Claimed FBI breach may be a hoax. RCMP looks into possible hack at Hydro One. New exploits circulate in the wild. Google issues Android patches. Investigating Russian hacks.
A claim by blackhat showboat CyberZeist to have compromised a US FBI website and dumped credentials on Pastebin looks bogus. The Register reports that the security team at Plone, which produces the FBI's content management system, says that it's a hoax: the email addresses seem to be derived from old publicly available dumps, and the password hashes don't add up, either.
Canadian authorities are investigating "a possible cyber threat" against Ontario's Hydro One electrical utility. There may be nothing more to it than there was to the Burlington Electric incident, but the Royal Canadian Mounted Police are on the case.
Several exploits in the wild draw security researchers' attention. Forcepoint reports the return of the MM Core backdoor spyware in two new variants, "BigBoss" and "SillyGoose." The GDI Foundation warns of a campaign actively targeting MongoDB. Fujutsu and its partners Forcepoint and Recorded Future are tracking the RIG exploit kit, which is now serving TrickBot and Madness/QuantLoader.
Ransomware retains its prominence in the threat landscape. It's increasingly seen equipped with DDoS and doxing functionality (Dunbar calls the latter "doxware"). GoldenEye ransomware is appearing in campaigns targeting HR departments, especially vulnerable because the nature of their business tends to make them willing to open email attachments. Some good news: Emsisoft has a decryptor for version 3 of Globe ransomware.
US investigators think about how to make the hacking case against Russia without tipping their hand, too much. One tip: don't illustrate that case with screenshots from Fallout 4 (apologies to CNN).
Today's issue includes events affecting Canada, Bahrain, Egypt, Ethiopia, European Union, Honduras, India, Indonesia, Iran, Mexico, Morocco, Nigeria, Russia, Saudi Arabia, Sudan, United Kingdom, and United States.
In today's CyberWire podcast, we hear from our partners at Palo Alto Networks, as Rick Howard describes security orchestration. Our guest today is Marika Chauvin from ThreatConnect on hacktivists versus faketivists. (Preview: Guccifer 2.0? Faketivist.)
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Cyber Attacks, Threats, and Vulnerabilities
Police investigating possible cyber threat against Hydro One (Toronto Star) The electricity distributor is assisting Canadian law enforcement agencies with an investigation into a possible cyber threat
What Hack? Burlington Electric Speaks Out (Threatpost) Two days before the start of the New Year’s holiday weekend, the Department of Homeland Security shared technical details and indicators of compromise related to tools used by Russian intelligence services in attacks allegedly attempting to influence the U.S. presidential election
The Real Cybersecurity Issues Behind the Overhyped ‘Russia Hacks the Grid’ Story (Green Tech Media) No, the U.S. power grid was not hacked by Russia—but utilities still face some real cybersecurity threats
The U.S. Government thinks thousands of Russian hackers may be reading my blog. They aren't. (Intercept) After the U.S. Government published a report on Russia’s cyber attacks against the U.S. election system, and included a list of computers that were allegedly used by Russian hackers, I became curious if any of these hackers had visited my personal blog. The U.S. report, which boasted of including “technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services,” came with a list of 876 suspicious IP addresses used by the hackers, and these addresses were the clues I needed to, in the end, understand a gaping weakness in the report
Hacker claims FBI CMS zero day hack, dumps 155 purported logins (Register) Vendor devs: It's a hoax
FBI website hacked by CyberZeist and data leaked online (Security Affairs) The notorious black hat hacker CyberZeist (@cyberzeist2) has broken into the FBI website FBI.gov and leaked data on Pastebin
Spy code dormant for three years resurfaces in two new variants (Register) BigBoss and SillyGoose based on MM Core backdoor
MM Core In-Memory Backdoor Returns as "BigBoss" and "SillyGoose" (Forcepoint) In October 2016 Forcepoint Security Labs™ discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as “BaneChant”, MM Core is a file-less APT which is executed in memory by a downloader component. It was first reported in 2013 under the version number “2.0-LNK” where it used the tag “BaneChant” in its command-and-control (C2) network request. A second version “2.1-LNK” with the network tag “StrangeLove” was discovered shortly after
HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks (CSO) The certificate validation mechanism relied on weak 32-bit signatures that were susceptible to collisions, researcher found
MongoDB Databases being Targeted by Cyber-criminals for Ransom (HackRead) Unprotected MongoDB are at risk again
RIG EK Dropping TrickBot Trojan & Madness/Quant Loader DoS Bot (Infosecurity Magazine) As the exploit market begins to diversify, it has seen the introduction of new threats, the most recent being the inclusion of a relative new comer in TrickLoader and an older threat known as TrickBot. Arbor Networks identified the bot in 2014, with the insights identifying the types of attacks it was capable of
Botnet-Powered Iot Devices Create New Avenues Of Attack Says New Report By Surfwatch Labs (PRWeb) Service interruption via DDoS and supply chain threats are among the leading causes of cybercrime over the past year
DDoS-for-hire services thrive despite closure of major marketplace (CSO) HackForums.net has shut down its Server Stress Testing section, which was accused of selling DDoS-for-hire services
FireCrypt Ransomware Comes With a DDoS Component (Bleeping Computer) A ransomware family named FireCrypt will encrypt the user's files, but also attempt to launch a very feeble DDoS attack on a URL hardcoded in its source code
Pseudo-Darkleech Actors Behind a Large Chunk of Ransomware Attacks in 2016 (Bleeping Computer) A cyber-crime infrastructure known in infosec circles as pseudo-Darkleech has been the source of many ransomware infections during the past year, either by malicious spam attachments or via automated attacks carried out via exploit kits
Ransomware Has Evolved, And Its Name Is Doxware (Dark Reading) The latest form of malware holds computers hostage and compromises the privacy of conversations, photos, and sensitive files
HR managers beware: Ransomware could be your next job applicant (Tech Republic) A new campaign to distribute ransomware known as GoldenEye takes aim at HR departments via fake job applications. Here's how to keep your company safe
WSJ: How a Michigan Utility Got Hacked with Ransomware (LinkedIn) With all of the experts opining about the "disconnected" laptop at a Vermont utility, it's easy to have missed this story by veteran WSJ reporter Rebecca Smith that appeared on Friday afternoon
Schools warned about cold-calling ransomware attacks (Hot for Security) Schools and colleges are being warned to be on the lookout for ransomware attacks, after a wave of incidents where fraudsters attempted to trick educational establishments into opening dangerous email attachments
Ransomware took in $1 billion in 2016--improved defenses may not be enough to stem the tide (CSO) According to a security expert who requested anonymity, ransomware cybercriminals took in about $1 billion last year
Proofpoint Finds Social Media Phishing Scam Steals Credentials And Credit Cards (Information Security Buzz) In a new blog post researchers from Proofpoint have tracked a phishing campaign leveraging the concept of “Twitter Brand Verification”. Because the actors in this case are relying on paid, targeted ads on Twitter, users don’t need to do anything to see the phishing link. Attackers are increasing the sophistication of social engineering approaches and extending them across social channels. Users and brands need to be increasingly savvy to avoid getting snared by ads, accounts, and messages that initially look legitimate. While this attack was observed on Twitter, such a scam could be implemented on any social media platform that implements some form of account verification
Mixed Messages : Novel Phishing Attempts Trying to Steal Your E-mail Password Goes Wrong (SANS Internet Storm Center) A writer wrote in to send us an interesting phishing attempt they had received at their organization. An email from a school domain that purported to be VetMeds send an "encrypted" PDF that required a user-name and password to log in to. The subject of the email was "Assessment document". The PDF itself was created with Microsoft Word and included a link that suggested it was a locked document and you needed to click a link to unlock it which pointed to chai[.]myjino[.]ru and gave a screen with a purported PDF behind it and a login box that it happily accepts. Below are some screenshots, but some notes. Updated versions of Acrobat should ask before going off to bad websites. What I found interesting was the lure was a VetMeds assessment but the underlying document at the Russian website is for a SWIFT transaction, so some mixed messages there
