Pakistani and Indonesian hacktivists continue opIsrael with nuisance-grade cyber vandalism. OxAlien releases login credentials of "Iranian defacers." The Atlantic Council outlines Iran's cyber capabilities and how these could be used in war with the United States. Turkish hacktivists protest Chinese government repression of Uyghur Muslims by attacking 1600 websites.
Last week's precautionary embassy closings were prompted, says the Washington Post, by interception of al-Qaeda traffic in darknet or deep-web chat rooms and encrypted message boards. (Not accessible by conventional search engines, these regions of the Internet are nonetheless quite open to inspection, and any suggestion that they're private or secure in any strong sense is misleading. InfoWorld coincidentally has an article on the difficulty of achieving genuine privacy online.)
Other stories address various vulnerabilities and threats currently active in the wild, but it's worth noting that outages at both the New York Times and the United States' .gov domain were the result of mishandled software upgrades, not cyber attacks.
Google has acknowledged and patched the Android flaw that enabled Bitcoin wallet theft. Microsoft has pulled one of its Patch Tuesday fixes: a security update for Exchange 2013.
The UK's Ministry of Defence partners with key companies to improve the cyber security of its supply chain. Cisco is cutting 4000 jobs. IBM will acquire Trusteer for an undisclosed sum. Blackberry seems headed for piecemeal sale, and Michael Dell's plans to take his eponymous company private remain up in the air.
Researchers find a flaw in encryption mathematics—using the wrong entropy.
Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, France, Germany, Indonesia, Iran, Ireland, Israel, New Zealand, Pakistan, Philippines, Portugal, Switzerland, Taiwan, Turkey, United Arab Emirates, United Kingdom, United States..
Iran's Web Defacement Archive Website Hacked, database and thousands of accounts leaked by OxAlien(Hack Read) OxAlien, known for his high profile Virgin Radio Dubai hack is back in news by breaching into an Iranian based cyber crime and events archive website, as a result the database and 2000+ login accounts have been leaked online. The site is not government owned yet contains massive data, exposing login details of site users. The hacker contacted me on Twitter and explained why the site was targeted, a similar
Iran: How a Third Tier Cyber Power Can Still Threaten the United States(Atlantic Council) When most people think of the "military option" against Iran, they imagine a US attack that takes out Iran's most important known nuclear facilities at Natanz, Fordow, Arak, and Isfahan. They expect Iran to retaliate by closing the Strait of Hormuz, sending missiles into Israel, and/or supporting terrorist attacks on US personnel in Iraq and Afghanistan
1600 Websites hacked by TurkHackTeam against Chinese Uyghur Muslims Massacre(Hack Read) Turkish hackers from Turk Hack Team have hacked and defaced more then 1600 websites against alleged killings of Uyghur Muslims in China. All sites were left with deface pages along with different deface messages, protesting against the Chinese government for conducting massacre against Chinese based Uyghur Muslims
Terrorists Turn To Secretive Forum To Evade U.S.(Miami Herald) Al-Qaida fighters have been using secretive chat rooms and encrypted Internet message boards for planning and coordinating attacks including the threatened if vague plot that U.S. officials say closed 19 diplomatic posts across Africa and the Middle East for more than a week
Chinese Underground Creates Tool Exploiting Apache Struts Vulnerability(Trend Micro Security Intelligence Blog) About a month ago, the Apache Software Foundation released Struts 184.108.40.206, an update to the popular Java Web application development framework. The patch was released because vulnerabilities in older versions of Struts could allow attackers to run arbitrary code on vulnerable servers
Hackers find new way to stuff malware in Android mobile devices(FierceMobileIT) Firewall vendor Palo Alto discovered recently that hackers are using ad networks to deliver malware to Android devices. InformationWeek's Mathew J. Schwartz says, "they've discovered a series of attacks that have been serving up malicious code by hacking into an ad network's software development kit (SDK). Developers add these SDKs to their Android apps to tie into mobile advertising networks and earn referral fees"
Joomla exploit doing rounds, users advised to update(Help Net Security) Users who run their sites own sites and use the Joomla CMS but haven't updated it in a while should do so immediately if they don't want to see their sites compromised and hosting malicious content
