The Voice of America confirms analyst reports that the Aramco attack was the work of amateurs sponsored by Iran. The US Deputy Assistant Secretary of Defense for Cyber Policy says details of the attack were declassified to educate industry on the magnitude of the cyber threat. The ongoing DDoS campaign by the Cyber Fighters of Izz ad-din Al Qassam (also apparently the work of state-directed hacktivists) holds lessons for small and medium businesses; banks in particular are advised to improve security. Elsewhere in the Middle East, Israeli police disconnect their systems from civilian networks in response to intelligence of an imminent malware attack.
AVG releases a report on new ways cybercriminals monetize exploits, and the Russian cyber gangster who organized this month's banking wire fraud campaign posts a video boasting of his untouchability.
Researchers at Stanford and the University of Texas find SSL vulnerabilities in non-browser packages. Delta's e-ticketing is exploited to deliver malware. Dark Reading wonders why small and medium businesses still run Telnet (and advises them to stop). Finfisher and Loofzon, originally developed for legitimate intercept purposes, continue to morph into malware.
Adobe Shockwave and CyanogenMod are patched. SAP's Sybase also gets a patch, but this one fails to close ten critical vulnerabilities.
Signature-based anti-virus products show disappointing results. Canadian policymakers continue to grapple with critical infrastructure vulnerabilities. The US and India continue to negotiate common cyber interests. Some industry observers find US Congressional suspicion of Huawei quixotic; others implicate the telecom company in tech transfer to Iran.
Today's issue includes events affecting Algeria, Armenia, Australia, Azerbaijan, Canada, China, Czech Republic, Egypt, France, Germany, India, Israel, Iran, Kenya, Morocco, Nigeria, Norway, Russia, Saudi Arabia, Slovakia, South Africa, Spain, United Kingdom, United States..
Code in Aramco Cyber Attack Indicates Lone Perpetrator(Bloomberg) Roel Schouwenberg, who examined the viruses independently, says the Wiper virus may have inspired the Aramco technique, but the two don't use the same code. Schouwenberg is senior researcher for Woburn, Massachusetts-based Kaspersky Lab Inc
SMB Lessons From DDoS Cyber Attack Wave(Midsize Insider) The U.S. Department of Homeland Security suggested that companies should pool together resources to counter recent cyber attacks on American banks. A recent Computerworld article reported on the comments made by deputy undersecretary for
Banks told to step up security over DDoS attacks(Finextra) With more than a dozen major bank Web sites targeted in DDoS attacks over the last month, financial institutions need to take steps to ensure they don't become the latest victims, warns the US Financial Services Roundtable's technology unit, Bits. Bank of America, HSBC and Wells Fargo have been among the organisations to see their online services disrupted in recent weeks, with sites overwhelmed by floods of traffic. A group calling itself the Cyber Fighters of Izz ad-din Al Qassam has claimed credit for the attacks, which it says are in retaliation for the release of a film mocking the prophet Mohammed
Police computers disconnected from network for fear of cyber attack(YNet) Officers ordered to refrain from using media devices, disconnect their computers from civilian network following virus warning. Official: It happens all the time. In light of an intelligence warning indicating that a virus would be inserted into Israel Police's central computer system via a USB drive or CD, all districts and officers were instructed on Thursday to disconnect their computers from the civilian web network
New cybercrime monetization methods(Help Net Security) AVG's new report investigates a number of malicious software developments including the newly launched 2.0 version of the Blackhole Exploit Toolkit, the evolution in malware targeting mobile banking
Brazen gangsters show how cybercrime pays(Washington Times) A Russian cybergangster who openly tried to recruit a hacker army for an online crime spree against U.S. banks and their customers posted a Web video of himself showing off luxury cars, a newly built suburban home and other ill-gotten gains, all the while boasting that he is untouchable
SSL Vulnerabilities Found in Critical Non-Browser Software Packages(Threatpost) The death knell for SSL is getting louder. Researchers at the University of Texas at Austin and Stanford University have discovered that poorly designed APIs used in SSL implementations are to blame for vulnerabilities in many critical non-browser software packages
