skip navigation

More signal. Less noise.

Daily briefing.

After weak encryption was found in Google email, US-CERT warns that Domain Keys Identified Mail (DKIM) email is vulnerable to spoofing. Google, Microsoft, and Yahoo report they've remediated their DKIM vulnerabilities.

CheckPoint suggests Iran might not be the only actor behind the Izz ad-Din al-Qassam Cyber Fighters' "Operation Ababil," but most observers (especially in the US) continue to attribute the anti-banking campaign to the Islamic Republic. DDoS attacks use open DNS resolvers to "amplify" their attacks, which places affected organizations under serious stress.

Ordinary cyber criminals have not been idle. "Operation High Roller" attacked file transfer systems serving wealthy banking customers, an Ohio hospital suffers a data breach, and a phishing campaign exploits Twitter users. Law firms and corporate counsels find that e-discovery exposes them to identity theft.

Gartner tells its corporate audience it needs to "play offense" on cyber. As the US Congress looks for ways to finesse budget sequestration, insiders suggest that the days of a blank check for security are over. Lockheed Martin, Intel, AMD, Honeywell, and RSA found the Cyber Security Research Alliance, a not-for-profit devoted to attacking cyber "grand challenges."

Britain's GCHQ hopes to certify IA experts. The US Army pushes for more cyber offensive capability and offers Foreign Policy a look inside the 780th Military Intelligence Brigade. Australia prepares a major defense policy statement addressing cyber operations. Huawei looks for Australian friends in its ongoing espionage squabble with the US: the Chinese telecom manufacturer offers the Australian government full access to its source code.

Notes.

Today's issue includes events affecting Australia, China, European Union, Iran, Israel, Russia, Saudi Arabia, Switzerland, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

US-CERT warns DKIM email open to spoofing (Register) You might think this is no big deal - after all the value of strong cryptography has been recognized for years. Unfortunately this problem has been found to affect some of the biggest names in the tech industry, including Google, Microsoft, Amazon

Weak crypto allowed spoofing emails from Google, PayPal domains (Help Net Security) Zach Harris, a Florida-based mathematician, discovered that Google and many other big Internet companies use weak cryptographic keys for certifying the emails sent from their corporate domains - a weak DKIM

Cyber-Security Chief on Wave of Web Attacks (CNBC) he man often credited as being the father of internet defense says it's still unclear where a recent wave of hacking attacks targeting the U.S. financial industry are coming from

Iran Cyber Attack Highlights Growing Threat, Experts Say (Huffington Post) In recent weeks, computer hackers have attacked a Saudi Arabian oil company, a Qatari natural gas company, and several American banks. The level of damage varied, but again and again, American officials placed the blame on the same source: Iran

Cyberspace the new frontier in Iran's war with foes (Reuters) The rules in cyberspace, experts say, remain far from clear. Washington announced last year it reserved the right to retaliate militarily for any cyber attack that caused death or damage, but in reality most believe the technology has far outpaced the

DDoS attacks against banks raise question: Is this cyberwar? (Computer World) It's been a month of crippling denial-of-service attacks on websites operated by U.S. banks and financial services firms. A terrorist organization called Al-Qassam takes credit online, but now the attacks are being blamed on Iran. Within the past month, crushing blasts of 65Gbps traffic, mainly from thousands of compromised Web servers, has targeted Bank of America, Wells Fargo, US Bank, JP Morgan Chase, Sun Trust, PNC Financial Services, Regions Financial and Capital One

The Cyber Attack on HSBC: What Happened (CFO) The Cyber Attack on HSBC: What Happened. "Denial of service" attacks like the recent launch against the global bank are a cyber threat that needs to be taken seriously – and not just by banks

Attackers Turn to Open DNS Resolvers to Amplify DDoS Attacks (Threatpost) Although DDoS attacks have been a serious problem for more than a decade now and security staffs have a good handle on how they're executed and how to handle them, attackers constantly adjust their tactics in order to defeat the best defenses available. One of the more recent tactics adopted by attackers is the use of open DNS resolvers to amplify their attacks, and this technique, while not novel, is beginning to cause serious problems for the organizations that come under these attacks

Operation High Roller Banked on Fast-Flux Botnet to Steal Millions (Threatpost) A fraud ring that attacked financial transfer systems in an attempt to get at wealthy high-end banking customers used a complicated web of malware and compromised servers in several countries to walk off with an estimated $78 million earlier this year. While the attacks targeted financial systems, the victims seem to be limited to companies involved in manufacturing, import-export businesses, and state or local governments

