US Secretary of Homeland Security Napolitano warns that US financial institutions are under sustained cyber attack. Iran denies involvement, and observers note the continuing difficulty of attribution. (The FBI is working on improved attribution techniques.)
South Carolina's data breach yields lessons in cyber security. Stolen credentials and spotty encryption were of course problems, but one lesson is the danger of communication failures between information security professionals and the executives they work for.
A new version of the Nuclear exploit kit takes black-market share from long-dominant Blackhole. Cyber gangs use hacker fora to recruit criminal talent. Security researchers name operators who permit open resolvers on their networks, thereby facilitating amplified denial-of-service attacks.
Cisco warns of a remote command execution vulnerability in Cisco Prime Data Center Network Manager. Java, patched or unpatched, continues to render systems vulnerable to compromise.
The deep packet inspection market is expected to reach $2B by 2016. We've heard much talk of NSA's interest in big data, but how big, exactly, does NSA think its data will get? A yottabyte, equivalent, says an analyst, to nine billion years of Blu-Ray movies. US agencies and companies continue to struggle with a tight cyber labor market—the talent is tough to vet.
Huawei seeks a rapprochement with its industry critics as the Chinese government continues to deny US espionage charges. Russia clamps down on its Internet and accuses the US of cyber-saber-rattling. Hacking back is a much-discussed defensive strategy, but anyone thinking of doing it should consult a lawyer first.
Today's issue includes events affecting Australia, Canada, China, Ethiopia, European Union, Germany, Greece, Indonesia, Iran, NATO, Netherlands, New Zealand, Republic of Korea, Russia, Saudi Arabia, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
'US financial institutions under attack by hackers'(Hindu Business Line) Without going into the details of such cyber-attack, Napolitano said this has involved some of the US's largest institutions. "We've also had our stock exchanges attacked over the last years. So I mean, we know they're there. There are vulnerabilities
Questions over virus are vital to cybersecurity(The National) There was no warning. On August 15, 30,000 or more computers in the offices of the Saudi Arabian Oil Co were suddenly wiped clean. The anonymous attacker left behind, as a calling card, the image of a burning US flag
Fact-checking the state's response to the cyber-attack(Post and Courier) The hacking of the Department of Revenues computer system and the states response are evolving stories, Gov. Nikki Haley and other state officials have offered updates with new details every day since the security breach was announced Friday. Not every detail has been crystal clear, and some revelations announced seem to contradict others. The Post and Courier has been trying to keep track, checking the updates against each other and providing context
South Carolina Data Breach Casts Spotlight on Lack of Encryption, Stolen Credentials(Threatpost) South Carolina governor Nikki Haley said a mouthful this week when she spilled a dirty industry secret that Social Security numbers are generally not encrypted by state agencies. Reeling from a Department of Revenue data breach that leaked 3.6 million Social Security and credit card numbers as well as other personally identifiable information for more than three-fourths of the state's residents, Haley called encryption complicated and cumbersome technology
Hurricane Sandy spams lead to survey scams(Naked Security) As usual online scam artists have latched onto the interest in Hurricane Sandy to attempt to lure people into their traps. It is only spam and survey scams at the moment, but be on the lookout for further attacks
City site falls prey to European cyber attack(Bluefield Daily Telegraph) Eastern European hackers cracked the website of this Northern Michigan city, causing it to repeatedly crash and using it as a platform to blast hundreds of thousands of email messages
'Austerity' Hackers Attack Finance Ministry in Athens, Greece(HispanicBusiness.com) The cyber attack at the General Accounting Office was made "to show solidarity with Greek peoples," said a statement posted briefly on the website signed by the hacker activist group Anonymous, according to reports. However, Greek police sources who
Hacker forums used to induct new criminals, report finds(TechWorld) Hacker forums have become a critical global channel through which aspiring criminals are inducted into the ranks of professional cybercrime, an analysis of some of the most popular discussion sites by security company Imperva has found. Hacker forums are often seen as sinister sideshows to the main story, little more than places cybercriminals go to let off steam, make contacts and do business. Imperva's Monitoring Hacker Forums report, which carried out a content analysis of 18 of the most popular forums frequented by up to 250,000 criminals from around the world, suggests that this might be only part of a more complex picture
Can the Nuclear exploit kit dethrone Blackhole?(Help Net Security) In a market dominated by the mega-popular Blackhole exploit kit (newly upgraded to version 2.0) and the somewhat less sought-after Eleonore and Phoenix exploit packs, can the developer of a fourth one
Cyber-Criminals Rent or Buy What They Need - It's Cheap!(PC Magazine) Underground forums offer cyber-criminals a diverse array of products and services to enhance their criminal enterprises. With prices falling, it's easier than ever to embark on the life of cyber-crime. So says the latest research paper from Trend Micro
Final Report on DigiNotar Hack Shows Total Compromise of CA Servers(Threatpost) The attacker who penetrated the Dutch CA DigiNotar last year had complete control of all eight of the company's certificate-issuing servers during the operation and he may also have issued some rogue certificates that have not yet been identified. The final report from a security company commissioned to investigate the DigiNotar attack shows that the compromise of the now-bankrupt certificate authority was much deeper than previously thought. In August 2011 indications began to emerge of a major compromise at a certificate authority in the Netherlands, previously unknown to most of the Internet's citizens, and the details quickly revealed that the attack would have serious ramifications.
