Officials in the United Arab Emirates report detecting and stopping attacks originating from Egyptian ISPs, evidently the work of hacktivist supporters of deposed President Morsi disgruntled by Emirati coolness toward the former regime.
The Syrian Electronic Army returns with an attack against California-based mobile messaging service Tango.
Chinese government cyber operations turn against Falun Dafa activists and neighboring nations' militaries. Huawei, facing security investigations in the UK, unconvincingly seeks to dismiss former US DCI Michael Hayden's warnings about the company's alleged espionage as mere shilling for Motorola.
Black Hat opens this coming weekend, and researchers have begun to preview vulnerabilities. Among the most interesting reports is Security Research Lab's discovery of significant vulnerabilities—involving weak encryption—in SIM cards. Other researchers will describe vulnerabilities in security devices.
Ubuntu Forum was hacked over the weekend, and essentially all registered users' credentials have been exposed. Canonical advises users to change passwords immediately.
Apple's Development Center was also shut down late last week due to the activities of an "intruder." (A Turkish grey hat claims to be that intruder. He says he meant no harm and was only trying to report bugs.)
Quantum Dawn 2 is over, with the results of the financial industry's cyber drill expected to become public in a few weeks. Meanwhile South Korean researchers conduct a similar exercise to improve the security of that country's markets.
The US Congress continues its increasingly frosty assessment of NSA surveillance activities. More Australian, Canadian, and German cooperation with NSA comes to light.
Today's issue includes events affecting Australia, Canada, China, Egypt, Finland, Germany, Kenya, Republic of Korea, Lithuania, Pakistan, Saudi Arabia, Spain, Syria, Turkey, United Arab Emirates, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
UAE foils cyber attack originating in Egypt(Emirates 24/7) The UAE's Telecommunications Authority (TRA) on Sunday said it had successfully thwarted Egypt-originated attempts by cyber-hackers to damage some government electronic sites on Friday
Mobile Messaging Service Tango Hacked by Syrian Electronic Army(Hack Read) contThe Syrian Electronic Army has breached into the official website of Tango (Tango.me) a popular mobile messaging service based in Mountain View, California. Hack was announced by the hackers on their official website, according to which the hackers have allegedly downloading 1.5 TB of daily backups including usernames, emails, addresses along with other contact details of site's users and subscriber sent
Rooting SIM cards(Cyberwarzone) SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets
UN warns 500 million sim cards vulnerable to hackers(Reuters via Times of India) A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones. The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile sim-cards. Hackers could use compromised sims to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31. The UN's Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant"
How your sim card may be putting your phone at risk of hacking(Firstpost) Millions of mobile phones may be vulnerable to spying due to the use of an outdated 1970-era cryptography technique, according to a new research. The research, due to be presented at an upcoming Black Hat security conference in the US, cites phones
Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users(Ars Technica) Ubuntu maintainer Canonical exhorts users to change passwords immediately. E-mail addresses, user names, and password data for every registered user of the Ubuntu Forums—estimated to be 1.82 million accounts—were exposed in a security breach hitting the company responsible for maintaining the freely available, open-source operating system. There's no sign the compromised data has been published online
Bitdefender finds cracks in Apple's walled garden(CSO) After analyzing more than half a million free apps on both platforms over the last year, Bitdefender found "applications are equally invasive and curious on iOS as on Android, even though one may argue that one of the operating systems is safer"
Compromised Sites Conceal StealRat Botnet Operations(TrendLabs Security Intelligence Blog) Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of 3 essential things: Compromised website for sending spam; Compromised systems for harvesting and delivering the spam data; Compromised website for delivering the payload
Hijacking connected cars with a $25 tool(Help Net Security) A presentation by two Spanish researchers scheduled to take place later this month at the Black Hat conference in Las Vegas will apparently prove that hijacking modern cars via electronic means is not only easy, but cheap to execute as well
