Israeli hacktivists hope to kick off a cyber-riot today with opIslam.
Elsewhere in the Middle East, the Izz ad-Din al-Qassam Cyber Fighters resurface with promises of more denial-of-service attacks on Western banks. The banks now regard this as a nuisance-level threat: DDoS attacks are most worrisome when they're a kind of artillery preparation for more sophisticated campaigns, providing noisy cover for advanced persistent threats.
The Venezuelan government may have suffered a general attack by Anonymous Venezuela, but evidence is ambiguous. Passport control was locked at Istanbul's Atatürk Airport today, possibly due to a cyber attack. (Cyber threats to commercial aviation also concern the Indian government, which calls them out in its recent cyber security strategy.)
SE Consult warns of multiple vulnerabilities in Symantec's Web Gateway Appliance. Simple Machines warns its website has been compromised, with data stolen. Citigroup warns customers of inadvertent exposure of personal data.
KINS seems poised to gain blackmarket share; Microsoft reports downing 88% of KINS competitor Citadel's botnets.
Today is sysadmin appreciation day: it's worth noting that this week's OVH hack prompts calls for better privileged account security.
TED hosts security experts Bruce Schneier and Mikko Hypponen, who discuss the ramifications of government electronic surveillance.
NSS Labs studies the effectiveness of cyber defense-in-depth. They find, unsurprisingly, that mechanical approaches to defense-in-depth won't work.
Britain finds Huawei running its prospective Internet content filter. The US Congress is expected to keep its teeth in the Intelligence Community.
Russia's FSB talks Snowden to America's FBI (and Snowden should worry).
Today's issue includes events affecting Austria, China, European Union, India, Iran, Ireland, Malaysia, Singapore, Russia, Turkey, United Kingdom, United States, and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
#opIslam: Israeli hackers initiate Operation Islam(Cyberwarzone) #opIslam is an operation that has been initiated by the hacking group IsraeliElite. The hackers are going to launch the operation on the 26th of June. The Israeli hackers are asking the world to assist #opIslam in the fight against cyber terrorism
Multiple Vulnerabilities in Symantec Web Gateway(Infosecurity Magazine) A security advisory issued today reports that multiple critical vulnerabilities were discovered in Symantec's award winning Web Gateway Appliance 5.1.0 in February 2013. These vulnerabilities allow attackers to take complete control of the appliance
Apple hack exploited with new phishing campaign(ZDNet) In order to make sure a phishing campaign works, the victim has to believe an email is legitimate. It's no surprise that the Apple security breach is the latest event to be taken advantage of
Intercessors for America Hacked(eSecurity Planet) 9,885 users' e-mail addresses and clear text passwords were leaked online. Members of Anonymous recently breached the Web site of Intercessors for America, which describes itself as a "group of like-minded people who recognized the need for God to intervene in U.S. governmental and cultural issues"
Simple Machines Website Hacked, Database Stolen(Softpedia) Representatives of Simple Machines, the provider of the open source community forum platform, reveal that their website has been hacked. The breach took place on July 20, but it was discovered only on July 22
Skrillex site defaced by infamous penguin hacker(The Verge) A hacker has taken down Skrillex's website, replacing it with the same page that was used in a widespread attack last year. Back in November 2012, the Turkish hacker "Eboz" targeted over 280 Pakistani domains, including the official sites of Apple, Microsoft, and Google in a massive DNS hack. The Skrillex attack, then, represents a change of pace for Eboz
Haunted by the Ghosts of ZeuS & DNSChanger(Krebs on Security) One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit dressed up as the new next big thing
New Trojan could create headaches for banks, customers(ComputerWorld) With the major developers of banking malware laying low, a new crook on the block has emerged gunning to be top dog in the market. The developer's new malware is called KINS, and he's selling it for $5,000 a pop, although that price is likely to climb if the malware is a good as he brags it is
Microsoft: 88 Percent of Citadel Botnets Down(Threatpost) Nearly two months after the company was part of an operation to disrupt a large number of Citadel botnets, Microsoft said that 88 percent of the botnets spawned by that malware have been taken down. Citadel is a Trojan designed specifically to steal financial information from a variety of sources using a number of techniques
Demonstration of cyber attacks planned(Upstream Online) Cybersecurity researchers next week will demonstrate how hackers can potentially wreak havoc on critical US infrastructure, even causing explosions by altering the readings on wireless sensors used by the oil and gas industry, according to a report
Key industries remain vulnerable to cyber raids(Arab News) Cybersecurity researchers next week will demonstrate how hackers can potentially wreak havoc on critical US infrastructure, even causing explosions by altering the readings on wireless sensors used by the oil and gas industry
The rise of sophisticated malware(Infosecurity Magazine) A recent Enterprise Strategy Group (ESG) research study focused on advanced malware protection and detection. The study revealed that enterprise organizations are seeing an increase in more sophisticated malware and are making it a strategic priority to add new layers of endpoint security to protect their organizations against advanced zero-day and polymorphic threats commonly used for targeted attacks
