Radio Free Europe and Radio Liberty again come under cyber attack — no attribution reported.
Kaspersky researchers puzzle over a 64-bit version of the Zeus banking Trojan they've found in the wild. It behaves about the way its 32-bit counterparts do, so either someone's selling sizzle on the black market (the 64-bit "wow factor") or they're positioning Zeus early for attacks on future systems.
Lookout finds a new version of MouaBad Android malware that makes phone calls without user intervention. Bitdefender reports an unrelated Android vulnerability present in Widdit, an app development framework used to build in advertising capabilities. Widdit requests (and gets) many permissions on its initial download.
Holiday-themed criminal phishing campaigns are in full swing. State intelligence services phish too: details of the G20 campaign emerge that show China used saucy pictures of then French first lady Bruni as phishbait (also Syrian insurrection news, for reeling in stodgier or more conscientious diplomats). Infected foreign ministries might have mitigated the attacks through more effective network segmentation.
Those bogus certificates Google and others revoked earlier this week were tied to a French government man-in-the-middle campaign apparently designed to keep tabs on its own workers. They're not the only ones concerned about insider threats: employers now worry about "jammers" used to hide jailbroken devices.
Anonymization remains a hard problem: Disqus is found vulnerable to deanomymization.
Blue Cross laptop theft and other organizations' equipment disposal issues highlight the hardware side of cyber risk.
Cyber labor shortages drive talent development and engineering automation.
Today's issue includes events affecting Brazil, Bulgaria, China, Czech Republic, Denmark, European Union, France, Germany, Hungary, Iran, Italy, Japan, Republic of Korea, Democratic Peoples Republic of Korea, Latvia, Netherlands, Nigeria, Portugal, Russia, Singapore, Sweden, Switzerland, United Arab Emirates, United States..
Infographic: What happens after a data breach occurs?(FierceITSecurity) Major data breaches are happening all the time. Just last week, more than two million passwords from Facebook, Gmail, Twitter and other accounts were stolen by hackers who installed keylogging malware on millions of computers
Removing the Android Device Lock from any Mobile App(SANS Penetration Testing) Last week, a new Android vulnerability was disclosed: "CVE-2013-6271: Remove Device Locks from Android Phone". It affects Android Jelly Bean (JB) 4.3 devices, as well as earlier version based on my own testing, such as Android Ice Cream Sandwich (ICS) version 4.0.3. The flaw allows any mobile application (from now on referred to as an "app") to remove the passcode or lock protection of Android mobile devices, no matter the lock mechanism in place: PIN code, password or passphrase, dot pattern or gesture, or face unlock. That's pretty huge
Popular holiday–themed phishing attacks(Help Net Security) The holidays are a busy time for everyone…especially for hackers trying to phish your employees. Phishing is most effective when it exploits human emotions—fear, greed, anxiousness, curiosity, compassion, getting a good deal—and the holidays tend to bring these emotions out more than other times of the year. This gives adversaries a bevy of relevant topics to use to build phishing campaigns
Creepware — Who's Watching You?(Symantec Official Blog) Some people stick a piece of tape over the webcam on their laptop, maybe you even do it yourself. Are they over cautious, paranoid, a little strange? Are you? Or is there reason behind this madness
'Imposter' Bots On The Rise(Dark Reading) A whopping 61.5 percent of all website traffic is attributed to bots of all types, new report finds
L.A. Gay & Lesbian Center Information Systems Compromised by Cyberthieves(Gay Today) The L.A. Gay & Lesbian Center was recently the victim of a sophisticated cyber attack that, according to data security and technology experts, was designed to collect credit card, Social Security numbers and other financial information, although there is no evidence that anyone's information was actually accessed or acquired
Hackers broke into poker pro's hotel room to install 'sharking' malware(the Verge via The Journal of Law and Cyber Warfare) This September, on the Barcelona leg of the European Poker Tour, Jens Kyllönen had a strange run-in with the criminal underworld. He'd busted out of that day's tournament early, but when he returned to his hotel room, his laptop was missing. He went downstairs to find his roommate, but when they came back to the room together, the laptop had mysteriously reappeared. And to make things even more suspicious, Kyllönen's computerized room key was malfunctioning, triggered by some problem with the electronic door lock
NSA uses Google cookies to pinpoint targets for hacking(Washington Post) The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance
Zero–Day Fixes From Adobe, Microsoft(Krebs on Security) Adobe and Microsoft today each separately released security updates to remedy zero-day bugs and other critical vulnerabilities in their software. Adobe issued fixes for its Flash and Shockwave players, while Microsoft pushed out 11 updates addressing at least two dozen flaws in Windows and other software
Box Rolls Out New Management Tools, Gives Its 200K Business Users More Control Over Their Files(TechCrunch) This morning Box announced a number of feature improvements to its file-storage platform, as well as corporate moves that the company says will help its customers better manage their employees use of the product. As a company, Box wants enterprises of scale to adopt its technologies. Those contracts are lucrative but come with an implicit feature list: companies that large are accustomed to
Smarter, shadier and stealthier cyber crime forces industry to dramatic change(CSO) Sophos today released its latest Security Threat Report. The report outlines the significant changes in cyber criminal behaviour over the course of last year and a forecast for their preferred methods of attack in 2014. This year cyber criminals continued the theme of professionalisation of their 'industry', offering easy to buy and use services that amplified the scale of cyber crime to never before seen levels
Visualizing the year's top cyber attacks(Help Net Security) OpenDNS announced findings by its research organization into the most significant cyber attacks of 2013. Red October, Kelihos, Syrian Electronic Army DNS Hijack, Syria Internet shutdown and Cryptolocker topped the list of malicious Internet events over the past twelve months
What threats will dominate 2014?(Help Net Security) Trend Micro released its annual security predictions report. The outlook cites that one major data breach will occur every month next year, and advanced mobile banking and targeted attacks will accelerate
The worst IT project disasters of 2013(IT World) The Healthcare.gov rollout leads a pack of painful projects. Trends come and go in the technology industry but some things, such as IT system failures, bloom eternal
Swiss Set Sights on Becoming World's Data Vault(AFP via SecurityWeek) It looks like the ideal location for a James Bond thriller: a massive underground bunker in a secret location in the Swiss Alps used for keeping data safe from prying eyes
Cisco Buys Data Center App Maker Insieme Networks(GovConWire) Cisco (NASDAQ: CSCO) has purchased San Jose, Calif.-based data center application developer Insieme Networks for an undisclosed amount. The company introduced an application-centric infrastructure services portfolio in November for partners to deploy data center networking services that work with customer applications
Pat Burke, George Batsakis, Paul Nedzbala Take New Roles as SRA Realigns(GovConWire) SRA International has reorganized its business structure from having four operating groups to two and created a new position of chief technology officer. Pat Burke, a two-decade company veteran, has been appointed CTO after previously serving as senior vice president of the company's intelligence, homeland security and law enforcement group, SRA said Wednesday
CrowdStrike Adds VP, Products to Leadership Team(Broadway World) CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today that Dave Cole has joined the leadership team as Vice President of Products. Cole brings more than 15 years of product management experience and expertise to CrowdStrike
Products, Services, and Solutions
Venafi Launches Certificate–based Mobile Device "Kill Switch"(SecurityWeek) Venafi, a Salt Lake City, Utah-based provider of enterprise key and certificate management solutions, has launched a new product that the company describes as a mobile device "kill switch" which gives IT security teams the ability to instantly cut off mobile access to applications and networks when suspicious activity is detected
The iCloud keychain and iOS 7 data protection(Help Net Security) When Apple announced iOS 7, iCloud Keychain was one of its key features. It is no doubt great for usability, but what about security? What kind of access does Apple have to the passwords stored in the iCloud
EndGuard Protects BYOD Data(Dark Reading) EndGuard integrates cloud backup and native endpoint data loss prevention capabilities in a centrally managed application
Technologies, Techniques, and Standards
Is FTP malware threatening network port security?(SearchSecurity) According to research by Palo Alto Networks, malware is increasingly targeting "old" ports like FTP because nobody is watching them. What's the best way for organizations to monitor such non-standard ports
