McAfee attributes Operation Troy to two hacking groups, but demurely stops short of calling it a state-sponsored campaign against South Korean and US targets. The long-running cyber espionage effort (formerly called "Dark Seoul") teaches at least two lessons: the likelihood of distributed-denial-of-service attacks covering spy operations, and the extent to which apparent hacktivists can be sock puppets for intelligence services.
Al Arabiya has been under nuisance cyber attack since Egypt's coup d'état. Konami suffers login attacks similar to those affecting Nintendo. Some fairly obvious spam makes itself obnoxious but does little serious damage. Hackers compromise personal data in Michigan and California. Sloppy practices at the IRS expose tens of thousands of social security numbers.
British officials are unusually forthcoming with information concerning cyber attacks thwarted during last year's London Olympics. HM Government credits effective electronic surveillance with fending off the attacks.
Bitdefender warns that many free iOS and Android apps amount to spyware.
Apache, Adobe, and Microsoft all published security patches this week.
US Emergency Alert System vulnerabilities (which, by the way, may have been responsible for the notorious "zombie apocalypse" broadcast earlier this year) point out the extensive attack surface network devices present.
In industry news, US hosting firms continue to see customers shy away in fear of PRISM. Swiss and Dutch companies are among the beneficiaries of incipient customer flight.
As Edward Snowden figures out how to reach Venezuela, Latin American countries complain of NSA surveillance. Sino-American negotiations open this week with US complaints of cyber industrial espionage.
Today's issue includes events affecting Bosnia, Brazil, China, Costa Rica, Croatia, Egypt, European Union, Macedonia, Netherlands, Pakistan, Philippines, Russia, Serbia, Slovenia, Switzerland, United Kingdom, United States, and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
Cyberspies Posing As Hacktivists Waged Cyberattacks To Steal South Korean, U.S. Military Intel(Dark Seoul) Attackers long have used distributed denial-of-service (DDoS) attacks as cover for more nefarious hacking activity. But turns out the recent high-profile DDoS and data destruction attacks on major South Korean banks, media outlets, and other entities was also a glaring example of such subterfuge, as cyberespionage actors posed as hacktivists knocking websites offline and wiping hard drives--while in the background quietly stealing military secrets about South Korea and the U.S
Dissecting Operation Troy: Cyberespionage in South Korea(McAfee) South Korea was hit by a major cyberattack on March 20, 2013, at 2:00 pm local time. This cyberattack caused a significant amount of damage to the affected organizations by wiping the hard drives of tens of thousands of computers. McAfee Labs research provides further insight into the likely source of these attacks. Though not definitive, our analysis provides a much clearer picture. The research also indicates that there may have been two distinct groups, attacking different targets
"Google account hacked" text scam puzzles researchers(Help Net Security) A curious spamming campaign continues to target Google users via their mobile phones, and researchers still don't know what it actually does. First spotted back in March, bogus Google messages warn potential victims that their account has been hacked and asks them to send a message to that number when they are ready to verify their accounts
'Priyanka' yanks your WhatsApp contact chain on Android mobes(The Register) If that really is your name, nobody wants to know you right now. A worm spreading through the popular WhatsApp messenging platform across Android devices is likely to cause plenty of confusion, even though it doesn't cause much harm
California Bureau of Automotive Repair Admits Security Breach(eSecurity Planet) Smog check stations' bank account information may have been accessed. The California Bureau of Automotive Repair recently began notifying several California smog check station owners that their bank account numbers and bank routing numbers may have been accessed by an unauthorized individual
Morningstar Provides (some) Information About Breach(Infosecurity Magazine) Morningstar Inc, an investment research firm, has disclosed a breach that compromised 2300 credit card details and possibly 182,000 user names and passwords; but the company has provided little additional information
Government reveals cyber-attack alarm leading up to London Olympics(Infosecurity Magazine) When the NSA's surveillance program was first revealed by Edward Snowden last week, initial reaction was that it was a US issue. But with the realization that the greater part of the world's internet traffic is at some point routed via the US, the
