skip navigation

More signal. Less noise.

Daily briefing.

LulzSec reappears, post-Sabu, to deface Peruvian government sites in protest against Peru's use of Level 3 hosting services (in LulzSec's mind an NSA cat's paw). Israel's Knesset successfully defends itself from cyber attack (possibly one inspired by Iran).

Spam-distributed malware, attacks on game makers, and spoof Twitter accounts highlight current threats. Researchers demonstrate a vulnerability in Verizon network extenders (Verizon says it's closed this particular hole). TrendMicro reports finding an unusual attack in the wild: a file infector with an unusual information theft routine.

InformationWeek wonders at the patch cycle, and asks why software vendors can't be as quick as Pwn2Own.

BAE sees coming consolidation in the cyber sector driven by increasingly stringent and sophisticated customer requirements—less capable firms will disappear; niche companies will be acquired.

The PRISM affair continues to give US businesses headaches. LulzSecPeru's animus against Level 3 is a minor but telling episode. Silicon Valley generally is worried about perceptions that it's too close to NSA. There are signs of a shifting labor market as well—US cyber talent may be shying away from Government employment. (Contrast Europe, where security services see an apparently PRISM-driven upswing in job applicants.)

The leaks continue to have diplomatic ramifications. Observers see them as a shot-in-the-arm for (US-opposed) efforts at national Internet controls. Germany's government receives criticism as Bild reports on its alleged cooperation with NSA.

None of this has softened the US line toward Chinese cyber operations, as the House considers extending security-motivated restrictions on acquisition of Chinese hardware.

Notes.

Today's issue includes events affecting Brazil, Bolivia, Brunei Darussalam, Cambodia, Canada, China, Cuba, Ecuador, European Union, Germany, Israel, Italy, Indonesia, Japan, Laos, Malaysia, Malta, Mexico, Myanmar, Nicaragua, Peru, Philippines, Russia, Singapore, Turkey, Thailand, United Kingdom, United States, Venezuela, and Viet Nam..

Cyber Attacks, Threats, and Vulnerabilities

LulzSecPeru defaces, leaks data of Peru's government portals for using NSA's backed hosting service (Hack Read) LulzSecPeru known as one of the most skilled online hackavists are back, this time by the hackers have hacked and defaced the government of Peru's Citizen Service Portal for using hosting services of Global Crossing's server (now known as Level 3 Communications) that allegedly provides personal information of site's users to American's National Security Agency (NSA)

Knesset stymies major cyber attack (The Times of Israel) The Knesset successfully fended off a severe cyber attack on the parliament's computer system Sunday night, a spokesman said. According to Yotam Yakir, all the attacks were countered by the Knesset cybersecurity staff, with the assistance of other experts

New Zero-Day Attack Copies Earlier Flash Exploitation (NcAfee) Late on July 10, Microsoft released a blog post disclosing that they were aware of a zero-day attack in the wild. This attack exploits a previously unpatched

Android Malware: Separating Reality from Hype (eSecurity Planet) Reports of Android malware are rampant. Should enterprises be worried? You don't have to look hard to find ominous stories about malware on the Android platform. The exact numbers may change, but somewhere north of 90 percent of mobile malware has been found to target

JAVA_EXPLOIT.ZC (TrendLabs Security Intelligence Blog) This is a malicious applet that downloads and executes a file infector detected as PE_EXPIRO.JX-O. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below

File Infector EXPIRO Hits US, Steals FTP Credentials (TrendLabs Security Intelligence Blog) An unusual attack has been spotted in the wild, using an unexpected combination of threats. This attack used exploit kits (in particular Java and PDF exploits) to deliver file infectors onto vulnerable systems. Interestingly, these file infectors have information theft routines, which is a behavior not usually found among file infectors. These malware are part of PE_EXPIRO family, file infectors that was first spotted spotted in 2010. In addition to standard file infection routines, the variants seen in this attack also have information theft routines, an uncommon routine for file infectors. The infection chain goes something like this

Dramatic increase in phishing scams as criminals target Apple IDs (Muscat Daily) Kaspersky Lab recently published a report that analysed increase in cyber criminal campaigns to steal users' Apple IDs and account information by creating fraudulent phishing sites that imitate the official Apple site. Cyber criminals

