Kaspersky releases details of research into "miniFlame," described as "nation-state espionage malware" with ties to Flame and Gauss. MiniFlame is apparently narrowly focused on Lebanese targets.
The weekend saw verbal escalation of Middle Eastern cyber conflict. Israel says it's under Iranian cyber attack as former and current US officials blame Iran for cyber campaigns against Gulf targets. Iran denies any involvement and offers to help other nations that feel threatened by US and Israeli cyber operations.
Elsewhere, proof-of-concept code for a solar energy SCADA exploit is released, as is malware targeting Mozilla's Firefox v16. (Mozilla will update Firefox either today or tomorrow.) A New Zealand government online service is compromised, exposing thousands of users' personal information.
Oracle plans to release 109 patches this week. In other industry news, Japan's Softbank offers to buy a majority interest in Sprint for $20B. Legislators, contractors and US Government agencies continue to work out details of possible budget sequestration. (Western defense and security companies generally face pressure from declining budgets.) The US mulls granting more visas to Indian tech workers, and African countries (particularly Kenya and South Africa) represent an emerging market for cyber security.
Identity standards assume increased urgency for international law enforcement bodies as well as for US Federal agencies. India opens (some) cyber policies to public inspection, the UK seeks to increase privacy safeguards, Indonesia considers cyber operations as an "asymmetric warfare" modality, and New Zealand and the US explore cyber cooperation. US concerns over Chinese telecom hardware manufacturers spread to Canada.
Today's issue includes events affecting .
We'd be remiss if we didn't remind our readers that CyberMaryland 2012, a major conference affecting our profession and our industry, opens tomorrow and runs through Wednesday. (See Events below for details.)
Cyber Attacks, Threats, and Vulnerabilities
State-Sponsored Malware Flame Has Smaller, More Devious Cousin(Wired) Researchers have uncovered new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a high-precision, surgical attack tool targeting victims in Lebanon, Iran and elsewhere. Researchers at Kaspersky Lab, who discovered the malware, are calling the new malware miniFlame, although the attackers who designed it called it by two other names SPE and John. MiniFlame seems to be used to gain control of and obtain increased spying capability over select computers originally infected by the Flame and Gauss spyware.
Iran Denies Role In Gulf Cyberattacks(Yahoo.com) Iranian officials denied any role in recent cyberattacks against oil and gas companies in the Persian Gulf and said they welcomed a probe of the case, a semiofficial news agency reported Sunday
Iran ready to help countries boost cyber security: Behabadi(Press TV) US National Security Agency, the CIA and Israel's military worked together to create the Flame virus, the American newspaper added. In addition, the New York Times also revealed in June that US President Barack Obama secretly ordered a cyber attack
Israel Foils Daily Cyber Warfare Attacks, Says Netanyahu(Arutz Sheva) On Friday, former United States official James Lewis told AFP that Washington believed Iran was behind a major cyber attack on Saudi Arabia's state oil company and a Qatari gas firm in August. According to Lewis, who has worked for the State Department
Netanyahu: Israel under cyber attack from Iran(China.org.cn) Iranian hackers are trying daily to break into scores of Israeli computer networks, Israeli Prime Minister Benjamin Netanyahu said Sunday. "There is an increase in attempts to carry out cyber attacks, and every day there are incidents of attempts to
US thinks Iran behind cyber attack in Saudi: Ex-official(Express Tribune) The United States believes Iran was behind a major cyberattack on Saudi Arabia's state oil company and a Qatari gas firm, a former US official who has worked on cyber security issues said Friday. In a major cyber security speech on
US Suspects Iran Was Behind a Wave of Cyberattacks(New York Times) "We won't succeed in preventing a cyber attack through improved defenses alone," Mr. Panetta said. "If we detect an imminent threat of attack that will cause significant, physical destruction in the United States or kill American citizens, we need to
U.S. officials - 'Iran's behind cyber attacks'(DigitalJournal.com) According to the Cyber Command website, their mission is to coordinate, integrate, synchronize, direct, and conduct. "network operations and defense of all Army networks; when directed, conducts cyberspace operations in support of full spectrum
US warning reflects fears of Iranian cyberattack(Huffington Post) "Iran is a country for whom terror has simply been another tool in their foreign policy toolbox, and they are a country that feels it has less and less to lose by breaking the norms of the rest of the world," said Stewart Baker, former assistant
Corporate Attacks Hint Of A Coming 'Cyber Pearl Harbor'(Forbes) Back in May, the Department of Homeland Security revealed that there had been a series of attacks on the computer networks of natural gas pipeline companies. In July, according a report in The Energy Daily, hackers broke into the system monitoring
Exploit Code Released Targeting Firefox 16 Vulnerability(Threatpost) Mozilla FirefoxIt's been an interesting couple of days for Firefox users. First Mozilla released version 16 of the popular browser on Wednesday, then quickly pulled it back yesterday after a serious security vulnerability was found in the new version. Less than 12 hours later, Mozilla had repaired the problem and re-released the updated browser, but not before exploit code was released
