On Giving Tuesday one glumly observes the predictable rise in online scams. On a happier note, one also notes the pleasant rise in legitimate philanthropic opportunities, many provided by the cyber and tech industries. Give prudently, but do consider giving.
Curesec warns of an Android 4.3 vulnerability that lets attackers remove locks from devices. The currently circulating Windows XP exploit uses sophisticated anti-analysis techniques, a discovery that should motivate even the most hidebound users to abandon the obsolescent OS.
Reports concerning BadBIOS (that elusive Sasquatch of malware) remain uncorroborated, but researchers at Germany's Fraunhofer Institut have published a conceptual framework for a stealthy high-frequency acoustic botnet that does indeed seem a plausible threat to air-gapped networks.
Threatpost reports that Google is investigating a possible denial-of-service problem with Nexus phones.
Sheep Marketplace, an underground successor to SilkRoad, reports the theft of about $6M in Bitcoins, and then shuts itself down. Bitcoin becomes CryptoLocker's preferred ransom currency. Various legitimate apps are bundled with a surreptitious Bitcoin miner. (The tip-off to the miner's existence? It's mentioned in the apps' EULA.)
D-Link releases firmware security patches for older versions of its routers.
BlackBerry continues to resist extinction, and gains sales to European governments wary of surveillance. Deciding it's not worth its while to overcome suspicions of cyber-espionage, Huawei continues its long good-bye to the US market.
IEEE Spectrum assesses D-Wave's quantum computer.
Canada and Japan both consider laws permitting more online surveillance. New Zealand's security services will answer Parliamentary questions about Kiwi cyber operations.
Today's issue includes events affecting Canada, China, European Union, Germany, Honduras, India, Iran, Ireland, Israel, Japan, Netherlands, New Zealand, Pakistan, Russia, South Africa, United Arab Emirates, United Kingdom, United Nations, United States..
Cloned Facebook accounts hit up friends with spam and money requests(Naked Security) The scam hit a TV news station in the US, with attackers scraping photos from reporters' profiles and using them on bogus accounts taken out under their victims' names. Using those fake accounts, they then milked their targets' friend lists to spam out malicious links
Free shopping voucher offer leads to phishing(Help Net Security) Cybercriminals have been ramping up their efforts as the year draws to a close, and have initiated hundreds - if not thousands - email spam campaigns, trying every approach possible to get users to part with their personal and financial information, or to install malware
On Covert Acoustical Mesh Networks in Air(Journal of Communications) Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication
Windows XP/Server 2003 Zero–Day Payload Uses Multiple Anti–Analysis Techniques(TrendLabs Security Intelligence Blog) Several days ago, Microsoft released a security advisory disclosing a new zero-day vulnerability in older versions of Windows. It was reported that it was being abused by a malicious PDF file (TROJ_PIDIEF.GUD) to deliver a backdoor (BKDR_TAVDIG.GUD) onto affected systems in "limited, targeted attacks"
Legitimate apps bundled up with secret Bitcoin miner(Help Net Security) As the value of Bitcoin continues to rise, a lot of people are trying to cash in on the craze. Some do it legally, by getting their own machines to perform the calculations required, and others try to make other users' machines do it for them
The FBI TOR Exploit(Infosec Institute) The Tor network is an anonymizing network that allows people to browse the web and access other services without being traced. As part of this network, there is the so-called "darknet," servers accessible only through Tor, which host a variety of services from forums to e-mail
Anonymous hacks and defaces Interpol Honduras and State Police websites against electoral fraud(Hack Read) The online hacktivist group 'Anonymous Honduras' has hacked and defaced 6 high profile Honduras government ministries websites against the alleged fraud in country's presidential elections. Hacked websites belong to Interpol Honduras, two websites of National Police of Honduras, Superintendent of Public Alliance, Honduras, Ministry of Culture and Zolitur Island under Ministry of Tourism
URM Says Cyber Attack Has Been Blocked; Credit/Debit Card Use Resumes(KHQ) In a press release issued Monday night, URM Stores said they have put enhanced security measures into place to block the cyber-attack that focused on stealing vital customer information. URM says customers may now resume using credit, debit, EBT, and gift cards in all member stores
Bashmobs: Using Social Media to Organize Disruptive Activity(Cyveillance) As mobile devices and texting became common in the early 2000s, people realized they could be used to encourage a large group to meet in a coordinated manner, particularly in cities, giving rise to the modern phenomenon known as the "flash mob". At first, flash mobs were a fun way for people to organize a choreographed performance or event that to random spectators, appeared to materialize out of thin air
Security Patches, Mitigations, and Software Updates
