Gulf states expect to see more infrastructure attacks, and are organizing cyber defenses to withstand them. (Iran's Fars News Agency claims, implausibly, that it has proof August's Shamoon campaign against Aramco—the attack that set off concerns about Gulf infrastructure—was a Pentagon provocation.)
SANS reports an ongoing Joomla and WordPress exploit. Microsoft warns that the Necurs rootkit, although two years old, continues its recent explosive expansion. Team GhostShell dumps account details from NASA, the FBI, and others. The Australian Defense Force Academy falls to hacking gadfly Darwinare—Sophos calls it a "stinkingly bad password breach."
Anonymous has launched its leak platform "Tyler" and promises "unprecedented" data releases by year's end. Russian criminals encrypt Australian doctors' patient files and demand ransom for decryption.
It's Patch Tuesday: expect Microsoft to issue its monthly security upgrades later today.
The Wall Street Journal notes companies are tying customers' real identities to online habits. US House Democrats and Republicans agree in principle to Defense cuts. TASC looks to the UK intelligence market as a hedge against US budget austerity. SafeNet names its next CEO. Hardware manufacturers continue to shuffle offshore manufacturing.
The US Senate blocks Defense Department plans to beef up its overseas human intelligence capabilities. The US will not leave WCIT-12—the perceived threat to do so was a misunderstanding. Russia and its supporters, for their part, back off calls for more Internet regulation.
The copyright infringement case against Megaupload takes an unexpected turn: the trial may force disclosure of Echelon program details.
Today's issue includes events affecting Algeria, Australia, Bahrain, Brazil, Canada, China, Czech Republic, Egypt, Finland, France, Iran, Israel, New Zealand, Qatar, Romania, Russia, Saudi Arabia, Singapore, South Africa, Sudan, United Arab Emirates, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
Cyber attacks on Gulf infrastructure seen rising(Sydney Morning Herald) Qatar's natural gas firm Rasgas was hit by a cyber attack in September, although it has not said how much damage was caused or whether it was the same virus that hit Aramco. Theodore Karasik, director of research at the Institute for Near East and Gulf
Pentagon Blamed for Cyber Attack against Saudi Aramco Oil Company(Fars News Agency) "Proofs and evidence show that the cyber attack on Aramco company has been carried out by a foreign group and given the record of virus attacks against Aramco it can be said that Pentagon is behind it," the informed source told FNA on Monday
Joomla and WordPress Bulk Exploit Going on(Internet Storm Center) We've gotten some reports and discussion around many Joomla and some WordPress sites exploited and hosting IFRAMES pointing to bad places. We'll get to the downloaded in a second, but the interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. We'd like PCAPs or weblogs if you're seeing something similar in your environment. Right now it seems the biggest pain is around Joomla users, particularly with extensions which greatly increase the vulnerability footprint and the one thing helping WordPress is the really nice feature of 1-button upgrades (and upgrades which don't tend to break your website)
Beware of Bitcoin miner posing as Trend Micro AV(Help Net Security) Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself
Necurs Rootkit Spreading Quickly, Microsoft Warns(Dark Reading) Necurs found on more than 83,000 machines; Microsoft report calls rootkit a "prevalent threat." Necurs, a nearly two-year-old rootkit, has been spreading quickly recently and was found on 83,427 unique machines during the month of November, according to researchers at Microsoft
Your CPA License has not been revoked(Internet Storm Center) I have been seeing some e-mails hitting my spam traps today, warning me of my revoked CPA license. No, I am not a CPA. But the e-mails are reasonably well done, so I do think some CPAs may fall for them. At least they got the graphics nice and pretty, but the text could be better worded
GhostShell hackers release 1.6 million NASA, FBI, ESA accounts(The Register) The hacking collecting GhostShell has announced it has finished operations for the year, but has signed off with a dump of around 1. 6 million account details purloined from government, military, and industry."ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net," the group said in a statement."For those two factors we have prepared a juicy release of 1. 6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more
