The CyberWire Daily Briefing 01.23.17

Summary

By The CyberWire Staff

Microsoft warns businesses to be on guard against the possibility that attackers could compromise virtual machines, turning cloud environments against the enterprises that use them.

Dr. Web identifies a new Android threat. This one, known as "Skyfin," is a second stage infection observed in phones already compromised by the Android[.]Downloader malware family. Skyfin infests the local Playstore app to make unwanted purchases.

The SANS Internet Storm Center has a rundown on Sage 2.0, ransomware they've observed in spam hitherto associated with Cerber.

Specific ransomware victims late last week include the St. Louis (Missouri, USA) public library system and the Racingpulse[.]in pony betting site operating out of Bangalore (India). The St. Louis librarians aren't paying up; instead, they're wiping and restoring the approximately 700 affected machines. The Dharma ransomware strain hit Bangalore; there's no word yet on which variety affected St. Louis.

The Lloyds Banking Group disclosed that it was affected by distributed denial-of-service campaign two weeks ago. An unnamed "international cybercrime gang" is said to be responsible.

Both the New York Times and the BBC had their Twitter accounts hijacked yesterday, the Times hijackers tweeting (falsely) Russian President Putin's intentions to launch missiles against the US, and the BBC's hijackers tweeting (equally falsely) that US President Trump had been wounded in an assassination attempt. Protection racketeers at OurMine admit collaborating in the caper, but said their unnamed partners composed the tweets.

The FBI is said to be interviewing the gentleman security journalist Brian Krebs identified as the figure behind Mirai.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Algeria, Austria, Brazil, Canada, Estonia, France, Germany, India, Indonesia, Italy, Latvia, Lithuania, Moldova, Pakistan, Philippines, Russia, Spain, Tunisia, Turkey, United Kingdom, United States

On the Podcast

In today's CyberWire podcast we hear from our partners at the University of Maryland Cybersecurity Center, as Jonathan Katz describes multivariate cryptography.

A special edition of our Podcast is currently available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.

Sponsored Events

Women in Cyber Security (Tucson, AZ, USA, March 31 - April 1, 2017) With support from various industry, government and academic partners, WiCyS has become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Selected Reading

Cyber Trends

Security management outlook: Five trends to watch (Help Net Security) Cybersecurity can’t sit still. As we look ahead to what this year has in store for the security management landscape, organizations globally should be paying attention to five key

Mozilla's First Internet Heatlh Report Tackles Security, Privacy (Threatpost) In its first-ever Internet Health Report, the non-profit Mozilla Foundation warned of the dangers of concentrated power among too few internet companies, cyber snooping by nosey governments and new threats posed by connected devices that can further erode privacy

Phishing Awareness Grows, but Volumes Increase (Infosecurity Magazine) When it comes to phishing, there’s been an encouraging 64% increase in organizations measuring end-user risk from 2015 to 2016. But the good news gets more scarce from there

Cybercrime And Fraud Scale Revealed In Annual Figures (Information Security Buzz) There were an estimated 3.6 million cases of fraud and two million computer misuse offences in a year, according to an official survey

Top 6 Most Targeted Countries For Cyber Attacks (The Merkle) The cyber attack business continues to grow exponentially over time. In the year 2017, there will be several million cyber attacks every single day. As it turns out, some countries are targeted more than others. Although the United States is a top target for cyber criminals, they are not in the top three by any means

Moldova among the most attacked countries from the cyber point of view (Teleradio Moldova) Moldova ranks among the top 87 countries attacked in the contest of cyberspace. At least this is shown in an international report. Thus, only last year, Moldova registered about six million cyber alerts, Moldova 1 reported

Global data privacy laws: The #1 cross-border e-discovery challenge (Help Net Security) In the year since the EU’s rejection of Safe Harbor, there has been a spike in legal concern over cross-border data transfers, according to a survey by BDO Consulting

Barclays Launches BEC Awareness Campaign (Infosecurity Magazine) Barclays Bank has launched a new awareness-raising campaign designed to help corporates spot and prevent the growing prevalence of so-called Business Email Compromise (BEC) scams

Conveyancing home to most cyber crime (Today's Conveyancer) Within the legal sector, email hacking within conveyancing transactions is the most commonly occurring cyber crime. According to the most recent analysis of SRA reports, client losses recorded in the last year have amounted to £7 million

