It is, of course, Cyber Monday, and consumers and retailers should be guarded online (especially on auction sites). Retailers ought to resist any temptation to relax security after a weak Black Friday.
Angolan policy arouses Islamist hacktivism. Chronic South Asian tensions sustain low-grade cyber-rioting. Iran alleges Saudi intelligence services are colluding with Israel to produce an upgraded Stuxnet for further attacks on Iran's nuclear program.
A free Wi-Fi proxy (n.b., "free" is usually an ominous qualifier) is implicated in illicit Bitcoin mining. The long-expected Windows XP zero-day is out in the wild. Trend Micro reports finding JPEG files used as vectors in targeted malware campaigns. Trustwave warns that iOS is vulnerable via file-sharing apps.
Banks in India, England, and Russia share their experiences with cyber attack. Dark Reading finds the (qualified) sunny side of botnets.
L'affaire Snowden has brought the insider threat into high relief, but a survey suggests few companies appear to have taken effective steps against it.
In industry news, Akami announces it will buy Prolexic, and Pwnie Express opens a Boston headquarters. Analysts foresee a wave of consolidation among big US defense integrators. Encryption draws growing attention from both start-ups and established firms.
Giving Tuesday follows Cyber Monday, and CyberPoint announces an "Anti-Malwear" offering to cover consumers (and support charities).
HM Government moves closer to promulgating UK cyber security standards. Britain and India also open talks on cyber cooperation.
The EU and the US (standing in for the other Five Eyes countries) remain at loggerheads over surveillance.
Today's issue includes events affecting Angola, Australia, Canada, China, European Union, Iceland, India, Indonesia, Iran, Israel, Japan, Kenya, Morocco, Netherlands, New Zealand, Nigeria, Pakistan, Romania, Russia, Saudi Arabia, Spain, Turkey, United Arab Emirates, United Kingdom, United States..
#OpNSA: 31 Australian Government domains hacked amid spying row with Indonesia(Hack Read) Newly emerging hackers from Indonesia going with the handle of Gantengers Crew are being the hacking of 31 Australian government owned domains against Canberra's spying activities over Jakarta. SultanHaikal of Gantengers Crew told me that Indonesians are in anger over spying row and that is why 28 sub-domains of New South Wales's government
RedHack hacks Turkish Ruling Party's Mersin City website, take over their twitter account.(Hack Read) The online hacktivist group RedHack has started retaliating against the arrest of Taylan Kulaçoğlu who was sent to prison yesterday for allegedly being a member of RedHack. As we had reported yesterday that RedHack has announced total retaliation against Taylan's arrest and backing him up till the last limit. The group has now taken down official website of Turkish ruling party's Mersin City website
Turkish Hackers Hacks official Vodafone Iceland website, leaks 77,000 accounts and SMS logs(Hack Read) Famous Turkish hacker going with the handle of @AgentCorporatio from Turkish Agent Hacker Group has hacked and defaced the official website of telecom giant Vodafone Iceland. As a result of hack, the hacker has leaked around 77k user accounts with customers SMS logs. The hacker who contacted me on Twitter explained that reason for targeting Vodafone was to mark his protest against USA and Israel
Pakistan Peoples Party Website Hacked and Defaced by Nigerian Cyber Army(Hack Read) A hacker going with the handle of Dr41DeY from Nigerian Cyber Army has hacked and defaced the official website of ex-president Zardari's political Party known as Pakistan Peoples Party. Hacker left a deface page along with a message on the hacked website without explaining the reason for targeting the website
JPEG Files Used For Targeted Attack Malware(TrendLabs Security Intelligence Blog) We recently came across some malware of the SOGOMOT and MIRYAGO families that update themselves in an unusual way: they download JPEG files that contain encrypted configuration files/binaries. Not only that, we believe that this activity has been ongoing since at least the middle of 2010. A notable detail of the malware we came across is that these malware hide their configuration files. These JPEGs are located on sites hosted in the Asia-Pacific region, and we believe that these malware families are used in targeted attacks in the region as well
CryptoLocker ransomware's professional execution ups the ante(SearchSecurity) Ransomware attacks have been around for seemingly as long as the field of information security itself, but for the most part, they've been labeled as a nuisance more so than as a true threat. A recent ransomware iteration called CryptoLocker may be changing that perception one infection at a time
