Symantec reports finding Chinese-developed ransomlock malware that changes Windows login credentials. F-Secure discovers a new feature in some low-grade Android malware: SMTP connection.
The Ramnit Trojan continues to affect Steam gamers, and a guest post at the Internet Storm Center outlines how "your browser knows all your secrets." This week's problems with Tumblr turn out not to have been due to an attack after all: it was an internal software issue, now fixed.
The US FBI cries io triumphe over Anonymous and Anonymous cries bull#%t back. Both cries have some truth, but since Anonymous has for some time seemed capable of little more than cybervandalism of relatively soft targets (apologies to Mole Valley, Surrey), the FBI probably has the stronger case.
Akamai offers perspective on DDoS as misdirection.
The Daily Caller runs a piece worth reading post-Quantum Dawn (and post Icahn Apple tweets) on how hackers could disrupt financial markets. Cyber business risks prompt a small but significant rush for cyber insurance.
PCI 3.0 standards seek to drive improved security, but many observers see little more than cover for card brands.
More NSA surveillance revelations arouse Congressional discomfort and international reaction. Such reaction is particularly strong in Brazil (after the UK's detention of Miranda) and Germany (where it's become an election issue, and also prompted the government to warn that Windows 8 might contain NSA backdoors). Some non-Congressional observers think NSA's groping through a tough challenge with basic good intent. The Director of National Intelligence has launched a transparency blog.
Today's issue includes events affecting Brazil, China, France, Germany, Malaysia, Qatar, Russia, Syria, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Chinese Ransomlock Malware Changes Windows Login Credentials(Symantec) Although ransomware has become an international problem, we rarely see Chinese versions. Recently, Symantec Security Response noticed a new type of ransomlock malware that not only originates from China but also uses a new ransom technique to force users into paying to have their computers unlocked
Android Malware goes SMTP(F-Secure) Before we get to thinking that nothing is new under the Android malware sun, we get a small, but quite interesting surprise. An android malware that connects to SMTP servers to send an email
Psst. Your Browser Knows All Your Secrets.(Internet Storm Center) This is a "guest diary" submitted by Sally Vandeven. We will gladly forward any responses or please use our comment/forum section to comment publically. Sally is currently enrolled in the SANS Masters Program. I got to wondering one day how difficult it would be to find the crypto keys used by my browser and a web server for TLS sessions. I figured it would involve a memory dump, volatility, trial and error and maybe a little bit of luck. So I started looking around and like so many things in life…all you have to do is ask. Really. Just ask your browser to give you the secrets and it will! As icing on the cake, Wireshark will read in those secrets and decrypt the data for you. Here's a quick rundown of the steps
Random NSFW Tumblr Posts Not Caused by Hack, Site Confirms(Softpedia) Tumblr has explained the strange issues that have been plaguing users earlier today. People have reported seeing weird entries in their dashboard feeds from people they don't even follow. Some of the content was heavily NSFW, giving plenty of users a nasty surprise…Fortunately, the issue has been identified, the Yahoo-owned site has said, and Tumblr has explained that the problem was strictly on their part, i.e. there was no hack or anything nefarious going on
Hacks continue as FBI claims to have dismantled Anonymous(Global Post) The FBI is claiming to have dismantled the hacker organization Anonymous. But shortly after an official's statements were published in the press, Anons dumped large amounts of data that appears to have been stolen from FBI servers
Anonymous: Sorry, FBI, you don't scare us(CyberWarZone) The FBI is declaring victory over Anonymous in a series of statements claiming the hacker collective is no longer able to carry out large, successful operations because most of its "largest players" have been arrested or detained by US law enforcement authorities. "The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches," Austin P. Berglas, assistant special agent in charge of the FBI's cyber division, told the Huffington Post
How Hacktivists Have Targeted Major Media Outlets(Dark Reading) From the Washington Post and CNN to the Twitter feeds of the Associated Press and Reuters, hacktivists have news outlets…and their social-media presence…in their crosshairs. Global conflicts have increasingly led tech-savvy protesters and loyalists to express their views online by hacking, and while many groups have focused on attempting to damage or deface government websites, others have focused on getting the word out by attacking the media
