South Carolina tries to mitigate damage from data theft at its Department of Revenue. The culprit has yet to be identified, but the Governor says the attack came from outside the United States.
An attack on Abilene Telco Federal Credit Union in September 2011 compromised login credentials for Experian's credit scoring reports. Citibank ATMs at five casinos lost more than $1M to well-coordinated cyber thieves. Anonymous attacks the Greek Ministry of Finance to protest austerity. (Expect more from Anonymous over the coming week: Monday is, of course, Guy Fawkes Day.) Advertising on bogus Google Play apps is harvesting users' personal information. Facebook is quietly investigating the possible compromise of millions of users' personal data.
Mac OS, long regarded as inherently safer than other operating systems, is losing that reputation as targeted attacks against Macs rise. Malware authors return to simpler ways of evading detection, mostly through execution delays.
The European Central Bank warns against the "inherent instability" of virtual currencies like Bitcoin. An Ernst and Young report warns that small information security fixes no longer cut it: firms will have to adopt more comprehensive defenses. Experience in the UK and the example of the NSA in the US suggest that data centers are unprepared for the impact of big data. US budget sequestration will probably hit IDIQs first.
Several research projects make the news, among them a DARPA-sponsored five-year effort to redesign networks and their nodes for inherent security and a Hollywood-driven program to improve cryptographic tools for copyright protection.
Today's issue includes events affecting China, Czech Republic, European Union, Finland, Greece, Iran, Japan, Netherlands, United Arab Emirates, United Kingdom, United States..
Hackers crack Texan bank, Experian credit records come flooding out(The Register) Hackers managed to get login credentials for Experian's credit scoring reports after they broke into the systems of Abilene Telco Federal Credit Union last year, it has emerged. Crooks gained access to the west Texan bank's systems after hacking into an employee's computer. The September 2011 breach allowed the hackers to get their hands on login credentials for the bank's account with Experian, exposing the details of millions to potential snooping in the process
INLAND: $1 million stolen from Citibank ATMs at casinos(pe.com) Five Inland casinos Pechanga, San Manuel, Morongo, Agua Caliente and Spa Resort were among 11 resorts where 14 people staged a high-tech scheme to steal more than $1 million from Citibank accounts via ATM kiosks, the FBI said. The plot required multiple withdrawals all launched within 60 seconds exploiting a hidden electronic gap in Citibanks transaction security, FBI Special Agent in Charge Daphne Hearn said. While advancements in technology have created a world of accessibility to users and a convenience for consumers, they have also left room for criminals to exploit even the smallest of loopholes, Hearn said in a news release
Anonymous Hacks Greek Ministry of Finance to Protest Against Austerity Measures(Softpedia) Anonymous hacktivists have leaked confidential documents and user credentials which they allegedly stole from the systems of Greeces Ministry of Finance. The breach comes at a time when the Greek government is trying to adopt a new austerity package. The Greek government is prepared to testify to a vote in the Greek Parliament the new package of economic austerity measures
Malware hijacks your email, sends death threats(ZDNet) Three people were recently arrested in Japan in relation to death threats being posted online and sent through email. However, once a particular malware infection was found on each suspect's computer, all three were released without charge
Critical error in CoDeSys runtime of SCADA systems(AutomatiseringGids) Ron Wightman discovered vulnerability in the CoDeSys runtime during Project Basecamp, where industrial security guards come together. The problem is that according Wightman attackers by security hole in CoDeSys control PLCs can get into the industrial systems and critical infrastructures which it is mounted. An attacker must already have access to the network
European Central Bank warns of virtual currency risks(Finextra) The growth of virtual currency schemes such as Bitcoin and Second Life's Linden Dollars, could have a negative reputational impact on central banks due to their inherent instability, warns the European Central Bank. In a preliminary impact assessment of the proliferation of virtual currency schemes, the ECB notes that while most such schemes are too small to jeopardise price or financial stability, they do represent a challenge to public authorities due to the legal uncertainty surrounding their status and their adoption by criminals and money launderers. Lack of overarching regulation is a key theme picked up by the ECB, which expresses concern about the level of credit, liquidity, operational and legal risks imposed upon users
Short term information security solutions no longer an option if companies want to keep pace with today's threats(EY) Organisations need to fundamentally shift their approach to information security in order to meet the threats presented by existing and emerging technologies according to Ernst & Youngs 15th Global Information Security Survey 2012 results released today. The report is one of the most comprehensive surveys in its field and is based on responses from over 1,850 CIOs, CISOs and other information security executives in 64 countries. With 88% of respondents experiencing a higher number of security incidents in the last two years and 77% using the cloud, the need to develop a robust security architecture framework has never been greater
Cyber defences of SMEs lag behind larger firms, study confirms(Computer Weekly) SMEs are typically more vulnerable to viruses, worms, spyware and other malicious software, according to Kaspersky Labs latest Global IT Security Risks survey. The survey, which polled more than 3,000 information security professionals in 22 countries, found that 63% of small companies and 60% of medium-sized organisations have faced malware within the business network over the past 12 months
UK datacentres are not ready for big data impact shows study(Computer Weekly) UK datacentres are unprepared for the massive changes that big data will bring to the enterprises and their IT facilities, a study of 125 senior IT decision makers by Research Now has revealed. While IT executives are clear about the types of applications they will need to deploy to manage big data requirements in the next two years, they are not yet planning for the real increase in data volumes that these applications will need, the study further showed. More than half (55%) of IT respondents said their organisations datacentre capacity requirements could increase.
