OpIsrael may have largely fizzled, but attackers continue to seek new targets, including the Nigerian Ministry of Energy (for exporting oil to Israel). Elsewhere in the Middle East the Syrian Electronic Army defaces US NPR sites apparently out of displeasure over NPR's coverage of Syria's civil war.
The WordPress attacks, now characterized as a brute-force campaign continue, and observers note with concern their probable connection with earlier attacks on banks—the attackers appear to be assembling botnets that could be used in fresh campaigns against the financial sector.
Microsoft has found a Trojan (Nemin.gen) that erases itself to defeat reverse engineering and forensic analysis. It's also unusual in that the downloader is itself the payload.
Digital Defense announces discovery of a zero-day vulnerability in Dell EqualLogic storage solution that could enable a remote unauthenticated attacker to steal files. Kaspersky finds a new piece of Android malware targeting Uyghur activists.
A cyber riot brews up between Indian and Brazilian hacktivists: apparently national pride is at issue. Turkish hackers attack, with no clear motive, Taiwan's Gigabyte Technology.
Retailers and other businesses might learn from Schnucks' recent experience with a point-of-sale breach. The US Midwestern supermarket chain has a reputation for sophisticated early adoption of technology, and they are unlikely to have been a soft target. But their experience shows the increasing cunning and rapacity of cyber criminals.
Saudi Arabia plans a five-year $400M investment in data loss prevention. The US National Institute of Standards and Technology advances its public-private cyber framework partnership.
Today's issue includes events affecting Algeria, Australia, Bangladesh, Brazil, China, Finland, India, Israel, Kenya, Republic of Korea, Luxembourg, Malaysia, Netherlands, Nigeria, Portugal, Syria, Taiwan, Turkey, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Nigerian Ministry of Energy Website Hacked by SiR Abdou(TheHackersPost) Hacker going with the handle SiR Abdou has hacked and defaced Ministry of Energy, Nigeria Website (ministryofenergy.dl.gov.ng) for exporting Oil to Israel. At the time of writing, Site was displaying Internal Path of the website with SQL queries
Algerian Hacker Details Cyber Attack on Israel(OODA Loop) An Algerian hacker using the handle 'Ismail-man54' said that thousands of Arab and Muslim hackers opposed to Israel participated in the recent attack on 90 Israeli websites. He also said that the attack had been planned since November 2012, with the
WordPress Sites Targeted by Mass Brute-force Botnet Attack(US_CERT) US-CERT is aware of an ongoing campaign targeting the content management software WordPress, a free and open source blogging tool and web publishing platform based on PHP and MySQL. All hosting providers offering WordPress for web content management are potentially targets. Hackers reportedly are utilizing over 90,000 servers to compromise websites' administrator panels by exploiting hosts with "admin" as account name, and weak passwords which are being resolved through brute force attack methods
Hackers Using Brute-Force Attacks to Harvest WordPress Sites(Threatpost) Months of distributed denial of service attacks against major U.S. banks have evolved in magnitude and ferocity causing service disruptions for online banking customers. They've also shown the way for other attackers to adapt and evolve techniques used in those attacks
Microsoft Discovers Trojan That Erases Evidence Of Its Existence(Dark Reading) This downloader is also the payload. Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: it deletes its own components so researchers and forensics investigators can't analyze or identify it. The so-called Win32/Nemim.gen!A Trojan is also unusual in that unlike most Trojan downloaders that are put in place to deliver the real payload, this Trojan is also the payload, according to Jonathan San Jose, a member of Microsoft's Malware Protection Center
Digital Defense Discovers Zero-Day Vulnerability in Dell EqualLogic Storage Solution(Wall Street Journal) Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, announced a zero-day finding, discovered by the company's Vulnerability Research Team (VRT). The flaw is a directory traversal which resides in the Dell EqualLogic solution. A remote unauthenticated attacker could potentially leverage the vulnerability to retrieve system files. This security issue was revealed using DDI's patent-pending vulnerability scanning technology
Security expert identifies targeted attack utilizing malware for Android devices(CSO) Kaspersky Lab has detected a new targeted attack against Uyghur activists which, for the first time, is based on a malicious program for Android-based mobile devices. The attack is designed and performed in a similar manner as numerous other attacks on Uyghur and Tibetan activists, but instead of relying on exploit-rigged DOC, XLS or PDF documents for Windows-based computers or Macs, it targets mobile devices
FAA and security researchers at odds over airplane hack security(Naked Security) The avionics bigwigs FAA and EASA have said "bunk!" to a researcher's claims that his new Android app could potentially hack planes. OK, says fellow plane hacker "Renderman," if that's true, there's no harm in giving public access to your test labs, now is there
In tit for tat, Indian hackers deface 37 Brazilian websites(The Hindu) In retaliation for the hacking of several Indian government websites by Brazilian hackers on April 6, a group of unknown Indian hackers has defaced 37 Brazilian websites, virtually declaring a cyberwar. The Indian hackers have not only blocked the websites but also left a provocative message claiming that the server of all the hacked websites was "now under the control of the Indian hackers."
