skip navigation

More signal. Less noise.

Daily briefing.

North Korea denies involvement in March's cyber campaign against South Korean companies. South Korea sticks by its attribution and continues to harden its cyber defenses. (Preventive measures taken by Korea Hydro and Nuclear Power will be of interest to those concerned with industrial control system security.) Anonymous-affiliated botmaster "Jester" claims to have taken down a new North Korean Internet connection.

WordPress and Joomla are under attack globally—check your passwords if you use these services. The hackers appear to use a dictionary attack: weak login credentials render you particularly vulnerable.

Last week's Hack-in-the-Box demonstration of an airliner remote hijacking exploit is at least partially debunked. The Android app hack, say avionics manufacturers, worked against training software only, and the US Federal Aviation Administration concurs—it wouldn't, the FAA says, work against actual flight management systems.

Microsoft concludes its MS13-036 patch, released last week, not only disables some security products, but crashes Windows 7. It's pulled the patch and advises users to uninstall it.

Kaspersky's Security Scan finds active malware on a large number of PCs protected by standard antivirus products.

It's the Americans' turn to make irenic noises in the running cyber espionage dispute between the US and China: Secretary of State Kerry says he welcomes Chinese investment in US infrastructure. Meanwhile the Open Group publishes a standard intended to protect the IT supply chain. The new standard was designed with a view to protecting against pre-installed malware like that found over the past year in Huawei and ZTE devices.

Notes.

Today's issue includes events affecting Australia, China, India, Ireland, Kenya, Republic of Korea, People's Democratic Republic of Korea, Mexico, New Zealand, United States, and Venezuela..

Tomorrow's issue will offer special coverage of SINET's conference (offered in conjunction with CyberMaryland and the Chertoff Group), "Cyber Policy and Its Impact on Commercial Markets," which convenes in Baltimore this afternoon.

Cyber Attacks, Threats, and Vulnerabilities

North Korea denies cyber attack on South Korean companies (Economic Times) North Korea has denied involvement in a cyber attack that shut down nearly 50,000 computers and servers at South Korean broadcasters and banks last month. The General Staff of the Korean People's Army issued the denial Saturday through

South Korean Nuclear Plant under Threat of Cyber Attack (IBTimes.co.uk) Korea Hydro & Nuclear Power, the only operator in South Korea, has said the network has been cut off in an effort to thwart any cyber attack launched by Pyongyang. The control systems network at the plant has been divided and all connections to the

Anonymous-Linked Hacker Claims North Korea Win (InformationWeek) Botmaster "The Jester" calls "tango down" on Pyongyang's new, third Internet connection

Urgency needed to deal with N Korea's cyber attacks (The Nation) It took seven months for the police-run Cyber Terror Response Centre to confirm that North Korea was behind a cyber attack on the Seoul-based JoongAng Ilbo daily last June. But it took much less time until a joint investigation, led by the National

WordPress blogs and more under global attack - check your passwords now! (Naked Security) If you have a web service that supports remote users, you will know that malevolent login attempts are an everyday occurrence. But hosting providers worldwide are reporting an onslaught at well above average levels

Airplane Takeover Demonstrated Via Android App (InformationWeek) Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software

FAA Dismisses Android App Airplane Takeover (InformationWeek) Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturer

Another brand of IP cameras vulnerable to remote hijacking (FierceCIO: TechWatch) Security researchers from Qualys have sounded the alarm on thousands of wireless IP cameras that could be remotely hijacked. Sergey Shekyan and Artem Harutyunyan found that some Internet-connected cameras sold by Foscam were vulnerable. It is sold under a different brand in Europe and elsewhere

Schnucks Addresses Credit Card Issue (South County Times) On Friday, March 15, banks detected fraud on 12 different credit cards that had been used at Schnucks, prompting the company to engage the services of Mandiant, a payment card industry forensic investigation firm. Mandiant found the first indication of

Downingtown Area School District recovers $665000 from apparent cyber attack (Tribune-Review) In what might have been a cyber attack, $665,000 in Downingtown Area School District funds wound up in foreign bank accounts, the district announced on Friday. Downingtown police Chief James R. McGowan said the FBI was investigating the theft, which

Google Kenya hacked (The Standard Digital News) Global technology giant Google has been the victim of a cyber-attack. On Monday morning, their Kenyan domain google.co.ke did not have the usual doodle and search bar, instead the page splayed a black background ˜hacked" stamped in red across

