North Korea denies involvement in March's cyber campaign against South Korean companies. South Korea sticks by its attribution and continues to harden its cyber defenses. (Preventive measures taken by Korea Hydro and Nuclear Power will be of interest to those concerned with industrial control system security.) Anonymous-affiliated botmaster "Jester" claims to have taken down a new North Korean Internet connection.
WordPress and Joomla are under attack globally—check your passwords if you use these services. The hackers appear to use a dictionary attack: weak login credentials render you particularly vulnerable.
Last week's Hack-in-the-Box demonstration of an airliner remote hijacking exploit is at least partially debunked. The Android app hack, say avionics manufacturers, worked against training software only, and the US Federal Aviation Administration concurs—it wouldn't, the FAA says, work against actual flight management systems.
Microsoft concludes its MS13-036 patch, released last week, not only disables some security products, but crashes Windows 7. It's pulled the patch and advises users to uninstall it.
Kaspersky's Security Scan finds active malware on a large number of PCs protected by standard antivirus products.
It's the Americans' turn to make irenic noises in the running cyber espionage dispute between the US and China: Secretary of State Kerry says he welcomes Chinese investment in US infrastructure. Meanwhile the Open Group publishes a standard intended to protect the IT supply chain. The new standard was designed with a view to protecting against pre-installed malware like that found over the past year in Huawei and ZTE devices.
Today's issue includes events affecting Australia, China, India, Ireland, Kenya, Republic of Korea, People's Democratic Republic of Korea, Mexico, New Zealand, United States, and Venezuela..
Tomorrow's issue will offer special coverage of SINET's conference (offered in conjunction with CyberMaryland and the Chertoff Group), "Cyber Policy and Its Impact on Commercial Markets," which convenes in Baltimore this afternoon.
Cyber Attacks, Threats, and Vulnerabilities
North Korea denies cyber attack on South Korean companies(Economic Times) North Korea has denied involvement in a cyber attack that shut down nearly 50,000 computers and servers at South Korean broadcasters and banks last month. The General Staff of the Korean People's Army issued the denial Saturday through
South Korean Nuclear Plant under Threat of Cyber Attack(IBTimes.co.uk) Korea Hydro & Nuclear Power, the only operator in South Korea, has said the network has been cut off in an effort to thwart any cyber attack launched by Pyongyang. The control systems network at the plant has been divided and all connections to the
Urgency needed to deal with N Korea's cyber attacks(The Nation) It took seven months for the police-run Cyber Terror Response Centre to confirm that North Korea was behind a cyber attack on the Seoul-based JoongAng Ilbo daily last June. But it took much less time until a joint investigation, led by the National
Airplane Takeover Demonstrated Via Android App(InformationWeek) Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software
FAA Dismisses Android App Airplane Takeover(InformationWeek) Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturer
Another brand of IP cameras vulnerable to remote hijacking(FierceCIO: TechWatch) Security researchers from Qualys have sounded the alarm on thousands of wireless IP cameras that could be remotely hijacked. Sergey Shekyan and Artem Harutyunyan found that some Internet-connected cameras sold by Foscam were vulnerable. It is sold under a different brand in Europe and elsewhere
Schnucks Addresses Credit Card Issue(South County Times) On Friday, March 15, banks detected fraud on 12 different credit cards that had been used at Schnucks, prompting the company to engage the services of Mandiant, a payment card industry forensic investigation firm. Mandiant found the first indication of
Google Kenya hacked(The Standard Digital News) Global technology giant Google has been the victim of a cyber-attack. On Monday morning, their Kenyan domain google.co.ke did not have the usual doodle and search bar, instead the page splayed a black background ˜hacked" stamped in red across
Security Patches, Mitigations, and Software Updates
Cisco IOS Smart Install Configuration File Upload Remote Code Execution Vulnerability(Zero Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to instruct it to download the IOS config file and IOS image file(s). The vulnerability allows the attacker to replace the startup configuration file and the booting IOS image on Cisco switches running as a Smart Install client. The attacker can specify a user account with highest access in the config file, allowing them to take complete control of the switch. Cisco has issued an update to correct this vulnerability
Microsoft pulls Patch Tuesday security fix(ZDNet) Tech giant Microsoft has recommended that an update released in the latest Patch Tuesday be removed, after users reported incidents of the "blue screen of death" after installation
China's Communist party isn't really afraid of the internet(Quartz) Earlier this week, a Chinese propaganda official said China's internet-based "new media" were threatening the Communist party. Using one of Mao Zedong's most famous phrases, Ren Xianliang, vice-minister of propaganda in Shaanxi province, wrote in an editorial (link in Chinese): "Just as political power grows out of the barrel of a gun, the Party's control of the media is an unassailable basis of the party's leadership." Indeed, it would seem that microblog Sina Weibo, video sharing sites, and other online forums used by millions of Chinese citizens have government officials shaking in their shoes