DDoS Attacks Used As Cover For Other Crimes(Akamai Blog) Protecting customers from DDoS attacks is an Akamai InfoSec specialty. When we see DDoS attempts against our customers, the typical thinking is that someone is doing it to force sites into downtime, which can cost a business millions in lost online sales
Spammers Get Jamming on SoundCloud(ThreatTrack Security Labs) Spam related to watching content online has been around for a long time, and the last time we saw something pretty inventive in this area was back in June with the promise of free movies spammed to Slideshare. Today we're going to take a look at what spammers are up to in SoundCloud land. Spammers are doing their best to promote their "free movie / tv show" antics on the popular audio distribution platform like so
Jumping out of IE's sandbox with one clic(Threatpost) Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft's August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security Update for Internet Explorer. But hidden inside the big fix was a patch for a vulnerability that enabled a one-click escape of the IE sandbox
Hacker reveals how devastating a cyberattack on the stock market could be(Daily Caller) Of all the horrifying scenarios that hackers could pull off -- from launching nukes to spoofing air traffic control -- the one that poses the biggest risk for Wall Street would be a cyber attack on equity markets. In the summer issue of hacker magazine 2600, pseudonymous writer "Eightkay" shows how such a scenario could pan out
Security Patches, Mitigations, and Software Updates
Google Releases Google Chrome 29.0.1547.57(US-CERT) Google has released Google Chrome 29.0.1547.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, conduct a directory traversal attack, or obtain sensitive information
The Counter-productive Effect of the Cost of Cybercrime(Infosecurity Magazine) The cost of cybercrime is frequently used to justify the cost of security products and the implementation of new - and invariably more stringent - cyber laws. But what if those figures are wrong? Could it mean that industry, and government, gets its entire cybersecurity strategy wrong
Data Threats Spark Insurance Hunger(CFO) Ponemon, a nonprofit think tank focusing on privacy and data-security issues, defines the former term as "a cyber attack that infiltrates a company's networks or
System integrity steps up as an issue(FierceFinance) System integrity has been a big issue on Wall Street, as the dazzling technical complexity of all markets continues to advance. Unfortunately, controls and QA mechanisms have not kept pace. We've seen a laundry list of system snafus that have victimized the likes of Nasdaq, Facebook, BATS and of course Knight Capital. Recall that Knight Capital, thanks to a system bug that cropped up as part of the company's efforts to connect with a new NYSE retail liquidity program, ended up suffering a $440 million in less than an hour. It ultimately forced the firm to put itself up for sale, at a fraction of what it was previously worth
McAfee Threat Report finds significant new mobile malware concerns(CSO) It's that time again. No, don't check your calendar—it's not another Patch Tuesday already. It is however, time for the latest McAfee Threats Report, covering the second quarter of 2013. Mobile malware targeting Android is once again stealing the show, but now it seems to be more than just bluster
China: When Trade Trumps Information Security(IDGConnect) As the world's second-largest economy and one of its largest consumers of technology, China has a staggeringly powerful position at the centre of global trade. There's something about a market of over one billion consumers which tends to make governments and private enterprises pretty nervous about offending Beijing in any way... there's always the chance that retribution could be brutally swift and irreversible
SAIC names new leader for intelligence group(Washington Technology) The NSS is part of SAIC that will help form Leidos once SAIC splits into two new companies … His background includes active duty as a Navy intelligence officer
CyberMaryland 2013 to celebrate National Cyber Security Awareness Month(Maryland Biz News) Governor Martin O'Malley announced on Tuesday that during National Cybersecurity Awareness Month in October 2013, Maryland will host CyberMaryland 2013, a multi-faceted conference, competition, TECHEXPO cyber hiring event and awards celebration designed to showcase industry innovations, recognize cyber pioneers and groom the next generation of cyber experts. Scheduled October 8 and 9 at the Baltimore Convention Center, CyberMaryland 2013 will connect educators, innovators, employers, and students and further demonstrate the state's leadership in cybersecurity and information technology. Sponsoring CyberMaryland 2013 is Science Applications International Corporation (SAIC)), Maryland's Department of Business and Economic Development (DBED), and the University of Maryland, Baltimore County (UMBC)
