The Cool Exploit Kit adds a new attack against older versions of Java (Java 7 Update 9 is safe). An Indian "hacker prodigy" claims he's got a Windows Phone 8 OS exploit. European Commission information mavens' laptops were hacked during the Internet Governance Forum in Baku, Azerbaijan. Hootsuite mistakenly exposes users' email addresses; PayGate loses credit card information to hackers.
Last week's Twitter password reset leads businesses to review their social media security. Cloud Pro offers advice on side-channel attacks and how cloud users might address them.
Israel and the Palestinian Authority are under long-term, sustained cyber espionage attack. The campaigns appear state-sponsored, based on Xtreme RAT crimeware kit, and related to the Arab Spring, but attribution remains unclear. Iran arrests one of its nationals on charges of hacking Western targets.
Amazon UK denies weekend reports of hacking. The Citadel banking Trojan continues to evolve into more sophisticated and tenacious forms.
Microsoft patches its recently released Surface tablet and shows Steven Sinofsky the door. Widely seen as Microsoft's next CEO, Sinofsky led development of Windows 8. Lockheed Martin asks suppliers to help with cyber security. Lockheed also names a new CEO.
German authorities launch a public-private cyber security partnership program. China accuses the US of a "cold war" mentality in the ZTE and Huawei investigations. The email trail that exposed former US DCI Petraeus' misbehavior now apparently extends to General Allen, US commander in Afghanistan. (And at least one implicated email account reused passwords compromised in last year's Stratfor hack.)
Today's issue includes events affecting Azerbaijan, China, European Union, Georgia, Germany, Iran, Israel, Norway, Palestinian Territories, Russia, South Africa, Sweden, United Arab Emirates, United Kingdom, United States..
European Commission Officials Say Their Computers Were Hacked in Azerbaijan(Softpedia) Neelie Kroes, the vice-president of the European Commission, has revealed that the laptops of her advisers have been hacked into while attending the Internet Governance Forum (IDF) in Baku, the capital city of Azerbaijan. On her personal blog, Kroes stated that she attended the event because she was confident that the IDF would bring radical change, just as it happened in Tunisia and Egypt. But on the other hand I was denied access to meet political prisoners, despite a commitment from the President himself"
HootSuite Inadvertently Exposes Email Addresses of Thousands of Users(Softpedia) Social management company HootSuit has mistakenly exposed the names and email addresses of as many as 4,000 users. A couple of days ago, customers whose 60-day HootSuit Pro trial was about to expire were notified via email. However, the recipients didnt see only their own email address, but also the ones of others, The Next Web reports
Payment Processor PayGate Hacked, Credit Cards Exposed(Softpedia) Representatives of PayGate a South African company that intermediates payments between online retailers and banks admitted that their systems were breached back in August and that some credit cards were exposed. According to Independent Onlines Business Report, the confirmation comes after four financial institutions were forced last week to re-issue thousands of credit cards. PayGate stated that they took immediate steps to secure their systems after the breach was discovered
Fake AmEx alert leads to hard-to-detect malware(Help Net Security) American Express customers are often targeted with malware-laden or phishing emails, mostly because when it comes to money and the potential loss of it, people automatically become anxious and are more
Request for info: Robocall Phishing Against Local/Regional Banks(Internet Storm Center) Last week, my wife got an automated call from a bank with only a local presence that her debit card was deactivated. The call went to her cell phone. She wasn't a customer of that bank so it was easy for her to discard the call (I am a customer with my commercial accounts). It seems they simply wardialed every phone number with the right area code and three digit exchange in the area of that bank
How safe is your company's Twitter account?(Fortune) In light of last week's massive password reset, businesses should shore up their security measures. What do the experts suggest? Did Twitter force you to change your password last week? While it may have been an inconvenience to social media managers, the micro-blogging giant had some very good reasons to take this action
