The CyberWire Daily Briefing 01.19.17

Summary

By The CyberWire Staff

As the US prepares to inaugurate President-elect Trump tomorrow, the outgoing administration offers valedictions on its performance in cyberspace. President Obama's surveillance legacy is being debated, as is his commutation of Private Manning's sentence and his pardon of General Cartwright. Secretary of Defense Carter publicly expresses his dissent from Manning's commutation, and WikiLeaks' Julian Assange "weasels out" (as Ars Technica puts it) on his pledge to accept extradition to the US—Manning's release in May isn't enough, suggests Mr. Assange.

Anonymous greets the incoming Chief Magistrate by pledging that the anarchist collective will make Mr. Trump "regret" the next four years.

France continues to prepare for election hacking.

Ukrenergo, the electrical utility that supplies Kiev, confirms that last month's outages were the result of a cyberattack.

Malwarebytes reports finding malware (called "Fruitfly" by Apple) used in targeted attacks against biomedical research centers. It affects primarily MacOS, but Linux systems are also thought vulnerable. The code takes screen captures, accesses webcams, and enables remote control of an endpoint. Fruitfly, sophisticated yet with an oddly retro approach to persistence, is thought to have been in circulation for several years.

MWR Labs reports path transversal and arbitrary file disclosure flaws in LG's G3, G4, and G5 mobile devices.

Netskope warns of a "fan out" effect as enterprise users' security policies on cloud services permit phishing to move unimpeded to endpoints.

TrendLabs has the skinny on EyePyramid spyware's inner workings.

KrebsOnSecurity investigates Anna-Senpai, Mirai's creator, tracking her/him/them through Minecraft and Rutgers, and names names.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, European Union, France, Ireland, Israel, Italy, Mauritania, Russia, Ukraine, United Kingdom, and United States.

On the Podcast

Today we mark the first anniversary of our podcast's formal launch, this day in 2016. Since then we've produced 294 podcasts. Thanks for listening, and helping us become one of the world's leading security dailies. If you've been enjoying the podcasts, please consider giving us an iTunes review.

In today's CyberWire podcast we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about securing your electronic devices as you cross borders. Today's guest, Nir Giller from CyberX discusses the lamentable false sense of security that surrounds industrial control systems.

A special edition of our Podcast is currently available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.

Sponsored Events

Cyber Security Lunch & Learn (Norfolk, VA, USA, February 2, 2017) Learn how to build a better security incident response program in 2017 from a SANS instructor and enterprise CISO! Earn CPE Credits.

Women in Cyber Security (Tucson, AZ, USA, March 31 - April 1, 2017) With support from various industry, government and academic partners, WiCyS has become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Selected Reading

Cyber Trends

Four Cyber Trends To Watch in 2017 (GovTechWorks) From the hacking of the Democratic National Committee (DNC) to major data breaches at the FBI and the theft of NSA cyber weapons, 2016 was an alarming year for cybersecurity

Is antivirus getting worse? (CSO) Anti-virus software is getting worse at detecting both known and new threats

Growing risk associated with mobile and IoT application security (Help Net Security) Despite widespread concern about the security of mobile and Internet of Things applications, organizations are ill-prepared for the risks they pose, according to research conducted by the Ponemon Institute

Retailers largely lack on-site security and IT expertise (Help Net Security) A new Cybera survey of more than 50 retail professionals found that many retailers lack the necessary IT staff at the store level to ensure proper solution implementation and security

Most Irish firms ‘playing catch-up’ on cyber attacks (Irish Examiner) Most Irish businesses have now been victims of cyber attacks, with incidents increasing dramatically in the past three years, a survey has found

Legislation, Policy and Regulation

Ukrainian president: US should 'be great again' by confronting the 'global threat' of Russia (Business Insider) Ukrainian President Petro Poroshenko called for a worldwide effort to counter the threat of Russian cyber warfare and urged the United States to "be great again" by demonstrating leadership on issues such as global security