Tens of thousands of spamvertised emails lead to the Win32/PrimeCasino PUA (Potentially Unwanted Application) (Webroot Threat Blog) Looking for legitimate online gambling services? You may want to skip the rogue online casinos that I'll highlight in this post. Over the past few days, we intercepted multiple spam campaigns launched by the same party, enticing users into downloading fake online casinos most commonly known as the Win32/PrimeCasino/Win32/Casonline PUA (Potentially Unwanted Application)

Thousand of Konami and Bohemia Interactive accounts affected by cyber-attack (GameDynamo) It is definitely worrying that several gamemakers have been hit by cyber-attacks this month, and that the attacks don't seem to be stopping. Following reports of hackers breaking into Ubisoft's website and Nintendo's Club Nintendo site, Konami has

British PM Links to Spoof Twitter Account (Cyberwarzone) British Prime Minister David Cameron fell victim to a Twitter spoof on Monday when he sent a message linked to a fake account that lampoons the government and portrays ministers as a privileged elite

Go ahead, Asia, have a look in your Dropbox… We DARE you — hackers (The Register) 10-country trade group targeted by NYT hacking crew, claim researchers. The Chinese hacking crew that made headlines worldwide after a high-profile series of attacks against the New York Times last year has returned with assaults against South East Asia, at least according to threat intelligence firm Cyber Squared

Unusual Facebook spam campaign delivers malicious Macros (Help Net Security) A bizarre spam / malware delivery campaign is currently targeting Facebook users. It starts with the offer to see a video of a girl performing a salacious act - and this is the first and only

Turkish hackers Leak 40K Accounts Data From Sony Italy (Cyberwarzone) Maxney, a hacker of the Turkish Ajan group, has announced another attack against a high-profile company. They have leaked over 40,000 records allegedly belonging to Sony Italy customers

Hacked Verizon device Mobile Spy Station (Cyberwarzone) Two security experts said they have figured out how to spy on Verizon Wireless mobile phone customers by hacking into devices the U.S. carrier sells to boost wireless signals indoors

How Hackers Tapped Into My Cellphone For Less Than $300 (Cyberwarzone) In the wake of the National Security Agency cyber-spying revelations, you may be worrying about the government keeping track of your digital life. But, for less than $300, a group of ordinary hackers found a way to tap right into Verizon cellphones

Japanese government accidentally shares internal mails over Google Groups (PCWorld) A Japanese ministry is conducting an internal investigation after a Google Groups account used for international treaty negotiations was left on its default, publicly viewable settings

Security Patches, Mitigations, and Software Updates

Overcome The Microsoft Mindset: Patch Faster (InformationWeek) Why can't vendors patch every critical bug like it was the Pwn2Own competition

Cyber Trends

Think sandboxing will stop malware? Here's why you're wrong, Apple (The Guardian) The announcement that Apple will introduce 'sandboxing' for code on Macs, and that Microsoft has similar plans for some Windows 8 apps, doesn't mean the malware problem is going to end

One big threat to cybersecurity: IT geeks can't talk to management (Quartz) A new report on the state of risk-based cybersecurity management helps explain why IT employees and their corporate bosses don't see eye to eye about hacking and other computer-based threats

Cyber security in private sector a 'significant' problem: Public Safety records (CTV News) In September, Telvent Canada announced it had suffered a cyber attack which security firm Mandiant later linked to Chinese military hackers. Telvent quickly shut off access to its clients to prevent the intruders from infiltrating their systems and

Experts warn of data theft in firms (Deccan Chronicle) Companies should take reasonable precautions to keep their data secure since nearly 50,000 of them worldwide were coming under cyber attack every day, according to speakers at a conference on cyber security, organised by the Confederation of Indian Industry (CII) here on Saturday

Marketplace

BAE Says Cyber-Security Is Survival of Fittest as Field Shrinks (Bloomberg) Cyber-security activities account for about 25 percent of Detica's sales, with the rest from data-management services and financial compliance