Malaysian government behind media cyber attacks: Sarawak Report(Radio Australia) On Thursday, the websites for Radio Free Malaysia, Radio Free Sarawak and the news portal Sarawak Report were brought down by a cyber attack strategy known as Distributed Denial Of Service - whereby millions of computers send requests at the same
After ING, now it's Rabobank's turn for a cyber attack(DutchNews.nl) Rabobank customers were unable to access their online accounts for some 15 minutes on Monday after the bank was subjected to a cyber attack. A spokesman for the bank said its firewall had managed to block the attack and the bank's systems were quickly
Cyber Attack Sent 300,000 Government E-Mails Astray(Chosun Ilbo) A cyber attack last week on government computer networks caused 300,000 official e-mails to be delivered to the wrong recipients, it belatedly emerged on Monday. The Ministry of Culture, Sports and Tourism said an unregistered IP address accessed the government's integrated computer network for half an hour, causing 300,000 official messages to be sent out to random Hanmail accounts
Hacker TiGER-M@TE Hits Google Kenya, Bing Kenya, LinkedIn Kenya(eSecurity Planet) The Kenyan Web sites for Google, Dell, Skype, MSN, Bing, LinkedIn, HP, Microsoft, YouTube and others were defaced. Bangladeshi hacker TiGER-M@TE recently defaced several leading Web sites in Kenya, including google.co.ke, dell.co.ke, skype.co.ke, msn.co.ke, bing.co.ke, linkedin.co.ke, hp.co.ke, microsoft.co.ke, youtube.co.ke and others
Turkish Ajan Hacker Group Hits Gigabyte Technology(eSecurity Planet) The group released a file containing employee data, sales records, PowerPoint presentations and more. Hacker Maxney of the Turkish Ajan Hacker Group recently breached and defaced four subdomains of the Web site for Taiwan's Gigabyte Technology
Pa. state websites go dark; cyber-attack ruled out(Philly.com) A spokesman for the Office of Administration said Monday the outages were a technical issue and not the result of a cyber-attack. Spokesman Dan Egan says the websites that are down are the ones that are usually accessible through a web portal whose
Security Patches, Mitigations, and Software Updates
Google Fixes Three High-Risk Flaws in Chrome OS(Threatpost) Google has fixed a series of serious vulnerabilities in its Chrome OS, including three high-risk bugs that could be used for code execution on vulnerable machines. As part of its reward program, Google paid out more than $30,000 to a researcher who found three of the vulnerabilities
Gartner: By 2015, 10 Percent Of Overall IT Security Enterprise Product Capabilities Will Be Delivered In The Cloud(Dark Reading) By 2015, 10% of overall IT security enterprise product capabilities will be delivered in the cloud, according to Gartner, Inc. The services are also driving changes in the market landscape, particularly around a number of key security technology areas, such as secure email and secure Web gateways, remote vulnerability assessment, and Identity and Access Management (IAM). Gartner expects the cloud-based security services market to reach $4.2 billion by 2016
Survey Show IT Managers Increasingly Concerned Over DDoS Attacks(Dark Reading) New independent research commissioned by Corero Network Security (CNS: LN) shows that businesses are more stressed than ever about being the target of a Distributed Denial of Service (DDoS) attack. A survey of UK organisation's found that 41% of IT managers were 'highly or extremely' concerned about being the victim of an attack compared to 29% in 2012. Carried out by Vanson Bourne, the survey compared attitudes over the last two years among 100 mid to large-sized UK enterprises
Anonymous Hackers Hit TeenProgram.info, RestoringFamily.com(eSecurity Planet) More than 1,800 e-mail addresses and passwords were published online as part of #OpLiberation. As part of #OpLiberation, an ongoing effort to expose abuse of children at educational institutions for troubled teenagers, members of Anonymous recently leaked login information from the online institution directories TeenProgram.info and RestoringFamily.com
32.8 Million Android Devices Infected in 2012(eSecurity Planet) And more than 10 million devices were infected in the first quarter of 2013, according to NQ Mobile. NQ Mobile today released its 2012 Security Report [PDF file], which states that the number of mobile malware threats increased by 163 percent to more than 65,000 in 2012. The company says almost 95 percent of all mobile malware in 2012 targeted the Android operating system, and the top three methods for delivering such malware were app repackaging, malicious URLs, and smishing
