Ukraine confirms December grid hack. Influence operations. EyePyramid used against high-profile Italian targets. Criminal use of bots. Peace sign hack vs. biometric authentication. Industry notes.
Ukrainian officials confirm that December's power outages were caused by a cyberattack.
The Ukrainian government, Politico also reports, is quietly trying to mend fences with the incoming US Administration after evidently having conducted some quiet, minor influence operations of its own on behalf of the President-elect's opponent. In any case, observers are busy telling as surprising many unsurprising stories of influence operations over the years. President-elect Trump has also said he now thinks the Russians hacked the DNC.
The strange arrest of two Italian citizens—a brother and sister—for hacking high-profile Italian figures (and at least one high-profile Cardinal in the Vatican) draws attention to EyePyramid malware. Trend Micro describes this as a data exfiltration package delivered as a malicious email attachment. In this case EyePyramid was used to siphon more than 87 gigabytes of data, "including usernames, passwords, browsing data, and filesystem content." The hackers' motives are unclear: they appear political, but Italian police think they were financial.
Hamas is using catphish as honeytraps to install spyware on Israeli soldiers' smartphones. The IDF thinks the damage minimal, but with the troops one never knows—one thing does lead to another, sir.
Criminals are turning to botnets for increasingly creative schemes.
The peace sign hack may be joining the Gummibear hack as a way stealing fingerprints for biometric registration, according to Japan's National Institute for Informatics. It's a lot quicker and a lot less sticky.
In industry news, Arxan buys Apperian; Infocyte wins $3.4 million in Series A funding.
Notes.
Today's issue includes events affecting Brazil, China, European Union, France, Germany, Holy See, Israel, Italy, Philippines, Russia, South Africa, Thailand, Ukraine, United Arab Emirates, United Kingdom, and United States.
A note to our readers: this coming Monday, January 16th, is observed in the US as Martin Luther King Jr. Day, and we'll be observing it here as well, taking a day off from publication. We'll be back as usual on Tuesday, January 17th.
In today's CyberWire podcast we hear from our partners at Ben-Gurion University of the Negev, as Yisroel Mirsky talks about databases of exploits and vulnerabilities.
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Cyber Attacks, Threats, and Vulnerabilities
Ukraine power cut 'was cyber-attack' (BBC) A power cut that hit part of the Ukrainian capital, Kiev, in December has been judged a cyber-attack by researchers investigating the incident
Ukraine Power Outage Confirmed as Cyber Attack (Infosecurity Magazine) Ukrainian investigators have confirmed that last month’s power outage in the country was the result of a cyberattack by the same group that struck in December 2015, claiming they may be practising for major attacks elsewhere
Ukrainian efforts to sabotage Trump backfire (Politico) Kiev officials are scrambling to make amends with the president-elect after quietly working to boost Clinton
How Cyber Propaganda Influenced Politics in 2016 (TrendLabs Security Intelligence Blog) Throughout history, politically motivated threat actors have been interested in changing the public opinion to reach their goals. In recent years the popularity of the Internet gave these threat actors new tools. Not only do they make use of social media to spin the news, spread rumors and fake news, but they also actively hack into political organizations
Lighting the Path: the Evolution of the Islamic State Media Enterprise (2003-2016) (International Center for Counter-Terrorism) The media products of the revolutionary movement known as the Islamic State (also ISIL, ISIS, Daesh) have received a significant amount of attention from analysts and journalists alike
Russia, China -- and the US -- are biggest geopolitical cybersecurity threats (CSO) Russia and China have the more advanced cyber capabilities, but the US and its allies also pose global security concerns
This Is How Russian Spies Could 'Crack' Telegram (Motherboard) A 35-page leaked report on President-elect Donald Trump makes a series of explosive—and mostly unverified—claims, including the fact that the Russian government can blackmail the former reality TV-star with compromising and embarrassing information
ShadowBrokers Selling Windows Exploits, Attack Tools (Threatpost) The latest Shadowbrokers dump of alleged NSA tools—a cache of Windows exploits—surfaced over the weekend. And for the first time since these unannounced releases started last summer, analysts don’t have the luxury of a free set of files to dig in to
Hacker siblings arrested for targeting Italian elite – infecting 20k emails (HackRead) The duo also targeted former Italian Prime Minister Matteo Renzi
The Eye of the Storm: A Look at EyePyramid, the Malware Supposedly Used in High-Profile Hacks in Italy (TrendLabs Security Intelligence Blog) Two Italian citizens were arrested last Tuesday by Italian authorities (in cooperation with the FBI) for exfiltrating sensitive data from high-profile Italian targets. Private and public Italian citizens, including those holding key positions in the state, were the subject of a spear-phishing campaign that reportedly served a malware, codenamed EyePyramid, as a malicious attachment. This malware was used to successfully exfiltrate over 87 gigabytes worth of data including usernames, passwords, browsing data, and filesystem content
Honeytraps used to infect Israeli soldiers' smartphones with spyware (Graham Cluley) Attention!