Latest WhatsApp Scam Infects Users with Banking Malware (Hack Read) Currently, this scam is targeting users in India
Olympic Vision aka Codelux (Wapack Labs) Wapack Labs assesses, with moderate confidence, that Olympic Vision products will continue to be sought after as a one-stop-shop for cyber criminals
NHS Data Security Incidents Top List Again (Infosecurity Magazine) The UK’s healthcare sector once again accounted for the largest number of data security incidents in Q3 2016, although the charity, education and finance sectors revealed a bigger jump in incidents from the previous quarter, according to the ICO
'Mommy, I was shopping': Six-year-old Arkansas girl uses her sleeping mom's fingerprints to unlock iPhone and buy 13 Pokemon gifts on Amazon for a total of $250 (Daily Mail) Bethany Howell of Maumelle, Arkansas, was lying on her couch with her daughter, Ashlynd, one evening earlier this month. The two were watching a movie shortly before Bethany put her daughter to bed. After Bethany dozed off, Ashlynd took her mother's thumb and used it to unlock her iPhone. Ashlynd then bought $250 worth of Pokemon gifts on Amazon. The next day, Bethany saw the amount of money that was spent and initially thought she had been hacked
Security Patches, Mitigations, and Software Updates
Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm (Threatpost) Google has patched ten critical vulnerabilities tied to problem-plagued Android components like Mediaserver, NVIDIA’s GPU driver, and Qualcomm’s driver. The most serious bug, according to Google’s January Android Security Bulletin, is the Mediaserver vulnerability
Android Security Bulletin—January 2017 (Android) The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer site. Security patch levels of January 05, 2017 or later address all of these issues. Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level
Avast cyber security predictions for 2017 (Avast Blog) In 2017, the sophistication of the technology, strategies, and methods employed by cybercriminals will continue at an accelerated rate
2017 To Bring More Ransomware, IoT DDoS Attacks, And SCADA Incidents (Dark Reading) As hackers begin to target corporations in an attempt to extort higher ransom fees, the threat will only become more serious
Smart, safe data sharing will power the new economy (Help Net Security) Companies need to accept tradeoffs to foster “digital trust” with employees if they want to gather the workplace data necessary to realize the full economic and competitive benefits of the Internet of Things (IoT) and the sharing economy, according to a new study by AIG
What developers and managers are saying about application security challenges (Help Net Security) Despite showing moves toward earlier and more frequent security testing throughout the development process, there are still hurdles development and security teams must overcome when it comes to securing applications, according to Veracode
Cyber-Security Lessons We Learnt from 2016 (Read IT Quick) The year 2016 proved to be a bane with respect to cyber-security, with many private and public entities falling victim to major cyber incidents. Even the US Presidential elections were not spared, thus raising the question—Who is safe in an increasingly virtual world? As technology evolves and becomes more connected, it will be easier for hackers to tap into the vulnerabilities. Unfortunately, we learnt it the hard way. Here are some very real lessons in security management from the cyber incidents of 2016
A visual map of emerging cybersecurity trends (Tech Republic) A study by TechRepublic and data firm Affinio reveals the social media communities and influencers talking about IoT, ransomware, bots, and other cybersecurity threats
Cyber Insurance Adoption Soared 50% in 2016 (Infosecurity Magazine) Adoption of cybersecurity-related insurance grew 50% in the UK between 2015 and 2016, driven by fears of an online attack and the introduction of upcoming European data laws, a leading underwriter has revealed
Cyberwar for Sale (New York Times) After a maker of surveillance software was hacked, its leaked documents shed light on a shadowy global industry that has turned email theft into a terrifying — and lucrative — political weapon
Better Buy: FireEye Inc vs. Fortinet Inc (Fox Business) With the shift to the cloud in full swing, along with the impact of the Internet of Things (IoT) and the reams of information its "gadgets" collect, the need for security solutions seems obvious. So, why did FireEye Inc(NASDAQ: FEYE) have such a dismal 2016 and Fortinet (NASDAQ: FTNT) merely a so-so year?
