Ukrainian power outages look like hacks. Shamoon is back. Spora ransomware in the black market. Patch Tuesday notes. Election hacking, election security, and election compromise: all your INTs are belong DNI.
The suspected attack on Ukraine's power grid around Kiev last month appears to have been confirmed. It appears to have been part of a larger campaign against a variety of sectors, and sources say the attack looks like the work of the same actors who took down electrical service around Ivano-Frankivsk in December 2015.
Famous for having wiped 30,000 Saudi Aramco computers in 2012, Shamoon returns. Palo Alto researchers say this time it comes with default credentials for Huawei's FusionCloud desktop virtualization solution. Shamoon, at least in its first go-round, was thought to have been an Iranian cyber weapon.
Emsisoft reports on Spora ransomware, being sold in darknet souks.
Microsoft patches Edge, Office, and Windows.
European governments, especially in France, Germany, and the UK, are looking to shore up election security in the face of hacking and influence operations Russia mounted against voting in other countries, especially the US. Consideration of those operations attracts new interest as the Guardian (sourced largely from Buzzfeed) reports rumors of compromise and collusion with Russia in President-elect Trump's campaign. The media treat the rumors with cautious but interested skepticism.
Embassies are tweeting a lot, and Russia's diplomatic tweets for some reason feature Pepe the frog's unedifying presence.
US DNI Clapper said yesterday that the Intelligence Community's report on Russian election hacking and influence operations was based on a mix of human intelligence, technical collection, and open sources (which is to say it was based on pretty much every kind of thing, we mean, INT).
Notes.
Today's issue includes events affecting Austria, Bulgaria, China, Estonia, European Union, France, Germany, India, Israel, Kenya,the Philippines, Russia, Singapore, Tanzania, Tunisia, Ukraine, United Kingdom, and United States.
A note to our readers: this coming Monday, January 16th, is observed in the US as Martin Luther King Jr. Day, and we'll be observing it here as well, taking a day off from publication. We'll be back as usual on Tuesday, January 17th.
In today's CyberWire podcast we hear from our partners at Lancaster University, as Awais Rashid talks about human factors in cyber security. Our guest is Limor Kessem of IBM, who goes over Big Blue's recently released ransomware study.
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Cyber Attacks, Threats, and Vulnerabilities
The Ukrainian Power Grid Was Hacked Again (Motherboard) An investigation into a power outage that left customers in Ukraine without electricity for an hour last month has concluded that the cause was indeed a cyberattack, sources tell Motherboard. This would be the second such known hack of a Ukrainian power facility following a massive December 2015 power outage affecting about 230,000 people, which was later blamed on the Russian government
Latest Ukraine Blackout Tied To 2015 Cyberattackers (Dark Reading) Broad cyberattack campaign hitting finance, energy, transportation in Ukraine were meant to disrupt but not cause major damage, researchers say
Russia engineered election hacks and meddling in Europe (USA Today) Russia's alleged use of computer hacking to interfere with the U.S. presidential election fits a pattern of similar incidents across Europe for at least a decade
It’s Not Just Pepe, The Russian Embassy Has Been Trolling on Twitter For Months (Motherboard) This week, the official Russian Embassy to the UK tweeted Pepe the Frog to British Prime Minister Theresa May, an apparent attempt to make a mockery of the UK’s relationship with both the US and Russia. Obviously not traditional procedure for such an institute, right? Fighting the good fight of national interest is fairly normal for embassies, sure, but using a politically volatile and racist meme? Less so
Could Someone Please Explain What Embassies Are Up To on Twitter? (Foreign Policy) Once, diplomacy was an art laboriously conducted in person, preferably in French. Later came missives, then cables. Throughout, it was predominantly carried out by staid men wearing dignified suits seated in palatial estates
'Enemies of free speech' behind cyber attack: NUJP (ABS-CBN News) "Enemies of press freedom and of free expression." This was how the National Union of Journalists of the Philippines on Tuesday described the perpetrators of a cyber attack that shut down the NUJP official website
Disk-wiping malware Shamoon targets virtual desktop infrastructure (CSO) The latest variant had default credentials for a Huawei desktop virtualization solution
Shamoon disk-wiping attackers can now destroy virtual desktops, too (Ars Technica) Mystery malware begins targeting a key disk-wiping defense
