RedHack leftists claim they've compromised Turkey's civil service salary system, but the Turkish Finance Ministry denies any exploit.
The very successful Eurograbber banking Trojan continues to circulate through Android and BlackBerry devices. So far confined to Europe, the malware's ability to defeat two-factor authentication renders it unusually dangerous. SecureState demonstrates a Python-based accounting software hack that facilitates sophisticated financial fraud. Other researchers develop a fast, cloud-based approach to password cracking—it doesn't work on live systems, but it's very good at attacking leaked passwords.
"Carefully crafted" spam successfully passes state-of-the-art filters. Denial-of-service attacks are now available (as a service) on the black market. Ransomware is becoming more common, and the New York Times has a useful primer on this form of cyber crime.
Next week's Patch Tuesday will feature five serious and two critical Microsoft bulletins.
Privacy tools like Tor and Darknet are "dual-use," serving legitimate (even heroic) dissent, but also crime and terrorism. Reaction to this week's breaches at Nationwide and Allied already suggests that civil litigation is beginning to drive more effective security. The US health care industry has made little information security progress, a HITRUST study says. The cloud sector continues its expansion despite CIO ambivalence about security.
SecurityInfoWatch provides an overview of video system vulnerabilities. WatchGuard doubts that the current vogue for striking back will do much to improve security.
The US Intelligence Community's comprehensive cyber report to Congress nears completion. The International Telecommunications Union has yet to decide what will count as a "covered entity."
Today's issue includes events affecting European Union, Luxemburg, Netherlands, Pakistan, Turkey, United Arab Emirates, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
Turkish Finance Ministry denies hacking claims by RedHack(Hurriyet Daily News) Turkeys Finance Ministry has denied claims from RedHack that the self-proclaimed leftist hacking group has hacked the civil servants salary system, daily Hurriyet has reported. All systems provided by the ministry through the Internet have been working without any problem, a statement from the ministry read. RedHack claimed earlier today to have hacked into the salary system in protest of the ridiculously small salary raise received by civil servants
Pak hack attack: Pastebin reveals attacks by Pakistani Hackers(Anonymous News) Websense researchers monitor sites like Pastebin, Facebook, Twitter, Blogspot, and others, to keep our finger on the pulse of hacking and other malicious activities. Pastebin, in particular, has become a popular place for hackers to show off their latest exploits. Our researchers recently observed a significant increase in malicious links posted to Pastebin:On Tuesday, November 20, we detected a spike in compromised URLs posted to the site
Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions(Threatpost) Online banking customers in Europe are falling victim by the thousands to a new banking Trojan that is infecting Android and BlackBerry devices and is capable of defeating two-factor authentication. The Trojan, dubbed Eurograbber by researchers at Check Point Software Technologies and Verasafe, is a variant of the Zitmo Trojan. Zitmo, or Zeus-In-The-Mobile, has not moved outside Europe, but could eventually target customers in the United States, for example, as more banks require a second form of authentication for access to their online accounts
'Project Mayhem' Hacks Accounting Software(Dark Reading) No exploit required for defrauding Microsoft and other accounting systems, researchers at Black Hat Abu Dhabi reveal. Researchers today unleashed proof-of-concept code that would allow an attacker to basically write himself a check from the victim organization's account. The Python-based tool is just one example of the type of advanced financial fraud that could be perpetrated against accounting applications and databases, according to SecureState researchers, who at Black Hat Abu Dhabi demonstrated their tool and findings on threats to accounting software. They focused their efforts on Microsoft's Dynamics Great Plains application, but they say the same types of attacks could also be aimed at other accounting packages
Huge GPU cluster makes password hacking a breeze(Help Net Security) Cracking encrypted passwords is getting increasingly easier as researchers come up with new ways of harnessing CPU, GPU and cloud power to perform the task. The latest of the improvements in this
