After weak encryption was found in Google email, US-CERT warns that Domain Keys Identified Mail (DKIM) email is vulnerable to spoofing. Google, Microsoft, and Yahoo report they've remediated their DKIM vulnerabilities.
CheckPoint suggests Iran might not be the only actor behind the Izz ad-Din al-Qassam Cyber Fighters' "Operation Ababil," but most observers (especially in the US) continue to attribute the anti-banking campaign to the Islamic Republic. DDoS attacks use open DNS resolvers to "amplify" their attacks, which places affected organizations under serious stress.
Ordinary cyber criminals have not been idle. "Operation High Roller" attacked file transfer systems serving wealthy banking customers, an Ohio hospital suffers a data breach, and a phishing campaign exploits Twitter users. Law firms and corporate counsels find that e-discovery exposes them to identity theft.
Gartner tells its corporate audience it needs to "play offense" on cyber. As the US Congress looks for ways to finesse budget sequestration, insiders suggest that the days of a blank check for security are over. Lockheed Martin, Intel, AMD, Honeywell, and RSA found the Cyber Security Research Alliance, a not-for-profit devoted to attacking cyber "grand challenges."
Britain's GCHQ hopes to certify IA experts. The US Army pushes for more cyber offensive capability and offers Foreign Policy a look inside the 780th Military Intelligence Brigade. Australia prepares a major defense policy statement addressing cyber operations. Huawei looks for Australian friends in its ongoing espionage squabble with the US: the Chinese telecom manufacturer offers the Australian government full access to its source code.
Today's issue includes events affecting Australia, China, European Union, Iran, Israel, Russia, Saudi Arabia, Switzerland, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
US-CERT warns DKIM email open to spoofing(Register) You might think this is no big deal - after all the value of strong cryptography has been recognized for years. Unfortunately this problem has been found to affect some of the biggest names in the tech industry, including Google, Microsoft, Amazon
Cyber-Security Chief on Wave of Web Attacks(CNBC) he man often credited as being the father of internet defense says it's still unclear where a recent wave of hacking attacks targeting the U.S. financial industry are coming from
Iran Cyber Attack Highlights Growing Threat, Experts Say(Huffington Post) In recent weeks, computer hackers have attacked a Saudi Arabian oil company, a Qatari natural gas company, and several American banks. The level of damage varied, but again and again, American officials placed the blame on the same source: Iran
Cyberspace the new frontier in Iran's war with foes(Reuters) The rules in cyberspace, experts say, remain far from clear. Washington announced last year it reserved the right to retaliate militarily for any cyber attack that caused death or damage, but in reality most believe the technology has far outpaced the
DDoS attacks against banks raise question: Is this cyberwar?(Computer World) It's been a month of crippling denial-of-service attacks on websites operated by U.S. banks and financial services firms. A terrorist organization called Al-Qassam takes credit online, but now the attacks are being blamed on Iran. Within the past month, crushing blasts of 65Gbps traffic, mainly from thousands of compromised Web servers, has targeted Bank of America, Wells Fargo, US Bank, JP Morgan Chase, Sun Trust, PNC Financial Services, Regions Financial and Capital One
The Cyber Attack on HSBC: What Happened(CFO) The Cyber Attack on HSBC: What Happened. "Denial of service" attacks like the recent launch against the global bank are a cyber threat that needs to be taken seriously – and not just by banks
Attackers Turn to Open DNS Resolvers to Amplify DDoS Attacks(Threatpost) Although DDoS attacks have been a serious problem for more than a decade now and security staffs have a good handle on how they're executed and how to handle them, attackers constantly adjust their tactics in order to defeat the best defenses available. One of the more recent tactics adopted by attackers is the use of open DNS resolvers to amplify their attacks, and this technique, while not novel, is beginning to cause serious problems for the organizations that come under these attacks
