Syria is back online, with Internet connectivity restored over the weekend.
Little new has emerged on the malware recently discovered stealing technical data from Japan's space agency, but researchers discern Chinese government fingerprints in the exploit, and believe the discovery points to a large technical espionage campaign.
A new stack buffer overflow vulnerability is found in MySQL. An Instagram vulnerability permits iPhone account takeover. Screenshot tools are found to have data leakage vulnerabilities.
The UK government undertakes a drive to warn the public of the online threat, and begins by disclosing that foreign governments are trying to map critical infrastructure as a precursor to cyber attack. (An expert, however, claims plausibly that a major Internet disruption is likelier to come from a "glorious cock-up" than a state-sponsored attack.)
The US Government approaches "fiscal cliff" and sequestration deadlines; observers see an eleventh hour budget accord as unlikely. Raytheon, however, says it believes the cliff will prove a mere "speed bump," and that in any case foreign sales will keep the company flush. Trend Micro positions itself for an emerging market in cyber offensive capabilities.
DARPA's Vetting Commodity IT Software and Firmware (VET) program, which will "look for innovative, large-scale approaches to verifying the security and functionality of commodity IT devices" kicks off with a Proposer's Day next week.
UN Internet governance talks are underway in Dubai. The US Army concludes an investigation into the Palantir-DCGS fracas and finds no wrongdoing, but system partisans (especially those Wired calls "Palantir fanboys") remain unconvinced.
Today's issue includes events affecting Australia, Canada, China, European Union, Finland, Iran, Japan, Saudi Arabia, Syria, Turkey, Ukraine, United Arab Emirates, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
Syria back online after two-day internet blackout(ZDNet) According to web monitoring firm Renesys, 'the restoration was achieved just as quickly and neatly as the outage'. However, it may be too early to tell for sure what precisely caused the cutoff on Thursday. Internet access was restored to the people of Syria on Saturday, ending a two-day blackout
Japan Aerospace Exploration Agency hit again by malware(Security Affairs) The New Your Times has recently published the news the Japan Aerospace Exploration Agency was hit by a virus that stolen secret information on newest rockets from an internal computer. The precious information was stored from a computer in Tsukuba Space Center located in northeast area of Tokyo, where it has been detected a malware that was stealing information. The stolen data includes details on ongoing projects such as the Epsilon project, a solid-fuel rocket, this last feature is desirable for the attackers due the possible implication in military use
Zero Day MySQL Buffer Overflow(Internet Storm Center) A new stack-based buffer overflow vulnerability was released on Full Disclosure yesterday for MySQL. Depending of the user privileges, the flaw can cause
Snipping Leaks(Internet Storm Center) ISC reader Phil asked a great question earlier today: "I'm wondering if there are data leakage concerns with screenshot tools such as MS Snipping Tool, if such tools have metadata in any of the formats they support". Well, yes, they do. Screenshots taken with the MS Snipping Tool and saved in JPG format contain both an EXIF and XMP header. You can look at what's in there for example with Phil Harvey's excellent ExifTool. The leakage is nowhere near as extensive as what is often found in MS Office documents, but it is definitely present
UK is hit by cyber enemies(The Sun) Foreign states have tried to penetrate the UK's network of vital utilities to plot a cyber attack, security bosses have revealed. Potential enemies attempted for the first time to "map" transport links, electricity and water supply. The warning follows a similar one issued in the US recently by FBI cyber defence chiefs. The Government today launches a drive to alert the public to the soaring threat of online attacks
Lack of industry collaboration spurs cyberterrorism(ZDNet) Absence of trust and coordination among nation states, and communication between public and private sectors to fight organized cyberterrorists, means the security industry has fallen behind. The security industry is lagging behind cyberterrorists due to a lack of cooperation and communication between the public and private sectors and nation states. Speakers at Cyber Security Forum Asia 2012, hosted by security and defense firm IB Consultancy here Monday, reiterated the importance of collaboration among private and public organizations in fighting cybercrime, but noted such coordination has yet to be established despite the surge in cyberattacks.