Why FireEye Will Have A Strong 2017 (Seeking Alpha) FireEye’s revenue growth in 2017 will lead to an upside in the stock price, while a strong market share and a growing end-market will ensure that the momentum continues. FireEye is the leader in the STAP market with a share of 38%, which is great news as the market size will expand to $3 billion in 2019. FireEye’s new cloud-based offerings will allow it to gain more customers as it can differentiate between public, hybrid, and private clouds, thereby serving customer preferences in a better manner. If FireEye keeps its market share intact, its revenue will rise to more than $1.1 billion in 2019, leading to upside of over 60% in the next three years. FireEye has been able to bring down its cost base in an impressive manner by bringing certain functions in-house and reducing the headcount, which has allowed it to reduce costs
Cyber security co Checkmarx prepares for Nasdaq IPO (Globes) Deloitte described Checkmarx as Israel's fastest growing cyber company
Corero's 'as a service' offering off to good start (Proactive Investors) Introduced in the fourth quarter of last year, the alternative to the traditional licensing model had already had five takers
Bitcoin’s First Felon Wants to Use Ethereum to Buy Up Michigan’s Waste Industry (Motherboard) Charlie Shrem once branded himself "bitcoin's first felon." In December of 2014, Shrem was sentenced to two years in prison for knowingly processing funds associated with Silk Road, a darknet marketplace for illegal drugs
Microsoft’s head of threat intelligence leaves to join Dragos (CyberScoop) Sergio Caltagirone, Microsoft’s head of threat intelligence analysis, announced Tuesday he had left the tech giant to join Dragos, an industrial control center cybersecurity company started in 2013 by former NSA officers
Checkmarx Appoints Shmuel Arvatz as Chief Financial Officer (Yahoo! Finance) Checkmarx, a global leader in application security testing, today announced Shmuel Arvatz as the company’s new chief financial officer (CFO). In this role, Mr. Arvatz will report to Checkmarx CEO Emmanuel Benzaquen, and will have global responsibility for leading the company's financial operations, as well as legal and other various operational departments
NJVC Promotes 3 to Leadership Team (Washington Exec) Chantilly, Virginia-based information technology solutions provider NJVC announced Dec. 19 the promotion of three to its leadership team: Patrick O’Neil as senior vice president of operations; Dr. Susan Hall as chief technology officer; and Robert Jeffrey “Jeff” Bongianino as VP of business development
NSA’s top cyber-defender leaves after reorganization (CyberScoop) Curtis Dukes, the NSA official who headed up its cyber-defenders, the famed Information Assurance Directorate, has left the agency — a few months after IAD was merged with the offensive, eavesdropping side of the house, the Signals Intelligence Directorate
Bromium Wins 2016 Government Security News Homeland Security Awards (Yahoo! Finance) Bromium®, Inc., the pioneer and leader in virtualization-based enterprise security that stops advanced malware attacks, today announced it has received two Government Security News Homeland Security Awards. The awards were announced on December 19, and cover a myriad of security solutions from vendors around the world. Bromium competed in two categories where it has a solid track record of providing outstanding security for its many federal government customers
Products, Services, and Solutions
Oxygen Forensic® Detective extracts current and deleted SIM card data (Oxygen Forensics) Oxygen Forensics releases a major update to its flagship forensic software, Oxygen Forensic® Detective v.9.1.1. With this version you can extract actual and deleted contacts, calls, messages and other available data from SIM cards via card reader. The updated Oxygen Forensic®® Detective now displays the detailed Wi-Fi history of Google Mobile Services from Android devices\
Army upgrading command and control, fires support (C4ISRNET) The Army announced this week it has awarded Leidos a contract for the next iteration of its Advanced Field Artillery Tactical Data System (AFATDS), a command and control software system used to coordinate fires
Leidos chooses servers for Army sigint system (C4ISRNET) Leidos has chosen servers from Crystal Group Inc. for the Army's eXpeditionary RT real-time signals intelligence system
It's a Big "Where" in "Everywhere" (SC Magazine) At Centrify we're big believers in multifactor authentication (MFA) and we're strong supporters of “MFA Everywhere.” Passwords don't protect us, our data or our businesses – and we need something better
WISeKey Makes Available Its Cryptographic Root of Trust to IoT Manufacturers (OEMs) and Service Providers (SPs) Worldwide to Protect Their Devices and Services (Yahoo! Finance) WISeKey International Holding Ltd (WIHN.SW) (“WISeKey”) today announced that it has made available its Cryptographic Root of Trust (RoT) to IoT manufacturers (OEMs) and service providers (SPs) worldwide allowing them to add the RoT at the IoT hardware level to encrypt the communication and authenticate their devices. WISeKey is already working with many IoT manufactures in China and India and has developed an IoT center of excellency in both countries
Technologies, Techniques, and Standards
Emsisoft releases a decryptor for version 3 of the Globe Ransomware (Bleeping Computer) Once again, Fabian Wosar of Emsisoft has come to the rescue and released a decrypter for version 3 of the Globe Ransomware. This decryptor will decrypt the Globe Ransomware variants that commonly append the .decrypt2017 and .hnumkhotep extensions to encrypted files. This ransomware will also display a ransom note similar to the one below
Medical Device Security Guidance Released by FDA as Threats Multiply (eWeek) To help advance the state of medical device cyber-security the U.S Food and Drug Administration is providing new guidance to help improve health care cyber-security in 2017
IoT Trust Framework: The foundation for future IoT certification programs (Help Net Security) The Online Trust Alliance (OTA) released its updated IoT Trust Framework. Serving as a product development and risk assessment guide for developers, purchasers and retailers of Internet of things (IoT) devices, the Framework is the foundation for future IoT certification programs
GDPR: what does the new EU data protection law mean for small businesses? (Naked Security) After we published last week’s 2017 to-do list for General Data Protection Regulation (GDPR) compliance, readers asked the question: what, if any, impact does this have on small businesses?