The Globalization Of Cyberespionage(Dark Reading) Newly revealed cyberspying campaign against Israeli and Palestinian targets demonstrates how the threat is no longer mostly a China thing. A recently discovered targeted cyberespionage campaign targeting Israeli and Palestinian organizations in operation for more than a year serves as chilling evidence that cyberspying is a global phenomenon and no longer mostly the domain of massive nation-states like China
Cyber Weapon Friendly Fire: Chevron Stuxnet Fallout(Information Week) Malware's jump from Iranian uranium enrichment facility to energy giant highlights the downside to custom-made espionage malware -- its capability to infect friends as well as foes. The pioneering Stuxnet computer virus, which was designed to attack a single Iranian uranium enrichment facility, went on to infect PCs around the world. Security experts have identified thousands of resulting Stuxnet infections. On Monday, multinational energy giant Chevron became the first U.S. company to admit that it, too, was infected by Stuxnet
Co-ops Rally After S.C. Cyber Attack(Electric Co-op Today) Following a massive cyber attack on the state government, South Carolina's electric cooperatives are helping alert consumers that their personal information could be at risk. After a huge cyber security breach against the state of South Carolina, co-ops are stepping up to the plate. (Photo By: Thinkstock)
The South Carolina Department of Revenue was hit by what many experts believe is the largest security breach of a state government. Some 3.6 million Social Security numbers, plus 387,000 credit and debit card numbers, were compromised by a hacker
Amazon denies UK customer database hacked(IT Pro) Internet retail giant denies claims that Pastebin data dump is from its systems. Internet retail giant Amazon has denied claims that a computer hacker infiltrated its systems and leaked the details of more than 600 UK users online. A hacker, going by the name Darwinare, posted usernames, contacts details and home address of 628 people on text-sharing website Pastebin on Saturday, claiming they belonged to Amazon customers
Citadel Trojan Tough for Banks to Beat(Bank Information Security) The banking Trojan known as Citadel, which debuted in underground forums in January 2012, has evolved to become one of the financial industry's greatest worries, cybersecurity experts say. Citadel, an advanced variant of Zeus, is a keylogger that steals online-banking credentials by capturing keystrokes. Fraudsters then use stolen login IDs and passwords to access online accounts, take them over and schedule fraudulent transactions
12 scams of Christmas(Help Net Security) A Harris Interactive study, conducted online among over 2,300 U.S. adults, investigates the online habits and behaviors of Americans, including those who indicate that they will engage with the Internet
Security Patches, Mitigations, and Software Updates
Microsoft plugs critical hole in Surface operating system(Fierce Mobile IT) In an advanced notice of its security patches issued on Patch Tuesday--the second Tuesday of every month--Microsoft (NASDAQ: MSFT) announced that it is patching a critical vulnerability in its Surface tablet's Windows RT operating system, which if left unpatched, could enable hackers to infect the tablet with malware
Symantec predicts cyber crime developments in 2013(Wired) Well, they would know if anybody does. Anybody besides the guys who invented Flame, who are presumably way too busy to blog these days. I hope the Flamesters didn't report directly to Petraeus
Cyber Wars(Air Traffic Management) Faced with the theoretical potential for a cyber attack to affect multiple connected systems, ICCAIA evokes the volcanic ash crisis of recent years to press home the need for a coherent response. A cyber attack in a future interconnect air system could
Businesses admit to losing data through BYOD(Help Net Security) Businesses are putting their corporate security at risk, with one in three organisations (33 per cent) allowing their staff unrestricted access to corporate resources from their personal smartphones
Middleware firms drag feet on mobile platform strategies, says report(Fierce Mobile IT) The majority of traditional middleware providers such as IBM (NYSE: IBM), Oracle (NASDAQ: ORCL), VMware, SAP and Red Hat have taken most of this year to develop mobile platform strategies, with integrated offerings not expected until 2013, according to a report on BYOD trends by Current Analysis
Fort Meade: Building a team of elite cyber professionals(CapitalGazette.com) Rhett A. Hernandez, commanding general, Army Cyber Command. While all re-enlistment ceremonies are unique and impactful to the personnel involved and the families and units supporting them, this re-enlistment was noteworthy for the ranks of the Army
