NBC's website was hacked yesterday, serving visitors a helping of Citadel banking malware, but the infection was quickly detected and removed. Contaminated urls appear to be eclipsing botnets as the most common vehicles for cyber attacks. The waterholing attack Apple sustained offers another recent example.
Official Kyrgyz sites are defaced with the message (in Russian) "We are against racism." The attacks are thought related to Kyrgyz/Uzbek tensions.
China and the US continue to swap accusations of cyber provocation, and Chinese protestations of innocence remain unconvincing: circumstantial evidence can after all be solid, and to argue that professional soldiers would be too professional to misbehave in social media is a fantasy out of a 1990 techno-thriller. Australian media raise the alarm over their country's vulnerability to similar attacks—recall that Australia has been caught in the middle of a Sino-American dispute before, most recently during Congressional investigation of Huawei. Speaking of Huawei, the Chinese company says it welcomes the US Administration's new strictures on security: they're committed to doing good business in international markets.
CSO interviews Triumfant on "advanced volatile threats," but not all are convinced these represent something new, being perhaps better thought of as advanced persistent threats with sophisticated obfuscation.
US acquisition officials are now authorized to discuss the effects of budget sequestration with business as agencies plan to conserve cash by delaying contractor payment. Even under looming Federal austerity, Maryland increases cyber jobs.
Pennsylvania State University opens an intelligence-training red cell.
Today's issue includes events affecting Australia, China, European Union, Finland, India, Iran, Republic of Korea, Kyrgyzstan, Netherlands, New Zealand, Russia, Taiwan, United Arab Emirates, United Kingdom, United States and Uzbekistan..
Cyber Attacks, Threats, and Vulnerabilities
NBC website hacked and distributes malware - here's what happened(Naked Security) The latest high-profile organisation to fall victim to cybercriminals is the National Broadcasting Company (NBC), one of the so-called Big Three television networks in the USA. NBC's website was "owned" and used as a go-between in a campaign to infect online visitors automatically. Fortunately, the malevolent content on the site was up only briefly, limiting the harm that was done. But researchers at Dutch security company SurfRight managed to grab samples of some of the malware on offer during this time
Cyber attack on the Kyrgyz governmental websites(Journal of Turkish Weekly) In the 20th of February, official websites of Kyrgyz Republic's Interior Ministry, The State Property Control Committee, the Air Bishkek airline and some other official online city guides were hacked. The important point of the event was the message in
Telecom Customers No Longer Compromised After Cyber Attack(Scoop.co.nz) On Saturday Telecom cancelled the existing passwords of approximately 87,000 accounts that were sending spam after a cyber attack. Since then more than 65,000 users have changed their passwords. The balance has been identified by Telecom as having
Mandiant report on Chinese cyberespionage used as bait in spear-phishing attacks(ITWorld) Attackers are using fake versions of a recently released report about a Chinese cyberespionage group as bait in new spear-phishing attacks that target Japanese and Chinese users. The report was released Tuesday by security firm Mandiant and documents in great detail the cyberespionage campaigns conducted since 2006 by a hacker group known as the Comment Crew against more than 100 companies and organizations from different industries. Mandiant refers to the group as APT1 (Advanced Persistent Threat 1) and claims in the report that it's likely a secret Shanghai-based cyberespionage unit of the Chinese Army -- the People's Liberation Army (PLA)
U.S. and China exchange hacking claims(Voice of Russia) A US cybersecurity firm says it has evidence the Chinese government is behind years of hacking attacks on US corporations, organizations and government agencies. Mandiant claims cyber attacks come from a building in Shanghai run by the People's Liberation Army. But China's Defence Ministry today said the report was groundless and insisted it does not engage in hacking
The Art of Cyberwar(Slate) If Beijing was going to threaten the United States with a cyberattack, how would it do it? The New York Times' front-page report this week that the Chinese army is hacking into America's most sensitive computer networks from a 12-story building outside Shanghai might finally persuade skeptics that the threat of "cyber warfare" isn't the fevered fantasy of Richard Clarke, the producers of Die Hard 4, or the generals at the ever-growing U.S. Cyber Command. Alas, it's real. But what is the threat? Few of those in the know believe that some fine day, out of the blue, China will zap the programs that run our power grids, gas lines, waterworks, or banking systems, sending our economy--and much else--into a tailspin. Even if the Chinese could pull off such a feat with one keystroke, it's hard to imagine what they'd accomplish, especially since their fortunes are wrapped up with our own
China Denies U.S. Hacking Accusations: 6 Facts(InformationWeek) Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul. Security firm Mandiant this week published evidence that it said ties the Chinese government to a six-year campaign of hack attacks that have compromised 141 businesses across 20 industries. Washington-based Mandiant's 74-page report covers only one of the dozens of cyber-espionage groups around the world, including more than 20 in China, that the company said use advanced persistent threats (APTs) -- including spear-phishing attacks -- to compromise their targets. Mandiant refers to the group in its report as "APT1"