The General Data Protection Regulation (GDPR) (LogRhythym) Get the facts and prepare your business
Wi-Fi risks: Delivering a secure hotspot (Help Net Security) The fact that Wi-Fi stands for Wireless Fidelity hints at how long Wi-Fi has been around, but it was only in 1999 that the Wi-Fi Alliance formed as a trade association to hold the Wi-Fi trademark, under which most products are sold. Today, Wi-Fi is on the top of the list of must-haves for businesses of all types and sizes. People will simply vote with their feet if good and, usually free, Wi-Fi is not available
How Automation Can Help Agencies Thwart Today’s Cyber Adversaries (FedTech Magazine) Agencies need to be more efficient about cybersecurity, because every lost minute can make the difference between a successful attack and an unsuccessful one
The trouble with third-party security assessments (CSO) If you let one customer perform security tests against your applications and network, you let yourself in for a lot of headaches
Warning not to spend IT security cash on the wrong things (Naked Security) Organisations are spending just 5% of their IT budget on security, according to a survey from Gartner. And before readers consider benchmarking their spend against others in their field, that’s not going to work, the company says
Your new year’s resolution: review your password habits (Naked Security) It’s that time again – new year, new you, new resolutions … new passwords? Or will you be one of the many who simply use the same password over and over again – in the office as well as at home?
Demand Swells for Critical Infrastructure Training (SIGNAL) In response, the DHS bolsters courses on protecting the physical and cyber realms
Design and Innovation
FTC sets $25,000 prize for automatic IoT patching (CSO) Feds cite use of internet-connected cameras to launch botnet attack as proof that better security is needed
The FTC’s Internet of Things (IoT) Challenge (KrebsOnSecurity) One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC)
Cyber Beyond Third Offset: A Call for Warfighter-led Innovation (War on the Rocks) As the Obama administration comes to an end, so does the innovation-focused tenure of Ashton Carter as secretary of defense. Under his leadership and the guiding precepts of the third offset, the Department of Defense initiated a series of Silicon Valley-inspired innovations. From chief innovation officers to the Strategic Capabilities Office and Defense Innovation Unit-Experimental, Carter’s Pentagon has focused on institutionalizing innovation. Unfortunately and as many other commentators have noted, this focus on top-down innovation may have unwittingly created innovation architectures that bypass the warfighter. As a result, critics question whether warfighter-led innovation can thrive in the third offset
Ford’s going to put Alexa in cars starting later this year (TechCrunch) A lot of car makers are building Alexa skills for their vehicles, but these tend to be about making it possible for car owners to do things like turn on their cars from inside their homes via their Echo devices. Ford and Amazon are building an Alexa integration that goes the other way, providing car-to-home voice control with Alexa embedded in Ford’s SYNC 3 infotainment system
Designer launches fabric to bamboozle facial recognition (Naked Security) Adam Harvey, the facial-recognition thwarting artist/technologist who brought us neon-blue hair hanging in our eyes and graphic black smears of makeup, admits that it can be, shall we say, aesthetically challenging to conceal a face
Research and Development
Cryptographers Rally to NIST Call for Quantum Computer Algorithms (Meritalk) Members of the cryptography community have expressed interest in the National Institute of Standards and Technology’s (NIST) recent call for an algorithm less susceptible to hacks from a computer that does not exist yet
Legislation, Policy, and Regulation
Cyber-Attacks May Threaten Global Democracy (Jakarta Globe) Russia's alleged cyber-attack on the United States Democratic National Committee has shocked the world. US intelligence services believe Russia launched the attack to influence the outcome of the recent presidential election. In fact, both the Central Intelligence Agency and the Federal Bureau of Investigation have explicitly accused the former Cold War foe of having helped Donald Trump win the election
Opinion: The hackers are winning (Christian Science Monitor Passcode) Unless Washington stops politicizing the response to the US election hack and focuses on improving the nation's digital security, the country remains vulnerable to devastating cyberattacks
Spy chief: US should use all tools to counter Russian hacking (Network World) Senators talk about economic and military options as retaliation for alleged Russian election hacking