Lockheed says cyber attacks up sharply, suppliers targeted(WKZO) The Pentagon's No. 1 supplier, Lockheed Martin Corp, on Monday cited dramatic growth in the number and sophistication of international cyber attacks on its networks and said it was contacting suppliers to help them shore up their security. Chandra McMahon, Lockheed vice president and chief information security officer, said about 20 percent of the threats directed at Lockheed networks were considered "advanced persistent threats," prolonged and targeted attacks by a nation state or other group trying to steal data or harm operations
General Dynamics to Provide C4ISR and IT Support for U.S. European, Central and Special Operations Commands(PR Newswire) General Dynamics Information Technology, a business unit of General Dynamics (NYSE: GD), has been awarded a contract by the Space and Naval Warfare Systems Center (SSC) Atlantic to provide worldwide Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) and Information Technology (IT) support to its European Office and its Combatant Command and Unified Command customers. The five-year, multiple-award, indefinite delivery, indefinite quantity (IDIQ) contract has a potential value of $750 million to all five awardees, if all options are exercised
Know your worth: Salaries for IT professionals in UAE curves upward(Emirates 24/7) Technology professionals continue to be in strong demand within Middle East. Information technology (IT) professionals are not always the most admired lot at work. Co-workers and employees grumble about how all tech-related problems emanate from the IT room
Former Chairman William Bratton to Remain at Kroll as Senior Advisor(Govconwire) Kroll Advisory Solutions has retained former Chairman William J. Bratton as a senior advisor, according to a company statement. Bratton will now serve the firm by working with public entities and private organizations that face complex security or investigatory issues
Lockheed Names 29-Year Vet Marillyn Hewson CEO Starting Jan. 1(Govconwire) Lockheed Martin (NYSE:LMT) has elected Marillyn Hewson, currently executive vice president for electronic systems, to succeed the retiring Bob Stevens as chief executive, effective Jan. 1, 2013. In a release, the company said it also named her president, chief operating officer and director, effective immediately, upon the resignation of Chris Kubasik from the company
Windows head Sinofsky out at Microsoft(IT World) Steven Sinofsky, the executive in charge of Microsoft's Windows 8 operating system and the driving force behind the new OS, is leaving the company, Microsoft announced late Monday, just weeks after the long-awaited operating system launched
The Next CEO Of Microsoft Suddenly No Longer Works At Microsoft(TechCrunch) "Floored." "Wow." "Wild." Those are some of the reactions within Microsoft tonight upon hearing that Windows and Windows Live President Steven Sinofsky would be leaving the company "effective immediately". Those are the reactions because nearly all Microsoft employees found out about the news tonight alongside the rest of us
Sophos unveils new unified threat management appliance(Help Net Security) Sophos released a new unified threat management appliance and software package exclusively for small businesses. The Sophos UTM 100 appliance with BasicGuard sets a new standard for small business security
Russian Hackers Beaten at their own Game(WND) 'Honey pot' traps agents turning computers into secret surveillance machines. In the world of cyber espionage, usually an attacker can lurk in the shadows unidentified, but through a combination of skill, timing and luck, one hacker has been exposed for all the world to see
Stop To Consider Vendor Lock-In(MSPmentor) In fact, in a recent survey, the Cloud Security Alliance (CSA) and the Information Systems Audit and Control Association (ISACA) asked IT decision makers to name their top concerns about cloud. Not surprising, exit strategies (#1), contract lock-in (#4)
Google Commits 1M Euros To German Startups Via Berlin Start-up Center, The Factory(TechCrunch) Google has a number of initiatives aimed at entrepreneurs globally, and a thread of a strategy appears to be emerging in Europe, albeit with different approaches. The tech giant has already supported the creation of an accelerator/workspace called Le Camping in Paris, part-backed with state money. In London it literally took out a ten-year lease on a building, Google Campus London, and stacked it
Zittrain: Peer-to-peer transactions risk privacy(Fierce Government IT) The rise of low-cost, peer-to-peer transactions facilitated by the Internet presents challenges for privacy, yet regulation of it may be difficult due to the First Amendment, said Jonathan Zittrain, a Harvard law professor