Nitol Infections Fall, But Malware Still Popping Up (Threatpost) Nitol botnetWhen Microsoft went after the Nitol botnet in September, one of the key details in the investigation was the fact that much of the botnet was built by pre-loading malware onto laptops during the manufacturing process in China. This was the clearest case yet of the phenomenon of certified pre-owned devices making their way through the supply chain and into the market. As it turns out, nearly half a million of those infected machines showed up here in the U.S

Warning: e-Discovery Missteps Can Open Up the Door to Identity Theft (pinewswire) Corporate legal departments and law firms that host and review data online bear a significant responsibility to ensure that personally identifiable information (PII) remains protected. According to the Social Security Administration, identity theft is one of the fastest growing crimes in America, and the Federal Trade Commission (FTC) estimates approximately nine million Americans have their identities stolen each year. Most of these crimes rely heavily on a single piece of information the Social Security number

Bogus Twitter DMs lead to iPad scam, surveys and phishing (Help Net Security) Yesterday's unveiling of the iPad Mini has not lead to a decrease in desirability of its bigger version, and the offer of a free device is still a very effective lure employed by online scammers

Sony PS3 hacked 'for good' - master keys revealed (Naked Security) Sony's PS3 has been hacked. This time, it looks as though it's been hacked for good. We explain why this is different from previous hacks, and treat to you to the war of words between the original hackers and the pirates who stole their work

CyanogenMod found logging Android unlock swipe gestures (Help Net Security) CyanogenMod, on of the most popular modified Android firmware on the market, has been found containing code that logs the swipe gestures used by the users to unlock their device

Aultman hHospital reports data breach (The Press News) Aultman Hospital recently learned that an unidentified third party gained unauthorized access to credit card and debit card information relating to some purchases at the hospital's gift shop between February and September 2012. No patient health information was affected. Upon learning of the security breach, Aultman Hospital took immediate steps to investigate and resolve the situation

McAfee: Avoiding the 9/11-Level Cyber Armageddon (IT Business Edge) While you'd typically write much of this off as vendor grandstanding given the DOD presentation of a few weeks back that flagged the coming 9/11 anticipated cyber attack, this all showcases that while a lot of firms and government groups are taking

Line blurs between insider, outsider attacks (CSO) The insiders strike again. But this time it's not the malicious insider, but insiders' access to corporate data, and it is for sale in the cybercrime underground. Security experts have been saying for years that while technology is a key element in protecting enterprises from online attacks, human insider carelessness, vulnerability or hostility can always trump it

Anonymous to launch Wikileaks clone TYLER (ZDNet) Support is gone for Assange -- and now a new safe haven for whistleblowers may be on the cards

Could Cyber Attacks Ruin Christmas for Retailers? (Fox Business) The reality is if they want it to get worse, it can get worse," said Dave Aitel, a former computer scientist at the National Security Agency. "I don't think people are really prepared mentally to what happens if Amazon goes down"

Security Patches, Mitigations, and Software Updates

Google, Microsoft and Yahoo fix serious email weakness (Computer World) Google, Microsoft and Yahoo have remedied a cryptographic weakness in their email systems that could allow an attacker to create a spoofed message that passes a mathematical security verification. The weakness affects DKIM, or DomainKeys Identified Mail, a security system used by major email senders. DKIM wraps a cryptographic signature around an email that verifies the domain name through which the message was sent, which helps more easily filter out spoofed messages from legitimate ones

Cyber Trends

IP theft attacks can hide on networks for years, unspotted by corporate victims, report claims (Naked Security) IP theft attacks can hide on networks for years, without the knowledge of corporate victims, report claims. Organizations in the financial services and public administration sectors are the primary targets of sophisticated attacks aimed at stealing intellectual property, with attacks involving both external and internal agents and lasting for months or years, according to a new report from Verizon.

