Heritage assesses Iranian cyber attack intentions and capabilities.
Former DirNSA Hayden suggests a thought experiment. While hacktivists aren't equivalent to terrorists, consider an analogy: what target would be to hackers as the World Trade Center was to al Qaeda?
Baneki Privacy Labs and Cryptocloud back away from their claim that Tor anonymity was compromised through an NSA-run exploit. They conclude now that there's no solid evidence for attribution. In New Zealand, a professor calls on people to lead government surveillance services on a "merry dance" by flashmob versions of a mass Bayesian poisoning attack.
Netherlands DNS servers experience a fresh wave of hijacking, mostly to direct traffic to Blackhole. An obscure Kansas City subnet appears to be involved in snooping around Indian government and military sites. Other odd exploits include an apparently motiveless attack by Bangladeshi hackers on the Covina, California, police department, and Kosovo hacktivists' defacement of British UNESCO pages with anti-Serb diatribes.
Cisco TelePresence is found vulnerable to remote exploitation. A fresh entry to the black market, the "Hand of Thief" banking Trojan (now only $2000) attacks Linux but not Windows systems. Popular blogging platforms remain under brute force attack (the "Fort Disco" campaign).
Google sticks to its guns over Chrome password storage, and many observers agree—Google is "thinking like a security architect."
Forbes asks about power grid cyber vulnerability; Control coincidentally gives a partial answer.
Huawei pushes into the Western enterprise market. Chinese media high-five Putin for embarrassing the US over Snowden. NSA remains under scrutiny.
Today's issue includes events affecting Australia, Bangladesh, Belgium, China, European Union, India, Iran, Kosovo, Netherlands, New Zealand, Russia, Serbia, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
Iran's Covert Cyber War(Heritage.org ) Even though Iran lacks the manpower or expertise level of China and Russia, Tehran is credited with a massive cyber attack on Saudi Arabia's ARAMCO
Snowden Wikipedia Page edited from a senate computer, calling him a Traitor(Hack Read) Someone inside the senate is not much a pro to NSA's whistleblower Snowden as they are using the platform of Wikipedia to express their view point. The page at Wikipedia which describes all about Edward Snowden who is known to have leaked many classified files of NSA has been revised on many occasions since he first started sharing of confidential files back in June
Gehan Gunasekara: Let's lead the spooks a merry dance(New Zealand Herald) For the Government it is the perfect privacy storm: the Snowden disclosures about massive NSA internet and phone surveillance continue to pour in, a journalist's phone records and swipe card logs have been inappropriately accessed, and earlier revelations through the Dotcom affair showed illegal spying by the GCSB of New Zealand residents - at the very time the Government is attempting to legitimise the illegal spying by pushing through new surveillance legislation against the wishes of the vast majority of citizens
In face of scrutiny, researchers back off NSA "Torsploit" claim(Ars Technica) They admit it was either a misread of data or data somehow changed after assessment. Researchers who claimed they found a link between the Internet addresses used as part of malware that attacked Freedom Hosting's "hidden service" websites last week and the National Security Agency (NSA) have backed off substantially from their original assertions. After the findings were criticized by others who analyzed Domain Name Service and American Registry for Internet Numbers (ARIN) data associated with the addresses in question, Baneki Privacy Labs and Cryptocloud admitted that analysis of the ownership of the IP addresses was flawed. However, they believe the data that they used to make the connection between the address and the NSA may have changed between their first observation
UK National Commission for UNESCO Website Hacked by Kosova Warriors Group(Hack Read) A group of hacker going with the handle of Kosova Warriors Group has hacked and defaced the official website of United Kingdom (UK) National Commission for The United Nations Educational, Scientific and Cultural Organization (UNESCO). Hackers left a deface page along with a message on the hacked site bashing Serbs for killing over thousands of people. The deface message was explaine
DNS servers hijacked in the Netherlands(Internet Storm Center) Earlier this week reports started to appear that the DNS of several webhosting companies in the Netherlands had been hijacked and those using the services were being redirected to malware sites, notably blackhole
The Reality of Browser-Based Botnets(TrendLabs Security Intelligence Blog) The research on browser-based botnets presented during the recent Blackhat conference in Las Vegas touches on our previous study on the abuse of HTML5. Most importantly, it shows how a simple fake online ad can lead to formidable threats like a distributed denial of service (DDoS) attack