ODNI Releases Third Annual SIGINT Progress Report (IC on the Record) In 2014, President Obama signed Presidential Policy Directive-28, Signals Intelligence Activities. Since the release of PPD-28, the Office of the Director of National Intelligence has issued annual public reports on relevant updates and changes to the Intelligence Community’s signals intelligence (SIGINT) activities, covering calendar years 2014 and 2015. This is the third such update

CIA reveals new rules for handling information on Americans (Washington Post) The Obama administration has imposed new privacy restrictions on the CIA that are designed to limit its use of information on Americans — changes that the agency made public just two days before President-elect Donald Trump is to take office

Opinion: Obama's surveillance legacy (Christian Science Monitor Passcode) Just two days after his Jan. 10 farewell speech, the Obama administration granted sweeping surveillance powers to the incoming Trump presidency – dramatically expanding 17 government agencies legal authority to spy on US citizens

More, cheaper, bigger, faster: The defense and cyber strategy of Donald Trump (Ars Technica) Trump wants US cyber and physical military might to be more offensive

Trump Administration Can Help Finance Sector Shift Cybersecurity Paradigm (Forbes) 2016 was the year that dramatized how cyber criminals can threaten the global financial system with the click of a mouse. Portending more ominous developments, banks around the world have disclosed losses in the millions from cyber heists that manipulated the critical interbank financial messaging platform, SWIFT. While the cyber thefts and fraudulent transfers are troubling in their own right, they disconcertingly highlight systemic risk and a potential single point of failure in the financial services sector. In response to these developments and the generally expanding cyber threat, leading American financial institutions, with the direct support of their CEOs, came together in November to launch a cooperative effort to curtail systemic vulnerabilities and improve resilience in the financial infrastructures that undergird modern nations and their economies

In farewell press conference, Obama says ‘new cyber age’ will require new tools (GeekWire) In the wake of a presidential campaign marred by hacking and social-media skulduggery, President Barack Obama says America’s digital architecture will have to be fine-tuned to preserve democracy

DHS Unveils Updated National Cyber Incident Response Plan (Fifth Domain) Months after it requested input from the private sector on how to improve its cybersecurity response and coordination, the Department of Homeland Security released an updated version of the National Cyber Incident Response Plan on Jan. 18

We Have ‘Very Robust Defenses’: An Exit Interview with Obama’s Top Cyber Official (Defense One) Cybersecurity Coordinator Michael Daniel defended the White House's legacy, pointing to new policies and cyber détente with China

DoD Cyber Policy Chief: We've Deterred Destructive Cyberattacks (Nextgov) When President Barack Obama took office, one of intelligence officials’ top fears was a “cyber Pearl Harbor,” a catastrophic and destructive cyberattack that resulted in mass casualties and destruction of property

On cyber issues, Obama’s Pentagon ‘matured’ as norms rapidly changed (CyberScoop) In future conflicts involving U.S. forces, hybrid warfare incorporating disinformation operations like the election-season email hacks will be “the norm, not the exception,” and the government needs to be better organized to counter them, a senior Obama administration defense official told CyberScoop

Federal CISO Touhill Quietly Resigns (Fifth Domain) Gen. Gregory Touhill, the nation’s first federal chief information security officer, charged with setting wide-ranging cybersecurity policies for civilian agencies, officially left the White House on Jan. 17, officials confirmed to Fifth Domain

Trump Commerce Pick Ross Lacks in Cybersecurity, Privacy (Bloomberg BNA) President-elect Donald Trump’s trade-focused Commerce Department secretary pick Wilbur Ross heads into his Jan. 18 nomination hearing without a clear data privacy and cybersecurity policy stance

Dateline

RSA Conference Announces Finalists for Innovation Sandbox Contest 2017 (RSA Conference) Conference event to honor information security’s next generation of groundbreaking technologies