Website of Tameer Microfinance Bank Pakistan Hacked and Defaced by PakBugs(Hack Read) Two Pakistani hackers going with the handle of Xploiter and Dr.Freak from PakBugs hacking group have hacked and defaced the official website of Tameer Microfinance Bank (TMFB) which is Pakistan's Largest and the first private commercial Microfinance bank. Hackers left their deface page along with a message on the hacked website which shows the reason for attacking bank site is actually a cyber law act which
4chan Launches Cyber Attacks in Protest of Anti-Piracy Efforts(Executive Biz) Members of 4chan this past weekend launched DDoS attacks against the Motion Picture Association of America and the Recording Industry Association of America in retaliation for hiring a software firm to act as cyber hitmen to take down websites hosting illegal movies, Panda Security reports
Where is my data? When hosting providers go away(Internet Storm Center) Most of us host part or maybe even all of our infrastructure at hosting providers. They provide you with floor space, rack space, or in cloud environments with platforms and software for you to use. As with all of these solutions there are pros and cons to having your hardware hosted. In cloud environments the hardware and often software typically belongs to the provider and only the data belongs to you. What could go wrong
Refocusing the private sector cybersecurity mindset(Washington Times) A report this past week surveying clients reveals some startlingly dismal numbers on the breadth and increasing scope of cyber attacks. The report was issued by Prolexic Technologies, a Florida-based technology provider of distributed denial of service protection services
Biggest security issue is perception that we can't win(FierceCIO: TechWatch) One on one with Tenable CEO Ron Gula: Basic guidelines and continuous monitoring yield better risk management. It seems like every other day now we either hear about the discovery of another software vulnerability, or of a new security compromise in a large organization. So is there any way at all that hackers can be kept out of corporate networks
Huawei's Chinese connection continues to be source of suspicion(Help Net Security) A day after it was announced that the UK government will investigate the employees at the Huawei's Cyber Security Evaluation Center located in Banbury, Oxfordshire, retired US general and former NSA and CIA director Michael Hayden has said the US intelligence agencies have proof that the company has been aiding cyber espionage efforts of the Chinese government
Mechanic by Bitdefender 1.1(PC Advisor) Mechanic offers something different, however, as Bitdefender appears to be dabbling in the system utilities market. It offers four basic functions: free up unused memory, see which apps are unstable, discover which programs are out of date and perform
Microsoft's Surface Pro beats Apple's iPad in security, says law firm(FierceMobileIT) Microsoft's (NASDAQ: MSFT) Surface Pro does a better job with data security and confidentiality, as well as computing power, than Apple's (NASDAQ: AAPL) iPad, judged Marcus Bluestein, chief technology officer, and Nina Lukina, business analyst, at the law firm of Kraft & Kennedy
Technologies, Techniques, and Standards
Tech Insight: Protecting Against Risks Posed By Anonymization Tools(Dark Reading) Snowden and NSA concerns are causing more users to seek anonymization and encryption tools that could cause security headaches for enterprises. The news about Edward Snowden and the NSA's PRISM program has generated an increased interest around encryption and anonymizing tools. More and more people are interested in covering their tracks and making sure that the "watchers" can't watch them. Sites like PRISM-break.org are encouraging the use of nonproprietary Web browsers and anonymizing tools like Tor. While these things are great for personal use, they can cause security issues for enterprises
Four steps for denying DDoS attacks(Cyberwarzone) Financial institutions have been battling waves of large distributed denial of service attacks since early 2012. Many of these attacks have been the work of a group called the Qassam Cyber Fighters, which until recently posted weekly updates on Pastebin about the reasons behind its attacks, and summarising Operation Ababil, its DDoS campaign
Why iOS jailbreak detection is a fundamentally flawed security process(SC Magazine) I was recently speaking with a company about their concerns regarding security and the topic of jailbreak detection came up. Clearly the person I was speaking with considered jailbreak detection to be an important line of defence against attack. Of course, as the article title implies, I disagree