From Darknet with Love: Meet Spora Ransomware (Emsisoft Blog) Ransomware has been a growing threat, with new families cropping up every week. Emsisoft researchers are often involved in the discovery and analysis of new threats, and this ransomware is no different. Originally spotted on ID-Ransomware earlier today, it caught our attention due to a few unique features and the high level of professionalism in both implementation and presentation. We will not only go through the inner workings of Spora, but we will highlight its sophisticated commercial model and how you can keep yourself protected from this latest family of ransomware
Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed (KrebsOnSecurity) Tens of thousands of personal and possibly proprietary databases that were left accessible to the public online have just been wiped from the Internet, replaced with ransom notes demanding payment for the return of the files. Adding insult to injury, it appears that virtually none of the victims who have paid the ransom have gotten their files back because multiple fraudsters are now wise to the extortion attempts and are competing to replace each other’s ransom note
Hancitor/Pony/Vawtrak malspam (SANS Internet Storm Center) Until recently, I hadn't personally seen much malicious spam (malspam) using Microsoft office documents with Hancitor-based Visual Basic (VB) macros to send Pony and Vawtrak. It still happens, though. Occasionally, I'll find a report like this one from 2016-12-19, where Hancitor/Pony/Vawtrak malspam was disguised as a LogMeIn account notification, but I rarely come across an example on my own. And apparently, there's been a recent lull in Hancitor/Pony/Vawtrak malspam until yesterday
Netflix Phishing Campaign Targeted User Information, Credit Card Data (Threatpost) Researchers recently identified a phishing campaign set up to lure unsuspecting Netflix users into giving up their credentials and credit card data
Two New Edge Exploits Integrated into Sundown Exploit Kit (Threatpost) Six months of relative quiet around exploit kits recently changed when a public proof-of-concept attack disclosed by a Texas startup was integrated into the Sundown Exploit Kit
The Unpatched LSASS Remote Denial of Service (MS16-137) (Core Security) In November 8, 2016 Microsoft released a security update for Windows Authentication Methods (MS16-137) which included 3 CVEs: Virtual Secure Mode Information Disclosure Vulnerability CVE-2016-7220, Local Security Authority Subsystem Service Denial of Service Vulnerability CVE-2016-7237 Windows NTLM Elevation of Privilege Vulnerability CVE-2016-7238. Talking specifically about CVE-2016-7237, this fix was applied to "lsasrv.dll", which affected the LSASS service
CES 2017: Security experts warn of lurking threats from smart devices (Star) Hey Siri, did you tell Alexa what we talked about last night?
Someone stole $3.6M from a Miami bank; officials oblivious for 6 months (HackRead) Two senior bank officials have already resigned due to the scandal
No reason to believe cyber attack caused Singtel service outage: Yaacob (Today) The fibre broadband outage that hit Singtel customers last December was due to a technical issue that affected a SingNet server, Minister for Communications and Information Yaacob Ibrahim told Parliament on Monday (Jan 9), adding that there was no reason to believe it was a cyber attack
Tanzania: Financial Institutions At Risk of Cyber-Attacks - Report (All Africa) Financial institutions worldwide including those in the country have been implored to be extremely cautious of the growing cyber-attacks that put them at great risk this year than before
A Dark Web Child Porn Site Is Forcing Its Visitors to Learn Security Tips (Motherboard) Law enforcement are constantly hunting dark web child pornographers. Whether cops are going undercover to learn more about suspects, or deploying hacking tools to unmask them on a mass scale, each side is always trying to stay one step ahead of the other
Gallery: The top zero day Dark Web markets (Tech Republic) How zero day exploits are bought and sold
Security Patches, Mitigations, and Software Updates
Microsoft releases one of its smallest monthly security patch bundles (CSO) Patches for Edge, Office, and Windows fix three vulnerabilities
Microsoft's January 2017 Patch Tuesday Comes with 4 Security Updates (Bleeping Computer) Today, Microsoft released four security bulletins as part of its monthly security update train known as "Patch Tuesday"
Adobe Quickly Releases Zero Day Vulnerability Emergency Patch (Neurogadget) It wasn’t too long ago that Adobe released a zero-day vulnerability emergency patch, which dealt with nine vulnerabilities that could let hackers remotely control your computer
Record Number of Vulns For Adobe, Microsoft, Apple In '16, Says ZDI (Dark Reading) Advantech makes surprise debut on vulnerability list at number two, right behind Adobe
Cyber Trends
4 tips RSA Conference 2017 will teach you about cybersecurity (WTOP) You wouldn’t leave the door to your home unlocked when you go out for the day, right? No intelligent business person would. But while it might be second nature to you to check your physical locks, does your organization apply the same diligence to your digital assets?