Timing Attacks On Browsers Leak Sensitive Information(Dark Reading) Variations in the redraw times of graphical elements could allow an attacker to see sites a user has visited, sensitive information. Two attacks discovered by a security consultant exploit the way modern browsers render text and graphics to allow a malicious site to read sensitive information from other websites and expose a user's browsing history to an attacker
Reverse engineering reveals inner workings of Comfoo Trojan(GCN) Researchers at Dell SecureWorks have been able to monitor the command and control system of an advanced Remote Access Trojan being used by Chinese hackers to penetrate government, high-tech companies and educational systems in the United States, Asia and Europe
Analyzing the Fort Disco bruteforce campaign(Help Net Security) In recent months, several researchers have highlighted an uptick in bruteforce password guessing attacks targeting blogging and content management systems. Arbor ASERT has been tracking a campaign we
Fort Disco Bruteforce Campaign(Arbor Networks) In recent months, several researchers have highlighted an uptick in bruteforce password guessing attacks targeting blogging and content management systems. Arbor ASERT has been tracking a campaign we are calling Fort Disco that began in late May 2013 and is continuing. We've identified six related command-and-control (C&C) sites that control a botnet of over 25,000 infected Windows machines. To date, over 6,000 Joomla, WordPress, and Datalife Engine installations have been the victims of password guessing
On Fake "F–Secure Security Pack" Malicious Browser Extension(F-Secure) We have been following a malicious browser extension that claims to have been developed by various different software companies. The extension installs itself into the browser and makes posts to social media sites such as Twitter, Facebook and Google+ on the user's behalf. One of the variants installs itself as "F-Secure Security Pack" -- and trust us -- it's definitely not coming from us
Cybercriminals spamvertise fake 'O2 U.K MMS' themed emails, serve malware(Webroot Threat Blog) British users, watch what you execute on your PCs! An ongoing malicious spam campaign is impersonating U.K's O2 mobile carrier, in an attempt to trick its customers into executing a fake 'MMS message" attachment found in the emails. Once socially engineered users do so, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals whose activities we continue to monitor
New Retail Breach Among 2013's Biggest?(BankInfoSecurity.com) A cyber-attack that hit Harbor Freight Tools and likely exposed card data processed at all 400 of its retail tool stores could rank among one of the biggest retail
Hackers Plant False Gorbachev Death Rumor(SecurityWeek) The last Soviet leader Mikhail Gorbachev was forced to deny rumors of his death after hackers planted a false report on Twitter accounts of a state news agency
Information leakage through cloud file storage services(Internet Storm Center) Cloud services are here to stay. This poses a big challenge for information security professionals, because we cannot longer restrict mobility and thus we need to implement controls to ensure that mobility services does not pose a threat to any information security asset of the company
Why Everyone Is Pissed Off About Google Chrome's Sound Security(Wired) There's much gnashing of teeth today over the discovery that Google Chrome lets you -- or anyone using your computer -- see the plaintext web passwords stored by your browser. This isn't a security bug. It's Chrome's documented behavior, and has been all along. But an outraged blog post highlighting the issue yesterday by U.K. software developer Elliot Kember was picked up by Hacker News, thrusting Google's security choices into the limelight
Chrome, Firefox blab your passwords in a just few clicks: Shrug, wary or kill?(The Register) Vote now: Browsers reveal logins on idle PCs, but is it a code flaw or a brain bug? Poll Web browsers Google Chrome and Mozilla Firefox can reveal the logged-in user's saved website passwords in a few clicks. There now rages a debate over whether this is an alarming security flaw or a common feature
How Vulnerable Are Power Companies To Cyberattack?(Forbes) In Washington D.C. this morning, security officials from some of the country's largest utilities met to discuss how to prepare for the possibility of a large-scale cyberattack on the power grid. Most agreed that it is only a matter of time before one comes to pass, and one official said his company is beginning to view the threat as on par with that of a large storm or hurricane
