Analysis Intelligence believes it sees coordination of attacks among the Iranian Cyber Army, Parastoo, and the al-Qassam Cyber Fighters; this suggests common direction by Tehran.
Several exploits are in play at week's end, as more malware attacks the Android "Master Key" vulnerability, Google Play apps have issues with "overly aggressive" adware, compromised Twitter accounts become malware vectors, and phony Apple Store emails deliver client-side exploits.
Cisco and OpenX release fixes; Microsoft previews its Patch Tuesday offerings.
The Economist offers dueling viewpoints on active defense. A hot market reputation can evanesce swiftly: witness the withdrawal of two secure, private email services (possibly under US Government legal pressure). Thus a sector other than cloud services feels a Snowden-driven pinch.
Other industry news suggests the cyber labor market is ripe for technology-driven de-skilling. Systems administrators appear to be the first targets of labor-force contraction as NSA bruits its intention of doing without some 90% of its own. General Alexander hints that they'll be replaced by a "thin virtual cloud structure." Cyber talent is scarce and pricey, so replacing labor with capital is unsurprising. We'll see if the technology is up to it.
Congressional scrutiny of US electronic surveillance continues. The New York Times reports such programs are bigger than hitherto believed; NSA insists it respects privacy.
Today's issue includes events affecting Canada, China, Ethiopia, Iran, Russia, Ukraine, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
The Convenient Timing of Iran–Linked Hacker Operations(Analysis Intelligence) We enjoy revealing patterns in cyber activity on this blog, as you might recall from our hacker workday research. And whether or not you believe the al-Qassam Cyber Fighters (QCF) are tied to the Iranian government, its ramping up phase 4 of Operation Ababil calls for a novel look at alleged associations with Tehran
'Hack Facebook' works great — on YOU, not your intended victim(Naked Security) Hack not lest ye be hacked yourself, says researcher Josh Long. The "Facebook Hacking Site" actually leads hacker-wannabes into receiving premium SMS texts that jack up their phone bills and may also collect login details, he's found
BANKER Malware Found Hosted on Google Code(TrendLabs Security Intelligence Blog) Google Code is Google's official open source site meant for developers to host their program's source code and related files, mostly in text format. However, using our sourcing system in Brazil, we were able to capture a malware written in Java that downloads BANKER malware from a recently created project called "flashplayerwindows". Of course, this bogus project has nothing to do with Adobe
Compromised Accounts Tweeting Links to Malware(Symantec) It is not uncommon to see social media accounts, specifically Twitter accounts, directing users to malicious sites such as the ones hosting Android.Opfake, an issue we blogged about last year. Recently, we discovered that the accounts of innocent users were being compromised to tweet these types of malicious links to their followers
Fake 'Apple Store Gift Card' themed emails serve client-side exploits and malware(Webroot Threat Blog) Apple Store users, beware! A currently ongoing malicious spam campaign is attempting to trick users into thinking that they've successfully received a legitimate 'Gift Card' worth $200. What's particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and a link to the same malware found in the malicious emails. Users can become infected by either executing the attachment or by clicking on the client-side exploits serving link found in the emails
Breaking Down the China Chopper Web Shell — Part I(FireEye) China Chopper: The Little Malware That Could. China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog post from security researcher Keith Tyler, we could find little useful information on China Chopper when we ran across it during an incident response engagement. So to contribute something new to the public knowledge base -- especially for those who happen to find the China Chopper server-side payload on one of their Web servers -- we studied the components, capabilities, payload attributes, and the detection rate of this 4 kilobyte menace
Breaking Down the China Chopper Web Shell — Part II(FireEye) In Part I of this series, I described China Chopper's easy-to-use interface and advanced features -- all the more remarkable considering the Web shell's tiny size: 73 bytes for the aspx version, 4 kilobytes on disk. In this post, I'll explain China Chopper's platform versatility, delivery mechanisms, traffic patterns, and detection. My hope is that armed with this information, you can eradicate this pest from your environment