@VenomSec hacks alwah.net website and leaks 300 accounts(Cyberwarzone) @VenomSec has hacked another website. This time they managed to leak the database of the website alwah.net. They released over 300 accounts in the Pastebin file that you can find here. VenomSec has been active and has targeted multiple websites. You can find more information about them here. Alwah.net is an Islamic news website
Security experts to probe Winz computer hacking(TVNZ) Security experts will examine how the Work and Income computer system was hacked, allowing the secret details of some of the most vulnerable New Zealanders to be exposed. The officials meant to safeguard them cannot yet say how many people have unlocked the information. The privacy blunder also raises doubts when the Government is setting up a database on children at risk of abuse
TD Bank misplaces tapes with data on 267,000 customers(Boston Globe) TD Bank misplaced computer backup tapes containing personal information for 267,000 customers, including 73,000 in Massachusetts, the Massachusetts attorney generals office said Friday. The bank told customers that two tapes disappeared in transit while being shipped to one of its locations in March. It has not been able to find the tapes
Security Patches, Mitigations, and Software Updates
Mozilla Adds Click-to-Play Plugin Security Feature to Firefox Beta(Threatpost) Attackers have been going after vulnerabilities in browser plugins and extensions for years now, as they know that users are slow about updating these components. Even if users have the browser set to update automatically, the third-party components are a separate issue and need to be patched on their own. With that in mind, Mozilla has added a new feature to Firefox that will, by default, block known vulnerable versions of plugins from running
Oracle Patch Update to Include 109 Patches(Threatpost) Buckle up Oracle administrators for 109 patches coming your way tomorrow. Oracle's quarterly Critical Patch Update is due, and the company is releasing fixes for security vulnerabilities across most of its enterprise products, addressing a host of remotely exploitable flaws. This comes a little more than a month after exploits of a serious zero-day vulnerability in Java were reported, as well as a critical zero-day vulnerability in Java SE
Security Monitoring An Elixir For Intrusion Costs?(Dark Reading) A recent study of the costs of cybercrime find that security intelligence, including monitoring and threat intelligence, reduce the costs of cyberattacks the most. Companies that want to reduce the cost of detecting, responding and recovering from cyberattacks should invest in technologies designed to give businesses better visibility into the security of their networks and systems, according to a recent Ponemon Institute survey tallying the cost of cybercrime
5 key forces driving open source today(IT World) From the rise of foundations to emerging revenue models, the open source movement is primed for even greater impact on tomorrow's technologies
Cybercom Chief: Culture, Commerce Changing Through Technology(Department of Defense) Keith B. Alexander, also the director of the National Security Agency, said. Everyone is connected to the network, Alexander said, even his two-year-old grandson, who on his own has figured out how to turn on an iPad and use Skype to call his grandmother
Human generated big data(Help Net Security) Human generated content is comprised of all the files and e-mails that we create every day, all the presentations, word processing documents, spread sheets, audio files and other documents
NIST awards $9 million to promote online security and privacy(Homeland Security Newswire) The U.S. Department of Commerces National Institute of Standards and Technology (NIST) last month announced more than $9 million in grant awards to support the National Strategy for Trusted Identities in Cyberspace (NSTIC). Five U.S. organizations will pilot identity solutions which increase confidence in online transactions, prevent identity theft, and provide individuals with more control over how they share their personal information. NSTIC is a White House initiative to work collaboratively with the private sector, advocacy groups, and public-sector agencies
Firms, Policymakers Struggle Amid Western Defense Cuts(Reuters.com) "Whenever we found a problem, we cauterized it with cash," Undersecretary of Defense for Industrial Policy Brett Lambert told a meeting of Reuters defense and aerospace reporters last month. "Those days are over"
Etisalat extends SIM registration deadline for UAE mobile phone users(Emirates 24/7) Company intends to introduce money transfer service on mobile phone. Etisalat telecommunications firm has decided to extend a deadline for its mobile phone subscribers to re-register their SIM cards but said defaulters could eventually have their service disconnented
Expect To Save Millions In The Cloud? Prove It(InformationWeek) The General Services Administration, in justifying its decision two years ago to adopt Google's cloud services for email and collaboration, projected it would save $15 million over five years. Now, an internal audit has found that evidence of those anticipated savings is lacking
ReVuln Emerges as New Player in Vulnerability Sales Market(Threatpost) ReVulnIt's getting difficult these days to keep track of all of the companies, public and otherwise, that are buying and selling vulnerabilities or information on bugs, and now there's another group on the scene: ReVuln. But, unlike other companies in the industry, ReVuln is mostly focusing its efforts on vulnerabilities in SCADA and ICS software, the applications that run utilities, industrial systems and other sophisticated systems
RIM CIO Talks Enterprise BYOD(InformationWeek) CIO Robin Bienfait talks about RIM's enterprise-friendly features like BlackBerry Balance, security and apps, and welcoming iOS and Android devices into the mix
