Analysts continue to puzzle over the amount of Internet traffic recently routed, without apparent good reason, through odd nodes, mostly in Iceland and Belarus. The eccentric routing may have been part of a man-in-the-middle attack campaign.
The Internet Explorer reflective cross-site scripting filter in use since IE 8 could be exploited for malicious code execution. The issue is complicated, and arguably not a "vulnerability" in the narrow sense of the term since the bypass method is an accepted part of HTML standard. Microsoft doesn't plan a fix, and so researchers consider alternative mitigations.
A management application for compromised commercial Windows Web shells is out in the wild.
JPMorgan warns nearly 500M customers that hacked pre-paid cash cards have exposed personal information. The Royal Bank of Scotland puts recent outages down to "decades" of IT underinvestment.
Bogus MasterCard and Amazon communications spread malware. A large point-of-sale cybercrime campaign is stealing card data using Dexter and Project Hook malware.
A UK delivery business provides a cautionary tale of small-business vulnerability to cyber crime. (This tale has a happy ending.)
Huawei continues to cozy up to the British market. US tech firms grow increasingly vocal in their criticism of US electronic surveillance policy.
International scrutiny of that policy continues as allegations surface of Swedish surveillance of Russian targets on behalf of the US.
As cyber "weaponization" advances, governments are negotiating an update to the Wassenaar Agreement on arms export control that will extend to such dual-use areas as networking and deep-packet inspection technology.
Today's issue includes events affecting Australia, Belarus, Belgium, China, European Union, France, Germany, Honduras, Iceland, India, Lithuania, Russia, Sweden, United Kingdom, United States..
Cylance Selected as SINET 16 Innovator(SYS-CON) Cylance, Inc., a global provider of disruptive cybersecurity products and services that reinvent the way organizations prevent advanced threats, today announced that it has been selected as a SINET 16 Innovator
Damballa Selected as SINET 16 Innovator for Upcoming 2013 SINET Showcase(BusinessWire) Damballa, the experts in advanced threat protection, today announced that it will present its recently released Failsafe 5.2 technology during the SINET Showcase 2013 to be held December 4-5, 2013 at the National Press Club in Washington D.C. The Security Innovation Network™ (SINET) is an organization focused on advancing Cybersecurity innovation through public-private collaboration
Mobile System 7 Selected as a 2013 SINET 16 Innovator(PRWeb) Mobile System 7, Inc., a leader in enterprise mobile security, today announced that it has been selected as a SINET 16 Innovator. The Security Innovation Network (SINET) advances cyber security innovation and enables collaboration between the public and private sectors to defeat global cyber threats
Endgame Selected as 2013 SINET 16 Innovator(Endgame) Endgame was selected by The Security Innovation Network (SINET) as a top emerging technology company from a pool of 115 applicants and will present at the 2013 SINET Showcase in Washington, DC on December 5
Pindrop Security Selected as SINET 16 Innovator to Present at 2013 SINET Showcase(Pindrop Security) Pindrop Security, the pioneer in phone fraud prevention and call center authentication for banks and enterprise call centers, and the Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, today announced that Pindrop Security has been selected as a SINET 16 Innovator. Pindrop will present its Phoneprinting™ technology during the SINET Showcase 2013 to be held December 4-5, 2013 at the National Press Club in Washington, DC
About ZanttZ, Inc.(ZanttZ) ZanttZ's solutions will detect and mitigate the large number of new sophisticated attacks on enterprise and government networks; in particular, we are targeting Advanced Persistent Threats (APTs) that have proven extremely vexing for existing security solutions—many of them are not caught today despite organizations spending over $9B on overall network security
Bypass of Internet Explorer Cross–Site Scripting Filter Possible(Threatpost) A weakness has been discovered in the reflective cross-site scripting filter present in Internet Explorer since IE 8 that could enable an attacker to trick the browser into executing malicious code as trusted. The problem going forward is twofold: everything occurring in the bypass method is accepted as part of the official HTML standard going back at least 15 years; and Microsoft said it will not work on a fix for the flaw
