More than a week of unrest in Turkey is, predictably, accompanied by the cyber-rioting one has come to expect in such situations. (It's also following the transnational pattern established in Syria and elsewhere.)
Threatpost reports on how (and why) peer-to-peer botnets are peculiarly resistant to takedown, and what this suggests for mitigation tactics. Georgia Tech researchers demonstrate iOS devices' vulnerability to arbitrary software injection—they used a modified charger in the exploit.
A new privilege escalation platform is observed in the wild. A new crimeware black market opens, offering access to compromised PCs. Elcomsoft finds problems with Apple security: briefly, files stored in iCloud appear poorly protected.
Ambivalent news from the US FBI: the Bureau broke a hard disk's encryption in "mere weeks," good insofar as it got the Bureau a warrant against a child pornographer, but less good inasmuch as it suggests that hard disk encryption is newly vulnerable. Businesses might want to consider adding additional layers of encryption to protect invaluable data.
Industry observers note that employees tend to place company information on personal devices as well as into cloud services. Some also note that BYOD has become a distraction that impedes clear thinking about the implications of mobile technology. (Security tends to increase what Clausewitz called "friction," thus inevitably tending to produce tension with operational needs. And no quick technological fixes are in prospect—quantum cryptography and biometrics bring challenges and vulnerabilities of their own.)
As a Sino-American summit approaches, both parties struggle toward a cyber modus vivendi.
Today's issue includes events affecting Australia, China, India, Iran, Lithuania, Malaysia, Philippines, South Africa, Turkey, Tunisia, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
More 145 Turkish Websites Hacked by Tunisian Hackers(HackRead) Anti-government protests are raising in Turkey, so as the protest on Turkish cyber space where 145 Turkish websites have been hacked and defaced by Tunisian hackers. While scrolling Zone-h, I found out two Tunisian hackers going with the handles of Badi & Tn_Scorpion defaced all 145 websites today, leaving a deface page along with a message on all hacked sites, according to which
Hack any iOS Device within One Minute by a Modified Charger(HackRead) A team of security researchers at Georgia Institute of Technology have found a way by which any iOS device can be hacked within a minute by the help of modified charger. Researchers claim that despite Apple's exemplary defence system, they were able to injected arbitrary software into one of its devices based on the latest and updated operating system (OS). After successful hack, the researchers have issued
Compromised FTP/SSH account privilege-escalating mass iFrame embedding platform released on the underground marketplace(Webroot Threat Blog) Utilizing the very best in 'malicious economies of scale' concepts, cybercriminals have recently released a privilege-escalating Web-controlled mass iFrame embedding platform that's not just relying on compromised FTP/SSH accounts, but also automatically gains root access on the affected servers in an attempt to target each and every site hosted there. Similar to the stealth Apache 2 module that we profiled back in November, 2012, this platform raises the stakes even higher, thanks to the automation, intuitive and easy to use interface, and virtually limitless possibilities for monetization of the hijacked traffic
New E-shop sells access to thousands of hacked PCs, accepts Bitcoin(Webroot Threat Blog) Remember the E-shop offering access to hacked PCs, based on malware 'executions' that we profiled last month? We have recently spotted a newly launched, competing E-shop, once again selling access to hacked PCs worldwide, based on malware 'executions'. However, this time, there's no limit to the use of (competing) bot killers, meaning that the botnet master behind the service has a higher probability of achieving market efficiency compared to their "colleague." Additionally, the botnet master won't have to manually verify the presence of bot killers and will basically aim to sell access to as many hacked PCs as possible
FBI cracks encrypted hard disk in mere weeks(FierceCIO: TechWatch) Encryption is looking a little less secure now that the FBI has successfully cracked the encryption of a hard disk drive. The drive was owned by a suspected child pornographer and led to the discovery of "numerous" such files. Armed with this evidence, the FBI convinced a federal judge to order the suspect to either key in the password for his other storage drives, or provide an unencrypted copy of the data
Greetings to the President(The Economist) A cyber-attack on a Lithuanian news portal has slowed down the country's internet and highlighted its weak digital security, prompting appeals to other countries for assistance
Beware of Android Defender mobile scareware(Help Net Security) Scareware aimed at mobile users is not nearly as ubiquitous as that directed at those who use Windows-run PCs. Nevertheless, there is some out there. Sophos' Paul Ducklin has analyzed a sample that
EVE Online and Dust 514 Servers Down Following Cyber-Attack(Spong) The cyber-attack was made on the company's Tranquility cluster of servers, and CCP's investigation as to what happened seems to be more complex than initially suspected. The studio re-opened the servers shortly after a brief period of downtime, but had
Anatomy of a cyber attack on business(Financial Review) When a contractor with an Australian company tapped the letters IHS into his search engine in February this year, he did not know that he was about to compromise his organisation in the latest example of state-based cyber hacking to hit local business