Could a terrorist cyber attack set off World War 3?(Mirror.co.uk) That is the terrifying question faced by the West's intelligence agencies every day, and it was thrown into sharp relief by yesterday's revelation that Islamist terrorists attempted a cyber attack on the London Olympics. They planned to disrupt the
No wonder China is worried about Android--the NSA helped write its source code(Quartz) Google's Android smartphone operating system uses source code contributed by the US National Security Agency. Especially in the post-Edward Snowden era, that's a red flag for Beijing, and helps to explains why China has been so eager to encourage the growth of non-Android smartphones within its borders
Google Android Vs. Apple iOS: The Mobile App Privacy War(Dark Reading) Using their Clueful app, researchers at BitDefender examined how apps for Android and Apple's iOS treated private data such as location information and contact lists. What they found may seem startling - of the 207,843 free applications for iOS
Free apps dubbed the "modern equivalent of spyware"(ITProPortal) Internet security firm Bitdefender has warned that the advertising framework used by free mobile apps is turning the software into the "modern equivalent of spyware" that can monitor users throughout the day. The company made the conclusion after
Who's Behind The Styx-Crypt Exploit Pack?(Krebs on Security) Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, I'll be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service
McAfee notes examples of organized cyber criminal services(SC Magazine) An interested consumer of cyber crime is not that different than, say, someone who wants to build a pool in their backyard. Rather than dig the hole themselves and fill it with water and chlorine, it's much easier to hire someone to do the work for them
What will it take to get you into a nice exploit kit?(FierceITSecurity) Cybercriminals are no longer lurking in the Internet shadows and hawking their wares in underground forums. They have come out in the open, advertising their exploit kits as "stress-test platforms," observed security researcher Brian Krebs on his Krebs on Security blog
Security Patches, Mitigations, and Software Updates
Adobe, Microsoft Release Critical Updates(Krebs on Security) Patch Tuesday is upon us once again. Adobe today pushed out security fixes for its Flash and Shockwave media players. Separately, Microsoft released seven patch bundles addressing at least 34 vulnerabilities in Microsoft Windows and other software. At least one of the Windows flaws is already being exploited in active attacks
Adobe Security Bulletins Posted(Adobe PSIRT Blog) Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com. Today, we released the following Security Bulletins
Microsoft Security Bulletin Summary for July 2013(Microsoft Security TechCenter) This bulletin summary lists security bulletins released for July 2013. With the release of the security bulletins for July 2013, this bulletin summary replaces the bulletin advance notification originally issued July 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification
Cyber attacks hit 68% of Brazilian, Mexican firms - Kaspersky(Business News Americas) The business development service focuses on major projects, active companies, such as Kaspersky Lab; and business and sales contacts, providing networking opportunities with leading executives throughout Latin America. Tweet. To continue reading, take
More needs to be done to protect network devices(FierceCIO: TechWatch) Network devices are increasingly coming under attack, as the U.S. Emergency Alert System was found this week to be vulnerable to hijacking by remote attackers. In this case, application servers used to receive the emergency broadcast messages could be accessed by unauthorized users over the Internet--the result of improper SSH encryption key management--which inadvertently exposed it to the public
Searching for health info online? Beware of tracking(FierceHealthIT) There's yet another health privacy threat to worry about--health websites--as they share user search terms for advertising purposes, according to an article published online this week in JAMA Internal Medicine
Security dangers in big data mining(FierceBigData) The only time security is at the forefront in a big data project appears to be when the project is about security. Otherwise, security is most often an afterthought or done poorly. On the security front, big data projects are proving incredibly advantageous for security organizations, such as the NSA, and protection industries, such as the anti-virus, anti-malware producers. An example of how well these types of projects have done to affect security can be found in an eWeek article describing the big data visualizations from Japan's National Institute of Information and Communications Technology and its Daedalus Cyber-attack alert system