Australian Defence Force Academy in stinkingly bad password breach(Naked Security) The Australian Defence Force Academy (ADFA) is the latest high-profile organisation to become embroiled in a data breach. Students at the Academy apply both to the Defence Force and to the University of New South Wales (UNSW), which runs the academic side of ADFA's operations in Canberra. It turns out that a hacker calling himself Darwinare breached the UNSW's servers about a month ago and sucked down a heap of SQL database records, including those of ADFA students
Hackers attack state websites(iafrica) A hacker is claiming responsibility for disrupting three South African government websites. The social development department's web address
Muslim Freedom Fighters Deface Website of British MP David Morris(Softpedia) A hacker collective called Freedom for the Mujahideen, claiming to be a group of Muslim freedom fighters, have breached and defaced the official website of Morecambe and Lunesdale Member of Parliament (MP) David Morris. My website has been hacked, currently working on the situation please e-mail or telephone until further notice, Morris wrote on Twitter shortly after the attack. While the attack appears to be a simple defacement, it seems it has caused some serious damage
Anonymous to Leak 'Unprecedented Amounts of Data' Starting with December 10 Video(Softpedia) Starting with December 10 and until December 21, Anonymous hacktivists plan on leaking an unprecedented amount of corporate, financial, military and state data as part of the campaign called Project Mayhem 2012. According to the hackers, the information has been secretly gathered by whistleblowers, vigilantes and conscientious citizens. The global economic system will start the final financial meltdown, the hackers stated
Gmail goes dark for users worldwide(Sydney Morning Herald) Several Google web products, including the popular Gmail service, went down for users in Australia and around the world overnight. Google confirmed that "service disruptions" had affected Gmail and Google Drive, its online storage service. The two products are part of Google's Apps suite, a Microsoft Office rival that caters to both consumers and businesses
5 Biggest Online/Mobile Cyber Threats(Credit Union Times) Darrell Burkey, a security expert with Check Point Software Technologies in San Carlos, Calif.-explained that in Eurograbber a computer is first infected
A Closer Look at Two Bigtime Botmasters(Krebs on Security) (Over the past 18 months, Ive published a series of posts that provide clues about the possible real-life identities of the men responsible for building some of the largest and most disruptive spam botnets on the planet. Ive since done a bit more digging into the backgrounds of the individuals thought to be responsible for the Rustock and Waledac spam botnets, which has produced some additional fascinating and corroborating details about these two characters
Security Patches, Mitigations, and Software Updates
Microsoft Security Bulletin Advance Notification for December 2012(Microsoft) This is an advance notification of security bulletins that Microsoft is intending to release on December 11, 2012. This bulletin advance notification will be replaced with the December bulletin summary on December 11, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification
Motives behind IT budget spend and 2013 cloud trends(Help Net Security) A global survey of 550 CIOs, IT Directors, and senior IT managers has confirmed motives behind their IT budget spend in 2012, while revealing the rate of cloud adoption in 2013. The research analysis
Proprietary platforms to cause complexity in 2013(Help Net Security) Citrix predicts that the rise of consumerisation and the Bring-Your-Own (BYO) phenomenon will force IT departments to focus on the challenge of apps and data governance. 2012 saw the proliferation
They Know What You're Shopping For(Wall Street Journal) 'You're looking at the premium package, right?' Companies today are increasingly tying people's real-life identities to their online browsing habits. Research conducted by the Journal on the practices of more than a thousand websites shows that the border between our public and private lives is blurring still more. Georgia resident Andy Morar is in the market for a BMW. So recently he sent a note to a showroom near Atlanta, using a form on the dealer's website to provide his name and contact information
Saudis and allies build cyberwar defenses(UPI.com) Saudi Arabia's state giant Aramco says it's the target of a cyberwar campaign to cripple the world's largest oil exporter, as Persian Gulf states drive to erect defenses against attacks like the one that knocked out 30,000 Aramco computers recently
House Dems, GOP Embrace Cuts In Defense Spending(Yahoo.com) Substantial reductions in military spending should be part of any budget deal that President Barack Obama negotiates with Congress to avert the so-called "fiscal cliff" of automatic tax hikes and spending cuts, a group of House Republicans and Democrats said Monday