NSA and the Future of Big Data(SmartData Collective) The National Security Agency of the United States (NSA) has seen the future of Big Data and it doesn't look pretty. With data volumes growing faster than the NSA can store, much less analyze, if the NSA with hundreds of millions of dollars to spend on analytics is challenged, it raises the question; "Is there any hope for your particular company"? By now, most IT industry analysts accept the term "Big Data" is much more than data volumes increasing at an exponential clip. There's also velocity, or speeds at which data are created, ingested and analyzed. And of course, there's variety in terms of multi-structured data types including web logs, text, social media, machine data and more
Internet crime a growing worry(Tribune-Review) "It's going to get a lot worse before it gets better," said Bradford Willke, a cybersecurity adviser in the Department of Homeland Security's National Cyber Security Division. Willke was among more than a dozen experts who spoke at the Western
5 Emerging Enterprise Technologies(InformationWeek) If you are not watching these developments, your business is missing out. Here's what Gartner's annual top 10 tech trends list missed
Day of Reckoning For Open Source Software May Be Coming(AOL Government) But a presentation from the National Security Agency (NSA) during a technology symposium last week presented a stark warning for the proponents of open source software: Get your house in order because sooner or later government and industry customers
Could Sandy Give Teleworking A Boost?(Washington Post) Sandy is sitting on the federal government like a huge, wet and windy blanket, a killjoy if ever there was one. Yet, despite the storm that has closed government offices along the East Coast, stopped transit systems and forced residents to hunker down in their homes, some work of the government continues to get done
Desperately seeking cybersecurity pros(FCW) The calls for a beefed-up workforce that specializes in cybersecurity are not new. In this highly critical arena, the demand for talent is sky-high and insatiable. But with a nationwide shortage of students of science, technology, engineering and math (STEM), where will tomorrows workforce which is needed already be found
Kaspersky Lab improves its position on Sunday Times Top Track 250(Bizcommunity.com) This placement comes after a fruitful year when Kaspersky Lab discovered nation-state cyber-espionage campaigns now known as Flame and Gauss - highly sophisticated weapons developed to target entities in several countries. The company's products
IDIQs Could Be Among 1st Contracts Cut Under Sequestration(ExecutiveBiz) Federal contracts that expire and are up for renewal or re-competition will be most vulnerable to sequestration cuts if they take effect in January, Federal Times reports. According to Sarah Chacko's report, $23 billion in federal contracts are set to expire in January with that figure totaling $291 billion for full calendar year 2012
Intel joins SAFECode(Help Net Security) The Software Assurance Forum for Excellence in Code (SAFECode), a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services
VMware Revenues Show Cloud Worries(InformationWeek) VMware rules the virtualization market and wants to do the same with cloud. Can it pull that off and continue its fast-paced growth
Huawei vows to be at the forefront of war on cybercrime(mydigitalfc) Chinese telecom networking equipment major, Huawei on Monday said it would be at forefront of combating cybercrime in cooperation with international agencies. Huawei also declared that it would adopt any internationally accepted standard or security practices and be transparent with their security capabilities. Huawei has flagged cybersecurity issues in a white paper released on Monday in the capital
Columbia cybersecurity firm gets boost from Silicon Valley(Baltimore Sun) Gula, a former information security expert at the National Security Agency at Fort Meade, used to run so-called "penetration tests" at the agency, where he probed government networks and tried to find vulnerabilities. He partnered with Renaud Deraison
TASC Appoints Terry Roberts VP of Intelligence and Cyber for Intell Group(Govconwire) TASC Inc. has named Terry Roberts vice president of intelligence and cyber for its intelligence group, the company announced today. "Terry brings a deep understanding of the intelligence mission and the systems engineering and integration discipline, honed over more than 30 years of serving the intelligence community," says Al Pisani, senior vice president of TASC's
Top Apple iOS and retail executives to leave company(IT World) Two of Apple's top executives are leaving the company: Scott Forstall, who has overseen the iOS platform that runs the iPhone and iPad, will leave Apple next year, and John Browett, senior vice president of retail, is leaving sooner, Apple said Monday
Xilinx Announces Defense-Grade 7 Series FPGAs and Zynq-7000 All Programmable SoCs with Fourth Generation Secure Capabilities(Military and Aerospace Electronics) Xilinx, Inc. (NASDAQ: XLNX) today announced its fourth generation secure architecture with Information Assurance and Anti-Tamper IP core support for defense-grade 7 series FPGAs and Zynq (TM)-7000 All Programmable SoCs . These unique high reliability, defense-grade devices reduce the risk and cost of deploying the latest Aerospace and Defense (A&D) systems by utilizing off-the-shelf reprogrammable Xilinx FPGAs and SoCs . Manufactured with state-of-the-art 28nm process technology, all devices are optimized for high performance and the lowest total power. Xilinx defense-grade products are fully pin-compatible to commercial-grade equivalents for low cost prototyping and are offered off-the-shelf