Insiders vs. Outsiders: What's the Greater Cybersecurity Threat? (Infographic) (Digital Guardian) Our latest infographic tackles the age-old question in security: who poses the greater threat to sensitive data, insiders or outsiders?
69 Percent of Companies Have Suffered Data Loss Due to Employee Turnover (eSecurity Planet) 28 percent of organizations don't wipe corporate data from employee-owned devices when they leave, a recent survey found
How Lucrative is Confidential Data? Prime Bounty for Hackers, Top Concern for Businesses (Radware Blog) IT Professionals report securing sensitive data as the #1 challenge, even more than avoiding revenue loss or protecting reputation
How the application landscape is impacting IT organizations (Help Net Security) Accelerating cloud adoption is creating increased demand for security application services including WAF, DNSSEC, and DDoS protection, according to F5 Networks
New security concerns due to business complexities (Help Net Security) It is estimated that in 2016, more than $94 billion will be invested in security solutions, per industry analyst forecasts, yet nearly half of organizations report having had a breach – either internal or external – in the last twelve months
India Earns a “B” in Overall Cybersecurity Confidence, Ahead of US and Canada (Military Technologies) Second annual international survey finds Indian security professionals are confident, despite a global decline in assurance that cyber defenses are meeting expectations
Marketplace
Northrop gets out of commercial cyber, sheds BluVector (Washington Business Journal) Falls Church-based Northrop Grumman Corp. (NYSE: NOC) is joining a growing list of large defense companies getting out of the commercial cyber business with an announcement Monday that it is selling its division to a Philadelphia-based private equity group, LLR Partners
Yahoo’s planned name change hangs on hopes Verizon won’t back out of deal (Ars Technica) Analysis: Company's plan to shed its business still has a shadow over it
After Verizon acquires Yahoo, ‘Altaba’ will be left behind (BGR) Yahoo was hit with two major security breaches in recent years that affected well over 1 billion user accounts. The company only discovered and admitted they happened in the second half of 2016, months after Verizon announced it was looking to purchase Yahoo in a deal worth almost $5 billion. On top of that, it was revealed that Yahoo helped the US government in a massive spying operation that allowed it to search everyone’s email for specific terrorism-related content
UK spy agency-backed cyber security incubator picks first seven startups (TechCrunch) A GCHQ-backed startup incubator has opened its doors in the UK, announcing its first cohort of seven startups participating in the three month accelerator program (see below for the list of teams)
Microsoft and Qualcomm Are Backing This Israeli Security Startup Studio (Fortune) Microsoft (MSFT, -0.03%) and Qualcomm (QCOM, -0.03%) have invested an undisclosed sum in Team8, a cybersecurity startup studio founded by top veterans of Unit 8200, Israel's digital intelligence unit, often referred to as the country's National Security Agency-equivalent. Meanwhile, Citigroup (C, +0.02%) has joined its partnership program to help design new digital security startups
Could Microsoft Join Cisco In Hunt For Security Firms? (Investor's Business Daily) A pickup in takeover activity in 2017 could revive computer security software stocks, says UBS, which says potential buyers include Cisco Systems (CSCO), Check Point Software Technologies (CHKP), Fortinet (FTNT) and Palo Alto Networks (PANW), as well as cloud-computing companies, telecom firms and defense contractors
Phantom Announces $13.5 Million Series B Financing Led by Kleiner Perkins (Yahoo! Finance) Phantom, the first company to provide a community-powered security automation and orchestration platform, announced it has raised $13.5 million in Series B funding to accelerate growth in sales, marketing, and engineering. The latest round brings Phantom’s total funding to more than $23 million and is led by Kleiner Perkins. Existing investors TechOperators Venture Capital, Blackstone (BX), Foundation Capital, In-Q-Tel, Rein Capital, Zach Nelson, and John W. Thompson also participated in the round
Cylance takes fight to 'Dinosaur' security vendors (Channel Web) End-point security newcomer looks to shake up market
Thycotic Continues Record Success in 2016 (Sys-Con Media) Company ends the year with a 66 percent compound annual growth rate and adds more than 200 new customers in Q4
Facebook, Google face strict EU privacy rules that could hit ad revenues (Ars Technica) Plans to plug “void of protection” could place ad trackers on cookie diet in Europe
Ixia and K2-Inc. Collaborate to Bring IoT to Smart Appliances and Industrial Equipment (BusinessWire) K2 joins Ixia’s Xceed™ Technology Partner Program to simplify Wi-Fi development and testing