The system is still broken — the failure of a cyber–sensitive substation device affecting a nuclear plant(Control) Unlike other industries, nuclear plants are required to identify all unusual events. Consequently, it is easier to find incidents that are, or could be, cyber. I was recently made aware of a nuclear plant incident with a station auxiliary transformer load tap changer (LTC). LTCs are used in ALL substation transformers and are designed to be remotely accessible. Troubleshooting at the nuclear plant determined that the LTC alarm in the Main Control Room was caused by the failure of the LTC motor (the LTC alarm was the cause of the unusual event). The motor failed due to continuous tap change demands from the transformer Automatic Voltage Control (AVC) system over a SEVENTY MINUTE period. The apparent cause is the AVC firmware failed, which caused the erroneous output signals to continuously run the LTC motor without stopping and as a result failed the motor
Security Patches, Mitigations, and Software Updates
Microsoft patches gaping security hole in Yammer(FierceContentManagement) At the end of July Microsoft plugged a gaping hole in its enterprise social networking tool, Yammer. As reported on ZDNet, Yammer (acquired by Microsoft in late 2012) relies on the popular OAuth 2.0 authentication scheme. However, an error in Yammer's implementation of OAuth allowed a security researcher at Vulnerability Laboratory to find critical information with simple Google searches and use that information to log in as another user
Businesses Not Doing Enough to Avoid Cyber Attacks(TechBoson) IT Governance, the cyber security services business, has issued the infographic (below) as part of its campaign to encourage leaders of all sizes of business to take appropriate action against the risk of cyber attacks and associated data breaches and business interruption. The infographic attempts to quantify the reality of today's cyber threat with hard-hitting statistics. It then sets out a risk-assessment process that businesses should perform to thwart potential cyber attacker
Compliance no longer main driver of security measures(Help Net Security) The need to ensure compliance with regulations should no longer be the primary consideration of CIOs when planning IT risk and security measures. Gartner said compliance is an outcome of a well-run risk management programme and should not dominate CIOs' decision making
'Belgium poorly defended against hackers'(Le Soir) Belgium has occasonally request assistance from the "American big brother" to counter cyber-attacks. This is the key point of an interview given by deputy chief of staff General Eddy Testelmans to the magazine MO, which has been reported by Le Soir
Cyberwar: nerds to the front!(Deutsche Welle) All the same, it wouldn't be legitimate to respond to every cyber attack as if it were an armed attack which would justify responding under the law of self-defense
Most companies don't have data breach cyber insurance(Help Net Security) Companies now rank cyber security risks as greater than natural disasters and other major business risks, according to a new Ponemon Institute study. While only 31 percent of companies are insured today, there are a growing number of companies exploring policies. This indicates a larger appetite for financial protection in the wake of a breach
The hidden costs of BYOD(FierceMobileIT) Despite the promise of reduced hardware costs, BYOD is actually costing enterprises more money in terms of wireless infrastructure upgrades, support costs, mobile device management spending, and increased security costs
Is malware lurking in your employee's smartphone?(FierceMobileIT) IT professionals are increasingly concerned about the security risks posed by personal mobile devices in the workplace, particularly the introduction of malware into the corporate network
The Android strain(FierceMobileIT) As in Michael Crichton's best-selling novel the Andromeda Strain, an epidemic is raging on planet Earth. This time, it's not a microorganism attacking the blood stream that is the problem, but malicious software attacking corporate network
Analytics helping 'smart' Sydney Airport get off the ground(ZDNet ) It may only have access to 5% of the information it needs, but Australia's largest and busiest airport has already seen early successes using big-data analytics to better model passenger flow and plan new services. Sydney Airport - the main international gateway to Australia and the country's busiest airport - is already claiming progress on its efforts to become a 'smart airport' after using IBM statistical and business tools to create new analytical models that combine data from a bevy of siloed information systems
Huawei seeks growth in enterprise network business(ZDNet) The U.S. market may be a "disappointment" to the Asian firm, but it hasn't stopped Huawei from trying to tap into the lucrative enterprise sphere. Huawei is attempting to gain a firmer grip in the enterprise market by diversifying and developing communications gear used by the corporate world to build personalized campus networks