Anonymous hacks Thai Gov’t job portal; leaks a trove of data (HackRead) The cyber attack is part of Operation OpSingleGateway
Brazilian Gov’t Twitter account mistakenly posts social media passwords (HackRead) These passwords were published in a Google Drive link along with a Tweet
Peace Sign Pics Could Give Hackers Your Fingerprints (Infosecurity Magazine) Researchers at Japan’s National Institute of Informatics have claimed they can accurately copy fingerprints from digital photographs, raising fears that the security of biometric authentication systems could be undermined
Alice: A Lightweight, Compact, No-Nonsense ATM Malware (TrendLabs Security Intelligence Blog) Trend Micro has discovered a new family of ATM malware called Alice, which is the most stripped down ATM malware family we have ever encountered. Unlike other ATM malware families, Alice cannot be controlled via the numeric pad of ATMs; neither does it have information stealing features. It is meant solely to empty the safe of ATMs. We detect this new malware family as BKDR_ALICE.A
Hack Exposes Reams of Private Jabber Chats (Motherboard) Often when a website or service is hacked, it's only usernames or passwords that are exposed. But in one case, hackers made off with months worth of private messages between users of an instant messaging service
Two Aggresive Campaigns Detected Pushing Google Ads to Unsuspecting Users (Bleeping Computer) Over the past weeks, security researchers from Sucuri and Malwarebytes have discovered two campaigns that abuse hacked and fake websites to push Google ads and trick users into clicking these advertisments, for the crooks profits
Professionally designed ransomware Spora might be the next big thing (CSO) The new ransomware program features strong offline decryption and a new payment scheme
South African bank tells its tale of battling ransom attacks (CSO) Since November 2015, the First National Bank of South Africa has fought off groups looking for money
Ransomware Rising On The Plant Floor (Dark Reading) Cybercriminals are successfully reaching ICS/SCADA networks with their ransomware, including energy firms and manufacturing plants
Beware phishing scams in Amazon listings (Naked Security) Be careful what you click: There’s a new phishing scam hitting Amazon listings that look like legitimate deals, offering great prices on “used – like new” electronics
Android Marcher now posing as Super Mario Run (Zscaler) Attackers seek to use the game's popularity to spread malware
Russian Cyber Crime Group Steals $5 Million Per Day via Bot (Read IT Quick) A Russian cyber criminal group has been stealing up to $5 million per day from US-based companies, since the past few months. The hack, revealed by a company called White Ops, is being carried out with a botnet, which siphons off advertisement earnings by posing as a fake publishing company. This is one of the largest hacks in today’s times, amounting to aggregate losses between $3 million to $ 5 million per day. The hack was first noticed by the company in September 2015
What If Deep Learning Was Given Command Of A Botnet? (Forbes) Not a day goes by without some fascinating new advance in deep learning, yet most of the conversation around deep learning in the cybersecurity realm has focused on its defensive capabilities, using AI algorithms to hunt through network and server logs to ferret out anomalous activity. This raises the fascinating question of what deep learning might be capable of as an offensive weapon of cyberwarfare
Free public Wi-Fi a bane for cybersecurity: security firm (ABS-CBN News) Among the biggest security risks for computer and mobile users is free Wi-Fi and people's lack of a cybersecurity solution, said a cybersecurity firm
The Dumb ‘Smart’ Gear That Someone’s Gonna Hack in 2017 (Wired) Another year, another menagerie of devices that inexplicably connect to the internet. And while you can debate the usefulness of putting Wi-Fi in every last appliance in your home, it undoubtedly gives hackers more easy targets
Security Patches, Mitigations, and Software Updates
Buggy Domain Validation Forces GoDaddy to Revoke Certs (Threatpost) GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process
Adobe, Microsoft Push Critical Security Fixes (KrebsOnSecurity) Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software