CBS taps local tech expert for cybersecurity reality series (Charlotte Business Journal) A former White House executive whose expertise is cybersecurity on the trail of a group of renegades trying to stay off the grid sounds like a Jason Bourne movie — or part of the real-life Congressional hearings on the 2016 presidential election. In this case, it’s neither. Instead, it’s the latest adventure for Charlotte tech expert Theresa Payton, tapped as the “head of intelligence” as part of a CBS reality TV series debuting this month
NeuStar considers headquarters shift after its acquisition (Washington Business Journal) The Sterling-based information services company is waiting for its $2.9 billion acquisition by private equity to be completed before making final real estate decisions
NSA’s Dukes will give ‘international flavor’ to nonprofit CIS (FedScoop) Curtis Dukes says he will work to extend the reach of the nonprofit Center for Internet Security beyond U.S. borders
RSA Names Former EMC Enterprise Content Division Leader As New President (CRN) RSA has appointed former EMC Enterprise Content Division leader, Rohit Ghai, as its new president, following the departure of Amit Yoran last month
Major Changes at Nuix as Former US Ambassador to Australia Jeffrey Bleich Joins Board and CEO Eddie Sheehy Departs (Nuix) Global technology company Nuix today announced that former US ambassador to Australia Jeffrey Bleich has joined the Nuix Board. Mr. Bleich takes-up the board position of Eddie Sheehy who has resigned as CEO and from the Nuix Board
Products, Services, and Solutions
CyberUSA is proud to announce the expansion of its cyber intelligence exchange to corporate members at no cost (CyberUSA) CyberUSA is pleased to announce the formation of an intelligence exchange for qualified member organizations. CyberUSA recognizes a national incident exchange is critical to lower the costs to defending networks and increasing the costs to adversaries. CyberUSA utilizes TruSTAR Technology’s privacy-preserving collaboration platform
DFLabs Integrates with Carbon Black for Comprehensive Cyber Incident Response Automation and Orchestration (PRWeb) Advanced visibility into cyber breaches and incidents speeds investigation, prioritization and response in one single orchestration report while improving the management of threats
Denim Group Announces Enhanced ThreadFix Platform (Yahoo! Finance) Denim Group, a leading independent application security firm, today announced the latest version of ThreadFix, the company’s application vulnerability resolution platform for application developers and security professionals. ThreadFix, a proven solution that provides unmatched, centralized vulnerability management and collaboration support across development and security teams, makes it straightforward to identify the most critical application vulnerabilities and systematically address them
CRN Exclusive: Fortinet Launches New FortiOS, Security Operations Solution (CRN) Fortinet is building on its Security Fabric vision, announcing the launch of a new FortiOS and security operations solution on Tuesday at its Accelerate 2017 conference in Las Vegas
Darktrace Automates Network Security Through Machine Learning (Linux[.]com) Darktrace co-founder Poppy Gustafsson recently predicted, at TechCrunch Disrupt London, that malicious actors will increasingly use artificial intelligence to create more sophisticated spearphishing attacks
Qualcomm and Verizon team up for new IoT modules (Business Insider) Verizon announced a partnership with Qualcomm to introduce ThingSpace-ready modules for deployment using the chip designer’s CAT-M1 LTE Modem, according to a press release from Qualcomm
SyferLock Announces Multi-Factor Authentication Integration with OneLogin (PRWeb) SyferLock Technology Corporation (http://www.SyferLock.com) today announced an integration between SyferLock’s GridGuard™ multi-factor authentication and OneLogin’s single sign-on (SSO) and cloud identity and access management (“IAM”) platform
Morphisec’s Moving Target Defense technology keeps hackers guessing (Bankless Times) Those of us of a certain vintage will remember a famous beauty products commercial with the tagline “keep them guessing”
With New Embedded “Extrovert” Modem, Logic Supply Fills Market Demand for Pre-certified 4G LTE Connectivity for Industrial PCs (BusinessWire) Pre-certified, out-of-the-box solution overcomes expense, time, and expertise barriers to carrier connectivity
Bitdefender to Showcase Revolutionary Security Framework for Virtualized Environments at Citrix Summit 2017 (Yahoo! Finance) Bitdefender, a leading internet security technology company protecting 500 million users worldwide, will showcase its revolutionary security architecture against targeted attacks, at the Citrix Summit 2017 in Anaheim, California, on Jan 9-11, 2017