SafeNet Names Dave Hansen CEO, Succeeding Chris Fedde(Govconwire) SafeNet has appointed Dave Hansen to succeed Chris Fedde as president and CEO, the company said Monday, also announcing Hansen will join the board of directors. Hansen comes to the company from BMC Software (NASDAQ: BMC), where he most recently served as a vice president and general manager. Fedde joined Safenet in 2001 and served
Thales USA CEO Allan Cameron Retiring, Alan Pellegrini Named Successor(Govconwire) Thales USA has promoted Alan Pellegrini, currently vice president and general manager for avionics, to succeed the retiring Allan Cameron as president and CEO, effective at the beginning of 2013. The company said Cameron started as CEO in 2006 and led the company through four acquisitions in the defense and security sector including Visionix, Tampa
ICF Names 25-Year Utility Vet Seth Hulkower Energy Group SVP(Govconwire) ICF International (NASDAQ: ICFI) has appointed 25-year utility executive veteran Seth Hulkower senior vice president for the energy, environment and transportation group. The company said he will design and implement the company's strategy to grow business in the distribution arena for electric operations, customer operations and business process outsourcing
Microsoft takes return fire from anti-Android Twitter campaign(Fierce Mobile IT) Last week, Microsoft (NASDAQ: MSFT) tried a Windows Phone marketing campaign on Twitter, offering a "present" to any Android user that shared a "malware horror story." In a Dec. 4 tweet on the official Windows Phone Twitter channel, Microsoft said it was prepared to offer a "get-well present" to anyone who shared an Android malware story at #DroidRage. The next day, Microsoft said it had received "hundreds" of #DroidRage stories. Unfortunately for Microsoft, a number of the stories were like these ones
Motorola Mobility Sheds Manufacturing Bases In China, Brazil(TechCrunch) Google-owned Motorola Mobility is shedding its manufacturing operations in Tianjin, China, and Jaguariuna, Brazil — with long-time manufacturing partner Flextronics agreeing to acquire the factories and take on management and operation. The pair said employees and assets at both locations will transfer to Flextronics after the transaction closes — expected to complete by H1 next year
Adobe Closes Taiwan Sales Office, Alarming Local Tech Observers(TechCrunch) Adobe announced today that it has closed its Taiwan sales office. A statement from Ng Yew Hwee, Adobe's managing director of Greater China (posted in a JPEG, not a PDF) on Adobe's Taiwan site states: "Upon careful and deliberate consideration of our business strategy in Asia Pacific, Adobe has made the decision to reorganize our business in the Greater China region. As part of the reorganization
Bitdefender Internet Security 2013 takes top place in AV-TEST Trials(CSO) Security software analysis firm, AV-TEST, has bestowed Bitdefender Internet Security 2013 with the top spot following a round of independent testing. Following testing from September to October, Bitdefender's product scored a near perfect 17 out of 18 possible points in results released by AV-TEST in November
Wi-Fi operating system ArrayOS gets new features(Help Net Security) Wick Hill announced a new release of the ArrayOS operating system for Xirrus Wireless Arrays. Xirrus AOS 6.3 provides an advanced Wi-Fi operating system for optimizing the services and performance
French company to issue debit cards linked to bitcoin(Australian Techworld) The Paris-based company, Paymium, has operated a website called Bitcoin-Central since 2010 where people can purchase bitcoins, an electronic currency that uses peer-to-peer networking and cryptography to securely transfer funds around the world within
Savvis Cloud Storage Takes On Amazon, Google(InformationWeek) Savvis Symphony Cloud Storage marries data center management expertise with CenturyLink's networking savvy to simplify data replication and increase disaster recovery reliability
The Most Important IAM Question: Who Does This?(Dark Reading) IAM projects get so wound up around tooling and processes that critical organizational questions go unanswered. It's December, and so another full calendar year draws to a close. I have written about a number of important trends in identity and access management (IAM), including the advent of Mobile, rising importance of authorization, Infosec maybe finally putting down its password crystal meth pipe, and how to avoid AppSec Groundhog Day with IAM
12 useful websites for IT security(ComputerworldUK) Trying to get a grasp of security in the cloud can feel like chasing one, but look into the resources at Cloud Security Alliance, the group with a strong
3 Ways SMBs Can Leverage Big Data(InformationWeek) ClickFuel CEO and former Monster.com executive Steve Pogorzelski shares his advice on big data and small business.