SAP Security Notes January 2017: Continued Security Focus on SAP for Defense (Onapsis) So, 2017 begins... and the first Patch Day has arrived. Today, SAP published its first Security Notes post of the year, making a total of 24 notes (21 published today) since the last Security Notes Tuesday in December. The amount of security corrections for each month starts consistent with last year (keeping the average of 25 SAP Security Notes per month). Today SAP published, for the second month in a row, SAP Security Notes for SAP ERP Defense Forces and Public Security. Along with our Research Labs analysis, SAP is working on several security improvements for these solutions that are used by many large organizations around the world
Second Try at Windows LSASS Patch Addresses Vulnerability (Threatpost) Microsoft’s second try at patching a vulnerability in a critical Windows process apparently is more successful than its first attempt
Microsoft fixes botched patch (Enterprise Times) Microsoft has brought forward a replacement patch for CVE-2016-7237. The details were released by Nicolas Economou from Core Security. The replacement patch was due for release on February 14. However, after Core Exploit issued an embargoed blog about the issue to press, Microsoft told them they would bring the patch release forward. It is now live as part of yesterday’s Patch Tuesday release
Cardiac Implant Flaw Patched, But Holes Remain (Dark Reading) A new chapter opens in the controversy surrounding security vulnerabilities disclosed in St. Jude Medical's cardiac implant devices
Cyber Trends
Threat researcher sees no end to ransomware’s growth (Silicon Angle) Intel Corp.’s McAfee Labs raised some eyebrows in the security community in November with its prediction that “the volume and effectiveness of ransomware attacks will go down in the second half of 2017.” The security firm based its prediction on improvements in preventive technology, better industry coordination, education and stepped-up law enforcement pressure for its optimism. But Allan Liska doesn’t agree
Businesses Bracing for Year of Uncertainty, According to Allianz Risk Barometer 2017 (BusinessWire) Businesses increasingly fear impact of non-physical damages, market uncertainties and political perils. Companies greatly fear the impact of rising protectionism and other potential shocks to markets. Business interruption continues to lead risk rankings as new non-physical damage triggers emerge. Cyber risk concerns rise to #2 in the US and Europe, globally top 3; driven by impact of indirect attacks, regulatory threats and technical and employee error in digitalized production environment
IT Decision Makers Reveal Two-Factor Authentication Dislike and Rise in Adaptive Authentication Adoption, Says SecureAuth Survey (Yahoo!) SecureAuth® Corporation, the leader in adaptive access control, today announced the results of a survey that reveals challenges associated with two-factor authentication (2FA). Commissioned in conjunction with Amplitude Research, the responses surveyed 300 IT decision makers and cybersecurity professionals on industry perspectives and concerns with 2FA
Cloud Report (Netskope) Half of all users of a sanctioned cloud storage service have a personal instance of the same service
Cyber Security Worries Driven by Naïve Staff, Says Report (Acumin) In spite of the view that hackers remain the biggest cyber threat to organisations, insiders, including naïve or careless staff, are now considered to pose just as great a threat, says a new study from firewall provider Preempt, conducted by Dimensional Research
Study: The Office of 2017 Will Use Biometrics - But Not Business Cards or Fax Machines (PRNewswire) Only 18% of adults have used business cards in the last three months; Experts say that biometrics will replace passwords to protect sensitive information in the workplace
74 Percent of Organizations Using Two-Factor Authentication Face User Complaints (eSecurity Planet) Nine percent of organizations using two-factor authentication say their users simply 'hate it,' a recent survey found
Marketplace
Trump's rift with intelligence community is spooking US spy agency contractors (CNBC) The changing political landscape in Washington and friction between President-elect Donald Trump and the U.S. intelligence community could have major implications not only for the spy agencies but for the shadow private contractors such as Booz Allen Hamilton that support them
