Unnamed researchers allege evidence that BT installed firmware backdoors connecting its modems to GCHQ and possibly NSA surveillance operations.
A German researcher reports a remote code execution vulnerability in eBay. Security researchers track ransomware to its (largely Russian) sources. Rogue AV signed with stolen certificates surges in the wild.
The "Advanced Power" botnet targets Firefox users, using them in an automated scan for sites vulnerable to data theft. (Note: automated cyber crime calls for automated reverse engineering in response.)
Criminals are reverse-engineering popular Android and iOS apps, the better to infect the unwary.
Versions of the "Chewbacca" Trojan have added Tor to their dropper.
An Android botnet (apparently the work of Chinese criminal gangs) is stealing SMS messages in Korea. The goal is theft, not espionage.
Small and mid-sized US defense contractors are expected to be most affected by emerging NIST cyber security standards. Lockheed Martin's CEO sees surveillance controversy having little effect on demand for cyber services and solutions.
In the US, contents of the Presidential panel on intelligence and privacy slowly leak out, and skeptics remain skeptical (we await release of the report). The Defense Department appoints a high-level cyber lead. NRO takes point on Intelligence Community networking.
A US Federal court finds NSA bulk collection in violation of the Fourth Amendment but, given the novelty of the problem, gives the Government the opportunity to appeal. Opinions vary on the effect of the ruling, but it seems clear the future of surveillance will be significantly decided in court.
Today's issue includes events affecting Australia, Brazil, China, Germany, India, Republic of Korea, Nigeria, Russia, Turkey, United Kingdom, United States..
NSA can easily decrypt private cell calls(Help Net Security) A document from the seemingly inexhaustible trove delivered by former NSA contractor Edward Snowden shows that the NSA can easily break the old and weak algorithm still used to encrypt billions of calls and text messages all over the world
Imitation Ransomware Discovered(Industrial Safety and Security Source) A copycat is targeting users in the U.S., Europe and Russia, but it looks as though this imitation of the Cryptolocker ransomware is less effective, researchers said
Resurgence of malware signed with stolen certificates(Help Net Security) Since 2009, variants of the Winwebsec rogue AV family have been trying to trick users into believing their computer has been infected and into paying for "registering" the software to get rid of the (non-existent) threat
Control Panel Files Used As Malicious Attachments(TrendLabs Security Intelligence Blog) Attackers are always looking for new ways to attain their goals. Spammed email with malicious file attachments are a frequently used tool. These attachments are usually compressed and contain malicious payload, like the notorious UPATRE malware family. Other common attachments include document files that drop malware
ChewBacca — a new episode of Tor–based Malware(SecureList) We have discovered a new Tor-based malware, named "ChewBacca" and detected as "Trojan.Win32.Fsysna.fej". Adding Tor to malware is not unique to this sample, but it's still a rare feature
The Maudi Surveillance Operation(Norman Shark) In this second installment in our series about the Chinese Malware Complexes we examine a group of low-key malwares that have been used for quite a bit of time. Almost all of them are in essence incarnations of the well known remote access trojan PoisonIvy, though they have a loader structure and some other characteristics that set them apart
Newly launched 'HTTP-based botnet setup as a service' empowers novice cybercriminals with bulletproof hosting capabilities — part three(Webroot Threat Blog) In a series of blog posts throughout 2013, we emphasized on the lowering of the entry barriers into the world of cybercrime, largely made possible by the rise of managed services, the re-emergence of the DIY (do-it-yourself) trend, and the development of niche market segments, like the practice of setting up and offering bulletproof hosting for a novice cybercriminal's botnet generating platform. The proliferation of these easy to use, once only found in the arsenal of tools of the sophisticated cybercriminals, tools, is the direct result of cybercrime ecosystem leaks, cracked/pirated versions, or a community-centered approach applied by their authors
Be careful What You Like! Hackers are Hijacking Your Facebook 'Likes'(Hack Read) The like button is a highly interactive feature of social media giant Facebook. A British public-service television broadcaster has however revealed that hackers are hacking accounts of various people and are liking pages which the hacked user has no interest in. Channel4 reports that at one instance
Patient information in Virginia accessed on unsecured server(SC Magazine) The Fairfax County Health Department in Virginia is sending notification letters to roughly 1,500 individuals after Bailey's Health Center — one of the county's health care clinics — inadvertently left private pharmaceutical records on an unsecured computer server