Avast: AVG Launches Powerful New Security and Tune-up Products for 2017 (BusinessWire) Latest Avast & AVG technologies combine to power flagship security and tune-up products to tackle ransomware, hackers and data thieves, while keeping PCs fast and clean
Seven New Security IoT Products Technologies that Debuted at CES 2017 (eWeek) The internet of things was a big topic on multiple fronts at the Consumer Electronics Show including how to make it more secure. Multiple products designed to help protect users at home and at work were introduced at the show
New York City Law Department Chooses Logikcull, Punctuating Government-Wide Embrace of Legal Intelligence for Litigation and Open Records Response (BusinessWire) Joining a wave of government law departments embracing the legal cloud as the challenges associated with litigation and open records response have grown more acute, New York City has selected Logikcull.com as a preferred provider to help it meet the growing demands of e-discovery and freedom of information
Kenyan IT firm signs partnership with Indian multinational to train employees (Business Daily Africa) Local business consulting and IT services firm Serianu has partnered with an Indian multinational to help improve its outsourced network security services
Wa!, the multi-service mobile wallet from BNP Paribas, is secured by Gemalto (Yahoo! Finance) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, is supplying BNP Paribas, a leading European bank, with Mobile Protector, a highly secure solution to protect Wa!, an innovative multi-brand, omni-channel mobile wallet that combines payments, shopping coupons and loyalty programs. Gemalto’s Mobile Protector encompasses an SDK (Software Development Kit), and both a customer enrollment and an authentication server. The solution delivers comprehensive security for all mobile payments made using Wa!. The bank is currently piloting Wa! in France with Carrefour, the world’s second biggest retailer with 12,300 stores across 35 countries
Technologies, Techniques, and Standards
NIST Releases Update to Cybersecurity Framework (NIST) The National Institute of Standards and Technology (NIST) has issued a draft update to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework. Providing new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity, the updated framework aims to further develop NIST’s voluntary guidance to organizations on reducing cybersecurity risks
Addressing the challenges of vulnerability coordination (Help Net Security) The FIRST Vulnerability Coordination Special Interest Group (SIG) made available for public comment through January 31, 2017 the draft Guidelines and Practices for Multi-party Vulnerability Coordination
Considerations for Adding FIDO U2F to Your Security Protocol (eSecurity Planet) If you're considering using the FIDO U2F protocol, here's what you need to know
Art of Anti Detection 2 – PE Backdoor Manufacturing (Pentest Blog) This paper will explain several methods used for placing backdoors in PE(Portable Executable) files for red team purposes, in order to fully grasp the content of this paper, readers needs to have at least intermediate x86 assembly knowledge, familiarity with debuggers and decent understanding of PE file format
Password Expiry Ineffective, Says Cyber Expert (Acumin) Employing automatic password expiry for security purposes is no longer effective and can lead to increased costs, reduced production and vulnerable accounts, says the National Cyber Security Centre
'Molecular' Cybersecurity Vs. Information Cybersecurity (Dark Reading) When it comes to industrial processes, security begins at the molecular level
'Zero Trust': The Way Forward in Cybersecurity (Dark Reading) This approach to network design can cut the chance of a breach
Design and Innovation
IBM Watson, FDA to explore blockchain for secure patient data exchange (CSO) The initial focus for blockchain will be oncology-related data exchange
Amazon AI will be in Fords and Volkswagens this month, with the help of a startup (Snap Munk) Amazon will grab a new startup for security as Alexa arrives in the newest Ford and Volkswagen cars
Legislation, Policy, and Regulation
Wary of Russian Cyber Threat, France Plans to Bolster its Army of ‘Digital Soldiers’ (Foreign Policy) Bracing for the new cyber front in warfare, French Defense Minister Jean Yves Le Drian said France is ramping up its defenses and doubling its ranks of “digital soldiers.” In a nod to Russia’s meddling in the U.S. elections, he also acknowledged France’s infrastructure, media, and democracy are vulnerable to cyber incursions
UK to review its cybersecurity after US election hacks (C|Net) Two days after US intelligence agencies detail how Russian hacks interfered with the 2016 election, the UK announces an inquiry into its own online security
