Anonymous, having vandalized a manganese alloy producer in Gabon, promises to turn its attention to Bahrain this afternoon. Algerian and Saudi hacktivists deface various Bangladeshi websites.
The Syrian Electronic Army remains active and interested in Western media sites. Twitter accounts are attractive targets (recall the effect a legitimate Icahn tweet had on Apple share prices last week) and Indian and Israeli sources claim "Mauritania Attacker" has compromised Twitter OAuth tokens. Infosecurity Magazine reports that many known vulnerabilities remain open on media networks.
That one need have nothing to do with any particular event is (again) evident as Anonymous hackers protest Greenwald partner David Miranda's detention at Heathrow by defacing a site belonging to the Mole Valley District Council. (We're pretty sure Mole Valley is just upstream from Toad Hall, but invite English readers to correct our geography.) UK authorities detained Miranda to inspect his devices for Snowden-leaked classified information.
The ZeuS Trojan is spammed in the UK via spoofed taxman emails. Elsewhere in the wild ZeuS has morphed into a social-media manipulation tool, feeding "likes" via bogus Instagram accounts. Trend Micro evaluates the prospect of KINS replacing ZeuS as premier banking malware.
Microsoft reissues last week's withdrawn patch.
As malware bypasses signature-based defenses with increasing ease, IDC analysts introduce a new product segment to capture more sophisticated defense solutions: Specialized Threat Analysis and Protection (STAP).
Conversations in Bloomberg about a new security approach—modifying foreign technologies to make them more secure for US markets—highlight differing opinions and concerns.
Today's issue includes events affecting Algeria, Bahrain, Bangladesh, Brazil, Canada, China, Gabon, Germany, India, Indonesia, Israel, Malaysia, Mexico, Myanmar, Pakistan, Saudi Arabia, Singapore, South Africa, United Arab Emirates, United Kingdom, United States, and Vietnam..
Bangladesh Ministry of Culture, Labor and Food Websites Hacked by Algerian and Saudi Hackers(Hack Read) In two different cyber attacks by two different hackers have targeted Bangladeshi government websites, as a result the official websites of Ministry of Cultural Affairs, Labour and Employment and two websites of Ministry of Food have been hacked and defaced. The website of ministry of Cultural Affairs was hacked by Algerian hacker going with the handle of Aghilas
In Another Recent Display of Cyber Politics, SEA Hackers Take on The Washington Post and Others(Digital Journal) Last week's reported site redirection hack attack on The Washington Post and others wasn't the first time the Syrian Electronic Army (the SEA) tangled with major news outlets, back in April they hijacked Associated Press (AP) Twitter accounts, and for a few brief moments, sparked a panic which prompted a scary $136 billion stock market death spin based on faked AP Tweets that the White House had been bombed and President Obama had been injured. "The ripple effects of any type of successful cyber attack on a prominent and trusted organization can be mind boggling, but the social engineering possibilities of a successful redirection attack can lead organizations of any size to very dark places if the attackers have a more sinister objective in mind," says Joe Caruso, CEO/CTO of Global Digital Forensics, a premiere cyber security solutions provider with years of experience in the trenches of the real-world cyber battlefield
Infosecurity Exclusive: Major Media Organizations Still Vulnerable Despite High Profile Hacks(Infosecurity Magazine) The media is a target. The four-month hack of the New York Times last year and the continuous attacks on the media by the Syrian Electronic Army culminating in the breach of the Washington Post last week all demonstrate this. One would expect that major media outlets would by now have ensured the security of their online presence. This simply has not happened
Pro–Islamic hacker claims to have compromised every Twitter account(Information Age) A hacktivist known as Mauritania Attacker has claimed to have compromised every account on Twitter by stealing a list of OAuth tokens. OAuth is an authorisation protocol that allows websites to share log–in credentials. The stolen tokens could be used to access Twitter accounts without need for a password
International hackers launch cyber attack on council website(Surrey Mirror) Cyber activists Anonymous hacked the Mole Valley District Council website on Sunday. The hacktivist collective Anonymous posted a sarcastic message defending the detention of Guardian journalist Glenn Greenwald's partner David Miranda at Heathrow airport last weekend
Sirefef Malware Found Using Unicode Right-to-Left Override Technique(Threatpost) Old malware tricks never really die, they just get recycled and passed down to the next generation of attackers. The latest technique to get run through the wayback machine is the use of the right-to-left override character in Unicode, a tactic that enables malware authors to hide the real name of a malicious executable or, in a recent case, a registry key
UK Taxpayers Warned of Fake HMRC Emails That Spread ZeuS Malware(Softpedia) Bogus tax–themed emails are often used against internauts from US in an effort to trick them into handing over sensitive information, or to get them to install a piece of malware on their computers. However, experts warn that people from the UK should also be on the lookout for such malicious notifications