Europe Wants To Put $32B Into Reviving Its Hardware And Electronics Industries(TechCrunch) Europe has been focusing for a while on trying to revive its flagging hardware and manufacturing industries, and today the European Commission decided to put its money where its mouth is. It's proposing a new investment package worth ?25 billion ($32 billion) over the next seven years to drive more production and innovation in the areas of electronic components and systems design, including
Secunia and VLC Get into Argument over Vulnerability(Softpedia) Secunia has decided to stop all collaboration with VLC and publish all VLC vulnerabilities as soon as they're found. The decision comes after the two sides got into an argument over the details of a vulnerability. According to Secunia, security researcher Kaveh Ghaemmaghami has identified a vulnerability in VLC 2.0.4 and has published its details on the Full Disclosure mailing list. He believed the vulnerability was a buffer overflow issue when parsing SWF files
Dell buyout drama far from over(FierceFinance) So is Michael Dell inching closer to winning over shareholders in his bid to take his company private? He would appear to have some momentum. Following the news that Institutional Shareholder Services (ISS) had thrown his heft behind the founder's offer, two other proxy advisory firms did so as well. Glass Lewis and Egan Jones publically stated their support of the deal, advising shareholders to vote in favor of it at the July 18 special vote
Equifax acquires TrustedID(Help Net Security) Equifax has acquired TrustedID, which will become part of Equifax Personal Solutions, Equifax's direct-to-consumer business unit offering credit monitoring and identity protection solutions
PRISM Sends Swiss Hosting Companies a Windfall(Infosecurity Magazine) In the wake of the Operation PRISM revelations, some are saying that they're benefitting from corporate privacy fears. Swiss data hosting company Artmotion says that it has witnessed 45% growth in revenue since the US surveillance program was exposed
The Netherlands — land of data centers(LeaseWeb) When you would ask an average EU citizen how the Internet works and where most websites and cloud services are hosted, most people will mention the U.S. as the main source of Internet technologies and services. And when you would ask an EU politician about the Internet, his or her first emerging thought would be a concern about taps, privacy, or cybercrime
Lynn Martin Appointed VMware Public Sector Group Head(GovConWire) Lynn Martin, who joined VMware (NYSE: VMW) last year, has been appointed vice president of the U.S. public sector group. Martin will oversee a team responsible for helping federal, state, local and education customers adopt cloud computing and virtualization technology, VMware said Monday
Products, Services, and Solutions
Super-scalable LDAP directory driven by big data(Help Net Security) Radiant Logic announced a commercial solution for distributed storage and processing for enterprise identity management. Based on Hadoop, this new highly-available version of the LDAP directory
Audit privileged access to Microsoft Online Services(Help Net Security) Xceedium announced Xsuite will include protection for Office 365, Exchange, Lync, and SharePoint. The additional protection for Microsoft online services complements Xsuite's existing hybrid-cloud security
SafeNet offers new cryptographic hypervisor for cloud migration(Infosecurity Magazine) Ushering in what it calls a "new era of elastic encryption", Maryland-based SafeNet has announced it is now offering what it believes is the world's first crypto hypervisor for multi-tenant, high-assurance key vaulting for cloud migration
Watchful's Advanced Information Protection Suite Is Integral in Three-Way Global Alliance to Protect Critical SAP-Based Information(Wall Street Journal) Watchful Software, a leading provider of data-centric information security solutions, will feature live demonstrations of its award-winning cybersecurity technologies at the Microsoft Worldwide Partner Conference (WPC) 2013 this week, July 8-11. The company will showcase how RightsWATCH and TypeWATCH prevent sensitive data from being disclosed inadvertently and unauthorized users from accessing your systems. Watchful Software is also announcing a global collaboration with SECUDE and Foxit Corporation to offer enterprises running on SAP a powerful end-to-end approach to protect business critical information regardless of its form or location
Controlling The Big 7(Dark Reading) With limited resources, funding, and expertise, focusing on protecting the Big 7 applications will enable security professionals to reduce a large portion of their attack surface
How to Make Your Sandbox Smarter(RSA) Sandboxes are a great tool with two primary uses: A tool to assist malware analyst during their analysis and A first line security tool for Tier 1/Level 1 (T1/L1) analysts to help determine if a file exhibits malicious behavior and to rate the severity of an incident
