It's a quiet news day for hacktivism and state-sponsored cyber attacks, but cyber criminals remain busy. eSecurity Planet has a useful compendium of cyber crime trend studies.
Gameover Zeus resumes its spearphishing campaign against US banking customers. A remote authentication bypass exploit affects Tectia SSH server, Free FTPD, and FreeSSHD for Windows. Last week's DNS poisoning of .ro domains is traced to RoTDL, which is now investigating the cause of the breach. Twitter users remain exposed to SMS spoofing; a Twitter patch helps only a subset of them. Windows AutoRun malware detected last week continues to spread.
Japanese attempts to shut down Android malware developers haven't been particularly successful, and Android devices in the US are now more attacked than PCs. Exploit kits continue to infest US networks, and Sophos finds that the malicious apps they package were, without exception, developed by white hat researchers, then copied and integrated by criminals operating in the black market. Children are becoming the chief targets of identity thieves: that poor children are more commonly exploited renders this trend especially loathsome.
The US Senate passes a Defense authorization bill more suggestive of policy direction than actual spending, but major cuts seem increasingly likely. SAIC announces 700 layoffs. BAE-Detica continues to position itself in the Australian market.
International Telecommunications Union (ITU) meetings in Dubai continue to provoke privacy and censorship concerns. Yesterday the ITU endorsed (over objections of Germany and some other members) a deep-packet inspection standard that would effectively mandate inspection of encrypted traffic.
Today's issue includes events affecting Algeria, Australia, Belarus, Brazil, China, Germany, India, Iran, Japan, Kazakhstan, Republic of Korea, Romania, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United Nations, United States, and Vietnam..
Security firms warn of new AutoRun malware on Windows(Fierce CIO: TechWatch) Security vendors have detected a spike in malware that are spread through the AutoRun software on Windows, and are warning businesses about it. According to CSO Online, the latest infections are believed to happen through unpatched computers, shared folders and social media. The report noted that the malware is called /VBNA-X, W32/Autorun.worm.aaeb, W32.ChangeUp and WORM_VOBFUS, depending on the antivirus vendor…In this case, the use of shared folders on a corporate network is highlighted as the primary method for the spread of this new malware. As such, the advice is for administrators to ensure that AutoRun is disabled on all Windows operating systems, as well as restricting the write permissions of file shares. The latter will help protect against malware spreading within the corporate network
Tumblr worm proliferated due to XSS flaw(Help Net Security) Yesterday's worm rampage that left many a Tumblr site "defaced" with a message by Internet troll group GNAA was the result of improper input sanitation. "It appears that the worm took advantage
Exploit kits, the biggest threat on the web, are being fed by whitehat security researchers(Naked Security) Who is feeding the Blackhole exploit kit? When security researchers make available easy-to-implement proof of concept code to demonstrate software vulnerabilities, you're really supporting the malicious exploit kit authors. SophosLabs expert Gabor Szappanos shows that the exploit kit authors aren't the ones discovering the zero day vulnerabilities
United States has the most blackhole exploits in the world, says Sophos(Venture Beat) Your neighborhood may seem clean and safe when you step outside, but in the midst of birds chirping and friendly waves, you could be living in cyber security hell. Security company Sophos released its Security Threats in 2013 report, which included analysis of which countries are the most at risk when it comes to malware and spam. Specifically the company looked at blackholes, or "prepackaged software kits," that live on an infected server. They then scan your computer for known vulnerabilities and exploit those holes to put viruses your computer
Children Increasingly Targeted For Identity Fraud, Study Says(Dark Reading) One in 40 families experience theft of personal data from a minor; lower-income families disproportionately affected. Cybercriminals are increasingly targeting children for identity theft, and lower-income families are the most frequent victims, according to a new study published today. Research firm Javelin Strategy released its first-ever 2012 Child Identity Fraud Survey Report, a detailed study of more than 5,100 U.S. households. The report, sponsored by identity fraud prevention company Intersections Inc. and the Identity Theft Assistance Center, states that one in 40 U.S. households experiences child identity theft at least once in the family's lifetime
Security Patches, Mitigations, and Software Updates
Twitter Resolves SMS Bug (For Some Users)(Threatpost) A day after an independant security researcher disclosed a vulnerability in SMS-enabled Twitter accounts, the social network giant announced it's fixed the flaw - at least for some users. Those who use a "long code" and/or cannot use a PIN code remain at risk
Security Patch released for BIND 9.9.2(Internet Storm Center) A security patch was released for BIND 9.9.2. The patch addresses 26 different bugs and/or security issues. Update your bind DNS server to version 9.9.2-P1
Research Roundup: Current State of Cybercrime(eSecurity Planet) Among the findings in recent security research: More than one in six mobile apps contain high-risk code that can compromise user security, and 44 percent of adults aren't aware security solutions for mobile devices exist. Recent reports from Bitdefender, TrustGo, McAfee, Trustwave, nCircle, Symantec, FireEye, Lookout, Alert Logic and Arxan Technologies assess the current state of malware (both mobile and PC-based), spam
