Should you be reading this in Montana, be reassured that the zombie alert broadcast over KRTV's Emergency Alert System was a hacker's hoax.
More phishing campaigns go after banking credentials, and two familiar bad actors make a return: the Dorkbot worm is back on Skype and MSN Messenger, and the Kelihos botnet re-emerges in an improved, stealthier form.
Lucky Thirteen attacks described last week in an academic paper could appear in the wild. Adapting techniques used in last year's BEAST campaign would improve Lucky Thirteen's chances against TLS/SSL.
RSA researchers find Java zero-day exploits selling for $100,000 on the Russian black market. Oracle continues to work on fixes, and promises another patch next week.
Bit9 attributes its vulnerability to hacking to a failure to install its own whitelisting product on its own network. Bit9 is surely not the only security firm being probed by advanced attackers, and some voices in the industry call for more attack intelligence sharing.
Today is patch Tuesday—expect Microsoft to issue its monthly fixes later in the day.
Many trend stories, most of them gloomy, appear today. Sino-American relations remain murky: surely such major trading partners can't really be enemies, in the traditional sense, but things may be different in cyberspace. BYOD forces enterprise IT to deal with an unfamiliar consumer-driven device market, and people are unsure of how to handle security in a hybrid cloud.
US Federal budget sequestration is now seventeen days away, and agencies are preparing for deep cuts and extensive furloughs.
Today's issue includes events affecting Burma, China, Russia, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
TV station hacker warns of zombies(Emirates 24/7) Alert claimed bodies were 'attacking the living.' A Montana television station's regular programming was interrupted by news of a zombie apocalypse. The Montana Television Network says hackers broke into the Emergency Alert System of Great Falls affiliate KRTV and its CW station Monday
New Version of Kelihos Botnet Appears(Threatpost) Researchers are tracking a new version of the Kelihos botnet, one that comes complete with better resistance to sinkholing techniques and a feature that enables it to remain dormant on infected machines for long periods to help avoid detection. The botnet also is using an advanced fast-flux capability to hide the domains it uses for command-and-control and malware distribution
Theoretical Lucky Thirteen TLS Attacks Could Turn Practical(Threatpost) For now, the Lucky Thirteen attacks described in a paper last week by researchers at Royal Holloway, University of London, are largely theoretical. But the potential exists to adapt techniques used in the BEAST attacks against TLS/SSL to improve the feasibility of Lucky Thirteen, a researcher said
Java Zero-Day Offered On Russian Dark Market For $100k(Tech Week Europe) Java zero-day software flaws aren't just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said
Federal Breaches Highlight Need for Heightened IT Security(Toolbox.com) Last month, the U.S. Department of Energy had its computer systems hacked. Last Friday, an email was sent to all the employees explaining that their Washington location had been compromised, making off with the personal information of employees and contractors. The DOE, who maintains control of important functions such as nuclear reactor production, energy conservation research and implementation, energy production, and radioactive waste disposal, says that none of the information taken was confidential
Bit9 Defends Response To Hack, Promises More Details(Security Ledger) The security firm Bit9 defended its response to a hack of its own network last week and promised to release more information to the public about what happened just not quite yet. In a blog post dated Saturday, February 9, the companys CTO, Harry Sverdlove, said that the company responded promptly to the attack and contacted customers as soon as it completed its own investigation of the hack, which allowed unknown assailants to sign malicious programs using a Bit9 code signing server. That malware was subsequently released on networks of Bit9 customers
Bit9 hacked after it forgot to install ITS OWN security product(The Register) IT security biz Bit9's private digital certificates were copied by hackers and used to cryptographically sign malware to infect the company's customers. The software-whitelisting firm's certificates were swiped when its core systems were hacked last week. The intruders then signed malicious code and distributed it to the company's corporate clients
Bit9 Breach Boosts Calls For Attack Intel-Sharing Among Targeted Security Vendors(Dark Reading) Whitelisting company's breach the latest warning sign that security vendors are getting hit by advanced attackers, too. Bit9 is the latest victim in a series of high-profile security vendors that have been hit by targeted attacks that compromised their security technology, prompting calls for vendors to unite and share their attack information in order to better detect and protect against these attacks that ultimately affect their customers and the overall security infrastructure as well.