Rogue antivirus that takes webcam pictures of you(Webroot Threat Blog) Recently we heard of a rogue fake antivirus that takes screenshots and webcam images in an attempt to further scare you into succumbing to it's scam. We gathered a sample and sure enough, given some time it will indeed use the webcam and take a picture of what's in front of the camera at that time. This variant is called "Antivirus Security Pro" and it's as nasty as you can get
Overlays and Red Herrings(Fortinet Blog) The Small Trojan downloader family has recently added new hallmark traits to the latest W32 variants
Lessons learned from Anonymous and Operation Last Resort(Help Net Security) Activists that have links to Anonymous were able to gain access to U.S. government computers through a software flaw on the outdated Adobe ColdFusion platform. This left many agencies vulnerable to penetration and attackers were left undiscovered for almost 12 months
UK's Suffolk County Police & Crime Commissioner Website Hacked by Zone Injector Team(Hack Read) A hacker going with the handle of pyXeL from Zone - Injector Team has hacked and defaced the official website of United Kingdom's Suffolk County Police & Crime Commissioner Tim Passmore's website on 23rd November, 2013. Team left a deface page along with a message on the high profile hacked website with no explanation of why the site was targeted
Study: Privilege management policies unaltered after Snowden leaks(SearchSecurity) Edward Snowden's revelations regarding the NSA's spying activities may have forced more IT security professionals to reconsider the issuance of administrator rights at their organizations, but a recent survey suggested those companies aren't necessarily taking action on those concerns
Internet of Things will challenge today's privacy practices(FierceGovIT) The Internet of Things--a state in the not distant future when hundreds of billions of objects now disconnected from computer networks will routinely transmit data across the web—will require a new privacy paradigm, says the Future of Privacy Forum
The true cost of cybercrime(Help Net Security) From a cybercrime perspective, the opportunities are boundless: Seemingly everything has a computer in it, cars and pacemakers included. It's almost certain that the sophistication of exploits and attacks will increase, and that new exploit modes will surface with the ongoing computing and mobility revolution
Can we expect a cyberwar resurgence?(Help Net Security) Neohapsis security experts predict that next year there will be a cyberwar resurgence, the cloud will begin to show its hidden costs, and privacy will continue to lose in the US legislature
Can Biometrics Make a Comeback?(eSecurity Planet) Biometrics promised to bring security to everything from transactions to systems usage. Yet biometrics never saw broad adoption. Can biometrics finally go mainstream
HP Enterprise Services to Take Over As HealthCare.gov Web Host(GovConWire) HP logoHewlett-Packard (NYSE: HPQ) has won a contract to take over as web hosting provider for HealthCare.gov in a move that will transition the federal health insurance marketplace to a new data center, The Wall Street Journal reported Wednesday
GCHQ Announces First Members in Dual–track Cybersecurity Schemes(InfoSecurity Magazine) The information security arm of the UK's GCHQ and the Centre for the Protection of National Infrastructure (CPNI) have announced the first accredited members of the two cybersecurity incident-response initiatives unveiled in late 2012
Goodbye, old guard: Defense mergers may be coming(Yahoo! Finance) Most investors have never heard of Ashton "Ash" Carter. But the man who is the Pentagon's de facto operations chief retires next week, and his departure could have a major impact on the defense industry and Wall Street
Techies Vs. NSA: Encryption Arms Race Escalates(ABC News) Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency's recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies
Security upgrades show Snowden won(Stuff) Former National Security Agency contractor Edward Snowden succeeded where President Barack Obama couldn't - getting Microsoft, Google and Yahoo to upgrade computer security against hackers
Defense Department tackles mobile authentication(Washington Post) The Defense Department says it's committed to a future in which service members and civilians can use the latest and greatest mobile technology to get their work done, regardless of the device manufacturer. But it's still struggling mightily with one of the biggest challenges for mobility in the government: identity management
Innovative New Product from CyberPoint Offers Secure and Convenient Coverage for Consumers Operating in Public Spaces(Baltimore Business Journal) CyberPoint International, LLC, a global provider of cyber security services, solutions, and products, announced today the release of its newest consumer protection product. Code named "T," this innovative new product integrates a powerful network of fibers enabling secure and convenient coverage for consumers operating in public spaces. T comes complete with an easy-to-use alerting system designed to proactively protect consumers from the daily threats they encounter. As the latest addition to CyberPoint's Anti-Malwear line, T also ensures that others know you have a sense of humor