Yahoo is no more, its Altaba after Verizon takeover (Inferse) The once familiar name, Yahoo will cease to exist anymore as Verizon begins the acquisition process of the company
Apperian Just Got Acquired — Say Hello to Its New Leader (BostInno) The startup's investors included Kleiner Perkins Caufield & Byers and Intel Capital
Infocyte Secures $3.4M Series A Funding To Make Threat Hunting A Standard Enterprise Practice (IS Buzz News) Innovative, automated threat hunting solution enables enterprise security and IT pros to easily detect hidden malware and threats
DarkMatter Becomes Associate Member of the Leading Mobile Operator Group, GSMA (PRNewswire) Membership will allow DarkMatter to interact with more than 800 telecom operators globally, as it develops end-to-end secure communications offerings
GlobalSign opens regional office in Dubai (Trade Arabia) GMO GlobalSign KK, a leading provider of trusted identity and security solutions and one of the longest established certificate authorities in the world, has announced the inauguration of its new office in Dubai
Products, Services, and Solutions
LightCyber Listed as a Representative Vendor in Two Recent Gartner Market Guide Reports (BusinessWire) Magna Platform uniquely integrates network, user and endpoint visibility to accurately detect active network attacks using novel machine learning techniques
Kaymera Launches Fully-secured Version of Google Pixel Phone (Yahoo! Finance) Kaymera Technologies Ltd, the leader in mobile security for enterprises and Government organizations, has today announced the launch of the Kaymera Secured Pixel, a unique fully-hardened and secured version of Google’s flagship smartphone
Versasec Unveils vSEC:CMS S-Series Version 4.7 (Versasec) Smart card management leader updates identity and access management solution with faster server-based searches, new templates, push notifications and more
Optiv Security Announces New Cyber Threat Intelligence-as-a-Service to Help Organizations Build Advanced “Beyond-the-Perimeter” Capability (BusinessWire) Technology-enabled service allows Optiv clients to develop proactive security models, better define cyber risk and rapidly mitigate threats
Ovum Reports Zentera Systems Uniquely Addresses Multicloud Security and Management Challenges (IT Business Net) Latest research reveals Zentera CoIP to drive company growth due to overlay network enabling secure movement of workloads across multiple clouds
Keeper Security Establishes European Secure Cloud Data Center (IT Business Net) Keeper's customers' passwords and digital assets securely hosted in the European Union
Cryptzone Transforms Network Security with New AppGate Release (IT Business Net) Cryptzone, the Software-Defined Perimeter company, today announced the newest version of AppGate, which enables organizations to easily deploy a Software-Defined Perimeter (SDP) for granular access control. The release of AppGate 3.0 furthers Cryptzone's vision for transformational network security where all network services adopt an identity-centric security model
How to protect your online conversations with Signal's end-to-end encryption (Macworld) In a world of snoopers, end-to-end encryption is the only sensible path to take
4 ways man and machine are teaming up to fight cyberthreats (The Next Web) With the use of data-centric business models and big data services on the rise, it is becoming increasingly harder to detect threats and data breaches
Huawei and AlgoSec to deliver integrated security policy management to drive network agility (Your Industry News) Huawei announced a partnership with AlgoSec, the market leader for business-driven security policy management. Through this partnership, Huawei security integrates its full range of firewall-related solutions with AlgoSec’s security policy management solution to enable joint customers to streamline and automate security management operations, enhance visibility and improve security, compliance and business agility
Technologies, Techniques, and Standards
GlobalPlatform enables the Web to access Advanced Security Services (Global Platform) Organization standardizes the interface between web applications and secure elements, enabling secure storage and processing for online services
