The Izz ad-Din al-Qassam Cyber Fighters' denial-of-service campaign against US banks does indeed appear to have peaked, and US banks have implemented more sophisticated defenses. Unless the Fighters get a better game they're unlikely to enjoy much future success. vorVzakone's Russian cyber mob is, however, another matter: McAfee warns that "Project Blitzkrieg," the long-prepared bank fraud campaign, seems credible, imminent, and dangerous.
ExploitHub's web application server is compromised, allegedly by rival vendor "Inj3ct0r Team." A version of Exforel backdoor malware quietly operates at the Network Driver Interface Specification level. Cisco VOIP phones are vulnerable to conversion into eavesdropping tools.
New SCADA worries surface. The FBI reveals backdoor intrusions into an industrial control system. Arson investigators notice that networked printer vulnerabilities can be used to start fires. Kongsberg Maritime and Norman build custom protection for marine industrial operations. The US Department of Energy receives good reviews for its technical advice to utilities.
Like snazzy infographics? Think again: they've become a common cloak for spammers. And you're easier to track online than ever, thanks in part to Internet Explorer's "viewability" functionality.
Two US intelligence agencies make market news. The Defense Intelligence Agency asks for rapid exploitation of digital media—smart phones, USB drives, etc. The National Security Agency's Ozone Widget application development framework will arrive on GitHub by the year's end. SINet opens a Baltimore office; ITSEF 2013 will still be held in Palo Alto.
English-speaking developed countries refuse the UN's proposed Internet treaty, and the ITU meetings end without much accomplished.
Today's issue includes events affecting Australia, Canada, China, Iran, Israel, Norway, Palestinian Territories, Romania, Russia, United Kingdom, United Nations, United States..
DDoS attacks against US banks peaked at 60 Gbps(CSO) Banks are likely to be better protected against this wave of attacks, Arbor Networks researchers say. Some of the distributed denial-of-service (DDoS) attacks that targeted the websites of U.S. financial institutions this week have peaked at 60 Gbps, according to researchers from DDoS mitigation provider Arbor Networks
Recent DDOS Attacks Have Made Organizations Increase Mitigation Controls, Expert Says(Softpedia) Since Izz ad-Din al-Qassam Cyber Fighters re-initiated their operations against US financial institutions, security solutions providers have started notifying their customers about the emerging threats. Solutionary, a leading pure-play managed security services provider, is also warning its customers about the risks posed by the latest threats. Weve reached out to Solutionary experts to find out if theres anything that targeted organizations could do to completely mitigate distributed denial-of-service (DDOS) attacks such as the ones launched by the Izz ad-Din al-Qassam Cyber Fighters
ExploitHub confirms breach(Help Net Security) ExploitHub.com, the well-known online marketplace where one can buy exploit code for disclosed vulnerabilities, has confirmed that its web application server was compromised, but that no confidential
Buffer Overflow Bugs Found in Informix database Servers(Threatpost) Several versions of the popular Informix database server from IBM contain two buffer overflow vulnerabilities that could lead to remote code execution. The problems affect eight different versions of the server and are present on Informix installations on all supported platforms
Backdoor Found at NDIS Level(Industrial Safety and Security Source) It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel.A, is able to do, said researchers at Microsoft's Malware Protection Center. That is what makes it different from other malicious elements of this kind because the backdoor opens up at the Network Driver Interface Specification (NDIS) level
Windows 8 apps hackable and crackable, just like iOS and Android(Ars Technica) Earlier in the week a blog post by Nokia engineer (and former Microsoft employee) Justin Angel highlighted a number of issues with applications from the Windows Store that enabled, among other things, the unauthorized conversion of trial apps into full versions, the modification of the prices of in-app purchases, and removal of embedded advertisements. Soon after publishing his post, Angel's blog was knocked offline in a flood of traffic; at the time of writing it remains unavailable, returning 503 error messages instead of content
FBI Memo: Hackers Breached Heating System via Backdoor(Wired Threat LEvel) Hackers broke into the industrial control system of a New Jersey air conditioning company earlier this year, using a backdoor vulnerability in the system, according to an FBI memo made public this week
Firefighting and Terrorism: Arson by Cyber Attack(FireEngineering.com) As if fire investigations were not complex enough and the pursuit of arson charges against a suspect were not already extremely challenging, indications are that things are getting worse. A new method of committing the crime of arson has been brought
Persistent Input Validation Zero Day Patched by PayPal(Threatpost) PayPal patched a zero-day vulnerability this week in its core content management system. Researchers at Vulnerability Laboratory in Germany reported the flaw in June and withheld disclosure of the details until this week when PayPal released a fix. Benjamin Kunz Mejri, a frequent PayPal bug hunter, said his team discovered a persistent input validation vulnerability in the address book module's search function that would allow an attacker to remotely inject malicious script on the application side