Analysis: Enterprise password management tools have room to improve(SearchSecurity) While we all have too many passwords to deal with, few of us have the proper tools for promoting better password hygiene in our day-to-day working lives. Despite the variety of consumer-oriented products available, finding an enterprise password management product or tool can be quite difficult
UK Cyber Security Standards(UK Department of Business, Innovation, and Skills) BIS commissioned a research project into the availability and adoption of cyber security standards across the UK private sector. This report combines the responses to an extensive and wide-ranging online survey, the findings of a series of in-depth one-to-one interviews with a broad range of UK business leaders, and an analysis of the current cyber security standards landscape in order to provide an insight into the current levels of both supply and demand in this area
How PCI 3.0 changes the PCI DSS penetration testing requirement(SearchSecurity) I saw that the PCI DSS 3.0 preview made penetration testing a requirement for everyone, including SMBs. Could you detail what exactly is required out of PCI DSS penetration tests to achieve compliance? What do you think would be the cheapest method for SMBs to meet this requirement
Bitcoin Forensics: A Journey into the Dark Web(Forensic Focus) There has been a lot of buzz around Tor, Bitcoin, and the so-called "dark web" (or "deep web") since the FBI shut down the underground website "Silk Road" on Oct 1st. As many of you already know, Tor is a network of encrypted, virtual tunnels that allows people to use the internet anonymously, hiding their identity and network traffic. Using Tor's hidden service protocol, people can also host websites anonymously that are only accessible by those on the Tor network
OS X Mavericks Metadata(Forensic Focus) Apple recently released the newest version of their desktop operating system, Mac OS X Mavericks. As a free update to all supported Apple desktops and laptops, a wide adoption rate was expected, and in fact it was estimated that within the first 24 hours, 5.5% of all Mac laptops and desktops were already running the new operating system. It becomes necessary for a forensic examiner to understand how changes to the file metadata system can be used as a source of new evidence during an investigation. In this article, I would like to cover two significant changes to the metadata generated by OS X Mavericks that, if properly preserved, can be a useful source of evidence
Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection(Forensic Focus) Every rootkit employs a wide range of masquerading techniques to prevent its detection. Anti-virus and anti-malware tools must perform what is called, in forensic terms, "live box analysis", performing a real-time scan of a live system. No wonder rootkits can actively resist detection by either hiding themselves or messing with anti-virus software or the system kernel. This constant battle makes rootkit detection not only difficult and unreliable, but disruptive and potentially dangerous to system stability and the integrity of user data
5 steps to survive a Meaningful Use audit(FierceHealthIT) Although the government will hit only a small percent of the nation's providers with a Meaningful Use attestation audit, the stakes are high: Any single attestation misstep could be grounds for loss of the full incentive payment
Handling HIPAA: 4 new provisions providers must know(FierceHealthIT) If knowledge--including patient data--is power, then the U.S. Department of Health & Human Services has sent a message to providers and other organizations charged with handling and protecting that data when it published the HIPAA omnibus final rule: With great power comes great responsibility
SME cloud — blanket security or security blanket?(ComputerWeekly) Small and medium-sized enterprises (SMEs) are as vulnerable to security threats as their larger counterparts. Everyone uses the same internet, much of the same software and has the same vulnerabilities from employee mishap or attacks on valuable data. Yet the SMEs does not normally have the luxury of a full-time IT security specialist, let alone the budget for bullet-proof specialist security systems
Verify your software for security bugs(Help Net Security) Verification is an important phase of developing secure software that is not always addressed in depth that includes dynamic analysis and fuzzing testing. This step allows checking that security has been built in the implementation phase: secure coding and using compilers mitigation correctly
Cyber Defense Competitions a major hit on campus(SearchSecurity) At Iowa State University we have one of the oldest security education programs in the country. This has given us insight into the needs of both the students we educate, and the companies that hire them