Why virtual currency Bitcoin can't save the Iranian economy(Quartz) After decades of sanctions on Iranian trade, sanctions restricting the flow of money in and out of Iran have inflicted significant damage on the Iranian economy. That owes much to the Belgium-based Society for Worldwide International Financial Transfers (SWIFT), which in March agreed to block any Iranian banks blacklisted by the European Union from using its international payment systems. Not long after the SWIFT cutoff, things started going rapidly downhill for the Iranian rial, suggesting that it has become much tougher for Iran to get hold of the hard currency it has used to prop up the rial
Cybergeddon likely to be caused by 'glorious cock-up'(Techworld) The likelihood of a state-sponsored attack on the Internet is relatively small. Cybergeddon is more likely to be caused by a "glorious cock-up" than a state-sponsored cyber attack, according to Paul Simmonds, co-founder of the Jericho Forum and former CISO of AstraZeneca and ICI. Speaking at the "Cybergeddon - fact or fiction?" debate at the Imperial War Museum in London, Simmonds said it is more likely that all the DNS route servers will be taken out by a cascade action due to a botched router upgrade than a deliberate attempt by one government to bring down
Intelligence community must adapt to era of vast data, study says(GovExec.com) The digital information revolution has handed the U.S. intelligence community a slew of new challenges that are nowhere close to resolution, a new study says. The 21st-century problems range from mountains of data to accelerated pace of change to competing information flow from nongovernmental sources to fears of violating privacy and civil liberties, according to a paper "Expectations of Intelligence in the Information Age," released Thursday by the Intelligence and National Security Alliance, a nonprofit that brings together experts in the public, private and academic sectors. The paper drew praise from Defense Intelligence Agency Director Lt. Gen. Michael Flynn, who spoke at a banquet in Arlington, Va., to mark the paper's release
Mobile and cloud developments will dominate 2013(Help Net Security) For the past several years, the IT industry's transition to the 3rd Platform, built on mobile computing, cloud services, social networking, and big data analytics technologies, has dominated the annual reports
Doubts Grow On 'Cliff' Accord(Washington Post) As the White House and Republican leaders enter the final month of negotiations to avoid a year-end fiscal cliff, both sides struck an uncompromising tone Sunday, as warnings mounted that they will be unable to forge an agreement to stop an automatic series of deep spending cuts and large tax hikes that could push the economy into recession
The Bipartisan Fiscal Doomsday Fast Approaching(Washington Post) The Defense Department would need to delay equipment purchases and repairs, trim services for military families and perhaps compromise the readiness of military units preparing to deploy, according to the White House report
CEO Of Massive US Defense Firm Scoffs At The 'Fiscal Cliff'(Business Insider) The fiscal what? Cliff? How about the fiscal "speed bump." The CEO of the fourth largest U.S. defense firm, Raytheon (5th largest in the world), Bill Swanson "is telling investors sequestration would be a 'speed bump,' not a 'guillotine,'" according to Politico
Northrop Launches Tech Development Network(ExecutiveBiz) Northrop Grumman has launched a new Web-based environment for academic institutions and small businesses to collaborate on technology development, the company announced Wednesday
Taking the fight to the hackers(Ottawa Citizen) Trend Micro's 50-employee office on Hines Road in Kanata has become the launch pad for its cyber counter offensive. Kellermann said the company, which posted revenues of $1.21 billion U.S. in 2011, has pulled numerous resources from other countries to
ManTech JV to Provide Marines Warfighting Lab Engineering(ExecutiveBiz) A ManTech International joint venture has won a $23 million contract to provide engineering services for a U.S. Marine Corps laboratory that maps out the branch's combat development process, the company announced Friday. GenTech Partners, a partnership between ManTech and Genex, will also provide technical, analytical and business support services to the Marine Corps Warfighting Laboratory
Twitter Case Exposes the Downside of Grandstanding(Wired Business) Twitter was slapped with a temporary restraining order after it tried to cut off the startup PeopleBrowsr. PeopleBrowsr says Twitter misled it with rhetoric about being an open platform
EADS shareholding structure shakeup on the way(Quartz) French and Germany shareholders are in talks to change the shareholding and corporate governance structures of European aerospace giant, and Airbus parent, EADS. The company confirmed the news on Monday, in response to a flurry of recent press reports. The company didn't say a whole lot more, except to explain it was participating in these discussions and that any changes would require board approval. A new deal could be announced as early as today
Products, Services, and Solutions
Here comes the first real alternative to iPhone and Android(Quartz) If you talk to enough people at the Finnish mobile startup Jolla, at some point it occurs to you that the company it most resembles is Apple. Not the Apple of today, which is basically a half-trillion-dollar supply chain with a design appendage, but Apple back when it was Steve Jobs obsessing over the creation of the Macintosh, which was radical in its focus on the user. In demos, at least, Jolla's decidedly different new mobile operating system (OS), called Sailfish, looks that good