How much cyber attacks could cost an average home user(CIOL) The average cost of multimedia files that a user might lose from a device as a result of a cyber attack or other damage is estimated at $418, according to this year's Consumer Security Risks Survey, conducted by B2B International and Kaspersky Lab
Shopping convenience overrides security concerns(Help Net Security) Tripwire announced the results of a survey on mobile security and holiday shopping. The survey was conducted by Dimensional Research and OnePoll from November 18-20, 2013, and evaluated the attitudes of 1,400 consumers in the U.S. and U.K
The Foreign Policy Essay: Erik Gartzke on "Fear and War in Cyberspace"(Lawfare) Cyberwar is all the rage, and with it questions on what new technologies mean for society and—Lawfare specialties—the implications of these changes for surveillance, privacy, intelligence, and the laws of war. However, we may have rushed to explore the trees without looking at the overall forest
FBI details major trends in cyber attacks against SMB's(Trend Micro Simply Security) In my discussions with partners and customers across the globe, I often hear comments and statements that SMB's (Small and Medium-Size Business) aren't a big enough target to be the focus of a cyber attack
Encryption ethics: Are email providers responsible for privacy?(Pando Daily) Ex–National Security Agency (NSA) employee Edward Snowden's various leaks — the most recent being a slide showing that the NSA infected 50,000 of computer networks with remote–controlled spyware — confirm that state intelligence agencies around the world have been collecting and analyzing people's behavior online for years
BlackBerry could benefit from NSA snooping(FierceMobileIT) Apple products losing out among European governments. The scandal around the National Security Agency (NSA) could work to the benefit of Canadian firm BlackBerry, especially among foreign governments
Scrub–a–dub–dub: Akamai and Prolexic in the tub(Scurosis) They say it is better to be lucky than good. I seem to test that theory on a daily basis. Just yesterday I ranted about the need for multi-layer DoS defenses, mostly by poking at a Prolexic white paper advocating the opposite. I alluded to the reality that most customers wouldn't run all their traffic through a scrubbing center, so they need on-premise defenses as well (so a multi-layer system)
Israeli hacking school trains cyber warriors(NDTV) Hadera: Three hooded hackers hunch over their computer screens in the control room at Israel's new state-of-the-art "Cyber Gym", where IT and infrastructure company employees train to defend against cyber-attacks
MongoDB startup hired by Aadhaar got funds from CIA VC arm(The Economic Times) Two weeks ago, Max Schireson, chief executive of MongoDB, a New York-based technology startup, was in New Delhi to sew up a very important contract for his company — with the Unique Identification Authority of India (UIDAI)
Cylance Selected as SINET 16 Innovator(SYS-Con Media) Cylance, Inc., a global provider of disruptive cybersecurity products and services that reinvent the way organizations prevent advanced threats, today announced that it has been selected as a SINET 16 Innovator. Cylance will present its unique approach to advanced threat detection and prevention through use of complex mathematical models during the SINET Showcase 2013
Huawei decides to exit the US market over cyber espionage concerns(TechSpot) Chinese networking and telecommunications equipment provider Huawei is calling it quits in the US. CEO Ren Zhengfei recently told French news site Les Echos that it wasn't worth it for his company to get in the middle of US / China relations and as such, they have decided to exit the US market
Google Brings The Telethon Online With First–Ever "Hangout–a–thon"(TechCrunch) On Tuesday – aka Giving Tuesday - Google will repurpose its video broadcasting service called Google+ Hangouts to help host an online "Hangout-a-thon" that aims to connect those interested in making charitable donations with a worthy cause of their liking
Cisco Employees Line Up to Participate in #GivingTuesday(Cisco Blogs) Forget about fighting crowds on Black Friday and maxing out your credit card on Cyber Monday. Join a movement that matters and kick off the giving season with #GivingTuesday on December 3. Just post or tweet about how you give back on any social media channel and use the hashtag #GivingTuesday
Innovative New Product from CyberPoint Offers Secure and Convenient Coverage for Consumers Operating in Public Spaces(Sacramento Bee) CyberPoint International, LLC, a global provider of cyber security services, solutions, and products, announced today the release of its newest consumer protection product. Code named "T," this innovative new product integrates a powerful network of fibers enabling secure and convenient coverage for consumers operating in public spaces. T comes complete with an easy-to-use alerting system designed to proactively protect consumers from the daily threats they encounter. As the latest addition to CyberPoint's Anti-Malwear line, T also ensures that others know you have a sense of humor. Take a look at T
