PNC warns customers of a possible cyber attack; observers generally attribute the attack to the Izz ad-Din al-Qassam Cyber Fighters.
Nullcrew hacktivists, quiet for some time, resurface with an intrusion into a US Department of Homeland Security website. The minor exploit (Sophos calls it an "intrusionette") marks Nullcrew's return. We've not followed the sad turns in John McAfee's life, but his latest deserves mention: elaborate (and far-fetched) claims of a malware campaign against Belize's government.
A Turkish government agency trying to spy on its employees caused last week's TURKTRUST certificate problems. Symantec's PGP Whole Disk Encryption has another zero-day vulnerability, the second in as many weeks.
Internet Explorer vulnerabilities linked to China's Elderwood gang won't be patched tomorrow, even though Microsoft's proffered interim workaround was defeated Friday. An interesting development in the crimeware economy: Blackhole's author is buying malware, apparently to package it into more powerful exploit kits.
Microsoft will issue seven patches tomorrow, two of which are rated critical. Samsung is pushing a fix for the Exynos vulnerability to its Galaxy phones. Adobe warns of ColdFusion vulnerabilities; it plans to issue patches on January 15.
The World Bank plans to open a cyber security center in the Republic of Korea. Congratulations to our colleagues at Northrop Grumman, who've won the US Digital Forensic Challenge. Google's visit to North Korea bears watching amid other signs that the world's most closed society may be opening (slightly and slowly). The US Defense bill signed last week aims to boost small business contracting.
Today's issue includes events affecting Azerbaijan, Belize, China, Germany, India, ran, Japan, Korea, Poland, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
PNC Bank Warns 5 Million Customers It Might Have Been Hacked(Business Insider) The bank has sent a message to some five million customers warning of a possible cyber attack, the AP is reporting. So far, the bank's "websites are getting hit with high traffic consistent with computer attacks," and some users have been blocked from
Cyber Jihad - Iran steps up cyber attacks on U.S. financial institutions(Free Beacon) Iran is continuing aggressive cyber attacks against U.S. financial institutions and officials say the U.S. government has failed to take steps to halt the electronic strikes. The sophisticated denial-of-service cyber attacks have been underway for several months and involve Iranian-origin hackers who flood banking and financial institution web sites with massive log-in attempts that disrupt or halt remote banking services. The are going after the same types of sites, said an intelligence official familiar with reports of the attacks
Evidence of Possible Spring Cyber Attack on Banking Industry(SIGNAL Magazine) The financial services industry and government cybersecurity experts are bracing for a possible cyber attack targeting large financial institutions, which was forecasted in research conducted by a cybersecurity expert working for a major information technology security firm
DHS website falls victim to hacktivist intrusion(Naked Security) Hacktivist group NullCrew recently announced a succesful intrusion (though intrusionette might be a better word) against a website in the DHS. GOV domain hierarchy. DHS, of course, is the United States Department of Homeland Security
John McAfee says he infected laptops with malware, spied and stole passwords from Belize officials(Naked Security) Twenty years ago, John McAfee ran an anti-virus company. He's not had anything to do with the company that bears his name (and was subsequently acquired by Intel) since the early 1990s, but that doesn't mean that his involvement with malware has come to an end. Many people have been following the bizarre story of John McAfee, who has been on the run from the Belize police since mid-November, had his location leaked to the world in a photo's EXIF meta-data, and was hastily deported from his Guatemala hide-out to the United States
Turkish Digital Certificate Blunder Caused by Government Agency(Hot for Security) An unauthorized digital certificate issued for search specialist Google has been used for rogue purposes since August 2011, violating digital trust and key public infrastructure. This impersonation attack was not, however, carried out by hackers, but by a government agency trying to spy on its own employees. On December 24, Google found an unauthorized digital certificate was being used to validate rogue web pages as legit services provided by Google, including validation for Google Mail and Google Search
