Czech antivirus company Avast fingers Chinese security services in the recent series of waterholing attacks that exploited Java and Internet Explorer vulnerabilities. Their attribution is based mainly on the nature of the attacks' targets: most victims share an antipathy to the Chinese government. Defense IQ publishes an analysis (or "deconstruction") of last year's Shamoon attack on Aramco. The analyst claims that Saudi dissidents and not Iran were behind the campaign, but his argument seems speculative and circumstantial. (Note that both attributions rely more on inference of intent than on any technical features of the exploits.)
Barracuda products are found to contain a backdoor that opens users' networks to compromise. (Barracuda promptly issues firmware updates to remediate the vulnerability.)
In industry news, Belkin is acquiring Cisco's Home Networking Business Unit, Microsoft and Dell continue to talk about taking Dell private, and Lenovo considers making an offer for RIM. Concerns about SCADA vulnerabilities have security and industrial control firms looking for new ways to close them. One of the biggest players in the sector, Siemens, may begin offering bug bounties. Wired's piece on Twitter's plans to introduce six-second videos offers an interesting study in how constraint can foster creativity.
Australia's opposition decries what it sees as a lack of detail in the Prime Minister's Cyber Security Center plans. (In recent elections both major parties competed in their toughness on cyber security.) California releases its mobile app privacy guidelines.
US prosecutors advance their case against hackers allegedly behind the Gozi banking fraud malware.
Today's issue includes events affecting Australia, Austria, China, Czech Republic, France, Iran, Latvia, Romania, Russia, Saudi Arabia, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Shamoon Malware Possibly Developed by Extremist Islamist Group from Saudi Arabia(Softpedia) United States officials have insisted on numerous occasions that the Shamoon malware, the one used in the cyberattacks against Saudi Aramco, is the work of Iran. However, new evidence suggests that it could be the work of an extremist Islamist group based in Saudi Arabia. US authorities have said that a malware developed by amateurs couldnt have damaged around 30,000 computers, as Shamoon has done in the case of Saudi Aramco
'Backdoor' root log-ins found in Barracuda security, networking gear(ZDNet) A 'super-user' root-access account has been found in a number of Barracuda security and networking products, which may allow hackers to easily access company networks, albeit if their attacks are launched from a specific set of IP addresses. An Austrian security firm has warned of undocumented "backdoor" root log-ins to a number of Barracuda Networks' products, which could leave networks and data centers vulnerable to unauthorized access, data theft, or network hijacking
Web server hackers install rogue Apache modules and SSH backdoors, researchers say (Computer World) A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users. The hackers are replacing all of the SSH binary files on the compromised servers with backdoored versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from Web security firm Sucuri said Wednesday in a blog post."I saw some SSHD [SSH daemon] backdoors in the past in very small scale or part of public rootkits, but not like this one," Daniel Cid, Sucuri's chief technology officer, said Thursday via email. "They do not only modify the ssh daemon, but every ssh binary (ssh, ssh-agent, sshd) and their main goal is to steal passwords
Do programmers understand the meaning of PRIVATE?(Naked Security) You've probably heard of public-key cryptography, because it's the basis of HTTPS, the system that puts the padlock in your browser. The mathematical detail behind public-key crypto is a little abstruse, but you don't need to be a mathematician to understand the principles that make it work
Press News UK Breached, 665 Login Credentials leaked by JokerCracker(Hack Read) The JokerCracker hacker has hit another site, this time has breached into the site of Press News UK (thepressnews. co. uk) and leaked 600+ login account information of admin, staff and daily users. The breach was announced by the hacker himself on his official Twitter account, while the data was left for pubic on Pastebin
The tactics behind a spear phishing attack(SC Magazine UK) Marketing tactics have changed. Marketers now target each individual customer, just like Amazon's recommendations page. Criminals have learnt the same lesson as phishing emails are no longer sent to thousands of people
Crapware Won't Crap Out(Slate) The horrifying persistence of annoying, privacy-invading, unwanted software. For a few years now, I've been expecting to write an obituary for crapware. Or not an obit, exactly—I was hoping to dance on its grave. Crapware is the annoying software that worms into your computer without your knowledge. You can get it when you buy your PC—software companies pay PC makers to install the stuff on new machines—or when you download some ostensibly useful program from the Web. You might download Adobe's Flash player, say, and only later discover that the installer also larded up your computer with a dubious "PC health check" program that tries to scare you into paying to "repair" your machine
Cyber criminals exploit Barack Obama in Twitter attacks(Herald Sun) Beware of tweets about Obama, the Australian Open and gun control this month - internet security experts say they're the top three buzzwords currently being used by cyber criminals to lure victims on social media. And keep an eye out for posts mentioning the Super Bowl, Playstation 4 and The Ashes, topics predicted to be popular with canny cyber crims throughout 2013
Napolitano warns of risk of major cyber attack(Newsday) Homeland Security Secretary Janet Napolitano on Thursday warned that a major cyber attack is a looming threat and could have the same sort of impact as superstorm Sandy, which knocked out electricity in a large swath of the Northeast