Design and Innovation
Betamore, entrepreneurship hub, opens in Federal Hill(MD Biz News) We told you about Betamore last summer while it was still under construction. The 8,000-square-foot entrepreneurship center was due to open at the end of September, but took a few months longer than expected. As of today though, Betamore is open for business. Technically Baltimore has the skinny on the center's launch party and some good pics of what the space looks like
IU Professor Lands Cyber Security Grant(Inside Indiana Business) An Indiana University researcher has been awarded a $2.4 million grant from the U.S. Department of Homeland Security. Informatics Professor L. Jean Camp will use the funding to help people make informed decisions about computer security. What to do with that dreaded pop-up warning, "Secure Connection Failed. The certificate is not trusted…"? Continue anyway, view the security certificate or, tempting fate, add an exception and press forward? Now an Indiana University Bloomington professor in the School of Informatics and Computing whose research focuses on technology, security and society is helping make such decisions easy for us
Legislation, Policy, and Regulation
Clegg orders internet monitoring rethink(Financial Times) High quality global journalism requires investment. Please share this article with Nick Clegg has told the Home Office to go back to the drawing board on proposals for police and security services to monitor email, web searches and Skype phone calls, after a cross-party committee issued a scathing report on the plans. The deputy prime minister commissioned a joint committee to scrutinise the governments draft legislation on communications data earlier this year, following concerns that awarding police new powers would breach civil liberties
UK CIOs see EU regulation as key(Computer Weekly) A third of UK CIOs are more concerned with EU regulation such as the data protection directive than their own local laws, a study has revealed. Some 34% of UK CIOs and 30% across Europe regard EU regulation as more important than local country laws, according to a survey of 400 CIOs by Forrester Consulting in eight European countries. he research report said: While organisations should be aware of the financial impact of ignoring compliance, the real danger is loss of reputation
Senate cybersecurity measure worries contractors(Politico) Critical Pentagon programs to protect classified data from cyberattackers and state-sponsored spies hang in the balance as lawmakers begin to confer on competing House and Senate defense authorization bills. The two chambers approved measures that make different cybersecurity requirements for companies that sell software to the government, and they set forth competing visions for how federal contractors should respond if their networks have been breached. In addition, the House and Senate specify different roles for the Defense Department to conduct clandestine operations in cyberspace
Senate Moves To Block Pentagon Plan To Add Spies(Washington Post) The Senate has moved to block a Pentagon plan to send hundreds of additional spies overseas, citing cost concerns and management failures that have hampered the Defense Departments existing espionage efforts
Kramer: U.S. not threatening to withdraw from WCIT-12(Fierce Government IT) The United States has not threatened to withdraw from the World Conference on International Telecommunications, said Amb. Terry Kramer, head of the U.S. delegation to the treaty-writing conference meeting in Dubai. In a Dec. 10 State Department statement emailed to reporters, Kramer said inaccurate media reports have stated the U.S. delegation could walk away from the International Telecommunication Union-overseen effort to rewrite the rules governing international telecommunication connections. The reports say mounting frustration over attempts by other countries to extend the rules--the International Telecommunication Regulations--to cover the Internet is the cause. "The United States has made no such threat, and it remains fully committed to achieving a successful conclusion to the WCIT," Kramer said. A bloc of countries made up of Russia, China, Saudi Arabia, Algeria, Sudan, Egypt and the United Arab Emirates proposed Dec. 8 a proposal that would have greatly increased national control over Internet regulation; the ITU on Dec. 10 tweeted that the proposal "has been withdrawn." The Egyptian delegation also said it never supported the proposal in a Dec. 8 tweet