Mystery p*** bug stumps Google(Sydney Morning Herald) Google is trying to figure out the cause of a mysterious search bug that returns pages and pages of almost exclusively p***ographic and adult results when users enter certain equations or search strings. A Google search for "-4^(1/4)" at the time of writing revealed the result on a calculator, below which were several pages of p*** links with titles such as "four guys and a hooker" and others too lewd to repeat here. Other search strings that return mostly adult links include:"1 2" -1"1 2" -2"h 3" -h"1 4" -4"apple 1" -appleThe first person to notice the bug appears to be a poster on Quora who wondered what was causing this "equation p***" when users search for contradictory queries
Facebook Login Bug: Lessons Learned(InformationWeek) Service interruption at dozens of prominent websites including CNN and Hulu reminds us that third-party code integration carries risks
Hybrid clouds pose new security challenges(InfoWorld) If 2013 is the year enterprises begin implementing their hybrid cloud strategies, as the experts are predicting, then it follows that this will also be the year when hybrid cloud security takes center stage. According to analysts, industry watchers and security practitioners the bad news is that there is no silver bullet on how to fully accomplish security in a hybrid cloud. That's because there are so many facets to hybrid cloud security; there's the issue of how to secure on-premise data center resources, how to secure applications that burst to the public cloud, how to secure data stored with multiple cloud service providers, how to protect the virtualized underpinnings of your public and private clouds, and finally how to secure mobile devices that connect to your cloud infrastructure
Security Patches, Mitigations, and Software Updates
Microsoft Security Bulletin Advance Notification(Microsoft Security TechCenter) As part of the monthly security bulletin release cycle, Microsoft provides the Microsoft Security Bulletin Advance Notification Service. This advance notification is intended to help our customers plan for effective deployment of security updates, and includes information about the number of new security updates being released, the software affected, severity levels of vulnerabilities, and information about any detection tools relevant to the updates
'Let anyone be administrator' bug in VMware snapped shut(The Register) VMware has published a security update for its virtualisation software including its ESX, Workstation, Fusion and View products. A range of applications made by the EMC-owned vendor should therefore be patched to squash a privilege-escalation vulnerability in the VMCI. SYS driver
iOS 6.1.1 update rolled out to iPhone 4S to fix bugs(IT Proportal) Apple has released an iOS update for the iPhone 4S that fixes a connectivity problem some users were experiencing. The iOS 6.1. 1 update "fixes an issue that could impact cellular performance and reliability for iPhone 4S," Apple said
Security vulnerabilities in critical infrastructure up 600 percent(Infosecurity Magazine) Vulnerabilities in IT systems that underpin critical infrastructure like the energy grid, water supply facilities, oil and gas systems and transportation have skyrocketed 600% since 2010, NSS Labs reported a concerning state of affairs that may add yet more wind to the public rhetoric surrounding the potential for a major cyber-terrorist attack. The nations infrastructure, largely administered by IT systems knows as SCADA, is firmly in the crosshairs of our enemies, public officials have increasingly warned. Last autumn, US Defense Secretary Leon Panetta talked about an impending Cyber Pearl Harbor, while newly confirmed US Secretary of State John Kerry commented last month that cyber-attacks are the equivalent of modern-day nuclear weapons
Almost all US networks can be hacked: Intelligence Committee(ZDNet) The US is vulnerable to cyberattacks that could shut down financial services or destroy information that companies need for daily operations, the chairman of the House Intelligence Committee has said. Mike Rogers said 95 percent of private sector networks are vulnerable, and most have already been hit. What's being stolen
A global cyber-crisis in waiting(Washington Post) Richard A. Clarke is chairman of Good Harbor Security Risk Management. He was special adviser to the president for cybersecurity in the George W. Bush administration. While Vice President Biden and Russian Foreign Minister Sergey Lavrov were dealing with Syrian rebels and other conflicts, some at the recent Munich Security Conference were focused on a topic with much greater implications for global security: cyberthreats
BYOD is just the tip of the iceberg(Help Net Security) The growth in cloud storage devices means that corporate IT departments are now at the mercy of consumer-based applications, as more and more employees look to take their work out of the office and of
Social engineering: Clear and present danger(Help Net Security) Although many companies in the information security industry prefer to tackle challenges with sophisticated hardware, the art of lying continues to be a towering risk difficult to deal with
UK enterprises continue to drag feet on BYOD(FierceMobileIT) Enterprises in the United Kingdom are not embracing BYOD the way their cousins across the pond are, according to U.K. experts consulted by IT Pro. "There is a lot of talk about this wholesale march towards IT not giving employees technology and then allowing them to pick their own and bring that into the workplace instead, but I don't see it taking place in U.K. enterprises particularly strongly," said Pierre Hall, solutions director of workplace and software at IT services firm Computacenter
Are We Prepared for a Chinese Cyber Attack?(Daily Beast) What kind of threat does China pose? Pew surveyed leaders from the military, academia, and other elite groups. Of the 11 issues tested, including three that were asked of the experts but not of the general public – China's intellectual property
Pentagon Readies Budget Ax(Wall Street Journal) With a growing sense of resignation, Pentagon officials are preparing for billions of dollars in spending reductions, holding out little hope that President Barack Obama and Republican lawmakers will be able to avert deep cuts set to take hold on March 1
U.S. Sets Timing of 2014 DoD Budget(Defense News) The White House is preparing to submit top line budget proposals to Congress in mid-March with more detailed documentation to follow later that month, Defense News has learned. The Pentagon is preparing to send its fiscal 2014 budget — a spending plan that does not take into account massive cuts scheduled to kick in at the beginning of March and whose timeframe has been murky until now — to Congress on March 25, according to a Feb. 5 memo signed by Pentagon Deputy Comptroller John Roth