Apple Addresses New SMS Trojan in Malware Lists(Threatpost) Apple has made updates to its malware definitions to address yesterday's news of a new OS X Trojan, SMSSend.3666, that was disguising itself as legitimate software and confounding Russian users
Survey: Threat Intelligence Reports Play Key Role In Security Strategies(Dark Reading) Turns out most enterprises consider the security threat intelligence reports that blanket the industry these days as key resources. Some 83 percent of organizations said they use threat intell reports to help shape their security strategies, and 78 percent said they use the reports as ammunition in their security budget processes, according to a survey conducted by managed security services provider Solutionary
5 cloud myths that will be debunked in 2013(Help Net Security) There are a lot of common misconceptions and myths related to cloud computing. Many think of the cloud as less secure and reliable than on premise solutions, when in reality the opposite is actually
Government Report Warns of 'Persistent, Pervasive' Economic Espionage Attacks on U.S.(Threatpost) Attempts by foreign governments, individuals and government-associated groups to steal intellectual property, state secrets and other sensitive data from U.S. companies and government agencies are ratcheting up and government officials say the threat has become especially "persistent, pervasive, and insidious" in the last couple of years. Much of the threat is coming from China and other countries in East Asia, and officials say they expect economic espionage activity from that region to continue to focus on the theft of IT, aerospace and military technologies
Utilities' cyber survey may be model for other industries(Federal Times) A White House effort to improve the cybersecurity of the nation's commercial power grid could soon be expanded to other critical sectors, such as transportation and water. The Energy and Homeland Security departments kicked off the initiative, known as the Electricity Sector Cybersecurity Capability Maturity Model, this year as an effort to assess and improve the security of thousands of utility companies
Report: Security Growing — Slowly(Industrial Safety and Security Source) Even after all the reported attacks and threats, utilities still view security as a cost center and remain challenged to allocate security funding beyond compliance minimums. But there is progress, according to Pike Research's Smart Grid Industrial Control System Security report on the smart grid
Oracle adds big data to utility play with DataRaker buy(Fierce Big Data) Oracle (NASDAQ: ORCL) announced today that it is acquiring DataRaker, which provides a cloud-based analytics platform that allows utilities to leverage large amounts of data.
DataRaker focuses on electric, gas and water utilities, and analyzes data for these companies to help improve their customer satisfaction, as well as their operational efficiency. The move will help Oracle's utilities arm beef up it's big data analysis
Roy: Big data reveals gaps in standards and federal human capital(Fierce Government IT) The advent of big data has revealed gaps in technology standards and the federal government's ability to take advantage of it, said Donna Roy, executive director of the information sharing environment office within the Homeland Security Department. "The biggest gap at the federal level is in the recruiting and in the business case around staffing up the human support cadre," Roy said while speaking Dec. 13 at a morning AFCEA-Bethesda event
CIO Council identifies mobile security concerns(Fierce Government IT) Encryption gaps and rising costs may compromise security as federal agencies continue to adopt mobile technology, says the Federal Chief Information Officers Council. In a report dated Dec. 11, the CIO Council says that agencies are moving ahead with the implementation of mobile device strategies despite increased risks and outlines areas of concern that agencies should review
Juniper Networks to Acquire Contrail Networks for $176M(Govconwire) Juniper Networks Inc. (NYSE:JNPR) has agreed to purchase networking and software technology developer Contrail Systems Inc. for approximately $176 million in cash and stock, according to a Fox Business article. The acquisition is meant to enhance Juniper's software networking capabilities and the deal is expected to close before the end of the year
Raytheon Acquires SafeNet Inc. - Analyst Blog(NASDAQ) Raytheon Company ( RTN ) has completed the acquisition of Government Solutions business of SafeNet Inc. for an undisclosed amount. The need for acquiring a privately held data security firm comes in the light of supporting the U.S. government's growing need for protected and encrypted data
KPMG Names 30-Year Tech Vet Harry Moseley CIO(Govconwire) KPMG LLC has appointed 30-year technology industry veteran Harry Moseley to succeed the retiring Richard Anderson as chief information officer, effective Monday. The firm said Moseley will work the firm's management committee and business leaders on the technology platform including internal support and client-facing technology services. He will also lead the information technology services group
Selling flak jackets in the cyberwars(Sydney Morning Herald) When the Israeli army and Hamas trade virtual blows in cyberspace, or when hacker groups like Anonymous rise from the digital ether, or when WikiLeaks dumps a trove of classified documents, some see a lawless internet. But Matthew Prince, chief executive at CloudFlare, a little-known internet start-up that serves some of the web's most controversial characters, sees a business opportunity. Founded in 2010, CloudFlare markets itself as an internet intermediary that shields websites from distributed denial-of-service, or DDoS, attacks, the crude but effective weapon that hackers use to bludgeon websites until they go dark