Why Trump must save the government's privacy board (Politico) The board isn't just critical to protecting Americans' privacy. It also is vital for U.S. national security
Get Silicon Valley Execs out of Government Cyber, Major Report Urges (Nextgov) The incoming Trump administration should rely more on Washington bureaucrats to secure federal agencies and less on Silicon Valley CEOs, according to a Wednesday report prepared by lawmakers and cyber experts
The White House’s Techies Are Leaving Trump a Must-Do List (Wired) ‘Tis the season to say goodbye
Trump planning intel community shake-up, report says (Washington Times) President-elect Trump is making moves to shrink and re-arrange the intelligence community, according to a report Wednesday
Who hacked? Trump challenges intel agencies he'll oversee (AP via Military Times) President-elect Donald Trump escalated his blunt public challenge to the U.S. intelligence agencies he will soon oversee on Wednesday, appearing to embrace WikiLeaks founder Julian Assange's contention that Russia did not provide his group with the hacked Democratic emails that roiled the 2016 election
Trump’s criticism of intelligence on Russia is dividing Hill GOP (Washington Post) President-elect Donald Trump’s broadside against the intelligence community is dividing Capitol Hill Republicans, with some ready to pounce on Trump’s skepticism that Russia interfered with the U.S. elections and others urging a more cautious approach
Donald Trump Plans Revamp of Top U.S. Spy Agency (Wall Street Journal) President-elect works on restructuring Office of the Director of National Intelligence, tweets again his doubts that Russia hacked Democrats
Ex-Senator Leads Trump’s Picks for Intelligence Post (Bloomberg) Dan Coats is Director of National Intelligence front-runner. Townsend, Rogers, Bolton said to remain in consideration
Army stands up defensive cyber ops program office (C4ISRNET) The Army is continuing to signal its seriousness about integrating cyberspace from an organizational and operational construct. The latest iteration includes a recently stood up program office focused on managing acquisition of defensive cyber operations (DCO)
AF looks to ensure cyber resiliency in weapons systems through new office (U.S. Air Force) The Air Force, through its Life Cycle Management Center, has stood up the Cyber Resiliency Office for Weapons Systems (CROWS)
Cyber Command Seeks Acquisition Exec to Handle $75M Annual Rapid Procurement Funds (Government Executive) The U.S. Cyber Command looks to hire an acquisition professional to manage spending of the command’s $75 million annual rapid procurement funds through 2021 that Congress authorized under the 2016 defense authorization act, Federal News Radio reported Tuesday
Litigation, Investigation, and Law Enforcement
Uncertainty clouds debate on Russia's suspected role in election hacks (CSO) The U.S. has yet to offer new evidence -- or a smoking gun -- proving the Kremlin’s involvement
Shaky accusations hamper cyber case against Russia (Politico) The Obama administration’s efforts to press its election-hacking accusations against Russia could be undermined by a flurry of unfounded cyber charges against Moscow
FBI never examined hacked DNC servers itself: report (The Hill) The FBI never examined the Democratic National Committee’s (DNC) computer servers during its investigation into Russian attempts to interfere in the election, BuzzFeed reports
Report: FBI had private company examine DNC's hacked servers (Washington Examiner) The FBI did not look over the Democratic National Committee's servers before issuing a report that Russia had hacked the organization, according to a report published Wednesday evening. Other than the FBI, no federal agency has conducted an investigation into the DNC's email server since the incident was uncovered six months ago
The FBI Never Asked For Access To Hacked Computer Servers (BuzzFeed) The Democratic National Committee tells BuzzFeed News that the bureau “never requested access” to the servers the White House and intelligence community say were hacked by Russia
A Timeline of Trump’s Strange, Contradictory Statements on Russian Hacking (Wired) Since the cybersecurity community last summer pointed to the Russian government as the culprit behind the hack of the Democratic National Committee, reasonable people have disagreed with that finding. Even after US intelligence agencies came to the same conclusion with “high confidence,” skeptics have called on those agencies to reveal more of the evidence that linked that political attack to the Kremlin
CNN Report Shows Fallout 4 Screenshots to Explain Russian Hacking Scheme (HackRead) CNN is now being trolled over the use of Fallout 4 Screenshots
Nigerians Declare War on Cryptocurrency Scam (CoinTelegraph) Cryptography Development Initiative in Nigeria (CDIN) has created a platform called the “Nigeria Blockchain Alliance” (NBA) which brings together law enforcement agents, legal practitioners, forensic investigators and government agencies among others to collaborate in the fight against cryptocurrency related crimes within the country