Corporate Legal Counsels Fret Over Cybersecurity (Dark Reading) BDO Consulting survey shows in-house legal executives cite data breaches, cross-border data transfers, as risks with e-discovery

Reviewing “18 Geeky Predictions for 2016’”— Spoiler Alert: Many epic fails! (Medium) 2016 year was my first try at being an oracle. As a great example of overconfidence bias, I focused on geeky stuff hoping that I would fail less, because I understand those topics better. Today, I’ve been reviewing this list and … what a failure! I need to eat some humble pie

Cybersecurity: Why We Can't Get It Right (US Cybersecurity Magazine) As attacks, breaches, and massive theft worsen

Academia

‘White hat’ hackers, trained in W.Va., ride to the rescue (West Virginia Metro News) Russian hacking is bad for privacy and bad for trust in American institutions

Cyber security programs surge as hacks take national stage (Argus Leader) Cyber security is a lot like the common cold

Research and Development

Your Heartbeat as a Password - Smart or Stupid? (Bleeping Computer) Scientists from the Binghamton University in New York have explored with using a person's heartbeat as a password for encrypting and then decrypting personal data

Technologies, Techniques, and Standards

Kaspersky Lab unlocks CryptXXX-encrypted files (IT Online) After releasing decryption tools for two variants of CryptXXX ransomware in April and May 2016, Kaspersky Lab has released a new decryptor for files that have been locked with the latest version of the malware. This malicious programme was capable of infecting thousands of PCs around the world since April 2016, and it was impossible to fully decrypt the files affected by it. But not anymore. The free RannohDecryptor tool by Kaspersky Lab can decrypt most files with .crypt, .cryp1 and .crypz extensions

3 Lessons From The Yahoo Breach (Dark Reading) Your organization must address these blind spots to detect sophisticated attacks

Security Chatbots Aim To Simplify Incident Detection And Response (Dark Reading) Emerging intelligent assistants help analyze and automate response to attacks

Securing MySQL DBMS (eSecuity Planet) These steps can help you secure your deployment of the open source MySQL Community Server

Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference (INSS Strategic Perspectives) In this era of persistent conflict, U.S. national security depends on the diplomatic, informational, military, and economic instruments of national power being balanced and operationally integrated. A single instrument of power—that is, one of the country’s security departments and agencies acting alone—cannot efficiently and effectively deal with the Nation’s most important security challenges. None can be resolved without the well-integrated use of multiple instruments of power—a team bringing to bear the capacity and skills of multiple departments and agencies. The requirement for better interagency integration is not, as some have argued, a passing issue temporarily in vogue or one tied only to counterterrorism or foreign interventions in failed states. Interagency collaboration has become a persistent and pervasive trend in the national security system at all levels, from the strategic to the tactical, and will remain so in an ever more complex security environment

How to Protest Without Sacrificing Your Digital Privacy (Motherboard) There will be many watchful eyes taking notice of your activities this weekend. On Thursday, several days of planned protests started in Washington DC in anticipation of the inauguration of President-elect Trump. Tomorrow, the Women's March on Washington will kick off, with thousands expected to turn up

Products, Services, and Solutions

Invincea Launches X-as-a-Service Managed Security (eWeek) Security vendor Invincea enhances its X next generation security technology with a new managed services offering, providing configuration and monitoring capabilities

SafeNet Launches New Cryptographic Key Mgmt for US Government (American Security Today) SafeNet Assured Technologies, has released its latest cryptographic key management solution, KeySecure for Government – which is manufactured, sold, and supported in the U.S. exclusively by SafeNet Assured Technologies

Lavabit Reopens, Snowden's Former Email Provider (Bleeping Computer) Lavabit, the encrypted email service provider once used by Snowden, has announced it will reopen its doors after a three-year hiatus during which it developed new email technology

InTechnology catches Core Security distribution deal (ARN) Signs first local distribution agreement with cyber security company

Litigation, Investigation, and Enforcement

FBI questions Rutgers student about massive cyber attack (NJ[.]com) The FBI has interviewed a Rutgers University computer science student who has been identified by a well-known cyber security blogger as the likely author of the malicious code that caused a massive Internet disruption in October