Security Patches, Mitigations, and Software Updates
Cisco Patches Vulnerabilities in Data Center and Web Conferencing Products(Threatpost) Cisco is warning its customers about a remote command execution vulnerability in its Cisco Prime Data Center Network Manager.The product manages Ethernet and storage networks and troubleshoots for performance issues on Cisco products running NX-OS software. Versions prior to 6.1.1 are vulnerable to remote exploits on the underlying system that hosts the application, Cisco said
Patched your Java yet?(Internet Storm Center) Yes, there's some irony to this diary entry. In the past, I have been suggesting repeatedly that organizations who do not have an all-out requirement to keep a Java JRE runtime installed, should get rid of it. Yet, here I was, a couple of days ago, reviewing some SIEM events at a Community College where I help out with IT Security, when something caught my eye (URLs defanged to keep you from clicking)
Malware infects 13 percent of North American home networks(PC World) Some 13 percent of home networks in North America are infected with malware, half of them with "serious" threats, according to a report released Wednesday by a cyber-security company. However, that number is a one-percent decrease from the quarter that ended in June, according to Kindsight Security Labs, of Mountain View, California, in its third-quarter malware report
Microsoft's worldwide threat assessment(Help Net Security) In this podcast recorded at RSA Conference Europe 2012, Tim Rains, the Director of Product Management at Microsoft's TWC group, talks about volume 13 of Microsoft's Security Intelligence Report
6 Lies About Big Data(InformationWeek) Our 2013 Big Data Survey shows we're not lacking facts, figures, or tools to wrangle them. So why do just 9% of respondents rate themselves as extremely effective users of data
US intel budget topped $75 billion in 2012(Citizens for Legitimate Government) The National Intelligence Program (NIP) funds the CIA and other civilian agencies and provides some funding for the major military agencies such as the National Security Agency and Defense Intelligence Agency
The yotta is not enough(Boston.com) It's the amount of data that the National Security Agency thinks it will need to store the information it's gathering and processing in the name of intelligence. This guy estimates a yottabyte could store 9 billion years of Blu-ray-quality movies
US seeks patriotic computer geeks for help in cyber crisis(Reuters) In contrast, nearly a third chose the National Security Agency, according to the task force. Tony Sager, a task force member and former NSA senior official, said the military intelligence agency has a strong "brand" that opens doors for recruiters
DHS is right to eye kindergartners, but don't forget the adults(CSO) An article about Ethiopian kids hacking OLPCs with zero instruction illustrates why DHS is right to focus on kindergarten as fertile ground for future cyber warriors. But the agency also needs to target adults who get passed over for being different
Hackers For National Security Taking 'Friendly' Fire(Readwrite Hack) Terrorists could easily sabotage large portions of the nation's critical infrastructure. Security is so weak in many industrial control systems that even an average hacker could shut down water and power plants, damage nuclear facilities and freeze automobile and aircraft assembly lines. The threat is so real that right or wrong, some security experts are publicly disclosing the weakest links to force action
Pentagon Sees Further Use Of BlackBerry As Door Opens To Others(Reuters.com) The Pentagon on Wednesday said it would continue to support "large numbers" of BlackBerry phones made by Research in Motion Ltd even as it moves forward with plans that would allow the U.S. military to begin using Apple Inc's iPhone and other devices
EPA to migrate 25,000 users to email cloud(Fierce Government IT) The Environmental Protection Agency has contracted with Lockheed Martin and Microsoft to move about 25,000 employees to a cloud-based email service by early 2013, the companies say in a joint Oct. 31 announcement
Army Sends Contractors Survey Questions for New Procurement System(Govconwire) The U.S. Army's Contracting Command is asking contractors to fill out a questionnaire and a worksheet pertaining to a new procurement management system, according to an Oct. 29 FedBizOpps post. In March, the Army released a request for information announcing its pursuit of a new system, dubbed the Army Procurement EXecution program, to replace the
Vormetric Expands Operations in South Korea(CSO) Vormetric, Inc., the leader in enterprise encryption and key management, today announced that it is expanding operations in South Korea to meet growing demand for its data security products. The company also appointed Moon Hyung Lee to be Country Manager for Vormetric's expansion in South Korea