Russia backs down on proposals to regulate internet(Sydney Morning Herald) A Russia-led coalition has withdrawn a proposal to give governments new powers over the internet, a plan opposed by Western countries in talks on a new global telecom treaty. Negotiations on the treaty mark the most sustained effort so far by governments from around the world to agree on how, or whether, to regulate cyberspace. The US, Europe, Canada and other advocates of a hands-off approach to internet regulation want to limit the new treaty's scope to telecom companies
Litigation, Investigation, and Law Enforcement
FTC Launches Investigations into Mobile Apps for Kids(Threatpost) The Federal Trade Commission on Monday said it's launching "non-public investigations" to determine if mobile application providers are violating federal laws by collecting information on children without their parents' permission
When links are outlawed, only outlaws will use links(InfoWorld) Ex-Anonymous spokesmouth Barrett Brown's indictment for links to stolen credit card numbers could be bad news for the rest of us. Don't look now, but there's a crime wave surging across the Webbernets. Everywhere around you, people are recklessly sharing dangerous and illegal hyperlinks. Lock up your children, barricade the doors and windows, throttle your broadband connection, and pray that the FBI gets to these scofflaws in time
International Organized Crime Cyber Fraud Ring Responsible for Millions of Dollars in Fraud Dismantled(FBI) In a coordinated international takedown, law enforcement officials in Romania, the Czech Republic, the United Kingdom, and Canada, acting on provisional arrest requests made by the United States, arrested Romanian nationals Emil Butoi, Aurel Cojocaru, Nicolae Ghebosila, Cristea Mircea, Ion Pieptea, and Nicolae Simion. Another defendant, Albanian national Fabian Meme, is already incarcerated in the Czech Republic. The U.S. arrest warrants, unsealed today, were issued in the Eastern District of New York based on a federal complaint alleging the defendants involvement in a sophisticated multi-million-dollar cyber fraud scheme that targeted consumers on U.S.-based Internet marketplace websites
Echelon Spy Network Secrets To Be Revealed in Megaupload Copyright Case(Reason) There was a lot of buzz a decade or so ago about Echelon, an international electronic surveillance network said to link the United States, Canada, Britain, Australia and New Zealand. A flurry of stories covered the connections among the five countries, speculation about the network's capabilities, and rumors about Echelon's targets in a post-Cold War world. The European Parliament even produced a report (PDF) discussing the the potential risks the spy system posed to the European Union. Then, as with all such things, public attention shifted elsewhere and most people lost interest in an old-hat international surveillance system. Now, Echelon is re-entering the headlines, and we are likely to learn more about the network's capabilities than conspiracy fans ever dreamed possible, all because of the copyright case against the defunct online storage company, Megaupload
Cheng v. Romo and Applying Unauthorized Access Statutes to Use of Shared Passwords(Volokh Conspiracy) The federal computer crime statutes punish unauthorized access to a computer. As regular readers know, courts are hopelessly divided on what this language means, and in particular what makes an access to a computer authorized versus unauthorized. In Cheng v. Romo, 2012 WL 6021369 (D. Mass. Nov. 28 2012), Judge Casper authored an opinion on an interesting wrinkle that I've pondered but that hasn't come up before in published decisions: How do computer crime statutes apply when one party gives his password to another party for some limited uses, but the latter party uses the password for broader uses? Is the accessing with the password but beyond the implicit or explicit limit "unauthorized" for purposes of the computer crime laws? Here are the facts of the new case. Cheng and Romo were doctors who worked together
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
tmforum Big Data Analytics Summit(Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...
ATMiA US Conference 2013(Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.