Operation High Roller Banked on Fast-Flux Botnet to Steal Millions(Threatpost) A fraud ring that attacked financial transfer systems in an attempt to get at wealthy high-end banking customers used a complicated web of malware and compromised servers in several countries to walk off with an estimated $78 million earlier this year. While the attacks targeted financial systems, the victims seem to be limited to companies involved in manufacturing, import-export businesses, and state or local governments
Nitol Infections Fall, But Malware Still Popping Up(Threatpost) Nitol botnetWhen Microsoft went after the Nitol botnet in September, one of the key details in the investigation was the fact that much of the botnet was built by pre-loading malware onto laptops during the manufacturing process in China. This was the clearest case yet of the phenomenon of certified pre-owned devices making their way through the supply chain and into the market. As it turns out, nearly half a million of those infected machines showed up here in the U.S
Warning: e-Discovery Missteps Can Open Up the Door to Identity Theft(pinewswire) Corporate legal departments and law firms that host and review data online bear a significant responsibility to ensure that personally identifiable information (PII) remains protected. According to the Social Security Administration, identity theft is one of the fastest growing crimes in America, and the Federal Trade Commission (FTC) estimates approximately nine million Americans have their identities stolen each year. Most of these crimes rely heavily on a single piece of information the Social Security number
Sony PS3 hacked 'for good' - master keys revealed(Naked Security) Sony's PS3 has been hacked. This time, it looks as though it's been hacked for good. We explain why this is different from previous hacks, and treat to you to the war of words between the original hackers and the pirates who stole their work
Aultman hHospital reports data breach(The Press News) Aultman Hospital recently learned that an unidentified third party gained unauthorized access to credit card and debit card information relating to some purchases at the hospital's gift shop between February and September 2012. No patient health information was affected. Upon learning of the security breach, Aultman Hospital took immediate steps to investigate and resolve the situation
McAfee: Avoiding the 9/11-Level Cyber Armageddon(IT Business Edge) While you'd typically write much of this off as vendor grandstanding given the DOD presentation of a few weeks back that flagged the coming 9/11 anticipated cyber attack, this all showcases that while a lot of firms and government groups are taking
Line blurs between insider, outsider attacks(CSO) The insiders strike again. But this time it's not the malicious insider, but insiders' access to corporate data, and it is for sale in the cybercrime underground. Security experts have been saying for years that while technology is a key element in protecting enterprises from online attacks, human insider carelessness, vulnerability or hostility can always trump it
Could Cyber Attacks Ruin Christmas for Retailers?(Fox Business) The reality is if they want it to get worse, it can get worse," said Dave Aitel, a former computer scientist at the National Security Agency. "I don't think people are really prepared mentally to what happens if Amazon goes down"
Security Patches, Mitigations, and Software Updates
Google, Microsoft and Yahoo fix serious email weakness(Computer World) Google, Microsoft and Yahoo have remedied a cryptographic weakness in their email systems that could allow an attacker to create a spoofed message that passes a mathematical security verification. The weakness affects DKIM, or DomainKeys Identified Mail, a security system used by major email senders. DKIM wraps a cryptographic signature around an email that verifies the domain name through which the message was sent, which helps more easily filter out spoofed messages from legitimate ones
IP theft attacks can hide on networks for years, unspotted by corporate victims, report claims(Naked Security) IP theft attacks can hide on networks for years, without the knowledge of corporate victims, report claims. Organizations in the financial services and public administration sectors are the primary targets of sophisticated attacks aimed at stealing intellectual property, with attacks involving both external and internal agents and lasting for months or years, according to a new report from Verizon.