Malware Detected on Computers Protected by Antivirus Programs(Daily Press) Kaspersky Lab experts found active infections on a number of PCs by analyzing data collected by Kaspersky Security Scan, a tool that scans computers to verify the presence of malicious files. Malware were detected even on computers protected by IT security solutions from known providers
Kerry Welcomes Chinese Investment in America's Infrastructure(Weekly Standard) Secretary of State John Kerry told the press in Beijing that he discussed with Chinese government officials investing in America's infrastructure. Kerry called the security concerns "very, very few; very, very little." "We welcome Chinese investment in the United States. And a very, very small percentage of investment is subject to a process where we have a security evaluation because of the nature of the business or the particular location. But it's very, very few; very, very little. And obviously, there are sometimes concerns when there's a state ownership of a particular business because that raises a different set of considerations," Kerry said, in response to a question about what he said to encourage Chinese investment in America
Obama Budget Outlines Federal CyberSecurity Spending(PC Magazine) The Cyber Forces refers to a team of military hackers who will defend the country as well as DoD infrastructure from attack. The experts—including defensive, intelligence, and analytical experts— will conduct "reconnaissance, surveillance
Three Baltimore startups to present at Mid-Atlantic Venture Association TechBUZZ(Baltimore Business Journal) Three Baltimore technology startups were selected to present at a Mid-Atlantic Venture Association event that connects entrepreneurs and investors. Light Point Security, a cyber security firm; and Roadmap, a data management company; and SurveySnap are among 16 startup companies that will present their business ideas at the Mid-Atlantic Venture Association's TechBUZZ event April 23 in Bethesda
Products, Services, and Solutions
Rackspace Looks To The Telcos In Global Expansion Of Its OpenStack Cloud(TechCrunch) Rackspace is banking on service providers such as telcos for its global expansion, leveraging OpenStack to build out cloud infrastructures that partners will then charge customers for cloud offerings. Rackspace will provide an end-to-end program that will include the hardware and the OpenStack cloud operating system software for the build out. The company will provide continuous automated testing
Facebook Home - Great if you think privacy is dead(Naked Security) Facebook has introduced a new way to utilize its services on Android mobile phones. Facebook Home streamlines keeping in touch with friends, their photos, Likes and shares. The issue is how it impacts your privacy, even if you choose not to use it yourself
Central Management System(CSO Magazine) The (CMS) consolidates the management, reporting, & data sharing of Web MPS, Email MPS, File MPS, and Malware Analysis System (MAS) in an easy-to-deploy
Malware Analysis System(CSO Magazine) The FireEye Malware Analysis System (MAS) gives threat analysts hands-on control over powerful auto-configured test environments where they can safely
Can we end zero-day exploits?(Business Technology) Some enterprise security folks think that the security vendor community over-promises when referring to "zero-day exploits prevention". But how can you stop what you don't know
Is Microsoft's Office-for-iOS delay a ploy?(FierceMobileIT) Microsoft's (NASDAQ: MSFT) delay in providing a version of Office for iOS and Android until next year may be a ploy to give its Windows 8 operating system and Surface tablet some time to gain traction in the enterprise, judged Steve Ranger with ZDNet
Bitdefender takes fight to Android malware with new AV release(ITProPortal) Romanian security firm Bitdefender has released the latest version of its Android antivirus product, as the AV industry looks to combat the growing number of threats on the Google-owned mobile platform. The free application, available now in the Google
Technologies, Techniques, and Standards
Gallery: 10 surreal moments in infosec history(CSO) A look at moments in infosec history that left us dumbfounded. What were they thinking? We asked readers to vote on the most notorious "what-were-they-thinking" moments in the history of information security -- those occasions where people in the industry defied all logic and left the rest of us dumbfounded. Here are 10 of your picks
Open Group Publishes Security Standard For Technology Supply Chain(Dark Reading) The Open Group last week revealed a new set of standards designed to improve security in the technology supply chain and reduce the incidence of malware found in commercial off-the-shelf (COTS) products. There have been numerous incidences of malware found in IT products over the last few years. The most infamous was the code found in Huawei and ZTE devices, which was suspected of being placed by Chinese government cyber threat actors, culminating in fears about the purchase of Chinese-made telecommunications equipment. The new standards, dubbed Open Trusted Technology Provider Standard (O-TTPS), are designed to reduce the likelihood of such infections in the IT supply chain