Commercial Windows–based compromised Web shells management application spotted in the wild(Webroot Threat Blog) For years, whenever I needed a fresh sample of pharmaceutical scams, I always sampled the Web sites of major educational institutions, where a thriving ecosystem relying on compromised Web shells, continues to enjoy the high page ranks of the affected Web sites for blackhat SEO (search engine optimization) purposes. How are cybercriminals managing these campaigns? What type of tools and tactics do they use? In a cybercrime ecosystem that has logically migrated to Web-based platforms for a variety of reasons over the last couple of years, there are still those who're keeping it old school, by releasing host-based DIY cybercrime-friendly
Spoofed MasterCard warning delivers malware(Help Net Security) A worrisome email notifying users that their MasterCard debit card has been blocked just when most of them are trying to do their holiday shopping has been landing in inboxes around the world, warns MXLab
Fake Amazon "Order Status" emails deliver malware(Help Net Security) It comes as no surprise that as holiday shoppers begin to flood the internet looking for deals, the bad guys will be right behind them hoping to swoop in on an unsuspecting victim. Fake invoice scams are year round, but they are so much more effective during that time of year that most everyone is actually expecting packages in the mail from their online purchases
Dexter and Project Hook Break the Bank(Arbor ASERT Threat Intelligence) An active Point of Sale (PoS) compromise campaign designed to steal credit and debit card data using the Dexter and Project Hook malware has been detected. Indicators of compromise will be provided for mitigation and detection purposes. Prior to the publication of this Threat Intelligence document, members of the FSISAC, major Credit Card vendors and law enforcement were notified
Today's "massive" password breach: a Webroot perspective(Webroot Threat Blog) First, this is not a blog about a big corporate breach, or a massive new discovery. Rather, the researchers at Trustwave gained access to a botnet controller interface (the C&C element of a botnet) known as Pony and revealed the data within. Not surprisingly, as the vast majority of botnets target user credentials, this controller had a good deal of data related to passwords. While 2 million passwords might seem like a lot, it is really a drop in the bucket compared to many recent breaches. Think about Adobe who lost a minimum of 28 million, but is rumored to
The Dinosaur in the Room(Dark Reading) Support for Windows XP ends in April 2014; the implications extend beyond the workstation
Researchers demonstrate low-cost NFC eavesdropping device(FierceMobileIT) Near-field communication (NFC) aims to revolutionize mobile commerce, but just how close the technology is to becoming a widely adopted reality is unclear. Many questions remain around standards and security. Gartner for one noted that the technology has been slow to gain traction
DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs(The Hacker News) In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities. After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated
How Mobile Security Lags BYOD(InformationWeek) IT is turbo charging BYOD efforts, but mobile security practices aren't keeping up with the growing risk in several critical areas
Booz Allen Says Cyber Attacks Are the "New Normal" for Financial Services Industry(Hispanic Business) Five years ago, questions directed at boards of directors and senior executives at financial services firms on the toughest risk management issues might have resulted in responses like "liquidity risk," "regulatory compliance," or "bad debt." Few, if any, would have mentioned cyber security. Today, the same question generates a much different answer
9 out of 10 consumers would rather companies didn't store their info(Help Net Security) In the wake of data scandals, consumer trust in data security has hit a ten year low, with over 1 in 10 suffering from a data loss, Fujitsu's data research report has revealed. Only 9% of consumers have any faith in organizations to protect their data, with nearly a third (29%) recording a decline in trust over the last year
Can we predict the future of security?(CSO) Can we predict the future of security? Yes and no, says UK security futurist David Lacey, speaking at the first Australian CSO Perspectives Roadshow in Canberra
Who is practicing security best practice?(CSO) There is a term in the Information Security field that tries my patience in no uncertain terms. That term is, "best practice". People love to bandy this about in discussions about their security program, widget or what have you. But, who is actually practicing
Internet Firms Step Up Efforts to Stop Spying(The New York Times) When Marissa Mayer, Yahoo's chief executive, recently announced the company's biggest security overhaul in more than a decade, she did not exactly receive a standing ovation
America Goes to War With Itself Over Data Security(Bloomberg BusinessWeek) I know a handful of well-connected, cynical security folks in Silicon Valley who continue to maintain pretty much the same take on Edward Snowden. They say they believe he was paid off by China or Russia to leak a series of security documents and change the tenor of U.S. political discourse