South Korea confronts uphill battle against hackers(Korea Herald) Seoul maps out plan to beef up cyber security amid a rising wave of hacking attempts from North Korea and China. How long does it take for hackers to break into the secure network of a commercial bank in South Korea
Big banks undergo pseudo cyber attack test(Housing Wire) Big banks undergo pseudo cyber attack test. The government recently ran a drill cyber attack called quantum dawn in order to test the security strength of approximately 40
Militarizing the Internet?(The National Interest) Following a recent speech, Chairman of the Joint Chiefs of Staff General Martin Dempsey dismissed concerns about the U.S. militarization of cyberspace. "We have a Navy, but we are not being accused of militarizing the ocean," he said. As the world reflects on and responds to the actions of former National Security Agency contractor Edward Snowden, and as the investigation of possible leaks by former Joint Chiefs vice chairman General James Cartwright unfolds, it is difficult to avoid wondering if General Dempsey's answer is the best the administration can muster. An increasing number of adversaries and even allies are coming to believe that the United States is militarizing cyberspace—and that impression of hubris and irresponsibility is beginning to have a real–world impact
NSA issues weigh on military budget bill(Atlanta Journal Constitution) After work was delayed last week on the military's budget plan for 2014, the bill is back on the schedule this week in the U.S. House, as lawmakers in both parties try to fashion new limits on surveillance by the National Security Agency
Mood shifting, Congress may move to limit NSA spying(Miami Herald) Congress is growing increasingly wary of controversial National Security Agency domestic surveillance programs, a concern likely to erupt during legislative debate—and perhaps prod legislative action—as early as next week
NSA growth fueled by need to target terrorists(Washington Post) Twelve years later, the cranes and earthmovers around the National Security Agency are still at work, tearing up pavement and uprooting trees to make room for a larger workforce and more powerful computers. Already bigger than the Pentagon in square
Alexander: Terrorists Benefit from Snowden's Actions(Department of Defense) Army Gen. Keith B. Alexander, also commander of U.S. Cyber Command, spoke yesterday with Pete Williams, chief justice correspondent for NBC News, at the annual Aspen Institute Security Forum in Colorado. "We have concrete proof that
Obama attorney: NSA programs are legal(USA TODAY) For its latest defense of National Security Agency surveillance programs, the Obama administration brought in one of its key lawyers. Robert S. Litt, general counsel for the director of national intelligence, said in a Friday speech at the Brookings
NSA director: Snowden leaks 'make our job tougher'(Fox News) Part of his job as a contractor Booz Allen Hamilton was to move data between networks to facilitate the post 9/11 intelligence sharing requirements. A snow asylum request the State Department tried to play down reports secretary of state John Kerry
Edward Snowden, Congress and the Summer of Outrage(Threatpost) Maybe it's the heat. Or maybe it's them wanting to get it all out of their systems before the August recess. But whatever the case, there are some genuinely angry politicians in Washington right now, trying to figure who they should yell at next for making them deal with the fallout from the leaks perpetrated by Edward Snowden
Snowden may hurt US plans to face China over cyber attack(The Standard Digital News) Edward Snowden, a 30-year-old former Central Intelligence Agency employee, had been talking to the wrong people. Snowden, who had served as an 'infrastructure analyst' with Booz Allen Hamilton, a contractor for the US National Security Agency, had
Pentagon set to deploy new cyber-warrior corps(Globe and Mail) Future operations run by Cyber Command, Carter suggested, would be focused on the teams. "The teams are new, and they are in addition to the NSA workforce," he said. While they may ultimately be modeled on Special Operations, which provide fighting
DHS Scales Back Cybersecurity Programs for Critical Infrastructure(Wall Street Journal) At a time when cyber threats to critical infrastructure are mounting, budget cuts are forcing the Department of Homeland Security to scale back training and information sharing activities. Since March, the government has cancelled two conferences – including one in August — and three training sessions, which teach utility companies how to defend against cyber attacks