Top Cybersecurity Accomplishments, 2006-2012(Federal News Radio) Federal News Radio polled current and former federal cybersecurity experts for their opinion on what were the most significant cybersecurity accomplishments since 2006 to secure federal networks and improve public-private partnerships. The list below blends suggestions of more than 10 authorities on federal cybersecurity. The accomplishments are in no particular order
83% of SMBs have no formal cyber-security plan(BizReport) The vast majority of small business owners in the US believe they are safe from cybercrime, yet just 17% have a formal cyber-security plan, according to a joint survey recently released by the National Cyber Security Alliance and security specialists
Defense Contractors Gird For 'Fiscal Cliff'(Washington Post) The nations largest defense contractors reported mixed financial results Wednesday as the companies continue to take steps to safeguard against possible federal budget cuts associated with the fiscal cliff
Shifting Mood May End Blank Check for US Security Efforts(New York Times) Michael V. Hayden, who led both the National Security Agency and the Central Intelligence Agency in the years after the Sept. 11 attacks, agrees that the time will come for security spending to be scaled back and believes that citizens need to decide
OMB touts PortfolioStat(Fierce Government IT) The Office of Management and Budget says it has caused $2.5 billion of savings and cost avoidances over a 3-year period through an oversight mechanism dubbed PortfolioStat. In an Oct. 24 blog post, OMB Acting Director Jeffrey Zients says PortfolioStat caused agencies to analyze baseline data regarding 13 types of commodity information technology spending and come up with ways to lower costs in those areas
DoD seeks MDM, app store(Fierce Mobile Government) DISA plan would support up to 262,500 devices. The Defense Information Systems Agency seeks a mobile device management solution and mobile application store that can be used across a range of Defense Department environments, according to a solicitation posted to FedBizOpps.gov on Oct. 22
DISA/DITCO Offer Potential 5 Year Contract for New App Store(Govconwire) The Defense Information Technology Contracting Organization, in conjunction with the Defense Information Systems Agency Program Executive Office - Mission Assurance are seeking proposals for the Department of Defense mobility, mobile device management-mobile application store. The contract is being offered on FedBizOpps.Gov. It is a firm-fixed-price contract and will include one base year and four six-month options
CACI Providing HUD Enterprise IT, Software Development(ExecutiveBiz) CACI International has won a $70 million task order to continue providing information technology and software development support to the U.S. Department of Housing and Urban Development, the company announced Wednesday
SAP, Antenna lead large mobile app developer pack(Fierce Mobile IT) Out of more than 100 mobile app developers examined by Gartner, only two, SAP and Antenna, were named as leaders in its 2012 Mobile Application Development Magic Quadrant report
Lockheed, Intel, others team up to tackle cyber challenges(Reuters) Five U.S. technology companies, including top weapons maker Lockheed Martin Corp and chip maker Intel, plan to team up to tackle "grand challenges" in cyberspace amid growing concerns about computer security. The non-profit
Review: Malwarebytes Enterprise Edition(eSecurity Planet) Malwarebytes Enterprise Edition detects and removes malware, removing all traces after a system has been infected, a capability that is likely to be especially important to small businesses
Hadoop updates from Cloudera, MapR, Splunk(IT World) As organizations continue to evaluate Hadoop for large scale data analysis, Hadoop software vendors are refining their products for enterprise use, addressing concerns around reliability and expanded use
Does OpenStack need a Linus Torvalds?(IT World) OpenStack has been dubbed by some enthusiasts as the Linux of the cloud - an open source operating system for public or private clouds. But there's one stark difference between the two projects: OpenStack doesn't have a Linus Torvalds, the eccentric, outspoken, never-afraid-to-say-what-he-thinks figurehead of the Linux world
TeamMentor: Secure software development knowledge base(Help Net Security) Security Innovation released TeamMentor 3.2, a SaaS product that provides guidance to help security and development teams create secure software out of the box, along with support for industry best practices
Protecting print devices from malware(Help Net Security) Xerox and McAfee revealed new protection against malware and viruses with the first networked multifunction printer to use McAfee Embedded Control software, a filtering method that allows only approved
BlackBerry bests iOS, Symbian, Windows Phone in security drill(Fierce Mobile IT) Research in Motion's (NASDAQ: RIMM) BlackBerry bested Apple's (NASDAQ: AAPL) iOS 5, Nokia's (NYSE: NOK) Symbian S60 and Microsoft's (NASDAQ: MSFT) Windows Phone 7 in 10 of 11 threat categories, according to a study by Strategy Analytics
Most effective ways to stop insider threat(Help Net Security) Imperva examined the psychological, legal and technological tactics employed by leading organizations to mitigate insider threats, a class of enterprise risk perpetuated by a trusted person who has access