New Zeus variant creates bogus Instagram accounts(Help Net Security) If you are familiar with the results of a recently finished study regarding online content popularity that concluded that "likes" beget "likes", the fact that people are willing to pay good money for fake Twitter, Instagram and Facebook followers as well as "likes" and "retweets" will not come as a surprise
Can KINS Be The Next ZeuS?(Trend Labs Security Intelligence Blog) Malware targeting online banking sites naturally cause alarm among users, as they are designed to steal not only information but also money from its users. Thus it is no surprise that the surfacing of KINS, peddled as "professional-grade banking Trojan" in the underground market, raised concerns that it might become as successful as ZeuS/ZBOT had been in previous years
DIY automatic cybercrime-friendly 'redirectors generating' service spotted in the wild(Webroot Threat Blog) Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we've seen in virtually ever segment of the underground marketplace, demand always meets supply. A newly launched, DIY 'redirectors' generating service, aims to make it easier for cybercriminals to hide the true intentions of their campaign through the use of 'bulletproof redirector domains'. Let's take a peek inside the cybercriminal's interface, list all the currently active redirectors, as well as the actual pseudo-randomly generated redirection URLs
A Closer Look: Perkele Android Malware Kit(Krebs on Security) In March 2013 I wrote about Perkele, a crimeware kit designed to create malware for Android phones that can help defeat multi-factor authentication used by many banks. In this post, we'll take a closer look at this threat, examining the malware as it is presented to the would-be victim as well as several back-end networks set up by cybercrooks who have been using mobile bots to fleece banks and their customers
"Yes Scotland" Says One of Its Email Accounts Has Been Hacked(Softpedia) Yes Scotland — the organization representing the parties, individuals and companies that want a "yes" vote in the 2014 Scottish independence referendum — has filed a report with the police after one of its email accounts was allegedly breached by an unauthorized party
Lucrative business: cybercrime–as–a–service(Help Net Security) With news of the struggling high street becoming a regular occurrence, it is not surprising that increasingly small businesses are seeking opportunities online
LastPass bug leaks plain text passwords(Help Net Security) Users of popular password manager LastPass have been advised to update to the latest version of the software, which incorporates a patch for a recently discovered bug that could allow attackers to retrieve stored LastPass passwords
Microsoft reissues Windows server security patch(Graham Cluley) Last week, Microsoft pulled an important security patch it had issued for Active Directory Federation Services (AD FS), part of the Windows server software. The patch was supposed to fix a vulnerability in the software, which is commonly used to provide users with Single Sign-On access
Pacemakers Under Attack: When the Internet of Things Gets Sick(Silicon Angle) We're now in an era where everything can be and will be connected. From house appliances that you can remotely control with your smartphone via an app, to implantable medical devices that control your insulin injections, just about every electrical device known to man will soon be wired up to the web
Advanced threats to drive growth in new product segment(Help Net Security) As hackers have shifted their ultimate goals from disruption and notoriety to financial and intellectual property theft, the tactics they use have changed accordingly. The malware used today is increasingly target specific and stealthy, often evading signature-based defenses
National Security Darling: Why Condoleezza Rice, David Petraeus and George Tenet Back Palantir(Forbes) For a company that's existed less than a decade, Palantir has cultivated some friends in high places. In our latest cover story, FORBES details the history of the Palo Alto, Calif.-based software company, which now provides some of the most powerful data-sifting tools for the likes of the NSA, the CIA and the FBI. Having developed a glowing reputation inside the Beltway, Palantir has risen from a lowly five-person startup to a massive company that has the support of former Secretary of State Condoleezza Rice (Jan. 2005–Jan.2009), former CIA director David Petraeus (Sep. 2011–Nov. 2012) and former Director of Central Intelligence George Tenet (July 1997–July 2004). Both Rice and Tenet are advisers to the company, while Petraeus considers himself a friend of Palantir CEO Alex Karp
China Video Tools for U.S. Help Spurs Spy Anxiety(Bloomberg) A manufacturer accused of being tied to the Chinese government has found a way to sell to U.S. agencies in an arrangement that's raising concerns from security officials and at least one lawmaker about spying
DISA Plans to Spend $239 Million on Network Widgets through 2015(Nextgov) The Defense Information Systems Agency plans to spend $228.8 million on core gadgets and widgets over the next couple of years to keep its global networks humming, according to a post tucked away on the FedBizOpps website on Aug. 15 titled "DISA Hardware Requirements"