Inside the Eye of a Microsoft 0-Day(eSecurity Planet) In late December of 2012, security firm FireEye discovered a zero-day attack that affected Microsoft IE. Microsoft fixed the issue in an out-of-band MS13-008 emergency patch that was issued in January. In May of 2013, FireEye found yet another zero-day
Security Patches, Mitigations, and Software Updates
Cyber attacks to surge in Gulf(gulfnews.com) A study by Trend Micro shows that cybercriminals are expected to continue generating even more profit by selling stolen user data as mobile payments are predicted to reach $1.3 trillion (Dh4.7 trillion) annually by 2017. "In 2013, IT managers in the
States' top cyber challenge remains spear phishing(Government Technology) Last fall, one Huffington Post headline read: "White House Hacked In Cyber Attack That Used Spear-Phishing To Crack Unclassified Network." Earlier this year, the Federal Times led with the article: Feds' chief cyberthreat: spear phishing attacks. They described it this way: "The weapon of choice for most cyber hackers is a malicious email disguised as a friendly email." Yes, spear phishing is hot all over the USA - very hot
Get serious about preparing for cybercrime(InvestmentNews) Michael Hayden, the former head of the National Security Agency, estimated that including the theft of intellectual property, the cost was more than $1 trillion. Most of these attacks are aimed at government departments and agencies; at corporations
'Phl growth vulnerable to cyber attacks'(Philippine Star) "For example, if the banking and financing system is paralyzed by a cyber attack, you can imagine the cost in terms of millions of pesos and dollars per minute or per hour," De Leon said in an interview. "This (threat) can really affect our economy and
Don't become a cyber victim(Hong Kong Standard) Large-scale financial cyber crimes and state-affiliated espionage dominated the security landscape last year, revealed the report by Verizon, a leading US broadband provider. Espionage took up about 20 percent of the cases, while three out of every
IBM to acquire cloud firm SoftLayer(ZDNet) IBM said on Tuesday it is buying SoftLayer, as the computing giant aims to bolster its cloud computing efforts. While financial terms of the deal were not disclosed, The Wall Street Journal said the acquisition is worth around $2 billion, citing a person familiar with the deal
Meet Eugene Kaspersky: the man on a mission to wage war against - and kill - the computer virus(Sydney Morning Herald) He's a virus killer whose name can be found inside tens of millions of computers worldwide - and he sees vistas of cyber-warfare everywhere he looks. The FBI trusts him, even though he also counts Russia's Federal Security Service (FSB), the successor to the KGB, as a client. Given that Eugene Kaspersky's company, Kaspersky Lab, is well on its way to becoming the dominant player in the world of computer security, it's perhaps not surprising that the 47-year-old Muscovite believes that cyber-crime, in all its hues, is currently the biggest threat facing the global economy. It's big business
ANALYSIS: Consulting giant jumps into vendor game(USA Today) The latest manifestation: Deloitte on Thursday announced the acquisition of cyber monitoring and threat intelligence provider Vigilant. So now a consulting giant has joined venture capitalists and equity firms in placing big bets in the cybersecurity
Dell special committee recommends original deal(FierceFinance) As Carl Icahn and Southeastern Asset Management agitated for a better deal for Dell, it seemed for a moment that Michael Dell and Silver Lake would have to sweeten their bid. But then came more indications that the computer market was in disarray, and Michael Dell's offer started to look better
Goldman Sachs vs. Bloomberg in battle of heavyweights(FierceFinance) The high-stakes controversy over Bloomberg terminals began with a Goldman Sachs executive voicing reservations to her boss about a Bloomberg employee's questions concerning the whereabouts of another executive. The reporter had noted that the executive hadn't logged into his terminal in a while
9 Anti-Hacking Rock Stars Who Toil In The Shadows At Apple (AAPL)(San Francisco Chronicle) Also leads Apple's cooperative R&D agreement with the National Security Agency, which began in 2005, according to his LinkedIn profile. Background: He joined Apple as a senior systems engineer working with federal government and intelligence agencies
Silicon Valley at Front Line of Global Cyber War(ABC News) The U.S. government has stepped up efforts to thwart cyber-attacks, but those efforts are mainly focused at protecting its own secrets, especially regarding military operations and technologies. Paul Rosenzweig, a former Department of Homeland Security
From Left, Right And Center, Analysts Beg DoD To Tackle Overhead Costs(FederalNewsRadio.com) Prominent defense experts from across the political spectrum are lining up behind a new call to reduce overhead in the Defense Department's budget, saying that without fundamental management changes, internal bureaucratic costs are destined to crowd out the basic nuts and bolts of running a military in the not-too-distant future
Products, Services, and Solutions
Cavium Announces New Low Power Dual And Quad Core OCTEON® III(Daily Markets) These low-power processor families are the world's first to include up to 4 MIPS64 cores with full hardware virtualization, Deep Packet Inspection (DPI), Packet processing, Security and QOS capabilities in a highly integrated System on a Chip