Security Patches, Mitigations, and Software Updates
Internet's Pace Of Innovation Will Force The Data Center To Open Up(TechCrunch) More hardware will open up — it's inevitable. Hardware in the data center is no exception. Hardware in the data center is no exception. As Tim O'Reilly said in his keynote at the Open Compute Summit, innovation in the data center is critical for keeping up with the Internet's pace of innovation. A first step is opening the hardware so people can hack it and adapt it to the data that flows at an
Survey finds most CIOs left behind in big data wave(Fierce Big Data) One can't make sense of disparate data sets if data isn't being collected in the first place. That's where 76 percent of CIOs find themselves in this new rush to perform big data analytics, lacking the data to analyze, according to a new survey by consulting firm and professional services provider Robert Half Technology
Big data overhype can't slow it down, Ovum says(Fierce Big Data) Many critics of both the terminology and the technology of big data won't like to hear this, but their negativity campaign has not slowed the big data train, according to Ovum. Market perception remains strong
Beware: The Black Hats are coming to data science(Fierce Big Data) The Internet has flourished despite the openness and foundation of loose consensus that both enables it and makes it vulnerable, said Alistair Croll, founder of Solve for Interesting and host at O'Reilly Media, in a Webcast this week. But big data is about to raise the bar of vulnerability and the more successful big data becomes, the more serious the threat to its integrity.
"Big data is the Layer 8 protocol. It is where humanity's rubber meets technology's road and it has great power, but demands great responsibility. And it presents a great deal of risk unless we do it right," Croll said
Getting out in front of the Black Hats(Fierce Big Data) There doesn't seem to be any doubt in the minds of experts, at least those who spoke on O'Reilly's Webcast this week on Data Warfare, that the Black Hats are coming. Big data needs to brace for, prepare for and try to mitigate the inevitable carpet bombing it is about to take from nefarious abusers of technology
Debt Limits, General Dynamics, & Beyond: Defense Industry Braces For Sequester(AOL Defense) While the House has voted to extend the debt limit to May, the automatic federal spending cuts called sequestration still loom $90 billion large, half that bill for the Pentagon alone. Yet, as fourth quarter earnings calls begin, the defense industry and its stock values remain remarkably resilient
TSA looking to expand analytics war chest(Government Computer News) The big data company said its "server-based and mobile investigations software" was chosen by a branch of TSA's Information Assurance & Cyber Security
Mobility stymied in Pentagon by signal dead spots(Fierce Government IT) The spread of mobile devices throughout the Pentagon can face a basic obstacle: no signal. Tom Sasala, chief technology officer for the Army Information Technology Agency, said during a Jan. 23 conference that in his underground Pentagon office, his cellphone "hits what I call about half a bar--just enough to tell it that it can connect, but not enough for it to actually do anything, so it's completely useless." He spoke at the 2013 Federal Mobile Computing Summit in Washington, D.C
Cybersecurity: the 19,413-person industry in Md. and Baltimore, in 4 graphs(Technically Baltimore) A study released Thursday that analyzed some 340,000 cybersecurity jobs at 18,000 companies across the U.S. confirmed something we already know: Maryland, and Baltimore in particular, is a cybersecurity hub. (Not to be confused with a tech startup hub.) According to the first Maryland Cyber Jobs Report, 19,413 jobs in cybersecurity exist in this state, with more than 13,000 of those in Baltimore city. As Technically Baltimore has reported, GovWin has also placed the number of cybersecurity jobs in the Baltimore region above the 13,000 mark
Belkin to acquire Cisco's home networking business(Help Net Security) Belkin has entered into an agreement to acquire Cisco's Home Networking Business Unit, including its products, technology, Linksys brand and employees. "We're very excited about this announcement"
Another Potential Suitor For RIM As Lenovo Ponders An Acquisition(TechCrunch) Research In Motion is once again the target of a rumored acquisition. Lenovo's CFO Wang Wai Ming said in an interview with Bloomberg at the World Economic Forum meeting in Davos that the Beijing company is eyeing the BlackBerry maker as a potential acquisition target or strategic alliance partner. The news comes less than a week after RIM CEO Thorsten Heins told German newspaper Die Welt
4 Ways Microsoft-Dell Deal Could Benefit IT(InformationWeek) A common question following reports that Microsoft might invest upward of $1 billion in Dell's potential deal to go private has been: What's in it for Microsoft and Dell? Their business customers -- and the IT pros that keep them up and running -- would probably rather know: What's in it for us? There should be little risk to Microsoft and Dell shops, Forrester senior analyst David Johnson predicted in an email to InformationWeek. "I don't see any negative side of this for customers of either Microsoft or Dell yet, but we'll know more should it come to fruition," he said
KPMG Appoints HHS Vet John Teeter Managing Director in its Advisory Practice(Govconwire) KPMG LLP has named John Teeter a new managing director in its advisory practice, according to a Wahington Technology article. In his new role, Teeter will be responsible for assisting clients with health IT issues and serving in the company's health and human services practice. He was associate deputy assistant secretary for IT and deputy chief information officer
Lockheed Promotes Sondra Barbour to IS&GS EVP(Govconwire) Lockheed Martin (NYSE: LMT) has promoted 26-year company veteran Sondra Barbour and 13-year company veteran Rick Ambrose to the executive vice president ranks, the company said Thursday. Effective April 1, Barbour will serve as EVP for the information systems and global solutions business unit and Ambrose will hold the same title for the space systems
