New cyber threats expose the limitations of legacy approaches to cyber defense: Android apps are shown vulnerable to modification in ways that don't break their digital signatures. New APT attacks camouflage themselves by using trusted cloud services as vectors. Finally, criminal organizations have begun making defense prohibitively expensive by increasing victims' analytical labor.
Legacy protective measures remain important, particularly against commodity criminal malware (witness repurposed spam and ten-dollar denial-of-service offers) but sophisticated obfuscation enables capable attackers (a growing crowd) to evade signature-based defenses.
Effective defense increasingly requires highly skilled reverse engineers, who are both relatively scarce and pricey. The future seems to lie with automating detection, analysis, and reverse engineering: compare other disruptive technological advances that make expertise available to non-experts. (Probably better for an enterprise to improve its analytical game in-house than hire those "cyber mercenaries" the UK is warning about, too.)
There are those who would forgo defense for counterattack, and tools for active defense are appearing.
Forbes questions big data's security utility—it likens the big-data approach to finding a needle-in-a-haystack by adding more hay.
PRISM fallout at week's end includes reports of cooperation with surveillance by Microsoft and Telstra. Yahoo wants FISA records opened to show its good-faith efforts to protect customers' privacy. DEFCON disinvites "Feds," which draws a decidedly mixed industry reaction. (Feds remain welcome at Black Hat.)
As US-China talks continue, US President Obama expresses "disappointment" with China's failure to extradite Snowden. Estonia's President Hendrik tells the EU, in effect, to get over PRISM.
Today's issue includes events affecting Australia, China, Egypt, Estonia, European Union, France, Germany, Pakistan, Russia, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Researchers find another Android attack that can get past signature checks(CSO) The vulnerability allows attackers to modify legitimate Android apps without breaking their digital signatures. A second vulnerability that can be exploited to modify legitimate Android apps without breaking their digital signatures has been identified and publicly documented. Technical details about the vulnerability were published Wednesday by a security researcher in a Chinese language blog post. The flaw is different from the so-called "masterkey" vulnerability announced last Wednesday by researchers from mobile security firm Bluebox Security, though both allows attackers to inject malicious code into digitally signed Android application packages (APKs) without breaking their signatures
Dropbox, WordPress Used As Cloud Cover In New APT Attacks(Dark Reading) Cyberespionage group behind hacks of The New York Times and other media outlets discovered using popular services as camouflage. The cyberespionage gang out of China who recently hacked into media outlet networks is now using Dropbox and WordPress in its attacks rather than via traditional email phishing attacks and server compromise, new research has found
6 Pakistani Ministry Websites Hacked by Afghan Cyber Army(HackRead) A group of hackers claiming to have roots in Afghanistan going with the handle of Afghan Cyber Army has hacked and defaced six high profile ministries of government of Pakistan. Hackers left their deface page along with a message against Pakistan against alleged involvement of Pakistani authorities in recent suicide bombings in Kabul, Afghanistan
Report: Email account of former CIO of intelligence agency hacked(SC Magazine) The former deputy CIO tasked with managing the U.S. Department of Defense's foreign military intelligence efforts has had his personal email account hacked, according to Gawker. Roy Apseloff, who before retiring last month also carried the title of vice deputy director for information management for the Defense Intelligence Agency (DIA), was reportedly exposed by "Guccifer," a hacker who has claimed to have previously hijacked the email accounts of the Bush family in February
Telltale signs of ATM skimming(IT World) ATM skimming schemes involve installing fraudulent equipment that criminals use to steal credit and debit card numbers and PINs. Industry estimates calculate that ATM fraud costs banks and consumers billions of dollars annually. Here are a few things to look for the next time you need
Security Patches, Mitigations, and Software Updates
Is it Time to Add Vulnerability Wednesday?(TrendLabs Security Intelligence Blog) By now, you've likely seen Google's announcement that they now support a seven-day timeline for disclosure of critical vulnerabilities. Our CTO Raimund Genes believes that seven days is pretty aggressive and that rushing patches often leads to painful collateral damage
Infographic: Is your information safe?(Help Net Security) ID Experts released an infographic that provides a snapshot of identity theft and data breach over the last decade. Click on the image below to see the large version