General Dynamics Expands Into Malware Detection And Analysis(Dark Reading) General Dynamics Fidelis Cybersecurity Solutions today plans to roll out a new malware and botnet detection and analysis appliance that extends its deep packet inspection technology to root out incoming malicious content from email, files and Web traffic
Knowing where to look for the owner of an offending IP address(Internet Storm Center) We often see how attackers try to exploit our information assets in our company, coming from inside and outside the company. When you locate an internal IP address trying to affect things, it's easy to locate if you have information security controls like Network Access Control (NAC), Dynamic Host Configuration Protocol (DHCP), Firewalls and Network IPS. Problem is: what should we do if the offending ip address is outside in the Internet? There are five Regional Internet Registry (RIR) entities in the world. For their region, they assign IP address for IPV4, IPV6 and autonomous system numbers
Defeating Internet Blocking With Lahana VPN-Tor Bridge(Threatpost) As the anti-government protests in Turkey have escalated in the last few days, privacy activists and security experts have begun working on ways to help people inside Turkey get reliable access to the Internet and privacy tools such as Tor. A security researcher over the weekend released a new tool called Lahana that enables users
Cryptography as a means to counter Internet censorship(The Hindu) George Orwell's depiction of dystopia in his classic 1984, a society devoid of privacy, may have seemed like an exaggeration in 1949. But, with technology intruding deep into our lives today, we may actually be heading into a less obvious version of a
Interoperability, portability standards to advance cloud adoption, raise questions, says Messina(FierceGovIT) A major obstacle to moving to the cloud is the worry that a client will become trapped or locked in to a single service and unable to transfer data. But in the next 3 to 5 years a tremendous amount of focus will go toward developing interoperability standards for cloud computing, which will encourage broader adoption of cloud computing, said John Messina, a National Institute of Standards and Technology computer scientist and co-chair of the cloud computing reference architecture working group
Quantum encryption: It's not unbreakable "perfect" cryptography(ITProPortal) In theory, we've had this licked for hundreds of years. We've long known how to create totally unbreakable encryption, ciphers so strong that no amount of modern supercomputing power could brute force its way into your grocery list, if you really
MSU cyber operations education earns federal designation(Mississippi Business Journal) The National Security Agency and U.S. Cyber Command have designated Mississippi State University as a Center of Academic Excellence in cyber operations. The certification comes after a rigorous, two-year application process by faculty in
Colleges expand programs as cybersecurity threats grow(USA Today) Fueled by an increase in cyber attacks on critical infrastructure -- nearly 200 last year compared with fewer than a dozen in 2009, the federal Department of Homeland Security says -- cybersecurity has become among the hottest job markets
Professors Are About to Get an Online Education(Wall Street Journal) Anyone who cares about America's shortage of computer-science experts should cheer the recent news out of Georgia Tech. The Atlanta university is making major waves in business and higher education with its May 14 announcement that the college will offer the first online master's degree in computer science--and that the degree can be had for a quarter of the cost of a typical on-campus degree. Many other universities are experimenting with open online courses, or MOOCs, but Georgia Tech's move raises the bar significantly by offering full credit in a graduate program
Sekeramayi says Zimbabwe under cyber attack(Nehanda Radio) State Security Minister Sydney Sekeramayi believes the country is under cyber attack and ill-equipped to deal with the problem due to lack of resources. Minister of State for National Security Sydney Sekeramayi. Sydney Sekeremayi
NATO takes up cyber-defense as threat grows(GMA News) There is no intention to develop "offensive capacities," the official said, adding that of NATO's 28 members, 23 have already signed up to exchange information and help in the event of a cyber-attack. One diplomat noted that NATO had a special problem
Cyber theft: A hard war to wage(Financial Times) Washington is angry. Really angry. It is just not sure what to do about it. US officials have accused Chinese hackers of stealing corporate trade secrets since the mid-2000s but during the past few months the outrage has reached a political tipping point. cyber security has been thrust to the top of the agenda in US-China relations
China, US agree to talks on cyber theft and espionage(Sydney Morning Herald) General Keith Alexander, head of the US Cyber Command and director of the National Security Agency, has said the attacks have resulted in the ''greatest transfer of wealth in history''. Hackers have stolen a variety of secrets, including negotiating
Chinese cyber attack on US casts shadow on Obama-Xi meet(Firstpost) A shirt-sleeves summit between the world's two top economic powers is shaping up as anything but relaxing, with an assertive new Chinese leadership seeking a bigger place at the global table and the United States pushing back, especially in
China Partners US To Fight Cyber Attack(CHANNELS) U.S. Defense Secretary Chuck Hagel briefly mentioned U.S. concerns about the rising threats of cyber-attack, and China's alleged role in cyber spying at the Shangri-La Dialogue in Singapore. In response, spokesman Hong Lei stressed at the press