10 Cool Security Startups Vying for Glory at RSA Conference (Network World) Machine Learning, IoT security, cloud security among the big themes for Innovation Sandbox Contest finalists

Products, Services, and Solutions

Bromium's Enterprise Risk Assessment Discovers Security Threats, Speeds Deployment and Accelerates Customer Time-to-Value (Marketwired) Money-back guarantee offered when no risks identified

Irdeto Cloakware Secures PayU Payments (PYMNTS) As commerce and payments continue to expand into digital spaces, so too does the threat of fraud — a fact that digital platform and application security provider Irdeto Cloakware knows well

Rapid7 and Coalfire Join Forces to Provide Powerful PCI-Approved Scanning Services (Yahoo! Finance) Rapid7, Inc. (RPD), a leading provider of IT and security analytics solutions, announced that it has partnered with Coalfire, an industry-leading cyber risk management and compliance solution provider, to deliver its PCI Approved Scanning Vendor (ASV) offering

BeyondTrust Sweeps Competition in 2016 Homeland Security Awards Programs (Yahoo! Finance) BeyondTrust, the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, today announced it was named a winner in the 2016 GSN Homeland Security Awards Best Privileged Access Management Solution category for the third consecutive year. In addition, American Security Today named PowerBroker for Unix and Linux a 2016 'ASTORS' Homeland Security Award Winner for Best Access Control & Authentication System

EclecticIQ partners with SenseCy to bring leading Cyber Threat Intelligence technology to the Israeli cyber community (SAT Press Releases) SenseCy deploys EclecticIQ Platform for delivery of timely, relevant, human-curated intelligence to its clients. SenseCy supports entry of EclecticIQ products for the Israeli market

CyberVista Launches First-Of-Its-Kind Initiative To Increase Diversity In The Cybersecurity Field (Yahoo! Finance) Cybersecurity education and workforce development company CyberVista today announced the launch of a new program designed to provide women and minorities with more opportunities to obtain certifications required to work in the cybersecurity field

Overbrook Academy Looks to SecurityRI for Complete Security Coverage for Relocation Project and Beyond (Yahoo! Finance) SecurityRI, a leading full-service IT security company specializing in providing comprehensive security strategies to protect businesses of all sizes, teamed up with Overbrook Academy, an accredited, international boarding school for girls, to provide protection from data breaches and any vulnerabilities to their students and faculty during the relocation of the academy

Technologies, Techniques, and Standards

Connected Devices Give Spies a Powerful New Way to Surveil (Wired) There is little doubt that the web is the greatest gift that any intelligence agency could have ever asked for. Security agencies and commercial entities can easily collect information about users. Every internet user is being monitored

Enisa Helps Firms Secure Blockchain Tech (Infosecurity Magazine) EU security agency Enisa has waded into the debate over the future of public ledger technology blockchain with a new report designed to highlight security challenges and best practices for those in financial services

Pair of Air Force Cyber Weapons Systems Ready for War (Fifth Domain) Late last year, the Air Force declared one of its newest cyber weapons tools initially operationally capable. The tool, the Automated Remediation Asset Discovery (ARAD), is a modification to the Air Force Cyber Security and Control System (CSCS), which was itself declared IOC by Air Force Space Command in 2014

Responsible Disclosure - Critical for Security, Critical for Intelligence (SecurityWeek) Not adhering to responsible disclosure has the potential to amplify the threats posed by certain vulnerabilities and incidents

Handling Classified Information: Lessons Learned (SecurityWeek) Can we learn from the blunders of U.S officials on their handling of classified information?

5 Rules For Manufacturers In Securing The Internet Of Things (IS Buzz News) While the speed in which manufacturers create and release new technology grows exponentially with each passing year, the security of these devices has failed to keep up. As a manufacturer, are you constantly testing your devices to make sure that you not only know what vulnerabilities exist but also how to patch them? As a customer, do you believe that your device is as secure as possible?