Hacker To Make Amends By Bolstering Victim's Cybersecurity (Dark Reading) London youth who hacked a Derbyshire company let off in a 'restorative justice' agreement with the police
Man sues Verizon for $72 million, says negligence allowed him to commit ID theft (Graham Cluley) Stupid is as stupid does
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
NYS Cyber Security Conference (Albany, New York, USA, Jun 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's increasing sophistication has driven new trends in device mobility, social media, and expanded connectivity. Cyber security once considered an issue for IT staff has evolved into a concern for the entire organization. This year's conference examines the broad range of today's cyber challenges and the ways in which organizations can improve security, and create resiliency against cyber threats.
CES® CyberSecurity Forum (Las Vegas, Nevada, USA, Jan 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in the cybersecurity arena. The IoT, connected cars, new payment systems, VR and AR, wearables and our mobile devices all add new levels of concern to protecting our personal and corporate data. In this day-long conference, we’ll tackle the world of cybersecurity that demands we go far beyond the simple passwords and anti-virus protection of yesterday.
SANS Security East 2017 (New Orleans, Louisiana, USA, Jan 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in the "Big Easy" in January. Now is the time to improve your information security skills and laissez les bons temps rouler!
S4X17 ICS Security Conference (Miami Beach, Florida, USA, Jan 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification, machine learning, ExxonMobil project, securing IoT, industrial drones, cyber PHA, workforce development). Stage 2: Technical Deep Dives - the classic S4 sessions in gory technical detail. If you ever said you wanted more at an ICS event, this is where you get it. Sponsor Stage - the sessions on this stage alone rival what you would see at most other ICS security events. They are the same speakers you might see at other events, but they up their game for the advanced S4 crowd. Social Events - We all attend conferences as much to establish and renew relationships with our peers as to see the sessions. The people you want to meet and know in ICS cybersecurity are all at S4.
Suits and Spooks DC 2017 (Arlington, Virginia, USA, Jan 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean the Atomic bomb that he helped create as a scientist with the Manhattan Project. He was referring to his revolutionary work in high speed computing. Over sixty years later, the computer has revolutionized every aspect of our life – from currency to medicine to warfare. Our almost total reliance upon insecure software and hardware has made the world less safe, and has fundamentally changed the power equations between State and Non-State actors. Suits and Spooks 2017 will focus on identifying the world’s most valuable new technologies, who the threat actors are that are looking to acquire them, and what can be done to stop them.
Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, Jan 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations. For Chief Security Information Officers, Chief Information Officers, and Chief Risk Officers, by invitation only (apply to attend).
Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, Jan 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats to critical infrastructures. This summit will focus on two sectors that are among those at greatest risk, the energy and manufacturing sectors. Highlighting emerging technologies and policy initiatives, this event will foster the development of high impact strategies to address the many interrelated cybersecurity challenges we face in the protection of our nation’s critical infrastructures.
ShmooCon 2017 (Washington, DC, USA, Jan 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
SANS Las Vegas 2017 (Las Vegas, Nevada, USA, Jan 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately.
BlueHat IL (Tel Aviv, Israel, Jan 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, Jan 25 - Feb 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but have no real concept of how to create and produce proper intelligence. The 2017 Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to all ranges of adversaries including some of the most sophisticated threats targeting your networks
Blockchain Protocol and Security Engineering (Stanford, California, USA, Jan 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary collaboration among practitioners and researchers in blockchain protocols, distributed systems, cryptography, computer security, and risk management.