Another reminder to patch wisely and systematically: the IE flaw exposed in the Aurora attacks is still being actively exploited in the wild.
Shortly after the US Government shutdown in October, the Federal Election Commission allegedly sustained an aggressive and successful cyber attack.
Updates appear on FireEye's discovery of MisoSMS, the cybercrime SMS mobile botnet. CERT Poland finds a botnet targeting Windows and Linux devices.
Seculert describes the PHP.net attacks' malware. It employed DGA Changer, which has the ability to change the domain generation algorithm (DGA) on the fly. The fact that DGA Changer infections seem not to have downloaded, well, anything, suggests we may be seeing the preparatory stages of an extensive and sophisticated cyber campaign.
The cyber black market shows signs of oversupply-driven price-suppression.
Hacktivists have been snapping at national oil producers in Angola, Kenya, and Mexico.
Security analysts call hogwash on 60 Minutes' story about Chinese capability to "take down" the US economy. On the other hand, Reuters offers a good rundown of Chinese espionage against the US defense industry.
For discussion: should the cyber industry compete with the criminal market for malware, or would that simply drive a bandit economy? And should bug bounties become mandatory?
In industry news, Blue Coat buys Norman Shark, and Datacard Group will acquire Entrust.
US tech executives are meeting with President Obama to seek restraint on NSA surveillance. It's increasingly clear that litigation will decisively shape surveillance policy.
Today's issue includes events affecting Angola, Brazil, Canada, China, Kenya, Republic of Korea, Mexico, Netherlands, Poland, Russia, United Kingdom, United States..
Bad VPN Website Issues Malware(Industrial Safety and Security Source) Virtual Private Networks (VPNs) can protect data, and more and more people want to use the service to ensure a safe operating environment. But there is a site out there called aquavpn(dot)com, an anonymously registered site that says it offers a VPN service called AquaVPN, said researchers at Malwarebytes
Mobile Botnet a Busy Application(Industrial Safety and Security Source) A mobile botnet is so big it apparently has been in at least 64 spyware campaigns, researchers said. The MisoSMS malware (Android.Spyware.MisoSMS) that powers the botnet is able to steal text messages and send them back via email to command and control (C&C) servers located in China, said researchers at FireEye. Over 450 unique email accounts have seen use by attackers
A Business of Ferrets(Arbor Networks) Trojan.Ferret appeared on my radar thanks to a tweet by @malpush. The tweet revealed a URL that at the time of this writing was pointing to a command and control (C&C) panel that looked like this
DGA Changer Malware Able to Modify Domain-Generation Seed on the Fly(Threatpost) Malware authors have been using domain-generation algorithms for a few years now, often in botnet-related malware that needs to stay one step ahead of takedown attempts and law enforcement agencies. Now, researchers have discovered that a strain of malware that may have been part of the attack in October on PHP.net is employing
Recent Cyber Operations Against Oil: Distinct Attacks Against Distinct Targets(Analysis Intelligence) The past two weeks have witnessed a series of cyber attacks against several national oil outlets. The oil industry in Angola, Kenya, and Mexico have all been targeted by website defacements in these past few weeks. The names of OpAngola, OpGreenRights, and OpPemex were attached to each, respectively. A timeline view using Recorded Future's analysis tool provides a keen visualization of these attacks in relation to one another
Did NSA Invent Fake Malware Threat On '60 Minutes?(International Business Times) The director of the National Security Agency, General Keith Alexander, and the Information Assurance Director, Debora Plunkett, went to CBS on Sunday night to defend the NSA's surveillance programs on "60 Minutes." Several people have questioned the credibility of the interview, especially when the officials claimed the NSA thwarted a massive malware strike from China
Lawfare Under Cyber Attack: Stick With Us, Please(Lawfare) Well, that will teach us to post podcast interviews with NSA officials! We have been experiencing intermittent outages this morning. They appear to be the result of cyberattacks coming from IP addresses based in the Netherlands
Apple updates Mavericks to 10.9.1, issues security fixes for Safari(Naked Security) Apple just announced the first point update for its recently released OS X Mavericks. Most of the fixes and enhancements are of the not-really-to-do-with-security sort, but the update includes a new version of Safari, with remote code execution patches