Microsoft's Cyber Defense Ops Center Shares Best Practices (IT Pro Windows) Accorrding to Microsoft, they have a view of the ever evolving cyberthreat landscape because of the fact they oversee more than 200 cloud based services, more than 100 datacenters, millions of devices, and over a billion customers around the globe

What CISOs Need To Know Before Adopting Biometrics (Dark Reading) Biometric techniques offer a solution to the password problem, but getting started can be tough. Here are a few things you need to know

Marketplace

Cyber Security Providers Will Take Center Stage in 2017 (Read IT Quick) With cyber security incidents being rampant in 2016, every enterprise is now trying to get its virtual act right, having been scared by the cyber threats

New Trustwave Study Shows 57 Percent of IT Security Professionals Struggle to Find Talent (Trustwave) Study reveals corporate security demands outpace available talent at alarming rates

Security startup CryptoMove fragments data and moves it around to keep it secure (TechCrunch) CryptoMove, a new security startup emerging from stealth today, has a different view of data security. Instead of simply encrypting, monitoring or recording it; the early-stage startup breaks the data into pieces and continually moves it around, making it virtually impossible for hackers to do anything with it should they get ahold of one of the pieces

Google buys Twitter's Crashlytics and Fabric mobile tools (Computing) Twitter divests itself of one of its 53 acquisitions

China Oceanwide Consortium Nears Deal to Buy International Data Group (Wall Street Journal) Consortium to pay less than $1 billion for IDG and deal could be announced in coming days

VTEX to Partner with PCI Security Standards Council to Improve Payment Data Security Worldwide (PRNewswire) VTEX, a global digital commerce platform servicing more than 2,000 companies worldwide, announced today that it has joined the PCI Security Standards Council as a new Participating Organization. VTEX will work with the Council to achieve and improve payment data security worldwide through the ongoing development of the PCI Security Standards, including the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS)

NSS Labs Adds Jason Brvenik As Chief Technology Officer. (NSS Labs) NSS Labs, Inc., the global leader in operationalizing cybersecurity, today announced that Jason Brvenik has joined NSS Labs as Chief Technology Officer (CTO). He will serve on the NSS Labs Executive Committee and report to Vikram Phatak, Chief Executive Officer

Distinguished Leader in Digital Certificates Joins Comodo as Advisor to Drive SSL Business (Yahoo! Finance) Distinguished leader in digital certificates Neal Creighton has joined Comodo, a global innovator and developer of cybersecurity solutions and the worldwide leader in digital certificates, the company announced today. He will serve as a key advisor, providing insight into the digital certificate industry, engaging with industry leaders and sharing his knowledge of the cybersecurity space

CRN Exclusive: Mimecast Appoints Former HP Security Head As Worldwide Channel Chief (CRN) Mimecast is expanding its channel team as it looks to push more business through partners, appointing former HP Security head Eli Kalil as its new worldwide channel chief

Zentera Systems Welcomes Cybersecurity Expert Rebecca Bace to Technical Advisory Board (PRNewswire) Zentera Systems, Inc., the leader in multicloud security and networking, announced today that Rebecca Bace, an internationally recognized cybersecurity expert and author, has joined the company's technical advisory board. Ms. Bace will advise Zentera on security industry trends, strategy and architecture for the protection of next-generation multicloud networks and applications

Research and Development

Are software updates key to stopping criminal car hacks? (Christian Science Monitor Passcode) Security researchers at New York University have developed a system that aims provide secure software updates for computerized vehicles

Fake or for real? An app exposes forgeries (Christian Science Monitor Passcode) Israeli researchers have developed a method for authenticating handwritten signatures using sensors in smartwatches and fitness trackers

Blog: Army Cyber Center of Excellence Requests Capability Research (SIGNAL) The Army Cyber Center of Excellence is requesting research papers that address specific areas that answer learning demands or capability gaps that inhibit operational force effectiveness or efficiency. Among other things, the research papers will be used to evaluate emerging concepts against documented Army Signal, cyberspace and electronic warfare capability requirements