Relying on Threat Actor Behavior Profiles Alone is a Great Way to get an Unwelcomed Outcome…(SecurityWeek) Over the past year, the buzz around tracking threat actors has been growing and in my opinion hitting the height of the hype cycle. I have had many conversations and debates with friends, colleagues and customers around what the industry is trying to accomplish by associating activity back to a specific cyber threat actor or actor group. I will share these thoughts and perspectives, but prior let us look at where the use of "threat actors" with reference to cyber originated
What Unix can teach you about big data(IT World) Big data may be a tech buzzword of the moment, but Unix admins who need to hunt through logs to figure out what's going with their systems have been grappling with huge data sets for decades. Here are tips on command-line tools and techniques that can make sense of seemingly overwhelming data sets
Preventing Data Theft from Lost or Stolen Devices on Vacation(Kaspersky Labs) If there's one group of people who love vacation more than the vacationers themselves, its thieves. Tourists and travelers have always made easy marks for criminals, but now that everyone has — and travels with — smartphones and tablets, they are even more lucrative targets
Selecting a cloud provider starts with exit planning(Help Net Security) Let's begin with a story: The first day of the new week started very ordinarily and nothing indicated this was going to be a very long and tiring day for Sarah, a CIO of a large HR agency "Jobs Are Us". After she finished her breakfast, she headed to the office to attend the CEO staff meeting at 9am. Such meetings have been stifling, almost bordering on boring, but that was not going to repeat itself today
Why data encryption may not always help(FierceCIO: TechWatch) The use of encryption has long been hailed as a way for businesses to secure their data for use in risky locations, such as in the cloud and elsewhere. While encrypting data is definitely better than not encrypting it, companies need to know that encryption doesn't magically make it invulnerable
NIST Seeks Guidance on Incident Response and Forensics(Threatpost) The federal government is looking for some help in figuring out how to respond to security incidents. As attacks continue to escalate against both government agencies and private enterprises, NIST is developing a set of standards for best practices in incident response and computer forensics
Below The Application: The High Risk Of Low-Level Threats(Dark Reading) In-memory attacks and rootkits may hit your systems below the OS. Here are some tips to help your defense. In all of the publicity around application attacks, cloud security and virtualization, many experts in the security field have let lower-level, more direct system attacks fall by the wayside. While there may be a reason to relax a little, given the huge leaps forward in network and computer system security, there are many good reasons to continue to pay special attention to these types of attacks
In the Public Cloud Era, Is Your Organization Keeping its Data out of Harm's Way?(SecurityWeek) In the era of the public cloud, when employees (aka insiders) are frequently using consumerized applications such as Dropbox, Box and Google Drive to share and store data, security and risk professionals are at a tipping point. It is time for them to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself
Design and Innovation
Qualcomm: We need more standards to unlock the potential of "digital sixth sense"(VentureBeat) Our smartphones and tablets are filled with a slew of sensors -- things like gyroscopes, light sensors, and GPS -- but for the most part, they're all treated differently within every mobile platform. That makes it tough for developers to utilize those sensors, compared to standards-driven technology like Bluetooth
Watch Out For The Balkans(TechCrunch) We're fifty kilometers outside of Ljubljana, Slovenia, in Bled Castle, overlooking a clear blue mountain lake, a set of gilded clouds scudding overhead and the sun is shining bright over miles of untrammeled forests. On the water below tiny swimmers look as if they're floating in thin air, arms and legs swinging, making ripples in something invisible
Google patent: Background noise from phone calls could be used to target ads(GeekWire) You're attending a baseball game and call Google's 411 service for information about a nearby restaurant. The cheers of the crowd and the sounds of the announcer are picked up by your phone. Google's system analyzes the background noise, takes into account your location, determines that you're at a ballgame and delivers related ads or links to your phone with sports scores and news
$3000 cyber security course for free(Whatech) IT Masters and Charles Sturt University are offering, free, a six week online course designed to prepare students for the Certified Information Systems Security Professional (CISSP) Security Certification that is comparable to other online courses that can cost up to $3800