Long Shadow Of Stuxnet Inspires Custom Anti-Malware Project(Dark Reading) Global maritime SCADA player forced to take the malware problem into its own hands for its offshore drilling, subsea, and merchant marine customers. Another sign of how Stuxnet is reshaping the SCADA security world: one major global supplier and integrator in offshore drilling, subsea and merchant marine operations pushed for the creation of a custom malware protection solution that better fits operationally sensitive critical infrastructure environments. Kongsberg Maritime's customers in the process control industry, haunted by the harsh wakeup call of Stuxnet, have been calling for strong anti-malware protection that doesn't disrupt their operations. "Our customers have always been concerned about cybersecurity, but after Stuxnet there's been a lot more focus and determination about this," says Bjornar Eilertsen, product advisor at Kongsberg Maritime
Oracle Melds Audit, Database Firewall Security(eSecurity Planet) Databases are among the most attacked technologies on Earth. Oracle, the largest database vendor on Earth, is fighting back. Oracle is aiming to make it easier for enterprises to secure databases with a new product announced this week. The Oracle Audit Vault and Database Firewall 12c is an evolution of two separate product families
The Trouble With Security Metrics(Dark Reading) Security practitioner Doug Landoll is passionate about risk assessments and security measurements. Author of The Security Risk Assessment Handbook and CEO of a risk consultancy for SMBs, Assero Security, Landoll believes the industry engages in far too many theatrical risk assessments for the sake of audits. These assessments never return solid measurements of risk because the collection methods are faulty, he says. As organizations seek to meet risks head on, they need better visibility into which security initiatives work, which don't and which need improvement
Securing a tablet for web browsing in six easy steps(Naked Security) Taking your tablet online can make you vulnerable to an assortment of internet dangers, including identity theft and hackers. This is especially true if you're taking advantage of a public hotspot rather than your home network. Follow these simple steps to ensure safe and secure browsing no matter where you are
Counter-terrorism tools used to spot staff fraud(CNBC) JPMorgan Chase has turned to technology used for countering terrorism to spot fraud risk among its own employees and to tackle problems such as deciding how much to charge when selling property behind troubled mortgages. The technology involves crunching vast amounts of data to identify hard-to-detect patterns in markets or individual behavior that could reveal risks or openings to make money. Other banks are also turning to "big data", the name given to using large bodies of information, to identify potential rogue traders who might land them with massive losses, according to experts in the field
The DOE reaches out to utilities with cybersecurity model(Intelligent Utility) Theres an old joke with an equally archaic punchline that quips about the U.S. government never getting a thing done, how every project takes forever. At least in the case of a cybersecurity model, the U.S. government has definitely proven that joke completely and utterly wrong. The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) hasnt been in the works for a decade
How To Decommission BYOD Mobile Devices(Byte) Mobile connected devices are the most sought after gifts this holiday season — even beating out money, peace and happiness — according to a recent study by the Consumer Electronics Association. But in the midst of the unmitigated joy the latest tablets and smartphones will bring comes a message of caution: when it comes time for out with the old, in with the new, BYOD workers need to deal with the data still sitting on discarded devices
What if Tomorrow Was the Day?(Internet Storm Center) If you knew your network was going to be attacked tomorrow, what specific actions would you take today? Treat yourself to lunch at your desk as you consider the following suggestions. Look for opportunities to improve your detection capabilities. In your security lab, try changing operating system and application configurations to see if your current policies are able to detect and alert on these actions. If not, create new alerts that are labeled with the action you used to generate these events. This a great foundation to actively seek the activity that you are currently missing
It Takes Intelligence to Close the Identity and Access Management Gap(BankTech) The challenge for banks has always been ensuring the right people have the right access to the right resources and do the right things with them -- this is identity and access management (IAM). The first wave of solutions in the early 2000s automated provisioning with a focus on efficiency. Organizations could on-board new employees more quickly while using fewer IT staff to do it
Embracing Advanced Security Technologies(Industrial Safety and Security Source) The provisionally-approved CIP V5 standards address a wider spectrum of cyber-security technologies than previous versions addressed. In particular, the draft V5 standards address and encourage the use of hardware-enforced unidirectional communications technologies, and application control/whitelisting technologies.