Private US firms take major role vs. cyberattacks (Yahoo) When Kevin Mandia, a retired military cybercrime investigator, decided to expose China as a primary threat to U.S. computer networks, he didn't have to consult with American diplomats in Beijing or declassify tactics to safely reveal government secrets. He pulled together a 76-page report based on seven years of his company's work and produced the most detailed public account yet of how, he says, the Chinese government has been rummaging through the networks of major U.S. companies. It wasn't news to Mandia's commercial competitors, or the federal government, that systematic attacks could be traced back to a nondescript office building outside Shanghai that he believes was run by the Chinese army
The Road To Hell Is Authenticated By Facebook(Dark Reading) OAuth allows us to log into many sites using familiar credentials, from Twitter, Facebook, Google or Microsoft. The main author of the original OAuth 1.0 spec says these giants took it and made OAuth 2.0 a monstrous, complex and insecure mess that has already brought us significant vulnerabilities
Advanced volatile threat: New name for old malware technique?(CSO) AVTs are not widespread -- yet -- because 'APTs are working just fine,' says Triumfant CEO. But they could one day start a cyberwar, he said. There is something worse than advanced persistent threats (APT) out there -- a stealthier attack vector called advanced volatile threats (AVT), says one security company. But several other security experts said while any kind of successful attack technique is a concern, AVT is just a new name for an old problem
IBM crash highlights cloud risks - Internet NZ(New Zealand Herald) A two-day outage to IBM's $80 million data centre in Auckland this week highlights the "rare" risks involved with being based in the cloud, says Internet New Zealand. Businesses and schools reliant on the data centre were left stranded between Monday 3am and Wednesday 10am after a fault at the state-of-the-art facility in Highbrook, South Auckland. One east Auckland school was unable to access its internal management system in the same week as it hosted a visit from the Education Review Office (ERO)
Anonymous hack of the Federal Reserve a just protest(Oklahoma Daily) Anonymous is one of the most misunderstood and misrepresented organizations in the world. One reason for this is it isnt actually an organization, nor even a well-defined group of people. Another reason is the constant stream of fear-laden news reports of its activities
Security Patches, Mitigations, and Software Updates
iOS passcode bug slated to be fixed in iOS 6.1.3—for real this time(Ars Technica) The second beta of iOS 6.1.3 reportedly fixes this security hole. The recent release of iOS 6.1.2 may have brought Exchange fixes for some, but to the surprise of security experts, the zombie passcode bypass bug that keeps popping up has yet to be fixed. Apple apparently plans to address that bug in an upcoming release of iOS 6.1.3. The company issued a second beta of iOS 6.1.3 to developers on Thursday, as noted by 9to5Mac, which addresses this lock screen bug in addition to bringing Maps enhancements for Japan
Check Point Software Technologies Ltd. : Check Point Uncovers Hidden Security Risks on Enterprise Networks(4-Traders) Check Point Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today issued its 2013 Security Report, uncovering major security risks that impact organizations worldwide. The new report examines top security threats, risky web applications that compromise network security, and loss of data caused by employees unintentionally. Most importantly, the report provides security recommendations on how to protect against these threats
Analyst Says Pentagon Has Wiggle Room On Sequester(Washington Post) The Defense Department could have some wiggle room to avoid major cuts in readiness as the sequester looms, according to a recent Congressional Research Service analysis by Amy Belasco, a specialist in U.S. defense policy and budgets
The Enemy Within(The Economist) Ships lie uselessly at anchor and lay-offs loom as deep Congress-imposed spending cuts look ever more likely to go ahead
Defense Policy Chief Outlines Furlough Preparation(GovExec.com) James Miller, Defense undersecretary for policy, sent an email on Wednesday to the policy team outlining plans for adequate staff coverage if sequestration takes effect on March 1 and employees are furloughed
Pentagon Buyers Authorized To Discuss Budget Cuts With Industry(Reuters.com) The Pentagon's top weapons buyer on Thursday authorized Defense Department purchasers and program managers to begin talking to industry partners about plans for implementing $46 billion in budget cuts on March 1 and what impact it may have on business
Pentagon Fears Drastic Cuts With Lack Of Spending Bill(USA Today) Congress' failure to pass a spending bill for the Pentagon appears to be causing almost as much concern as the automatic spending cuts that loom March 1, according to an internal Defense Department document obtained by USA TODAY
Maryland Expands on Success Attracting Cyber Jobs(ClearanceJobs.com) Despite all the talk of federal budget cuts in the national capitol region, the state of Maryland is now prime hunting ground for security cleared veterans. This news comes from two fronts. Last week, Maryland Gov. Martin O'Malley offered up several initiatives to boost the state's job market, one of which calls for a greater push to promote jobs in the region's cyber security businesses. The need for qualified personnel is at an all time high, and O'Malley is looking to make sure Marylanders fill those openings