Accenture to Build Defense Contract Mgmt IT System(Govconwire) Accenture's (NYSE: ACN) federal business has won an eight-month contract to design an information technology system for the Defense Contract Management Agency to mange contracting activity, the company said Thursday. The company said it will focus on analytics, work flow and streamlining reporting with the goal of helping the DCMA address reviews that require manual
Avoiding IAM's Biggest Blunder(Dark Reading) Leaving orphan accounts enabled due to poor deprovisioning processes leaves organizations open to fraud and makes it impossible to prove chain of custody. Poorly handling user accounts when people leave an organization or are fired is one of the most common and dangerous identity and access management (IAM) mistakes enterprises make today. Business process flaws, departmental silos and a lack of automation all stand in the way of streamlining this so-called deprovisioning process. And when organizations don't get a handle on the orphan accounts left behind by an ineffective deprovisioning process, they leave themselves open to fraudulent account use and a lack of visibility that will make regulatory auditors howl
SCADA Security 2.0(Dark Reading) Siemens will consider whether or not to offer a bug bounty program as security experts look at new approaches to tackling SCADA security woes. No one disputes that there's a dire need for major change in addressing serious gaping security holes in SCADA/industrial control systems (ICS) today. Frustrated with the inertia associated with blatantly insecure SCADA/ICS systems in production at power plants and other sensitive operations in the U.S. and around the globe, security experts are now rethinking how to fix the SCADA/ICS security problem
Active Defense Drives Attack Costs Up(Threatpost) While every corporate general counsel, CIO and anyone with a CISSP will tell you that hacking back against adversaries is illegal and generally a bad thing to do, there are alternatives that companies can use to gain insight into who is behind attacks, collect forensic evidence and generally confound hackers, perhaps to the point where they veer away from your network
CISO Challenges: The Build vs. Buy Problem(infosec island) In part 1 of this 2-part series we discussed a few things including when to decide whether to outsource or build in-house your security-related activities... this post continues by answering the question of what to outsource and how to know you're making the right decisions for the business... What to Build, What to BuyThe big question is what to outsource and what to keep in-house on your own expertise. While the question of when you should outsource depends heavily on talent, time, and priority, the question of what to outsource depends on 3 lightly overlapping questions
To Mark Data Privacy Day, AnchorFree CEO Offers 5 Online Privacy Tips to Protect You and Your Family(MarketWire) 11 Million Americans Are Victims of Identity Fraud Each Year; This Data Privacy Day, AnchorFree Advises How Not to Be One of Them. This Data Privacy Day on Monday, January 28th, AnchorFree is joining forces with the National Cyber Security Alliance to offer some simple tips and tools to empower consumers to protect their online privacy. "Americans are twice as likely to be victims of identity theft than they are to have their homes broken into," said David Gorodyansky, founder and CEO of AnchorFree, maker of Hotspot Shield, one of the world's most popular online privacy tools. "We spend billions every year on keeping our homes safe, yet relatively few are even aware of the growing threats they and their families face every time they go online." Every year, more than 11 million U.S. adults are victims of identity fraud
11 Body Parts Defense Researchers Will Use to Track You(Wired Danger Room) If the latest crop of biometric systems work as advertised, they may be able to identify you without you ever knowing you've been spotted, with more accuracy, and from farther away. Here are 11 projects
Data storage meets DNA(Fierce Big Data) DNA may store the blueprints for life, which is amazing itself, but it just might be used in the future to solve another huge storage problem: the world's growing output of data. In the journal Nature this week, it was reported that scientists have successfully stored and retrieved, in a fragment of DNA--with 99.9 percent accuracy--Martin Luther King Jr.'s "I Have a Dream" speech, as well as a copy of Francis Crick and James Watson's scientific paper from 1953 on the double helix DNA structure and Shakespeare's 154 sonnets
Legislation, Policy, and Regulation
Top politician slams EU cybersecurity plans(NetworkWorld) The European Commission's promised cybersecurity strategy is "incoherent and lacking in focus," a member of the European Parliament who has read a draft of the proposal charged Thursday. The Cybersecurity Strategy is due to be published in the coming weeks, but leaked draft copies have been circulating in Brussels, prompting Sophie in't Veld, a Dutch member of the European Parliament, to comment that, based on what she has read of it, "there doesn't seem to be any real strategy.""It looks like almost every Directorate General [department] in the Commission wanted to write its own bit of the strategy. It bothers me that all these different policy areas are being lumped together in one document
Cyber Security Centre funding lacks detail: Opposition(Computer World) Plans to build an Australian Cyber Security Centre (ACSC) have been slammed by the Opposition for containing few details about how the ACSC will be funded or staffed. According to Shadow Minister for Defence, Science, Technology and Personnel Stuart Robert, Prime Minister Julia Gillards announcement was more about appearances than substance."There were no details about the costs involved, required funding, how many more public servants will be hired and no indication as to who will even be responsible for running the Centre, he said in a statement.