Cyber Attack to Venezuelan Socialist Presidential Candidate's Account (Prensa Latina) The head of Hugo Chavez Campaign Command, Jorge Rodriguez, today denounced a cyber attack to the. Twitter account of presidential candidate of the Grand Patriotic Pole Nicolas Maduro. In statements to press

Security Patches, Mitigations, and Software Updates

Cisco IOS Smart Install Configuration File Upload Remote Code Execution Vulnerability (Zero Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to instruct it to download the IOS config file and IOS image file(s). The vulnerability allows the attacker to replace the startup configuration file and the booting IOS image on Cisco switches running as a Smart Install client. The attacker can specify a user account with highest access in the config file, allowing them to take complete control of the switch. Cisco has issued an update to correct this vulnerability

Microsoft pulls Patch Tuesday security fix (ZDNet) Tech giant Microsoft has recommended that an update released in the latest Patch Tuesday be removed, after users reported incidents of the "blue screen of death" after installation

Cyber Trends

China's Communist party isn't really afraid of the internet (Quartz) Earlier this week, a Chinese propaganda official said China's internet-based "new media" were threatening the Communist party. Using one of Mao Zedong's most famous phrases, Ren Xianliang, vice-minister of propaganda in Shaanxi province, wrote in an editorial (link in Chinese): "Just as political power grows out of the barrel of a gun, the Party's control of the media is an unassailable basis of the party's leadership." Indeed, it would seem that microblog Sina Weibo, video sharing sites, and other online forums used by millions of Chinese citizens have government officials shaking in their shoes

Why Irish companies – and citizens – need to beware of the cyber-hackers (Irish Independent) This week, the Irish Independent revealed that the Government is planning to simulate a cyber attack to see how IT staff cope with an assault. It comes amid worldwide concern about hackers. No one is safe. The CIA, Pentagon, Apple, Microsoft and

Malware Detected on Computers Protected by Antivirus Programs (Daily Press) Kaspersky Lab experts found active infections on a number of PCs by analyzing data collected by Kaspersky Security Scan, a tool that scans computers to verify the presence of malicious files. Malware were detected even on computers protected by IT security solutions from known providers

BYOD trend increasing need for security vigilance in health care (FierceMobileIT) As health care firms are increasingly taking advantage of mobile health applications, data security has become an even greater concern, cautioned Andrew Brown, executive director of enterprise research at Strategy Analytics

Marketplace

Kerry Welcomes Chinese Investment in America's Infrastructure (Weekly Standard) Secretary of State John Kerry told the press in Beijing that he discussed with Chinese government officials investing in America's infrastructure. Kerry called the security concerns "very, very few; very, very little." "We welcome Chinese investment in the United States. And a very, very small percentage of investment is subject to a process where we have a security evaluation because of the nature of the business or the particular location. But it's very, very few; very, very little. And obviously, there are sometimes concerns when there's a state ownership of a particular business because that raises a different set of considerations," Kerry said, in response to a question about what he said to encourage Chinese investment in America

In Obama's Budget, More Money For Cybersecurity (Washington Post) Under Obama's proposed budget, the Defense Department would invest more than $39 billion in IT, with major civilian agencies combined spending about $42 billion

Obama Budget Outlines Federal CyberSecurity Spending (PC Magazine) The Cyber Forces refers to a team of military hackers who will defend the country as well as DoD infrastructure from attack. The experts—including defensive, intelligence, and analytical experts— will conduct "reconnaissance, surveillance

Three Baltimore startups to present at Mid-Atlantic Venture Association TechBUZZ (Baltimore Business Journal) Three Baltimore technology startups were selected to present at a Mid-Atlantic Venture Association event that connects entrepreneurs and investors. Light Point Security, a cyber security firm; and Roadmap, a data management company; and SurveySnap are among 16 startup companies that will present their business ideas at the Mid-Atlantic Venture Association's TechBUZZ event April 23 in Bethesda

Products, Services, and Solutions

Rackspace Looks To The Telcos In Global Expansion Of Its OpenStack Cloud (TechCrunch) Rackspace is banking on service providers such as telcos for its global expansion, leveraging OpenStack to build out cloud infrastructures that partners will then charge customers for cloud offerings. Rackspace will provide an end-to-end program that will include the hardware and the OpenStack cloud operating system software for the build out. The company will provide continuous automated testing

Facebook Home - Great if you think privacy is dead (Naked Security) Facebook has introduced a new way to utilize its services on Android mobile phones. Facebook Home streamlines keeping in touch with friends, their photos, Likes and shares. The issue is how it impacts your privacy, even if you choose not to use it yourself

