hearing last week before the Senate Intelligence Committee, there are few clues about how Rep. Michael Pompeo will guide the Central Intelligence Agency’s cyber-defense and cyber-espionage efforts

The Trump Administration Has Not Asked Palantir Technologies To Build A Muslim Registry (Forbes) Palantir Technologies CEO Alex Karp said his company has not been asked to build a registry of Muslims living in the United States and would not do so if asked

Outgoing CIA chief rips into Trump over Russia (CTV News) The outgoing CIA director charged on Sunday that Donald Trump lacks a full understanding of the threat Moscow poses to the United States, delivering a public lecture to the president-elect that further highlighted the bitter state of Trump's relations with American intelligence agencies

Products, Services, and Solutions

EclecticIQ partners with SenseCy to bring leading Cyber Threat Intelligence technology to the Israeli cyber community (EclecticIQ) enseCy, an innovative Israeli provider of human-curated intelligence to financial institutions, corporates, and governments, has formed a partnership with EclecticIQ, the industry-leading builder of analyst-centric technologies that turn cyber threat intelligence into business value

The Manufacturing Vertical and NetWatcher (NetWatcher) Manufacturing companies face significant challenges in an age of the Industrial Internet of Things, driving organizations to facilitate more connections between the physical process world and the Internet

What if Hillary Clinton & the DNC Had Used The Snowden Playbook? (PRNewswire) CloudMask, a Cybersecurity company, is pleased to announce at RSA 2017 its new offering specifically designed for SaaS and Enterprise developers, and invites you to visit their Booth at RSA 2017

Menlo Security Intros New Partner Program (Channel Partners) Menlo Security is launching a program to help solution providers protect enterprises using isolation security

Microsoft cloud gets Pentagon's top security rating (FCW) The Pentagon has given the highest security rating for unclassified data to Microsoft's federal cloud offerings, Azure Government and a Defense Department-specific iteration of Office 365. The Microsoft services were granted Level 5 provisional authority to operate certification

Kaspersky Lab enhances enterprise incident response with 'Threat Lookup' (Deccan Chronicle) The new service helps businesses to properly analyze digital evidence in light of a security incident

FNB increases online banking security (New Era) In an age of technology, online security has always been a concern for people making use of online banking. As such, FNB Namibia has increased security technology to make sure that clients and their transactions are safe and secure

TopSpin Security First to Combine Threat Intelligence and Advanced Asset Profiling in Intelligent Deception Solutions to Protect Assets from Cyber Attackers (SAT Press Releases) TopSpin Security, Inc., the leader in integrated deception and detection solutions, today at the 2016 FS-ISAC Fall Summit introduced the newest version of DECOYnet™, the industry’s first deception and detection solution to combine threat intelligence and advanced asset profiling to help keep cyber attackers away from organizations’ real assets

CryptoSearch Finds Files Encrypted by Ransomware, Moves Them to New Location (Bleeping Computer) Security researcher Michael Gillespie has developed a new Windows app to help victims of ransomware infections

Technologies, Techniques, and Standards

Specification Standardizes Management of Trusted Execution Environments and Trusted Applications (Bob's Guide) New framework enables service providers to remotely manage their trusted applications on connected devices

Thoughts on incident response automation and orchestration (Network World) Projects are well underway and evolving, while commercial IR tools continue to gain momentum

For #&%@’s Sake, Make Your Passwords Stronger (Mac Observer) Hey, guess what? Your passwords probably suck. Most of our passwords suck. To be fair, mine don’t. They’re stupid long, are random, and I never repeat them

It makes good security sense to change Alexa's name - here's how (Graham Cluley) Shame there are so few options

Marketplace

US Pushes Cybersecurity Acquisition Tools as Contracts Flow (Tech News World) Vendors of cybersecurity offerings are finding that the U.S. government is serious about improving the protection of federal IT assets. A steady stream of data protection contracts has been flowing to providers, including some notable high-value transactions during the last half of 2016

How Symantec, FireEye, Cisco and Others Could Fit Into Trump's Cybersecurity Plan (The Street) Security adviser Rudy Giuliani plans to reach out to the private sector for help defending the government from attacks

Trump files: The murky business of corporate intelligence (CNN Money) The CIA. MI-6. Russia's SVR and GRU. These intelligence agencies work covertly to gather and analyze foreign intelligence on behalf of their respective governments