China's Plot to Brick the US Economy(InfoSecurity Magazine) NSA Information Assurance Director Debora Plunkett made a remarkable accusation on CBS 60 Minutes: the NSA had spotted and foiled a plot to unleash a supervirus capable of bricking computers. "The attack would have been disguised as a request for a software update," she told CBS. "If the user agreed, the virus would've infected the computer…Think about the impact of that across the entire globe. It could literally take down the U.S. economy"
Security Patches, Mitigations, and Software Updates
Twitter ditches watered–down block feature after outcry(Naked Security) User outrage has forced the company to do an about-face on a blocking policy change that allowed blocked users to continue to follow their targets, interact with their Tweets, receive their updates in their timeline and let their friends harass the victim
Are the websites you're using tracking what you type?(Naked Security) Facebook, Twitter, Gmail or any webpage can track everything you do and could be keylogging your every pointer movement or keystroke. But it's how the internet has been since forever, though many, many people don't know it and are horrified to find out
India 4th most vulnerable to cyber attacks on gamers in 2013(Zee News) India 4th most vulnerable to cyber attacks on gamers in 2013New Delhi: India is among the four countries that faced the highest number of cyber attacks aimed at gamers in 2013, security solutions provider Kaspersky Lab Monday said
Security Big Part of Data Center Modernization Plans(eSecurity Planet) As enterprises look to modernize their data centers, security tops the list of anticipated benefits, finds a new study from Palmer Research and QuinStreet Enterprise. At the same time, it presents some key challenges
70% of people would be willing to have a smart toilet share their personal data(Quartz) Smart toilets: who even knew they were a thing? But perhaps it's time. Aside from water-conservation and heated seats, there's been little innovation in toilets since the debut of the original crapper. As long as we're connecting every other thing we own to the internet, why not a toilet that monitors our health by analyzing our poo
Lockheed sees strong cyber demand despite NSA scandal —CEO(Reuters) Lockheed Martin Corp, the Pentagon's No. 1 supplier and top provider of information technology to the U.S. government, said on Monday there is continued demand for cybersecurity services, despite the National Security Agency spying scandal
CloudFlare Reveals $50M Round From Union Square Ventures(TechCrunch) In what is quite possibly a move to bolster valuation ahead of raising a new round,CloudFlare has revealed that it raised a $50 million Series C in December of 2012, according to CEO and co-founder Matthew Prince. In case you're unfamiliar with CloudFlare, it's a service for website owners that offers protection from online threats, speeds up page load time, and optimizes content across
Trustev Adds $500K From Notion Capital To Capitalise On The Ecommerce Boom(TechCrunch) Ecommerce fraud prevention startup Trustev is on something of a roll. Having recently closed a $3 million seed round from investors including Greycroft Partners, Mangrove Capital Partners, ACT Venture Capital, Telefónica's Wayra and Enterprise Ireland, it's now adding to this with a $500,000 investment from enterprise-specialist VCs Notion Capital. The team behind the latter founded MessageLabs, one of the largest ever exits in the European IT security market
Sprint one step closer to buying T–Mobile(FierceMobileIT) While it didn't exactly sneak up on anyone who's been watching the wireless mobile space, The Wall Street Journal is reporting that Sprint is close to bidding on the purchase of mobile wireless provider T–Mobile in early 2014. In an odd twist, it appears the Department of Justice's antitrust settlement on the merger of American Airlines and US Airways may have given Sprint the final shove it was looking for
Babcock International Group PLC Acquisition of Context Information Security(Wall Street Journal) Babcock International Group PLC (Babcock, the Group), the UK's leading engineering support services company, announces that it has acquired Context Information Security (ContextIS) for GBP28 million plus deferred consideration of GBP4 million payable in 2016. The acquisition will complete immediately. ContextIS, based in London, with offices in Germany and Australia, provides specialist technical consultancy services in the cyber security market
Dell Invests in 'Zero–day' Security Startup Invincea(Wall Street Journal) Dell Inc. is co-leading a $16 million investment in security startup Invincea Inc. It already bundles the company's software on computers and tablets sold to businesses. Invincea makes software that contains "zero-day attacks" — threats that exploit a previously unknown vulnerability in applications — to prevent them from spreading to other computer software, said Jim Lussier, managing director of Dell Ventures