Security Patches, Mitigations, and Software Updates

Docker Patches Container Escape Vulnerability (Threatpost) Docker has patched a privilege escalation vulnerability (CVE-2016-9962) that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container

Failure to patch known ImageMagick flaw for months costs Facebook $40k (CSO) A researcher found that Facebook was still vulnerable to the ImageTragick exploit months after it was disclosed

Cyber Attacks, Threats, and Vulnerabilities

Anonymous to Trump: You Will ‘Regret’ the Next 4 Years (NBC News) Anonymous, the loose collective of online hackers, issued an ominous warning to President-elect Donald Trump ahead of his inauguration, telling the billionaire he's going to "regret" the next four years

Cyber-Attack Concerns Mount Ahead of French Elections (CNS News) Ahead of France’s closely-watched presidential elections in the spring, senior officials, experts and political parties are worried about the risk of cyber-attacks

Ukraine's power outage was a cyber attack: Ukrenergo (Reuters) A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday

Fruitfly: Unusual Mac backdoor used for tightly targeted attacks? (Help Net Security) Researchers have found and analyzed a Mac backdoor that is unusual in many ways

Mac malware is found targeting biomedical research (CSO) The malware, which Apple calls Fruitfly, can also run on Linux

New Mac backdoor using antiquated code (Malwarebytes) The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing network traffic from a particular Mac. This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to be targeting biomedical research centers

Severe vulnerabilities spotted in LG G3, G4, and G5 (SC Magazine) MWR Labs researchers recently disclosed two high-security vulnerabilities in LG G3, G4, and G5 mobile devices. The bugs include a Path Transversal flaw and an Arbitrary File Disclosure flaw, according to the respective security advisories

GhostAdmin botnet malware discovered (SC Magazine) Cybersecurity researchers MalwareHunterTeam has uncovered a new botnet malware type it has dubbed GhostAdmin that is alive and working in the wild

New GhostAdmin Malware Used for Data Theft and Exfiltration (Bleeping Computer) Security researcher MalwareHunterTeam discovered today a new malware family that can infect computers and allow crooks to take control of these PCs using commands sent via an IRC channel

Decoys, Phishing, and the Cloud: The Latest Fan-out Effect (Netskope) Netskope Threat Research Labs has observed phishing attacks using decoy PDF files, URL redirection, and Cloud Storage services to infect users and propagate malware. Because many organizations have default “allow” security policies for popular Cloud Storage services and PDF readers to let users take advantage of these useful services, these attacks pass through the corporate network to end users’ machines undetected. Moreover, as users collaborate and share through cloud services, these malicious files posing as PDFs “fan out” to shared users, creating a secondary propagation vector. We are calling this the “CloudPhishing Fan-out Effect”

Uncovering the Inner Workings of EyePyramid (TrendLabs Security Intelligence Blog) Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile politicians and businessmen. This case has been called “EyePyramid”, which we first discussed last week. (Conspiracy theories aside, the name came from a domain name and directory path that was found during the research)

Exploit Kit Jumps on Old Applications (ISS Source) There are plenty of examples of why organizations need to update technology and apply patches

Responsible Disclosure: Amcrest View Web Portal (Secplicity) Recently I purchased a number or IoT devices for a vulnerability research project. Among them was the Amcrest IPM-721S Wireless IP camera, a wireless pan-and-tilt camera, which at the time had 6,381 reviews on Amazon.com (interestingly, that number is down to 1,425 at the time of this writing)

Security Operations Centers Leaving Firms Vulnerable to Attack (Credit Union Times) Security operations centers sacrifice basics, leaving 82% with under target maturity levels and vulnerable to attack, according to the Palo Alto, Calif.-based Hewlett Packard Enterprise’s State of Security Operations Report 2017.