The Market in Zero-Day Exploits (Lawfare) Today's New York Times, brings a rich article by Nicole Perlroth and David Sanger on the growing market in zero-day exploits. Zero-day exploits are previously unknown flaws in computer programming that make it possible to subvert the program. They are

Nations Buying as Hackers Sell Computer Flaws (Cyberwarzone) On the tiny Mediterranean island of Malta, two Italian hackers have been searching for bugs not the island's many beetle varieties, but secret flaws in computer code that governments pay hundreds of thousands of dollars to learn about and exploit

NSA Data Collection Worrisome For Global Firms (Dark Reading) While Microsoft, Google, Facebook and other tech firms have downplayed their participation in government spying programs, U.S. and international companies should worry about access to their data in the cloud

Could NSA spying hurt California economy? (San Diego Union Tribune) California and its businesses have a problem. It's called the National Security Agency. That may sound provincial. The debate over the massive NSA surveillance programs disclosed by Edward Snowden is a national and global matter, not just a California concern

US Hackers Cooling Off Towards Federal Agencies (Voice of America) Past gatherings were regularly attended by officials from the Central Intelligence Agency (CIA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Secret Service and various military agencies. Last year's keynote

The ban on feds at Defcon draws a mixed reaction (CSO) Call for U.S. government workers to avoid security conference rankles some cyber warriors, gets cheers from others

Microsoft Leaks Reveal Depth of NSA's Ties with Silicon Valley (Foreign Policy) Judging by the latest revelations made by Edward Snowden, the National Security Agency has Microsoft firmly in its pocket

DARPA picks six companies to define enabling technologies for U.S. cyber warfare strategy (GovConWire) Information security experts at the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., have chosen six companies so far to define ways of understanding, planning, and managing military cyber warfare operations in real-time, large-scale, and dynamic networks

Node.js just got an enterprise-grade security shot in the arm (exclusive) (VentureBeat) As with all young technology projects, Node has experienced its fair share of FUD on its way to the enterprise, and some of that FUD has been around security. To help ease the FUD and make Node more secure and hacker-proof, The Node Firm, a consultancy/brain trust for Node.js, has just acquired the mind behind The Node Security Project, one Mr. Adam Baldwin

IBM acquires Israeli cloud computing firm (Washington Business Journal) IBM has acquired Computing Solutions Leaders International, a leading provider of virtualization management technology for IBM's zEnterprise system, according to The Algemeiner

Israel eyes Lockheed Martin for IT move to new Military Intelligence site (World Tribune) lockheed-martin-6500 L-M was teamed with Israel's Bynet Data Communications to upgrade software and prevent cyber attacks as part of the military's so-called Project 5/9. "We specialize in carrying out especially difficult migration to computer system

Products, Services, and Solutions

List of Recommended Pocket-Friendly AntiVirus Software Published on Boffin Today (Newsday) Boffin software review website revealed the top choices for free antivirus software that offer quality system protection to users' devices. The list includes anti-virus gems such as Avira and Avast, as well as lesser-known ones but equally efficient software

Estonia publishes its e-voting source code on GitHub (Ars Technica) System architect says he welcomes "development and security of the e-elections." Estonia, which created the world's first nationwide Internet-based voting system, has finally released its source code to the public in an attempt to assuage a longstanding concern by critics

DeepDB: General Purpose Database For Big Data Era (InformationWeek) Startup's new database handles structured, semi-structured and unstructured data. But is it a hard sell in today's enterprise

Technologies, Techniques, and Standards

IT/NETWORKING—Encryption 101 (SecurityInfoWatch) The key standards used today to provide public-key cryptography conform to the American National Standards Institute (ANSI), and International Standards organization (ISO). The most prevalent and widely used set of cryptographic standards is published

Protection technology can prevent cyber attacks (Times of India) Kaspersky Lab has said in a statement that protection technologies can help avoid targeted attacks on office computers. It said that according to surveys in Europe and the United States, company employees spend up to 30% of their working hours on private affairs. By multiplying the hours spent on non-business-related things by the average cost of the working hour, the analysts estimate the costs to companies amounting to millions of dollars a year. Indirect losses may be even higher. If these employees - inadvertently or otherwise - assist hack attacks or identity theft, cause reputational damage or infringe copyright, the costs could be even greater