Cisco TelePresence hole — I always feel like somebody's watching me(FierceITSecurity) Cisco (NASDAQ: CSCO) is warning about a security hole in its TelePresence immersive videoconference system that could enable an attacker to remotely gain control of the system. An attacker could exploit the hole created when default credentials are used to create a user account, the firm warned in a security advisory
SAP's Backdoor(Positive Research Center) SAP security research is one of my basic duties in Positive Technologies. Moreover, I had to think of what I would speak about to the participants of our PHDays III forum. Thus, I came to the following subject of research: how to hide a user with the SAP_ALL profile (i.e. all possible authorizations) in the system. If a malicious user manages to log in to the system and get the authorization to create users and assign privileges to them, then his next most probable step is to create a new account for himself, of course with all authorizations in the system. However, this user is listed in the results of internal checks and external audits, and there is zero chance that a user with SAP_ALL authorizations will not arouse any interest
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Advisory(US-CERT) Cisco has released a security advisory to address a vulnerability in the Cisco TelePresence System. This vulnerability may allow a remote attacker to access the web server via a user account created with default credentials, which gives the attacker full administrative rights to the system
OpenX Releases Security Update(US-CERT) OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad servers could be used in combination with various types of drive-by download, watering hole, and phishing attacks on web browsers and plug-ins
Firewalls and firefights(The Economist) A new breed of internet-security firms are encouraging companies to fight back against computer hackers. "If someone is shooting at you, the last thing you should focus on is the calibre of the bullet," says George Kurtz, the boss of CrowdStrike, a young tech company. Seated at a coffee table at Black Hat, a conference for the cyber-security industry held in Las Vegas recently, Mr Kurtz is expounding on the fundamental flaw he sees in the way many firms deal with cyber-intrusions. Most, he says, spend too much time trying to work out what hit them and far too little trying to understand the motivations of their attackers and how to counter future assaults
A byte for a byte(The Economist) Letting companies strike back at computer hackers is a bad idea. Security experts like to say that there are now two types of company: those which know they have been hacked and those which have been hacked without realising it. An annual study of 56 large American firms found that they suffered 102 successful cyber-attacks a week between them in 2012, a 42% rise on the year before. Rising numbers of online attacks are stoking a debate about how best to combat cyber-crooks. One emerging school of thought holds that companies should be allowed to defend themselves more aggressively by "hacking back"--using hacker-like techniques to recover stolen intellectual property and frustrate their assailants
Passcodes Pervasive On BYOD — But Not Strong(Dark Reading) 85 percent of enterprise smartphones and tablets require passcode-protection on smartphones and tablets, but only 7 percent employ secure ones. It's a classic balance-of-security-and-convenience story: an overwhelming majority of businesses today force their employees to passcode-protect their mobile devices, but most only with simple and less secure PINs
Enterprises are feeling the 'need for speed' in network firewalls(FierceITSecurity) Enterprises are being driven to buy faster firewalls in order to keep pace with network upgrades, according to a survey by Infonetics Research. More than three-quarters of the 104 large enterprises in North America surveyed said that upgrading to high-speed network interfaces on security appliances was the number one driver for investing in high-end firewalls
Cyber-crime and punishment: how to spot security winners(CityWire) Euro Stars AA-rated duo Yves Kramer and Frédéric Dupraz co-run the Pictet-Security fund, which is designed to tap worldwide companies dedicated to the maintaining the health, security and freedom of individuals, companies and governments
Go Long Cyber Security Companies(Seeking Alpha) We've seen one of the most groundbreaking intelligence scandals in history. Leaked to sources such as the Guardian, whistleblower Edward Snowden released a trove of files showing the NSA among others is not only spying on Americans, they are also monitoring conferences such as political negotiations, foreign diplomatic offices, and more
Snowden's e–mail provider is closing, cannot legally say why(Washington Post) The e-mail service used by National Security Agency (NSA) leaker Edward Snowden is suspending operations. And they can't tell us why -- although this cryptic post heavily suggests it has something to do with a government request for information