Cybersecurity of World Aviation a Major Focus of AIAA AVIATION 2013(Wall Street Journal) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12--14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise…The panel discussion "The Connectivity and Cyber Security Challenge," at 1:30 p.m. on August 13, will discuss the challenges presented in aviation security systems, resources against cyber attack, and how players in the enterprise can move to safeguard their vital systems now, rather than after a successful cyber attack. Panelists will be: Paul Kurtz, chief strategy officer, CyberPoint International; Michael K. Sinnett, vice president and chief project engineer, 787 program, The Boeing Company; Dominic Nessi, deputy executive director and chief information officer, Los Angeles World Airports; Larry Castro, managing director, Chertoff Group, LLC; and Peter Andres, vice president, corporate security, Deutsche Lufthansa AG
What your insurance company is doing with your private data(FierceBigData) One of the scariest bugaboos feared lurking under the big data bed is what insurers will do when they find out what you've really been up to. Maybe they'll increase your premiums or cancel your policy if they discover how many Big Macs you bought this week. Or maybe you bought three glasses of wine with dinner or a case of beer for the weekend. How much booze is too much in the eyes of your insurer anyway
OpenStack's Hong Kong summit could be effort to keep China from going rogue(IT World) Fragmentation is often a threat with technologies that take off in China. The OpenStack Foundation may have good reason to host its next summit in Hong Kong, and not just because OpenStack is growing in popularity in China. The foundation could hope that basing the summit in Hong Kong might draw contributors into the fold so that they don't splinter
Hackers Back Away From Relationship With The Feds(Washington Times) DefCon, the biggest annual U.S. conference for computer hackers, last year featured the director of the National Security Agency as its keynote speaker and his agency operated a kiosk, where it handed out tchotchkes, brochures and job applications. DefCon founder Jeff Moss says law enforcement and intelligence officials should stay away this year
Secure Ideas will not be presenting at DEF CON this year(Secure Ideas Blog) James Jardine and I were accepted to present at DEF CON 21 in Las Vegas this year on attacking SharePoint. For 21 years DEF CON has been a very respected organization and the opportunity to present is only given to a small number of people. We were honored to be chosen to speak there again and hope to be able to in the future
Here are the Microsoft execs who benefit most from today's huge reorg(VentureBeat) Microsoft's biggest corporate restructuring ever, announced this morning by CEO Steve Ballmer, has put the company's fate in the hands of a few executives. (If this were Game of Thrones, they'd be the people on the Small Council table deciding the affairs of the kingdom.
Report Indicates More Extensive Cooperation By Microsoft On Surveillance(New York Times) Microsoft has collaborated with the National Security Agency more extensively than it previously acknowledged, providing the spy agency with up-to-date access to its customer data whenever the company changes its encryption and related software technology, according to a new report based on disclosures by the former N.S.A. contractor Edward J. Snowden
Booz VP McConnell: Snowden has done 'irrevocable damage'(Federal Times) Former Booz Allen Hamilton employee Edward Snowden has done "irrevocable damage" that will blunt the ability of the U.S. to stop terrorism, the consulting giant's vice president and former director of national intelligence Mike McConnell told a
Law Enforcement Cooperation And Trend Micro(TrendLabs Security Intelligence Blog) Recently, Trend Micro and INTERPOL announced that Trend Micro will help train law enforcement personnel from participating countries all over the world to help them cope with today's cybercrime threats. We are honored to help INTERPOL in its fight against cybercrime; this is completely in line with our vision of creating "A World Safe for Exchanging Digital Information"
Billionaire Icahn Says He'll Sweeten Dell Offer With Warrant(Bloomberg) Billionaire Investor Carl Icahn, who holds an 8.7 percent stake in Dell Inc., has been agitating for months to try to force Dell Chairman Michael Dell and buyout partner Silver Lake Management LLC to sweeten their proposal. Billionaire investor Carl Icahn, in a bid to force Michael Dell to sweeten his $24.4 billion buyout proposal for Dell Inc. (DELL), said he'll increase his offer for the PC maker by this morning by adding a warrant
SaaS enhanced mobile device security(Help Net Security) Sophos announced Sophos Mobile Control 3.5, the latest version of its mobile device management (MDM) solution. Available both on-premise and as-a-service, Sophos Mobile Control enables small
EMC releases array of new products(Help Net Security) EMC announced new hardware and software products that enable customers to deploy new Protection Storage Architectures that address today's and tomorrow's data protection challenges
Oceus Unveils Mobile Network Mgmt Software Update(The New New Internet) Oceus Networks has updated its network management software portfolio for customers that aim to securely manage wireless infrastructure in remote and hostile areas or emergency response situations
Building Threat Intelligence to Detect APTs in Lateral Movement(TrendMicro Security Intelligence Blog) A later stage of advanced persistent threats (APT) attacks is the "lateral movement" stage, where attackers typically use legitimate computer features to move within the network undetected. This takes place after the initial breach and the establishment of command-and-control links back to the attacker. We earlier discussed the steps in an APT attack in the infographic, Connecting the APT Dots