Should cloud providers be certified?(IT Pro) Peter Allwood, information and technology risk manager at Deloitte, insists that credibility is entering the certification market with the likes of the Cloud Security Alliance (CSA) collaborating with the International Organisation for Standardisation
Cloud Security Alliance guidance for data ownership(Help Net Security) The Cloud Security Alliance has incorporated in recently-released implementation guidance issued by the Security as a Service Working Group a set of recommendations for cloud end users to adopt encryption of data-in-use as a best practice
Govt challenges university hackers to break virtual businesses(ZDNet) Australia has a new cybersecurity competition following the nation's previous success in the Cyber Defence University Challenge, which was launched earlier this year. Building on the last challenge, the Department of Broadband, Communications and the Digital Economy (DBCDE) has teamed up with Telstra and Microsoft to establish the Cyber Security Challenge Australia 2013 (CySCA). Although the university title has been dropped from the challenge's name, it is still aimed at Australian undergraduates, in order to encourage them to build information security skills."CySCA 2013 reinforces the government's commitment to ensuring that Australia builds the ICT and cybersecurity skills base that it needs in order to grow both Australia's burgeoning digital economy and protect our online interests," said DBCDE deputy secretary Abul Rizvi in a statement
National High School Cyber Security Competition Draws 1,200+ Teams, Reaches All 50 States(Sacramento Bee) The Air Force Association announced today that CyberPatriotthe National High School Cyber Defense Competition--has drawn 1,225 teams as registration closed October 6th. The competition has teams representing all 50 states, the District of Columbia, Puerto Rico, Guam, U.S. Department of Defense Dependent Schools in both Europe and the Pacific, and Canada. Established by the Air Force Association (AFA), CyberPatriot is the nation's largest and fastest growing high school cyber security challenge
Legislation, Policy, and Regulation
GCHQ Launches Cyber Security Experts Certification Scheme(TechWeek Europe) Spy agency announces another scheme to find the cyber security stars of the future. The information assurance (IA) arm of GCHQ has launched a new scheme to certify the quality of cyber security professionals in the UK
Army leaders promote need for offensive cyber capability(Nextgov) Rhett Hernandez, commander of Army Cyberspace Command at Fort Meade, Md., said cyber threats against Army networks today are "real, growing, sophisticated and evolving…they are changing the way we operate." The threats require sophisticated
Killer Apps: Inside one of US Cyber Command's offensive units(Foreign Policy) As the Army's contribution to U.S. Cyber Command, the 780th is responsible for hunting down enemy hackers, figuring out how they operate, and developing cyber weapons to use against a host of online targets. These soldiers work outside the Pentagon's
Obama to compromise on cybersecurity executive order(CSO) Another provision sought by privacy advocates would put the DHS, not the National Security Agency, in charge of the information-sharing network to distribute and "sanitized summaries of top-secret intelligence reports about known cyberthreats that
The ADF and cyber warfare(The Interpreter) Richard Addiscott is an information security consultant with BAE Systems Stratsec. The views expressed here are his own and do not represent the views of his employer. What is cyber warfare and what could it mean to the Australian Defence Force? I hope the 2013 Defence White Paper will address both question
Huawei offers Australia 'unrestricted' access to hardware, source code(CNet) Huawei has offered to give the Australian government "unrestricted" access to the firm's software source code and hardware equipment in an effort to dispel security fears, months after the Chinese telecoms giant was barred from supplying infrastructure equipment for the country's national broadband network. The Australian government barred Huawei from bidding on contracts for the network earlier this year, saying it had a "a responsibility to do our utmost to protect [the network's] integrity and that of the information carried on it
The China Collision(Washington Post) The House Permanent Select Subcommittee on Intelligence issued a report Oct.?8 that was quite unusual. The chairman, Mike Rogers (R-Mich.), and ranking minority member, C.A. Dutch Ruppersberger (D-Md.), declared that two Chinese telecommunication giants are a threat to U.S. national security because of their ties to the Chinese government, Communist Party and military, and they called on U.S. firms not to buy their wares
Spies and Co.(New York Times) SUDDENLY, Washington is extremely concerned about Chinese espionage. Last month, the White House blocked a Chinese company from operating a wind farm near a sensitive Navy base in Oregon. Next, the House Intelligence Committee said two Chinese telecommunications firms were manufacturing equipment that could be used to spy on the United States
Microsoft Agrees to Modify Windows 8 Following EU Complaint(Threatpost) Microsoft announced Wednesday it will tweak the release of its forthcoming Windows 8 operating system to comply with the European Commission, which argues that in its current state, the software fails to offer customers a browser choice screen to let them "easily choose their preferred web browser"
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights(Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.