Top Cybersecurity Accomplishments, 2006-2012 (Federal News Radio) Federal News Radio polled current and former federal cybersecurity experts for their opinion on what were the most significant cybersecurity accomplishments since 2006 to secure federal networks and improve public-private partnerships. The list below blends suggestions of more than 10 authorities on federal cybersecurity. The accomplishments are in no particular order

SANS Survey on the Security Practices of SCADA System Operators (The Herald) SANS Institute is asking those who work for SCADA and other control systems operators to take a 10-minute survey to reveal the level of awareness system operators have around cyber risk, their

83% of SMBs have no formal cyber-security plan (BizReport) The vast majority of small business owners in the US believe they are safe from cybercrime, yet just 17% have a formal cyber-security plan, according to a joint survey recently released by the National Cyber Security Alliance and security specialists

'Internet of Everything' will be platform of the future (Fierce Mobile IT) The highlight of the Gartner Symposium ITxpo so far has been the keynote address by John Chambers, chairman and chief executive officer of Cisco

Play Offense On Security In 2013: Gartner (InformationWeek) Enterprises can't count on defensive security strategies any more, Gartner execs tell IT leaders at Symposium/ITxpo conference

Marketplace

Defense Contractors Gird For 'Fiscal Cliff' (Washington Post) The nations largest defense contractors reported mixed financial results Wednesday as the companies continue to take steps to safeguard against possible federal budget cuts associated with the fiscal cliff

Shifting Mood May End Blank Check for US Security Efforts (New York Times) Michael V. Hayden, who led both the National Security Agency and the Central Intelligence Agency in the years after the Sept. 11 attacks, agrees that the time will come for security spending to be scaled back and believes that citizens need to decide

Reuters: Lawmakers Floating $55B Sequester Replacement Option (ExecutiveGov) A targeted $55 billion cut instead of the $109 billion slated to be cut from the federal budget under sequestration is an idea circulating around Congress, Capitol Hill aides told Reuters.

OMB touts PortfolioStat (Fierce Government IT) The Office of Management and Budget says it has caused $2.5 billion of savings and cost avoidances over a 3-year period through an oversight mechanism dubbed PortfolioStat. In an Oct. 24 blog post, OMB Acting Director Jeffrey Zients says PortfolioStat caused agencies to analyze baseline data regarding 13 types of commodity information technology spending and come up with ways to lower costs in those areas

DoD seeks MDM, app store (Fierce Mobile Government) DISA plan would support up to 262,500 devices. The Defense Information Systems Agency seeks a mobile device management solution and mobile application store that can be used across a range of Defense Department environments, according to a solicitation posted to FedBizOpps.gov on Oct. 22

DISA/DITCO Offer Potential 5 Year Contract for New App Store (Govconwire) The Defense Information Technology Contracting Organization, in conjunction with the Defense Information Systems Agency Program Executive Office - Mission Assurance are seeking proposals for the Department of Defense mobility, mobile device management-mobile application store. The contract is being offered on FedBizOpps.Gov. It is a firm-fixed-price contract and will include one base year and four six-month options

CACI Providing HUD Enterprise IT, Software Development (ExecutiveBiz) CACI International has won a $70 million task order to continue providing information technology and software development support to the U.S. Department of Housing and Urban Development, the company announced Wednesday

SAP, Antenna lead large mobile app developer pack (Fierce Mobile IT) Out of more than 100 mobile app developers examined by Gartner, only two, SAP and Antenna, were named as leaders in its 2012 Mobile Application Development Magic Quadrant report

Lockheed, Intel, others team up to tackle cyber challenges (Reuters) Five U.S. technology companies, including top weapons maker Lockheed Martin Corp and chip maker Intel, plan to team up to tackle "grand challenges" in cyberspace amid growing concerns about computer security. The non-profit

Kaspersky Lab climbs up the leader board on the Sunday Times Top Track 250 (Security Park) The company was responsible for the discovery of Flame, a highly sophisticated, malicious program which was being used as a cyber weapon to target entities in several countries. Eugene Kaspersky, co-founder and CEO of Kaspersky Lab, said, "It's great

Westinghouse, McAfee to equip nuclear plants with new cybersecurity systems (Tribune-Review) "But that being said, we have cybersecurity requirements today that take into account that there are other parts of the grid and the control systems for the grid that have to be protected against cyber attack." The McAfee systems detect and prevent

Salesforce.com Laying Off Radian6 Employees As Buddy Media Shows $20 Million Net Loss (TechCrunch) Two of Salesforce.com's most high profile "social media" acquisitions are showing signs of trouble. At Radian6, Salesforce.com is reported to be laying off "less than 100 people." And at Buddy Media, the company amended its 8-K, which shows $20 million in net losses for the first six months

Products, Services, and Solutions

Review: Malwarebytes Enterprise Edition (eSecurity Planet) Malwarebytes Enterprise Edition detects and removes malware, removing all traces after a system has been infected, a capability that is likely to be especially important to small businesses