DHS launches cybersecurity career website(FierceGovernmentIT) The Homeland Security Department announced Thursday creation of the National Initiative for Cybersecurity Careers and Studies, a website containing information about cybersecurity careers, education, and training information. NICCS is meant to be "a comprehensive, single resource to address the nation's cybersecurity knowledge needs," DHS said
Check Point RSA Conference Sessions Zero In on Targeted Malware Attacks and Critical Infrastructure Security(MarketWatch) Check Point Security Evangelist to Present on Tues., 2/26 and Check Point Fellow, IPv6 Co-Founder to Present on Thurs. 2/28. Check Point(R) Software Technologies Ltd., the worldwide leader in securing the Internet, today announced their speaking sessions at RSA Conference 2013. Check Point representatives Tomer Teller and Bob Hinden will be presenting this year, focusing on advanced malware detection and smart grid security, respectively
Huawei Welcomes the USs Cybersecurity Executive Order(Softpedia) Huawei says it welcomes US President Barack Obamas cybersecurity executive order. The company, which has recently been named a threat to the national security of the United States, says the initiatives proposed in the new policy are in line with its own vision on information sharing and collaboration. Huawei representatives say they support the order that aims at enhancing the resilience of critical infrastructures while promoting civil liberties, privacy, security and business confidentiality
Nokia To Go Downmarket At MWC To Better Compete With Huawei And ZTE, Report Says(TechCrunch) Windows Phone 8 is Nokia's big play for the future, but as a result of focusing on those devices and their higher-end target market, the company is giving up ground to firms like Huawei and ZTE with lower end devices. But the Finnish company may be looking to get its budget-friendly groove back with the introduction of new, basic handsets not based on Microsoft's mobile OS, to be unveiled at MWC
Cenzic Enterprise integrates with F5 BIG-IP ASM(Help Net Security) Cenzic announced the direct API integration of the Cenzic Enterprise 7.0 suite of products with F5's BIG-IP Application Security Manager(ASM) 11.3. With this combined solution, customers can now
SAIC introduces cloud-based big data platform(FierceBigData) There is no rule saying all big data innovation must come from startups. Science Applications International Corporation, a scientific, engineering, and technology applications company, and former owner of Telcordia Technologies (previously known as Bellcore), introduced some innovation of its own this week with the launch of DigitalEdge, a big data software platform
Technologies, Techniques, and Standards
How Best To Break The News To Users That They're A Bot(Dark Reading) Turns out last year's massive takedown of the DNSChanger botnet provided a handy case study on the most effective methods of notifying victims and cleaning up their machines. Researchers from Georgia Tech studied the botnet's remediation efforts, which began early last year, and found that phone contact, billing notices, and redirecting infected users to special Web pages are the best ways to alert them to their infections
How to Handle Java to Minimize Security Risks(eSecurity Planet) As Java has become a favorite tool of hackers, some experts are advising folks to disable it in browsers. What should business users do? Oracle's Java technology has become a favorite target of hackers and malware writers over the past few years. In response, the company has released Java updates with increasing frequency
Avoid The Attack Attribution Distraction(Threatpost) Plenty has been written this month about attack attribution, but, really, if your network is under siege, how often does the "who" matter as much as the "how," "what," and "where"? It seems that knowing who the actor is behind a network intrusion matters little to a bank, restaurant or retail chain. You just want them off your gear, and you want your stuff put back where it belongs
RIAA Says Google's Anti-Piracy Search Algorithm Is Bogus(Wired) The Recording Industry Association of America said Thursday that Googles algorithm change to lower rankings of sites with high numbers of copyright-infringing removal notices has had no demonstrable impact on demoting sites with large amounts of piracy. The sites we analyzed, all of which were serial infringers per Googles Copyright Transparency Report, were not demoted in any significant way in the search results and still managed to appear on page 1 of the search results over 98 percent of the time in the searches conducted, the RIAAs report said
Design and Innovation
Why libraries should be the next great startup incubators(Quartz) Co-working spaces are often treated today as a novelty, as a thoroughly modern solution to the changing needs of a workforce now more loyal to their laptops than any long-term employers. But the idea is actually as old as the public library
A grand paradox makes private equity puzzling(Quartz) Two weird things are happening in the private equity (PE) world. On the one hand, there's about $100 billion capital that was raised in the years leading up to the financial crisis but not invested. With five years or so to use that "dry powder"—a period that for many funds is up at the end of this year—they are jumping to make investments before they have to return money to investors. And investors, disappointed with the recent lackluster returns in PE, may not want to put more money in. That could be the reason why 24% fewer funds successfully closed fundraising rounds in 2012 than did in 2011