To Our Customers [re: Silent Mail](Silent Circle) We designed our phone, video, and text services (Silent Phone and Silent Text) to be completely end-to-end secure with all cryptography done on the clients and our exposure to your data to be nil. The reasons are obvious -- the less of your information we have, the better it is for you and for us
NSA Will Replace Potential Snowdens with Computers(Nextgov) The NSA will eliminate 90 percent of the system administrators who maintain the agency's networks, according to the agency's director Keith Alexander. Speaking on Thursday to a cybersecurity conference, the NSA chief said that most of the current work done by staff and contractor system administrators — Snowden's old job — could be replicated by automated technology
Defense Contractors Aren't Ready to Comply with Anti–Counterfeit Rule(Nextgov) Many contractors admit they will be unable to immediately comply with a rule, taking effect by March 2014, that would require contractors to either develop a new system for detecting counterfeit electronic parts or forego payment. The Pentagon is under pressure to address congressional concerns about the risk of weapons systems failing if adversaries or sloppy suppliers slip in unauthorized components. That's because the deadline for carrying out a 2011 defense authorization law calling for anti-counterfeit regulations was almost two years ago
Building a Cybersecurity Startup in Maryland(Light Point Security Blog) I was invited to speak last week at Technically Baltimore's event on Growing Maryland's Cybersecurity Industry. They invited a series of speakers to give 4 - 5 minute lightning talks on a variety of topics that explore the growing cybersecurity industry in Maryland. The goal was to discuss how we can grow Maryland's cybersecurity industry to create more jobs
Finding Maryland's Next Cyber Security Darling(Baltimore Business Journal) Maryland may have sold its shares of Sourcefire Inc. years ago, but the state still stands to win big from the Columbia cyber security firm's $2.7 billion sale
Maltego Gets More 'Teeth'(Dark Reading) New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets
Statement by Tailored Solutions and Consulting (TSC) on FBI's iGuardian Platform for Cyber Threat Reporting(SFGate) While U.S. Executive Order 13636 represents a new policy emphasis on public and private sector coordination on cyber threats, the FBI's recent launch of iGuardian is a complementary initiative dedicated to the mutual benefit of government and industry. It is a mechanism designed to expedite and augment the cyber security dialogue between private industry and the FBI. It also extends to private industry actors that are not officially designated as critical infrastructure, which is the primary scope of E.O. 13636. More importantly, however, it demonstrates the FBI's commitment to establishing cyber programs that create value for participating US businesses
Security intelligence through configuration auditing(Help Net Security) Modern systems have a multitude of configuration elements that, ideally, meet the IT business requirements of the organization. The danger of having poorly configured systems in place is real
Security Metrics Are Undervalued, Misunderstood(CIO Insight) Keeping your corporate network secure is arguably the most important aspect of any CIO's job. But a new study from risk-based security compliance company Tripwire seems to indicate that determining the metrics for security and conveying to the business side what it takes to keep a company safe is quite difficult. And when security and its importance cannot be conveyed to the business side, security itself suffers. "Chief Information Security Officers talk about the importance of leveraging metrics as a way to influence business leadership and build a risk management practice within their companies," says Rekha Shenoy, vice president of marketing at Tripwire
The future of big data: cognitive computing(FierceBigData) The holy grail in big data is context plus causation. Companies and governments alike seek information that reveals relationships, causes of action, and is steeped in meaningful context
Training the next generation of cyber security warriors(University of Hawai'i) Teachers from ?Aiea, ?Iolani, Kaimuk?, Leilehua, McKinley, Mid-Pacific and Sacred Hearts Academy spent four intense days participating in a CyberPatriot Boot Camp, the first of its kind at Honolulu Community College. They learned the basics of cyber security including understanding the anatomy of a cyber attack, cryptography, digital forensics
Cyber still largely missing from military graduate programs(FierceGovernmentIT) Although the Defense Department has acknowledged that future military conflicts will have a cyber component, graduate programs at military academies still lack adequate information technology and cybersecurity curriculum