Microsoft likens NSA snooping to hacking by the Chinese government(ComputerWorld) Microsoft has come out with the harshest criticism by any tech company of National Security Agency (NSA) snooping, and likened it to the kinds of hacking carried out by top teams of hackers backed by the Chinese government. Is the criticism real, or an attempt to divert attention from Microsoft's past cooperation with intelligence agencies
Procera wins orders at two LatAm fixed–line operators(Telecompaper) Global internet intelligence company Procera Networks has received first-time orders for its PacketLogic Intelligent Policy Enforcement (IPE) systems from two Tier 1 fixed line operators in Latin America, including one cable MSO and one DSL operator
Amit Mital Appointed as Symantec's New Chief Technology Officer(Softpedia) Enlarge picture Former corporate vice president of Microsoft's Startup Business Group, Amit Mital, has been appointed as Symantec's new chief technology officer (CTO). Mital takes the place of Steve Trilling, who will take up an operational senior leadership role
Products, Services, and Solutions
Security gate for open doors(Help Net Security) Internet crime has evolved to a full blown cyber-war, using internet servers as virtual soldiers to take down critical network infrastructures, or to steal information. While most security products focus on backdoors and security holes, hackers "go in" like normal users. The reason is obvious: It's simple, and many systems are not protected adequately
Nessus Helps Harden FireEye Appliances(Satisnet) A new compliance plugin for FireEye appliances is now available for Nessus customers. This new functionality allows you to audit FireEye instances against best-practice hardening guidelines, ensuring that the security appliance and the data contained therein is secure
Is Docker the Future of Virtualization Security?(eSecurity Planet) Virtualization is now the norm in data centers around the world, and with it have come new security challenges. Most virtualization is deployed today with a traditional hypervisor virtual machine
Technologies, Techniques, and Standards
ENISA provides new guide for mitigating ICS attacks(Help Net Security) The EU's cyber security agency ENISA has provided a new manual for better mitigating attacks on Industrial Control Systems (ICS), supporting vital industrial processes primarily in the area of critical information infrastructure (such as the energy and chemical transportation industries) where sufficient knowledge is often lacking
Security certification training programs: How to choose the right one(SearchSecurity) What are the most reliable ways to determine whether a certification training organization is solid? Lots of people who fail a security certification test unfairly give the trainer a bad review, so it's hard to use reviews to know which trainers to choose. What's your advice
Understanding the PCI DSS prioritized approach to compliance(SearchSecurity) I read recently that a PCI DSS official recommended a "risk-based approach" to PCI that allows for partial compliance by meeting the compliance obligations in stages. Is there such a thing, and is it a practical way to achieve PCI compliance
Grasping the nuances of PCI certification levels for service providers(SearchSecurity) I have a PCI compliance question for you, specifically around the level of certification required in a certain scenario. If a service provider has a number of customers with each one handling fewer than 6 million transactions, but as a whole (customers combined) the service provider is handling more than 12 million transactions, should that service provider have Level 1 PCI certification
Passwords aren't going away any time soon(Help Net Security) Despite nearly weekly revelations of new password database breaches, a survey by Authentify suggests that passwords will remain the primary protection for online accounts
Browser hygiene tips for making online shopping safer(Help Net Security) The fuller schedules and longer to-do lists of the holiday season often mean multi-tasking and stress. And busy, distracted people doing their holiday shopping online may be more susceptible to falling into malware traps that attempt to steal credit card info or banking passwords
Updated Standards Part 1 — ISO 27001(Internet Storm Center) Information Security Management Systems was released in September and slipped into use relatively quietly. The standard replaces ISO27001:2005. Whilst the overall intent of the standard remains the same and when you peel back the changes, most of the old standard remains. There are however enough changes that may require some effort to address