Fixing infosec 1: Eric Cowperthwaite on building better business connections(FierceITSecurity) Is IT security failing at its mission to keep enterprise data safe? It's a debatable question--but it would be much harder to make a successful argument that IT security is winning the fight to keep information and systems secure. Bugs and breaches abound; effective employee communication is a challenge; IT risk management is still immature
It Just Got a Whole Lot Easier to Fund Your Startup(Wired) New rules from the SEC blow the venture capital process wide open, allowing startups to seek out money in a public fashion for the first time. Slowly but surely, the startup funding pipeline is transforming from old boys club into
Better late than never: Russia to get cyber troops(RBTH Asia) He said the new service's key tasks would include monitoring and processing information coming from the outside, as well as countering cyber threats, "in other words, something along the lines of the United States Army Cyber Command." Officers
Reconciling Privacy and Security Post-Snowden(Time) The Privacy and Civil Liberties Oversight Board, an independent federal agency examining whether U.S. intelligence gathering is too intrusive, held a public workshop on Tuesday in Washington with experts, academics and advocacy organizations. The purpose: to respond to revelations of the government's controversial collection of phone and Internet records, and to recommend what, if any, changes should be made
Intelligence: The Practical Case Against The NSA's Big Data(Forbes) "We should soon be able to keep track of most activities on the surface of the earth, day or night, in good weather or bad." Those words weren't written yesterday by someone at the NSA. They were written by Stansfield Turner, a former head of the CIA, in 1986. They show that electronic tracking – and the hubris that accompanies the possession of high technology – have always been part of the US Intelligence Community
Could The US Government Go Dark? Digital Defense And The White House(Business2Community) During a targeted cyber attack, government agencies go dark. Mission-critical data is inaccessible. Personal information of millions of U.S. citizens is exposed. Communications are cut off. The White House is literally and figuratively in the dark. It's like something out of a summer movie blockbuster, but could it happen in real life? It's not so far-fetched
Estonia says Europe overreacted to US cyber spying(Cyberwarzone) Europeans have overreacted to allegations that the United States had been snooping on them and vacuuming up huge amounts of phone and Internet data, cyber-savvy Estonia said in an interview published Thursday
Litigation, Investigation, and Law Enforcement
US 'Very Disappointed' with China on Snowden(SecurityWeek) The United States told China it was upset it did not hand over US intelligence leaker Edward Snowden after he fled to Hong Kong, saying that the decision had undermined relations. President Barack Obama, meeting senior Chinese officials who were in Washington for annual wide-ranging talks, "expressed his disappointment and concern" over the Snowden case, the White House said in a statement Thursday
Review Of Snowden Said To Focus On Foreign Espionage(Washington Post) A National Security Agency internal review of damage caused by the former contractor Edward Snowden has focused on a particular area of concern: the possibility that he gained access to sensitive files that outline espionage operations against Chinese leaders and other critical targets, according to people familiar with aspects of the assessment.
Federal Background Checks Faked by Some Investigators(Businessweek) The investigators who conduct background checks on prospective government hires requiring a security clearance—like the one National Security Agency leaker Edward Snowden had—are supposed to cast a wide net. They comb through an applicant's
French lawsuit targets NSA, FBI, tech firms over Prism(Reuters) Two French human rights groups filed a legal complaint on Thursday targeting the U.S. National Security Agency, the FBI and seven technology companies they say may have helped the United States snoop on French citizens' emails and
Two cases could disrupt FTC's data security authority(SC Magazine) It is commonly said that all businesses should expect to be breached at one point or another. And after that, the Federal Trade Commission (FTC) could come knocking. But hotelier Wyndham Worldwide and medical testing provider LabMD are two companies that are pushing back against separate investigations launched by the consumer protection agency, which asserts that the two companies experienced data breaches that exposed sensitive client information. The results of the cases could decide whether the FTC can continue to punish companies that have been breached
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Third Annual SINET™Innovation Summit(New York, New York, USA, August 6, 2013) SINET™, the premiere community builder and innovation catalyst for the Cybersecurity industry hosts their third annual Innovation Summit at Columbia University on August 6th. SINET programs are where the...
SANS CyberCon Fall 2013(Online, September 9 - 14, 2013) With sequestration still in place, organizations are finding themselves with training budgets, but drastically reduced travel budgets. This one-of-a-kind online training event brings SANS' top instructors...
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
3rd Cybersecurity Framework for Critical Infrastructure Workshop(San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.