Even in the Quietest Moments…(Internet Storm Center) I recently had a migration from one internet uplink to another to do for a client. As with many organizations, they have about 40% of their workforce at head office, and 60% (and sometimes more) of their workforce operating remotely, so taking the Firewall and especially the VPN services offline is a very big deal. There is no good time to take things down given that their sales force has people in just about every time zone, there are just times that are "less bad" than others
Applied Crypto Hardening(Better Crypto) This guide arose out of the need for system administrators to have an updated, solid, well researched and
thought-through guide for conguring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age
Eight tips for more secure mobile shopping(CSO) With the holiday shopping season upon us, users who are shopping using mobile devices need to take the proper steps to protect themselves and sensitive corporate data
Standardized tests discriminate against the next Einsteins and Teslas(Quartz) At 16, Albert Einstein wrote his first scientific paper titled "The Investigation of the State of Aether in Magnetic Fields." This was the result of his famous gedanken experiment in which he visually imagined chasing after a light beam. The insights he gained from this thought experiment led to the development of his theory of special relativity
Legislation, Policy, and Regulation
UN: Mass Surveillance Violates Universal Human Rights(Threatpost) The United Nations has joined the growing chorus of people, organizations and activists denouncing government mass surveillance of citizens without cause and says that such programs are a violation of basic human rights
More on the (Alleged) Global Right to Privacy(Lawfare) Over at EJILTalk!, Marko Milanovic has a five-part series considering the possibility of a global right to privacy against government surveillance Milanovic's posts are in part a response to posts by Ben and me, so I thought I would offer just two quick thoughts in response
Spy agency chiefs to face MPs in public(Dominion Post) New Zealand's top spooks face a barrage of questions from MPs today as Parliament's intelligence and security committee is held in public for the first time
Federal cyber security policy (finally) begins to gel(Baltimore Business Journal) A framework for the federal government's approach to protecting the nation's critical infrastructure from cyber threats has emerged, writes Steve Charles. Comprehensive cyber security legislation heated up, but never really came to a boil. It will probably stay on the back burner for a while. Yet a framework for the federal government's approach to protecting the nation's critical infrastructure from cyber threats has emerged
NSA employees received talking points for Thanksgiving dinner(Russia Today) If a politically-charged dinnertime debate sidelined your Thanksgiving, don't blame the National Security Agency. New documents have surfaced suggesting the NSA sent their employees home for the holidays with pre-determined talking points
Internet firms ordered to block file–share sites(The Independent) THREE major music companies have been granted orders which will allow internet service providers here to block access to a file-sharing website as part of efforts to prevent "wholesale copyright theft" on "a grand scale"
700 Domains seized by ICE, Europol and Hong Kong Customs on Cyber Monday(InfoSecurity Magazine) This year's Cyber Monday, traditionally the start of the holiday online shopping season, marked the end of it for more than 700 websites involved in selling counterfeit merchandise – all seized in a joint operation between ICE (297), Europol (393) and Hong Kong Customs (16)
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Anti–Malwear T Giving Tuesday Happy Hour(Baltimore, Maryland, USA, December 3, 2013) In honor of Giving Tuesday, CyberPoint is hosting a happy hour today, Tuesday, December 3, from 4-7pm at James Joyce (616 S. President Street, Baltimore, MD 21202) in Harbor East. If you'd like to join...
Cylance Talk: Risk Does Not Equal Threat(Arlington, Virginia, USA, December 10, 2013) Attacks, malware and careless users may trigger alarm bells, but that does not mean your business is in danger. Compliance and risk management requirements, while necessary, result in additional work,...
NASA Langley Cyber Expo(Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
Cyber Training Forum at NGA(Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...
Nellis AFB - Technology & Cyber Security Expo(Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...
Operationalize Threat Intelligence(Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...
Cloud Security Alliance Congress 2013(Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...
SINET Showcase: THE SINET 16(Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...
World Congress on Internet Security(London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
ACG® New York Cyber Security Investor Conference(New York, New York, December 11, 2013) The ACG New York Cyber Security conference will feature experts in Cyber Security that will enable you to understand the opportunities for investment in a number of areas that constitutes Cyber Security.
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.