Tweeters 'could be military targets'(Sydney Morning Herald) Social media users who use tweets and online posts to comment on a military operation could be regarded as legitimate military targets. Australian army Land Warfare Studies Centre analyst Chloe Diggins on Thursday said a recent social media war between Israel and Hamas raised complex ethical questions about who was a combatant and therefore a legitimate military target. A key question was whether such comments constituted an act of war."If that's the case, this might mean that those using social media in support of military operations are now legitimate targets," she wrote in a blog for the Australian Strategic Policy Institute
Defense Contractors Don't Want to Say When They've Been Hacked(Mother Jones) In 2009, it came to light that hackers had successfully broken into the most expensive Pentagon weapons program of all time, the F-35 fighter jet, by gaining access to computers allegedly belonging to the defense contractor BAE Systems (the contractor part came out later). There had "never been anything like it," one unnamed official told the Wall Street Journal. The intruders were later confirmed to be Chinese spies, and lo and behold, in 2012 China rolled out a stealth fighter that looked suspiciously like the F-35
Vint Cerf: The Internet doesn't need the ITU's help(IT World) Work under way to draft new regulations at the World Conference on International Telecommunications (WCIT) in Dubai this week could harm the Internet, warned Internet pioneer and Google executive Vint Cerf
Why the ITU is the wrong place to set Internet standards(Ars Technica) UN body won't "take over" the Internet—but it could hold back its progress. There has been a lot of heated rhetoric about the World Conference on International Telecommunications (WCIT), which is wrapping up its meeting in Dubai this week. Last week, the US Congress unanimously declared its opposition to giving the UN body increased control over the Internet. Congress is prone to making melodramatic gestures, but even more sober-minded entities such as Google and Mozilla seem to agree that WCIT is a danger to the open Internet
Australia, US refuse to sign internet treaty(Sydney Morning Herald) An attempt by governments to establish a worldwide policy for oversight of the internet collapsed after many Western countries said a compromise plan gave too much power to United Nations and other officials. Delegates from Australia, the US, UK and other countries took the floor on the second-last day of a UN conference in Dubai to reject revisions to a treaty governing international phone calls and data traffic."It's with a heavy heart and a sense of missed opportunities that the US must communicate that it's not able to sign the agreement in the current form," said Terry Kramer, the US ambassador to the gathering of the UN's International Telecommunication Union
US, UK and Canada refuse to sign UN internet treaty(BBC News) The US, UK and Canada say they will not sign an international communications treaty under discussion in Dubai. The three countries had objected to calls for all states to have equal rights to the governance of the internet
Deputy PM blocks U.K. communications surveillance bill(Fierce Government IT) Britain's Deputy Prime Minister Nick Clegg has put the kibosh on a draft Communications Data Bill that would have given police and intelligence services the power to monitor all email and internet use in the UK, according to the BBC. Although the British Home Office said the legislation was needed "without delay" to combat crime and terrorism, Clegg has called for a "fundamental rethink" of the proposed law and said he would block the bill while seeking an alternative "balance between security and liberty"
Litigation, Investigation, and Law Enforcement
Connecticut Federal Jury Finds Romanian National Guilty of Participating in Internet Phishing Scheme(7thspace) A federal jury in New Haven has found Bogdan Boceanu, 29, a citizen of Romania, guilty of conspiracy offenses stemming from his participation in an extensive Internet phishing scheme, announced David B Fein, United States Attorney for the District of Connecticut, and Kimberly K Mertz, Special Agent in Charge of the FBI in New Haven. The trial began on December 6 and the jury returned its verdict today. Boceanu is the 10th Romanian citizen convicted as a result of this long-term investigation
UK cops: How we sniffed out convicted AnonOps admin 'Nerdo'(The Register) Analysis of IRC logs and open source intelligence played a key role in the successful police prosecution that led up the conviction of a member of Anonymous for conspiracy to launch denial of service attacks against PayPal and other firms. Christopher "Nerdo" Weatherhead, 22, was convicted on one count of conspiracy to impair the operation of computers following a guilty verdict by a jury at Southwark Crown court last week. Weatherhead, 22, was studying at Northampton University when he allegedly took part in "Operation Payback", the DDoS campaign launched by the hacktivists in defence of whistle-blowing site WikiLeaks
State Secrets Front and Center in Dragnet Surveillance Case(Wired Threat Level) A federal judge on Friday is to hold the first hearing following an appellate court's decision reinstating allegations the government is siphoning Americans' communications from telecoms to the National Security Agency without warrants
'Non-Harmful' Phone Spoofing OK, Appeals Court Says(Wired Threat Level) A federal appeals court is nullifying a Mississippi law that forbids phone spoofing of any type, ruling that Congress has authorized so-called "non-harmful" spoofing. Spoofing, misrepresenting the originating telephone caller's identification to the call recipient, was outlawed entirely in Mississippi under the 2010 Caller ID Anti-Spoofing Act (ASA), punishable by up to a year in prison
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
tmforum Big Data Analytics Summit(Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...
ATMiA US Conference 2013(Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.