CTO Insights: The General Data Protection Regulation (GDPR) Is Coming, What Now? (TrendLabs Security Intelligence Blog) Based on the incidents we saw in 2016, I recommend that organizations enter 2017 with caution. From the growth of Business Email Compromise (BEC) attacks to cybercriminals using more effective ways to exploit Internet of Things (IoT) devices, these security issues should serve as a reminder for businesses and individuals to be more vigilant
Advancing Infosecurity Standards Through Consensus (Infosecurity Magazine) More than 40 million Target shoppers were caught off guard when their credit card accounts were hacked in 2014, but it came as no surprise for many security researchers, who had been predicting an authentication attack for more than a decade. The incident prompted Americans to join the rest of the world and start the (sometimes rocky) transition to EMV chip cards
What Reaction To The Russian Hacking Report Teaches Us About Data Science (Forbes) From a data science standpoint, one of the most fascinating criticisms of the US Government report on Russian hacking of the US presidential election is that for all its hyperbolic claims, the actual hard detailed evidence presented in the report is relatively weak and the evidence it does present ends up hurting the report’s conclusions more than supporting them
Russian Hackers, Elections, and Data-Driven Analytics (Hackernoon) Two days before New Years, something interesting happened in the world of cyber security
The rewards of advanced agile and DevOps adoption (Help Net Security) In today’s fiercely competitive environment for customer satisfaction and brand loyalty, agile and DevOps are driving happier customers and employees. Results from a new CA Technologies global study reveal that advanced users of agile or DevOps realized significant increases of up to 52 percent in customer satisfaction and up to 50 percent in employee productivity
On the banality of attacks and on mindful engineering (Medium) Over the years of my experience assisting journalists and dissidents with matters of computer security, and researching the nature of the threats they face, I learned that those who don’t have access to security solutions and do not operate in a managed environment, are often not best served by the consumer technology they are normally provided with
Credit Freeze: The New Normal In Data Breach Protection? (Dark Reading) In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed
How to Encourage Employees to Not Only Practice, but Actually Promote Cybersecurity Awareness (Infosecurity Magazine) It’s a curious reality that, although employees are swiftly punished for violating information security policy, such an extreme lack of interest in providing those employees with adequate cybersecurity awareness training exists amongst organizations
Design and Innovation
Why the age of connected cars presents a 'very real threat' in cybersecurity (Tech Republic) At NAIAS 2017, experts in data management and cybersecurity discussed the risks that come with the 'internet of cars.' Here's what you should know
Marines study sci-fi to plan for future battlefield needs (C4ISRNET) The Marine Corps is turning to science fiction and short stories to help forecast future operating concepts in an increasingly complex world
Academia
Meet the man responsible for teaching some of the NSA’s best young hackers (CyberScoop) The National Security Agency is an enormous organization by nearly any corporate standard, with more than 35,000 employees. Former Deputy Director Chris Inglis once joked that the spy agency is “the biggest employer of introverts.” More frequently though, the NSA refers to itself as the largest employer of mathematicians. In recent years, while the U.S. has continuously confronted new threats in cyberspace, the agency has increasingly become a training ground for young, talented, highly educated computer security professionals
Legislation, Policy, and Regulation
Why State-Run Cures Against Hackers may be Worse than the Disease (South China Morning Post) Strong surveillance laws and plans for government-run clouds could provide some protection for businesses, but not without a price paid in lack of privacy
Understanding concerns about Trump's relationship with Putin, intelligence agencies (Duke Chronicle) President-elect Donald Trump is at odds with several intelligence agencies regarding the role of Russian interference in the 2016 election
