Sahara and Sahel territorial disputes prompt a bit of Moroccan Ghost cyber-rioting against Nigeria.
Yesterday's NSA-themed episode of CBS "60 Minutes" retailed allegations of an unnamed nation's attempt at wholesale bricking of PCs.
As Bitcoin's (and Litecoin's) bubble inflates, cybercriminals step up both theft and special-purpose malware development. A "practical joke" of typical motiveless malice circulating on 4Chan tells the unwary they can activate a secret Mac Bitcoin miner with a simple Unix command. Don't: the command deletes the gullible and greedy's files.
While CryptoLocker and its competitors continue to circulate, signs of a coming ransomware kit appear on the cyber black market. Elsewhere in that black market one can subscribe to a service that rents access to machines compromised by RDPs ("really dumb passwords").
Google reports Gmail now scans inline images for malware. (Gmail's recent change in policy for displaying images hasn't been so welcome: Naked Security tells how to circumvent display-by-default.)
Financial exchanges continue progress toward collaborative cyber defense. Raytheon and Prolexic announce new cyber facilities (and jobs) in Texas and Florida, respectively. Security consigliere Bruce Schneier leaves British Telecom.
In a story that will surprise no one familiar with intelligence history, the New York Times reports on the expanding and unrestricted ambit of French government cyber operations.
UK policy will require corporate focus on supply chain cyber security.
The US intelligence policy review panel report was delivered. It's not yet released, but one recommendation has apparently been rejected: NSA and Cyber Command will retain a common leader.
Today's issue includes events affecting China, France, India, Iran, Ireland, Republic of Korea, Morocco, Nigeria, Russia, United Kingdom, United States..
Bitcoin Price Hike Spurs Malware, Wallet Theft(TrendLabs Security Intelligence Blog) The past few weeks have been rather exciting for Bitcoin owners and speculators, with prices peaking at over $1200 per BTC. Some commentators — including former Fed Chairman Alan Greenspan — have called Bitcoin prices a "bubble", with a former Dutch central banker comparing it to the tulip mania of the 17th century. Other cryptocurrencies, like Litecoin, have seen similar gains as well
Safari on Mac OS exposes web login credentials(ZDNet) Kaspersky research shows that Safari, in saving a session for reopening later, stores session information in plain text. This includes usernames and passwords. This problem was fixed in Safari 6.1 and only affects earlier versions
The case of Minerd(Internet Storm Center) I recently ran across an interesting compromised system. While the initial vulnerability compromised was nothing special, compromised credentials, what the system was being used for and one of his persistence technique was a lot less common than I normally see. The system had 3 different backdoors and was used for mining virtual currency
WhatsApp Malware Spam uses Geolocation to Mass Customize Filename(Internet Storm Center) Malicious e-mails usually fall into two groups: Mass-mailed generic e-mails, and highly customized spear phishing attempts. In between these two groups fall e-mails that obviously do more to "mass customize" the e-mail based on information retrieved from other sources. E-mails that appear to come from your Facebook friends, or malware that harvests other social networks like Linkedin to craft a more personalized message
Fake VPN Site Serves Up Keylogger(Malwarebytes Unpacked) VPN services have probably never been in more demand with the continued fallout of the Snowden / NSA revelations. They're certainly handy things to have access to in terms of attemping to keep prying eyes out of your day to day business, and everybody should at least consider the ins and outs of jumping on board. That doesn't mean you should let your guard down, however – sometimes trying to make yourself more secure can end up going horribly wrong, as we're about to see
Hacked Via RDP: Really Dumb Passwords(Krebs on Security) Businesses spend billions of dollars annually on software and hardware to block external cyberattacks, but a shocking number of these same organizations shoot themselves in the foot by poking gaping holes in their digital defenses and then advertising those vulnerabilities to attackers. Today's post examines an underground service that rents access to hacked PCs at organizations that make this all-too-common mistake
Cybercriminals Using Targeted Attack Methodologies (Part 1)(TrendLabs Security Intelligence Blog) One of our 2014 security predictions is that cyber criminals will more frequently leverage targeted attack methodologies. Some of these tactics include using spear phishing attacks, as well as well-known vulnerabilities that have been used successfully in targeted attacks
Special Report: The Department of Energy's July 2013 Cyber Security Breach(Department of Energy Office of Inspector General) …In spite of a number of early warning signs that certain personnel-related information systems were at risk, the Department had not taken action necessary to protect the PII of a large number of its past and present employees, their dependents and many contractors. We concluded that the July 2013 incident resulted in the exfiltration of a variety of PII on over 104,000 individuals
Gmail starts scanning images in emails for malware(Graham Cluley) Google says that Gmail is now scanning inline images to protect users against malware. And it should mean you no longer have to worry about stalkers and internet marketers finding out where you live
