LulzSec reappears, post-Sabu, to deface Peruvian government sites in protest against Peru's use of Level 3 hosting services (in LulzSec's mind an NSA cat's paw). Israel's Knesset successfully defends itself from cyber attack (possibly one inspired by Iran).
Spam-distributed malware, attacks on game makers, and spoof Twitter accounts highlight current threats. Researchers demonstrate a vulnerability in Verizon network extenders (Verizon says it's closed this particular hole). TrendMicro reports finding an unusual attack in the wild: a file infector with an unusual information theft routine.
InformationWeek wonders at the patch cycle, and asks why software vendors can't be as quick as Pwn2Own.
BAE sees coming consolidation in the cyber sector driven by increasingly stringent and sophisticated customer requirements—less capable firms will disappear; niche companies will be acquired.
The PRISM affair continues to give US businesses headaches. LulzSecPeru's animus against Level 3 is a minor but telling episode. Silicon Valley generally is worried about perceptions that it's too close to NSA. There are signs of a shifting labor market as well—US cyber talent may be shying away from Government employment. (Contrast Europe, where security services see an apparently PRISM-driven upswing in job applicants.)
The leaks continue to have diplomatic ramifications. Observers see them as a shot-in-the-arm for (US-opposed) efforts at national Internet controls. Germany's government receives criticism as Bild reports on its alleged cooperation with NSA.
None of this has softened the US line toward Chinese cyber operations, as the House considers extending security-motivated restrictions on acquisition of Chinese hardware.
Today's issue includes events affecting Brazil, Bolivia, Brunei Darussalam, Cambodia, Canada, China, Cuba, Ecuador, European Union, Germany, Israel, Italy, Indonesia, Japan, Laos, Malaysia, Malta, Mexico, Myanmar, Nicaragua, Peru, Philippines, Russia, Singapore, Turkey, Thailand, United Kingdom, United States, Venezuela, and Viet Nam..
Knesset stymies major cyber attack(The Times of Israel) The Knesset successfully fended off a severe cyber attack on the parliament's computer system Sunday night, a spokesman said. According to Yotam Yakir, all the attacks were countered by the Knesset cybersecurity staff, with the assistance of other experts
Android Malware: Separating Reality from Hype(eSecurity Planet) Reports of Android malware are rampant. Should enterprises be worried? You don't have to look hard to find ominous stories about malware on the Android platform. The exact numbers may change, but somewhere north of 90 percent of mobile malware has been found to target
JAVA_EXPLOIT.ZC(TrendLabs Security Intelligence Blog) This is a malicious applet that downloads and executes a file infector detected as PE_EXPIRO.JX-O. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below
File Infector EXPIRO Hits US, Steals FTP Credentials(TrendLabs Security Intelligence Blog) An unusual attack has been spotted in the wild, using an unexpected combination of threats. This attack used exploit kits (in particular Java and PDF exploits) to deliver file infectors onto vulnerable systems. Interestingly, these file infectors have information theft routines, which is a behavior not usually found among file infectors. These malware are part of PE_EXPIRO family, file infectors that was first spotted spotted in 2010. In addition to standard file infection routines, the variants seen in this attack also have information theft routines, an uncommon routine for file infectors. The infection chain goes something like this
British PM Links to Spoof Twitter Account(Cyberwarzone) British Prime Minister David Cameron fell victim to a Twitter spoof on Monday when he sent a message linked to a fake account that lampoons the government and portrays ministers as a privileged elite
Go ahead, Asia, have a look in your Dropbox… We DARE you — hackers(The Register) 10-country trade group targeted by NYT hacking crew, claim researchers. The Chinese hacking crew that made headlines worldwide after a high-profile series of attacks against the New York Times last year has returned with assaults against South East Asia, at least according to threat intelligence firm Cyber Squared
Hacked Verizon device Mobile Spy Station(Cyberwarzone) Two security experts said they have figured out how to spy on Verizon Wireless mobile phone customers by hacking into devices the U.S. carrier sells to boost wireless signals indoors
How Hackers Tapped Into My Cellphone For Less Than $300(Cyberwarzone) In the wake of the National Security Agency cyber-spying revelations, you may be worrying about the government keeping track of your digital life. But, for less than $300, a group of ordinary hackers found a way to tap right into Verizon cellphones
Experts warn of data theft in firms(Deccan Chronicle) Companies should take reasonable precautions to keep their data secure since nearly 50,000 of them worldwide were coming under cyber attack every day, according to speakers at a conference on cyber security, organised by the Confederation of Indian Industry (CII) here on Saturday