Opinion: Trump’s internet opportunity (Christian Science Monitor Passcode) Instead of adding to hostilities toward internet freedom, Trump has a chance to help safeguard digital liberties. That means crafting a cybersecurity policy in his first 100 days to reinforce appropriate behavior in cyberspace
If Trump Wants a ‘Hacking Defense’ Strategy, He Should Just Use Obama’s (Wired) In his first press conference as president-elect, Donald Trump said Wednesday that the United States is too vulnerable to cybersecurity threats, and that he plans to work with defense and intelligence officials to release a “major report on hacking defense” within 90 days of taking office. To do so, he’ll need a much firmer grasp on “the cyber” than he’s demonstrated so far. As the Obama administration already showed with its own comprehensive cybersecurity plan, there’s no such thing as a quick fix
SIA Renews Support for Bipartisan DIGIT Act (Security Industry Association) Private sector input essential to guiding policy on the Internet of Things, says SIA
Making Elections Critical Infrastructure Sends Clear Message to Adversaries (Digital Guardian) The decision by the U.S. Department of Homeland Security to designate election infrastructure as critical infrastructure significantly extends federal protection of voting systems
DHS should have a cybersecurity unit, says panel chairman (CSO) Homeland Security could offer more help on state elections but needs 'focus and resources,' says Rep. Michael McCaul
DHS nominee Kelly mixes message on department’s cyber role (FedScoop) Kelly said reorganization and renaming of DHS’s National Protection and Programs Directorate to improve the department’s cyber capabilities would be a “top priority”
The Feds Need to Embrace Encryption (PC Magazine) Recent political headaches could have been avoided if people learned to encrypt a file once and a while
Litigation, Investigation, and Law Enforcement
Report on Russian hacking leaves many questions unanswered (CSO) Experts have been pouring over the JAR released two weeks ago, but there isn't enough detail in the document to help organizations defend themselves
Trump: It was probably Russia that hacked the DNC, Clinton campaign (CSO) The incoming president comes as close as he ever has to agreement with U.S. intelligence
Trump accepts Russia's role in political hack (Christian Science Monitor Passcode) For the first time, the president-elect said he believes Russia meddled in the election. In Washington, a growing cadre of Senators want a wider investigation to determine the extent of Moscow's interference
Democrats didn’t stand a chance against Russia’s elite hackers. They’re too good. (Kansas City Star) When Hillary Clinton’s former campaign chief received a bogus email that an elite Russian hacking unit allegedly sent, he clicked on its infected link, giving the hackers access to 58,000 or so emails
Russians deride American uproar over cyber attack accusations (Russia Beyond the Headlines) The U.S. intelligence community's assertions about purported Russian hacking during the U.S. presidential election is dismissed by both the Russian government and public
Trump denounces 'disgrace' of reports of Russian ties to him (Military Times) A defiant President-elect Donald Trump on Wednesday adamantly denied reports that Russia had compromising personal and financial information about him, calling it a "tremendous blot" on the record of the intelligence community if material with any such allegations had been released
How credible are reports that Russia has compromising information about Trump? (PBS Newshour) On Tuesday evening, CNN reported unsubstantiated claims that Russian intelligence compiled a dossier on the president-elect during his visits to Moscow; BuzzFeed later published 35 pages of content from the alleged dossier. But Mr. Trump dismissed the developments as “fake news.” Judy Woodruff speaks with former NSA lawyer Susan Hennessey and former CIA officer John Sipher for analysis
FBI, CIA, DNI, NSA all agreed: Tell Trump about explosive Russia claims (Washington Post via McClatchy DC) As the nation's top spies prepared to brief President Barack Obama and President-elect Donald Trump on Russian interference in the 2016 election, they faced an excruciatingly delicate question: Should they mention the salacious allegations that had been circulating in Washington for months that Moscow had compromising information on the incoming president?