Spirent Puts SCinet Multi-100G Network to the Test(HPC Wire) Spirent Communications, a leader in network, services and devices testing, today announced that SCinet, a powerful network that provided nearly 800 Gigabits per second (Gbps) of capacity for the SC12 conference, used Spirent's high-speed Ethernet solutions to test the performance of its wide area network infrastructure. Spirent also played a key role in the Ethernet Alliance's live interoperability demonstration of high-speed Ethernet switches for high performance computing and data center environments
Metaforic releases software protection technology(Help Net Security) Metaforic unveiled several new technology advancements that make it easier for software creators to protect a wide range of software (mobile, embedded, desktop, server) against hacking and subversion
Nmap 6.25 released(Help Net Security) Nmap is a free and open source utility for network exploration or security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services
Technologies, Techniques, and Standards
IAM: The Reason Why OWASP Top 10 Doesn't Change(Dark Reading) OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney? Some years ago, Chris Hoff asked why the OWASP Top 10 doesn't change? Yes, Appsec feels like Groundhog Day, but it's not because the people at OWASP are sitting on their hands. The OWASP Top 10 catalogs the top Web vulnerabilities that all applications face, and it's reviewed and updated on a regular basis but Hoff is right: it mostly does not change
Collecting Logs from Security Devices at Home(Internet Storm Center) You have probably considered logging the data from your home security devices and often the most difficult question is, where do I start? I included a list of loggers that can be used to collect security data from home devices. One that I have always found interesting is the gateway ISP router because it collects various types of logs including firewall logs (i.e. iptables). Some of these loggers require more work to setup (i.e. Linux rsyslog) while other are much simpler (i.e. Windows Syslog Server) and start collecting logs right away from your network. For example, the Syslog Server from Sourceforge is a free Windows syslog server that can setup in minutes and can easily collects the logs from a home based router. It has a few features where you can view the events by host, severity (as per picture) and facility and can send an email when a threshold value has been reached
Forensic analytics not security silver bullet(ZDNet) Forensic analytics cannot completely eradicate security issues but can help companies better understand their security risks, which is key to a comprehensive security strategy. The volatile nature of security attacks does not mean forensic analytics are ineffective since studying past incidents can help companies better understand risks and be prepared in any kind of breach. Forensic analytics generally entail looking back at past incidents to determine what went wrong, the damage incurred, and who was responsible for the attack
Dovell's Three Laws of Computers - Network Access Authentication is essential to the Laws of Computers(Access-Smart) The concept of mechanical devices that will do manual and menial labor can be traced back to Ancient Greece. Whether its an automaton by Hephaestus or Hondas Asimo robot, they all have something in common, a human-written program that controls the machines behaviors and actions. In a 1942 short story Runaround, Isaac Asimov first introduced the Three Laws of Robotics that is accepted as gospel among roboticists
Guidelines for Mobile Computing(Midsize Insider) Mobile devices have changed the way midsize businesses work. Recently, the Cloud Security Alliance (CSA) made this clear when it released a report called "Security Guidance for Critical Areas of Mobile Computing," which details security insights for critical areas of mobile. An article, recently featured in the Cloud Times, features the report, which also assesses main threats that exist today
U.S. Military Train In Cyber-City To Prepare For Hack Defense(RTT News) A cyber city, developed by the Sans Institute and measuring 6 feet by 8 feet, has been built in New Jersey to train U.S. government "cyber warriors" to fend off threats to the nation's electronic infrastructure. The mock town is complete with a bank
Research and Development
DARPA's program to reveal backdoors, hidden malicious functionality in commercial IT devices(Homeland Security Newswire) The scenario is one that information security experts dread: widespread dissemination of commercial technology which is secretly wired to function in unintended ways or even spy on its users. From this vantage point, mobile phones, network routers, computer work stations, and any other device hooked up to a network can provide a point of entry for an adversary. For the Department of Defense this issue is even more of a concern now than ever before as DoD personnel rely on equipment bought in large quantities and built with components manufactured all over the world
UN internet regulation treaty talks begin in Dubai(BBC) A UN agency is trying to calm fears that the internet could be damaged by a conference it is hosting. Government regulators from 193 countries are in Dubai to revise a wide-ranging communications treaty. Google has warned the event threatened the "open internet", while the EU said the current system worked, adding: "If it ain't broke, don't fix it."But the agency said action was needed to ensure investment in infrastructure to help more people access the net."The brutal truth is that the internet remains largely [the] rich world's privilege, " said Dr Hamadoun Toure, secretary-general of the UN's International Telecommunications Union, ahead of the meeting