Is that YouTube Video Downloader browser plugin safe? Beware!(Graham Cluley) Cybercriminals have created YouTube video downloading plugins for your browser which can lead to your computer being infected with malware, or help them earn money by messing with your browser's search results or displaying unauthorised adverts
Facebook phishing: manual session hijacking(zscaler) We have reported a number of Facebook phishing pages and scams on this blog. Attackers always come up with clever ideas to fool users in order to obtain their credentials. One of these phishing tricks is a "poor-man" session hijacking attack whereby the user is fooled into copying and pasting a Facebook URL containing the session ID or other credentials into a malicious page. I'll describe such an example that I spotted this past weekend
Java — The Gift That Keeps On Giving(F-Secure) I bet vulnerability researchers love Java. It seems that especially the 2D sub-component of Java has felt their love lately: since the out-of-band patch for CVE-2013-0809 and CVE-2013-1493 in March 2013, 2D has been the most patched sub-component with a total of 18 fixed vulnerabilities. Fortunately, CVE-2013-1493 has been the only one of these exploited in the wild
Targeted Attacks Delivering Fruit(Symantec) Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT
DNSSEC administration likely cause of .gov outage(FierceGovIT) A government website outage that lasted for hours the morning of Aug. 14 was likely caused by a failure to update a cryptographic key necessary for DNSSEC, says cybersecurity researcher Johannes Ullrich
Security Patches, Mitigations, and Software Updates
Microsoft pulls faulty Exchange 2013 patch HOURS after release(The Register) Patch Tuesday's fudged fix: Sysadmins, quick - turn Outside In inside out. Microsoft has pulled a security update for Exchange 2013 after problems emerged with the latest patch to the email server software just hours after its release
Is cyber the new gunpowder and corruption the spark?(Reuters) A 2013 report by Kroll Advisory Solutions suggests that more than two-thirds of all cyber cases involving theft of data stem from corrupt corporate insiders - but that companies' desire to deal with incidents quietly and internally means they rarely reach the public eye
Anonymous is not anonymous(InfoWorld) At this point, most of us would welcome shelter from the gaze of government cyber spies. Here are six reasons why that may be unattainable
Putting an end to 'strike back' / 'active defense' debate(Curmudgeonly Ways) The concept of "hack/strike back", under any of its names, is decades old. Every year or three it surfaces again and makes news. Almost every time, it is a result of a new company claiming they do it to some degree. This extends to the related idea of "active defense", which is equally absurd. Not only because it is used as a cop-out fallback when a company is challenged on notion of "hack back", because the term is misleading at best
Cyber: Protecting Britain's national security and the defence supply chain(Defence Management) The Ministry of Defence has boldly set out to boost the UK's cyber security, in partnership with a handful of the UK's leading defence firms. Peter Armstrong, director of cyber security at Thales UK, one of the firms involved, outlines the partnership's key priorities for the year ahead
Meet The American Dealer Of Swiss Data Secrecy(Forbes) The Swiss reputation for low taxation and secrecy is well known when it comes to money, but it's also becoming a popular place to store data, thanks to the country's strict, data-protection laws that are at odds with those of the European Union. While U.S. encryption services like Silent Circle are planning to establish servers in Switzerland for that reason, a scrappy startup called PrivacyAbroad has begun promoting itself as a rare conduit to Swiss data services
Cisco to Slash 4,000 Jobs(SecurityWeek) Just days after announcing that it would pay $2.7 billion to acquire network security firm Sourcefire, Cisco said Wednesday that it would cut 4,000 jobs, or roughly five percent of its workforce in an effort to cut costs. Cisco executives said the cuts were in response to a weaker-than-expected economic recovery
Desperate Obama Not Helping Tech Leaders(MoneyNews) The law of unintended consequences reached Silicon Valley this summer. Thanks to Edward Snowden, the whole world knows not to trust U.S. Internet companies with private data. The cost will likely be huge
Watchful Software Recognized as CRN Emerging Vendor for 2013(MarketWatch) Watchful Software, a leading provider of data-centric information security solutions, today announced it has been named a 2013 Emerging Technology vendor by UBM Tech Channel's CRN Magazine. The annual list highlights hot tech startups making an impact on the channel and an impression on the tech industry as a whole. These up-and-coming technology vendors have recently introduced a new product or technology that is not only innovative, but addresses a key strategic issue that solution providers require answers for in today's competitive marketplace
