Sun Trust joins Capital One among the victims of the renewed Islamist hacking campaign against US banks. Investigators continue to look for a Saudi connection as Iran denies complicity. (For a skeptical take on the seriousness of the campaign, however, see this morning's op-ed in CSO.) Coincidentally or not, Russian mobs continue to prepare for large-scale wire fraud aimed at the same targets.
Cyber criminals steal student records from Northwest Florida State College. Symantec finds a Russian proxy service delivering Backdoor malware. 3G mobile devices are found vulnerable to involuntary physical tracking. Spearphishing techniques improve as attackers watch their targets' behavior more closely.
Mozilla pulls its latest Firefox release over security concerns and advises users to downgrade to the previous version. Facebook patches a vulnerability that exposed users' phone numbers.
RSA warns European companies that regulatory compliance and obsessing over privacy have trapped them in an obsolete security model. The National Cyber Security Alliance releases a new cyber crime report.
US House of Representatives members ask the Office of Management and Budget exactly what contractors have been told about budget sequestration. BAE's merger with EADS may have faltered, but BAE says it will pursue acquisitions in the US (especially in cyber). Silicon Valley acquisitions are increasingly aimed at getting high-value employees.
The US House Intelligence Committee opens the second phase of its investigation into Huawei and ZTE. Concerns about these telecom firms spread to Canada, but industry analysts say it will be difficult to exclude Chinese hardware from any market.
Today's issue includes events affecting Australia, Bulgaria, Canada, China, European Union, Germany, Iran, Israel, Japan, Netherlands, New Zealand, Russia, Saudi Arabia, Sweden, Ukraine, United Kingdom, United States..
Russians Set to Make Big Withdrawals from U.S. Banks Without Having Bank Accounts(Threatmetrix) Using profit-sharing as added incentive to get recruits, a Russian-speaking criminal startup is organizing a massive fraudulent wire transfer Trojan attack targeting U.S. banks. Security expert Mor Ahuvia says a vorVzakone (Russian for Thief-in Law) is at the center of the scheme. This thief-in-law not to be confused with a brother-in-law whos a business partner who embezzles is, according to Wikipedia, a criminal who is respected, has authority and a high ranking status within the criminal underworld in the old Soviet Union and its successor states
Russian Web proxy with backdoors, Distributing malware(The Hacker News) Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor
Security flaw in 3G could allow anyone to track your smartphone(The Hacker News) New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked, according to research from the University of Birmingham with collaboration from the Technical University of Berlin. Researchers said that standard off-the-shelf equipment, such as femtocells, could be used to exploit the flaw, allowing the physical location of devices to be revealed. The 3G standard was designed to protect a users identity when on a given network
Facebook Scam Spam(Internet Storm Center) We are seeing reports of Facebook Scam Spam trickle in. Rene provided us with a detailed anecdote that includes the following image. The url provided in the image was investigated a bit. TinyURL has since taken down the redirect and classified it as Spam. However, the image (and others like it) still propagate by FB users clicking on the link
Iran rejects cyber attack on nuclear facilities(Trend.az) Sometimes we face more than 500,000 threats at the country's entrance gates but no major threat or cyber attack has targeted the nuclear facilities over the past few weeks," Taqipour said on Wednesday. Iran has been the target of several cyber attacks
Businesses Remain Scared of Spear-Phishing as Attackers Study Behavior(Threatpost) Scared is a strong word, but the reality, according to a Websense analysis by Patrik Runald, is that spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model, giving business executives plenty of reason to worry
RSA boss demands revamp of outdated privacy, security regs(The Register) Corporate security policies that simply adopt regulations and obsess over privacy are stuck in the last century, according to senior execs at security biz RSA. Tom Heiser, president of the EMC-owned outfit, told delegates to the RSA Europe conference that efforts to comply with red tape and standards is fruitless as the rules were formulated to thwart adversaries of ten years or more ago
House Lawmakers OMB for Sequestration, WARN Act Guidance Docs(Govconwire) Three members of the House Education and the Workforce Committee have asked the Office of Management and Budget to provide them with documents and communication related to guidance on how contractors should address the potential of sequestration
After Pledging Huge IT Savings, Can NSA's Alexander Deliver?(AOL Defense) Keith Alexander, head of the National Security Agency and Cyber Command, told a standing-room-only crowd at the annual Geoint intelligence conference last year that the NSA and its sister intelligence agencies could save one third or more on their
Acqui-hire trend turns startups into IT talent pools(IT World) Since 2010, Silicon Valley--the mecca of tech businesses--is home to a growing trend. Larger tech companies are buying smaller startups, but with a twist: They aren't looking to buy the intellectual property, the products or even the customers of the acquisition target. Rather, they want key employees