Service Bus for Windows Server released(Help Net Security) Service Bus for Windows Server provides Windows Azure Service Bus messaging capabilities on Windows Server. It enables you to build, test, and run loosely-coupled, message-driven applications
Open source NAC system PacketFence 3.6 released(Help Net Security) PacketFence is a fully supported, trusted, free and open source network access control (NAC) system. Among the features provided by PacketFence, there are:BYOD (Bring Your Own Device) workflowsSi
Coverity Security Library released on GitHub(Help Net Security) Coverity announced the creation of the Coverity Security Library, an open source project available through GitHub and Maven to help developers easily fix cross-site scripting (XSS) security defects in
Mobility management for Windows Phone 8(Help Net Security) AirWatch unveils device and application management support for Windows Phone 8 devices. "With the introduction of the Nokia Lumia 920 and Nokia Lumia 820, partnerships with important enterprise
Can Windows Phone 8 lift Microsoft, save Nokia?(Fierce Mobile IT) With the release of Windows Phone 8 on Monday, Microsoft (NASDAQ: MSFT) is hoping that the new mobile operating system will spur sales of the devices both among consumers and employees who bring their devices to work
Technologies, Techniques, and Standards
Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard(Internet Storm Center) A "Clear Desk Policy" is becoming a more commonly adopted STANDARD in the work place. The idea that a clean desk is a standard may seem a bit of stretch. However, it is recognized in the access control domain by ISO , NIST , and ISC2 . The standard name varies a bit and often includes the "Clear Screen" title and requirements too. A Clear Desk standard is not primarily targeting the actual cleanliness of the desk, but the often seen clutter of classified information left unattended out in the open
Killing The Computer To Save It(New York Times) He is leading a team of researchers in an effort to completely rethink how to make computers and networks secure, in a five-year project financed by the Pentagons Defense Advanced Research Projects Agency, or Darpa, with Robert N. Watson, a computer security researcher at Cambridge Universitys Computer Laboratory
You may soon be able to register your SIM card online(Emirates 24/7) TRA instructs Etisalat and Du to speed up online service. In a bid to ease the process involved in the 'My Number, My Identity' campaign, the Telecommunications Regulatory Authority (TRA) has instructed the two mobile service providers - etisalat and du - to speed up online registration services
Government turns to social media for #Sandy alerts(Fierce Government IT) Federal agencies are taking to social media to message alerts and updates related to Hurricane Sandy. In addition to broadcasting their own information, they repurpose and share information from other federal agencies
New FBI Initiative Will Identify And Trace Hackers(ThinkProgress) The FBI will share the information it gathers with the Departments of Defense, Homeland Security, and the National Security Agency. Earlier this month the military announced similar efforts to counter cyber attacks directed at the U.S. But Panetta said
Litigation, Investigation, and Law Enforcement
Legal fears muffle warnings on cybersecurity threats(Chicago Tribune) Two talks about a nuclear power plant's potential vulnerabilities to cyber-attack were canceled after an equipment supplier threatened to sue, organizers said, even though plant officials had approved the presentations. The vendor complained that the
Challenge To Wiretaps Is Heard By Justices(New York Times) A challenge to a federal law that authorized intercepting international communications involving Americans appeared to face an uphill climb at the Supreme Court on Monday, but not one quite as steep as many had anticipated
All Three Branches Agree: Big Brother Is the New Normal(Wired Threat Level) Indeed, Big Brother is the new normal. Despite Hurricane Sandy, the Supreme Court on Monday entertained oral arguments on whether it should halt a legal challenge to a once-secret warrantless surveillance program targeting Americans' communications, a program that Congress
Pentagon Inspector Starts Investigation Of Contractor(USA Today) The military's top propaganda contractor in Afghanistan is under federal criminal investigation for its possible role in a smear campaign against USA TODAY, according to a letter from the Pentagon's inspector general
Taiwan Arrests 3 For Spying For China(Wall Street Journal) A retired Taiwanese naval officer and two others were arrested on suspicion of spying for China, the latest in a string of cases that underline the mistrust between Beijing and Taipei despite warming economic ties
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights(Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...
Digital Security Summit(Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.