Cyber-tension between nations fuels public desire for action(Net-Security) The UK public is growing increasingly concerned about national cyber security, following the number of high profile security incidents and malware discoveries reported this year, according to LogRhythm. In a survey of 1,000 consumers, 65 percent of respondents stated that pre-emptive strikes on enemy states that pose a credible threat to national security are justified, and of those, 46 percent believe it depends on the level of threat posed. Of those surveyed, 45 percent believe that the UK government needs to step up its protection of national assets and information against cyber security threats, and 43 percent think that the threat of international cyber war and cyber terrorism is something that needs to be taken very seriously now
German Cyber-Security Partnership Launched(Security Defense Agenda) "A new Federal Alliance of Cyber-Security opened for business in Germany on Thursday. The two chief bodies behind the project are the Federal Office for Information Technology Security and the I.T. trade association Bitkom. At the initiatives core is a reporting system, which will allow companies and organisations to immediately alert the authorities of any cyber-attack without necessarily having to disclose their identity
Israel Police Force Launches Cyber Unit(Algemeiner) The announcement comes two weeks after a system-wide cyber attack forced police to discontinue use of the internet on computers and avoid using thumb drives or CDs, or any other passing of data and programs between police computers
Senate readies for fight over cybersecurity surveillance(CNet) Sen. Joe Lieberman says his cybersecurity bill is necessary to prevent terrorists from dumping "raw sewage into our lakes." But privacy groups call it a big step toward Big Brother. Sen. Joseph Lieberman spent years fighting unsuccessfully for a so-called Internet kill switch granting the president vast power over private networks during a "national cyberemergency."Now Lieberman, who did not seek reelection, is hoping a more modest version of his proposal will be approved before he leaves office. Majority Leader Harry Reid has inserted the cybersecurity bill into the Senate's post-election calendar, and a vote could happen as early as this week after debate on a proposal to open more public land for hunting and fishing
White House May Soon Take Action on #Cybersecurity(Search Engine Journal) Now that the dust of the elections has settled, and Congress is due back in session tomorrow, President Obama may soon add a signature to an Executive Order on Cybersecurity. That step by the White House depends on whether or not Congress will finally come to a decision on cybersecurity legislation that has been languishing in limbo
US Renews Call to Private Industry to Help Cybersecurity(Tom's Hardware Guide) In a speech to the audience of the Symantec Government Symposium, General Keith Alexander, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service, said that only a close collaboration between the
Military gears up to defend US against cyber-attack(Military Technologies) Military gears up to defend U.S. against cyber-attack. The next attack on the United States may be an invisible one, but the consequences could be very real. The military is gearing up to defend the nation against an attack in cyberspace
Post-Petraeus CIA Should Kill Less and Spy More, Former Chief Says(Wired Danger Room) When David Petraeus got the job of CIA chief, he knew what job #1 was: find out everything he could about al-Qaida and its allies — and then assist in their removal from the land of living. Fourteen months and more than 110 drone strikes later, the breaking of al-Qaida's core that began under Petraeus' predecessors is almost complete. Yet a major chunk of the nation's intelligence community remains singularly focused on terrorism. It's time to give that a rest, a former leader of the Central Intelligence Agency says — especially with Petraeus gone. There's a whole world out there that needs to be snooped on. "We have been tremendously focused on counterterrorism for the last 11 years [since 9/11]. How do you now begin to make sure that you cover other necessary things without making the country less safe?" asks former CIA director and retired Gen. Michael Hayden
New UAE law on cyber crimes: Porn, online harassment criminalised(Emirates 24/7) New decree provides legal protection to all information published online. President His Highness Sheikh Khalifa bin Zayed Al Nahyan has issued Federal Legal Decree No. 5 for 2012 on combating cyber crimes. The new decree includes amendments to Federal Legal Decree No. 2 for 2006 on cyber crimes