Executives lack confidence in their cyber security(Help Net Security) More than two-thirds of executives are concerned their companies will not be able to stop such threats, and one in five say their biggest concern is not knowing whether an attack is underway, according to ThreatTrack Security
Enterprises gain an 'F' grade in protecting themselves against cybercrime(ZDNet) In the light of increasing and sophisticated cyberattacks, are enterprise systems up to the challenge of defending themselves? According to new data released by security firm Malwarebytes, the Enterprise Strategy Group (ESG) research study, enterprises are responding to the emergence of more sophisticated malware -- and although adding strategic security layers is now often a priority, many businesses are still ill-equipped to protect systems
The impact of weak threat intelligence on organizations(Help Net Security) A new Ponemon Institute study, which includes a survey of more than 700 respondents from 378 enterprises, defines what "live threat intelligence" is; how global enterprises are using it defend against compromises, breaches and exploits; and the financial damage that slow, outdated and insufficient threat intelligence is inflicting on them
Security experts Bruce Schneier and Mikko Hypponen on the NSA, PRISM and why we should be worried(TED) As Edward Snowden is linked to one country after the next, the media has its eye fixed on where he will next request asylum. (Today, it's Russia.) Meanwhile, back at US headquarters, as NSA officials speak in a House Judiciary Committee hearing, the agency is still doing what it's doing. To get more information on exactly what that means, the TED Blog wrote to two security experts, Bruce Schneier (watch his talk) and Mikko Hypponen (see his talk), to ask them about what it is we should be worried about. Turns out, pretty much everything
DHS to set up "cybersecurity shop" for govt agencies(Help Net Security) The US Department of Homeland Security has been tasked with setting up a centralized shopping hub to which all the other US federal, state and local agencies us to get the tools and expertise for all their cyber security needs
Dell committee wants founder to bid even higher(FierceFinance) Ever since the Dell special committee came out in favor of the proposal put forward by founder Michael Dell and partner Silver Lake, it has seemed the two sides were teammates, jointly battling Carl Icahn and other dissidents. But the committee and the founder may be starting to slide farther apart. The committee has been openly suggesting for weeks that Michael Dell needs to hike its offer. Now, in the wake of the sweetened offer, it wants even more
Bit9 Introduces enterprise Mac security(Infosecurity Magazine) Business users are driving demand for Macs across the enterprise. Until now, the few enterprise security products available for the Mac were dependent on malware signatures and behavioral patterns, which makes them ineffective against today's advanced threats and targeted attacks. Organizations and analysts are concerned that Macs now represent a growing vulnerability in the enterprise
IBM Expands Security Portfolio with QRadar Vulnerability Manager(eSecurity Planet) You've got lots of tools all scanning for security issues—but what do you do when you find them? Security in a modern enterprise is a complicated multi-headed beast. Many organizations have multiple layers of tools to keep the beast at bay by detecting vulnerabilities, but few have tools to manage
Verizon Creates Public Security Database(Light Reading) One of the most effective ways to fight cyber-attacks is through the open sharing of information. This is why Verizon, as a leading voice in the
Onapsis Further Empowers Information Security Professionals to Protect Their SAP Platforms at Black Hat USA(BWW) Onapsis Inc., the leading provider of solutions to assess and protect ERP systems from cyber-attacks, today announces extended support to the Information Security community by showcasing a new version of Onapsis X1 and hosting a SAP Security Training at Black Hat USA. With the growing concern in the market regarding increasing cyber-threats to SAP Platforms, Onapsis continues to empower Security professionals with cutting edge education and SAP-certified products to mitigate these threats, helping them protect their organizations from espionage, sabotage and financial fraud attacks
HBGary launching new cyber-security software(Sacramento Business Journal) It shows what has been fixed and what hasn't been fixed," said Ken Silva, president of ManTech Cyber Solutions International Corp. Inc., which owns HBGary
Technologies, Techniques, and Standards
How well does "defense in depth" really work?(NSS Labs) "Defense in depth," or the layering of multiple security products is a commonly employed security strategy and best practice. Central to the concept of layered security is the idea that attacks that are able to bypass one layer of security will eventually be caught by a subsequent layer of security
Red Team Testing: Debunking Myths and Setting Expectations(Cyberwarzone) The term "cyber" seems to be overused in every corner of the information security industry. Now there is a new buzz phrase in computer security, "red team engagements." Supposedly (to get "cyber" on you), you can have a red team test, and it will help move your organization in the correct "cyber direction." But what is red team testing really? And what is it not? In this post I'll try to make some sense of this potent term