Russia and China Are Making their Information Security Case (Cyber DB) In December 2016, Russian President Vladimir Putin approved a new information security doctrine, which updates the older 2000 version. The doctrine, a system of official views on the insurance of the national security of the country in the information sphere, regards the main threats to Russia’s security and national interest from foreign information making its way into the country, and sets priorities for countering them
The Secret Source of Putin's Evil (Vanity Fair) It’s not the K.G.B., or the Cold War. It’s decidedly more Pushkin-esque, or Peter the Great, than that
Stealing Elections Is All in the Game (Foreign Policy) Moscow didn’t do anything in America’s last election that Washington hasn’t done elsewhere in the world
Contrarian Thoughts on Russia and the Presidential Election (Lawfare) “We assess Moscow will apply lessons learned from its campaign aimed at the U.S. presidential election to future influence efforts in the United States,” says the U.S. intelligence community in the most important sentence in its dismayingly evidence-free report on Russian activities in the presidential election. But how is the United States going to check these future influence efforts?
The Real Russian Hacking Story: A Nation Underdefended From Cyberattack (Forbes) One of the most remarkable aspects of the breathless headlines over the last few months about Russian hackers targeting the US is that so much of it has centered on whether said hackers could have influenced the US presidential election and whether their intent was merely to sow distrust in the electoral system or whether they were focused on trying to get Donald Trump elected. This has been fed by similarly breathless statements from various US officials arguing that trust in our democratic way of life has been undermined or that the legitimacy of Trump’s presidency has been eroded. Yet, missing from all of this is the far more important story of just how the Russians could have managed to do all of this against the very nation that brought the modern Internet to life?
Trump Refuses to Budge as Russian Hacking Charges Mount (MarketWatch) Over the last year, U.S intelligence officials have accused Russia and its leader Vladimir Putin of cyber attacks in support of Donald Trump’s presidential campaign. Mr. Trump has pushed back hard in a story that continues to play out
Trump’s Cyber-Appeasement Policy Might Encourage More Hacks (Atlantic) Casting doubt on security experts’ ability to identify the culprits behind cyberattacks could make it hard to deter the next one
Here’s Why Trump’s Intel Bashing Matters (Defense One) The president-elect’s denigration of the Russian hacking findings will make it harder to make a case against other U.S. adversaries, former officials say
Cybersecurity pros to Trump: Critical infrastructure very vulnerable to cyber attack (Network World) The Trump administration should enlist the help of true cybersecurity professionals, rather than political insiders, to put an effective national plan together
Maine’s senator renews push for cyber-attack protection (Washington Times) A pair of senators including Maine’s Sen. Angus King is renewing its efforts to get protections for the country’s energy infrastructure against cyber-attacks
Cyber threat grows exponentially, says outgoing official (FCW) The cyber threat -- the number of attacks, the number of hackers and actors, the variety of attacks -- has evolved and grown exponentially says a key White House counterterrorism and cybersecurity advisor
Ethics Rules Are National Security Rules (Lawfare) The President-elect has failed to divest from his business holdings, refused to release his tax returns, and insisted that a federal anti-nepotism law won’t bar his children—who themselves retain private business interests—from serving in his White House. Days before scheduled confirmation hearings, the majority of his nominees have failed to complete statutorily-mandated ethics review
U.S. Cyber Policy Makes Americans Vulnerable to Our Own Government (Time) 'The government wants to leave holes in our security so it can walk through them later'
European Commission proposes "high level" GDPR data tracking rules - WhatsApp, Facebook, Skype to be affected (Computing) Protection for users to restrict advertising potential for email and messaging services
China is still deciding whether to allow Pokemon Go (Business Insider) Nintendo's hit smartphone app, Pokemon Go, and other augmented reality games are unlikely to be rolled out in China any time soon, after the state censor said it would not license them until potential security risks had been evaluated
Litigation, Investigation, and Law Enforcement