Delta-themed spam run delivers deficient malware(Net Security) Delta Airlines customers are targeted in the latest malicious spam campaign to hit email inboxes:The email claims that the ticked for the flight booked by the recipient is attached to the email, and that it should be downloaded and printed out. But the attached Delta_A_Ticket_Print_Document_3477. zip is actually a variant of the infamous Bredolab Trojan, whose main goal is to download more malware on to the compromised computer, and this particular variant is currently detected by only 3 of the 43 AV solutions used by VirusTotal
WikiLeaks Says Releases Hacked U.S. Detainee Rules(Reuters) The WikiLeaks website began publishing on Thursday what it said were more than 100 U.S. Defense Department files detailing military detention policies in camps in Iraq and at Guantanamo Bay in the years after the September 11 attacks on U.S. targets
The Cloud under Threat; the Top Three Enemies(UCStrategies) John Howie, COO of the Cloud Security Alliance, pointed out that "when you are running in the cloud and you are shifting your data and applications to a cloud provider, you have no visibility over risk within their infrastructure. You can't cite"
Phishing websites proliferate at record speed(Help Net Security) A new phishing survey released by the Anti-Phishing Working Group (APWG) reveals that while the uptime of phishing websites dropped during the first half of 2012, cybercriminals were driving substantial increases in the numbers of phishing websites they established to steal from consumers.
Cybercrime: Mobile Changes Everything — And No One's Safe(Wired Treat Level) The FBI recently put out a mobile malware alert warning against Finfisher and Loofzon, which spies on our data and leaks GPS positions to track our movements. While these threats appear to have been developed for government surveillance purposes, they
Why mobile malware is big in China and Russia(Net Security) According to Lookout's State of Mobile Security Report 2012, Toll Fraud malware has become the most prevalent type of malware within the past year due to the global ubiquity as a phone payment mechanism. Mobile malware has become a profitable industry but, naturally, there are places on this globe of ours where it's more profitable than in others - namely China, Russia and Iran. There are several reasons behind the malware writers' obvious preference for these countries
Armenia has high risk of cyber threats--Kaspersky Lab(Information-Analytic Agency NEWS.am) Sixty percent of Russian users were attacked by malicious programs, says the report on 22 countries issued by Kaspersky Lab jointly with B2B International. Every second a malicious program appears, Kaspersky Lab expert Denis Maslennikov said
Security Patches, Mitigations, and Software Updates
CyanogenMod Fixes Flaw That Logged Users Unlock Codes(Threatpost) CyanogenMod, a popular open source firmware replacement for Android phones, has patched a hole in its code that was locally logging swipe gestures used to unlock phones. The problem, which stemmed from a line of code that was never intended for release, was fixed in an update posted for download on the firmware's review site earlier this week
SAP's Sybase RDMS Patches Fail to Repair 10 Critical Vulnerabilities(Threatpost) Patches released this week by database and mobile management vendor Sybase did not completely repair serious privilege escalation and remote code execution vulnerabilities in versions 15.0.3 and later of its Adaptive Server Enterprise (ASE) product. Researchers at Application Security Inc., which specializes in database security, reported a dozen vulnerabilities to the SAP company in July. AppSec also sent along proof-of-concept exploit code with details of the vulnerabilities
When Data Errors Don't Matter(Dark Reading) I ran across this short video comparing MySQL to MongoDB, and it really made me laugh. A tormented MySQL engineer is arguing platform choices with a Web programming newbie who only understands big data at a buzzword level. Do be careful if you watch the video with the sound on because the latter portion is not child-friendly, but this comical post captures the essence of the argument relational DB architects have against NoSQL: Big data systems fail system architects' criteria for data accuracy and consistency. Their reasoning is if the data's not accurate, who care's whether it's "Web scale?" It's garbage in, garbage out, so why bother? But I think the question deserves more attention. In fact, I ask the question: Does some bad data in a big data cluster matter? I think that the answer is, "No, it does not"
Cyber security landscape in Africa(SecurityAffairs) Let me present you a very interesting study on cyber security landscape in Africa, conducted by IDG Connect, division of International Data Group (IDG), to which I gave my humble contribution. According the Economist data related to the first decade of this millennium shows that six of the worlds fastest growing economies were in sub-Saharan Africa. The entire African continent is profoundly changing pushed by a rapid adoption of new technologies, according HSBC within 2050 different African countries will be part of top 50 world economies, lets think to Egypt, Nigeria, Kenya and South Africa