Huawei looks to German security researchers for help(CNet) The company says Felix Lindner's continued complaints about the security of its products have not been dismissed, and it would like his help. Huawei, the embattled Chinese telecom equipment company, is reaching out to a security researcher in Germany for a little help. The company's global security chief, John Suffolk, told Reuters in an interview published today that Huawei has dispatched engineers to Germany to meet with Felix "FX" Lindner and go over the security flaws he has found in a host of its products
Browsium offers enterprise-wide IE zero day kill switch(CSO) Browsium, a company that helped enterprises stave off Internet Explorer 6 compatibility disasters, is offering CIOs a leash to control the emergence of Chrome and Firefox in the enterprise or blacklist any browser with a zero day flaw. The Redmond
Stop, Thief: Apple Patents Movement-Based Theft Detection System For iOS Devices(TechCrunch) An Apple patent application spotted Thursday by AppleInsider shows a system for detecting unusual motion via a portable gadget's accelerometer which would sound an alarm, making said device harder to steal. The system is a simple one, without the kind of sophisticated face detection we saw in a previous application, but it could be much more effective for curbing thefts at the moment they occur
Can the FBI Crack the Attribution Nut?(Bank Info Security) Bureau Unveils its Next Generation Cyber Initiative. Attribution - the ability to identify those who hack into a computer system - is among the hardest cybersecurity nuts to crack. But that isn't deterring the FBI, which says it has initiated a program to uncover and investigate web-based intrusion attacks
10 tips to keep data secure(FCW.com) According to a report in The New York Times, National Security Agency Director Gen. Keith Alexander has said the U.S. loses up to $338 billion in financial theft. Numbers from the Commerce Department also indicate $250 billion is lost every year in
Breach Response: A Better Approach - Connecticut Outlines Efforts to Improve Mitigation, Privacy Efforts(Govenment Information Security) Connecticut is working to improve its cyber incident response, including updating its breach notification law and enacting a privacy task force. On Oct. 1, a new provision to the state's breach notification law went into effect, requiring businesses and not for profits that experience a data breach to alert the Attorney General's office when they notify affected individuals. The state also recently launched a Privacy Task Force which helps to enforce the data breach notification law."Scarcely a month would go by without some significant event involving data breaches," said George Jepsen, Connecticut's attorney general, in an interview with Information Security Media Group's Eric Chabrow
Snooper's-charter plans are just misunderstood, sniffles tearful May(The Register) Home Secretary Theresa May appeared before peers and MPs in Westminster on Wednesday afternoon to face questions about her proposed communications data bill, which has been almost universally rejected by people outside the security services bubble. Her Hallowe'en session was the final one to provide evidence on the supposed merits of the draft legislation that could see British citizens' web activity much more heavily spied upon by spooks and police. The agents of the state would, of course, be acting to protect the public from the threat of terrorism and other criminality
Cyber security a top priority in Australia: Deloitte(ArNnet) Australian and Asia-Pacific financial services industry organisations have made information security governance their top security initiative, according to professional services firm, Deloittes 8th global financial services industry security survey. It showed Australia and Asia-Pacific led the world when it comes to prioritising governance on IT security and that they believe their expenditure on information security is on or above plan. The study surveyed more than 250 financial services organisations from 39 countries
The Kremlin's New Internet Surveillance Plan Goes Live Today(Wired) On the surface, its all about protecting Russian kids from internet pedophiles. In reality, the Kremlins new Single Register of banned websites, which goes into effect today, will wind up blocking all kinds of online political speech. And, thanks to the spread of new internet-monitoring technologies, the Register could well become a tool for spying on millions of Russians
USA starts anti-Russian drills, Russia hires nation's best hackers(Pravda) During the following month, NATO will hold military exercises to train joint actions of the members of the Alliance under conditions of a cyberwar. Reporters managed to find out that an "African country" will act as a conditional aggressor. In fact, U.S. military officials admit that it is Russia that will play the role of the cyber aggressor.