New malware hijacks USB smart cards(GMA News) Researchers have created a proof-of-concept malware that threatens to give attackers control of USB smart card readers attached to an infected computer running Microsoft's Windows operating system. A report on PC World said the malware installs a driver on the infected PC that allows connected USB devices to be shared over the Internet with the attacker's computer
DDoS-as-a-Service? You Betcha! It's Cheap, It's Easy, and It's Available to Anyone(Security Bistro) Pssst! Hey, you there! Come over here and keep your voice down! You say you have a business rival you want to put offline? Yeah, no problem. It'll only cost you 20 bucks an hour for a short term or long term DDoS attack. You want a little taste of how easy this is? Watch this live demo for a few minutes and see your competitor's website go dark
Fake tech support calls - revisited(Internet Storm Center) Back when this scam started to become "popular", the caller usually claimed to be from Microsoft or any other large well known techie company, and tried to talk the person answering into running some commands or programs on the PC "in order to fix a critical problem". But the latest twist of this scam seems to get more targeted: We have had two reports of fake tech support calls where the caller claimed to be representing the firm to which the called company had in fact outsourced its IT Support
Comodo DNS hiccup on usertrust.com(Internet Storm Center) We received a report from a reader (thanks Marco!) that earlier today, "usertrust.com", a domain used by Comodo CA, apparently was pointing elsewhere for a while. From information captured by passive DNS sensors, it indeed looks like the NS records were changed to "ns1.pendingrenewaldeletion.com" and the A records were changed to point to 18.104.22.168, both indicative of a domain that has been "parked" by Network Solutions. Two hours later, the DNS records were updated again, and pointed back to Comodo. Given that the registration record on Network Solutions' WHOIS shows a renewal date of December 5 for the usertrust.com domain, it is probably fair to assume that "something" went wrong in the renewal
Rich Quick Make Money!(Internet Storm Center) Based on reader reports (thanks Fred!) it looks like some carefully crafted spam is making its way past filters at the moment. The spams have content like
For PC Virus Victims, Pay or Else(New York Times) Kidnappers used to make ransom notes with letters cut out of magazines. Now, notes simply pop up on your computer screen, except the hostage is your PC. In the past year, hundreds of thousands of people across the world have switched on their computers to find distressing messages alerting them that they no longer have access to their PCs or any of the files on them. The messages claim to be from the Federal Bureau of Investigation, some 20 other law enforcement agencies across the globe or, most recently, Anonymous, a shadowy group of hackers. The computer users are told that the only way to get their machines back is to pay a steep fine. And, curiously, it's working
Security Patches, Mitigations, and Software Updates
Tor and the Deepnet: What price does society pay for anonymity?(Naked Security) There is a lot more to the web than that which immediately meets the eye. In fact, the "visible" layer of the web that you and I can easily access via popular search engines is only part of the story. Hidden on the net is online content which is not so easily accessed, known as the Deepnet (also sometimes called Darknet, the Deep Web or Hidden Web)
Kaspersky Lab predicts core threats for 2013(Help Net Security) Kaspersky Lab's experts outlined key security trends of 2012 and presented their views on the core threats of 2013. The most notable predictions for the next year include the continued rise of targeted
Analysis of U.S. breach data finds reasons for concern(Help Net Security) According to the Health Information Trust Alliance's (HITRUST) analysis of U.S. healthcare data breaches from 2009 to the present, the healthcare industry has made little progress in reducing the number
Half of CIOs don't test cloud security(Help Net Security) Cybersecurity tops CIO's concerns, with 84% of CIOs stating that they are either concerned or very concerned about the risks associated with IT security breaches. Yet while security issues remain the
IBM Exposes IT Security Skills Gap(eSecurity Planet) New IBM report identifies security as the number one barrier of adoption for mobile, cloud and social business technologies. If you're looking for a reason why your organization hasn't adopted the cloud, mobile or social business technologies, you likely need to look no further than security. According to a new 2012 trends report