Studying the art of white hat hacking(Saturday Gazette-Mail) It took a bit of convincing with the powers-that-be. They wanted to train students to think and act like hackers to better understand their methods, said Marshall University assistant professor Bill Gardner
India, UK talks on cyber security on December 3(The Economic Times) India and the UK will discuss ways to implement their cyber security partnership at a high-level meeting in the Capital on December 3, according to an internal foreign ministry note seen by ET
EU Tells US: End Mass Spying(InformationWeek) Responding to surveillance revelations, EU officials seek changes in commercial and law enforcement data sharing arrangements with the US
National interest served by PM's no–apology stance(The Australian) FEW prime ministers have faced a more challenging start, particularly in the area of foreign policy, than Tony Abbott. Voters judge prime ministers not only on how effectively they implement their policies, but also how they respond to unexpected events
NSA, Cyber Command leadership split mulled(Washington Post via the Tribune-Review) Key senior Obama administration officials have advocated splitting the leadership of the nation's largest spy agency from that of the military's cyberwarfare command as a final White House decision nears, according to individuals briefed on the discussions
Commentary: Let CYBERCOM Stand Alone(DefenseNews) Over the past few months, numerous commentators have weighed in about the future of the National Security Agency-US Cyber Command (CYBERCOM) relationship. The impending retirement of Army Gen. Keith Alexander, who heads both organizations, and his top deputy, creates a logical opportunity to review the government's cyber-related organizational chart
Boehner fighting NSA bill(American Thinker) How much power does the Speaker of the House have? He can stop a bill from coming to the floor despite the fact that it has the support of a clear majority of members on both sides
HPSCI Seeks "Continuous Evaluation" of Security–Cleared Employees(Secrecy News) Recent unauthorized disclosures of classified information might have been prevented if U.S. intelligence agencies "continuously evaluated the backgrounds of employees and contractors," according to the House Permanent Select Committee on Intelligence
Viewpoint: Automated record checks won't catch all security clearance flaws(Federal Times) When it comes to fixing the nation's security clearance review process, one problem -- the National Security Agency's reported mining of public and nonpublic data to graph the social connections of certain Americans -- can serve as a solution. Of course, using one problem to solve another creates a problematic solution, and the same is true for a solution derived from the non-troublesome aspects of a problem
Latest NSA charge under fire by ACLU(USA Today via the Durango Herald) The National Security Agency collected evidence of online sexual activity and visits to pornographic websites as part of a proposed plan to harm the reputations of six people the agency considered "radicalizers," the Huffington Post reported, citing documents released by former NSA contractor Edward Snowden
Former NSA director: Snowden cache would be 'catastrophic'(The Hill) Former National Security Agency and Central Intelligence Agency Director Michael Hayden on Sunday said that reports that former NSA contractor Edward Snowden is keeping a "Doomsday Cache" of highly classified material are within reason
Britain targets Guardian newspaper over intelligence leaks related to Edward Snowden(Washington Post) Living in self-imposed exile in Russia, former National Security Agency contractor Edward Snowden may be safely beyond the reach of Western powers. But dismayed by the continued airing of trans–atlantic intelligence, British authorities are taking full aim at a messenger shedding light on his secret files here — the small but mighty Guardian newspaper
US Army settles unlicensed software claim for $50 million(ITWorld) The U.S. Army will pay Apptricity, a supply chain and financial software developer, US$50 million to settle a copyright infringement claim that it used but didn't pay for thousands of copies of logistics management software
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ACG® New York Cyber Security Investor Conference(New York, New York, December 11, 2013) The ACG New York Cyber Security conference will feature experts in Cyber Security that will enable you to understand the opportunities for investment in a number of areas that constitutes Cyber Security.
Operationalize Threat Intelligence(Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...
Cloud Security Alliance Congress 2013(Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...
SINET Showcase: THE SINET 16(Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...
World Congress on Internet Security(London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.