Products, Services, and Solutions
New enterprise information management platform(Help Net Security) Actifio announced a product release expanding its scope as an application-defined copy data management platform. New features in Actifio 6.0 allow companies to manage data in ways that go beyond business resiliency applications - classic backup and business continuity use cases - to manage enterprise data access
Motorola's new Moto X phone worries IT security pros(FierceMobileIT) The new Moto X smartphone, the flagship smartphone for Google's (NASDAQ: GOOG) Motorola Mobility unit, comes with all kinds of consumer friendly features, such as a personal digital assistant that can guess what information or services users want and an always-on microphone
Dmitri Alperovitch on Offensive Security and Active Defense(Tripwire) Dmitri Alperovitch (@DmitriCyber) is the Co-Founder and CTO at CrowdStrike, and is leads the company's Intelligence, Research and Engineering teams, and previously was the Vice President of Threat Research for McAfee, where he spearheaded global Internet threat intelligence analysis
Security tips for the connected family(Help Net Security) With more than half of families purchasing electronics this back-to-school shopping season, students are using more technology than ever to make the grade
When it comes to trouble shooting and threat detection, NetFlow wins over packet capture(NetworkWorld) This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach. With Internet connections to cloud services growing rapidly and cyber attacks becoming craftier and more sinister, the need for improved traffic visibility is in high demand. In the past, both layer 7 application awareness and malware detection capabilities have been major separators when choosing between flow capture and packet capture for traffic analysis, but today the decision is most often NetFlow in lieu of packet capture
PCI 3.0 Pushes Security, Not Just Requirements(StorefrontBacktalk) If you want to get a handle on PCI version 3.0, one place to start is compensating controls. You know the idea: You can't meet the letter of some PCI requirement, so you come up with an alternative security measure that your QSA confirms will produce the same result. Instead of having to twist your systems in knots over a requirement, you focus on making your systems secure. And that, in a nutshell, is what the new version of the PCI Data Security Standard is trying to do too
Extracting data from damaged mobile devices(Forensic Focus) For the last few years we have successfully extracted data from various mobile device, such as cell phones, smartphones, tablets, etc. Among devices to be examined, we came across defective mobile devices (damaged mechanically, by fire or due to being stored in harsh or hostile environmental conditions) from which digital evidence should also be extracted. We have developed several approaches to examining damaged mobile devices which we would like to share with our colleagues
Design and Innovation
You, too, can get PRSM and learn to love the NSA(VentureBeat) It seems every app is building some new awesome way to share, but none of them come close to PRSM, the latest app to help you share your emails, photos, videos, phone calls, text messages, Google searches, and trips to the toilet
Google Exploring Location–Dependent Security Settings For Smartphone Unlock(TechCrunch) Google has a patent application published today (via Engadget) that would make the standard system of unlocking a device much more intelligent, using a smartphone's built-in sensor to change your security settings on a sliding basis depending on where the phone finds itself. This would allow a user to make it easier to unlock a phone while in the comfort of their own home, while making it more
'Intelligent agents' putting the smart in artificial intelligence(ZDNet) Machines and systems equipped with their own values and objectives are bringing a new level of sophistication to a range of applications across defence, customer service and gaming. Expect "intelligent agents" -- artificial Intelligence (AI) systems equipped with their own sets of beliefs and life goals -- to increasingly feature across areas as diverse as logistics, manufacturing, entertainment, gaming, and defence
Don't use Windows 8 due to risk of 'back doors', warns German government(Computing) The German government has recommended that Federal Administration and other high profile public sector departments in the country do not use Windows 8 because, it warns, it contains security backdoors that cannot be controlled or trusted, and that may be easily accessible by the NSA