Security researcher Brian Krebs believes to have discovered who created the Mirai botnet (Neowin) Noted security researcher Brian Krebs, who publishes on Krebs on Security, did a lot of digging over the last several months. He now believes to have uncovered the identity of the creator of the Mirai worm code, a strand of malware that infects Internet of Things devices and hijacks them for denial of service attacks

U.S. SEC probing Yahoo over previously disclosed cyber breach -filing (Reuters) The U.S. Securities and Exchange Commission is investigating a previously disclosed data breach at Yahoo Inc, the company said in a filing

The SEC is reportedly investigating why Yahoo took so long to disclose that it was hacked (TechCrunch) As if two massive data breaches affecting more than one billion users isn’t enough, Yahoo is now under investigation from the SEC for not disclosing the hacks sooner, according to a Wall Street Journal report

U.S. Eyes Michael Flynn’s Links to Russia (Wall Street Journal) Counterintelligence agents have investigated communications by President Trump’s national security adviser, including phone calls to Russian ambassador in late December

The strange case of Lt. Cmdr. Edward Lin (Navy Times) When Navy Lt. Cmdr. Edward Lin was first arrested at the Honolulu airport in 2015 on a flight to China, military investigators thought they had uncovered an espionage case of epic proportions – a Mandarin-speaking Asian-American military officer accused of leaking highly sensitive U.S. military secrets to Chinese and Taiwanese officials

German police arrest man on suspicion of planning attack (Reuters) German police said on Sunday they arrested a 21-year-old man on suspicion of planning a militant attack, and linked his case to that of a second suspect in Vienna

Spanish police nab suspected hacker behind Neverquest banking malware (SCO) Neverquest can steal credentials used for banking websites

DOJ: Microsoft isn’t harmed when it can’t tell users what data we want (Ars Technica) Meanwhile, Microsoft says DOJ has expanded "power to conduct secret investigations"

Indian Government is Training Policemen to Crackdown Electronic Fraud (Deep Dot Web) Indian government and law enforcement are allocating increased capital in training police officers to crackdown electronic fraud involving online transactions. A facility was launched in the police headquarters in Kasaba Bawada to ensure police officers obtain necessary information and technical expertise to detect electronic fraud

Yukon gov't vows privacy not at risk after commissioner raises concerns (CBC) Privacy commissioner said she's worried about government departments sharing citizens' personal information

Qualcomm fires back against Apple over lawsuit and FTC action (TechCrunch) Never a dull moment in the smartphone wars. This week, Qualcomm started getting serious regulatory heat when the Federal Trade Commission filed charges against the chipmaker, accusing it of anticompetitive tactics designed to shut competitors out from supplying components to handset companies

School sues sysadmin for wiping its only login to Gmail (Naked Security) A college that sacked its IT administrator is claiming that he took his admin password with him, wiped it clean off his work PC (and “damaged” the machine to the point where it’s no longer usable), thereby rendered the school incapable of accessing its Gmail account, deprived some 2,000 students of their email and coursework, and is now suing him for $250,000 in damages

Cyber Attacks, Threats, and Vulnerabilities

Microsoft Warns that Hacked Virtual Machines Are a Very Real Threat (BizTech) Businesses need to guard against having their cloud environments turned against them

Satan ransomware-as-a-service gives malware customising tools to hackers on dark web (International Business Times) Satan allows cybercriminals to make subscription payments to use third-party created ransomware

What You Need To Know About The iMessage Security Flaw (Panda) With everything that’s gone down in 2016 it’s easy to forget Tim Cook’s and Apple’s battle with the FBI over data encryption laws. Apple took a strong stance though, and other tech giants followed suite leading to a victory of sorts for (the little guy in) online privacy

Android Trojan Hijacks Google Play Store, Covertly Downloads or Purchases Apps (Bleeping Computer) Security researchers have discovered a new Android trojan named Skyfin that can infiltrate the local Play Store Android app and download or purchase other apps behind the user's back

Sage 2.0 Ransomware (SANS Internet Storm Center) On Friday 2017-01-20, I checked a malicious spam (malspam) campaign that normally distributes Cerber ransomware. That Friday it delivered ransomware I'd never seen before called "Sage." More specifically, it was "Sage 2.0"