Social Networks Continue Push For Control(InformationWeek) The Internet was supposed to facilitate direct connections between individuals and disempower gatekeepers. Instead, it has become a massive man-in-the-middle attack. Social networking shouldn't be compulsory, and yet it's becoming an obligation. The hunger among Internet companies for data about who you are, what you do, where you go, and who you know keeps growing. They want you to share so they can earn. So they have violated Communication Neutrality: They have made mechanisms for expression into vehicles for marketing, forcing those who participate in online life to promote
How the fiscal cliff affects IT(IT World) Since the election, the political news cycle has revolved around the impending "fiscal cliff," a perfect storm of tax increases and government spending cuts set to take effect on Jan. 2, 2013. Although the IT industry may not have paid much attention, it's just as susceptible to the policy changes as the rest of the economy
Deep Defense Cuts Loom As Fiscal Cliff Inches Closer (McClatchy) The debate over the so-called "fiscal cliff" the combination of spending cuts and tax increases if Congress and the White House fail to reach a deal has been a high-stakes game of politics and budgeting. Without an agreement by Jan. 2, nowhere will those cuts called sequestration be deeper than in the Department of Defense
Congress lacks basic knowledge management, finds paper(Fierce Government IT) Congress lacks basic knowledge management strategies, depending instead on outdated systems for information referral, sorting, communicating and collaborating, according to a policy document published Dec. 4 by the New America Foundation
(ISC)2 Election Puts New Blood On Its Board Of Directors(Dark Reading) The security certification group has faced criticism from its members regarding the CISSP certification. The new year will be bringing some change to the board of directors of the International Information Systems Security Certification Consortium (ISC)2
Capgemini, NTT Data Win Spots on $22B DHS EAGLE II(Govconwire) Capgemini Government Solutions and NTT Data have won positions on a potential $22 billion information technology services contract with the Department of Homeland Security, according to a Dec. 4 FedBizOpps post. Each contract under the EAGLE II vehicle contains five base years and an option for an additional two-year ordering period
VA OIT could face GS-15 retirement crunch(Fierce Government IT) A majority of the senior general schedule employees within the Veterans Affairs Department office of information technology will be eligible to retire by 2016, says an internal OIT report obtained by FierceGovernmentIT through a Freedom of Information Act request
Sure there's a talent shortage, but what are the talents?(Fierce Big Data) In the U.K., people aren't coming to their new big data jobs with certifications and qualifications. Three quarters of them are learning on the job, according to Techworld. It says the reports of job opportunity don't answer the questions about what is required to fill them or where people can go to get the training. The publication cited a survey of 131 members of the "Big Data London" group, which said there is a knowledge gap between big data workers and the decision makers commissioning big data projects. Nearly 25 percent of respondents don't believe business leaders are even leveraging big data and two-thirds think they have unrealistic expectations for big data
Big data takes on cybersecurity(Fierce Big Data) One of the downsides of big data is that as more and more data is generated and stored, there is a higher likelihood that data will be compromised. Now, an Israeli cybersecurity firm is working with companies in an effort to lessen the threat vector and prevent malicious actors from breaching vast amounts of data. The startup, Seculert, is focused on corporate security threats. It has developed "Seculert Sense," which is an engine "that uses Amazon Elastic MapReduce to collect and analyze terabytes of data collected from live botnets, malware and log files that its customers upload to the the cloud," ZDNet reports
HP hoping to change the conversation with big data push(Fierce Big Data) Having run for public office, HP (NYSE: HPQ) CEO Meg Whitman knows how important it is to control the conversation. Now, her company faces the same challenge as investors and business analysts focus on the company's financial and strategic challenges, rather than the new direction she would prefer to discuss. Whitman and company got some of that message across this week with something else the analysts like to talk about: big data
Is security the key to BlackBerry 10 regaining enterprise dominance for RIM?(IT Proportal) BlackBerry manufacturer RIM has had a year to forget. The companys financial woes have been well-documented, and little has hopped of the production line to distract commentators from miserable quarterly reports, bleak forecasts from analysts, and news of widespread job cuts. Yet the customary RIM update typically finishes with a hopeful nod to the firms big shot at redemption