More Visas For Indian Tech Workers?(InformationWeek) Treasury Secretary Tim Geithner makes comments viewed in India as a sign that that the U.S. may eventually increase the number of visas available to tech professionals
A BAE-EADS merger would have been too complex to handle(The Guardian) A large part of the reason for this is the extremely close and complex relationships weapons manufacturers, perhaps more than in any other sector, have with their governments and intelligence agencies. This is a consequence of their role in foreign
SAP CEO Tackles Tough Cloud Questions(InformationWeek) Jim Haggeman Snabe discusses SAP's ongoing transformation and takes on Oracle's version of the truth in this video interview from the InformationWeek 500 conference
Cisco Piles Pressure On Huawei(InformationWeek) Cisco exec's blog highlights discrepancies in Chinese vendor's interpretation of the Cisco vs. Huawei intellectual property dispute
Products, Services, and Solutions
ZURB's Solidify Lets Designers Build And Test Clickable Prototypes For Any Device(TechCrunch) After a few months of private beta testing, the product design company ZURB is officially launching Solidify today, a tool that aims to help designers and developers to quickly create and test clickable prototypes of their websites and mobile applications. With Solidify, users can create these prototypes by linking together their existing sketches, wireframes or mockups. That's just the first
Google Play Rolls Out New Developers Console(TechCrunch) oogle previewed the new version of the developer console for its Google Play app and media store at its annual I/O conference in June. The new version has been in private beta ever since, but as of today all developers can opt-in to the new console
Advanced Threats: Why You Have to See It to Protect it (Arbor Networks) Today, Arbor Networks proudly releases Pravail Network Security Intelligence (NSI) to the public. Pravail NSI provides cost-effective, enterprise-wide visibility into the network as well as insight into applications, content and users in order to better secure the network. Rather than providing visibility and intelligence only at the vanishing enterprise perimeter, NSI offers pervasive visibility throughout the enterprise
Proactive Detection and Automated Exchange of Network Security Incidents(CERT) Cert Poland published an article on the comparison of various incident data sharing systems, such as Abuse Helper, Megatron, CIF, and our own n6. It is in part inspired by an ENISA study conducted by us last year on the Proactive Detection of Network Security Incidents. In the article, we attempted to introduce objective criteria that can be used to evaluate the quality of threat data feeds and, using these criteria, we compared all (known to us) major systems for automated incident processing
Geolocation in iOS(Help Net Security) Take advantage of iPhone and iPad sensors and advanced geolocation technologies to build state-of-the-art location applications. Geolocation in iOS takes you deep inside Apple's Core Location
ISF launches Benchmark as a Service(Help Net Security) The Information Security Forum (ISF) launched a Benchmark as a Service (BaaS) tool. This online initiative will assist users in identifying strengths and weaknesses and compare their security status
Whonix: Anonymous operating system(Help Net Security) Whonix is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find
Record privileged sessions in Password Manager Pro(Help Net Security) ManageEngine announced the immediate session recording capabilities in its privileged password management software, Password Manager Pro. Now, privileged sessions launched from Password Manager Pro
Qualys expands QualysGuard PCI cloud platform(Help Net Security) Qualys has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements
nCircle releases Configuration Compliance Manager 5.13(Help Net Security) nCircle announced its Configuration Compliance Manager 5.13. This release adds the ability to audit MySQL and Microsoft Windows Server Internet Information Services (IIS) 7 configurations, updates PCI
Assess and monitor SAP security with ERPScan(Help Net Security) ERPScan released the version 2.1 of their Security Scanner for SAP, which is currently the only solution on the market to assess and monitor 3 tiers of SAP security: vulnerability assessment, ABAP
Google Officially Speeds Up Web Page Loads(InformationWeek) Google's mod_pagespeed software, finally exiting beta after two years, reduces load times of Web pages served by Apache Web servers by as much as fifty percent
Advertisers' 'Do Not Track' Protests Fail Smell Test(InformationWeek) An almost comic war of words continues between advertisers and Microsoft regarding do not track technology in Internet Explorer 10. Funny thing: The only tracking option advertisers want is opt-out
Next-Generation Malware: Changing The Game In Security's Operations Center(Dark Reading) Sophisticated and automated malware attacks are spurring enterprises to shift their security technology, staffing strategies. In a quiet, secluded spot, a malware author is creating a new piece of code that no antivirus tool has ever seen before. It's not a particularly creative exploit – just a slight tweak on an existing Trojan – but it should be enough to bypass the signature-based defenses of the company he's targeting
How to Prevent Password Encryption Exploits(eSecurity Planet) Hackers love to target users' website passwords. Companies can thwart them by using multiple methods designed to make hacking as costly and time consuming as possible. When warning about the risks of website attacks like SQL injection and remote file inclusion, we often talk about how these breaches can reveal "sensitive data." What kind of sensitive data?
Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1(Internet Storm Center) Ok ok the "System" on the title may be a bit too much for what this diary will show, but it will give you a nice idea on how to start to build your own analysis system using open source and free tools. For the first part of this Diary we will focus on PE files, using three different tools for Static Analysis
Brittle Systems - Unmasking Enterprise Security's Quiet Danger(Infosec Island) You may not want to think about it, but besides all the obvious security vulnerabilities in your enterprise there is an even bigger problem, lurking just below the water. At that perfect intersection between critical system and security vulnerability is something many IT professionals acknowledge as the big pink elephant in the room - the "brittle system". These brittle systems start out as a pet project, or a prototype... or maybe someone's test case
Law enforcement well positioned to gain WHOIS changes(Fierce Government IT) The Internet Corporation for Assigned Names and Numbers says ahead of a planned Oct. 15 meeting in Toronto that law enforcement and registrars have found common ground over WHOIS proposals--although privacy watchdogs may continue to have objections
VanRoekel: Agencies to adopt NSTIC(Fierce Government IT) The Office of Management and Budget wants agencies to adopt the National Strategy for Trusted Identities in Cyberspace, or NSTIC, to enable shared, citizen identity management across government
Down to digits(Queen's Journal) As the practice of writing and solving codes — rules that determine how to disguise information — cryptography has other uses as well. In modern times, it's made things like credit card transactions possible. Before that, though, it was a component
Government breaks secrecy barrier on cyber security(The Hindu) Cyber security threats have recently emerged as the new defining security challenge in a networked global Internet economy. This explains why National Security Adviser Shivshankar Menon and his deputy Vijay Latha Reddy Reddy are focussed on engaging the private sector. Like others with similar responsibilities, the national security administration is more deeply concerned about security breaches and attacks through computers, mobiles and other devices than a physical act of war, and, in some cases, even a terrorist strike
UK government to develop social media laws that protect freedom of speech(IT Proportal) The UK must introduce new social media measures that protect free speech while appropriately responding to online harassment and threats, the director of public prosecutions has said. Following a rash of social media-related prosecutions, new guidelines surrounding how to treat and police social media must be discussed, Keir Starmer QC, the top prosecutor in England and Wales, told the BBC. The public right to be offensive has to be protected and UK laws must therefore be reviewed, he said
Collins to meet US privacy experts(NZ City) "I am keen to understand how cyber-bullying is addressed in other jurisdictions," Ms Collins said…Ms Collins departs on Sunday and will meet US Attorney General Eric Holder and the Secretary of the Department of Homeland Security Janet Napolitano
New Center, Council Aims to Foster Cybersecurity Discussion at a State Level(Tbhreatpost) Hoping to better address the cause and concerns of cyber attacks on a state level, last week the National Governors Association (NGA) announced the creation of the Resource Center for State Cybersecurity, an initiative set into motion by Governor Martin O'Malley (D-Maryland) and Governor Rick Snyder (R-Michigan)
Multistakeholder process incompatible with GPRA?(Fierce Government IT) Government Accountability Office recommendations that agencies set performance goals with specific timelines and measures--a requirement of the Government Performance and Results Act--may not be compatible with the multistakeholder process, says Acting Commerce Secretary Rebecca Blank
Reid vows fresh effort to pass stalled cybersecurity bill(The Hill) Panetta, in a speech Thursday, said the country could face a "cyber Pearl Harbor," with attacks targeting the power grid, trains carrying chemicals, water plants and other critical systems. Reid, in a statement Saturday, said that when Congress
Stop Putting More Mouths at the Intelligence Table, Report Says(Security Management) The federal government needs to stop creating additional domestic intelligence capabilities and streamline an already unnecessarily duplicative counterterrorism and domestic intelligence architecture, according to a report co-authored by a former Department of Homeland Security (DHS) official and one of Los Angeles' top cops
Feds Move Closer to Suing Google Over Search(Wired Business) The feds may be getting ready to pull the trigger on an antitrust lawsuit against Google for allegedly using its massive scale to squash competition and keep online advertising prices high