Cyberterrorism Preparedness for Fire and Emergency Services(Fire Engineering) The frequency and sophistication of terrorist attacks increase with each passing year. So does the likelihood of another terrorist attack on the United States. Some believe we are living on borrowed time with each day that passes without terrorists attempting another attack. Recently, multiple intelligence experts have warned of a new phenomenon--the blended or combination terror attack. This type of attack is comprised of traditional methods used by terrorists--commonly thought of as bombs and bullets--with cyberattacks. The objective is to enhance the impact and losses that result from the physical forms of terror
Australian cyber posture is poor(ITWire) A recent Ponemon report commissioned by Juniper Networks found that IT and security ... in their organisation's ability to detect and prevent cyber attacks
Cyber criminals target employees' devices(Financial Times) It's unclear exactly when BYOD, or bring your own device, computing was born. But it was probably some time between the launch of the iPhone and its appearance in the boardroom. The trend spread quickly. According to data from Forrester Research, three out of every four employees now want to use their personal mobile devices for work
2014 Budget Request: DARPA(FierceGovernmentIT) Spending at the Defense Advanced Research Projects Agency would go down slightly under the White House fiscal 2014 budget proposal when the agency's requested amount is adjusted for the Office of Management and Budget's projected rate of inflation
NIST signs on vendors to develop cybersecurity framework(Health IT Security) The next step of the National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) plans will go into effect today as it officially brings in vendors to aid its cybersecurity framework development. NIST is holding a signing ceremony for companies and organizations that, as National Cybersecurity Excellence Partners, will subsidize hardware and software offerings and share best cybersecurity practices to organize and best use knowledge and technology
HyTrust Partners with National Cybersecurity Center of Excellence(Wall Street Journal) Press will have the opportunity to join U.S. Senator Barbara Mikulski and National Security Agency Director General Keith B. Alexander on a brief tour of the organization's new, state-of-the-art facilities and learn about other NIST cybersecurity programs
Will New Hires Impede Future Security?(Bank Info Security) The rush to find qualified IT security professionals to meet current cyber-threats could jeopardize IT systems' security in the not-too-distant future, say two leading IT security experts, Eugene Spafford and Ron Ross. Spafford, a Purdue University computer science professor, and Ross, a leading IT security and information risk management expert at the National Institute of Standards and Technology, presented differing views, at times, on the role cloud computing performs in helping mitigate information risk in the first of a two-part interview
Vulnerabilities up nearly 20%, reveals new HP research group(CSO) HP has formed the HP Security Research (HPSR) organization, a new group that will provide actionable security intelligence through published reports, threat briefings and enhancements to the HP security product portfolio. Under the direction of the new organization, the company also introduced findings from its annual Cyber Security Risk Report
Panda Global Protection 2013 review(ITProPortal) Panda Security was the first company to pioneer the cloud as the ideal place to hold AV signatures and other data used in checking for threats on a PC. Though many companies now do things more or less this way, the key feature of cloud-based protection is the light footprint it has on its host machines. The new full version of the Panda product is Panda Global Protection 2013 and it offers most of the components usually seen in Internet security (IS) products, although it's yet to take a multi-platform approach for the wide range of devices many of us use now. That's promised for the 2014 versions