Huawei Cyber Security Evaluation Centre: Review by the National Security Adviser(HM Government) The Intelligence and Security Committee (ISC) reported in June 2013 on Foreign Investment in Critical National Infrastructure. The report questioned in particular the ability of the Huawei Cyber Security Evaluation Centre (HCSEC) to operate with sufficient independence from Huawei headquarters. The report recommended that the staff in HCSEC should be GCHQ employees; or that, as an absolute minimum, oversight arrangements should be strengthened, and the Government should be more directly involved in the selection of HCSEC staff
Products, Services, and Solutions
Allegro Software Announces FIPS Embedded Device Security(Vancouver Sun) Allegro Software Development Corporation, a leading supplier of Internet component software for embedded devices, today announced that it has earned FIPS 140-2 level 2 validation for the Allegro Cryptography Engine, ACE™
Virtualization Drive for DPI & Policy Management(Light Reading) Deep packet inspection (DPI) and policy management vendors are repositioning their solutions to support both dedicated hardware and virtualized architectures, including software-defined networking (SDN) and network functions virtualization (NFV). The drive toward virtualized solutions is evident across the DPI and policy management market, including systems, silicon, and software. The key challenge is delivering the same throughput and feature set on virtualized architectures that is being achieved on dedicated hardware
Configuring for security in a world of 0–days(Help Net Security) Last month, Microsoft published two separate notices of 0-day vulnerabilities that were being used in the wild to attack Microsoft products. The first flaw is in a code library for the TIFF graphic format parser and was fixed in the December patch bulletin. The second is in Internet Explorer and the attack vector is malicious webpages; there was no patch released this month, but Microsoft will work on a patch that we can expect soon
Social Media: Did you leave the door open?(CSO) I was reminiscing about some funny stories from my career this morning. One in particular that came to mind was a request that a sysadmin at one shop asked of me when I left to pursue a new opportunity
By reading this article, you're mining bitcoins(Quartz) If you clicked the button above, then you are currently mining bitcoin, the math-based digital currency that recently topped $1,000 on exchanges. Congratulations. (It won't do anything bad to your computer, we promise.
How To Safely Retire Mobile Devices(Dark Reading) Once employees bring their new iPads, Androids, to work after Christmas, their older mobile devices must be decommissioned to protect company data
Shutting The Door On Shodan(Manufacturing.Net) Shodan, "the scariest search engine on the Internet" according to CNN Money, is a search engine scouring the Internet looking for servers, webcams, printers, routers and all the other devices that are connected to, and make up, the Internet of Things. Searches on Shodan can find a stunning amount of information. Would-be hackers find critical systems to attack, search by city or GPS coordinates, and find detailed information on devices and their vulnerabilities
Research and Development
How human behavior affects malware and defense measures(Help Net Security) Installing computer security software, updating applications regularly and making sure not to open emails from unknown senders are just a few examples of ways to reduce the risk of infection by malicious software. However, even the most security-conscious users are open to attack through unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of poor user choices
NSA Fights Back Against Critics(National Public Radio) The National Security Agency is challenging those who want to overhaul its surveillance operations. A special panel has sent a report to the White House on how NSA programs should be changed. The group was established by the president following revelations about NSA eavesdropping
The 5 Worst Problems with 60 Minutes' Love Note to the NSA(Foreign Policy) You could say that 60 Minutes set itself up to fall short in promising to ask the nation's most opaque intelligence agency the hard questions -- but what followed fell short spectacularly. The interview with NSA's top brass was riddled with so many glaring omissions that at times it seemed an accomplice to an NSA public relations campaign -- a sentiment that roiled the national security Twittersphere on Sunday night
U.S.–Germany Intelligence Partnership Falters Over Spying(The New York Times) Nearly two months after President Obama assured Chancellor Angela Merkel of Germany that the United States would never again target her cellphone, a broader effort to build a new intelligence relationship with Germany is floundering, with each side increasingly reluctant to make major changes in how it deals with the other