Secure iOS file transfers with QuickDrop(Help Net Security) CloudPrime announced QuickDrop, a safe way to communicate and send files of any type between mobile devices. It is available immediately for iOS, and will be available for Mac Desktops and Android dev
How to identify if you are behind a 'Transparent Proxy'(Internet Storm Center) Traveling a lot? You may still be one of the unlucky few who not only connects to hotel networks regulary, but doesn't have easy access to a VPN to bypass all the nastyness they introduce. In addition, even some "normal" ISPs do introduce a feature called "transparent proxy" to manage traffic. Transparent proxies are nice in that they are easy to setup up and invisible ("transparent") to the user. However, the browser isn't aware of them, and as a result the transparent proxy even if configured non-malicious can still cause confusion bout the same origin policy browser depend on to isolate web sites from each other. A transperent proxy works in conjunction with a firewall. The firewall will route traffic to the proxy, but changing the desitination IP address of the packet to the proxy's IP address. The proxy now relies on the "Host" header to identify the target site. As a result, the relationship between IP address and host name that the client established is lost
Five Essentials of a Chief Compliance Officer Position(Infosec Island) Most of Shakespeares histories involve issues relating to kingship and how a king might reign. In some of the plays, such as Henry V, the example is of a positive nature. In others, such as Richard III, you may need to draw from the inverse to see how one should decidedly not govern
Focus on the Host(Infosec Island) The traditional concept of enterprise security monitoring typically encompasses observing and mitigating threats at the perimeter of the organization. Common illustrations of this practice include the deployment of firewalls, IDS/IPS devices, proxy devices, L3 screening routers, and SPAM/AV monitoring at critical ingress/egress interfaces of the network infrastructure. While there is still a necessity for this model of security monitoring, the true notion of enterprise continuous monitoring practices must include a focus on the host
How Secure Is Your Video?(Security Info Watch) If we look at this from an ethical hacking standpoint, everything truly hinges on the first question of network security. Penetration testing is accomplished in three phases: Network enumeration, vulnerability analysis, and exploitation. These different phases mean I have to find your network, find a weakness based on an operating system or application, and then exploit that weakness to gain control of a machine in your system
Striking back against cyber security threats: how effective will it really be?(iTWire) An increase in emerging cyber threats and an increased focus by governments to fight back through legislation, along with greater security industry focus on striking back against attacks, is predicted for 2013, but the security solutions provider making the prediction doesnt think the measures will be effective. WatchGuard Technologies, in its annual security predictions, warns that 2013 is likely to be a year where the security stakes reach new heights and attacks become more frequent and more damaging, as many organisations suffer attacks before taking measures to protect themselves from the bad guys. While the security industry is predicted to focus on strike back measures, WatchGuard predicts these actions will be ineffective and ultimately unviable for most organisations," warns WatchGuards Director of Security Strategy, Corey Nachreiner
Achieve Cyber Security by Using Common Criteria Certification(Govtech) Today's industry and government organizations are highlighting cybersecurity and information assurance as one of their top IT priorities. Cyber threats are presented by both individuals and nation-sponsored groups with intentions spanning the theft of trade secrets, hacktivism (the invasion or disruption of systems for activist purposes) and espionage. Similarly, new problems are rising around supply chain integrity, with tampering and counterfeit incidents degrading user confidence
The Barnes and Noble Breach Take Aways(Infosec Island) On October 24, 2012 it was announced that Barnes & Noble had a credit card breach that was the result of tampered credit card terminals. As a result of the breach, Barnes & Noble pulled all of the credit card terminals out of their stores so that they can be examined. The story published in the New York Times has some points that should be interesting to other large merchants