The Deep State Goes to War with President-Elect, Using Unverified Claims, as Democrats Cheer (Intercept) In January, 1961, Dwight Eisenhower delivered his farewell address after serving two terms as U.S. president; the five-star general chose to warn Americans of this specific threat to democracy: “In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.” That warning was issued prior to the decadelong escalation of the Vietnam War, three more decades of Cold War mania, and the post-9/11 era, all of which radically expanded that unelected faction’s power even further
4chan Claims It Invented the Trump Golden Showers Story (Daily Beast) The forum alleged an anonymous user invented Tuesday’s bombshell about Donald Trump and Russian prostitutes—and then passed it onto a Republican operative. But there’s a weak stream of proof
UK Asks Journalists to Not Name Ex-Agent Allegedly Behind Trump Report (Motherboard) One name is suddenly on everyone's lips. On Wednesday, the Wall Street Journal revealed who is allegedly behind the salacious and unverified report of compromising material related to President-elect Donald Trump: Christopher Steele
UK fails to gag press over ID of ex-spy at center of Trump dossier claims (Ars Technica) Op-ed: Polite D-notice system is slowing ossifying; Web now dominates public discourse
China-Based Hacking Case Against U.S. M&A Firms Illustrates Cyber Security and Enforcement Issues (Forbes) In late December, the U.S. Attorney for the Southern District of New York announced the arrest of a Macau resident and unsealed an indictment against him and two others for hacking U.S. law firms for information related to pending U.S. mergers and acquisitions transactions and insider trading on that information. At the same time, the U.S. Securities and Exchange Commission filed a civil securities law complaint against those individuals, seeking injunctive relief and disgorgement of wrongful gains
CloudFlare Shares National Security Letter It Received in 2013 (Threatpost) Thanks to the lifting of a gag order, on Tuesday security firm Cloudflare was finally able to post a National Security Letter it received from the Federal Bureau of Investigation back in 2013
Popular tech blog sued by self-proclaimed “inventor of e-mail” hits back (Ars Technica) "This fight could be the end of Techdirt, even if we are completely right"
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, Feb 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks often get in the way. Join us for lunch and an action-oriented discussion about ways you can improve your security incident response program in 2017. The conversation will be led by certified SANS instructor Alissa Torres, and Rsam CISO Bryan Timmerman. Attend and earn CPE credits towards your ISACA and (ISC)2 certifications.
Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, Feb 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.
Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.
Upcoming Events
SANS Security East 2017 (New Orleans, Louisiana, USA, Jan 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in the "Big Easy" in January. Now is the time to improve your information security skills and laissez les bons temps rouler!
S4X17 ICS Security Conference (Miami Beach, Florida, USA, Jan 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification, machine learning, ExxonMobil project, securing IoT, industrial drones, cyber PHA, workforce development). Stage 2: Technical Deep Dives - the classic S4 sessions in gory technical detail. If you ever said you wanted more at an ICS event, this is where you get it. Sponsor Stage - the sessions on this stage alone rival what you would see at most other ICS security events. They are the same speakers you might see at other events, but they up their game for the advanced S4 crowd. Social Events - We all attend conferences as much to establish and renew relationships with our peers as to see the sessions. The people you want to meet and know in ICS cybersecurity are all at S4.
Suits and Spooks DC 2017 (Arlington, Virginia, USA, Jan 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean the Atomic bomb that he helped create as a scientist with the Manhattan Project. He was referring to his revolutionary work in high speed computing. Over sixty years later, the computer has revolutionized every aspect of our life – from currency to medicine to warfare. Our almost total reliance upon insecure software and hardware has made the world less safe, and has fundamentally changed the power equations between State and Non-State actors. Suits and Spooks 2017 will focus on identifying the world’s most valuable new technologies, who the threat actors are that are looking to acquire them, and what can be done to stop them.
Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, Jan 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations. For Chief Security Information Officers, Chief Information Officers, and Chief Risk Officers, by invitation only (apply to attend).
Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, Jan 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats to critical infrastructures. This summit will focus on two sectors that are among those at greatest risk, the energy and manufacturing sectors. Highlighting emerging technologies and policy initiatives, this event will foster the development of high impact strategies to address the many interrelated cybersecurity challenges we face in the protection of our nation’s critical infrastructures.
ShmooCon 2017 (Washington, DC, USA, Jan 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
SANS Las Vegas 2017 (Las Vegas, Nevada, USA, Jan 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately.
BlueHat IL (Tel Aviv, Israel, Jan 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, Jan 25 - Feb 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but have no real concept of how to create and produce proper intelligence. The 2017 Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to all ranges of adversaries including some of the most sophisticated threats targeting your networks
Blockchain Protocol and Security Engineering (Stanford, California, USA, Jan 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary collaboration among practitioners and researchers in blockchain protocols, distributed systems, cryptography, computer security, and risk management.
National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, Jan 31 - Feb 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global credit union community! Protecting the Credit Union’s global infrastructure to sustain cyber resilience requires an unprecedented level of public- and private-sector cooperation, collaboration and coordination and includes access to the real-time availability of proactive “actionable” threat intelligence; analysis of potential impacts; coordinated countermeasure solutions and response; cybersecurity best practice adoption and role-based workforce education.