FireEye Appoints Kara Wilson as Chief Marketing Officer(Digital Journal) FireEye®, Inc., the leader in stopping today's new breed of cyber attacks, today announced the appointment of Kara Wilson as chief marketing officer (CMO), effective August 19. As CMO, Wilson will oversee global marketing and communications at FireEye
Linda Hudson to Retire From BAE(GovConWire) Linda Hudson Linda Hudson plans to retire as president and CEO of BAE Systems Inc., the British contractor's U.S. subsidiary, by the end of the first quarter of the company's 2014 fiscal year
Products, Services, and Solutions
ZMAP 1.02 released(Internet Storm Center) The folks at ZMAP have released version 1.02 of their scanning tool
LivesOn says death is no excuse to stop tweeting(Naked Security) The service has algorithms that will splice and dice the tweets from your live self, learn as it goes along how to sound something like pre–mortem you, and then take over, one assumes, when the zombie apocalypse renders your fingers a bit spongy
Chrome plugin aims to thwart user profiling efforts(Help Net Security) Inspired by a piece of fictional software described in Cory Doctorow's book Little Brother, developer Ben West created a browser plugin that should, in theory, make it difficult for advertisers and government agencies to create an accurate profile of an Internet user based on the websites he visits
VMware Analysis Tools: Small Step, Big Vision(InformationWeek) New Log File Analysis tools bring VMware's touted software-defined data center vision closer to reality; Cisco, EMC, other partners provide packs to translate product logs
Secunia Terminates Vulnerability Coordination Reward Program(Softpedia) IT security company Secunia has decided to discontinue its Secunia Vulnerability Coordination Reward Program (SVCRP). According to the company, the SVCRP has helped a large number of companies and researchers over the past two years. However, the program doesn't seem to be profitable for Secunia
Children to have Linkedin profiles(BBC) Linkedin is dropping its minimum age for membership from 18 to 13. Children's profiles will have default settings making less of their personal information publicly visible, with more prominent links to safety information
Losing Our Childhood To LinkedIn(TechCrunch) What's scarier than a 14-year-old girl choosing her sexiest Facebook profile pic? Maybe a 14-year-old girl inflating her resume on LinkedIn. Childhood used to be a time of self-exploration, but the Internet is pushing kids to define themselves early and put that facade on display. While online tools could give ambitious youth a leg-up for the future, they force that future on some too soon
Technologies, Techniques, and Standards
A New 'Dawn' in Exchanges' War on Hackers(Wall Street Journal) When prices on some U.S. stocks suddenly zoomed one day last month and others unexpectedly plunged, stock-market officials set out to detect a possible computer glitch or a trading algorithm run amok
Trying To Hide Online Just Puts You On The Government Radar(Yahoo!) If you want to maintain your privacy online, it seems the only way to do it these days is to turn off your computer. All of the big tech companies are bound by the Patriot Act and receive National Security Letters (NSL's) from the government asking them to turn over user data when it's "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities"
Is the cryptopocalypse nigh?(A Few Thoughts on Cryptographic Engineering) I've been traveling a bit over the past couple of weeks, so I haven't had much of a chance to keep up on blogging. One consequence is that I completely missed my chance to say something about, well, anything that happened at BlackHat or Def Con
Forge You: Do We Have To Trust Biometric Authentication(Kaspersky) Everyday millions of computers solve the same problem; these machines try to check if you are actually you and not some other person. The most popular tool to do that is password checking. But it's quite easy to steal a password as well as forget it. Problems with passwords highlight the need for another system of user identification. A very simple and appealing solution is biometric authentication, which allows a user to place his finger on top of a scanner, look at the camera or say a passphrase. Your fingers, your eyes and voice are always with you, right? And others people cannot imitate this. Unfortunately, this appealing idea has numerous cons and that is the reason why we don't still use fingerprints to login to Google or withdraw cash from an ATM
9 Online Security Tips from a Former Scotland Yard Detective(Tom's Guide) Concerns about online privacy have reached new heights since reports revealed that the U.S. National Security Agency has been monitoring millions of phone logs, email messages and social media accounts as part of several top-secret programs
Why Isn't DMARC Enough to Fight Phishing?(Malcovery Security) DMARC is the latest industry standard to attempt to solve the problem of phishing. In as much, it is an authentication methodology to newer technology based on some older standards that were poorly adopted. It's making its way and there are some early adopters of it, but until it is actually well-adopted, it is going to be difficult to get the full benefits of DMARC#8230