Central Management System (CSO Magazine) The (CMS) consolidates the management, reporting, & data sharing of Web MPS, Email MPS, File MPS, and Malware Analysis System (MAS) in an easy-to-deploy

Malware Analysis System (CSO Magazine) The FireEye Malware Analysis System (MAS) gives threat analysts hands-on control over powerful auto-configured test environments where they can safely

Can we end zero-day exploits? (Business Technology) Some enterprise security folks think that the security vendor community over-promises when referring to "zero-day exploits prevention". But how can you stop what you don't know

Is Microsoft's Office-for-iOS delay a ploy? (FierceMobileIT) Microsoft's (NASDAQ: MSFT) delay in providing a version of Office for iOS and Android until next year may be a ploy to give its Windows 8 operating system and Surface tablet some time to gain traction in the enterprise, judged Steve Ranger with ZDNet

Bitdefender takes fight to Android malware with new AV release (ITProPortal) Romanian security firm Bitdefender has released the latest version of its Android antivirus product, as the AV industry looks to combat the growing number of threats on the Google-owned mobile platform. The free application, available now in the Google

Technologies, Techniques, and Standards

Gallery: 10 surreal moments in infosec history (CSO) A look at moments in infosec history that left us dumbfounded. What were they thinking? We asked readers to vote on the most notorious "what-were-they-thinking" moments in the history of information security -- those occasions where people in the industry defied all logic and left the rest of us dumbfounded. Here are 10 of your picks

Open Group Publishes Security Standard For Technology Supply Chain (Dark Reading) The Open Group last week revealed a new set of standards designed to improve security in the technology supply chain and reduce the incidence of malware found in commercial off-the-shelf (COTS) products. There have been numerous incidences of malware found in IT products over the last few years. The most infamous was the code found in Huawei and ZTE devices, which was suspected of being placed by Chinese government cyber threat actors, culminating in fears about the purchase of Chinese-made telecommunications equipment. The new standards, dubbed Open Trusted Technology Provider Standard (O-TTPS), are designed to reduce the likelihood of such infections in the IT supply chain

How Hackers Fool Your Employees (Dark Reading) Pop quiz time: Which endpoint vulnerability is a hacker most likely to exploit to gain access to your enterprise network resources? It's not some unpatched Windows flaw or browser vulnerability. It actually isn't any technology at all. Your most vulnerable endpoint is the technology user a few cubes over

The software mistakes that make things easier for hackers (FierceCIO: TechWatch) Applications written in certain languages and programming frameworks are more likely to be riddled with certain types of vulnerabilities than others, says Veracode. The application security firm noted that the software industry's inability to reduce security flaws is fueling a situation where mediocre hackers are able to find and exploit such flaws with relative ease

Design and Innovation

Five infosec pros who stand out (CSO) Follow these names on Twitter. Together, they make cyberspace a more secure place

The VC World Returns to Its Operating Roots (TechCrunch) You can't go into Compton to rehabilitate gang members if you haven't been a Crip." — Ben Horowitz, co-founder of fast-rising venture outfit Andreessen Horowitz. Twenty years ago, the typical VC looked like a traditional banker, complete with an MBA and a background in finance. But a Wall Street background is becoming increasingly rare on Sand Hill Rd. The most coveted VCs are people who have

Research and Development

NATO CMRE Pursues Solutions to Protect the 'Internet of Underwater Things' (MarineLInk.com) The NATO Center for Maritime Research and Experimentation (CMRE), the Science and Technology Organization (STO) executive body in charge of scientific research and technology development in the maritime domain, showcased future solutions to address defense and security needs of the Alliance by using unmanned vehicles connected through the "Internet of Underwater Things." It took place during the eighth meeting of STO Task Group IST-096 focused on maturity models, scenario definition and prototyping environments in cyber defense

Michigan demos simpler, more efficient single-photon emitter for quantum cryptography (Semiconductor Today) In a development that could make the advanced form of secure communications known as quantum cryptography more practical, University of Michigan researchers – supported by the US National Science Foundation (NSF) - have demonstrated a simpler

IBM: Flash Storage Hits Tipping Point (InformationWeek) Flash is now cheaper than most spinning disks -- and dramatically speeds up application and database performance, IBM says

Academia

West Point cadets take part in cyber-competition (Wall Street Journal) Established in 2001 by the National Security Agency, the competition is designed to teach cadets how to protect and defend the nation's information systems. Cadets have to protect their network against attacks orchestrated by National Security Agency