TURKTRUST Incident Raises Renewed Questions About CA System(Threatpost) The series of missteps and failures that led to a Turkish government-related agency eventually ending up with a valid wild card certificate for Google domains began in June 2011 when the TURKTRUST certificate authority began preparing for an audit of its systems and started moving some certificate profiles from production systems to test systems. Two months later, a pair of subordinate certificates--which carried the full power and inherited trust of TURKTRUST's root certificate as far as most browsers were concerned--were issued, and one of them later was used by a Turkish government transportation and utility agency to create an attacker's holy grail: a valid certificate enabling him to intercept encrypted Google traffic
Zero-Day Vulnerability Uncovered in Symantec's PGP Whole Disk Encryption(Spftpedia) On December 25, 2012, someone published the details of what appeared to be a zero-day vulnerability in Symantec's PGP Whole Disk Encryption product. After analyzing the POC, Symantec's engineers confirmed that it was in fact a vulnerability. However, according to Symantec's Kelvin Kwan, it's not something that's easy to exploit
Researchers Bypass Microsoft Fix It for IE Zero Day(Threatpost) Expect amped up pressure aimed in Microsoft's direction for a patch for the Internet Explorer zero day that surfaced last week, now that researchers at Exodus Intelligence reported today they have developed a bypass for the Fix It that Microsoft
Symantec links latest Microsoft zero-day with skilled hacker gang(InfoWorld) Symantec is crediting a hacker group with an impressive track record as responsible for finding the latest as yet unpatched vulnerability in older versions of Microsoft's Internet Explorer browser. A gang Symantec calls the Elderwood group appears to
Internet Explorer zero-day exploit linked to China(NBCNews.com) Delving further into the Microsoft Internet Explorer zero-day exploit found last week, which unknown hackers used to compromise the website of an influential American think tank, researchers have discovered the exploit's use on other websites and
Zero-day exploit(CNET) Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer. Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow
Reflected XSS vulnerability affects Millions of sites hosted in HostMonster(E Hacking News) Recently, We reported about the Reflected Cross Site scripting vulnerability in the HostGator India hosting site that affects millions of hosted sites. Today, Another Indian Security Researcher , Ramneek Sidhu , come with another interesting find. Ramneek Sidhu has discovered Reflected XSS Vulnerability in One of the Biggest WebHosting site "HostMonster"
DarkWebGoons leaks 20k Credentials from Association of Irish Festival Events(E Hacking News) 20,000 Credentials has been compromised from the Association of Irish Festival Events website (aoifeonline. com) by a new hacker with twitter handle @DarkWebGoons. The Association of Irish Festival Events(AOIFE) is an all-island voluntary network organisation that brings together organisers of festivals and events in Ireland, suppliers to the festival and event sector and policy-makers and fundersThe hacker announced the breach in Twitter and posted a link to the leak of the compromised database
German Chambers of Commerce Hacked(eSecurity Planet) Anonymous hackers claim to have stolen 2.7 GB of internal documents from the German Chambers of Commerce (AHK) in Ukraine and Azerbaijan
Conficker targets photography lovers(Help Net Security) People who bought a Hama-manufactured slide scanner from popular German retailer chain Tchibo in the weeks leading to Christmas are being warned about taking home more than they have bargained for
Crimeware Author Funds Exploit Buying Spree(KrebsonSecurity) The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes. An exploit pack is a software toolkit that gets injected into hacked or malicious sites, allowing the attacker to foist a kitchen sink full of browser exploits on visitors
NASDAQ Suffers Data Feed Glitch(Finextra) In an alert to traders at 13:42, picked up by Reuters, the exchange said it was looking into an issue involving its Universal Trading Platform's centralised securities information processor (SIP) data feeds. Nasdaq-listed stocks continued to trade on some exchanges but brokers reported anomalies in some prices of some securities and reporting delays of trades to the consolidated tape, says the Wall Street Journal. Fellow operator Direct Edge responded by briefly halting trading in all Nasdaq order books
