OVERNIGHT CYBERSECURITY: Watch out, Cyber Caliphate

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--GOING AFTER THE CYBER CALIPHATE: The White House and Gulf states are joining forces in cyberspace to stifle the burgeoning online threat posed by Iran and Islamic extremists. After a daylong summit at the Camp David presidential retreat, the U.S. and Gulf Cooperation Council (GCC) -- which includes Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the United Arab Emirates -- revealed a broad security agreement. While cyber didn't always get top billing in the security pact, it was a major component. To read our full piece, click here.

--ASSAD SUPPORTERS HACK WAPO: Hackers who support embattled Syrian President Bashar Assad appear to have taken control of The Washington Post's mobile site. Visitors to m.washingtonpost.com received a series of pop-up messages on Thursday afternoon before landing on a page that stated: "Hacked by SEA," the acronym for the Syrian Electronic Army. The cyberattack is the latest in a long string of hits by the SEA on U.S. and U.K.-based media sites, including Reuters, CNBC, NPR, Forbes, and The New York Times. To read our full piece, click here.

          --HOW IT HAPPENED: The hackers responsible said "they were able to insert the alerts by hacking into Instart Logic, a content delivery network (CDN) used by the Washington Post," Motherboard reported. "'We hacked InStart CDN service, and we were working on hacking the main site of Washington Post, but they took down the control panel," the hackers wrote in an email to the site. To read more, click here.

--THINK OF THE CHILDREN: Bills meant to protect student data are starting to pile up. Sen. David VitterDavid Bruce VitterRed-state governor races put both parties on edge Louisiana Republicans score big legislative wins Trump calls on Republicans to vote out Democratic Louisiana governor amid GOP infighting MORE (R-La.) on Thursday introduced his own bill, the Student Privacy Protection Act, meant to give parents control over how their child's data is released and used. In recent years, it's become commonplace for schools to look to third-party, cloud-based services to manage student records and improve classroom education. The trend has raised fears on Capitol Hill that children's sensitive data could be exposed to hackers or used to target ads to minors. To read more, click here.


--The State Department is not planning to update its 2011 international cyberspace strategy, Christopher Painter, the agency's coordinator for cyber issues, told senators Thursday. As other agencies such as the White House and Pentagon update security documents to account for the rapidly shifting cyber landscape, State is holding firm that its high-level, principles-focused document effectively guides the department. To read more, click here.


Looking for a million free airline miles? Just find a security flaw in the United Airlines' network.

The company is offering loads of miles to people who uncover exploits in United's websites and digital infrastructure as part of a first-of-its-kind "bug-bounty" program.

A bevy of headlines have popped up in recent weeks casting doubt on the security of airplanes and the entire air traffic control system. A government watchdog agency warned that airplane Wi-Fi systems were sitting ducks for hackers and the Federal Aviation Administration replaced its entire air traffic system in response to the broader concerns.


--JAMES TRAINOR, acting assistant director of the FBI's Cyber Division, is on the front lines of the agency's fight against cyber crime. At an event hosted by Microsoft, he said the FBI now learns of a major data breach every two or three days, compared with every two or three weeks in the past. "Those types of events, whether they concern a national security threat actor or a criminal actor, are ones we see on a much more regular basis," Trainor said. To read more from his remarks, click here.


Links from our blog, The Hill, and around the Web.

What is cybersecurity law? (Washington Post)

Cybersecurity companies are pointing to more aggressive hacking efforts by China. (BuzzFeed)

Exploring why PGP is important. (Recode)

Meet the hacker gang that writes perfect phishing emails. (Motherboard)

Stuxnet, sexism, CEOs and surveillance: the latest Passcode podcast. (Christian Science Monitor)

IBM's hacking database is taking off with banks and retailers. (Yahoo!Finance)

Bots now outnumber humans on the Internet. (CSO)

Anonymous is attacking cops in Wisconsin after the shooting death of an unarmed teen. (Motherboard)

Secretary of State John KerryJohn Forbes KerryNew Hampshire parochialism, not whiteness, bedevils Democrats Lessons of the Kamala Harris campaign Overnight Energy: Pelosi vows to push for Paris climate goals | Senate confirms Brouillette to succeed Perry at Energy | EPA under attack from all sides over ethanol rule MORE will deliver a speech on cybersecurity next Monday during his visit to South Korea. (The Associated Press)

Just how lethal is the "Venom" bug? (Christian Science Monitor)

Go ahead, forget your passwords, it'll be ok. (Bloomberg View)

Apple Watch's security features protect data but won't deter theft. (ArsTechnica)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A