Guidance Software Announces New Services to Accelerate Bringing E-Discovery In-House(4-Traders) Guidance Software, Inc. (NASDAQ: GUID), the World Leader in Digital Investigations, today announced two new professional services designed to help companies fundamentally improve the way they manage electronic discovery to gain efficiencies, achieve compliance, and reduce costs: EnCase eDiscovery Started Right and EnCase eDiscovery Done Right
NIST: It's Time to Abandon Control Frameworks as We Know Them(Tripwire) Developing a Framework To Improve Critical Infrastructure Cybersecurity: On February 12, 2013, the White House announced the "Improving Critical Infrastructure Cybersecurity" Executive Order. Subsequently, on February 26, 2013, the National Institute of Standards and Technology (NIST) published in the Federal Register a Request For Information (RFI). NIST takes its definition of "critical infrastructure" from the 42 U.S.C. 5195c(e) which states that it is all "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters"
Oops - You Mean That Deleted Server was a Certificate Authority?(Internet Storm Center) I was recently working at a client, implementing wireless. As in many Enterprise Wireless projects, we needed an Enterprise Certificate Authority (CA). Imagine my surprise, that when we went to create an Enterprise Root CA, that one already existed. And when we went to take a closer look at that Root CA, when we found that the server was retired - dead and gone, I got that sinking feeling and realized we might be on a trip down the project-over-run rabbit hole
APT 1: Technical backstage malware analysis(Malware.lu) The company Mandiant published in February 2013 a report about an Advance Persistent Threat (APT) called APT1. The report can be freely downloaded here: http://intelreport.mandiant.com/. Inspired by this article, we have decided to perform our own technical analysis of this case. In the report, Mandiant explains that the attackers were using a well-known Remote Administration Tool (RAT) called Poison Ivy and that they were located in China. We based our investigation based on those two facts only
Luxembourg: The Steve McQueen of Cybersecurity(Volokh Conspiracy) Here's the scant good news on cybersecurity It's getting harder for attackers to hide. The same security weaknesses that bedevil our networks can be found on the systems used by our attackers. A shorter version is something I call Baker's Law: "Our security sucks. But so does theirs." That's good news because, with a little gumption, we can exploit hacker networks, gather evidence that identifies our attackers, and eventually take action that will make them regret their career choices. Unfortunately, the United States has been sitting out this attribution revolution…Justice wants to cut off the debate over hacking back. But it's too late for that. Even if Justice adopts something tougher than its carefully qualified (and longstanding) statement that hackbacks are "likely a violation" of federal law, all it can really do is drive hackbacks offshore, leaving US companies more exposed to intrusions than companies in more tough-minded jurisdictions. Exhibit A for this theory is a recent cybersecurity report from two Luxembourg entities, a private computer incident response team and iTrust Consulting. Because it turns out that, as far as hackbacks go, little Luxembourg has more cojones than the entire United States cybersecurity establishment
Stanford's NovoEd Brings Collaboration And Group Learning To MOOCs To Help Fight Attrition(TechCrunch) What is it with Stanford professors and Massive Open Online Courses (a.k.a. MOOCs)? For those who have no idea what I'm talking about, two of the three most popular MOOCs — Udacity and Coursera — were both founded by Stanford professors. Then there's Class2Go, an open-source MOOC platform created by a team of Stanford engineers and professors, which recently "merged" with edX (the third member)
Legislation, Policy, and Regulation
Cyberwarrior Medal Is Canceled By Hagel(Washington Post) The special medal for the Pentagon's drone operators and cyberwarriors didn't last long. Two months after the "distinguished warfare medal" for troops that don't set foot on the battlefield was announced, Secretary of Defense Chuck Hagel has concluded that it was a bad idea. Some veterans and some lawmakers spoke out against the award, arguing that it was unfair to make the medal a higher honor than some issued for valor on the battlefield
US agency denies data center to monitor citizens' emails(Reuters) The U.S. National Security Agency on Monday denied that a $1.2 billion data center it is building in the Utah desert will be used to illegally eavesdrop on or monitor the emails of U.S. citizens. The secretive agency, which