Cash-Strapped States Under Siege(Dark Reading) New survey of state government agency CISOs finds cost of data breaches range from $1 million to $5 million in some states
Cyber security efforts won't necessarily fall victim to budget cuts, says intel official(GSN) Even though the axe stands ready to fall on the defense budget in the coming months, it wont necessarily sever cyber security efforts underway in some intelligence operations, said a top government official. In remarks at the SINET D.C. Showcase in Washington on Oct. 25, Stephanie OSullivan, principal deputy director of national intelligence at the Office of the Director of National Intelligence (ODNI) said that although the threat from deep budget cuts in the new year are another game-changer for U.S. intelligence and cyber security, her agency remains committed to maintaining and advancing some core capabilities and research
5 Goals to Improve Infosec Skills at DHS(GovInfoSecurity) Top Department of Homeland Security officials, including Secretary Janet Napolitano and Deputy Undersecretary Mark Weatherford, over the past few days have been emphasizing the need for the department to increase its IT security workforce and skills
DOD Official Encourages Private-sector Technology Innovation(Department of Defense) Much progress, he said, is now housed in the private sector, prompting the Defense Department, the services and agencies such as Defense Information Systems Agency, Defense Advanced Research Projects Agency and National Security Agency to create
SAIC to Help DHSS Add New Info For Blue Button(Govconwire) Science Applications International Corp. (NYSE: SAI) will work with the Defense Health Services System to add new types of medical information in the Blue Button system, the company announced Wednesday. The company won a potential $11 million contract, which includes a six-month base period, two option years and a three-month transition period
Blue Button won't spontaneously get better, government concedes(Fierce Government IT) Perhaps realizing that the private sector may not spontaneously improve Blue Button downloadable medical record design, the Office of the National Coordinator for Health Information Technology within the Health and Human Services Department is mounting a $51,000 (total) challenge for people to stop making it "look and feel like a receipt." A downloadable Blue Button record can be "unwieldy because of the lack of presentation and hierarchy," ONC notes, stating in an Oct. 22 Federal Register notice that it will judge submissions in four categories. First prize for best overall design will get $16,000
VA data exchange practices lack security(Fierce Government IT) Veterans Affairs Department medical centers are not effectively or securely sharing data with research and university facilities, according to an Oct. 23 VA office of inspector general report. "VA's data governance approach has been ineffective to ensure that research data exchanged are adequately controlled and protected throughout the data life cycle," write report authors
Huawei Proposes Security Test Center(InformationWeek) In a bid to address regulators' security fears, Chinese telecom company Huawei wants to establish a cyber security test center in Australia
Smartronix $2.5B GSA Email Team Includes Terremark(Govconwire) Smartronix's team to provide government agencies cloud computing-based email services under a $2.5 billion General Services Administration blanket purchase agreement includes Terremark and Verizon. Smartronix said in a release the team also includes two other companies certified to provide agencies with Microsoft products, as Microsoft technology will be a central offering from the team
Microsoft releases Windows 8(Help Net Security) Microsoft today announced the global availability of Windows 8. Beginning Friday, Oct. 26, consumers and businesses worldwide will be able to experience all that Windows 8 has to offer
Steganos Privacy Suite 14 released(Help Net Security) The newly released Steganos Privacy Suite 14 is designed for individuals who want privacy protection for their data and Internet activities – including on their smartphones and USB sticks
App's Humor Engine Learns What Makes You Laugh(Wired Business) Whether videos of someone falling on their face or political cartoons get you rolling on the floor laughing, there is plenty of humor on the internet to go around. Tired of digging through all the sites and video
Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire(Internet Storm Center) In previous Diary's niche layer 2 protocols for different network areas have been covered. In keeping with that theme, this diary will cover three in particular. Two that are widely deployed (and may already be in your network) protocols and discuss one emerging protocol. Ethernet truly is everywhere and most everything is converging, if not already, to an Ethernet transport model