Security testing deadlines slip for CMS's Data Services Hub, says OIG(FierceGovIT) The Centers for Medicare and Medicaid Service is in the process of standing up a Data Services Hub to serve state health insurance and federally-facilitated exchanges as part of the Affordable Care Act. The agency is testing the security of the platform, but auditors are concerned that some tests have been pushed back dangerously close to the launch date
Free tool for auditing Google Apps(Help Net Security) BeyondTrust released PowerBroker Auditor for Google Apps, available for free, to the BeyondTrust user community. The tool was developed to ease the burdens associated with auditing these commonly used web applications for proper usage and compliance
IOActive launches security intelligence service(Help Net Security) IOActive launched its new Security Intelligence Service, to help arm organizations with prioritized critical security insights based on their business. World-renowned research capabilities
Dropbox: Safe for business use?(FierceContentManagement) Cloud storage and file sync service Dropbox broke the 100-million user mark late last year. So it might be a little late to ask the question, but ITPro does raise a set of concerns about the suitableness of Dropbox for enterprise business
FBI 5 Best Practices For Combatting The Insider Threat In Your Business(Forbes) I attended a good brief by Patrick Reidy, CISO for the FBI at Black Hat last week on combatting the insider threat. The insider threat is someone on the inside of your business who is stealing or releasing information and/or physical goods to the detriment of your business. The FBI, of course, has an even greater responsibility since they are protecting not only their own information, but that of the nation as well. As such, there is an expectation that they will take the insider threat seriously and develop effective countermeasure for it. In any business, the insider threat is generally far more likely to result in losses than an outsider breaking into your systems
Browser Password Storage: An Overview(ThreatTrack Security Labs) It seems a lot of people are surprised that some browsers store passwords and let whoever is sitting at the PC view those stored passwords. Well, surprise! Some browsers store passwords and let whoever is sitting at the PC view those stored passwords. Here is a fast and not very furious shakedown on browser password storage
I Conned One This Big Say Cyber Phishers(TechBoson) Back in 2005 Rohyt Belani was running a mobile services company called Intrepidus when he noticed the growing amount of phishing* and a complete lack of protection within the client companies. "What can we do, they asked me. I said that they should check their technical controls and how they managed employee behaviour and they were puzzled"
Opposition May Bring Change to NSA(Enterprise Security Today) Momentum is building toward upending once-secret surveillance programs such as the NSA's operations disclosed by Edward Snowden. Lawmakers of all political stripes are now part of a growing coalition that is challenging the scope and effectiveness of the formerly secret operations for the same reasons that drove Snowden to disclose them
N.S.A. Searches Said to Include Broader Sifting of Data Abroad(New York Times) The National Security Agency is searching the contents of vast amounts of Americans' e-mail and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials
New Report Lays Out Principles for Sound Cybersecurity Policy(Digital Forensic Investigator) Cyber crime and cyber attacks are genuine threats, with reports of data breaches, hacks, or thefts appearing regularly in the news. But as law enforcement, industry, academic, and government experts prepare to gather in New York City on August 5-8, 2013, for the fourth International Conference on Cybersecurity (ICCS 13), it's worth asking whether the threat has been overstated and the government's approach to it, overreaching
U.S. officials say NSA leaks may hamper cyber policy debate(Chicago Tribune) Weeks of revelations about secret U.S. surveillance programs could stymie progress on negotiations over new laws and regulations meant to beef up the country's defenses against the growing threat of cyber attacks, cyber security experts say
The Data–Mining Of Social Media: Get Used To It(Washington Post) The June disclosure that the National Security Agency is collecting everyone's telephone records and storing them for five years as part of anti-terrorism efforts has caused an uproar. Get used to it
Broader Sifting Of Message Data By N.S.A. Is Seen(New York Times) The National Security Agency is searching the contents of vast amounts of Americans' e-mail and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials
Ties Fraying, Obama Drops Putin Meeting(New York Times) President Obama on Wednesday canceled next month's Moscow summit meeting, ending for now his signature effort to transform Russian-American relations and potentially dooming his aspirations for further nuclear arms cuts before leaving office