IBM: Still A Buy? (Seeking Alpha) IBM is at a turning point. The market is underestimating the growing importance of IBM's strategic imperatives and growth catalysts. Despite the recent appreciation, IBM still offers good value. We value IBM between $191 and $216 per share

How IBM Is Using Artificial Intelligence to Provide Cybersecurity (Madison[.]com) Cybercrime is an epidemic. Consider these statistics from Checkmarx: Cybercrime is expected to cost businesses over $2 trillion annually by 2019, four times as much as 2015

Why Corero Network Security plc (AIM:CNS) Has Zero-Debt On Its Balance Sheet? (Simply Wall Street) Any company, including Corero Network Security plc (AIM:CNS) with no debt in its capital structure, would maximize capital returns by having an optimal capital structure, which includes debt

Splunk Lays out ‘Significant Opportunities,’ Per Drexel (Barron's) Shares of Big Data and analytics software maker Splunk (SPLK) closed down $1.35, or 2%, at $56.33, after the company held an analyst day presentation in San Francisco with The Street today, during which it forecast revenue this year slightly below consensus

WISeKey (SIX:WIHN) Obtains $16.4 Million Secured Line of Credit Facility for Acquisition Financing (Yahoo! Finance) WISeKey International Holding Ltd (“WISeKey”) (WIHN.SW) today announced that it has obtained a $16.4 million secured line of credit facility (the “Credit Facility”) for acquisition financing with maturity up to 18 months from ExWorks Capital,

Herndon’s newest cyber company launches with $21M in funding (Washington Business Journal) Opaq Networks CEO Glenn Hazard wants to provide cyber as a service

Darktrace reports $125 million in new contracts (Access AI) The cyber-security firm's Enterprise Immune System technology has detected 27,000 serious cyber incidents

Air Force selects Diligent to facilitate transition of COMSEC tracking to Joint program (Yahoo! Finance) Diligent Consulting Inc. (Diligent), announced today that they have been awarded the Air Force (AF) Communications Secure (COMSEC) and Controlled Cryptographic Items (CCI) Accountability and Tracking (COMSEC/CCI) Tool program, a $1,576,455 contract under the NETCENTS-2 Application Services Small Business IDIQ vehicle

Cisco Wins Deal to Upgrade IDF, Ministry of Defense Networks (Jerusalem Post) IDF Chief of Staff Gadi Eisenkot recently authorized IDF to invest billions into cyber operations

5 Questions with founder of cyber security startup Swimlane (Times-Call) For a less-than three-year-old company, Louisville's Swimlane is swimming in cash

CSRA looks to hack out a new identity a year after CSC spinoff (Washington Business Journal) On Wednesday morning, 33 of CSRA Inc.’s employees filed into the Falls Church headquarters to participate in a company-sponsored hack-a-thon — an event for them to practice and hone their skills in the areas of cloud, cybersecurity and big data

Cyber Risk Management, LLC unifies portfolio companies as Focal Point Data Risk, LLC (BusinessWire) Company establishes leadership position as one of the largest pure-play cyber risk management firms in just 36 months; Game-changing approach helps organizations manage and mitigate risk across the enterprise

Cyberwarfare.com Acquired By Cybersecurity Ventures (EIN) Leading cybersecurity research firm pays undisclosed sum for premium dot com domain name

Scuttlebiz: Augusta becoming Southeast’s cyber capital (Augusta Chronicle) If there’s a better way to start off a new year, I can’t think of it

Verizon CISO Paves Way for Women in Cybersecurity (Light Reading) There is a huge opportunity for women in cybersecurity, a field that's not only lacking in females, but which faces an overall talent shortage

CEO ousted in AISA coup (iTNews) Exclusive: Board reshuffle prompts unexpected overthrow

Research and Development

Eset opens new R&D offices in Montreal, Iasi (Telecompaper) Slovakia-based IT security firm Eset expanded its R&D office in downtown Montreal, Canada, and opened a new one in Iasi, Romania

Security Patches, Mitigations, and Software Updates

Microsoft details tweaks to its Windows 7, 8.1 patch rollups (ZDNet) Microsoft has made some changes to its monthly patch rollups for Windows 7, 8.1, Windows Server 2008 and Server 2012, with more tweaks to come in February. Here's what's happening

Microsoft Says Windows 7 Has Outdated Security, Wants You to Move to Windows 10 (Softpedia) Redmond starts the Windows 10 offensive against Windows 7