Can America code its way to more factories?(Quartz) One of the simpler stories we tell about the global economy involves still-industrializing markets taking over much of the world's manufacturing, while advanced economies provide the design, software architecture and innovation. It's a useful framework, but it doesn't take into account innovation coming from emerging markets, and perhaps more importantly, it doesn't account for the ways that making software can help make physical things
Red Cell Lab offers realistic terrorism lessons for future intelligence analysts(Penn State Live) In the Red Cell Lab, students battle biases to improve intelligence. Whether intelligence analysts are trying to predict the next moves of an insurgent group or determining how to best deliver aid after a hurricane, an excess of information can often cause just as many problems as a lack of it. Red Cell Analytics Lab, a laboratory in Penn State's College of Information Sciences and Technology, uses cutting-edge technology and the latest analysis to turn information into intelligence during fluid, complex situations that are as timely as today's headlines
Grad students to use innovative tech grant(Albuquerque Journal) A $1.6 million grant from the National Science Foundation will pay for 18 graduate students in an innovative technology program at University of New Mexico's Anderson School of Management, according to a news release. The five-year grant will fund scholarships for students studying cyber security and information assurance, an interdisciplinary program that focuses on the management of information security
Net security vital for andheri companies: Sameer Saxena(Economic Times) The Information Assurance and Homeland Security Academy is trying to bridge the demand-supply gap of cyber security professionals. Sameer Saxena, head of the academy, under the Mahindra Special Services Group, shares his plans with ET
Legislation, Policy, and Regulation
White House develops new trade secret strategy(Cyberwarzone) The White House has come up with a new strategy to combat what it says is a wave of trade secret thefts from China and other countries. The report lists threats to corporate intellectual property from cyber attacks and more conventional methods of economic espionage. As critical technologies have advanced, criminals have adapted accordingly
Markey: GRID Act Passage Long Overdue(Threatpost) Representative Ed Markey (D-MA) is urging the Chairman of the House Committee on Energy and Commerce, Fred Upton (R-MI), to take immediate action toward passing the Grid Reliability and Infrastructure Defense (GRID) Act, which Markey calls a bipartisan bill aimed at hardening the nations electrical grid and critical infrastructure against cyberattacks. Broadly put, the GRID Act would give the president the authority to impose emergency defensive measures, with or without notice, on maintainers of critical infrastructure in response to what is perceived as an imminent threat to the nations electrical grid
EU cyber laws should target IT suppliers' security negligence(Computer Weekly) Cyber security has made its ultimate mainstream breakthrough. This week, a relatively minor hack targeted at Apple not only made the BBC 10 O'clock News, but warranted a lengthy studio discussion between presenter Sophie Raworth and a BBC security correspondent. Attacks of varying sophistication and impact are becoming a near daily occurrence - and they are only the ones we hear about
Obama Lays Down The Law On Cyber Espionage(Security Ledger) The Obama Administration on Wednesday released a report detailing new Administration measures to protect U.S. trade secrets and intellectual property. The report: Administration Strategy on Mitigating the Theft of U.S. Trade Secrets (PDF) establishes a new foundation for cooperation between the U.S. government and the private sector. It comes just days after a bombshell, 60-page report by the security firm Mandiant that described the activities of APT1 a hacking group that Mandiant claims is actually a cyber warfare unit of Chinas Peoples Liberation Army (PLA)
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
RSA USA 2013(San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013(Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...
NRO Winter Way Forward Conference(Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
Business Insurance Risk Management Summit(New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...
CanSecWest 2013(Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
CTIN Digital Forensics Conference(Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit(Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...
AFCEA Belvoir Industry Days 2013(National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
HITBSecConf2013(Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team,...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Information Tech Expo Series - Hawaii(Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
23rd Annual Government Procurement Conference(Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network...
Interop Las Vegas(Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...
Maryland/DC Celebration of International Trade(Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...
Consumerization of IT in the Enterprise Conference and Expo(San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.