Hadoop updates from Cloudera, MapR, Splunk (IT World) As organizations continue to evaluate Hadoop for large scale data analysis, Hadoop software vendors are refining their products for enterprise use, addressing concerns around reliability and expanded use

Does OpenStack need a Linus Torvalds? (IT World) OpenStack has been dubbed by some enthusiasts as the Linux of the cloud - an open source operating system for public or private clouds. But there's one stark difference between the two projects: OpenStack doesn't have a Linus Torvalds, the eccentric, outspoken, never-afraid-to-say-what-he-thinks figurehead of the Linux world

Lunarline Adds DIARMF to Services and Training Course Offerings (Sacramento Bee) Well-known cyber security company, Lunarline, is adding support to the Department of Defense's upcoming transition from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to

TeamMentor: Secure software development knowledge base (Help Net Security) Security Innovation released TeamMentor 3.2, a SaaS product that provides guidance to help security and development teams create secure software out of the box, along with support for industry best practices

Protecting print devices from malware (Help Net Security) Xerox and McAfee revealed new protection against malware and viruses with the first networked multifunction printer to use McAfee Embedded Control software, a filtering method that allows only approved

Entrust IdentityGuard delivers mobile smart credentials (Help Net Security) To enable organizations to secure and leverage mobile devices in the wake of BYOD trends, Entrust extends its identity-based security platform with Entrust IdentityGuard Mobile Smart Credentials

Qualys Introduces Predictive Analytics Engine For Zero-Day And Microsoft Patch Tuesday Vulnerabilities (Dark Reading) QualysGuard Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard

BlackBerry bests iOS, Symbian, Windows Phone in security drill (Fierce Mobile IT) Research in Motion's (NASDAQ: RIMM) BlackBerry bested Apple's (NASDAQ: AAPL) iOS 5, Nokia's (NYSE: NOK) Symbian S60 and Microsoft's (NASDAQ: MSFT) Windows Phone 7 in 10 of 11 threat categories, according to a study by Strategy Analytics

Microsoft Releases Hadoop On Windows (InformationWeek) Microsoft makes big data play with HDInsight Server, first beta release of Hadoop distribution for Windows operating system

Technologies, Techniques, and Standards

With weak passwords continuing, blame turns to security pros (CSO Salted Hash) With 'Jesus' and '123456' topping SplashData's annual list of worst passwords, onus on IT to require stonger passwords, says expert

Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035 (Internet Storm Center) Rob covered ISO 27005 in his 17 OCT diary, which covers information security risk management. I believe as handlers for the Internet Storm Center we'd be remiss in failing to cover an incident response standard for Cyber Security Awareness Month. ISO 27035 fits the bill perfectly

Most effective ways to stop insider threat (Help Net Security) Imperva examined the psychological, legal and technological tactics employed by leading organizations to mitigate insider threats, a class of enterprise risk perpetuated by a trusted person who has access

Should cloud providers be certified? (IT Pro) Peter Allwood, information and technology risk manager at Deloitte, insists that credibility is entering the certification market with the likes of the Cloud Security Alliance (CSA) collaborating with the International Organisation for Standardisation

Cloud Security Alliance guidance for data ownership (Help Net Security) The Cloud Security Alliance has incorporated in recently-released implementation guidance issued by the Security as a Service Working Group a set of recommendations for cloud end users to adopt encryption of data-in-use as a best practice

Academia

Govt challenges university hackers to break virtual businesses (ZDNet) Australia has a new cybersecurity competition following the nation's previous success in the Cyber Defence University Challenge, which was launched earlier this year. Building on the last challenge, the Department of Broadband, Communications and the Digital Economy (DBCDE) has teamed up with Telstra and Microsoft to establish the Cyber Security Challenge Australia 2013 (CySCA). Although the university title has been dropped from the challenge's name, it is still aimed at Australian undergraduates, in order to encourage them to build information security skills."CySCA 2013 reinforces the government's commitment to ensuring that Australia builds the ICT and cybersecurity skills base that it needs in order to grow both Australia's burgeoning digital economy and protect our online interests," said DBCDE deputy secretary Abul Rizvi in a statement