NSA scandal looms large in German election(Politico) It's election season in Germany and there's one campaign issue that won't go away: the NSA surveillance scandal. A month before the Sept. 22 federal elections here, which determine whether Chancellor Angela Merkel and her party will be reelected for a third term, the NSA scandal appears in headline after headline in German newspapers
Lawmakers, privacy groups rattled by latest NSA reveal(Politico) Congressional critics of government surveillance blasted the NSA and promised additional hearings after the Obama administration on Wednesday declassified documents that show thousands of Americans' emails had been scooped up
5 reasons the NSA scandal ain't all that(The Week) I really do think tribal feelings determine how you view the significance of Edward Snowden's revelations. It is almost impossible not take into account everything associated with the manner that they were released: the dramatic flight to Hong Kong, then Russia; the dramatic differences in press freedoms in the U.S. and U.K.; the detention of David Miranda and the destruction of hard drives inside the headquarters of a newspaper. No matter how hard we try, we can't help but fail to segregate our judgment of the NSA's actions. We want to side with the side we identify with: civil libertarians, journalism, or with the intelligence community, with policy-makers. We accept their assertions and their evidence more than we do the assertions of the "other" side, even though this type of controversy does not lend itself to binary divisions
Welcome to IC ON THE RECORD(ODNI) In Congress and across the nation, Americans are engaged in a discussion about the value and appropriateness of the foreign surveillance authorities granted to the Intelligence Community. The discussion will ultimately lead us, as a nation, to make decisions about the future of some foreign surveillance-related laws and practices
GCHQ taps fibre-optic cables for secret access to world's communications(The Guardian) Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency
International Internet governance treaties dubbed "folly"(FierceGovtIT) Dismissing as "folly" efforts to govern the Internet through international treaty, a draft essay argues that global debate mechanisms such as the Internet Governance Forum are a better way to regulate responsible Internet usage
Why the US should build a national internet system(Quartz) Earlier this month, The Daily Yonder, a well-named site about life in rural America, brought us this unsettling map of broadband availability, or lack thereof, in the country's remote counties
The NSA's phony national firewall proposal(ZDNet) According to an anonymously-sourced report in the New York Times, the NSA wants to build a firewall/IDS/IPS around the whole United States of America. The idea is completely ridiculous, impractical in the extreme, and perhaps just a ruse for other operations. Few government agencies have taken a reputation hit in recent times as big as that currently diminishing the National Security Agency (NSA). And while many in the tech industry were distrustful of the NSA before, there was at least an admiration for their prowess in cyberwarfare
Russia's FSB mulls ban on 'Tor' online anonymity network(Russia Today) The head of the Federal Security Service (FSB) has personally ordered preparations for laws that would block the Tor anonymity network from the entire Russian sector of the Internet, a Russian newspaper reported
Litigation, Investigation, and Law Enforcement
Bradley Manning's Tough Sentence Shows White House's Uncompromising War On Data Leakers(TechCrunch) Wikileaks source Private Bradley Manning was slapped with a 35-year prison sentence today -- the largest sentence ever of its kind. "It's further indication that the Executive Branch is very serious about discouraging classified documents," Yale Law School professor Eugene Fidell tells me. "It struck me that it was a little on the high side, but within the range of
Manning to seek pardon from Obama(The Hill) Former Army intelligence analyst Pfc. Bradley Manning is planning to formally request a pardon from President Obama, his lawyer said Wednesday. Manning's attorney, David Coombs, told reporters at Fort Meade, Md., that Manning would apply for a presidential pardon after he was sentenced Wednesday to 35 years in prison on charges of espionage
Secret NSA court opinions declassified(Politico) The nations' top intelligence official is declassifying three secret U.S. court opinions showing how the National Security Agency scooped up as many as 56,000 emails annually over three years and other communications by Americans with no connection to terrorism, how it revealed the error to the court and changed how it gathered Internet communications
Court Eventually Stopped NSA From Collecting Millions Of Communications(TechCrunch) Two new fun facts today regarding America's surveillance state: the National Security Agency was collecting hundreds of millions of communications up until 2011, but a military court stopped them. In a recently declassified and heavily redacted court order, the Foreign Intelligence Surveillance Court (FISC) ruled that a potentially defunct mass email snooping program violated the 4th