How effective are Android AV solutions?(Help Net Security) As the onslaught of Android malware continues, the recently released testing results by independent IT-security institute AV-Test show that most providers of Android antivirus software have
Executive Viewpoint 2014 Prediction: DB Networks(Virtual-Strategy Magazine) More and more organizations are coming to the realization that cyber criminals are able to bypass their signature-based perimeter defenses with impunity. Cyber criminals use automated tools to make short work of the task. As organizations continue to witness these escalating threats against their perimeter network defenses, there will be increased emphasis on securing critical IT assets — especially databases — within the core, in 2014
We're watching (maybe): The surveillance society(Thompson Citizen) By now many, if not most of us, have some idea the name Edward Snowden, unknown to all but friends, family and colleagues until last May, is connected somehow to whistleblowing and the surveillance society
Here's the one thing someone needs to invent before the internet of things can take off(Quartz) As Quartz has already reported, the Internet of Things is already here, and in the not too distant future it will replace the web. Many enabling technologies have arrived which will make the internet of things ubiquitous, and thanks to smartphones, the public is finally ready to accept that it will become impossible to escape from the internet's all-seeing eye
The Case for a Compulsory Bug Bounty(Krebs on Security) Security experts have long opined that one way to make software more secure is to hold software makers liable for vulnerabilities in their products. This idea is often dismissed as unrealistic and one that would stifle innovation in an industry that has been a major driver of commercial growth and productivity over the years. But a new study released this week presents perhaps the clearest economic case yet for compelling companies to pay for information about security vulnerabilities in their products
Datacard Group to acquire Entrust(Help Net Security) Datacard Group has entered into an agreement to acquire Entrust. The acquisition is expected to close on December 31, 2013, subject to regulatory approval and customary closing conditions
SANS Honors People Who Made a Difference in Cybersecurity in 2013(Digital Journal) SANS Institute is pleased to announce the People Who Made a Difference in Cybersecurity 2013 Award winners. Award recipients were announced December 16th at the SANS Cyber Defense Initiative (CDI) training event in Washington, D.C. The award recognizes security practitioners that are making breakthroughs in advancing cyber security
SolarWinds enhances security tools(Help Net Security) SolarWinds announced enhancements to several of its security management solutions, including SolarWinds Log & Event Manager, SolarWinds Firewall Security Manager and SolarWinds Patch Manager
Authentication using visual codes: what can go wrong(Help Net Security) Several password replacement schemes have been suggested that use a visual code to log in. However the visual code can often be relayed, which opens up a major vulnerability. Can anything be done
Sins of the coder(CSO) Frequently I will bring up the subject of passwords and the need for better user education. But, this responsibility to practice proper password hygiene does not rest solely with the end user
Tor use — best practices…(Digital Era) To date the NSA's and FBI's primary attacks on Tor users have been MITM attacks (NSA) and hidden service web server compromises (FBI) which either sent tracking data to the Tor user's computer, compromised it, or both. Thus you need a reasonably secure system from which you can use Tor and reduce your risk of being tracked or compromised
Special report: Breach-detection systems(Security Digest) In this multimedia special report, Information Security magazine contributor John Pirc explains why breach detection systems are an essential security tool in a malware-infested world
IBM prevents services from running compromised code(Help Net Security) IBM inventors have patented a technique that can enable businesses to improve cloud security and support secure transactions by preventing mobile devices from accessing software code that has been
iWebGate Granted US Patent for Virtual Invisible Network (VIN)(IT Business Net) Australia-based iWebGate Technology Limited has been granted a patent by the United States Patent and Trademark Office (USPTO) for the first viable alternative to Virtual Private Network (VPN) solutions. This patented technology, the Virtual Invisible Network (VIN), establishes a meshed virtual network topology, without exposing end-points to unauthorized users. This technology breakthrough provides numerous functional and award winning security benefits over traditional VPN, and enables rapid creation of multi-tenant virtualized networks that are hidden over private and public infrastructures