Pentagon Reorganizes Intel Office, Adds Cyber Post(Defense One) Marcel Lettre, the Pentagon's newly confirmed deputy intelligence policy official, is making staff changes to address new threats and meet expected budget cuts, including creating a director-level position to oversee cybersecurity and other "special programs"
DHS cyber effort shifts to insider threats(Federal Times) With phase one of the Homeland Security Department's $6 billion cyber contract underway, agencies are starting to buy network scanning tools for their security arsenal
On the Sixth Day of Privacy, the Congress Gave to Me…(National Law Review) If you believe that Congress does best when it does least, then 2013 was an outstanding year — at least as far as privacy and data protection are concerned. Out of the dozen or so privacy or cyber security bills introduced in the 113th Congress, only four passed one house and none made it into law
Senate confirms Johnson to head Homeland Security(Poughkeepsie Journal) The Senate voted Monday to confirm Jeh Johnson to head the Department of Homeland Security, but the department still faces a backlog of vacancies among other senior leadership positions
US lawmakers ask trade czar to stem data threats(Washington Post) Members of Congress want the Obama administration to demand that U.S. allies back away from proposed restrictions on international data transmissions, saying those actions could hurt U.S. companies
Safeguarding our children's personal data(Irish Examiner) The 1995 Data Protection Directive provides a comprehensive system of protection of the right to control the use of our personal data. The Lisbon Treaty further enhanced the status of the right to data protection by making it a treaty obligation
Litigation, Investigation, and Law Enforcement
Federal Judge Rules Against N.S.A. Phone Data Program(New York Times) A Federal District Court judge ruled on Monday that the National Security Agency program that is systematically keeping records of all Americans' phone calls most likely violates the Constitution, and he ordered the government to stop collecting data on two plaintiffs' personal calls and destroy the records of their calling history
Premature Celebration: Today's Anti–Spy Ruling Is Merely Symbolic For Now(TechCrunch) The news industry exploded today with headlines trumpeting a federal judge's declaration that the National Security Agency's phone data collection program was "unconstitutional". The strongly worded anti-NSA opinion was quotation gold, but it won't have much real-world impact for now. "It's one judge's view, and it will certainly be appealed,"
NSA ruling wins cheers on Hill(Politico) A court ruling against the NSA data-mining programs brought vindication for several senators who have long warned against the agency's sweeping surveillance powers
NSA's Creative Interpretations Of Law Subvert Congress And The Rule of Law(Forbes) In the wake of today's tremendously important ruling by the District Court for the District of Columbia that bulk collection of telephone metadata violates the Fourth Amendment, it is more important than ever that Congress end this misuse of section 215 of the USA PATRIOT Act. However, Deputy Attorney General James Cole testified earlier this week before the Senate Judiciary Committee that the NSA might continue its bulk collection of nearly all domestic phone call records, even if the USA FREEDOM ACT passes into law
A Powerful Rebuke of Mass Surveillance(The New York Times) For the first time since the revelation of the National Security Agency's vast dragnet of all Americans' telephone records, a federal court has ruled that such surveillance is "significantly likely" to be unconstitutional
Snowden says ruling vindicates leak of NSA files(USA Today) Edward Snowden said Monday that his decision to expose National Security Agency surveillance programs was vindicated by a federal judge's ruling that the mass collection of phone data is probably unconstitutional
NSA Officials Say Snowden Used Legitimate Access to Steal Data(Threatpost) It's taken more than six months, but top officials at the National Security Agency are finally discussing some of the details of how former agency contractor Edward Snowden got access to all of the documents he stole and what kind of damage they believe the publication of the information they contain could do
20 cyber warfare officials to be indicted over online smear campaign(Yonhap) Military investigators are considering indicting about 20 of the cyber warfare command's officials on charges of engaging in an alleged smear campaign against the opposition candidate during last year's presidential election, sources familiar with the matter said Tuesday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
2014 Spring National SBIR Conference(Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
FloCon2014(Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...
NASA Langley Cyber Expo(Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...
Cybertech — Cyber Security Conference and Exhibition(Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.