OpIsrael, the hacktivist campaign that's so far produced fizzled attacks, promises to return in a big way on September 11. Their record suggests their limitations; still, it would be unwise to dismiss them out of hand.
Norman Shark publishes a well-documented report on Operation Hangover, allegedly an Indian government campaign against, among other targets, Norwegian telecom infrastructure.
Chinese attacks, surely state-directed, again affect Tibetan activist and sympathizer sites. FireEye reports that China's Comment Crew is back, and using new versions of cracking tools "Aumlib" and "Ixeshe."
Counter.php is found redirecting victims to the Styx exploit kit. IPv6 is shown readily adaptable to man-in-the-middle attacks. Researchers warn that Windows XP's retirement next April will be a boon to cyber criminals: users are likely to continue using XP, and attacks on the OS will not be met with patching.
Dark Reading reports on trends in malware obfuscation, including the increasingly familiar ability to detect virtualization.
Joomla, whose platform's vulnerabilities continue to be exploited, issues fixes and strongly encourages users to apply them. Today is, of course, Patch Tuesday, and Redmond is expected to issue its monthly upgrades shortly.
Shortages of cyber talent are affecting many sectors, including medical devices and healthcare.
Mega promises to fill the secure email market niches left by Silent Circle's and Lavabit's exit. Others hope to fill the gap by building meshnets.
US President Obama, whose recent denial of domestic electronic surveillance has met with widespread skepticism, appoints DNI James Clapper to lead a surveillance policy review panel.
Today's issue includes events affecting China, Germany, India, Israel, Kenya, Democratic People's Republic of Korea, Norway, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
#opIsrael reborn: Hackers unite in global operation set for 11 September 2013(Cyberwarzone) Multiple sources are showing that hackers are uniting to strike Israel on 11 September 2013. The #opIsrael reborn operation is an operation that has been initiated by hackers that are active on social media platforms like Facebook and Twitter. This is not the first time Israel is being targeted by an Operation
OPERATION HANGOVER |Executive Summary: Unveiling an Indian Cyberattack Infrastructure(NormanShark) This report details a sophisticated cyberattack infrastructure that appears to originate from India, conducted by private threat actors with no evidence of state-sponsorship. It has likely been inoperation for over three years, primarily as a platform for surveillance against targets of nationalsecurity interest that are mostly based in Pakistan and possibly in the United States. It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations. Evidence points to professional project management and outsourcing of key
tasks, including some by freelance programmers
Key Tibetan website compromised(CSO) Code on the Central Tibetan Administration website targets Chinese-speaking visitors and installs a backdoor on their systems
Researchers demonstrate how IPv6 can easily be used to perform MitM attacks(Virus Bulletin) Many devices simply waiting for router advertisements, good or evil. When early last year I was doing research for an article on IPv6 and security, I was surprised to learn how easy it was to set up an IPv6 tunnel into an IPv4-only environment. I expected this could easily be used in various nefarious ways
XP's retirement will be hacker heaven(Computerworld) Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the aged operating system next April
5 examples of zero-day attacks(Network World) Windows: In May, Google security engineer Tavis Ormandy announced a zero-day flaw in all currently supported releases of the Windows OS. According to his
Simple Hack Threatens Outdated Joomla Sites(Krebs on Security) If you run a site powered by the Joomla content management system and haven't yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors
Joomla Exploit Cashes Out Accounts with Zbot Variant(Infosecurity Magazine) Websites using the popular content management system Joomla are at risk of being hijacked for use in malware payload and phishing attacks, thanks to the discovery of a fresh vulnerability and accompanying zero-day attack
Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity(Webroot Threat Blog) Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones -- think traffic acquisition through illegally embedded iFrames -- has been contributing to the growing market segment where traffic is bought, sold and re-sold, for the sole purpose of monetizing it through illegal means
Smartphone Experts Hacked (eSecurity Planet) On August 6, 2013, Smartphone Experts began notifying an undisclosed number of its customers that a hacker or hackers had accessed the system used to process payments for purchases made on its Web site. The breach was discovered on July 12, 2013
Security Patches, Mitigations, and Software Updates
After paying $2M in rewrds, Google multiplies some bug bounties five times(Threatpost) Google's bug bounty program has been one of the more successful reward systems of its kind, and the company has regularly modified and expanded the program over the years to keep pace with what's going on in the industry. Google also has increased the rewards it offers for certain kinds of vulnerabilities several times, and the company is doing it again, raising the lower reward level from $1,000 to $5,000