Multi–stage attack detection best practices for enterprises(SearchSecurity) The "g01pack" toolkit apparently downloads in multiple stages to victim machines in order to avoid antivirus detection. Is there no way to detect such multi-stage attacks in the early stages of their propagation? If not, what's the most effective method for sniffing out such attacks as they download their malicious components
OIG: Limit EHR copy–paste to reduce fraud risk(FierceHealthIT) Hospitals are employing safeguards to prevent electronic health record fraud and abuse to varying degrees, but must do more, according to a new report from the U.S. Department of Health & Human Services Office of Inspector General
How Twitter tracks the websites you visit, and how to stop it(Naked Security) Last Thursday Twitter introduced promoted tweets (ads) targeted according to the websites you've visited. It seemed like a good time to explain how Twitter is doing it, how they've used a different technique to track the websites you visit for some time now, and how to turn it all off if you want
EU Cyber Group Guide to Mitigate Attacks(Industrial Safety and Security Source) ENISA, the European Union's (EU) cyber security agency, has a new manual on how to mitigate attacks on Industrial Control Systems (ICS)
Cyber Security Framework Lacks Mitigating Controls and Cloud Security(Tripwire) The protection of the nation's critical infrastructure naturally brings to mind most if not all of the sixteen sectors identified in the National Institute of Standards and Technology's (NIST) Preliminary Cyber Security Framework (CSF) – industries like energy, finance, healthcare, and transportation
Design and Innovation
Startups need to leverage their local universities(Examiner) An underutilized, but valuable resource, every startup should investigate is a formal or informal connection to your alma mater, including any local university. These resources are definitely not limited to students, since every university seeks out and needs the real world exposure and experience of entrepreneurs who already are active in the real world marketplace
NYU–Poly Training Booz Allen Hamilton Employees on Cyber Security(Campus Technology) Booz Allen Hamilton is sending its employees to Polytechnic Institute of New York University to earn master's degrees and certificates in high tech fields. The company has joined the "enterprise learning arm" of NYU-Poly to provide access to online courses in bioinformatics; cyber security; organizational behavior; and computer, electrical, industrial, and manufacturing engineering
Legislation, Policy, and Regulation
Espionage à la Française(Wall Street Journal) U.S. digital surveillance is nothing compared to what the French have in store
US phone carriers and wireless surveillance of Americans(Help Net Security) As part of his ongoing investigation into wireless surveillance of Americans by law enforcement, US Senator Edward J. Markey released responses from eight major wireless carriers that reveals expanded use of wireless surveillance of Americans, including more than one million requests for the personal mobile phone data of Americans in 2012 by law enforcement
US tech firms' open letter a first step only(FierceITSecurity) Under economic pressure from revelations that they knowingly or unknowingly handed over data to government spy agencies, a group of high-tech firms has published an open letter addressed to the White House and Congress calling for reforms in the NSA surveillance program, including banning bulk collection of phone data and publishing stats on government surveillance requests
NATO to Set Up Cyber Attack Response Teams(DefenseWorld) NATO will soon set-up two rapid reaction teams that can help protect its networks in the event of a cyber attack. The two cyber-defence teams are expected to be up and running in weeks in response to significant cases of cyber-attacks recorded every year
At DHS, the future is mobile(Federal Times) The Department of Homeland Security is finalizing a comprehensive plan that places mobility at the forefront of agency operations
Litigation, Investigation, and Law Enforcement
FDA Breach Raises Lawmakers' Hackles(GovInfoSecurity) Lawmakers have raised concerns that the Food and Drug Administration hasn't been as forthright as it should in disclosing an October breach that exposed personally identifiable information of 12,000 to 14,000 individuals
The NSA's Reach Might Be Even Bigger Than We Thought(Huffington Post) The National Security Agency's court-approved authority to access and analyze phone records three "hops" away from a suspected terrorist's phone number has alarmed civil liberties groups like the ACLU, which estimated that just one starting number could yield 2.5 million people's phone records
Snowden docs had NYTimes exec fearing for his life(CNN) Informing the American people about how their government spies on them can be risky business for journalists. Rajiv Pant, chief technology officer at The New York Times (NYT), thought he could be killed for it
World Congress on Internet Security(London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.