Human error at Amazon takes down Netflix(Fierce CIO: TechWatch) A Netflix outage on Christmas Eve was traced to a mistake by an Amazon (NASDAQ: AMZN) Web Services engineer. The engineer is one of a very small number of developers who have access to this production environment, and whose failure to notice the mistake at that time extended the time it took the team to identify and rectify the problem
Amazon's EC2 Outage: A Closer Look(InformationWeek) Amazon Web Services once again cites human error spread by automated systems for loss of load balancing at key facility Christmas Eve
Security Patches, Mitigations, and Software Updates
Samsung Pushes Exynos Flaw Fix on Galaxy Phones(Threatpost) Samsung has started to push software updates to some users of its Galaxy branded phones this week, fixing a flaw that was found affecting devices containing Exynos processors shortly before Christmas
Adobe ColdFusion Security Advisory(Internet Storm Center) Adobe released a security advisory which identifies three vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631) affecting ColdFusion for Windows, Macintosh and Unix. They have received reports that these vulnerabilities are actively being exploited. Adobe is currently planning to release a fix for January 15, 2013
A Bit About the NVIDIA Vulnerability(Internet Storm Center) Geoff writes in this morning asking for more eploration around the Nvidia vulnerability patch that was released yesterday. He writes: "Its really quiet if it is truly a vulnerability patch. I don't see any reference to an exploit fix. Maybe you can dig deeper and confirm?" On December 25th, 2012, a security research released exploit code that leverages a buffer overflow vulnerability in versions prior to 310.90 of the GeForce Driver for a popular line of NVIDIA video cards. This is a privilege escalation exploit that allows someone with low-level access to gain administrative-privileges on that system
Security pros predict 'major' cyber terror attack this year(Ars Technica) That sentiment is supported by the data from the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which responded to 198 cyber incidents in the 2012 fiscal year, with 41 percent of the them
Consumers want stronger mobile payment security(Computer Weekly) UK consumers are happy to use extra levels of security on their smartphones for mobile payments according to research conducted by ICM. However few people have actually used the NFC contact-less payment technology to pay for goods. In the online survey of over 2000 UK consumers 56% of consumers would like to see banks and mobile providers guaranteeing any financial losses
Study questioning effectiveness of anti-virus software comes under fire(Fierce CIO: TechWatch) Security firm Imperva has come under fire after publishing a study last month which suggested that anti-malware software may not be worth its often hefty investment. In a report titled "Assessing the Effectiveness of Anti-virus Solutions", Imperva concluded that the initial detection rate of a newly created virus is less than 5 percent, and that antivirus vendors may take "up to four weeks" to detect a new virus
Why You'll Need A Big Data Ethics Expert(InformationWeek) The looming issue in big data isn't technology but the privacy and ethics decisions associated with how, when and if results should be provided
World Bank seeks cybersecurity center in S. Korea(Yonhap News) The World Bank and Korea Communications Commission (KCC) will sign a deal next week on a joint project to establish a "Global Cybersecurity Center" in South Korea, officials said Sunday. The World Bank, headed by Korean-born physician Jim Yong Kim, proposed it set up the center in South Korea in late 2013, they said. The facility will be tasked with promoting cybersecurity and other information protection in developing nations
Contractors' Cutback Worries Remain(Washington Post) While the two-month delay in planned federal spending cuts that Congress approved last week provides short-term relief for government contractors, many companies said the move does little more than maintain the uncertainty that has plagued them for months
Hagel To Be Pick For Defense(Washington Post) President Obama plans to nominate former senator Chuck Hagel, a Nebraska Republican and Vietnam War veteran, to be secretary of defense, according to a person close to the process and a senior administration official
DOE Taps PNNL CIO To Improve Security(InformationWeek) The U.S. Department of Energy is looking to bolster its cybersecurity readiness with the appointment of Jerry Johnson, CIO of Pacific Northwest National Laboratory for the past eight years, as a senior policy and technical adviser. Johnson had first-hand experience with one of the federal government's most serious cyber attacks. In 2011, he oversaw PNNL's response to a dual-pronged cyber attack that was likely part of a broader attack against government agencies and private-sector companies