Three major impacts when moving to a BYOD policy(Help Net Security) Seventy percent of respondents in a recent survey by Gartner, Inc. said that they have or are planning to have BYOD policies within the next 12 months to allow employees to use personal mobile devices
Risk study identifies top pain points in 2013(Help Net Security) The state of endpoint risk is not improving according to the fourth annual report researched by the Ponemon Institute. IT professionals reported the flood of mobile devices entering their corporate
Mass phishing emails a thing of the past?(Help Net Security) PhishMe predicts that phishers will be changing their tactics in 2013 – resorting to targeted spear phishing emails rather than the mass mails of the past. Spear phishing is an incredibly popular
Former National Security Officials Urge Military Cuts(Washington Wire) A bipartisan group of 15 former senior national security officials called Tuesday on lawmakers and the Obama administration to weigh military spending cuts as part of a broad deficit-reduction deal that avoids the so-called fiscal cliff
Fiscal Cliff Offers Hint At More Defense Cuts(Yahoo.com) House Republicans' "fiscal cliff" counteroffer to President Barack Obama hints at billions of dollars in military cuts on top of the nearly $500 billion that the White House and Congress backed last year, and even the fiercest defense hawks acknowledge that the Pentagon faces another financial hit
Senate Passes $631 Billion Defense Bill(Yahoo.com) The Senate overwhelmingly approved a sweeping, $631 billion defense bill Tuesday that sends a clear signal to President Barack Obama to move quickly to get U.S. combat troops out of Afghanistan, tightens sanctions on Iran and limits the president's authority in handling terror suspects
Feds Close The Once-Heralded Apps.gov Cloud Storefront(TechCrunch) The U.S. General Services Administration (GSA) has closed Apps.gov, the once-heralded cloud storefront established in the first months of the Obama Administration by former Federal Chief Information Officer Vivek Kundra
Raytheon BBN Developing Text Analysis Tools for DARPA(The New New Internet) Raytheon's BBN Technologies subsidiary is developing new tools for analyzing text and inferring meaning for a program sponsored by the Defense Advanced Research Projects Agency and the Air Force Research Laboratory. BBN said its scientists are also working on tools for finding relationships and anomolies in the text Deep Exploration and Filter of Text program
Northrop Wins $148M for North Pole EHF SATCOM System(Govconwire) Northrop Grumman (NYSE: NOC) has won a $148,313,460 U.S. Air Force contract to provide satellite communications services in the North Polar region. According to the Defense Department, the Enhanced Polar System control and planning segment aims to provide deployed forces in the region extremely high frequency protected satellite communications
SAIC Plans To Lay Off 700 Employees(Washington Post) McLean-based Science Applications International Corp. said Tuesday that it plans to let go 700 employees - about half of whom are locally based - as the contracting giant seeks to cut costs to remain competitive in the federal marketplace
Mike Nefkens Named Permanent HP Enterprise Services Lead(Govconwire) Nearly four months after being named interim lead for HP Enterprise Services (NYSE: HPQ), Mike Nefkens has been promoted to head the business on a permanent basis, effective immediately. HP said Nefkens was also promoted to executive vice president, will report to HP CEO Meg Whitman and serve on the company's executive council
EMC names former VMware CEO head of new Cloud Foundry spinoff(Fierce Big Data) EMC is forming a new business unit with VMware's former CEO, Paul Maritz, as head. EMC will form the new unit from VMWare's non-core businesses, including its Cloud Foundry platform-as-a-service, into a separate unit that will include Cloud Foundry, plus SpringSource, Gemstone, and EMC's "big data" product, Greenplum
Guidance Software unveils fast forensic bridge(Help Net Security) Guidance Software announced the Tableau T35u USB 3.0 forensic SATA/IDE bridge for forensic imaging in both lab and field environments. The T35u supports write-blocked, forensic acquisitions
LogRhythm launches automation suite for PCI(Help Net Security) LogRhythm announced its Automation Suite for PCI. The suite helps organizations maintain continuous compliance and lower the costs of meeting PCI regulatory compliance requirements
IAM solution for secure email on iOS devices(Help Net Security) Good Technology introduced Good Vault, built on the Good Trust mobile identity and access management (IAM) platform. Good Vault extends strong two-factor authentication and S/MIME security to Good's
Wireless LAN platform for mobile application delivery(Help Net Security) Aruba Networks announced a new wireless LAN platform that addresses the explosion of mobile applications and devices challenging enterprise networks, while dramatically reducing enterprise IT costs
Amazon introduces new 'Data Pipeline' tool(Fierce CIO: TechWatch) Amazon last week launched Data Pipeline, a tool designed to help users integrate data from disparate sources. Locations within AWS could include data stored within Redshift, DynamoDB or the Simple Storage Service. Redshift is Amazon's (NASDAQ: AMZN) cloud-based data warehouse, while DynamoDB is the company's NoSQL database implementation
Technologies, Techniques, and Standards
Stepping Up SMB Security To Satisfy Enterprise Customers(Dark Reading) When your company is the third-party vendor, improved security practices, transparency and independent reviews to prove your claims can go a long way toward winning enterprises embattled by attacks and the burden of compliance
Big Data Debate: End Near For ETL?(InformationWeek) Extract, transform and load processes are the backbone of data warehousing, but with Hadoop on the rise, some see a new way to transform data. Two experts share opposing views