The Market in Zero-Day Exploits(Lawfare) Today's New York Times, brings a rich article by Nicole Perlroth and David Sanger on the growing market in zero-day exploits. Zero-day exploits are previously unknown flaws in computer programming that make it possible to subvert the program. They are
Nations Buying as Hackers Sell Computer Flaws(Cyberwarzone) On the tiny Mediterranean island of Malta, two Italian hackers have been searching for bugs not the island's many beetle varieties, but secret flaws in computer code that governments pay hundreds of thousands of dollars to learn about and exploit
NSA Data Collection Worrisome For Global Firms(Dark Reading) While Microsoft, Google, Facebook and other tech firms have downplayed their participation in government spying programs, U.S. and international companies should worry about access to their data in the cloud
Could NSA spying hurt California economy?(San Diego Union Tribune) California and its businesses have a problem. It's called the National Security Agency. That may sound provincial. The debate over the massive NSA surveillance programs disclosed by Edward Snowden is a national and global matter, not just a California concern
US Hackers Cooling Off Towards Federal Agencies(Voice of America) Past gatherings were regularly attended by officials from the Central Intelligence Agency (CIA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Secret Service and various military agencies. Last year's keynote
Node.js just got an enterprise-grade security shot in the arm (exclusive)(VentureBeat) As with all young technology projects, Node has experienced its fair share of FUD on its way to the enterprise, and some of that FUD has been around security. To help ease the FUD and make Node more secure and hacker-proof, The Node Firm, a consultancy/brain trust for Node.js, has just acquired the mind behind The Node Security Project, one Mr. Adam Baldwin
IBM acquires Israeli cloud computing firm(Washington Business Journal) IBM has acquired Computing Solutions Leaders International, a leading provider of virtualization management technology for IBM's zEnterprise system, according to The Algemeiner
Estonia publishes its e-voting source code on GitHub(Ars Technica) System architect says he welcomes "development and security of the e-elections." Estonia, which created the world's first nationwide Internet-based voting system, has finally released its source code to the public in an attempt to assuage a longstanding concern by critics
IT/NETWORKING—Encryption 101(SecurityInfoWatch) The key standards used today to provide public-key cryptography conform to the American National Standards Institute (ANSI), and International Standards organization (ISO). The most prevalent and widely used set of cryptographic standards is published
Protection technology can prevent cyber attacks(Times of India) Kaspersky Lab has said in a statement that protection technologies can help avoid targeted attacks on office computers. It said that according to surveys in Europe and the United States, company employees spend up to 30% of their working hours on private affairs. By multiplying the hours spent on non-business-related things by the average cost of the working hour, the analysts estimate the costs to companies amounting to millions of dollars a year. Indirect losses may be even higher. If these employees - inadvertently or otherwise - assist hack attacks or identity theft, cause reputational damage or infringe copyright, the costs could be even greater
Browser Plug-In Vulns The Endpoint's Weakest Link(Dark Reading) As much attention is given to zero-day attacks and system vulnerabilities, the typical exploit assaulting enterprise endpoints actually looks for a much easier attack vector to launch attacks. In more cases than not, the application used to access the Web is also the one most online attackers will target. That's because most attackers and online exploit kit designers realize that the common browser is usually an endpoint's weakest link. Not only are enterprises generally slow to keep up with browser patching, they're downright sluggish at updating plug-ins and extensions
Cyber security camp aims to address a national issue(WDDE 91.1FM) First State students are learning what it takes to face some of the 21st centuries biggest security threats. Federal and state officials joined together at Wilmington University's New Castle campus on Friday to congratulate the 4th graduating class of the United State Cyber Challenge Delaware Camp. 47 students from Delaware's universities spent a week at the campus taking specialized cyber security classes from college teachers and cyber security experts. While the annual camp taught students valuable skills that improve their marketability, it also helped to identify students with the skills and dedication needed to fill the growing need of cyber security professionals
NSA Leaks Stir Plans in Russia to Control Net(New York Times) N.S.A. Leaks Stir Plans in Russia to Control Net. By ANDREW E. KRAMER. Published: July 14, 2013. MOSCOW -- Edward J. Snowden, the former National Security Agency contractor, fled the United States saying he didn't want to live in a surveillance state