IIIT-Delhi joins hand with QUT Australia for joint PhD prog (Business Standard) The collaborative PhD programme, a part of the institute's efforts to promote cooperative educational exchanges, would allow students to pursue their doctoral research in Cryptography, Control Theory and Robotics and Linked Data Analysis from both IIIT

Legislation, Policy, and Regulation

PM on GCSB Legislation Changes (Scoop [New Zealand]) In the post-cabinet press conference at the Beehive on Monday, April 15, Prime Minister announced proposed legislative changes to remedy "inadequacies" in the Government Communications Security Bureau (GCSB) Act

NSA data center front and center in debate over liberty, security and privacy (Fox News) Twenty-five miles due south of Salt Lake City, a massive construction project is nearing completion. The heavily secured site belongs to the National Security Agency. "The spy center" -- that's what some of the locals like Jasmine Widmer

Google, Yahoo, Microsoft execs back CISPA through trade group (CNET) A tech trade group whose guiding lights include executives from Google, Microsoft, and Yahoo sent a letter to Congress this week in support of CISPA -- the Cyber Intelligence Sharing and Protection Act -- proposed cybersecurity legislation that's

House Intelligence Dems push for privacy changes in CISPA (The Hill) The lawmakers also argued that a civilian agency, like the Department of Homeland Security, should be the first to receive cyber threat data from companies, not the military or National Security Agency. The bill would allow companies to share cyber

CISPA Remains Fatally Flawed After Secret Committee Markup (American Civil Liberties Union News and Information) The House Permanent Select Committee on Intelligence on Wednesday marked up CISPA, the controversial cybersecurity bill that allows companies to share their customers' sensitive internet information with each other and the government. The bill's sponsors and corporations are not only declaring victory, but aggressively arguing that all privacy and civil liberties problems have been solved

Well, what ARE the Air Force's cyber weapons? (FCW.com) Keith Alexander, commander at U.S. Cyber Command and director of the National Security Agency, also has discussed CyberCom's plans to create 13 offensive operations teams as well as other teams focused on cyber threats. Posted by Amber Corrin on

Litigation, Investigation, and Law Enforcement

Lawsuit could put kink in Microsoft's push for cloud security (CSO) A patent suit challenges two-factor authentication technology used by PhoneFactor, a company acquired by Microsoft last October

Bringing Down The Mexican Tech Mafia: How Hackers Stopped A $9.3 Million Fraud (TechCrunch) "When the geeks go marching in, good stuff can happen, but if everyone joins in, real change can take place." That's what the hackers and team behind Codeando Mexico, a civil innovation platform where government and organizations publish projects, though

Convicted TJX Hacker Regrets Taking 'Easy Way Out' With Plea Deal (Threatpost) Stephen Watt was involved in a series of attacks on retailers and restaurants that federal prosecutors called the largest identity theft in U.S. history. He wrote the sniffer used by some of his friends to steal millions of credit card numbers. After federal agents raided his apartment, confiscated all of his computer equipment, he eventually was indicted on a series of charges related to the attacks on TJX, Dave & Buster's and others and was facing several years in prison. So he took a plea deal, hoping to reduce his prison time and the financial burden on his family. In all of that, what he regrets most is taking the plea

Surveillance state: Fox News watched by NSA, questioned by FBI (BizPac Review) The National Security Agency's massive, big brother-on-steroids, data mining spy facility in Bluffdale, Utah is almost complete, bringing new concerns over the "liberty, security, and privacy" of American citizens. And a Fox News team experienced

Judge says Apple, Motorola abused legal process with patent litigation (FierceMobileIT) A Unites States district court judge in Florida charged Apple (NASDAQ: AAPL) and Google's (NASDAQ: GOOG) Motorola Mobility with abusing the legal process by using patent litigation as a "business strategy," according to a court order issued this week

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...

Cyber Guardian 2013 (Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...

A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, April 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex...

SANS 20 Critical Security Controls Briefing (Washington, DC, USA, April 18, 2013) The SANS Institute presents an Executive Briefing on the 20 Critical Security Controls.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...

cybergamut Technical Tuesday: Secure VoIP & Messaging for Mobile Platforms (Laurel, Maryland, USA, April 23, 2013) Phil Zimmermann of Silent Circle will show you how to communicate securely without relying on PKI. cybergamut Technical Tuesday is for cyber professionals to exchange ideas and discuss technical issues...

Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...

Infosecurity Europe (London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...

INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.

cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, April 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations...

TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.