PC security stepped up with new ‘Windows Goodbye’ screen lock (Naked Security) Windows 10 users already have Windows Hello: the biometrics way to unlock systems using their faces, fingerprints or irises

Adobe quietly bundles data-collecting Chrome extension with latest Reader update (Help Net Security) Chrome users who have installed the latest Adobe security updates have also been unknowingly saddled with a browser extension (“Adobe Acrobat”) that can collect some of their operating environment data

Cyber Attacks, Threats, and Vulnerabilities

‘Fancy Bear’ also growls at Norway (News in English: Views and News from Norway) The same group of hackers that intelligence officials believe swung the US election in favour of Donald Trump has also attacked Norwegian targets within the military and foreign service. Called “Fancy Bear,” computer security experts believe Russia is behind the hacking that’s aimed at political manipulation and destablization of western democracies

Ukraine power outages ‘the work of cyberattackers’, warn experts (Naked Security) Ukraine’s second major power outage in 12 months was the work of cyberattackers, two groups of researchers who investigated the incident have said

It could happen here (Vice) Ukraine's power station hack is a stark warning to other countries

Who’s winning the cyber war? The squirrels, of course (Ars Technica) CyberSquirrel1 project shows fuzzy-tailed intruders cause more damage than "cyber" does

Cyberwar Has Gone Public, and That's Dangerous (Bloomberg) Compared with the alleged Russian hacks of the Democratic National Committee and other U.S. targets, another important cybertheft that has also been tentatively attributed to Russia is getting far less attention. The revelations are much less titillating than those that have made headlines recently -- they aren't even understandable to most people -- but they may be part of the same cyberwar, one whose rules seem to be changing

Crowdstrike Needs To Address The Harm It Caused Ukraine (LinkedIn) Crowdstrike’s Danger Close intelligence report is an analytic failure of epic proportions, but more importantly, it has harmed the morale of the people of Ukraine as well as cast doubt in the minds of the Ukrainian soldiers who relied upon the artillery app maligned by Crowdstrike

Palo Alto Networks: Second wave of Shamoon 2 attacks identified (Security Brief) In November 2016, we observed the reemergence of destructive attacks associated with the 2012 Shamoon attack campaign. We covered this attack in detail in our blog titled Shamoon 2: Return of the Disttrack Wiper, which targeted a single organization in Saudi Arabia and was set to wipe systems on November 17, 2016

Android Apps Caught Stealing Instagram Passwords for Turkish Users (Bleeping Computer) Mobile security experts with Intel Security (McAfee) have discovered a rash of Android apps available through the Google Play Store that were stealing Instagram credentials and uploading the data to a remote server

WhatsApp Says 'Backdoor' Claim Bogus (Threatpost) Claims of a backdoor in WhatsApp that could be used for third-party snooping were shot down by WhatsApp, which called the allegations false

WhatsApp again dogged by privacy questions, but there's a fix (C|Net) A Guardian report says WhatsApp and its parent Facebook could intercept user messages. Security experts aren't sure it's really a problem

Experts Comments: WhatsApp Backdoor (IS Buzz News) A serious vulnerability is discovered in Whatsapp’s end-to-end encryption that allows allow Facebook and others to intercept and read encrypted messages

MongoDB hackers set sights on ElasticSearch servers with widespread ransomware attacks (International Business Times) Security researchers uncovered over 2,500 ElasticSearch servers affected by ransomware in three days

New Gmail phishing technique fools even tech-savvy users (Help Net Security) An effective new phishing attack is hitting Gmail users and tricking many into inputing their credentials into a fake login page

Critical flaw lets hackers take control of Samsung SmartCam cameras (CSO) A command injection vulnerability gives attackers full control over the cameras

Misconfigured Server Gives Insight Into Cerber Ransomware Operation (Bleeping Computer) Security researchers have gained access to one of the servers used by the Cerber gang, from where they were able to extract basic statistics about their operation

Cerber Ransomware Distributed By A New RIG Campaign (Virus Guides) A brand new RIG campaign has been registered over the past few days. According to Heimdal Security, it’s been targeting the old versions of popular applications such as Internet Explorer, Microsoft Edge, or Flash, in order to distribute the Cerber ransomware

Significant decrease in Locky ransomware attacks (Help Net Security) Locky ransomware attacks have dramatically decreased during December 2016, according to Check Point

Ransomware: How A Security Inconvenience Became The Industry's Most-Feared Vulnerability (Dark Reading) There are all sorts of ways to curb ransomware, so why has it spread so successfully?