Why NSA spying scares the world(CNN) In 2011, I was on a panel, organized by the security company RSA, with two retired National Security Agency directors, Michael Hayden and Kenneth Minihan. During the course of our debate, I raised concerns, as the only non-American on the panel, that their plans and preferences for having the NSA secure cyberspace for the rest of us were not exactly reassuring. To this, Minihan replied that I should not describe myself as "Canadian" but rather "North American"
Snowden affair chills US–Latin American ties(Cyberwarzone) America's "backyard," as Secretary of State John Kerry once referred to Latin America, is sprouting angry weeds as the scandal involving intelligence leaker Edward Snowden lays bare already thorny U.S. relations with Latin America
German spies made use of U.S. surveillance data(Cyberwarzone) Germany's foreign intelligence agency (BND) has known about U.S. surveillance and storage of German data for years and used it in cases of Germans kidnapped abroad, the mass-circulation daily Bild reported on Monday
German opposition criticizes Merkel minister over US snooping(Chicago Tribune) The question of how much the government knew about reports of intrusive surveillance by the U.S. National Security Agency (NSA) has touched a raw nerve in Germany just two months before the election, in which Merkel is tipped to win a third term
NSA Chief's Methods Fuel Debate On Privacy(Washington Post) In his eight years at the helm of the country's electronic surveillance agency, Alexander, 61, has quietly presided over a revolution in the government's ability to scoop up information in the name of national security. And, as he did in Iraq, Alexander has pushed hard for everything he can get: tools, resources and the legal authority to collect and store vast quantities of raw information on American and foreign communications
DHS Secretary Janet Napolitano announces resignation(Daily Caller) Director of US National Intelligence James Clapper (L), Homeland Security Director Janet Napolitano (C) and US Attorney General Eric Holder (R) share a few words before US President Barack Obama speaks in the Rose Garden at the White House in
A DHS Cabinet Officer Goes — The Problems Remain(Security Debrief) The same "continuity" goes for at least five issues outgoing-Homeland Security Secretary Janet Napolitano's successor will face at the Department of Homeland Security (DHS). First, and foremost, we are not stopping homegrown terrorism. The cellular
Possible contenders to lead Department of Homeland Security(Fox News) Her move leaves a void at the top of the government agency tasked with keeping Americans safe and overseeing everything from immigration and border patrol to cyber security as well as responses to natural disasters like Hurricane Sandy. Even though
Large agencies on board with DHS' cyber program(Federal Times) DHS will centrally oversee the procurement, operations, and maintenance of diagnostic tools for agencies to quickly identify and fix cyber risks in their networks. DHS expects the tools will eventually conduct 60 billion to 80 billion security checks
Feds Shared Chinese Hacker Data With Service Providers(InformationWeek) FBI and Homeland Security temporarily slowed attacks by giving U.S. service providers info on Chinese hackers' command-and-control infrastructure. The FBI and Department of Homeland Security (DHS) in February supplied hundreds of IP addresses of suspected Chinese command-and-control (C&C) servers to U.S. service providers
Schumer, Israel want secret court less secret(Newsday) A month after leaks revealed that the National Security Agency collects millions of U.S. telephone and Internet records, two federal lawmakers representing Long Island say they want the secret court that OKs spying and surveillance programs to be more transparent and accountable
Litigation, Investigation, and Law Enforcement
Russia risks US wrath on Snowden asylum(Dawn) Russia on Saturday faced stark warnings from the United States against granting asylum to fugitive US leaker Edward Snowden after he broke three weeks of silence to tell activists he wanted sanctuary in the country
NSA Leaker Says He Has 'No Regrets'(USA Today) Meanwhile, Glenn Greenwald, the columnist with The Guardian newspaper who first published the leaked documents, said Sunday that Snowden has sensitive "blueprints" detailing how the NSA operates that would allow someone who read them to evade or duplicate NSA surveillance
Snowden Has 'Blueprints' to NSA(Cyberwarzone) Edward Snowden has highly sensitive documents on how the National Security Agency is structured and operates that could harm the U.S. government, but has insisted that they not be made public, a journalist close to the NSA leaker said
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
International Conference on Cyber Security(New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
3rd Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...
AIAA Aviation 2013(Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...
A Cloud Computing Introduction for Manager(Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...
Resilience Week 201(San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo(Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...
National SCADA Conference(Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Human Cyber Forensics Forum(Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.