A Welcome Rebuke To Putin(Wall Street Journal) President Obama's decision to cancel his one-on-one meeting with Vladimir Putin in Moscow next month is the right decision -- politically, the only one he could make and not look like a patsy. The question is whether this is merely a symbolic rebuke or the beginning of a policy shift that recognizes the Putin regime's hostility to American interests
China applauds Russia for making the US "eat dirt" in the Snowden showdown(Quartz) US President Barack Obama's cancelled meeting with Russian President Vladimir Putin provided a great opportunity for China's state-run media to high-five Russia, showcasing growing ties between the two neighbors. "Russia has impressed the world, which views the Kremlin as the 'winner' and the White House as the 'loser,'" proclaimed an unsigned editorial in the Global Times on Thursday about the decision to give immunity to NSA leaker Edward Snowden. "Moscow displayed its national characteristics of decisiveness and boldness." China's decision to let Snowden decamp from Hong Kong and avoid confronting America head-on "serves the long-term interests of China's diplomacy," the paper added, concluding that Washington, "ate dirt this time"
Slight shift seen in official Chinese attitude on cybersecurity(FierceGovIT) The government of China has slightly shifted its stance on cybersecurity issues from "outright denials, counter-accusations, conflating various cyber activities, rejection of laws of warfare in cyberspace, promotion of sovereign control over cyberspace, and expressions of victimization" to a new one of some willingness to talk directly with the United States about cybersecurity, says a Congressional Research Service report
Mueller: There is no digital Cold War(FierceGovIT) There is no digital Cold War even though there is conflict over Internet governance between those who favor sovereign control and those who favor transnational civil society organizations, says Milton Mueller, an Internet governance academic at Syracuse University
Commerce Dept. critical of liability protection as cybersecurity framework incentive(FierceGovIT) Liability protection as an incentive for private sector adoption of the cybersecurity framework under development by the National Institute of Standards and Technology requires further study, says the Commerce Department in a discussion paper that takes a skeptical view of the need for protection against tort claims and other possible private sector incentives
IRS agents were told to hide cooperation with DEA intelligence gathering(The Verge) Yesterday, the US Drug Enforcement Agency (DEA) was thrust into the spotlight when Reuters published a story about its practice of recreating the investigative trail to conceal leads it receives from the NSA. Now we're learning that the practice isn't limited to the DEA; Reuters reports that between 2005 and 2006, the Internal Revenue Service instructed its agents to scrub affidavits, investigative files, and court proceedings for references to tips provided by the DEA's Special Operations Division. The directive formed part of the agency's Internal Revenue Manual, but Reuters reports that it was removed as early as 2007. The IRS declined to comment on either the entry or its removal
Nintendo Sues Console Hacking Website(Security Week) Nintendo said Wednesday that it has filed a lawsuit against a US website with a business model built on hacking into the company's videogame hardware
Texas federal judge declares Bitcoin a currency, says Bitcoin investments fall under US securities law(Engadget) Bitcoin's been in the news a fair bit lately due to the uncertainties surrounding the Mt. Gox exchange, where one can trade in the digital money for the official currencies of countries around the world. However, for many, Bitcoin remains an ephemeral idea, neither received nor recognized as a valid way to, you know, pay for stuff. Today, however, a federal judge in the Eastern District of Texas has officially recognized Bitcoin as a currency and declared that Bitcoin investment funds and transactions fall under the jurisdiction of US securities law, and therefore, the federal justice system as well
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
International Conference on Cyber Security(New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...
AFCEA Tinker AFB Information Technology & Cyber Security Expo(Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information...
AIAA Aviation 2013(Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...
Security in Government (SIG) (Canberra, Australia, August 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy...
A Cloud Computing Introduction for Manager(Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...
Resilience Week 201(San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo(Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...
National SCADA Conference(Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Defense Logistics Agency Tech Expo(Fort Belvoir, Virginia, USA, August 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum(Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.