Cryptography: The cloud war's weighty truce(SC Magazine) In reality, the true barrier to cloud adoption isn't the security itself but understanding data security and knowing how to utilize solutions such as cryptography to
480m trojan attacks on smartphones in China(Xinhuanet) More than 480 million smartphones in China have fallen victim to malicious software (malware) in the first half of 2013, a number almost equal to the total registered complaints in 2012
How security smart is Generation Y?(CSO) Some experts call Millennials, or Generation Y, the 'new threat vector.' But others say the weakest link in the enterprise is people of any age group
Android vulnerabilities'increasing'(Trade Arabia) Trend Micro's Q2 2013 Security Roundup Report describes cyber-security threats from the previous quarter combined with analysis to evaluate and anticipate
DHS Awards 17 Spots on Potential $6B Cyber Contract(GovConWire) Seventeen companies have won positions on a potential $6 billion Department of Homeland Security contract covering cybersecurity products and services, Federal News Radio reported Monday. Jason Miller writes the General Services Administration is responsible for the continuous monitoring and diagnostics contract and will charge a 2-percent fee for usage
CRGT Provides Technology Leadership for Maritime Homeland Security(Digital Journal) >CRGT Inc., a leading provider of full life-cycle IT services and an expert in emerging technology solutions for the Federal Government, announced an award of a $600,000 grant funded by DHS/FEMA for the Maritime Domain Awareness Infrastructure Program. This award was made to Signal Electronics in Freeport, Texas who partnered with CRGT as principal subcontractor. The City of Freeport, on the Gulf Coast, has vital assets in our nation's energy infrastructure, which are located within the critical, first-responder area of the Freeport Police Department
Learning to love security outsourcing(FierceITSecurity) In 2006, Computerworld's pseudonymous security manager columnist Mathias Thurman wrote "From an information security perspective, my company's offshoring strategy has been a nightmare"
DISA to leverage NSA's big data capabilities for Acropolis(FierceGovIT) The Defense Information Systems Agency sees big data and analytics as key components to providing cyber situational awareness for the Defense Department's networks, said an official speaking at the Aug. 9 Forecast to Industry at DISA headquarters in Ft. Meade, Md
DISA building out enterprise services cloud(FierceGovIT) The Defense Information Systems Agency has expanded its enterprise service offerings in the cloud for the Defense Department and has a clear list of near-term capabilities it aims to provide, said an official speaking at the Aug. 9 Forecast to Industry at DISA headquarters in Ft. Meade, Md
New Zealand-based software security companies form alliance(Geekzone) The companies that all have a proven track record of success and traction in global ... criminal intelligence, cyber security, mission critical communications and ... in Washington DC and has appointed former Department of Homeland Security
Arinc Sold for $1.39 Billion(EAGB) Arinc, an aerospace technology firm based in Annapolis, will be acquired by Rockwell Collins for $1.39 billion. Arinc was formerly held by the Carlyle Group LP. Arinc provides communications and data services for the aviation and rail industries, industrial security, and public safety. The Anne Arundel company has regional headquarters in Singapore and London, and expects to top $600 million in revenue in 2013. With 757 employees in Anne Arundel, Arinc is one of the largest employers in the county. Rockwell Collins looks to Arinc to diversify and complement its own aviation technology offerings
Products, Services, and Solutions
High-speed networking upgrade helps EA-18G jets share electronic intelligence in real time(Nilitary and Aerospace Electronics) Avionics experts at the Boeing Co. Defense, Space & Security segment in St. Louis have upgraded and demonstrated an EA-18G Growler electronic warfare (EW) jet with a new secure high-speed network and onboard sensors to enable to the carrier-based electronic-attack aircraft to locate threats more quickly and accurately, company officials say
Protect against threats targeting Android(Help Net Security) Palo Alto Networks' WildFire malware analysis sandbox now is capable of analyzing Android applications in the APK file format to identify advanced threats in Android applications
Mega plans to offer encrypted email service(Help Net Security) With Lavabit's closure and Silent Circle's shutdown of its Silent Mail, the question is where to turn next for a secure email service. Prims-break.org has a few suggestions on which to consider
New antivirus system could protect medical devices from infection(FierceMedicalDevices) With more and more medical devices relying on computer programs to operate, finding malware in the software is critical for hospitals, which are the most vulnerable to such infections due to their large networks. Now, computer security experts at the University of Michigan have developed technology capable of detecting these dangerous viruses that can cause devices to malfunction