Competency database helps retention, says TIGTA(Fierce Government IT) Information technology managers who say their familiarity with workers' skills negates the need for a competency database overlook the need for an enterprisewide view of skills at hand and make it harder to plan training. That, in turn, makes employee retention a challenge, says the Treasury Inspector General for Tax Administration in an Sept. 21 report released earlier this month
Its time to get serious about cyber security(National Post) Last week, the Canadian government announced that it would invest $155-million in cyber security over the next five years. The announcement was clearly designed to pre-empt a damning report by federal Auditor-General Michael Ferguson, released on Tuesday. But the sad fact is that $155-million wont even begin to fix the damage caused by years of government inaction
Protecting Canadian Critical Infrastructure Against Cyber Threats(OAG) Critical infrastructure consists of physical and information technology assets, such as the electricity distribution networks, telecommunications networks, banking systems, manufacturing and transportation systems, as well as government information systems and services that support the continued and effective functioning of government. Elements of critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and international borders. Most of Canada's critical infrastructure is owned by the private sector or by municipal, provincial, or territorial governments, and much of it is connected to other systems
US-India Cyber Diplomacy: A Waiting Game(Huffington Post) They previously agreed on cooperation between the Computer Emergency Response Teams (CERT) of both countries, and India participated in an international cyber war game hosted by the US Department of Homeland Security
Hacker Attack Warnings Don't Budge Opposing Sides on Cyber Bill(Businessweek) There are pieces of infrastructure that, if crippled by a cyber attack, could damage the country and the economy, Daniel said. Senate Republicans in August blocked a cybersecurity bill backed by Obama that would have set voluntary cybersecurity
Safety or surveillance: What is the NSA's Utah Data Center?(ksl.com) One of the biggest and most mysterious construction projects in Utah history is roughly halfway completed near the Point of the Mountain. It's a vast computer center for one of the nation's most secretive agencies, the National Security
United Kingdom commits to 1 government website(Fierce Government IT) The United Kingdom officially launched a single government website called Gov.uk Oct. 17--rounding out consolidation efforts that had already brought the country's 820 national government websites down to just two domains, Directgov and Business Link, in less than 2 years. The single government portal had been in beta since Jan. 31
NASCIO says 'compliance' good for cybersecurity(Fierce Government IT) Even as the word "compliance" gets increasingly weighted with negative connotations in federal cybersecurity, a report from the National Association of State Chief Information Officers says it should be a lever utilized by state chief information security officers when securing their own and contractor-based infrastructure
'Huawei partner' tried to sell US tech to Iran(The Register) Chinese telecoms kit maker Huawei narrowly avoided the wrath of US investigators last year after a business described by Reuters as a Huawei supplier* offered to sell American-made equipment to Iran in a deal that would have broken sanctions, it has emerged. Tehran-based Soda Gostar Persian Vista was ready to sell 36 cell tower antennas to operator MTN Irancell before the error was spotted, according to a Reuters report. The existence of the intended transaction is recorded in a purchase order seen by Reuters
It's My Way or the Huawei(UC Strategies) A few months ago, I read an article in the Economist that highlighted the fact that Huawei had just surpassed Ericsson to become the world's largest telecom equipment manufacturer. These gains were attributed to the provision of high quality equipment at a low price. However, the article also highlighted the various concerns related to cyber-warfare exploits being propagated by Chinese actors
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Security: A National Imperative(Washington, DC, October 29, 2012) Lockheed Martin is hosting a panel discussion on Cyber Security: A National Imperative – An in-depth view of Cyber Security from the world's leading defense contractor on Monday, Oct. 29, 11:00am at the...
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights(Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...
Digital Security Summit(Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.