Ransomware Locks Down Public Libraries at All Locations Across Saint Louis (Bleeping Computer) The Saint Louis Public Library (SLPL) announced that ransomware had hit all computers at all their branches across the city forcing the institution to halt all operations for the time being

India’s Famous Horse Racing Site Hacked with Dharma Ransomware (Hack Read) The new version of Dharma ransomware is targeting sites like the old way

Coalition of Cryptographers, Researcher Urge Guardian to Retract WhatsApp Story (Threatpost) A coalition of some of the globe’s top researchers and cryptographers are pleading with The Guardian to retract a story it published last week in which it suggested the encrypted messaging app WhatsApp contained a backdoor

Security Researchers Urge The Guardian to Retract WhatsApp “Backdoor” Story (Softpedia) Researchers believe the claims about WhatsApp are false

Android Banking Trojan Source Code Leaked Online, Leads to New Variation Right Away (Bleeping Computer) The source code of an unnamed Android banking trojan has been recently leaked online via an underground hacking forum, say researchers from security firm Dr.Web

Warning from US-CERT: Shadow Brokers Selling a Zero-Day Exploit Targeting the Server Message Block Protocol (SOCpedia) According to the US-CERT, the Shadow Brokers – a hacking group that made public part of the Equation Group’s arsenal of exploits and tools – might have an SMB zero-day exploit they are trying to sell as part of the database they supposedly swiped from the aforementioned NSA-connected company

Meitu photo retouching app may be invading your privacy (Help Net Security) Have you heard about Meitu, the photo retouching mobile app that turns people into more cutesy or beautiful versions of themselves? Chances are that even if you don’t know the app’s name, you’ve already seen examples of the final product posted on a social network of your choice

Meitu, a Viral Anime Makeover App, Has Major Privacy Red Flags (Wired) Meitu is a popular app that transforms your selfie into an adorable anime character. You’ve probably already downloaded it. In exchange for the simple pleasure of giving you an absurd makeover, though, it demands sprawling access to your personal data and numerous features of your smartphone, seemingly collecting a bloat of information about you in the process. Wannabe nymphs and sprites everywhere: be warned

Already on probation, Symantec issues more illegit HTTPS certificates (Ars Technica) At least 108 Symantec certificates threatened the integrity of the encrypted Web

Algerian Phishing Attempt (Wapack Labs) A Red Sky Alliance member is reporting a suspected phishing email to Wapack Labs. Subsequent analysis reveals the campaign was initiated by an Algerian threat actor associated with a known hacking team

Lloyds Services Taken Out by Alleged Cybercrime Gang (Infosecurity Magazine) A denial of service blitz aimed at some of the UK’s biggest high street lenders a fortnight ago took services at Lloyds Banking Group offline intermittently for two days, it has been claimed

Overseas cyber attackers targeted Lloyds (Financial Times) Lender’s digital services hit for more than 2 days by international gang

BBC, NYT Twitter accounts hacked; posts fake news about Trump and Putin (HackRead) The fake news saga continues, this time with Twitter accounts of mainstream media outlets

Hacked New York Times Twitter account warns of imminent Russian missile attack (The Hill) The New York Times Video Twitter account appears to have been hacked — possibly twice — Sunday morning

'The New York Times' Twitter Account Reportedly Hijacked, Fake News Post Claims Vladimir Putin Considering Attacking U.S. (Inquisitr) The Twitter account of New York Times Video was reportedly hacked Sunday morning — possibly twice — with one post claiming that Russia’s Vladimir Putin was planning to attack the United States with missiles

Dawn under cyber attack (Dawn) In keeping with the principles of a free and independent press, it is necessary for us to inform our readers and place on public record that Dawn has come under sustained cyber attacks over the last two weeks. A statement issued by dawn.com says the origin of these attacks is unconfirmed as yet

Twitter Accidentally Made Half a Million People Follow Trump (Motherboard) Update, Jan. 21, 2017: Today, Twitter CEO Jack Dorsey confirmed users' claims that Twitter had automatically followed the @POTUS account (at this point, under the authorship of President Donald Trump) for them. Approximately 560,000 people were affected by a flaw in the script used to migrate followers to the new archival handles