BAE's US unit to keep looking for M&A opportunities(Reuters) "We will continue to pursue growth opportunities in cyber, intelligence, security, electronics and international businesses," Roehrkasse said in an emailed message to Reuters when asked about the company's interest in future acquisitions
Too late for America to eliminate Huawei(Financial Times) To read the scathing condemnation of Chinese telecoms equipment suppliers fired from Washington this week, you would think we still lived in another world. In that world, telecoms networks were built by national monopolies such as AT&T, France Telecom and British Telecom, and outsiders stayed away. You know things have come to a pretty pass when US politicians throw their weight behind a French company because the alternative is worse
HP May Still Be The King Of PCs, But Lenovo Will Usurp The Throne Next Quarter(TechCrunch) Depending who you ask, Lenovo topped HP in 2012′s third quarter to become the top worldwide PC supplier. Research firm Gartner reports Lenovo shipped just slightly more PCs than HP to hit a 15.7% marketshare, besting HP's 15.5% marketshare. But IDC reports an additional segment and therefore different numbers; HP is still on top per IDC
Coviello: 'Customers fleeing to our competitors? It's baloney!"(Computing) Executive chairman of security firm RSA Art Coviello has hit back at rivals who have claimed to have snapped up some of RSA's customers since it was the victim of a cyber attack, describing the claims as "baloney". RSA, the security arm of storage firm
Lockheed Gets $13.5M U.S Navy Order(NASDAQ) In the first one and half years of the five-year contract, the industry team led by Lockheed Martin will demonstrate the capabilities of its Open-Architecture Planning and Trajectory Intelligence for Managing Unmanned Systems (OPTIMUS) architecture
IBM to Provide Virtual Hosting Services for DoD Healthcare Program(Govconwire) IBM (NYSE: IBM) has won a $30,025,383 time-and-materials contract with the U.S. Army to provide virtual hosting services in support of the TRICARE Management Activity. The U.S. Army Medical Research Acquisition Activity in Frederick, Md. is the contracting activity on the award, which featured 31 solicited bids and 2 bids received
Vaultive Joins the Cloud Security Alliance(MarketWatch) The Cloud Security Alliance is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within cloud computing. As a corporate member, Vaultive will support CSA research and work toward the
David Lacquement Joins SAIC's Cybersecurity Team(IT News Online) The business unit delivers adaptive solutions to protect critical networks around the globe from cyber attacks with proven solutions that provide real- time situational awareness to enterprise operators. As SAIC continues to build its
Review: Free, open source VirtualBox lags behind VMware and Parallels(Ars Technica) Poor 3D support and lack of OS integration features hurt VirtualBox the most. Our Parallels Desktop and VMware Fusion shootout took a deep dive into the two most successful commercial virtualization products for the Mac, but many of you had questions about VirtualBox, the free and open source desktop virtualization software currently offered by Oracle. Both Parallels and VMware offer plenty of features for home and business users, but is VirtualBox an acceptable alternative for the cash-strapped
A better reason not to use Huawei routers: Code from the '90s(Network World) Security researcher Felix "FX" Lindner has a more compelling reason to steer clear of routers from Huawei Technologies than fears about its ownership. While the company [was] blasted for its opaque relationship with China's government in a U.S. intelligence report released Monday, a bigger worry for some is what's inside its routers."The code quality is pretty much from the '90s," said Lindner, who has analyzed the software inside Huawei's home and enterprise routers, and runs Recurity Labs, a security consultancy, in Berlin
Free mobile app profiler for risk assessment(Help Net Security) Zscaler announced today the results of an analysis from ThreatLabZ which reveals that up to 10 percent of mobile apps expose user passwords and login names, 25 percent expose personally identifiable
One-click security within Microsoft Outlook(Help Net Security) CertiVox launched an automatic, end-to-end encryption capability designed specifically to enable government, businesses and individuals to benefit from one-click security within Microsoft Outlook
General Dynamics Introduces NSA-Certified COTS Computer(Dark Reading) General Dynamics C4 Systems today introduced the new TACLANE MultiBook laptop, now certified by the National Security Agency (NSA) to secure network communications to the Secret level and below. Government, agency and state and local law
Walking the Mobile Mile(Dark Reading) Putting the i in identity means navigating the hidden complexities in Mobile Identity. Mobile applications have disparate characteristics from normal web applications and so demand different requirements from developers. This in turn drives the need for new security models. When enterprises write Mobile apps, they are not simply delivering data to the customers as in a web app, they are delivering code that interacts with the mobile device OS, data and security tokens (and beacons) that will reside on the device for some period of time
Mild-Mannered Malware Sleuth Rocks Security(Dark Reading) Botnet and malware expert Joe Stewart chats up his self-taught skill of picking apart malware and botnets, how targeted companies are in denial, Metallica -- and his raucous rock 'n roll years