Mobile Security 2014: Predictions(Webroot Threat Blog) The most recent and interesting threats we see are more or less "evolved" forms of previous threats, including those originating from the PC side. People have been "spoofing" parts of apps, such as code, appearance, or digital certificates, since Android malware first started appearing. The MasterKey exploit was a whole new way to modify the app without even having to spoof anything
Internet's sad legacy: No more secrets(NDTV) In technology, that is one of the big lessons of 2013. The National Security Agency and who knows who else have been tracking this or hacking that. China has been breaking into our computers. Google has been sifting through our home networks. Facebook has been tinkering with its privacy settings
Electronic Ghosts(Democracy Journal) A technological approach to cybercrime will only lead to a tech arms race. We need a new plan that starts with figuring out who cybercriminals are
Data security firm to create jobs in Fort Lauderdale(Sun Sentinel) Hollywood-based data security firm Prolexic Technologies announced plans late Friday to create 118 jobs and retain 120 jobs in a new 35,000 square-foot space it is leasing in downtown Fort Lauderdale
Dell Launches $300M IT Innovation Fund for Startups(GovConWire) Dell Ventures has invested $300 million to set up a startup fund for entrepreneurs seeking to innovate in new areas of information technology. The Strategic Innovation Venture Fund will be made available to companies involved in big data, cloud computing, storage, next-generation data center, security, mobility and other emerging technologies
Leidos Inks $300M Share Repurchase Deal(GovConWire) Leidos Holdings (NYSE: LDOS) and an unnamed financial institution have reached an agreement for the company to purchase $300 million in outstanding common shares through March 2014
Craig Searle Appointed APAC Cyber Lead for BAE Detica(Sys-Con) Craig Searle, a 10-year information security industry veteran, has been appointed cybersecurity lead for the Asia-Pacific region at BAE Systems Detica as the business aims to grow its presence in Asia and Australia
Richard Spires Joins Resilient Network Systems as CEO(GovConWire) Richard Spires, formerly chief information officer at the Department of Homeland Security for nearly three-and-a-half years, has joined San Francisco-based Internet security company Resilient Network Systems as CEO
Doug Wagoner Promoted to SAIC Sector President(GovConWire) Doug Wagoner, who led the project management office at Science Applications International Corp. (NYSE: SAI) responsible for helping carry out the separation into SAIC and Leidos (NYSE: LDOS), has been promoted to sector president at SAIC
Products, Services, and Solutions
Shahpad protects all organizations against cyber attacks(Press TV) In today's world, all the countries have realized the importance of cyber attacks and cyber defense. Wars today are fought with keyboards to the sound of bits. In many instances, cyber wars can leave devastating damages times bigger than a military invasion
Instagram rolls out private messaging(FierceCMO) Facebook's popular photo-sharing app Instagram has added a private-message feature for both iOS and Android that lets users send photo and video messages directly to other users
Technologies, Techniques, and Standards
Fighting Fraud With ID Management(BankInfoSecurity) Most fraud on the Internet is linked to unsecured identities, which is why a new global identification framework is needed, says Paul Simmonds, who heads a coalition working on a framework model
Easy–to–remember, difficult–to–crack passwords via visual cues(Help Net Security) A group of researchers from Carnegie Mellon University's School of Computer Science believe they might have solved the problem of choosing and, above all, remembering complex and diverse passwords that are simultaneously difficult to crack by attackers
The quest to make encryption accessible to the masses(Wired) It's been two years since Nadim Kobeissi unleashed his user-friendly, feline-themed chat software, Cryptocat. At the time, Kobeissi felt that there wasn't exactly a great deal of enthusiasm for his program. "Two years ago not a lot of people cared," he comments. But times have changed. "Now a lot of people care"
Research and Development
DARPA Cracks Radio Incompatibility Problem Once and for All(Wired) After more than 10 years of war in Iraq and Afghanistan, the Pentagon's research group has announced a new system that could help U.S. troops and multinational forces communicate — a problem that frequently plagued the countries' cooperation in the field
Thinking in Silicon(MIT Technology Review) Picture a person reading these words on a laptop in a coffee shop. The machine made of metal, plastic, and silicon consumes about 50 watts of poweras it translates bits of information—a long string of 1s and 0s—into a pattern of dots on a screen. Meanwhile, inside that person's skull, a gooey clump of proteins, salt, and water uses a fraction of that power not only to recognize those patterns as letters, words, and sentences but to recognize the song playing on the radio
College CIOs Wrestling with Cyber Security Threats(US News) For chief information officers (CIOs) at most colleges and universities, vulnerabilities in their network infrastructure that are susceptible to external threats are often the highest priority. However, according to Inside Higher Ed, the problem of internal network security is becoming more prevalent