The kids code alright: Inside Young Rewired State's Festival of Code(ITProPortal) I had a relatively privileged upbringing when it comes to technology. Way back in the prehistoric 90s, my school had dedicated IT classes and we learnt a number of key skills. Mavis Beacon helped me become a reasonably adept typist and I acquired an average level of competency with Microsoft applications like Word, Excel and PowerPoint. I even stuck my head into basic HTML and built an Angelfire page dedicated to the New England Patriots. Coupled with a fondness of Sierra's fantasy RPGs and the advent of Sid Meier's early strategy games, you the makings of a veritable geek
DEA, NSA Teamwork: 6 Privacy Worries(InformationWeek) Government agents investigating criminal cases reportedly are tapping into NSA-furnished intelligence. Legal experts cry foul. A secretive U.S. Drug Enforcement Agency unit is taking information gathered by intelligence agencies and using it to prosecute Americans, sometimes for minor offenses, according to a Reuters report. Furthermore, DEA agents have been instructed to obfuscate how they came into possession of the information and reverse-engineer the evidence trail to make it appear as if the information was obtained through other means, Reuters reported
Don't Call It A Cold War(Philadelphia Inquirer) Canceling the meeting with Putin doesnt mean Obama isnt interested in improving relations with Russia. Secretary of State John Kerry and Defense Secretary Chuck Hagel still planned to sit down with their Russian counterparts today to discuss Syria, Iran, Afghanistan, and Snowden
Breaking Through Limits On Spying(New York Times) Apparently no espionage tool that Congress gives the National Security Agency is big enough or intrusive enough to satisfy the agencys inexhaustible appetite for delving into the communications of Americans
War By Wordplay(Washington Post) Well, it makes a difference, first, because truth is a virtue. Second, because if you keep lying to the American people, they may seriously question whether anything you say for example, about the benign nature of NSA surveillance is not another self-serving lie. And third, because leading a country through yet another long twilight struggle requires not just honesty but clarity
Piercing The Confusion Around Phone Program(Washington Post) The program that collects metadata has been referred to in shorthand as the 215 program after the section in the law that governs it. It is a search for a needle in a haystack of unimaginable proportions, and administration officials can point to few successes
Pentagon 'Information Operations' Chief Moves On (USA Today) The Pentagon's point man for "information operations," Austin Branch, is moving on to the National Counter Terrorism Center. Branch has led military's IO effort -- referred to by some as propaganda -- during a period of rapid expansion and, of late, criticism from Capitol Hill. He will be replaced by Mike Banaszewski, who is chief of staff for the deputy assistant secretary of Defense for Special Operations and Counter Terrorism, according to Navy Cmdr. Amy Derrick-Frost, a Pentagon spokeswoman
Witness In Manning Case Says Leaks Could Help Al Qaeda(New York Times) A prosecution witness in the sentencing phase of the court-martial of Pfc. Bradley Manning told a military judge on Thursday that Al Qaeda could have used WikiLeaks disclosures, including classified United States government materials provided by Private Manning, to encourage attacks in the West, in testimony meant to show the harm done by his actions
E–Reader Coalition Seeks Waiver of Disabled Access Requirements(Telecom Law Monitor) On August 1, 2013, the Federal Communications Commission ("FCC" or "Commission") released a Public Notice seeking comment by September 3, 2013 on a petition for waiver from the disabled access requirements filed by a coalition of e-reader manufacturers (Amazon, Kobo and Sony Electronics). In late 2011, the FCC released a Report and Order implementing provisions of the Twenty-First Century Communications and Video Accessibility Act of 2010 ("CVAA") to ensure that people with disabilities have access to advanced communications services ("ACS")
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
AIAA Aviation 2013(Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...
Security in Government (SIG) (Canberra, Australia, August 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy...
A Cloud Computing Introduction for Manager(Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...
Resilience Week 201(San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo(Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...
National SCADA Conference(Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Defense Logistics Agency Tech Expo(Fort Belvoir, Virginia, USA, August 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum(Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.