'Terror No Longer Has a Nationality' (Spiegel Online) The suspect in the December terror attack in Berlin, which killed 12, came from Tunisia. SPIEGEL spoke to the country's prime minister, Youssef Chahed, 41, about terrorism in his country and the problems facing its fragile democracy
Report on Russian hacking relied on human sources, technical collection: U.S. spy chief (Reuters) Director of National Intelligence James Clapper said on Tuesday the U.S. intelligence community's report concluding that Russia orchestrated hacks during the 2016 presidential campaign was based on a mix of human sources, collection of technical data and open-source information
Trump's pick for Homeland Security backs U.S. intelligence on Russian hacking (Daily Dot) Retired Marine Corps General John Kelly on Tuesday said he backed the findings of a declassified report on Russia's hacking of the presidential election released last week by the intelligence community
Intelligence chiefs briefed Trump and Obama on unconfirmed claims Russia has compromising information on president-elect (Washington Post) A classified report delivered to President Obama and President-elect Donald Trump last week included a section summarizing allegations that Russian intelligence services have compromising material and information on Trump’s personal life and finances, U.S. officials said
John McCain passes FBI dossier alleging secret Trump-Russia contacts (Guardian) Russian intelligence alleged to have compromising material on Trump. ‘Unverified and potentially unverifiable’ reports published by BuzzFeed
Report: Surveillance Court Pushed Back Against Spying on Trump (Motherboard) Tuesday night, The Guardian reported a shocking story alleging that the FBI asked the US Foreign Intelligence Surveillance Court for permission to spy on four members of Donald Trump’s political team who were suspected of having suspicious contact with Russian government officials
Trump allegedly backed compromise of DNC emails, say leaked docs (CSO) The unverified documents are said to have been provided to the FBI, which is investigating their 'credibility and accuracy'
Trump blasts reports of Russian efforts to compromise him as 'fake news' (Politico) President-elect Donald Trump on Tuesday lashed out at multiple reports that intelligence officials last week presented to him allegations that Russia had compromising information about him, dismissing the articles as “fake news” peddled by his political opponents
How Spy Agency Vets Read That Bombshell Trump Report: With Caution (Wired) In the hours since a private firm’s intelligence document leaked to the web, alleging 35 pages of President-elect Donald Trump’s dirty laundry—complete with corrupt ties to Russian officials, blackmail, and bodily fluids—Twitter, Facebook, and cable news have become a feeding frenzy. Taken on its face, the report contains potentially devastating revelations. But former intelligence agents see it differently: To borrow the phrase often applied to Trump himself, they’re taking it seriously, not literally
Comey won't say if FBI is investigating contacts between Moscow, Trump campaign (Politico) FBI Director James Comey declined Tuesday to say whether there was contact between the Trump campaign and the Russian government during the presidential race, or whether the FBI was investigating the issue
Russia Hacked ‘Older’ Republican Emails, FBI Director Says (Wired) Since hackers stole emails from the Democratic National Committee and dispersed them across the internet last summer, the world has waited for a parallel leak of Republican secrets. Now on the other side of the election, that second reveal still hasn’t materialized. But FBI director James Comey has now told Congress new details of the Republican prong of those political intrusions, which US intelligence now believe were carried out by the Russian government: The attackers penetrated GOP organizations, and also stole Republican National Committee emails, albeit ones less current than those stolen from the DNC
Russia Says It Has No Compromising Material on Trump (Wall Street Journal) U.S. intelligence agencies and the FBI have spent months trying to substantiate explosive claims
Is Julian Assange becoming a folk hero for Trump supporters? (Christian Science Monitor Passcode) As WikiLeaks founder Julian Assange casts doubt on US claims about Russian hacking, many conservatives have warmed up to the antisecrecy site that Republicans once criticized
VW exec arrested during Miami vacation over emissions scandal (Ars Technica) E-mail showed Oliver Schmidt discussing whether VW should be "honest" or not
This jailed sailor blames Hillary Clinton for his sentence — and wants Trump to set him free (Navy times) A former sailor serving time behind bars for mishandling classified information is seeking a presidential pardon from Donald Trump, citing comparatively lenient treatment of former Secretary of State Hillary Clinton for her private email