US House to vote on CISPA cyber threat bill this week(InfoWorld) The Cyber Intelligence Sharing and Protection Act (CISPA), a controversial cyber threat information-sharing bill, will be debated on the floor of the U.S. House of Representatives this week, despite continued opposition from some privacy and digital
When All Else Fails During a Cyber Attack, Shoot Down a Satellite(Motherboard) Everybody in the United States government seems basically horrified about the destructive possibilities of a major cyber attack hitting our infrastructure. President Obama is describing apocalyptic outcomes involving toxic sludge and poisoned drinking water. The Pentagon is scrambling to recruit grey-hat hackers with enough skills to stand up against cyber nightmares like the People's Liberation Army in China. Anonymous is just laughing at everybody (as usual). But really, pranking, recruiting and fear-mongering aside, what do we do if we get hit with one of these scary attacks and can't defend ourselves? We cut the cord, of course. At least of the guys who plays a role in building our cyber security strategy from the ground up says that when all else fails, the US may start shooting down satellites to stem the flow of toxic code onto American networks. Michael Schmitt, a former Air Force intelligence officer and current chairman of the international law department at the U.S. Naval College, sat down for an interview with The New Scientist this week and spoke frankly about the worst case scenario
Cyber Security Goes Ballistic(HS Today) The Whitehouse recently announced that President Barack Obama has the authority to initiate a preventive cyber strike in the event that an attack on the US is threatened. This announcement means that in the cyber domain, the military now has the authority to attack foreign nations, regardless of whether or not the US is involved in a conflict with them. This pre-emptive cyber policy has numerous implications for international politics.
Cyber war is just a dangerous guessing game(Aljazeera) Getting to the bottom of Stuxnet is a sticky business, though plenty of researchers are trying. What is known is that it was a worm targeted at a uranium enrichment site in Iran, ostensibly to slow down the country's nuclear production programme. It is also known that it was the first cyber attack that has directly caused physical damage. What is not so clear is who was behind the attack, nor whether a Stuxnet-like virus could potentially knock out a city's power grid or other critical infrastructure - and panic around the latter has led to much rhetoric around the growing threat of cyber war
Taiwan's Fair Trade Commission Investigating Samsung For Online Attacks Against HTC(TechCrunch) Taiwan's Fair Trade Commission is investigating charges that Samsung paid students to attack rival HTC's smartphones online. The South Korean tech giant could potentially face a fine of up to NTD $25 million ($835,000 USD) if the charges of false advertising are upheld. Samsung's Taiwanese agent allegedly hired students to write online articles attacking HTC and recommending
BlackBerry charges stock manipulation, asks for government probe into report(FierceMobileIT) Returns of BlackBerry's (NASDAQ: BBRY) Z10 smartphones are exceeding sales in "several cases," according to a report by Detwiler Fenton & Co. that was cited by a Bloomberg article. This is a "phenomenon we have never seen before," the report said. It cited user dissatisfaction with the interface as the reason for the returns. But BlackBerry quickly shot back, charging that the information was "false" and that Detwiler Fenton was deliberately trying to manipulate the stock price
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Cyber Guardian 2013(Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection,...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Mobile Device Security for Defense and Government(Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan...
Infosecurity Europe(London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every...
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO(Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community.
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
TechExpo Cyber Security Hiring Event(Columbia, Maryland, USA, April 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.