More than $400,000 stolen from Burlington city bank account(Skagit Valley Herald) Local police and federal investigators are looking into a report of more than $400,000 electronically stolen from a Burlington city government bank account, according to a statement released Friday. Burlington's finance department reported the theft Thursday, saying the money had been electronically transferred to various personal and business accounts throughout the United States during a two-day period, Burlington Police announced in a statement
China busts 700 cybercriminal gangs(ZDNet) China's Web policing campaign has led to the arrest of 8,900 suspects and deleting of 1. 88 million "harmful" Web messages, says the Ministry of Public Security. A country-wide Web policing campaign led by China's Ministry of Public Security has dealt a blow to 700 cybercriminal gangs in the country
IRS challenged by identity theft(Fierce Government IT) A push by the Internal Revenue Service to deliver tax refunds more quickly has had the unintended consequence of fostering identity theft, a tax agency official said Oct. 10. "People are actually filing, and getting their money early--and often," said Sharon James, the director of cyber architecture and implementation at the IRS, while speaking at an AFCEA-Bethesda morning event
16-year-old makes fake warning of massive Cyber attack(Expatica Netherlands) A 16-year-old boy has confessed to police he was behind a YouTube film last week in which the hackers group Anonymous was said to announce plans to launch a major cyber attack on the Netherlands. The film won widespread publicity, prompting
Anonymous threatens Dutch internet service providers(New Europe) At the beginning of the month, hackers from Anonymous announced the start of Operation Dutch Pirate Bay (OpDutchPirateBay) as a way to protest against the blocks established to the sharing-site by some Netherlands Internet service providers (ISPs.) The operation was supposed to start a couple of days ago on 13 October and the targets were supposed to be organizations such as anti-piracy outfit BREIN, Tele2, Ziggo, UPC and KPN. However, the sites were forced to take these measures by a ruling of the Dutch court; they didn't decided to take it voluntarily
China firms' risk to U.S. unproved(SFGate) Two Chinese companies with facilities employing more than 1,000 people in the Bay Area and California are, we were told last week, a threat to national security. Besides labeling the two companies - Huawei and ZTE - as such, a congressional committee report said neither telecommunication company should ever be allowed to merge with or acquire American companies. Nor, for that matter, should U.S. companies do business with them."If I were an American company today," Rep. Mike Rogers, R-Mich., chairman of the House Permanent Select Committee on Intelligence, told "60 Minutes," "I would find another vendor if you care about your intellectual property, if you care about your consumers' privacy and you care about the national security of the United States of America
Harper in a pickle over China telecoms(Waterloo Record) Most of our internet and phone conversations are already susceptible to monitoring, either by Canada's Communications Security Establishment or the U.S. National Security Agency. Just don't put anything online that you don't want the CIA — or the
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
SANS Cyber Defense Initiative(Washington, DC, December 7 - 16, 2012) Specialized courses covering the latest in cyber attacks, including how they work and how to stop them. The event will also feature the Netwars Tournament of Champions.
Cyber Maryland 2012(Baltimore, Maryland, October 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding...
National Cyber Security Hall of Fame(Baltimore, Maryland, October 17, 2012) Baltimore welcomes the US cyber security community to honor the members of the National Cyber Security Hall of Fame innaugural class.
Cyber Security: A National Imperative(Washington, DC, October 29, 2012) Lockheed Martin is hosting a panel discussion on Cyber Security: A National Imperative – An in-depth view of Cyber Security from the world's leading defense contractor on Monday, Oct. 29, 11:00am at the...
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
E2 Innovate Conference & Expo(Santa Clara, California, November 14 - 15, 2012) E2 Innovate, formerly Enterprise 2.0, brings strategic business professionals together with industry influencers and next-gen enterprise technologies.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights(Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...
IRISSCERT Cyber Crime Conference(Dublin, Ireland, November 22, 2012) The IRISSCERT Cyber Crime Conference will be held this year on Thursday the 22nd of November 2012 in the D4Berkley Court Hotel, in Ballsbridge Dublin. This is an all day conference which focuses on providing...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.