UK govt agency to trawl social media sites for intelligence(TODAYonline) The technology being developed by GCHQ will draw comparisons with snooping tools allegedly used by its United States counterpart, the National Security Agency (NSA), which has access to monitoring software capable of sifting out information including
Indonesia's cyber defense strategy and its challenges(Jakarta Post) Although there has been no proof of a country being taken over physically by a cyber attack the disturbances created have shown it is something to worry about. Such an event may occur in Indonesia mainly because not many are aware of the critical
Senate Likely To Revisit Cyber Bill When Congress Returns(Reuters.com) Senate Majority Leader Harry Reid hopes to reintroduce cyber security legislation opposed by business groups once lawmakers return after Tuesday's election, a Senate aide said, adding that a White House executive order might pave the way for a compromise on the bill
Rebuking a cyber-geddonist (CSO) In this guest post, Scot A Terban (@krypt3ia on Twitter) takes aim at Senator Joe Lieberman and his "Cyber 9-11" talk
International cybersecurity exercises grow in popularity(Fierce Government IT) While there is growing support for international cybersecurity exercises, more can be done to ensure such exercises are successful, according to a report published Oct. 25 by the European Network and Information Security Agency
Google loses 'Melbourne Crime' defamation case, man feels 'vindicated'(Ars Technica) Milorad Trkulja had his image and name linked with Australian organized crime. An Australian court has ruled that a Melbourne man was defamed by Google. Why? Because the search giant had posted images linked to his name on Google Images, implying that he was a criminal. Milorad "Michael" Trkulja was victorious in a similar case against Yahoo in March 2012, where he won A$250,000 ($233,000). The Victoria Supreme Court's Justice David Beach is expected to rule on damages next week
Feds Say No Dice in Retrieving Your Data Seized in Megaupload Case(Wired) Federal prosecutors are proposing a process that would make it essentially impossible for former Megaupload users to recover their data following the governments seizure of the file-sharing services servers and domain names in January as part of its prosecution of a criminal copyright infringement indictment of Megauploads employees. Thats according to Julie Samuels, an Electronic Frontier Foundation attorney representing an Ohio man seeking the return of his high school sports footage
China slams US accusation of hacking(Zee News) China has criticised US intelligence agency's accusations of hacking by Chinese firms, saying it also falls victim to cyber crime, Xinhua reported. On Wednesday, Chinese Foreign Ministry spokesperson Hong Lei was asked during a press conference about accusations from an unspecified US source that Chinese firms had used hacking to steal commercial secrets. Hong said China has responded to hacking-related issues on many occasions, and that it is "grossly irresponsible" to allege that China steals information and conducts hacking online without evidence and investigation
Lawfare Goes To The Supreme Court(Wall Street Journal) Chief Justice John Roberts kept the Supreme Court open this week amid Hurricane Sandy to hear a single national security appeal, and rightly so. The High Court's decision could redefine the constitutional standing to sue and steal a major antiterror tool that has helped keep the country safe
Cybersecurity and Attribution: Good News At Last?(Skating on Stilts) No, we're not suddenly turning into the Huffington Post. But trust me, this photo is directly relevant to the topic at hand: How the US should respond to massive state-sponsored cyberespionage
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights(Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...
Digital Security Summit(Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
CIO Cloud Summit 2012(, January 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.