Design and Innovation
Can Technology Make You Happy?(IEEE Spectrum) Yes, and it can make your office a better place to work, too. The unmanageable in-box, the cellphone and laptop that keep you electronically tethered to the office, the endless 30-second distractions from incoming e-mail and text messages. Sound familiar? The same advances in computers and telecommunications that have brought about tremendous gains in productivity have also made the work lives of professionals a misery
Code as a cultural artifact(IT World) A new book argues that a computer program is more than a collection of machine commands and has important stories to tell
Europe Gets Its Entrepreneur Mojo Back With The Europas And Europioneers(TechCrunch) Europe is clearly switching its cultural gears. From saying how things can't be done, to saying how thing can be done, our cultural mindset is changing, whether our politicians like it or not. The media might still be in the long grass of austerity, but here on the lawn, we're celebrating entrepreneurship. So today it's rewarding to see that a great event like The Europas, the annual awards for
Research and Development
Breakthrough by Macronix could result in SSDs with 100M write cycles(Fierce CIO: TechWatch) Taiwanese flash memory maker Macronix says it has found a way to dramatically boost the reliability of flash memory chips, whose reliability starts deteriorating significantly after 10,000 write cycles. The thermal annealing technique involves heating small groups of memory cells to 800 Celsius, which the company says is able to return damaged locations to their full capability
Research team wins $2.7 million award from DARPA(Fierce Big Data) Serious football fans may be holding their noses at Georgia Tech's Sun Bowl bid this week despite its losing 6-7 record, but the school's research team was likely dancing in the street when it received a $2.7 million award from the Defense Advanced Research Projects Agency, or DARPA, to develop technology to help meet the challenges of big data
Hysteria over the UN's plan to 'regulate the internet' is a distraction from the real issue: money(Quartz) From Dec. 3 until the 14th, thousands of delegates from all 193 UN member countries are meeting in Dubai, behind closed doors, to decide the future of the internet. Every country has exactly one vote on the final form of the subject of debate, which is whether or not the International Telecommunications Union (ITU), a UN body, should be able to decide everything from who pays for internet traffic to how easy it should be for the world's worst regimes to censor that traffic
Google: A Threat to Civil Liberties?(Defining Ideas) When it comes to regulating large tech companies, the government should proceed with caution. Part of the price that successful corporations pay for innovation is their exposure to increased calls for extensive government regulation. Those who call for such regulation claim that dominant firms, especially in modern high-tech industries, will be guilty of at least two forms of malfeasance. First, the firms will abuse their monopoly power—whose very existence is often in dispute—to extract huge profits from consumers. Second, the firms will acquire vast amounts of information that will then be used for improper purposes that pose a serious threat to both privacy and civil liberties
State agency cyber security gets bad marks, officials say(Greenvilleonline) State agency cyber security is rated low to very low by a group of agency chief information officers interviewed by the states inspector general, according to a report issued today. The report, done in the wake of the massive data breach of the state Revenue Department, finds that 18 CIOs questioned by Inspector General Patrick Maley view the states cyber security posture as less than adequate. On a scale of one to five, with five being the high and one being very low, 15 of the CIOs rated statewide information security as either low or very low
Computer contractor sentenced for stealing source code from NY Fed(Finextra) A Chinese computer contractor has been sentenced to six months of house arrest after pleading guilty to stealing millions of dollars worth of source code from the US Federal Reserve Bank of New York. Bo Zhang, 33, was arrested in May and admitted downloading the code - used by the US Treasury to manage billions of dollars of daily transfers - to a portable hard drive and his home computer
District Court Grants Motion to Suppress After Government Uses 'The Shadow' to Locate Laptop Using Unsecured Wireless Network(Volokh Conspiracy) I recently blogged about a new Fourth Amendment decision on the use of "MoocherHunter" to find the location of an unauthorized user of a wireless network. Here's another case with a somewhat similar tool in which the facts led the District Court to grant the defendant's motion to suppress: United States v. Broadhurst, 2012 WL 5985615 (D. Or. Nov. 28, 2012) (Mosman, J.). In this case, an investigation into sharing of child pornography over peer-to-peer networks revealed ten different IP addresses in a particular neighborhood that was being used to share thousands of images of child porn. An investigation revealed that the ten IP addresses traced back to six residences that had unsecured wireless networks, suggesting that someone was sharing child porn by hopping on to the unsecured wireless networks in the neighborhood and using several different networks to hide the suspect's identity. To find out who was behind the conduct, the investigators turned to The Shadow. No, not that Shadow. Rather, a hand-held device that happens to be called the Shadow
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit(Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...
tmforum Big Data Analytics Summit(Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.