Browser Plug-In Vulns The Endpoint's Weakest Link (Dark Reading) As much attention is given to zero-day attacks and system vulnerabilities, the typical exploit assaulting enterprise endpoints actually looks for a much easier attack vector to launch attacks. In more cases than not, the application used to access the Web is also the one most online attackers will target. That's because most attackers and online exploit kit designers realize that the common browser is usually an endpoint's weakest link. Not only are enterprises generally slow to keep up with browser patching, they're downright sluggish at updating plug-ins and extensions

Academia

Cyber security camp aims to address a national issue (WDDE 91.1FM) First State students are learning what it takes to face some of the 21st centuries biggest security threats. Federal and state officials joined together at Wilmington University's New Castle campus on Friday to congratulate the 4th graduating class of the United State Cyber Challenge Delaware Camp. 47 students from Delaware's universities spent a week at the campus taking specialized cyber security classes from college teachers and cyber security experts. While the annual camp taught students valuable skills that improve their marketability, it also helped to identify students with the skills and dedication needed to fill the growing need of cyber security professionals

Legislation, Policy, and Regulation

Iran's New President Hints At Easing Internet Controls (NPR) Iran's President-elect Hasan Rowhani has already called for less filtering of the Internet, saying Iran must maintain its principles, but also needs to engage with the wider world

NSA Leaks Stir Plans in Russia to Control Net (New York Times) N.S.A. Leaks Stir Plans in Russia to Control Net. By ANDREW E. KRAMER. Published: July 14, 2013. MOSCOW -- Edward J. Snowden, the former National Security Agency contractor, fled the United States saying he didn't want to live in a surveillance state

Why NSA spying scares the world (CNN) In 2011, I was on a panel, organized by the security company RSA, with two retired National Security Agency directors, Michael Hayden and Kenneth Minihan. During the course of our debate, I raised concerns, as the only non-American on the panel, that their plans and preferences for having the NSA secure cyberspace for the rest of us were not exactly reassuring. To this, Minihan replied that I should not describe myself as "Canadian" but rather "North American"

Snowden affair chills US–Latin American ties (Cyberwarzone) America's "backyard," as Secretary of State John Kerry once referred to Latin America, is sprouting angry weeds as the scandal involving intelligence leaker Edward Snowden lays bare already thorny U.S. relations with Latin America

German Chancellor Urges Strict EU Data Protection Rules (SecurityWeek) German Chancellor Angela Merkel called Sunday for EU-wide data protection rules and transparency from Internet giants such as Google and Facebook, reacting to reports of sweeping US online surveillance

German spies made use of U.S. surveillance data (Cyberwarzone) Germany's foreign intelligence agency (BND) has known about U.S. surveillance and storage of German data for years and used it in cases of Germans kidnapped abroad, the mass-circulation daily Bild reported on Monday

German opposition criticizes Merkel minister over US snooping (Chicago Tribune) The question of how much the government knew about reports of intrusive surveillance by the U.S. National Security Agency (NSA) has touched a raw nerve in Germany just two months before the election, in which Merkel is tipped to win a third term

Artist investigated after shining Kim Dotcom "light art" on US Embassy (Ars Technica) "United Stasi of America" image shone onto walls of US Embassy for 30 seconds. A German artist may now potentially face criminal charges in Germany after he projected a huge image onto the walls of the United States Embassy in Berlin last Sunday

NSA Chief's Methods Fuel Debate On Privacy (Washington Post) In his eight years at the helm of the country's electronic surveillance agency, Alexander, 61, has quietly presided over a revolution in the government's ability to scoop up information in the name of national security. And, as he did in Iraq, Alexander has pushed hard for everything he can get: tools, resources and the legal authority to collect and store vast quantities of raw information on American and foreign communications

DHS Secretary Janet Napolitano announces resignation (Daily Caller) Director of US National Intelligence James Clapper (L), Homeland Security Director Janet Napolitano (C) and US Attorney General Eric Holder (R) share a few words before US President Barack Obama speaks in the Rose Garden at the White House in