NSA used PRISM to collect more than 200 million internet communications a year as of 2011(The Verge) According to a declassified order from the Foreign Intelligence Surveillance Court, as of 2011, the US National Security Agency was "acquiring" more than 250 million "internet communications" each year under Section 702 of the FISA Amendments Act (FAA) -- the statute that allows the NSA to collect the content of internet communications. The order states that the "vast majority" of these communications were obtained from internet service providers under PRISM, and that only nine percent of of the total internet communications acquired by the NSA were part of it's "upstream" collection practices, which pull data directly from telecommunications cables
NSA Program Found Unconstitutional Went On For 3 Years; Started Right After Telcos Got Immunity(TechDirt) A further delve into the latest NSA surveillance bombshell from the WSJ highlights the ridiculousness of the claims that there were "no violations" by the NSA over the years. We've been aware for a while that the FISC ruled a certain NSA program unconstitutional, but the details had been kept secret. It only came out that something was found unconstitutional a year ago, through the efforts of Senator Ron Wyden. Since then, people have been digging for more. The DOJ finally has agreed to release a redacted version of the FISC ruling after fighting it for a while, but as we wait, some more details have been coming out. Last week's Washington Post story about abuses claimed that this particular program wasn't reported to the FISC for "many months."
Retired sailor guilty of attempted espionage(Norfolk Virginian-Pilot) In about as much time as it took to eat a late lunch, a federal jury on Wednesday convicted a retired sailor from Virginia Beach of trying to pass classified information to Russian spies
Investigation At Bloomberg Finds A Don't Ask, Don't Tell Newsroom Culture(Forbes) The news that some reporters at Bloomberg News used access to the company's clients' data in their reporting put the financial news giant under a microscope earlier this year. But was it the isolated and relatively harmless actions of a few or evidence of systemic rot? A three-month review of the organization's practices suggests it was mostly the former, but also describes a newsroom culture where a large number of reporters had a vague sense they were getting away with something shady
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
TechCrunch Disrupt San Francisco(San Francisco, California, September 7 - 11, 2013) For the fourth year in a row, TechCrunch Disrupt will take over the San Francisco Design Center Concourse, and we're bringing the hottest startups and best minds in the industry with us. Block off September...
SANS CyberCon Fall 2013(Online, September 9 - 14, 2013) With sequestration still in place, organizations are finding themselves with training budgets, but drastically reduced travel budgets. This one-of-a-kind online training event brings SANS' top instructors...
15th Annual AT&T Cyber Security Conference(New York, New York, USA, September 10, 2013) The AT&T Cyber Security Conference is an annual day-long conference offered by the AT&T Chief Security Office. Combining the expertise of its security experts, the scale and reliability of its global IP...
International Common Criteria Conference(Orlando, Florida, USA, September 10 - 11, 2013) FBC invites you to participate in the International Common Criteria Conference (ICCC) taking place in Orlando, Florida. This is the first time since 2000 that the ICCC is taking place in the U.S. The ICCC...
GrrCon(Grand Rapids, Michigan, USA, September 12 - 13, 2013) Says IT World, "Another hacker conference, this time in Michigan. The schedule looks to be bawdy, brash and anything but dull, with hackers promising to "pwn" you before you leave town. There are also...
cybergamut Technical Tuesday: Malware Analysis for the Masses(Columbia, Maryland, USA, September 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With...
Shaping the Future of Cybersecurity Education Workshop(Gaithersburg, Maryland, USA, September 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National...
NovaSec!(McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...
Strange Loop(, January 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and...
ISSA Cyber Security Forum at Ft Belvoir(Fort Belvoir, Virginia, USA, September 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber...
CISO Executive Summit(Atlanta, Georgia, USA, September 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind...
2013 Cyber Security Summit(New York, New York, USA, September 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.