Google Leader On Way To North Korea(New York Times) Googles executive chairman, Eric Schmidt, is to leave Monday from Beijing on a commercial flight to North Korea, the country thought to have the worlds most restrictive Internet policies
Why you shouldn't be surprised if Google's Schmidt meets with Kim Jong-Un(Quartz) Google's Eric Schmidt and former New Mexico Gov. Bill Richardson are in Pyongyang this morning at the start of a three-day visit to North Korea. The pair, whose visit to North Korea was opposed to by the US State Department, is not currently expected to meet with leader Kim Jong Un, but don't be surprised if they do
Military Signs Most Comprehensive Microsoft Contract Yet(InformationWeek) Three-year, $617 million deal gives Department of Defense its lowest prices ever on software and services. In a bid to trim information technology costs, the Department of Defense last month signed a three-year, $617 million enterprise license agreement that will give the military its lowest prices ever for Microsoft software and services
NCR Acquires Video ATM Software Maker(InformationWeek) NCR is buying uGenius Technology, which makes the software for video ATMs that offer customers remote teller services from a call center
Will SMBs Suffer If HP Dumps PCs?(InformationWeek) Who wins and who loses if HP gets rid of its PC division? Here's why most small and midsize businesses probably won't care either way. As Yogi Berra would say, it's like deja vu all over again. In a recent SEC filing, HP said it will "continue to evaluate the potential disposition of assets and businesses that no longer help us meet our objectives." The tech titan's PC division is a reasonable guess to be one such business on the chopping block. We've been down this road before
Disruptive Web Security Startup Shape Security Nabs $20M From Venrock, Google Ventures, Kleiner, Eric Schmidt(TechCrunch) Shape Security, a company that wants to disrupt web security technology, has raised $20 million in a Series B financing round led by Venrock, with participation from Kleiner Perkins Caufield & Byers, Allegis Capital, Google Ventures, Google Executive Chairman Eric Schmidt's TomorrowVentures and former Symantec CEO Enrique Salem. The new funding brings Shape's total amount raised to $26 million. As we've written in the past, Shape Security wants to change the web security paradigm by shifting costs from defenders to hackers. The premise is that companies are forced to rely on identifying and classifying malware and botnets attack signatures that have occurred in the past, with the hopes of easily finding and shutting them down in the future. But sustaining this kind of security requires a lot of human and financial capital, so Shape has developed military-grade technology that doesn't rely on past attack signatures, and instead forces hackers to spend more and more to achieve less and less
D-link Wireless-G Router Year Issue (Y2K-plus-13)(Internet Storm Center) We have received a report from Melvin indicating that he discovered an issue with a D-Link WBR-1310 Version D Release 4.13 router "expired" when a computer could no longer get a new lease from the router. According to D-Link's website, this router would no longer be supported after January 2012 and the year reset to 2002 (valid year is 2002-2012). The D-link router needs to be a DHCP-client to the ISP's DHCP-server. If you are still using this model, when the DHCP lease expires, your router will no longer be serving the correct date and will need to be replaced. DD-WRT isn't an option because this model isn't supported. If you have already already encountered this issue, let us know via our contact page
20+ best FREE security tools (Help Net Security) We asked information and network security pros to name the best free software tools for their daily work. Here are 21 standouts to improve your defenses - without breaking the bank
Keycard: Unlock your Mac using an iOS device(Help Net Security) Keycard allows you to pair your iPhone or other Bluetooth enabled device with your Mac to lock and unlock your computer. It detects when you're leaving your desk, office, or room
Technologies, Techniques, and Standards