Next–Gen Firewalls Change The Rules Of Firewall Management(Dark Reading) Added layers of complexity create even more interdependencies and need for systematic change management approach. As enterprises increasingly incorporate next-generation firewalls into their security repertoires, they are gaining a greater potential for more precise control over applications and user behavior at the perimeter. But there's potential for something else as well: added complexity by way of the increased odds for misconfiguration and change management mishaps. The odds increase even further if firewall management is already a problem in their traditional firewall portfolios
2 minutes on: Interviewing for access(SC Magazine) Since former Booz Hamilton contractor Edward Snowden came clean as the source of leaked classified documents that revealed the National Security Agency's (NSA) mass secret surveillance program, there's been debate over whether to label him a hero or traitor - or something in between. One category, however, into which he more neatly falls is the insider threat. But he's no ordinary insider who was motivated to steal data after being on the job for a while. To the contrary, Snowden, who said he acted from his conscience to inform the public about the spying program, told the South China Morning Post that he had every intention to purloin the top-secret documents, even before he signed his acceptance letter
In–Memory fuzzing with Pin(Shell-Storm) In my previous blog post, I talked about the taint analysis and the pattern matching with Pin. In this short post, I will always talk about Pin, but this time about the In–Memory fuzzing
Design and Innovation
Innovation Is Executive Porn(InformationWeek) When it comes to both innovation and porn, there's a huge appetite for fantasy. When executives take off their glasses and pinch their eyes shut in that "I'm thoughtful" pose, they're picturing themselves in a black turtleneck
Scanning the Internet in less than an hour(Help Net Security) Scanning the Internet used to be a task that took months, but a new tool created by a team of researchers from the University of Michigan can scan all (or most) of the allocated IPv4 addresses in less than 45 minutes by using a typical desktop computer with a gigabit Ethernet connection
Greystar: Fast and Accurate Detection of SMS Spam Numbers in Large Cellular Networks using Grey Phone Space(USENIX) In this paper, we present the design of Greystar, an innovative defense system for combating the growing SMS spam traffic in cellular networks. By exploiting the fact that most SMS spammers select targets randomly from the finite phone number space, Greystar monitors phone numbers from the grey phone space (which are associated with data only devices like laptop data cards and machine-to-machine communication devices like electricity meters) and employs a novel statistical model to detect spam numbers based on their footprints on the grey phone space
Locked in LOC: Exploring Cyber Offensive Option for India(Ind=stitute for Defence Studies and Analyses) The recent incident of five Indian army soldiers being killed on the LOC by troops of the Pakistan army is a continuation of a sustained policy of the 'powers' in Pakistan. Over decades, relations between the two have swung from heightened tensions through nuclear posturing and coercive diplomacy to peace efforts through people-to-people contact, economic engagement and even cricket! So, under these now very similar and repeated circumstances what should be India's response? Are there realistic options between diplomacy and war? Probably the time has come to look at 'diplomacy plus' and 'war minus' solution
Russian Military Creating Cyber Warfare Branch(RIA Novosti) A separate branch dedicated to cyber warfare is being created in the Russian Armed Forces as the Internet could become a new "theater of war" in the near future, a senior Russian military R&D official said
FDA releases final guidance on wireless medical devices(FierceMobileHealthCare) The U.S. Food and Drug Administration has published final guidance to assist industry and FDA staff in identifying and appropriately addressing specific considerations related to the incorporation and integration of radio frequency (RF) wireless technology in medical devices
At Sentencing Hearing, Lawyers For Manning Urge Leniency(New York Times) Defense lawyers on Monday made a last-minute personal plea to the military judge hearing his court-martial, asking her to be lenient in sentencing and to allow Private Manning a chance to rehabilitate himself. A prosecutor in the case urged a 60-year sentence for disclosing hundreds of thousands of documents to WikiLeaks
GCHQ agents smash up Guardian hard drives in bid to silence Prism leaks(ITProPortal) Those of us with a more sceptical world view have long rued the dwindling spectre of personal privacy and the sometimes real, sometimes perceived erosion of democratic values. There is no doubt that the latest twist in the Edward Snowden/Prism drama is camped very firmly on the tangible side of the fence
U.K. government thought destroying Guardian hard drives would stop Snowden stories(Washington Post) In a remarkable post, Guardian editor Alan Rusbridger describes how the British government raided the Guardian's offices in order to destroy hard drives containing information provided by NSA leaker Edward Snowden. The British government had been pressuring the Guardian to return or destroy the Snowden documents. Rusbridger says he tried to explain that destroying hard drives would be pointless