Seeking answers with NAC(SC Magazine) Corporate bring your own device (BYOD) growth is prompting enterprises to take a closer look at their networks and their approach to security. As this initiative grows, along with the increased need for keeping the network and its data secure, more IT professionals are reconsidering network access control (NAC). In fact, a recent Ogren Group research report titled "Network Access Control: A Strong Resurgence is Underway" estimates the NAC market has grown to $392 million (£254 million) in 2012 and will sustain a strong 22 per cent CAGR through 2017, taking the market to more than $1 billion per year
Information Security Isn't just About Computers — Be Careful When Talking To Strangers(SecurityWatch) With the economy how it is and more people having to be in the work force for longer hours it can seem like work is all that you are about. You might have other interests but you spend so much time at work that you do not have time to do them! All you can do is go to work, watch a little bit of TV when you get home, and then go to sleep to get ready for work the next day. With this kind of schedule it is understandable that so many people can only think about work related topics when they are with their friends. Since it is the thing that takes up most of your life you are most likely going to want to talk shop with other people
Better Bug Bounties Mean Safer Software, More Research Demand(Dark Reading) Companies should expect safer software as more companies adopt bug bounty programs and studies prove their effectiveness. The addition of new bug bounty programs and research showing their effectiveness will improve software security, raise the awareness of the importance of secure development, and create a more mature market for freelance security research, say vulnerabilities experts
A Couple of SSH Brute Force Compromises(Internet Storm Center) One common and stupidly simple way hosts are compromissed is weak SSH passwords. You would think people have learned by now, but evidently there are still enough systems with root passwords like 12345 around to make scanning for them a worthwhile exercise. As a result, one of my favorite honeypot tools is kippo, and we have talked about the tool before. I figured it is a good time again to write a quick update on some recent compromises
How to Fail at Black Hat(Threatpost) Every summer, the hacker intelligentsia descends on Las Vegas like a swarm of thirsty locusts that spends seven days chasing free drinks and avoiding sunlight at all costs. Black Hat and DEF CON week can be an overwhelming and confusing experience, especially for the uninitiated or agoraphobic. But fear not, Threatpost has your back
Chipotle Aims High But Misses Low on Twitter(LinkedIn) One of the earliest definitions I heard about marketing spoke of building relationships with customers and prospective customers. But sometimes it feels like we are far from that, especially in social media
NIST plans to extend grant to NSTIC organization(FierceGovIT) The Identity Ecosystem Steering Group, which through a grant is overseeing the implementation of the National Strategy for Trusted Identities in Cyberspace, will not simply dissolve in November, said Jeremy Grant, senior executive advisor for identity management at the National Institute of Standards and Technology
McAfee teaches online safety to over 15,000 children in SEA(ComputerWorld) McAfee recently announced that its Online Safety for Kids programme in Southeast Asia has reached over 15,000 children to date. The free programme has been running for over a year in local schools across Malaysia and Singapore
A Bipartisan Warning On Surveillance(New York Times) Lawmakers have given the Obama administration a bipartisan warning: patience is growing thin with its expansive and unwarranted surveillance of Americans
Spy Agencies Under Heaviest Scrutiny Since Abuse Scandal Of The '70s(New York Times) On three fronts interrogation, drone strikes and now electronic surveillance critics inside and outside Congress have challenged the intelligence establishment, accusing officials of overreaching, misleading the public and covering up abuse and mistakes. With alarm over the threat of terrorism in slow decline despite the Boston Marathon attack in April, Americans of both parties appear to be no longer willing to give national security automatic priority over privacy and civil liberties
'The Time Has Come' To Protect Your Phone Records(USA Today) Most fights in Congress these days are disturbingly partisan, but not all. This week, 94 Republicans and 111 Democrats found something on which they could agree that the government's intrusive program to seize and keep phone data on tens of millions of Americans should end
A Hasty And Drastic Overreach(USA Today) Members of Congress on both sides of the aisle recognize the value of the Foreign Intelligence Surveillance Act (FISA) and the significant role it plays in protecting our country from those who want to harm us
Lawmakers defeat anti-bulk metadata collection amendment(FierceGovIT) Lawmakers defeated a proposed amendment to the fiscal 2014 defense appropriations bill that would have restricted the bulk collection of telephone metadata records in a vote that privacy advocates say nonetheless expresses growing skepticism with an aggressive interpretation of the Patriot Act
Roberts's Picks Reshaping Secret Surveillance Court(New York Times) The recent leaks about government spying programs have focused attention on the Foreign Intelligence Surveillance Court and its role in deciding how intrusive the government can be in the name of national security. Less mentioned has been the person who has been quietly reshaping the secret court: Chief Justice John G. Roberts Jr
DAA introduces mobile self-regulation guidelines to help protect consumer privacy(FierceCMO) The Digital Advertising Alliance, a consortium of media and marketing associations that says the industry would be better off policing privacy itself rather than adopting any current legislation being proposed, is directing its self-regulation standards to the rapidly growing mobile ad industry. The group released mobile guidelines designed to protect consumer privacy