4 Things VMware Must Do At VMworld(InformationWeek) VMware CEO Gelsinger needs to show customers a new leadership team and a company that understands how to compete in a multi-hypervisor marketplace
BlackBerry: It's the end–to–endness, stupid(The Register) RIM's miracle impossible to recreate - but that won't stop people trying. Going private still looks the most likely next step for BlackBerry, with Prem Watsa, the largest shareholder in the company, resigning from its board this week, apparently to put together a deal. Watsa still holds almost 10 per cent of BlackBerry stock
As Dell battle drones on, operating challenges escalate(FierceFinance) In the thick of a private equity show down, priorities tend to get inverted. In the Dell buyout drama, for example, various reports about the poor state of the PC market have dribbled out amid the Michael Dell vs. Carl Icahn back and forth. Those reports attest to terrible market conditions, yet the reports have been seen as good news, at least for Team Dell-Silver Lake
Proofpoint Buys Armorize Technologies(eSecurity Planet) California-based Proofpoint recently announced the acquisition of Taiwanese cloud-based anti-malware solutions developer Armorize Technologies for approximately $25 million in cash. The deal is expected to close in the third quarter of 2013
Free Android anti–virus for mobile devices(Help Net Security) Avira Free Android Security reached 2.0 and offers antivirus scanning and removal, as well as retaining the remote lock, wipe and 'scream' features available in the original version
Secure rugged Android tablet for the government(Infosecurity Magazine) Becrypt announced a new technology partnership with Getac to provide the first secure Android tablet solution suitable for military, defence and government and wider public sector markets based on Getac's ruggedized devices
Identify unknown internal email-enabled systems(Help Net Security) Sendmail today introduced Sentrion Rogue Email Application Control (REAC) 2.0, the first inside-threat protection application with new Big Data search capabilities to further protect organizations against the growing internal threats posed by machine-generated email, which accounts for more than 50% of all corporate email traffic
Circumventing Communications Blackouts(Schneier on Security) Rangzen looks like a really interesting ad hoc mesh networking system to circumvent government-imposed communications blackouts. I am particularly interested in how it uses reputation to determine who can be trusted, while maintaining some level of anonymity
Technologies, Techniques, and Standards
Imaging LUKS Encrypted Drives(Internet Storm Center) This is a "guest diary" submitted by Tom Webb. We will gladly forward any responses or please use our comment/forum section to comment publically. Tom is currently enrolled in the SANS Masters Program. When imaging a live system there are several factors to be taken into account. But this post is going to cover encrypted Linux systems. Use of the logical drive for imaging encrypted systems is critical if you do not have the decryption password
DKIM: Useless or just disappointing?(ZDNet) Now that DKIM is established as the leading method for sender authentication, it's clear that it doesn't really claim to do all that much, and fails even at that. Spam is perhaps the oldest of security problems affecting Internet users widely. A lot of effort has been put into fighting it, and yet it persists. Even the most advanced of standards for combating spam fails in the face of a simple spoofing attack. There's probably nothing that standards bodies can do that will make a real difference
Don't Get Hacked — Tools to Fight Cyber Attacks(Entrepreneur) Here's an unfortunate and immutable fact: You will never be 100 percent immune to hacking. If someone targets and wants to get something from you, they'll figure out a way in. Even if your small business judiciously focuses on tightening security, you have a countless number of cyber doors to protect, and the bad guys only need to access one. It's a battle of asymmetry
Covert Tops(Washington Post) Fed up with surveillance, activists are designing ways to thwart prying eyes and ears
Dear CSO, do you know how to build security culture?(Help Net Security) What do you really know about security culture? I am going out on a limb here and claim you know very little, if anything at all. Your day job is about security, and like most CSOs out there, you
Video: How private companies can do self-defense(SC Magazine) Robert Clark, attorney for the U.S. Army Cyber Command, discusses how private companies can perform "active defense" during this press conference at this year's Black Hat conference in Las Vegas
Design and Innovation