DHS secretary Napolitano's exit leaves leadership vacuum (CSO) Departure brings the number of vacant or soon-to-be vacant leadership positions at Homeland Security to 15, seven requiring confirmation

A DHS Cabinet Officer Goes — The Problems Remain (Security Debrief) The same "continuity" goes for at least five issues outgoing-Homeland Security Secretary Janet Napolitano's successor will face at the Department of Homeland Security (DHS). First, and foremost, we are not stopping homegrown terrorism. The cellular

Possible contenders to lead Department of Homeland Security (Fox News) Her move leaves a void at the top of the government agency tasked with keeping Americans safe and overseeing everything from immigration and border patrol to cyber security as well as responses to natural disasters like Hurricane Sandy. Even though

Large agencies on board with DHS' cyber program (Federal Times) DHS will centrally oversee the procurement, operations, and maintenance of diagnostic tools for agencies to quickly identify and fix cyber risks in their networks. DHS expects the tools will eventually conduct 60 billion to 80 billion security checks

US Government Works with Internet Firms to Stop Chinese Cyber Attacks (ExecutiveGov) The U.S. government has been collaborating with Internet service providers in an effort to intercept cyber attacks from China, The Wall Street Journal reported Friday. Danny Yadron and Siobhan Gorman write the U.S. Department of Homeland Security

Feds Shared Chinese Hacker Data With Service Providers (InformationWeek) FBI and Homeland Security temporarily slowed attacks by giving U.S. service providers info on Chinese hackers' command-and-control infrastructure. The FBI and Department of Homeland Security (DHS) in February supplied hundreds of IP addresses of suspected Chinese command-and-control (C&C) servers to U.S. service providers

House Appropriations to consider extending anti-Chinese supply chain measure (FierceGovIT) A temporary anti-Chinese manufacturer supply chain measure currently in force for a handful of major agencies would stay in effect through fiscal 2014 under a provision included in a subcommittee spending bill

Schumer, Israel want secret court less secret (Newsday) A month after leaks revealed that the National Security Agency collects millions of U.S. telephone and Internet records, two federal lawmakers representing Long Island say they want the secret court that OKs spying and surveillance programs to be more transparent and accountable

Litigation, Investigation, and Law Enforcement

Russia risks US wrath on Snowden asylum (Dawn) Russia on Saturday faced stark warnings from the United States against granting asylum to fugitive US leaker Edward Snowden after he broke three weeks of silence to tell activists he wanted sanctuary in the country

NSA Leaker Says He Has 'No Regrets' (USA Today) Meanwhile, Glenn Greenwald, the columnist with The Guardian newspaper who first published the leaked documents, said Sunday that Snowden has sensitive "blueprints" detailing how the NSA operates that would allow someone who read them to evade or duplicate NSA surveillance

NSA Spying Lawsuit Advances Despite Long Odds, National Security Concerns (Huffington Post) Klein had recently read in The New York Times that the National Security Agency was eavesdropping on phone calls coming in and out of the United States without obtaining warrants. Based on what he had learned about room 641A, he assumed that the

Snowden Has 'Blueprints' to NSA (Cyberwarzone) Edward Snowden has highly sensitive documents on how the National Security Agency is structured and operates that could harm the U.S. government, but has insisted that they not be made public, a journalist close to the NSA leaker said

L'affaire Snowden and (Computer) Security (PJ Media) UNCLASSIFIED, CONFIDENTIAL, SECRET, and TOP SECRET: So not the whole story

NHS Surrey fined £200,000 after losing patients' records (BBC) The NHS Surrey data breach was one of the most serious the ICO has seen. NHS Surrey has been fined £200,000 by data regulators over the loss of sensitive information about more than 3,000 patients

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

London Summer 2013 (London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...

Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.

2013 World Comp (Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...

Black Hat 2013 (Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...

International Conference on Cyber Security (New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...

AIAA Aviation 2013 (Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...

A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...

Resilience Week 201 (San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...

Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...

National SCADA Conference (Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...

First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, August 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications...

SANS Thailand 201 (Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.

Human Cyber Forensics Forum (Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.