Filipino wins in Kaspersky Lab contest(Rappler) A student from the University of the Philippines Diliman wowed the judges of Kaspersky Lab's international youth competition, "Cyber Security for the Next Generation (CSNG) 2013" held in London last June
Snowden's Leaks Puts National Security Agency In A Bind(NPR) It's been four weeks since Edward Snowden leaked secrets about government surveillance. On Monday, The Guardian newspaper released more of an interview with Snowden. His actions have stirred up a lots of issues for the National Security Agency
5 stubborn leak myths(Politico) The continuing saga of former National Security Agency contractor Edward Snowden -- along with revelations of aggressive Justice Department prying into reporting by The Associated Press and Fox News -- has resulted in a string of congressional hearings
Privacy advocates call on government to rein in NSA(PCWorld) A U.S. government board focused on privacy and civil rights should push Congress to rein in the National Security Agency's mass collection of telephone records and Internet communications, privacy advocates said Tuesday. The U.S. Privacy and Civil
NSA ''spied' on most Latin American nations: Brazil paper(Reuters) The U.S. National Security Agency has targeted most Latin American countries in its spying programs, with Colombia, Venezuela, Brazil and Mexico ranking among those of highest priority for the U.S. intelligence agency, a leading
Parliament and Civil Liberties Respond to NSA Surveillance(Infosecurity Magazine) While national executives, including the EU's executive (the European Commission) seem intent on downplaying the impact of the NSA's PRISM program (possibly because there is increasing evidence that the majority of larger European states are either involved with the NSA or have their own 'prism projects'), parliamentarians and civil liberties groups are being more proactive
IAEA Member Countries Facing Cyber Threats, Agency should do more, Says Iran(SPAMFighter) Iran has indicated to IAEA (International Atomic Energy Agency) a world establishment, which caters to maintaining nuclear energy usage in a peaceful manner, to do more for tackling cyber assault threats lurking on nuclear plants installed in countries that are members of the agency, published tehrantimes.com in news on July 2, 2013
Iranian PRISM revealed(Cyberwarzone) Yes - you are reading it right. Iran has its own PRISM program that allows the Iranian government to track each step that is made in the Iranian domain but it is not limited to the Iranian domain
Network neutrality key to health information exchange(FierceHealthIT) Network neutrality is central to planning for health information exchange, and potential regulation has implications for healthcare providers that use or provide services, according to research published at the Journal of the American Medical Informatics Association
Commission report wants action against agencies, ISI(International News) The Abbottabad Commission report has strongly criticised Pakistan's intelligence agencies for their failure in detecting Osama bin Laden (OBL) in the country for nine years, urging the political leadership to institute a mechanism for proper accountability of the agencies including the premier intelligence agency ISI
Litigation, Investigation, and Law Enforcement
Snowden Seen as Whistle-Blower by Majority in New Poll(Bloomberg) A majority of U.S. registered voters consider Edward Snowden a whistle-blower, not a traitor, and a plurality says government anti-terrorism efforts have gone too far in restricting civil liberties, a poll released today shows
Snowden Agrees to Asylum in Venezuela: Top Lawmaker(SecurityWeek) Fugitive US intelligence leaker Edward Snowden, who has been holed up in a Moscow airport for more than two weeks, has agreed to an offer of asylum from Venezuela, a top Russian lawmaker said on Twitter on Tuesday before removing the post
Witness: No Harm To US From Leaked Gitmo Files(Yahoo.com) Secret threat assessments of Guantanamo Bay detainees that Pfc. Bradley Manning gave to WikiLeaks did not harm national security, a former chief prosecutor at the U.S. detention facility in Cuba testified Tuesday
AIAA Aviation 2013(Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...
cybergamut Technical Tuesday: Malware Analysis for the Masses(Columbia, Maryland, USA, September 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With...
Digital Forensics and Incident Response Summit(Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
3rd Cybersecurity Framework for Critical Infrastructure Workshop(San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...
cybergamut Technical Tuesday: Remote Digital Forensics(Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information...
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.