Radio Station Transmission Hacked with F*** Donald Trump Song (HackRead) Hackers played the song on Louisville, Kentucky’s local radio station for 15 minutes

Sundance Cyber Attack: Festival Box Office Shut Down (The Wrap) Sundance Institute said screenings will go on as planned

Top 6 Types of Rogue Security Software (The Merkle) In this day and age of online attacks, it becomes all the more important to protect one’s computer and other devices against the various threats. Criminals often try to bypass existing security solutions on the device in question, but they also distribute fake tools that allegedly prevent these attacks from happening. This trend is called “rogue security software,” and has been proven to be quite successful over the past few years

Heartbleed: 200,000 websites still vulnerable to OpenSSL security flaw (Computing) Shodan search engine reveals that many systems remain unpatched for OpenSSL bug

A flawed medical device, a troubling response (Christian Science Monitor Passcode) A case involving software vulnerabilities in medical electronics reveals the inability for both the health care sector and federal regulators to swiftly address cybersecurity problems

How vulnerable are you behind the wheel of your connected car? (CSO) Your car provides you with more than just transportation. And criminals want at that information

FCC warns of national security risks from IoT, private networks (Federal Times) The Federal Communications Commission has released a white paper on cybersecurity risk reduction that surveys the increasingly larger “exposed attack surface” created by connected consumer devices on privately owned and managed communications networks

Trident test fail could have been down to software glitch (Computing) The recent Trident missile which veered off course was fired from a submarine that had just completed an IT system upgrade

Security Patches, Mitigations, and Software Updates

It’s About To Get Even Easier to Hide on the Dark Web (Wired) Sites on the so-called dark web, or darknet, typically operate under what seems like a privacy paradox: While anyone who knows a dark web site’s address can visit it, no one can figure out who hosts that site, or where. It hides in plain sight. But changes coming to the anonymity tools underlying the darknet promise to make a new kind of online privacy possible. Soon anyone will be able to create their own corner of the internet that’s not just anonymous and untraceable, but entirely undiscoverable without an invite

Design and Innovation

ZCash on Ethereum: Anonymity With Smart Contracts (Cryptocoin News) Ethereum was designed and developed to operate as the base protocol for smart contract settlements. It allows multiple parties to establish unalterable agreements with one another for several use cases, mainly for legal purposes

India turns to AI as cyber warfare threats grow (Interaksyon) In the darkened offices of a tech start-up, a handful of computer engineers sifts through a mountain of intelligence data that would normally be the work of a small army of Indian security agents

Ethics — the next frontier for artificial intelligence (TechCrunch) AI’s next frontier requires ethics built through policy. Will Donald Trump deliver?

Hack a Furby to Rickroll Your Friends Through Its Creepy Eyeball Menu (Motherboard) The first generation of Furby, the owlish electronic toy made by Hasbro, was met with enormous consumer demand when it hit shelves in November 1998

A history of the Amiga, part 10: The downfall of Commodore (Ars Technica) The Amiga was a machine ahead of its time, but Commodore was in trouble

Legislation, Policy and Regulation

Three Observations on China's Approach to State Action in Cyberspace (Lawfare) We just returned from 36 hours in Beijing as part of a small group of American academics and government representatives to meet with Chinese counterparts about contemporary issues in cybersecurity

Russia should not think sanctions will be lifted soon: PM (Reuters) Russia should part with the illusion that Western sanctions against the country will be lifted soon, Russian Prime Minster Dmitry Medvedev said on Sunday

Policy tied Obama’s hands in cyberspace, says White House Cybersecurity Coordinator (CyberScoop) America’s commitment to an open internet somewhat ties its hands in defending against and responding to hacking attacks like those during the election campaign or against Sony Pictures, outgoing White House Cybersecurity Coordinator Michael Daniel said

Trump Administration Highlights Offensive Cyber in First Moments (Nextgov) President Donald Trump’s administration Friday highlighted offensive cyber actions among its first digital messages to the American people

Trump pledges to boost U.S. Cyber Command, use 'cyberwarfare' in foreign policy strategy (Inside Cybersecurity) The Trump administration is planning to boost cyber offensive capabilities at U.S. Cyber Command and collaborate with foreign allies to “engage in cyberwarfare to disrupt and disable propaganda and recruiting,” according to the policy statements issued by the White House following President Trump's swearing in ceremony on Capitol Hill