The Trouble With Smartphone Kill Switches(InformationWeek) To fight smartphone theft, public officials tell smartphone makers to add remote-deactivation, tracking and recovery features. But manufacturers may not do the job right
Brazil Mulls Taking Complaints on U.S. Spying to U.N.(Wall Street Journal) Brazil is considering taking its complaints on the U.S. National Security Agency's surveillance of Brazilian Internet data for discussion at the United Nations, Brazilian Communications Minister Paulo Bernardo said Wednesday
An Educated Guess About How the NSA Is Structured(The Atlantic) Want to understand how an organism really works? Take a look at its plumbing. Figure out where the pipes fit together. That's the approach I take to national security and that's the spirit behind this look at the structure of one of the most important institutions in U.S. intelligence: the National Security Agency
The Job Of Protecting Security And Privacy ((McClatchy Newspapers) Many Americans probably don't know that there is a senior official whose job by law is to help ensure that civil liberties and privacy protections are built into intelligence programs. I am that official - the "Civil Liberties Protection Officer." I engage with the director of national intelligence and other intelligence officials to oversee and guide intelligence activities
The Snowden Revelations and Cybersecurity(Lawfare) One immediate consequence of Snowden's various revelations about massive USG surveillance - at home and especially abroad - was to put a chill on the loud U.S. campaign against Chinese cyber-snooping. (The hypocrisy in the U.S. position, and the fecklessness of mere complaints about the Chinese practice, was something that I and others have been pointing out for a while.) Yesterday David Sanger reported on another cybersecurity-related casualty: The NSA's ambitious plans to screen all Internet traffic in the United States for malicious cyber agents
Think tank wants dedicated infosec minister, 'modern' data retention(The Register) Australian Strategic Policy Institute says government lacks infosec focus. The Australian Strategic Policy Institute (ASPI) has issued an "Agenda for Change" (PDF) that suggests data retention is a necessary centrepiece of Australia's future homeland security needs
Government urged to put up customised defence to combat cyber attacks(Computer News Middle East) Investing in anti-virus software is no longer enough to counter cyber attacks on vital data systems, especially if national security is at stake. This was what Trend Micro security experts said as they urged the Philippine government to draw up a defence plan against cyber attacks. "Look at what your neighbours are doing and what they are investing in to combat computer attacks," they said, adding that the country has to go beyond anti-virus software
Aggressive defence needed against cyber threats, expert says(Ottawa Citizen) Canada must aggressively deploy its spies and other intelligence capabilities against accelerating cyber threats to the country's vital digital infrastructure, says a leading expert. Angela Gendron, writing in the Canadian Foreign Policy Journal, delivers a meaty 11,000-word assessment of the risks and dangers that digital technologies have wrought for the country's critical infrastructure, from the machinery of government to public utilities, communications, transportation, energy and finance
Litigation, Investigation, and Law Enforcement
Users Have No Expectation of Privacy in Gmail Says Google(Infosecurity Magazine) In filing a motion to dismiss a class action that it illegally intercepts and reads emails, Google lawyers have invoked a ruling from a 1979 court case (Smith vs Maryland) that originally referred to telephony
NSA, DEA, IRS Lie About Fact That Americans Are Routinely Spied On By Our Government: Time For A Special Prosecutor(Forbes) It seems that every day brings a new revelation about the scope of the NSA's heretofore secret warrantless mass surveillance programs. And as we learn more, the picture becomes increasingly alarming. Last week we discovered that the NSA shares information with a division of the Drug Enforcement Agency called the Special Operations Division (SOD). The DEA uses the information in drug investigations. But it also gives NSA data out to other agencies - in particular, the Internal Revenue Service, which, as you might imagine, is always looking for information on tax cheats
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Resilience Week 201(San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo(Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...
National SCADA Conference(Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Defense Logistics Agency Tech Expo(Fort Belvoir, Virginia, USA, August 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum(Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.