What Are the Most Common Reasons Hackers Will DDOS Sites? (KnownHost) Brian Krebs. OVH. Dyn. And the open-sourcing of the code of the botnet that attacked them. Are you DDoS-defending your business? If not, now is the time

SWIFT systems of three Indian banks compromised to create fake trade documents (Help Net Security) Since last year’s revelation that attackers have compromised SWIFT software of Bangladesh’s central bank and used it to perform fraudulent transfers worth tens of millions, news about similar attacks – both successful and not – have become a regular occurrence

Indian banks are waking up to a new kind of cyber attack (Economic Times) Hackers recently infiltrated the systems of three government-owned banks — two headquartered in Mumbai and one in Kolkata — to create fake trade documents that may have been used to raise finance abroad or facilitate dealings in banned items

London NHS hospital trust hit by cyber-attack (Guardian) Barts health NHS trust warns staff and takes ‘a number of drives offline’ as it urgently investigates phishing ambush

Barts Health Trust launches cyber attack probe (BBC) England's largest NHS Trust has been hit by a cyber attack, it has emerged

Police continuing investigations into Grimsby hospital cyber attack (Grimsby Telegraph) Police are continuing their investigations into a major cyber attack which led to cancelled appointments and operations at Grimsby hospital

McDonalds' website security flaws puts user passwords at risk (Computing) Out-of-date AngularJS software to blame

An NFL player went on Facebook Live from the locker room and nothing good happened (TechCrunch) Yesterday after the Steelers upset the Chiefs in an AFC playoff game, Steelers wide receiver Antonio Brown decided to go on Facebook Live from the locker room to celebrate with his fans. And the fans loved it

Academia

UNB opens cybersecurity research hub with IBM partnership, $4.5 million in funding (Betakit) The University of New Brunswick has opened a hub dedicated to research, training, and industry collaboration in cybersecurity

The future is secure in the hands of 2017’s Young Scientist winner (Silicon Republic) Shane Curran (16) from Terenure College took home the top prize at the BT Young Scientist and Technology Exhibition at Dublin’s RDS, securing the award for his cybersecurity project with a twist

Bethany unveils new majors (Weirton Daily News) Bethany College has announced three new majors: Cybersecurity, Cybersecurity — Information Assurance and International Business. The college’s faculty members approved these new majors on Dec. 8

The Fog of the Cybersecurity Challenge (Infosecurity Magazine) A US presidential commission on cybersecurity recently made 16 urgent recommendations to improve the nation’s cybersecurity

Litigation, Investigation, and Enforcement

Senate probe into election hacking to review possible links between Russia, campaigns (CNN) The Senate Intelligence Committee's review of Russian meddling in the 2016 election will include a look at any intelligence "regarding links between Russia and individuals associated with political campaigns"

Joint Statement on Committee Inquiry into Russian Intelligence Activities (Richard Burr, US Senator for North Carolina) Senator Richard Burr (R-NC), Chairman of the Senate Select Committee on Intelligence, and Senator Mark Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, today issued a joint statement regarding the Committee’s inquiry into Russian intelligence activities

The ‘Trump Report’ Is a Russian Provocation (National Review) It is part of Russia’s strategy to disrupt U.S. politics and institutions for years to come

When ‘there is serious reason to doubt’ rumors and allegations, is it libelous to publish them? (Washington Post) BuzzFeed, as everyone now knows, has published unverified allegations about Russia having “compromising material and information on [Donald] Trump’s personal life and finances”

Release of Joint Assessments of Section 702 Compliance and the DNI’s Assessment of Section 702 Targeting Process (IC on the Record) Today the DNI, in consultation with the Department of Justice, is releasing in redacted form three successive versions of the Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the Attorney General and the Director of National Intelligence (“Joint Assessment”), as well as the DNI’s Assessment of Oversight & Compliance with Targeting Procedures [pursuant to Section 702] (“Targeting Process Assessment”)

Fact Sheet: Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA) 13th, 14th, and 15th Joint Assessments (Office of the Director of National Intelligence) This Fact Sheet provides an overview of the Semiannual Assessments of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act