Adobe Acrobat auto-installed a vulnerable Chrome extension on Windows PCs (Tripwire: the State of Security) Adobe is no stranger to finding itself in the security headlines for all the wrong reasons, and it seems that things may not be changing as we enter 2017

Hacker Exploits Remote Code Execution Bug to Breach Facebook Security (HackRead) Andrew Leonov used the previously reported ImageMagick flaw

Who is Anna-Senpai, the Mirai Worm Author? (KrebsOnSecurity) On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that assault, the individual(s) who launched that attack — using the name “Anna Senpai” — released the source code for Mirai, spawning dozens of copycat attack armies online

7 Common Reasons Companies Get Hacked (Dark Reading) Many breaches stem from the same root causes. What are the most common security problems leaving companies vulnerable?

Justine Bone on St. Jude Vulnerabilities and Medical Device Security (Threatpost) MedSec CEO Justine Bone talks to Mike Mimoso about the St. Jude Medical vulnerabilities, the considerations her company and Muddy Waters made in short selling St. Jude stock, and the current state of medical device security

Academia

GCHQ to run cyber-security competition targeting tech-smart teen girls (Computing) Ever considered a career in cyber security?

A Department of Defense Cybersecurity Bootcamp is Coming to Chicago's City Colleges (ChicagoInno) As the need for cybersecurity grows, the Department of Defense is expanding its training to recruit more talent in the fight against cyber attacks and hacks

Litigation, Investigation, and Enforcement

Stuxnet general pardoned by Obama – but deeper questions remain (Naked Security) President Obama has pardoned former US general James E Cartwright, who faced a prison term for lying to investigators about whether he had discussed the Stuxnet cyberweapon with journalists

Obama defends decision to commute Chelsea Manning's sentence (AP via Military Times) President Barack Obama firmly defended his decision to cut nearly three decades off convicted leaker Chelsea Manning's prison term, arguing in his final White House news conference that the former Army intelligence analyst had served a "tough prison sentence" already

Pentagon chief says he opposed cutting Chelsea Manning's prison term (AP via Military Times) Defense Secretary Ash Carter said Wednesday he had opposed commuting the prison sentence of convicted leaker Chelsea Manning, who was convicted in 2013 of espionage and other crimes for leaking classified information while deployed in Iraq

Assange weasels out of pledge to surrender if Manning received clemency (Ars Technica) WikiLeaks founder now says it's not good enough Manning will be released in May

FBI, other agencies probing possible Russian aid for Trump: report (The Hill) The FBI and five other intelligence and law enforcement agencies are working together on an investigation into whether Russia’s government secretly helped President-elect Donald Trump win the election, according to a new report

Cyber Threat Startup Quickly Detected Grizzly Steppe (Homeland Security Today) The Department of Homeland Security, working with the FBI, has released the Joint Analysis Report (JAR), Grizzly Steppe, through US-CERT, while DHS through its Automated Indicator Sharing (AIS) platform released machine readable indicators to detect threats discussed within the JAR document. DHS cyber intel analysts identified a potential threat, and distributed data used by automated cyber threat detection systems. Companies can then use this data to automatically detect the same threat on their own systems and take appropriate steps to protect themselves

The Forgotten Prisoner of a Spyware Deal Gone Wrong (Motherboard) On the evening of August 13, 2015, after a day spent enjoying the Italian summer with his fiancée at a beach near Genoa, Cristian Provvisionato, a stocky 42-year-old bodyguard with an affable look, noticed he'd missed a call from his boss

Canada’s ‘Pre-Crime’ Model of Policing Is Sparking Privacy Concerns (Motherboard) In cities across Canada, police are partnering with social service agencies that work in housing, addictions, mental health, and child welfare to identify and intervene with people who they believe are at risk of harming themselves or others