Duane Andrews Retiring as QinetiQ NA CEO, JD Crouch Named Successor(GovConWire) Duane Andrews will retire as chief executive of QinetiQ North America and be succeeded by J.D. Crouch, president of the company's technology solutions group, after the company's fiscal year ends March 31. Andrews has held the reins at QinetiQ NA since 2006, when he left Science Applications International Corp. (NYSE: SAI) after 13 years, most recently serving as executive vice president and chief operating officer
SAIC To Compete For Army C4ISR Prototyping On $263M IDIQ(GovConWire) Science Applications International Corp. (NYSE: SAI) has won a prime position on a potential $263 million U.S. Army contract to prototype and insert C4ISR technologies (command, control, communications, computers, intelligence, surveillance and reconnaissance). The company will compete for task orders to perform work under the potential five-year indefinite-delivery/indefinite-quantity contract, which contains one base year and
Google To Pay Apple $1 Billion Next Year To Be Default Search Engine On iOS(TechCrunch) Apple and Google are enemies and partners at the same time due to asymmetric competition. According to a report from Morgan Stanley, Google could pay more than $1 billion in 2014 to remain the default search engine on iOS. In 2009, Google paid only $82 million for the privilege. Analyst Scott Devitt believes that it is a per-device deal growing every year
Linux Foundation releases secure boot loader(IT World) Freeing the way for independent Linux distributions to be installed on Windows 8 computers, the Linux Foundation has released software that will allow Linux to work with computers running the UEFI (Unified Extensible Firmware Interface) firmware
First week at MEGA Bounty Program, paid out thousands of dollars for seven Bugs(The Hacker News) One week after launching a Bug bounty program by the Kim Dotcom's new file-storage and sharing service MEGA claims to have fixed seven vulnerabilities. Although Mega hasn't shared how much money and to whom it paid out in the first week. But as promised, it is clear that MEGA paid out thousands of dollars in bug bounties during the first week of its security program
How to Get Rid of Ransomware on Mobile Devices(TechNewsDaily) "Ransomware" may be a term you haven't heard before. This type of criminal malware, which spread around the world on PCs in 2012, encrypts some or all the files on a computer and holds them for ransom. Sometimes the malware will pop up an on-screen message demanding a sum to decrypt the data
An Interview with Rafay Baloch - Security Researcher and Famous Bug Hunter(E Hacking News) Today, E Hacking News interviewed a Security Researcher and Famous Bug Hunter Rafay Baloch who got listed on a number of Hall of fame and received rewards from Google, PayPal, Nokia and more companies which conduct Bug Bounty programs.1. Introduce yourselfWell, Name is "Rafay Baloch", I am the admin of http://rafayhackingarticles.net, My primary interests include Security Research, Penetration Testing and Blogging
At Facebook, zero-day exploits, backdoor code bring war games drill to life(Ars Technica) How do companies prepare for the worst? By exposing workers to lifelike crises. Early on Halloween morning, members of Facebook's Computer Emergency Response Team received an urgent e-mail from an FBI special agent who regularly briefs them on security matters. The e-mail contained a Facebook link to a PHP script that appeared to give anyone who knew its location unfettered access to the site's front-end system. It also referenced a suspicious IP address that suggested criminal hackers in Beijing were involved
Design and Innovation
Clayton Christensen Wants to Transform Capitalism(Wired Business) Sixteen years ago a book by Clayton Christensen changed business thinking forever. The Innovator's Dilemma looked at industries ranging from disk drives to steel to mechanical excavators and exposed a surprising phenomenon: When big companies fail, it's often not because
The Close Web: Social Networks Are Coming Home(Wired Business) Neighborhood social network Nextdoor is unveiling a sweeping upgrade that should accelerate its growth and provide valuable lessons for other networks focused on nearby objects and people
Google Announces 9th Edition Of Its Summer Of Code Program, Will Start Taking Applications In April(TechCrunch) As expected, Google will once again run its Summer of Code program for college students around the world this year. Students who make it into the competitive program get to work on open-source projects for mentoring organizations from around the globe. Over the past eight editions, 6,000 students from more than 100 countries participated in the program. Students will able to submit their
New headache: Social media and stock manipulation(FierceFinanceIT) Not too long ago, Wall Street was captivated by the notion that Twitter-based sentiment indicators could be used to predict, or at least inform, stock movements. A couple of incidents recently have demonstrated that, while the jury is still out on such indicators, Twitter can without question be used to manipulate stock prices. Two thinly traded Nasdaq stocks tanked in the wake of Tweets that purported to be from research outfits
Lewis: U.S. should go to WTO over Chinese espionage(FierceGovernmentIT) Chinese intellectual property cyber espionage has grown too pervasive for the United States not to react to it through policy measures, says James Andrew Lewis, director of the Center for Strategic and International Studies' technology and public policy program
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ATMiA US Conference 2013(Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
RSA USA 2013(San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013(Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...
NRO Winter Way Forward Conference(Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
Business Insurance Risk Management Summit(New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...
CanSecWest 2013(Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
CTIN Digital Forensics Conference(Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit(Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...
AFCEA Belvoir Industry Days 2013(National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
Interop Las Vegas(Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...
Consumerization of IT in the Enterprise Conference and Expo(San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.