A Hacker Just Proved that Apple May Have Been Right About the F.B.I. (Vanity Fair) A major security breach reveals that phone-hacking company Cellebrite’s clientele ranges from the F.B.I. to the Kremlin—and that Tim Cook was right to worry about creating a backdoor to the iPhone

Cellebrite Hacked, Reaffirming Apple’s iOS No-backdoor Stance (Mac Observer) A year ago the FBI was pushing to force Apple into making a hackable version of iOS for a terrorist investigation while claiming the code would stay secure

Over 1.1 Million People Signed New 'Pardon Snowden' Petition (Bleeping Computer) 1,101,252 people signed a petition that asks President Barack Obama to pardon and exonerate NSA whistleblower Edward Snowden of all charges

Indian privacy case against WhatsApp gains momentum (CSO) The Supreme Court has asked notices to be served to the Indian government, WhatsApp and Facebook

How a Massachusetts Decision to Publish Data Breach Info Will Affect Big Law (American Lawyer) The Massachusetts decision spells out new challenges for lawyers working with breached companies

Enigma Software Group Responds to Malwarebytes Incompatibility (SAT PR News) Enigma Software Group USA, LLC (“ESG”) began notifying its customers that Malwarebytes Inc., the maker of Malwarebytes Anti-Malware (“MBAM”) and AdwCleaner, has begun intentionally blocking the installation and operation of ESG’s programs SpyHunter and RegHunter for what ESG believes are competitive reasons

Dutch Cops Warn 20,000 of Email Account Hack (Infosecurity Magazine) Police in the Netherlands are set to email 20,000 possible fraud victims urging them to change their account details, after discovering their credentials had been stolen by a man arrested last year on suspicion of multiple cybercrime offences

Why Did Police Kill an Alleged Small-Time Hacker? (Motherboard) Sam Maloney looks like he could be 21. In photos posted to Facebook, he’s smiling, and so are the first-year university students surrounding him

Student Arrested for Selling Keylogger that Infected thousands of devices (HackRead) He also developed the Keylogger and sold it to over 3,000 people infecting 16,000 systems

Next Directory accounts cracked in £1m scam because customers re-used passwords (Computing) Gang that cracked and sold Next Directory customer credentials jailed

Design and Innovation

Redefining the role of security in software development (Help Net Security) Software is becoming increasingly important for market success, driving an ever greater need for speed in the development process. The rapid adoption of DevOps is testimony to this shift, with agile development no longer making the grade for many companies

Cautious welcome to Facebook’s moves to fight fake news (Naked Security) Facebook has announced another front on its battle against fake news and its role in disseminating it. Unveiled this week, its new initiative is called the Journalism Project. The idea is to train journalists to use the network as a source and also to enable the public to detect fake news and then to report it

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

upcoming Events

ShmooCon 2017 (Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.

SANS Las Vegas 2017 (Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately.

BlueHat IL (Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.

SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but have no real concept of how to create and produce proper intelligence. The 2017 Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to all ranges of adversaries including some of the most sophisticated threats targeting your networks

Blockchain Protocol and Security Engineering (Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary collaboration among practitioners and researchers in blockchain protocols, distributed systems, cryptography, computer security, and risk management.

National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, January 31 - February 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global credit union community! Protecting the Credit Union’s global infrastructure to sustain cyber resilience requires an unprecedented level of public- and private-sector cooperation, collaboration and coordination and includes access to the real-time availability of proactive “actionable” threat intelligence; analysis of potential impacts; coordinated countermeasure solutions and response; cybersecurity best practice adoption and role-based workforce education.

Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, February 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks often get in the way. Join us for lunch and an action-oriented discussion about ways you can improve your security incident response program in 2017. The conversation will be led by certified SANS instructor Alissa Torres, and Rsam CISO Bryan Timmerman. Attend and earn CPE credits towards your ISACA and (ISC)2 certifications.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, February 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media.

SANS Southern California - Anaheim 2017 (Anaheim, California, USA, February 6 - 11, 2017) Learn practical, relevant tips and techniques from industry leaders. Join us for SANS Southern California - Anaheim 2017, and choose from eight courses on cyber defense, penetration testing, incident response, threat hunting, ethical hacking, IT management and ICS/SCADA security. Some of our courses are in alignment with DoD Directive 8570 requirements for Baseline IA Certifications, and most courses have GIAC Certification attempts available. Take advantage of this opportunity to sharpen your skills and advance your career.

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.