Backpage shutters adult section amid government censorship claims (Ars Technica) The news harkens back to a similar move by Craigslist a decade ago
Pantaurus alleges CHR cryptographic module infringes patent (Florida Record) A Texas business alleges a Pennsylvania company has been using its patented technology in an unauthorized manner
Finjan Sues Cisco for Patent Infringement (Marketwired via Yahoo! Finance) Finjan Holdings, Inc. ( NASDAQ : FNJN ), a cybersecurity company, today announced that its subsidiary Finjan, Inc. ("Finjan") has filed a patent infringement lawsuit against Cisco Systems, Inc., a California Corporation, in the Northern District of California alleging infringement of five Finjan U.S. patents
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, Oct 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.
Upcoming Events
SANS Security East 2017 (New Orleans, Louisiana, USA, Jan 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in the "Big Easy" in January. Now is the time to improve your information security skills and laissez les bons temps rouler!
S4X17 ICS Security Conference (Miami Beach, Florida, USA, Jan 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification, machine learning, ExxonMobil project, securing IoT, industrial drones, cyber PHA, workforce development). Stage 2: Technical Deep Dives - the classic S4 sessions in gory technical detail. If you ever said you wanted more at an ICS event, this is where you get it. Sponsor Stage - the sessions on this stage alone rival what you would see at most other ICS security events. They are the same speakers you might see at other events, but they up their game for the advanced S4 crowd. Social Events - We all attend conferences as much to establish and renew relationships with our peers as to see the sessions. The people you want to meet and know in ICS cybersecurity are all at S4.
Suits and Spooks DC 2017 (Arlington, Virginia, USA, Jan 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean the Atomic bomb that he helped create as a scientist with the Manhattan Project. He was referring to his revolutionary work in high speed computing. Over sixty years later, the computer has revolutionized every aspect of our life – from currency to medicine to warfare. Our almost total reliance upon insecure software and hardware has made the world less safe, and has fundamentally changed the power equations between State and Non-State actors. Suits and Spooks 2017 will focus on identifying the world’s most valuable new technologies, who the threat actors are that are looking to acquire them, and what can be done to stop them.
Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, Jan 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations. For Chief Security Information Officers, Chief Information Officers, and Chief Risk Officers, by invitation only (apply to attend).
Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, Jan 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats to critical infrastructures. This summit will focus on two sectors that are among those at greatest risk, the energy and manufacturing sectors. Highlighting emerging technologies and policy initiatives, this event will foster the development of high impact strategies to address the many interrelated cybersecurity challenges we face in the protection of our nation’s critical infrastructures.
ShmooCon 2017 (Washington, DC, USA, Jan 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
SANS Las Vegas 2017 (Las Vegas, Nevada, USA, Jan 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately.
BlueHat IL (Tel Aviv, Israel, Jan 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, Jan 25 - Feb 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but have no real concept of how to create and produce proper intelligence. The 2017 Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to all ranges of adversaries including some of the most sophisticated threats targeting your networks
Blockchain Protocol and Security Engineering (Stanford, California, USA, Jan 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary collaboration among practitioners and researchers in blockchain protocols, distributed systems, cryptography, computer security, and risk management.
National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, Jan 31 - Feb 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global credit union community! Protecting the Credit Union’s global infrastructure to sustain cyber resilience requires an unprecedented level of public- and private-sector cooperation, collaboration and coordination and includes access to the real-time availability of proactive “actionable” threat intelligence; analysis of potential impacts; coordinated countermeasure solutions and response; cybersecurity best practice adoption and role-based workforce education.