National High School Cyber Security Competition Draws 1,200+ Teams, Reaches All 50 States (Sacramento Bee) The Air Force Association announced today that CyberPatriotthe National High School Cyber Defense Competition--has drawn 1,225 teams as registration closed October 6th. The competition has teams representing all 50 states, the District of Columbia, Puerto Rico, Guam, U.S. Department of Defense Dependent Schools in both Europe and the Pacific, and Canada. Established by the Air Force Association (AFA), CyberPatriot is the nation's largest and fastest growing high school cyber security challenge

Legislation, Policy, and Regulation

GCHQ Launches Cyber Security Experts Certification Scheme (TechWeek Europe) Spy agency announces another scheme to find the cyber security stars of the future. The information assurance (IA) arm of GCHQ has launched a new scheme to certify the quality of cyber security professionals in the UK

Cyber Information Assurance and Critical Infrastructure Protection (ISN) Governments are pursuing public-private partnerships both to ensure continuity of services and to protect critical infrastructure from cyber-attacks. In today's podcast, we look at the current status of such partnerships as well as the challenges they

Army leaders promote need for offensive cyber capability (Nextgov) Rhett Hernandez, commander of Army Cyberspace Command at Fort Meade, Md., said cyber threats against Army networks today are "real, growing, sophisticated and evolving…they are changing the way we operate." The threats require sophisticated

Killer Apps: Inside one of US Cyber Command's offensive units (Foreign Policy) As the Army's contribution to U.S. Cyber Command, the 780th is responsible for hunting down enemy hackers, figuring out how they operate, and developing cyber weapons to use against a host of online targets. These soldiers work outside the Pentagon's

Obama to compromise on cybersecurity executive order (CSO) Another provision sought by privacy advocates would put the DHS, not the National Security Agency, in charge of the information-sharing network to distribute and "sanitized summaries of top-secret intelligence reports about known cyberthreats that

The ADF and cyber warfare (The Interpreter) Richard Addiscott is an information security consultant with BAE Systems Stratsec. The views expressed here are his own and do not represent the views of his employer. What is cyber warfare and what could it mean to the Australian Defence Force? I hope the 2013 Defence White Paper will address both question

OMB has authority to make federal cybersecurity more dynamic, says report (Fierce Government IT) The Office of Management and Budget could use existing authorities to make agency cybersecurity efforts more efficient and dynamic, says a report released Oct. 23 by the Center for Strategic and International Studies

Litigation, Investigation, and Law Enforcement

Huawei offers Australia 'unrestricted' access to hardware, source code (CNet) Huawei has offered to give the Australian government "unrestricted" access to the firm's software source code and hardware equipment in an effort to dispel security fears, months after the Chinese telecoms giant was barred from supplying infrastructure equipment for the country's national broadband network. The Australian government barred Huawei from bidding on contracts for the network earlier this year, saying it had a "a responsibility to do our utmost to protect [the network's] integrity and that of the information carried on it

The China Collision (Washington Post) The House Permanent Select Subcommittee on Intelligence issued a report Oct.?8 that was quite unusual. The chairman, Mike Rogers (R-Mich.), and ranking minority member, C.A. Dutch Ruppersberger (D-Md.), declared that two Chinese telecommunication giants are a threat to U.S. national security because of their ties to the Chinese government, Communist Party and military, and they called on U.S. firms not to buy their wares

Spies and Co. (New York Times) SUDDENLY, Washington is extremely concerned about Chinese espionage. Last month, the White House blocked a Chinese company from operating a wind farm near a sensitive Navy base in Oregon. Next, the House Intelligence Committee said two Chinese telecommunications firms were manufacturing equipment that could be used to spy on the United States

Samsung loses another big patent case to Apple, this time at ITC (Ars Technica) Ruling could result in some Samsung phones being banned from US market in 2013

Microsoft Agrees to Modify Windows 8 Following EU Complaint (Threatpost) Microsoft announced Wednesday it will tweak the release of its forthcoming Windows 8 operating system to comply with the European Commission, which argues that in its current state, the software fails to offer customers a browser choice screen to let them "easily choose their preferred web browser"

The European Commission isn't happy about the browser ballot pop-up in Windows 8 or Windows 7-SP1 (ComputerWorld) The EC says it's inadequate in the former and missing in the latter. Microsoft (NASDAQ:MSFT) faces possible huge fines as a result. However, there is at least some good news for Redmond

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

TechExpo Cyber Security Careers (Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.

Anatomy of an Attack (New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.

ZeroNights (Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...

Passwords^12 (, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...

BayThreat (Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.