David Miranda detention: Will encryption keep Greenwald and PRISM secrets safe?(ITProPortal) The PRISM scandal took another twist at the beginning of the week, after it emerged that the partner of Guardian journalist Glenn Greenwald — who has worked closely with whistle blower Edward Snowden in exposing NSA and GCHQ spying — was detained by British authorities at Heathrow airport, with all his electronic devices taken away for examination
The Detention of David Miranda Raises Serious Issues(Infosecurity Magazine) Over the weekend David Miranda, partner of Glen Greenwald - the Guardian journalist who published the first of a series of reports detailing United States and British mass surveillance programs, based on documents obtained by Edward Snowden — was detained at Heathrow for just under 9 hours — the maximum allowed under Section 7 of the Terrorism Act. Miranda was in transit from Berlin to his home in Brazil. All of his electronic equipment was confiscated
Why does being a relative of Glenn Greenwald place you above the law?(The Telegraph) Should being a relative of Glenn Greenwald place you above the law? I ask the question because this morning many people are arguing Greenwald's partner David Miranda should, in effect, enjoy immunity from investigation solely because his spouse writes very lengthy articles for The Guardian
Information requests(Twitter Transparency Report) Information requests include worldwide government requests we've received for user account information, typically in connection with criminal investigations or cases
EPA critic to NSA: Hey, want to share?(Politico) A conservative gadfly who has made a crusade of uncovering embarrassing emails at the Environmental Protection Agency wants to tap a new potential evidence trove: the National Security Agency's electronic snooping program. Attorney Chris Horner has filed a Freedom of Information Act request, asking the NSA to turn over any information it might have gleaned from former EPA Administrator Lisa Jackson's personal Verizon email account
Lavabit owner risks arrest for not complying with surveillance order(Help Net Security) The incessant revelations fueled by the documents leaked by NSA whistleblower Edward Snowden have made people reevaluate their expectations of privacy and their beliefs on what the US intelligence and law enforcement agencies are or are not able to do and what they actually do
Changing IP address to access public website ruled violation of US law(Ars Technica) CFAA forbids easy method of evading IP blocking used by 3taps (and Aaron Swartz). Changing your IP address or using proxy servers to access public websites you've been forbidden to visit is a violation of the Computer Fraud and Abuse Act (CFAA), a judge ruled Friday in a case involving Craigslist and 3taps
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
NovaSec!(McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Defense Logistics Agency Tech Expo(Fort Belvoir, Virginia, USA, August 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum(Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...
TechCrunch Disrupt San Francisco(San Francisco, California, September 7 - 11, 2013) For the fourth year in a row, TechCrunch Disrupt will take over the San Francisco Design Center Concourse, and we're bringing the hottest startups and best minds in the industry with us. Block off September...
SANS CyberCon Fall 2013(Online, September 9 - 14, 2013) With sequestration still in place, organizations are finding themselves with training budgets, but drastically reduced travel budgets. This one-of-a-kind online training event brings SANS' top instructors...
15th Annual AT&T Cyber Security Conference(New York, New York, USA, September 10, 2013) The AT&T Cyber Security Conference is an annual day-long conference offered by the AT&T Chief Security Office. Combining the expertise of its security experts, the scale and reliability of its global IP...
International Common Criteria Conference(Orlando, Florida, USA, September 10 - 11, 2013) FBC invites you to participate in the International Common Criteria Conference (ICCC) taking place in Orlando, Florida. This is the first time since 2000 that the ICCC is taking place in the U.S. The ICCC...
GrrCon(Grand Rapids, Michigan, USA, September 12 - 13, 2013) Says IT World, "Another hacker conference, this time in Michigan. The schedule looks to be bawdy, brash and anything but dull, with hackers promising to "pwn" you before you leave town. There are also...
cybergamut Technical Tuesday: Malware Analysis for the Masses(Columbia, Maryland, USA, September 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With...
Shaping the Future of Cybersecurity Education Workshop(Gaithersburg, Maryland, USA, September 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National...
Strange Loop(, January 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and...
ISSA Cyber Security Forum at Ft Belvoir(Fort Belvoir, Virginia, USA, September 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber...
CISO Executive Summit(Atlanta, Georgia, USA, September 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind...
2013 Cyber Security Summit(New York, New York, USA, September 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.