Litigation, Investigation, and Law Enforcement
Iranian Hacker Responsible for Attacks on US and Israeli Sites Arrested(Softpedia) Iranian authorities have arrested a man suspected of hacking into more than 1,000 foreign websites. Most of his targets are from the United States and Israel. According to Trend, the hacker claimed that he breached the US and Israeli websites out of curiosity and to demonstrate that they were not properly secured
Congressional inquiry responses released: Data brokers refuse to name sources(ZDNet) A Congressional inquiry told nine major data brokerage companies to explain how they collect and sell consumer information. The data dealers have responded with PR and generalities. Data brokers have compiled secret dossiers on what's estimated to be 500 million people and they're refusing to name data sources to a Congressional inquiry - or transparently explain what's being done with the privacy-invading data they're collecting and compiling
Email Location Data Led FBI to Uncover Top Spy's Affair(Wired Threat Level) In the irony of ironies, the distinguished career of CIA Director and former CENTCOM commander David Petraeus appears to have come unhinged after authorities traced the location of the sender of threatening e-mails that were written from an anonymous Gmail
Petraeus Scandal Engulfs Afghanistan War Chief(Wired Danger Room) The sex scandal that brought down former Army general and CIA Director David Petraeus has expanded to engulf another senior official: Marine Corps Gen. John Allen, the commander of U.S. and NATO troops in Afghanistan. Allen, who is married, allegedly exchanged what's being described as "inappropriate communication'' — up to 30,000 pages of it — with Jill Kelley, the 37-year-old Tampa socialite who claims she received threatening emails from Petraeus' mistress (and biographer) Paula Broadwell
Petraeus affair offers unintentional lesson on password reuse(Ars Technica) Paula Broadwell, the biographer and reported mistress of CIA director David Petraeus, appears to have been a subscriber to the "private intelligence" firm Stratforand that means that her Stratfor login account and its hashed password were hacked and released last year by Anonymous. The Stratfor hacker, who the US government says was Chicago-based Jeremy Hammond, obtained a complete roster of all corporate client accounts. These were released online in a massive file called stratfor_users
Meet The Patent Troll Suing Hundreds Of Companies For Encrypting Web Traffic(Techdirt) Ars Technica has the story on yet another patent troll -- though this one seems a bit special. TQP Development -- a typical patent troll in so many ways -- has apparently gone on something of a rampage over the last four years (and increased in the last year) suing hundreds of companies. The list is impressive
Hong Kong stock exchange hacker sentenced to jail(ZDNet) The hacker who broke into the Hong Kong stock exchange news Web site last year has been sentenced to nine months in jail. A South China Morning Post (SCMP) report Saturday said Tse Man-lai, 28, was convicted in the district court on two counts of obtaining access to a computer with criminal or dishonest intent. On Aug. 12 and Aug. 13 last year, Tse launched denial-of-service attacks (DoS) on HKExnews, a Web site operated by the Hong Kong Exchanges and Clearing (HKEx) which publishes corporate filings, the report said
Pirate Bay co-founder suspected of serious fraud and another data intrusion(Computer World) Swedish authorities now suspect Pirate Bay co-founder Gottfrid Svartholm Warg of serious fraud and another data intrusion in addition to the alleged hacking of IT company Logica that led to his arrest, public prosecutor Henrik Olin said Monday. Svartholm Warg was arrested in Cambodia in August and deported to Sweden. In September, Swedish authorities arrested him on suspicion of hacking Logica, which handles taxes for the Swedish government
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
E2 Innovate Conference & Expo(Santa Clara, California, November 14 - 15, 2012) E2 Innovate, formerly Enterprise 2.0, brings strategic business professionals together with industry influencers and next-gen enterprise technologies.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights(Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...
Digital Security Summit(Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
CIO Cloud Summit 2012(, January 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit(Barcelona, Spain, December 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.