How Hackers Fool Your Employees(Dark Reading) Pop quiz time: Which endpoint vulnerability is a hacker most likely to exploit to gain access to your enterprise network resources? It's not some unpatched Windows flaw or browser vulnerability. It actually isn't any technology at all. Your most vulnerable endpoint is the technology user a few cubes over
The software mistakes that make things easier for hackers(FierceCIO: TechWatch) Applications written in certain languages and programming frameworks are more likely to be riddled with certain types of vulnerabilities than others, says Veracode. The application security firm noted that the software industry's inability to reduce security flaws is fueling a situation where mediocre hackers are able to find and exploit such flaws with relative ease
The VC World Returns to Its Operating Roots(TechCrunch) You can't go into Compton to rehabilitate gang members if you haven't been a Crip." — Ben Horowitz, co-founder of fast-rising venture outfit Andreessen Horowitz. Twenty years ago, the typical VC looked like a traditional banker, complete with an MBA and a background in finance. But a Wall Street background is becoming increasingly rare on Sand Hill Rd. The most coveted VCs are people who have
Research and Development
NATO CMRE Pursues Solutions to Protect the 'Internet of Underwater Things'(MarineLInk.com) The NATO Center for Maritime Research and Experimentation (CMRE), the Science and Technology Organization (STO) executive body in charge of scientific research and technology development in the maritime domain, showcased future solutions to address defense and security needs of the Alliance by using unmanned vehicles connected through the "Internet of Underwater Things." It took place during the eighth meeting of STO Task Group IST-096 focused on maturity models, scenario definition and prototyping environments in cyber defense
West Point cadets take part in cyber-competition(Wall Street Journal) Established in 2001 by the National Security Agency, the competition is designed to teach cadets how to protect and defend the nation's information systems. Cadets have to protect their network against attacks orchestrated by National Security Agency
IIIT-Delhi joins hand with QUT Australia for joint PhD prog(Business Standard) The collaborative PhD programme, a part of the institute's efforts to promote cooperative educational exchanges, would allow students to pursue their doctoral research in Cryptography, Control Theory and Robotics and Linked Data Analysis from both IIIT
Legislation, Policy, and Regulation
PM on GCSB Legislation Changes(Scoop [New Zealand]) In the post-cabinet press conference at the Beehive on Monday, April 15, Prime Minister announced proposed legislative changes to remedy "inadequacies" in the Government Communications Security Bureau (GCSB) Act
Google, Yahoo, Microsoft execs back CISPA through trade group(CNET) A tech trade group whose guiding lights include executives from Google, Microsoft, and Yahoo sent a letter to Congress this week in support of CISPA -- the Cyber Intelligence Sharing and Protection Act -- proposed cybersecurity legislation that's
House Intelligence Dems push for privacy changes in CISPA(The Hill) The lawmakers also argued that a civilian agency, like the Department of Homeland Security, should be the first to receive cyber threat data from companies, not the military or National Security Agency. The bill would allow companies to share cyber
CISPA Remains Fatally Flawed After Secret Committee Markup(American Civil Liberties Union News and Information) The House Permanent Select Committee on Intelligence on Wednesday marked up CISPA, the controversial cybersecurity bill that allows companies to share their customers' sensitive internet information with each other and the government. The bill's sponsors and corporations are not only declaring victory, but aggressively arguing that all privacy and civil liberties problems have been solved
Well, what ARE the Air Force's cyber weapons?(FCW.com) Keith Alexander, commander at U.S. Cyber Command and director of the National Security Agency, also has discussed CyberCom's plans to create 13 offensive operations teams as well as other teams focused on cyber threats. Posted by Amber Corrin on
Convicted TJX Hacker Regrets Taking 'Easy Way Out' With Plea Deal(Threatpost) Stephen Watt was involved in a series of attacks on retailers and restaurants that federal prosecutors called the largest identity theft in U.S. history. He wrote the sniffer used by some of his friends to steal millions of credit card numbers. After federal agents raided his apartment, confiscated all of his computer equipment, he eventually was indicted on a series of charges related to the attacks on TJX, Dave & Buster's and others and was facing several years in prison. So he took a plea deal, hoping to reduce his prison time and the financial burden on his family. In all of that, what he regrets most is taking the plea
Surveillance state: Fox News watched by NSA, questioned by FBI(BizPac Review) The National Security Agency's massive, big brother-on-steroids, data mining spy facility in Bluffdale, Utah is almost complete, bringing new concerns over the "liberty, security, and privacy" of American citizens. And a Fox News team experienced
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
TechExpo Cyber Security Hiring Event(Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.