PortfolioStat reflects OMB concerns with CIO authority(FierceGovIT) A relatively large concern of the Office of Management and Budget's PortfolioStat has been authority of agency chief information officers, show documents obtained by FierceGovernmentIT through the Freedom of Information Act
Why Is the Department of Homeland Security Monitoring Tea Party(theTrumpet.com) In a white paper presented to the House Permanent Select Committee on Intelligence, the Department of Homeland Security is encouraged to evolve into a federalized police force that can monitor Americans in any town and prevent threats from fellow
The Growing Cyber Threat: Is Anyone Truly Safe?(HSToday) U.S law enforcement agencies, the National Security Agency, U.S. Cyber Command and the Department of Homeland Security are all working together on the issue, he added. The growing cyber threat affects all levels of society, from individuals having
Cyber Security Calls for Partnering(Electric Co-op Today) NRECA met with top officials at the Department of Energy and the Department of Homeland Security on cyber security, a top-of-mind issue where federal and co-op relations will be key to protecting the nation's power grid
Fighting cyber fraud - a delicate balance for democracy(UKauthorITy.com) The flip-side of fighting cyber-fraud threats to public services will inevitably involve extensive monitoring of online activity that is bound to cause friction with privacy campaigners, the panel heard at the UKAtv Live debate, "Fighting cyber fraud
Army releases new leaders' handbook on cybersecurity(OODA Loop) Currently, all Army commands are developing Information Assurance/Cybersecurity awareness training to address areas of weakness identified by the Army Information Assurance Self-Assessment Tool. During the Army Cybersecurity Awareness Week, Oct
Litigation, Investigation, and Law Enforcement
Cyber crime: Without a trace(Financial Times) Shortly before the closure of Liberty Reserve, the Department of Homeland Security seized the US bank accounts of the largest Bitcoin exchange because the owner failed to register it correctly. When the authorities raided Mr Budovsky's home in a gated
Cyber attack hacker faces prison time(Acumin) Cyber attack hacker faces prison time. A man who conducted a cyber attack on intelligence company Stratfor in 2011 could spend up to a decade in prison after pleading guilty at a court in New York. Jeremy Hammond, 28, admitted to stealing information
Malaysian exchangers helped hide paper trail for world's largest cyber money-launderer(The Malaysian Insider) Money exchangers based in Malaysia played a key role in hiding the paper trail for Liberty Reserve, the global, virtual "bank of choice" for identity thieves, drug traffickers, computer hackers and child pornographers, whose founders and workers were indicted this week by US authorities for being the world's largest cyber money laundering operation
Fake payment phishers busted in South Africa(Naked Security) It's more Cape of Storms than it is Cape of Good Hope for an alleged phishing gang reportedly busted in Cape Town in South Africa's Western Cape. The gang supposedly used a mixture of email and SMS to lure their victims into giving away
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Consumerization of IT in the Enterprise Conference and Expo(San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise.
Pen Test Berlin 2013(Berlin, Germany, June 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations...
CyCon 2013: 5th International Conference on Cyber Conflict(Tallinn, Estonia, June 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical,...
NSA SIGINT Development Conference 2013(Fort Meade, Maryland, USA, June 4 - 5, 2013) The National Security Agency is responsible for providing foreign Signals Intelligence (SIGINT) to our nation's policy-makers and military forces. SIGINT plays a vital role in our national security by...
U.S. Census IT Security Conference and Exposition(Suitland, Maryland, USA, June 5, 2013) The Census Bureau's Information Technology Security Office (ITSO) and the Census Bureau's Data Stewardship Office is putting together a series of workshops on 'Information Security' and 'protecting your...
Capital Connection 2013(Washington, DC, USA, June 5 - 6, 2013) Capital Connection™, a MAVA premier event, is designed for seasoned executives, entrepreneurs, and investors at all stages to come together under one roof to expand their innovations, create industry connections,...
RSA Conference Asia Pacific 2013(Singapore, June 5 - 6, 2013) Join your fellow information security professionals at the inaugural RSA Conference Asia Pacific, where we'll be discussing security issues from both a global and Asia Pacific perspective. Delegates will...
29th Annual INSA William Oliver Baker Award Dinner(Washington, DC, USA, June 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.
2013 Cybersecurity Innovation Expo(Baltimore, Maryland, USA, June 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and...
CISSE 17th Annual Colloquium(Mobile, Alabama, USA, June 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
3rd annual Cyber Security Summit(, January 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year,...
NovaSec!(McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...
Suits and Spooks La Jolla 2013(LaJolla, California, USA, June 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris(Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...
2013 ICAM Information Day and Expo(Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now(Laurel, Maryland, Sioux Falls, June 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium.
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.