Polish prof discovers way to encrypt secret messages into silence on Skype (even if the FBI is listening)(venturebeat) Skype calls use 256-bit advanced encryption by default, but thats not secure enough for some people. So a prof at the Warsaw University of Technology has created a way to communicate even more privately on Skype by using silence. Wojciech Mazurczyk (10 points if you can pronounce that name) has found a way to hide data in the 70-bit packets that Skype sends by default when its detecting silence when youre not talking
Research and Development
Teaching Computers to Hear Emotions(IEEE Spectrum) New research can detect five different emotions with 81 percent accuracy…How can we hear emotions? It's not what people are saying—here it's just numbers, a date in one case—it's how they're saying it. And we can all do this. In fact, not being able to do this is a psychological disability. Well, if we can do it reliably, the next step—this is the Information Age, after all—is teaching a computer to do it too
Anonymous is 'Uniquely Offended' by UN Hijackers(Cyberwarzone) Firstly, We salute the Internet for protecting itself from the W.C.I.T., also known as the 2,012 World Conference on International Telecommunications of the United Nations International Telecommunications Union. That being said, we have reviewed the Wikit Post Mortem Panel and We want to just add in particular to what ambassador terry kramer said on the human rights sticking point because it goes deeply to a lot of concerns of our civil society
Obama signs legislation to deliver more government contracts to small businesses(Washington Post) Washington's elected officials are taking new steps to direct more government work to small businesses, just as contractors are bracing for the threat of sequestration. President Obama on Tuesday signed as part of the military spending budget a series of provisions to help small firms compete for more federal contracts and ensure that agencies take their annual small business contracting goals more seriously. Most notably, the law requires that small business contracting performance be part of employee reviews for senior agency officials, which factor into their consideration for bonuses and promotions
Litigation, Investigation, and Law Enforcement
Hospice of North Idaho Fined for Security Breach(eSecurity Planet) The $50,000 fine is the first ever for a breach affecting fewer than 500 patients. The U.S. Department of Health and Human Services (HHS) recently announced the first-ever HIPAA breach settlement for a case involving fewer than 500 patients -- the Hospice of North Idaho (HONI) has agreed to pay a fine of $50,000 for HIPAA violations related to the June 2010 theft of an unencrypted laptop containing the electronic personal health information of 441 patients
Indian Government Wiretapping and started BlackBerry interception(The Hacker News) According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the Indian government
What Facebook Gives the Police(Schneier) This is what Facebook gives the police in response to a subpoena. (Note that this isn't in response to a warrant; it's in response to a subpoena.) This might be the first one of these that has ever become public.
US Court Sentences 55-Year-Old Russian Hacker to 3 Years in Prison(Softpedia) Vladimir Zdorovenin, a 55-year-old Russian national accused of carrying out sophisticated cybercrimes has been given a three-year prison sentence by the Manhattan federal court. Zdorovenin who was arrested in Zurich, Switzerland, in March 2011 was extradited in January 2012 to New York. He pleaded guilty to the accusations brought against him in February 2012
State Agencies Yet To Fully Implement Cyber Security Protections(WLTX) Not all cabinet agencies have fully implemented cyber security protections that some experts and lawmakers say are basic steps in protecting taxpayers' information, almost three months after a foreign hacker conducted a massive data breach at the state Revenue Department. Some agencies surveyed by GreenvilleOnline. com said they use two of the protections - encryption and a multi-password system - in parts of their system or were working toward full implementation
SC working on security, notifying victims of data breach(The State) More than three months after officials revealed hackers had swiped financial data belonging to 6. 4 million consumers and businesses from the S.C. Department of Revenue, the state still is continuing work to secure computers and notify victims
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
tmforum Big Data Analytics Summit(Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...
ATMiA US Conference 2013(Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
Nullcon Goa 2013(Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
CTIN Digital Forensics Conference(Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.