California AG Releases Mobile App Guidelines; Industry Responds(infosec island) California Attorney General Kamala Harris released a set of recommendations titled Privacy on the Go directed toward the mobile app industry that seeks to educate the industry and promote privacy best practices. The guidelines separately address app developers, app platform providers, mobile ad networks, operating system providers, and mobile carriers. A coalition of advertising and marketing industry groups recently responded, criticizing the guidelines
Senate Democrats propose tentative cybersecurity bill(Fierce Government IT) In what may be a placeholder action, a handful of Democratic senators led by West Virginia Sen. John Rockefeller (D) introduced Jan. 22 a new bill on cybersecurity. The bill (S. 21) doesn't propose action per se but calls on the legislative branch to affirm through a "sense of Congress" a number of creeds. Among them are that there should exist mechanisms for sharing cyber threat and vulnerability information between the government and the private sector, and that the two should develop a system to "assess cyber risk and prevent, detect, and robustly respond" to attacks against critical infrastructure
Litigation, Investigation, and Law Enforcement
Pentagon Watchdog Clears Darpa in Ethics Probe(Wired Danger Room) The Pentagon's blue-sky research agency is a classic revolving door between government and business. But an ethics review finds that it's not handing out contracts in a sleazy way
Cyber-Crime Ring Targeted U.S. Bank Accounts, Feds Say(Compliancex) A cyber-crime case brought by U.S. prosecutors in New York may add to the fears of anyone who banks online. The charges against three foreign nationals a Russian, a Latvian and a Romanian allege they were involved in creating and distributing a computer virus that infected more than 40,000 computers in the United States in an effort to steal customers bank-account data and other information. The so-called Gozi virus led to the theft of unspecified millions of dollars, court documents say
Twitter ordered to identify authors of French racist tweets(IT Proportal) A French court has ruled that Twitter must hand over data about users who posted racist or anti-Semitic tweets. The social network must comply with the court's ruling "within the framework of its French site," the AFP reported."We are currently reviewing the court's decision," a Twitter spokesman said. At issue are tweets posted last fall with the hashtags #UnBonJuif (a good Jew), #SiMonFilsEstGay (if my son is gay), and #SiMaFilleRamneUnNoir (if my daughter brings home a black guy)
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
TED X Baltimore: Baltimore Rewired(Baltimore, Maryland, USA, January 25, 2013) At our TEDxBaltimore event, TEDTalks video and live speakers will combine to spark deep discussion and connection in a small group. The TED Conference provides general guidance for the TEDx program, but...
Data Privacy Day(Various locations, January 28, 2013) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, and official coordinator of Data Privacy...
tmforum Big Data Analytics Summit(Amsterdam, Netherlands, January 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates,...
North American ICS & SCADA Summit(Lake Buena Vista, Florida, USA, February 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along...
ATMiA US Conference 2013(Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.
#BSidesBOS(Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
RSA USA 2013(San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.
Nullcon Goa 2013(Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration...
TechMentor Orlando 2013(Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow...
Business Insurance Risk Management Summit(New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry...
CanSecWest 2013(Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
CTIN Digital Forensics Conference(Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
CSO40(Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley(Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry...
Cyber 1.3(, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation...
INFILTRATE 2013(Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
InfoSec World Conference & Expo 2013(Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
Infosec Southwest 2013(Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending...
Consumerization of IT in the Enterprise Conference and Expo(San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.