Not so Limitless after all: Trend Micro FTR Assists in the Arrest of Limitless Author (TrendLabs Security Intelligence Blog) On January 13, college student Zachary Shames pleaded guilty to a federal district court in Virginia, US, for authoring Limitless Logger, the malicious keylogger that was used to steal thousands of sensitive user information like passwords and banking credentials

The US Postal Service Wants to Hunt Down Dark Web Criminals (Motherboard) The FBI isn't the only US law enforcement agency on the dark web

State of Minnesota, Respondent, vs. Matthew Vaughn Diamond, Appellant (State of Minnesota in Court of Appeals) A district court order compelling a criminal defendant to provide a fingerprint to unlock the defendant’s cellphone does not violate the Fifth Amendment privilege against compelled self-incrimination

Fired IT Employee Demands $200K in Exchange for Unlocking Data (Tripwire: the State of Security) A fired IT employee demanded his former employer pay him 200,000 USD in exchange for the return of its sensitive information

Design and Innovation

Android Scoring System Roots Out Malicious, Harmful Apps (Threatpost) Google’s crusade against malicious and potentially harmful apps (PHA) in the Android ecosystem is a complex endeavor anchored by its Verify Apps malware scanner and a scoring system that flags potential problems before they multiply

Fleet Cyber Command/10th Fleet Sailors Receive Copernicus Award (DVIDS) Two U.S. Fleet Cyber Command/U.S. 10th Fleet (FCC/C10F) members were selected as recipients of the Copernicus award, which recognizes individual contributions to naval warfare in the disciplines of Command, Control, Communications, Computers, and Intelligence (C4I), Information Systems or Information Warfare

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Borderless Cyber is an international, executive-level conference series that began in 2015. It’s designed to bring together the private sector and policy makers to evaluate, debate, and collaborate on cyber security best practices and solutions. Hosted by the OASIS open consortium, previous Borderless Cyber events were held in partnership with The World Bank in Washington, D.C., with the European Parliament in Brussels, and with Keio University in Tokyo. In 2017, the conference will be held in New York City and The Hague.

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

upcoming Events

SANS Las Vegas 2017 (Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately.

BlueHat IL (Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.

SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but have no real concept of how to create and produce proper intelligence. The 2017 Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to all ranges of adversaries including some of the most sophisticated threats targeting your networks

Blockchain Protocol and Security Engineering (Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary collaboration among practitioners and researchers in blockchain protocols, distributed systems, cryptography, computer security, and risk management.

National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, January 31 - February 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global credit union community! Protecting the Credit Union’s global infrastructure to sustain cyber resilience requires an unprecedented level of public- and private-sector cooperation, collaboration and coordination and includes access to the real-time availability of proactive “actionable” threat intelligence; analysis of potential impacts; coordinated countermeasure solutions and response; cybersecurity best practice adoption and role-based workforce education.

Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, February 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks often get in the way. Join us for lunch and an action-oriented discussion about ways you can improve your security incident response program in 2017. The conversation will be led by certified SANS instructor Alissa Torres, and Rsam CISO Bryan Timmerman. Attend and earn CPE credits towards your ISACA and (ISC)2 certifications.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, February 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media.

SANS Southern California - Anaheim 2017 (Anaheim, California, USA, February 6 - 11, 2017) Learn practical, relevant tips and techniques from industry leaders. Join us for SANS Southern California - Anaheim 2017, and choose from eight courses on cyber defense, penetration testing, incident response, threat hunting, ethical hacking, IT management and ICS/SCADA security. Some of our courses are in alignment with DoD Directive 8570 requirements for Baseline IA Certifications, and most courses have GIAC Certification attempts available. Take advantage of this opportunity to sharpen your skills and advance your career.

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Anonymous says Trump will "regret" the next four years. Fruitfly malware targets Macs used in biomedical research. Notes on EyePyramid, LG mobile device issues, and a "fan out" effect. Krebs tracks Mirai's creator. RSA Innovation Sandbox finalists named.