Updated Standards Part 2 — PCI DSS/PA DSS(Internet Storm Center) Last week the PCI Security Standards Council released the next versions of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA DSS), version v3.0. The standards are updated over a three year cycle and are valid from the date of release. The previous version can still be used for certifcation until 31 December 2014 giving companies plenty of time to adjust to the new requirements
Beep Beep! UK lays out plans to embrace driverless cars(TNW) The government has said that it wants the UK to be a hotbed of research into driverless cars, and has announced a prize fund of up to £10 million for a town or city to join Milton Keynes in becoming a test center for the new unmanned automotive technology
Sweden's Intelligence Agency Spies on Russian Leaders, Hands Over Data to the NSA(Softpedia) The NSA doesn't work alone, that much has been clear over the past months with all the leaks getting published. Well, this time around, it seems that Sweden is the one that aided the NSA in its effort to get information on Russian leaders. The country's intelligence agency, the FRA, spied on Russian officials and shared the data with its American counterpart
U.S. spy agency gathers data on cellphone locations globally — report(Reuters) The National Security Agency gathers nearly 5 billion records a day on the location of mobile telephones worldwide, including those of some Americans, the Washington Post reported on Wednesday, citing sources including documents obtained by former NSA contractor Edward Snowden
China Restricts Banks' Use of Bitcoin(The New York Times) China moved on Thursday to restrict its banks from using Bitcoin as currency, citing concerns about money laundering and a threat to financial stability
Bitcoin $10,000?(Forbes) Not only is the cyber currency less secure than it has ever been, speculation coupled with Asia's entrance into the market just make bitcoin the "best investment" around for those who love huge spreads between bid and ask prices, and a whole lot of drama. Ladies and gentleman, we have a Bitcoin bubble
Edward Snowden stole up to 20,000 Aussie files(The Australian) MORE than 15,000 secret Australian intelligence reports may have been stolen by rogue US National Security Agency contractor Edward Snowden in what the Coalition government is now describing as the most damaging blow dealt to Australian intelligence in the nation's history
When Edward Snowden came to India to learn 'hacking'(Financial Express) A thin, bespectacled man seemingly fastened to his chair. His eyes glued to his desktop, the only visible movement being of his fingers running through the keyboard, the only sound audible being the scrolling of the mouse. The man who never asked questions, is one part of the story of Edward Snowden. This is what trainers at Koenig Solutions LTD in West Delhi's Moti Nagar area remember of computer analyst-turned-whistleblower Edward Snowden
How an undercover agent brought down a $50 million cybercrime ring(The Daily Dot) This week, a federal court trying David Camez for his role in an identity fraud syndicate known as Carder.su heard a sort of testimony that's bound to become more and more common. Former Secret Service and current Homeland Security agent Michael Adams, when called as a witness, laid out the details of a sprawling, four-and-a-half-year undercover operation that exposed the identities of the organization's key players
Million–dollar fine for sneaky Bitcoin botnet builders(Naked Security) New Jersey has slapped a million-dollar fine on an on-line gaming company that sneakily used its own anti-cheating software to mine Bitcoins on its customers' computers. The company is paying under protest, claiming a "deep misunderstanding of the nature of our business"
Tweeters to be offered legal tips to avoid lawsuits(Reuters) The government's chief legal adviser said on Wednesday he plans to offer guidelines to social media users to help them avoid breaking Britain's laws on contempt when posting comments about court cases
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Operationalize Threat Intelligence(Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...
Cloud Security Alliance Congress 2013(Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...
SINET Showcase: THE SINET 16(Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...
World Congress on Internet Security(London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
Cylance Talk: Risk Does Not Equal Threat(Arlington, Virginia, USA, December 10, 2013) Attacks, malware and careless users may trigger alarm bells, but that does not mean your business is in danger. Compliance and risk management requirements, while necessary, result in additional work,...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
ACG® New York Cyber Security Investor Conference(New York, New York, December 11, 2013) The ACG New York Cyber Security conference will feature experts in Cyber Security that will enable you to understand the opportunities for investment in a number of areas that constitutes Cyber Security.
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.