Making Our Military Strong Again (The White House) Our men and women in uniform are the greatest fighting force in the world and the guardians of American freedom. That’s why the Trump Administration will rebuild our military and do everything it can to make sure our veterans get the care they deserve

Recommendations on cyber security for the 45th president… Use more hackers (TechCrunch) 2016 was an extraordinary year. A record number of security breaches affected billions of people worldwide, including cyber attacks that dramatically impacted the course of businesses and governments

Trump to CIA: ‘I Am So Behind You’ (Voice of America) President Donald Trump, who has sharply criticized the U.S. intelligence community, told workers at the Central Intelligence Agency (CIA) on Saturday, "I am so behind you"

Ex-CIA chief Brennan bashes Trump over speech during CIA visit (CNN) Former CIA Director John Brennan is "deeply saddened and angered" at President Donald Trump after the commander in chief addressed CIA employees at their headquarters in Langley, Virginia, on Saturday, Brennan's former deputy chief of staff says

US Senate Confirms Mattis for Defense Secretary (Defense News) The US Senate overwhelmingly approved two of President Donald Trump's national defense nominees, Defense Secretary James Mattis and Homeland Security Secretary John Kelly — both retired Marine generals

In memo, Mattis signals closer ties between the Pentagon, State Department, intelligence agencies (Military Times) Defense Secretary James Mattis on Friday signaled that his tenure at the Pentagon will bring closer ties between the military, State Department and America's intelligence agencies

Kelly Confirmed to Lead Department of Homeland Security (Washington Free Beacon) Former Southcom commander to handle immigration, border security, domestic terror threats

U.S. spies fear allies will stop sharing intel under Russia-friendly Trump (Politico) Trump's overtures to Russia have stoked concerns that long-cherished ties with European intelligence counterparts could become strained

Head of US Patent Office Michelle Lee will remain under President Trump (Ars Technica) Ex-Google lawyer who supported Obama-era patent reform proposals will stay

Defense Industry Hopeful Trump Will Pick Up Obama's Legacy of Export Control Reform (Defense News) As US President Donald Trump takes office on Jan. 20, the defense industry will be looking for him to build on one of the Obama administration’s wonkiest accomplishments: the quiet but sweeping overhaul of the many regulations that control weapons exports

Trump’s Reported Pick to Run the FCC, Ajit Pai, Wants to Kill Net Neutrality (Motherboard) President Donald J. Trump has chosen Republican Ajit Pai to lead the Federal Communications Commission, according to Politico, in a move that lays the groundwork for a broad rollback of consumer protections at the nation’s top telecom regulatory agency

Congressional panels duel to be top dog on cyber (Washington Examiner) Two different Senate committees are holding confirmation hearings this week for the nominee to lead the Office of Management and Budget, a subtle nod to jurisdictional issues that Congress and the Trump administration will face in writing cybersecurity policy this year

IRS to delay tax refunds as a security precaution (CSO) The trade-off between security and personal welfare is a tough one

U.S. Digital Service grew into a ‘monster,’ will Trump rein it in? (Federal News Radio) After spending the last two years as the darling of the White House, the U.S. Digital Service, in its current incarnation, is not long for this world

Marketplace

Comodo: 'Massive' Talent Shortage Driving Business To Security-As-a-Service Providers (CRN) Nearly one year after debuting its end-to-end security-as-a-service offering Comodo 360, Comodo’s Vice President Sales North America, George Muldoon, calls the reception "nothing short of amazing"

Infosec certification and the talent shortage crisis (Help Net Security) As more enterprises aspire to create future workspaces and harness the benefits of a mobile workforce that leverages cloud platforms, there’s a greater need to implement appropriate measures to secure data, infrastructures, applications, and users wherever they may reside

4 ways to find cyber jobs in the federal government (Federal Times) While the buzz of the incoming Trump administration’s federal hiring freeze hangs thick in the air, one skillset that’s still very much in demand centers on cybersecurity

Can cybersecurity boot camps fill the workforce gap? (Christian Science Monitor Passcode) A startup in Denver and an initiative in Chicago are using cybersecurity boot camps to quickly prepare workers to fend off digital attacks