Maryland and Estonian Civilians Take Up Arms Against Hackers(NextGov) Estonian Ambassador Marina Kaljurand said a close parallel to her nation's cyber reserve is the new Maryland program. Maryland has started a volunteer netwarfare squad that the Estonian ambassador likens to her country's groundbreaking civilian cyber reserve, which was assembled after neighboring Russia allegedly shut down the former Soviet state's Internet access in 2007
EU reevaluating data sharing agreement with US in wake of NSA leaks(Ars Technica) "Safe Harbor" tries to bridge gap between EU and US data privacy laws. In a two-page written response to formal complaints filed last month by Austrian students, Ireland's top data protection office said Thursday that Apple, Facebook, and other tech companies with Irish offices have met their obligations with respect to European Union (EU) law--despite all the newly disclosed PRISM and National Security Agency (NSA) related surveillance
David Cameron's internet porn filter is operated by Huawei(Quartz) The filtering system promoted by Britain's prime minister to protect sensitive eyes from the horrors of internet pornography is run by the controversial Chinese technology company Huawei, according to the BBC, in partnership with the UK telecoms provider TalkTalk
Cyber Espionage Against India And Its Challenges, Solutions And Defences(Ground Report) If we analyse the Cyber Attacks Trends against India for the past few years it would be apparent that the frequency and sophistication of these Cyber Attacks has increased and developed a lot. The Cyber Attack by the Chinese Crackers at the computers in the Prime Minister's Office (PMO) of India in December 2009 is one such example
Litigation, Investigation, and Law Enforcement
Russian security agency FSB talking with the FBI over #Snowden(Cyberwarzone) Resources have provided the news that the Russian security agency FSB is currently talking with the FBI about the Snowden situation. A Kremlin spokesman said that he is sure that Edward Snowden - one of the ex-NSA contractors will stop harming the United States when he is granted asylum in Russia
Pfc. Bradley Manning's Trial Comes To An End As The Government Alleges He 'Aided The Enemy'(TechCrunch) While the world has become fixated on the NSA's domestic and foreign surveillance activities in the past months, the trial of Private First Class Bradley Manning is coming to a close. Concluding arguments were heard today. The government, as BoingBoing notes, is trying to convict Manning using the Espionage Act, and slap him with the charge of 'aiding the enemy.'
DoJ Accused of Illegally Withholding Info on Clandestine Cellphone Surveillance Tool(Slate) In the aftermath of recent revelations about secret NSA surveillance programs, the Justice Department is coming under renewed pressure to release information about a controversial cellphone tracking device. In a new Freedom of Information Act lawsuit filed in California earlier this month, the DoJ is accused of illegally withholding a trove of records related to a clandestine tool known as the "Stingray." The Stingray is a portable transceiver that sends out a signal that tricks all cellphones within a targeted area into hopping onto a fake network. The spy device, sometimes also described as an "IMSI catcher" or a "digital analyzer," is used by law enforcement agencies to covertly track down suspects. The FBI claims that it uses the device only to monitor the location of individuals and not to eavesdrop on text messages and phone calls. However, every time Stingrays are used, they inadvertently collect identifying data from all phones within a targeted radius--including those belonging to innocent bystanders--which is why civil liberties groups allege that they disproportionally violate privacy
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Regional Cyber Security Forum & IT Day (CSFI) - Hawaii(Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary,...
NSA Hawaii - Cyber Security, Intelligence & IT Day(Honolulu, Hawai'i, USA, October 31, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
AFCEA Global Intelligence Forum(Washington, DC, USA, July 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence...
International Conference on Cyber Security(New York, New York, USA, August 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit,...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
3rd Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security...
AFCEA Tinker AFB Information Technology & Cyber Security Expo(Oklahoma City, Oklahoma, USA, August 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information...
AIAA Aviation 2013(Los Angeles, California, USA, August 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics,...
A Cloud Computing Introduction for Manager(Columbia, Maryland, Sioux Falls, August 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and...
Resilience Week 201(San Francisco, California, USA, August 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical...
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo(Albuquerque, New Mexico, USA, August 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well...
National SCADA Conference(Melbourne, Victoria, Australia, August 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate...
SANS Thailand 201(Bangkok, Thailand, August 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
Defense Logistics Agency Tech Expo(Fort Belvoir, Virginia, USA, August 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum(Washington, DC, USA, August 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.