France Broadens Its Surveillance Power(The New York Times) For all their indignation last summer, when the scope of the United States' mass data collection began to be made public, the French are hardly innocents in the realm of electronic surveillance. Within days of the reports about the National Security Agency's activities, it was revealed that French intelligence services operated a similar system, with similarly minimal oversight
Obama weighs spying recommendations(CNN) President Barack Obama must decide in the coming weeks how to rein in the vast spying powers of the federal government without putting Americans' safety at risk, a task he's said would result in new "self-restraint" at the National Security Agency
Cyber Command Job to Stay with NSA Director(Threatpost) Since its inception in 2009, the U.S. Cyber Command has been run by the director of the National Security Agency. The two organizations are intertwined and even share the same space in Maryland. The continuous leaks of NSA documents this year has led some politicians and critics to argue that the two should be separated, but it appears that the Obama administration has rejected this idea
This Rumored Recommendation for NSA Reform Is a Horrible Idea(Slate) The rumored recommendations made by a presidential task force on the National Security Agency's surveillance efforts include some sensible suggestions—like more direct oversight by the White House of certain sensitive programs. But according to the early reports, the recommendations may also include one deeply misguided and troubling idea to divide the agency and thereby handicap its ability to perform both its defensive and offensive roles
In 2014, NSA to Face Winds of Change(Voice of America) The U.S. National Security Agency has made dozens of changes in its operations and computer networks to prevent the emergence of another Edward Snowden, including potential disciplinary action, a top NSA official said on Friday, as a White House review panel recommended restraints on NSA spying
Don't be fooled by the 60 Minutes report on the NSA(The Verge) Tonight's episode of 60 Minutes featured what CBS promised was an unusual inside look at the secretive National Security Agency, but instead offered a routine look at the agency's propaganda with no critical voices
What's wrong with '60 Minutes'?(Politico) CBS's "60 Minutes" has had a terrible year: Lara Logan's now-retracted Benghazi report was the sort of blackmark that will take the news-magazine years to live down. Charlie Rose's interview with Amazon founder Jeff Bezos, about his drone delivery plans, was panned as fawning and promotional
NSA installs new system controls in wake of Snowden leaks(IT News) The US National Security Agency has made dozens of changes in its operations and computer networks to prevent the emergence of another Edward Snowden, including potential disciplinary action, a top NSA official said on Friday, as a White House review panel recommended restraints on NSA spying
Top Management and Performance Challenges Facing the Department of Justice — 2013(US Department of Justice, Office of the Inspector General) Attached to this memorandum is the Office of the Inspector General's (OIG) 2013 list of top management and performance challenges facing the Department of Justice (Department), which we have identified based on our oversight work, research, and judgment. We have prepared similar lists since 1998. By statute this list is required to be included in the Department's Agency Financial Report
FTC Wants to Be Enforcer of Data Security(CIO) Despite growing push back from some companies and powerful industry groups, the Federal Trade Commission continues to insist that it wants to be the nation's enforcer of data security standards
Deborah Lee James Confirmed as Air Force Secretary(GovConWire) The Senate voted Friday to confirm Deborah Lee James, president of Science Applications International Corp.'s (NYSE: SAI) technical and engineering sector, as the next secretary of the U.S. Air Force
Litigation, Investigation, and Law Enforcement
The Government Really Isn't Sure What Snowden Took(TechCrunch) Out this morning in the New York Times is a stark tale: The United States' intelligence apparatus has little idea what Edward Snowden took, despite spending half a trying to find out. As the full scope of what Snowden absconded with likely can't be known, the government is forced to operate on its toes, unsure of what might be coming next. And that could be anything. From the phone
IBM Sued by Its Own Shareholder for Cooperating with the NSA(HackRead) It seems as if those business which bowed down in front of NSA are now facing a backlash. That's what we can see from several tech giants and business institutions who cooperated with the American National Security Agency (NSA) for its spying and surveillance project PRISM
Military set to unveil outcome of probe into cyber command(Yonhap) The defense ministry is expected to announce the interim results this week of its investigation into the cyber warfare command's alleged smear campaign against the opposition candidate during last year's presidential poll, a source said Sunday
The real story on the PrivateSky takedown.(CertiVox) With the story about our PrivateSky takedown now public, I want to take the opportunity to clarify a few points in various articles that have appeared since yesterday covering the story
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
FloCon2014(Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...
NASA Langley Cyber Expo(Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...
Cybertech — Cyber Security Conference and Exhibition(Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.