Security as an enabler of innovation(Help Net Security) For years, many enterprises have viewed IT security as a costly extra that has to be endured as a way to reduce risk, without providing any other value to the business. Recent years have shown that
Pentagon Scientists: We Can't Predict Violent Outbursts. Yet.(Wired Danger Room) In the years to come, a top group of military scientists believe, the Pentagon may be able to use genomics and bio-markers to spot when a soldier is about to snap. But that moment is not in the immediate future. So, for now, the only option is to try to prevent these troops from reaching the breaking point, rather than predicting when that point will come
European Knowledge Institute for Cyber Security Set Up(TDworld) Alliander, DNV KEMA and KPN, together with TNO and Radboud University, are setting up a new European cyber security knowledge center, the European Network for Cyber Security (ENCS). ENCS will engage in research, testing, knowledge sharing and training in the field of cyber security for critical infrastructure such as energy, water and telecom networks with the objective of helping infrastructure owners to improve their protection against cyber crime. In view of the cross-border nature of cyber crime, ENCS is seeking to involve as many parties as possible in this mission
US and EU clash over Whois data(IT World) The United States Federal Trade Commission (FTC) consumer protection tzar on Wednesday welcomed moves by ICANN to store more data on those who run websites
Germany spies on the internet after all(Tech Eye) While Germans are a little sensitive about online privacy, it appears its Government has no problems with spying on them. The German government revealed that its police monitor Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook chat "as and when necessary" but very precisely. The information was released as part of a move towards financial transparency
DHS signs cooperative agreement with Bulgaria(Government Security News) The Department of Homeland Security will collaborate with authorities in Bulgaria to combat international crime and terrorism under an agreement signed by U.S. and Bulgarian officials on Oct. 10. Secretary of Homeland Security Janet Napolitano
Lieberman: Cyber Attacks Threaten the US(Moneynews) Cyber attacks are a profound threat to this country, yet our cyber defenses are woefully lacking, warned Sen. Joe Lieberman, I-Conn., in an editorial in The Washington Post. National intelligence leaders have told Congress exactly that in no uncertain
Dicks warns of possible 'cyber 911,' urges government action(Kitsap Sun) In just an instance, a cyber attack could bring America to its knees, crippling transportation systems, freezing money supplies, shutting down power grids and imperiling nuclear plants. That was the somber and frightening message
Cyber Command has appropriate authorities but lacks agility, says official(Fierce Government IT) Cyber Command, in collaboration with the National Security Agency, has the authorities it needs to protect Defense Department networks and effectively share information with the Homeland Security Department and FBI to defend non-military entities, said Rear Adm. Samuel Cox, director of intelligence at Cyber Command
U.S. panel to probe new wave of complaints against Huawei, ZTE(Reuters) A U.S. congressional report that urged American companies to stop doing business with Chinese telecom equipment makers Huawei and ZTE has triggered a fresh wave of complaints against the firms, opening a second phase to the panel's investigation. A staff member of the House of Representatives Intelligence Committee said the panel has been receiving "dozens and dozens" of calls from current and former employees and customers reporting supposedly suspicious equipment behavior, chiefly involving Huawei."I don't think the companies should expect our attention to stop," the staff member told Reuters, adding that the panel would follow up on new leads. The staffer was not authorized to speak publicly on the matter
Red Star Over Canada's Networks: Huawei Or The Highway(Eurasia Review) This Monday, a US House Intelligence Committee report was published outlining the case for banning Huawei and ZDT, two major Chinese telecoms, from network infrastructure building in the United States. The report argued that potential ties between these companies and the Chinese government represented a national security risk. If Huawei or ZDT were allowed to lay critical infrastructure in the United States, they might plant secret backdoors or data mining processes in network hardware at the behest of the Chinese government, thus creating a security risk in the event of a future conflict between the two countries
Canada spy accessed Australia intelligence(The Australian) The sub-lieutenant had access to signals intelligence produced by the US National Security Agency, Britain's Government Communications Headquarters, Canada's Communications Security Establishment, Australia's Defence Signals and New Zealand's
Supreme Court Won't Hear Challenge to Telecom Immunity(Wall Street Journal) The Supreme Court won't be hearing a class action against several telecommunications carriers that helped the National Security Agency monitor calls and emails, ending the action against the companies. The court declined to hear Hepting v AT&T Tuesday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Maryland 2012(Baltimore, Maryland, October 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.