Obama Faces Tech Executives Pressing for NSA Limits(Bloomberg) President Barack Obama is meeting with a group of executives including Apple Inc. (AAPL)'s Tim Cook and Yahoo! Inc. (YHOO)'s Marissa Mayer whose companies are pushing the U.S. to curb broad government spying on communications
The Flawed Logic of Secret Mass Surveillance(ACLU) Privacy is a form of power. Humans are always highly aware who is observing them at any given time and place, and always tailor their behavior to that audience. And they generally work to make sure that their behavior does not reveal things that might put them at a disadvantage. To really gain new insight or leverage over another person, you have to watch them when they don't know they're being watched so that their guard is down
The NSA: An Inside View(Loren's Blog) In which I relate my experience as an NSA employee and impart my thoughts on the policies in place, my former coworkers, and the current cyber war
Tone–Deaf at the Listening Post: My day at the National Security Agency headquarters at Fort Meade(Foreign Policy) For an organization that is so efficient at amassing data intended to be kept secret, the National Security Agency seemed surprisingly clumsy in accepting data that was volunteered to them. I'd emailed the bits and pieces of my personal data necessary to be cleared for access to the agency's headquarters in Fort Meade a week before the scheduled visit, with zero response. As it turns out, an NSA server has crashed, they told me, creating havoc with some email accounts. This sort of hiccup humanizes the agency, though it also raises questions about their vulnerability
NSA's indiscriminate spying 'collapsing,' Snowden says in open letter(The Washington Post) National Security Agency leaker Edward Snowden wrote in a lengthy "open letter to the people of Brazil" that he has been inspired by the global debate ignited by his release of thousands of documents and that the NSA's culture of indiscriminate global espionage "is collapsing."
NSA ruling fallout hits White House(Politico) In legal terms, a federal judge's decision Monday questioning the constitutionality of the National Security Agency's massive call-tracking program seems almost certain to have no practical significance
Larry Klayman crows on NSA win: 'We hit the mother lode'(Politico) Larry Klayman's long journey in the legal wilderness appears to be over. Klayman, the conservative legal activist well-known in Washington political circles a decade ago for his no-holds-barred court battles against the Clinton administration, was thrust back into the spotlight Monday after he obtained the first major ruling from a federal judge that the National Security Agency's surveillance program was constitutionally flawed
Fighting the NSA With Footnotes(Bloomberg) I think there is a fair chance that the U.S. Court of Appeals will overturn yesterday's order by U.S. District Judge Richard J. Leon that the National Security Agency halt its telephone metadata collection program and destroy its existing records. Leon's preliminary injunction, handed down in an angry opinion in the case, Klayman v. Obama, orders President Barack Obama's administration to end the program within six months unless a higher court should reverse him
Dianne Feinstein: Courts should decide on NSA(Politico) Senate Intelligence Committee Chairwoman Dianne Feinstein on Tuesday said that if the Supreme Court found the National Security Agency's meta-data collection program unconstitutional, she would respect its decision
Drugmakers urge FDA security audit after cyber breach(Reuters via Yahoo! News) The U.S. Food and Drug Administration is under pressure from the pharmaceutical industry and lawmakers to undergo an independent security audit, after hackers broke into a computer system used by healthcare companies to submit information to the agency
On catching the Harvard bomb threat suspect using Tor(Wireless Fantasy) The announcement of a criminal complaint by the U.S. attorney's office in Massachusetts against one Harvard University student named Eldo Kim has the public musing on why one would deem this an appropriate method of delaying final exams, but for anonymity/privacy advocates as well as practitioners of OPSEC (operational security), what's more interesting is the way he was caught
College grad gets prison time for MCAT hack(SC Magazine) A Rockville, Va. man will serve prison time for attempting to hack into the computer systems of the Association of Medical Colleges to alter his Medical College Admission Test (MCAT) scores
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
FloCon2014(Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...
NASA Langley Cyber Expo(Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...
Cybertech — Cyber Security Conference and Exhibition(Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.