Don't bring cybercrime home for the holidays(Help Net Security) Cybercrime is on the rise, the holidays being no exception. In fact, this holiday season may prove to be the biggest ever for cybertheft. Hackers observe no holidays, instead using them as yet another
An accelerometer so good that only quantum mechanics limits it(Ars Technica) The contraption can pick up motion with the maximum sensitivity possible. We take it for granted now, but the fact that you can flip your phone from portrait to landscape mode depends on accelerometers. As everyone knows, though, the damn things often get it wrong, leaving you staring at a screen that refuses to reorient until you give it a good shake. One of the reasons for the screen refusing to orient correctly is that accelerometers have to balance sensitivity to small changes with the speed of response—a slow accelerometer is a sensitive accelerometer
US Government Agencies Will Soon Be Able To Access Foreign Medical Dossiers Due To Patriot Act(Techdirt) The US Patriot Act has suddenly scared an entire nation, and it's not the US itself this time. The Netherlands is currently going nuts about the US government being able to request medical details of all its citizens when the Dutch Electronic Patient Database (EPD) is implemented next month. This will not be the only country that freaks out because of the Patriot Act, as this sort of thing is likely to happen a lot more often
Spy Agencies To Detail Cyber-Threats(Los Angeles Times) The Pentagon requested the estimate more than a year ago, and it sparked a broad review of evidence and analysis from the 17 U.S. intelligence agencies. The document has been submitted to the National Intelligence Council, which coordinates such efforts, but it was unclear whether the council had reached or approved final conclusions. The study is expected to be given to policymakers early next year
Special Operations Command Leads Propaganda Fight(USAToday.com) The military's Special Operations Command has become an emerging player in the Pentagon's propaganda efforts to confront violent extremists around the world, according to documents and a new report from a non-partisan think tank
Law bans your boss from spying on your Facebook account(Sacramento Business Journal) Gov. Jerry Brown announced via Facebook and Twitter on Tuesday that the he had signed privacy bills to prevent employers from requiring employees and students to divulge their social network account passwords and information, according to the Silicon Valley / San Jose Business Journal
Even The FCC Thinks Airplane Electronic Rules Are Bogus(TechCrunch) Air travel would be a profoundly dangerous practice if any kid who turned on a Game Boy during takeoff could bring a multimillion dollar jetliner to its fiery doom. The Federal Aviation Administration, which mandates that nice airline stewards must pester you to turn off your electronics, has reluctantly agreed to review the electronics policy in light of increased press attention
Litigation, Investigation, and Law Enforcement
Appeals Court Sides With Bush Wiretapping(Wired Threat Level) A federal appeals court is refusing to reconsider its August ruling in which it said the federal government may spy on Americans' communications without warrants and without fear of being sued
Hollywood's Total Piracy Awareness Program Set for January Launch(Wired Threat Level) Beginning in a few weeks, the nation's major internet service providers will roll out an initiative — backed by Obama and pushed by Hollywood and the record labels — to disrupt and possibly terminate internet access for online copyright scofflaws
Netflix Being Investigated By The SEC For CEO Reed Hastings' Public Facebook Posts(TechCrunch) As if Netflix didn't have enough problems: The company announced today that it is being investigated by the SEC for a post that CEO Reed Hastings had made on his public Facebook page in June. In an SEC filing earlier today, Netflix reported that it received a notice from the regulator, which might seek a cease and desist or injunction against the subscription video company and its CEO
U.N. Report Reveals International Protocol for Tracking People Online(Slate) In the shadowy world of electronic surveillance, tactics used by law enforcement agencies are rarely revealed. But now an international protocol about how to best monitor and track people online has been disclosed for the first timeoffering a unique insight into covert police methodology. Buried in a recent 158-page U.N. report on how terrorists use the Internet is the so-called protocol of a systematic approach
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit(Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...
tmforum Big Data Analytics Summit(Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...
ATMiA US Conference 2013(Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.