Interior min: so far Lithuania has not encounters real cyber attacks(The Baltic Course) According to Lithuania's Minister of the Interior Dailis Alfonsas Barakauskas, Lithuania has not encountered real cyber attack so far, yet every measure will be taken so not only Lithuania but also all the European Union (EU) would be prepared for them
Eavesdropping agency helped shape torture directive: RCMP memo(Hamilton Spectator) Canada's highly secretive electronic eavesdropping agency helped develop a federal directive that lets government agencies use and share information that was likely extracted through torture, a newly obtained document says. Communications Security Establishment Canada, known as CSEC, and its parent department, National Defence, were among several federal agencies that contributed to the information-sharing policy, says an RCMP memo disclosed to The Canadian Press under the Access to Information Act
Litigation, Investigation, and Law Enforcement
The Tipping Point in the War on Leaks(The Atlantic Wire) The United States government has faced criticism for its aggressive war against classified information leaks from within its normally well-secured walls. But there was a tipping point, just after Obama took office, when the administration decided something must be done about leaks
What Happens When We Actually Catch Edward Snowden?(Cyberwarzone) The United States is pressing hard to get hold of National Security Agency leaker Edward Snowden. But if and when Snowden is apprehended, what then? This question deserves attention, too, because the denouement to this drama may be unpleasant not just for Snowden, but for his captors as well
Snowden affair highlights gap between media and public(Miami Herald) The national survey of U.S. voters by Quinnipiac University found that by a huge margin—55 to 34 percent — respondents considered Snowden, the former National Security Agency contract employee, to be a whistleblower, not a traitor. In what the
(Another) Open Letter to Edward Snowden(Huffington Post) A couple of weeks ago, Melissa Harris-Perry at MSNBC posted a letter to Edward Snowden. Some believe that the letter was a bit sarcastic. Let me try a different approach
State Department IG highly critical of IT sub-bureau(FCW) The State Department's Bureau of Information Resource Management, Office of Information Assurance (IRM/IA) has none of those things, according to a State Department's Office of Inspector General audit released in July, and further lacks controls and
Snowden: A Man Without a Country(Huffington Post) Without question, the Department of Homeland Security and its myriad sub-agencies are engaging in aggressive intelligence gathering that would have been unthinkable before 9/11, but we are now in a new kind of war unlike any we have fought before
Snowden's Access to NSA's Deepest Secrets Disputed(Bloomberg) The National Security Agency's new operations center on the Hawaiian island of Oahu sits on a high plateau between two volcanoes, 40 minutes from Waikiki Beach. The $358 million compound, which opened in 2012, supplements the electronics-stuffed underground bunker nearby that was the NSA's first Hawaiian location. The facility is the primary U.S. outpost for spying on China and the rest of Asia—and was the workplace of ex-NSA contractor Edward Snowden
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SNW Fall 2013(Long Beach, California, USA, October 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and...
2nd Annual East Africa IT and Cyber Security Convention 2013(Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...
SINET Showcase: THE SINET 16(Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
EAGB Summer Quarterly Webinar(Webinar, July 24, 2013) Join us Wednesday, July 24 from 10:00-11:00 AM as Patrick Dougherty discusses the EAGB's two newest reports: the Summer 2013 Quarterly Regional Economic Update and Cyber Security in Greater Baltimore:...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
AFCEA Global Intelligence Forum(Washington, DC, USA, July 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence...
International Conference on Cyber Security(New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
3rd Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...
AFCEA Tinker AFB Information Technology & Cyber Security Expo(Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information...
AIAA Aviation 2013(Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...
A Cloud Computing Introduction for Manager(Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...
Resilience Week 201(San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo(Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...
National SCADA Conference(Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Human Cyber Forensics Forum(Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.