Australia fights net rules as threat to free speech(Sydney Morning Herald) Communications Minister Stephen Conroy arrives in Dubai on Monday to lobby against proposed changes to internet regulation that web giants such as Google warn "could permit governments to censor legitimate speech or even cut off internet access altogether". From December 3-14 representatives of 193 governments and other telecommunications stakeholders will gather in Dubai for the World Conference on International Telecommunications (WCIT) to update global telecom rules. Last updated 24 years ago in Melbourne, the treaty sets out regulations on how international voice, data and video traffic is handled
Commission sidelined from critical IT summit in Dubai(EurActiv) EU member states yesterday (29 November) elbowed the European Commission out of a representative role when 193 governments gather next week in Dubai for key treaty negotiations affecting the telecoms and internet industry. Instead, EU member states' representatives at the EU Council of Ministers agreed a joint position for them to approve individually at the World Conference on International Telecommunications (WCIT), taking place on 3-14 December in Dubai. The development will increase doubts about how some of the key decisions will fall at the critical conference as the EU's common interest - which the European Commission is supposed to embody - will effectively not be represented
Are You The Next Bradley Manning?(Federal Times) The White Houses long-awaited insider threat policy, announced two weeks ago, is likely to usher in some noticeable and not-so-noticeable changes at many federal workplaces: Most employees workplace activities will be monitored, by both colleagues and technology. In many cases, thats already happening
Saudi- Kingdom's digital future plan outlined at security summit(MENAFN.COM) Cyber security is no longer just about tools, but requires an integrated global approach," explained Carl Williamson, executive director of cyber strategy at Northrop Grumman Corporation. Williamson was leading a panel discussion on the challenge of
The Pentagon is tweaking the cyber capabilities it wants from the services(Foreign Policy) In a move that may increase funding and organizational reshuffling of the U.S. military's cyber forces, the Joint Chiefs of Staff and the Office of the Secretary of Defense are set to tell the U.S. armed services what roles they are expected to fulfill in supporting cyber operations in the coming decade. In April, U.S. Cyber Command gave each of the armed services a list of cyber capabilities that it needed them to develop to conduct operations around the world. Now, Pentagon's brass are updating that list to account for cyber challenges that may emerge later in the decade
Sharp increase in authorities accessing private data(Sydney Morning Herald) Australian law enforcement and government agencies have sharply increased their access without warrant to vast quantities of private telephone and internet data, prompting new calls for tighter controls on surveillance powers. Government agencies accessed private telecommunications data and internet logs more than 300,000 times during criminal and revenue investigations in 2011-12, a 20 per cent increase on the level of surveillance activity in the year before. Figures from the federal Attorney-Generals Department show that on average, these agencies obtained private data from telecommunications and internet service providers 5800 times every week
NASA employees demand probe of data security(Sydney Morning Herald) Workers at NASA's Jet Propulsion Laboratory (JPL) are demanding US Congress investigate the space agency's actions following the theft of a laptop computer containing personal information for up to 10,000 employees. The incident is just the latest in a series of NASA disputes involving employee background checks. The laptop was stolen from an employee's locked vehicle in Washington, D.C., on October 31
Third Time's Not the Charm When Asking about Warrantless Wiretapping(American Civil Liberties Union News and Information) Wyden then asked the Inspectors General for the National Security Agency (NSA) and the Intelligence Community to "determine the feasibility of estimating" the number. The NSA IG - the watchdog whose mission is to "ensure that the Agency respects
Army's Own Data Mining System Fails Test(Washington Times) The Pentagon's top weapons tester has given a failing grade to the Army's premier battlefield intelligence processor, which troops in Afghanistan have criticized as being too slow and unreliable in sifting data to find the enemy.
Report clears Army brass evaluating battlefield data processor(Washington Times) An in-house Army investigation into why its own independent test report on a battlefield intelligence system was ordered to be destroyed and a new one written has cleared officials of any wrongdoing. The investigation by Lt. Gen. William Grisoli, who directs the Army Office of Business Transformation, focused on the unusual decision last spring to destroy a final test report on Palantir, a non-Army computer processor growing in popularity among troops in Afghanistan in finding roadside bombs
No Spy Software Scandal Here, Army Claims(Wired) With its slick interface and its ability to find hidden relationships, Palantir has attracted a cult of fanboys in the military and intelligence communities
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
tmforum Management World Americas(Orlando, Florida, USA, December 3 - 6, 2012) Management World Americas is the only conference covering end-to-end management of digital services and the challenges of running any service provider business. In addition to a full Cable Summit and Executive...
CIO Cloud Summit 2012(, January 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit(Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...
tmforum Big Data Analytics Summit(Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.