Oracle to axe hundreds of staff (Computing) Oracle moves to lay off up to 1,700 staff, according to some reports, as it reduces its Santa Clara hardware systems division

Army bug bounty program pays hackers 'around $100,000' (The Hill) Statistics are in from the Army’s first bug bounty program, and the program appears to have been a success

Polaris Alpha Targets Cyber, SIGINT Market Expansion Through Intelesys Buy (GovConWire) Polaris Alpha, a portfolio company of investment firm Arlington Capital Partners, has bought cyber, network and software engineering services provider Intelesys for an undisclosed sum in a push to expand presence in the cyber and signals intelligence market

With IPO on Horizon, Zscaler Adds Industry Veteran to Board (Wall Street Journal) Former Cisco Systems executive Charles Giancarlo will join billion-dollar cybersecurity startup

What Does Intel Security Group Have to Offer before Spin-Off? (Market Realist) In the previous part of the series, we saw that Intel (INTC) is falling behind Xilinx (XLNX) in the programmable solutions market. Xilinx is now targeting the cloud market, which poses a threat to Intel. Like memory and programmable solutions are core to Intel’s vision of the connected world, so is security. However, the company is spinning off the McAfee business it acquired in 2011

ERPScan Reached Incredible 367% Revenue Growth in 2016 (PR[.]com) ERPScan, a leading SAP and Oracle security solutions provider, released its Review of the Year 2016

Loyaltybuild to maintain operation after cyber attack (Irish Examiner) The firm behind the business that was victim to a “very sophisticated cyber attack” in 2013 is to maintain its presence here, but with a reduced workforce

Ron Gula, NSA hacker-turned-CEO, steps into the investment space (Washington Post) When Ron Gula joined the National Security Agency in the mid-1990s, the world was still storing information on floppy disks

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Enigma (Oakland, CA, USA, January 30 - February 1, 2017) Join a diverse mix of experts and enthusiasts from industry, academia, and government for three days of presentations and open sharing of ideas. Our focus is on current and emerging threats and defenses in the growing intersection of society and technology. Our goal is to foster an intelligent and informed conversation with the community and with the world, including a wide variety of perspectives, backgrounds, and experiences.

upcoming Events

SANS Las Vegas 2017 (Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately.

BlueHat IL (Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.

SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but have no real concept of how to create and produce proper intelligence. The 2017 Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to all ranges of adversaries including some of the most sophisticated threats targeting your networks

Blockchain Protocol and Security Engineering (Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary collaboration among practitioners and researchers in blockchain protocols, distributed systems, cryptography, computer security, and risk management.

CyberTech (Tel Aviv, Israel, January 30 - 31, 2017) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provides attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provides an incredible platform for Business to Business interaction.

National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, January 31 - February 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global credit union community! Protecting the Credit Union’s global infrastructure to sustain cyber resilience requires an unprecedented level of public- and private-sector cooperation, collaboration and coordination and includes access to the real-time availability of proactive “actionable” threat intelligence; analysis of potential impacts; coordinated countermeasure solutions and response; cybersecurity best practice adoption and role-based workforce education.

Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, February 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks often get in the way. Join us for lunch and an action-oriented discussion about ways you can improve your security incident response program in 2017. The conversation will be led by certified SANS instructor Alissa Torres, and Rsam CISO Bryan Timmerman. Attend and earn CPE credits towards your ISACA and (ISC)2 certifications.

Insider Threat Program Development Training For NISPOM CC 2 (Toms River, NJ, USA, February 6 - 7, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 6-7, 2017, in Toms River, NJ. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, February 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media.

SANS Southern California - Anaheim 2017 (Anaheim, California, USA, February 6 - 11, 2017) Learn practical, relevant tips and techniques from industry leaders. Join us for SANS Southern California - Anaheim 2017, and choose from eight courses on cyber defense, penetration testing, incident response, threat hunting, ethical hacking, IT management and ICS/SCADA security. Some of our courses are in alignment with DoD Directive 8570 requirements for Baseline IA Certifications, and most courses have GIAC Certification attempts available. Take advantage of this opportunity to sharpen your skills and advance your career.

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.