Zero-day attacks: How to fight back(Network World) However, virtually everyone is at risk from a zero-day attack. And the threat from zero-day vulnerabilities occurs long before vendor or public discovery, and
Building a more useful audit and compliance function(FierceITSecurity) It's easy to find negative headlines and coverage of IT security products. Harder to find is real-world advice on program improvement. Fortunately, Norman Marks has concrete guidance on building a more effective audit and compliance program
Low Mobile Anti-virus Adoption Set to Drive Security Product Changes(Infosecurity Magazine) Despite mobile device penetration hovering around 100%, good security practices are a good deal less widespread. According to Gartner, willingness to pay for anti-virus software on mobile devices is "low," even as PC sales decline. Thus, new demand for different kinds of solutions will soon drive a wave of change in security product development, the analyst firm said
Meshnet activists rebuilding the internet from scratch(New Scientist) Worried about the NSA snooping on your email? Maybe you need to start creating your own personal internet. The internet is neither neutral nor private, in case you were in any doubt. The US National Security Agency can reportedly collect nearly everything a user does on the net, while internet service providers (ISPs) move traffic according to business agreements, rather than what is best for its customers. So some people have decided to take matters into their own hands, and are building their own net from scratch
A strong MDM strategy begins with HR(FierceMobileIT) Mobile devices in the workplace are reaching critical mass and companies that fail to proactively define a management strategy will soon find themselves in the unfortunate position of playing catch-up. Although a CIO's first instinct is to call a meeting with the IT department to hammer out details for acceptable use policies (AUP), don't forget to include another branch of corporate governance: Human Resources
Former Obama Advisor Reveals "We Do Have Domestic Spying Program"(Off the Grid News) President Obama says the federal government is not spying on Americans, but one of his former aides disagrees. Obama appeared on NBC's "The Tonight Show with Jay Leno" Tuesday and defended the National Security Agency's surveillance program. "There is no spying on Americans," Obama said. "We don't have a domestic spying program. What we do have are some mechanisms where we can track a phone number or an email address that we know is connected to some sort of terrorist threat. And that information is useful. But one of his former advisers, Van Jones, said the government indeed is spying on citizens. Jones is a former environmental adviser and currently a senior fellow at the Center for American Progress. He also is co-host of CNN's "Crossfire"
No End To The Snooping(Washington Post) President Obama's message about the government's massive electronic surveillance programs came through loud and clear: Get over it
Obama proposes legislative tweaks to bulk surveillance(FierceGovIT) President Obama announced a handful of prospective changes to intelligence community surveillance efforts including additional oversight, while continuing to argue for their criticality to preventing terrorist attacks
No–Spying Pact With U.S. Called Possible(Washington Post) Germany and the United States will begin talks this month on an agreement not to spy on one another in the wake of revelations by National Security Agency leaker Edward Snowden about massive electronic surveillance by the NSA, a senior German official said Monday
N.S.A. Leaks Make Plan For Cyberdefense Unlikely(New York Times) Even while rapidly expanding its electronic surveillance around the world, the National Security Agency has lobbied inside the government to deploy the equivalent of a Star Wars defense for Americas computer networks. But administration officials say the plan, championed by Gen. Keith B. Alexander, has virtually no chance of moving forward given the backlash against the N.S.A. over the recent disclosures about its surveillance programs
Litigation, Investigation, and Law Enforcement
New profile of Snowden's trusted ally illustrates importance of opsec(Ars Technica) Edward Snowden first bonded with Laura Poitras—the filmmaker and one of the two journalists who first exposed his leaks from the National Security Agency (NSA)—when Snowden "discovered Laura was more suspicious of me than I was of her, and I'm famously paranoid." That revelation comes from a new profile of Poitras in the New York Times Magazine published on Tuesday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
AIAA Aviation 2013(Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...
Security in Government (SIG) (Canberra, Australia, August 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy...
A Cloud Computing Introduction for Manager(Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...
Resilience Week 201(San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo(Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...
National SCADA Conference(Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Defense Logistics Agency Tech Expo(Fort Belvoir, Virginia, USA, August 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum(Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.