Turkish authorities struggle to contain ongoing unrest, which is accompanied and enabled by cyber rioting—twenty-five people have been arrested for using Twitter. Dissidents show growing technological sophistication in their use of anti-censorship apps as they continue to deface government sites.
NetTraveler, the Chinese espionage tool Kaspersky uncovered this week, has been active since 2004. India and the US appear to have been the major targets, but the spyware has been found in systems worldwide. Infected Word documents were an important NetTraveler vector. University of Toronto researchers, confirming earlier accounts of sitcom workplace anomie, describe Chinese espionage network security as "sloppy"—take from this such encouragement as you may.
The US and China exchange mutual cyber recriminations during the run-up to this week's summit, but both sides also express hopes for positive cooperation going forward. The UK considers strong security measures against Chinese hardware manufacturers (notably Huawei), possibly requiring extensive vetting similar to what the US Congress voted to impose earlier this year.
A Plesk vulnerability places Apache websites at risk—an exploit is publicly available. A backdoor master boot record wiper threatens German users. Google publishes a Windows zero-day.
New security patches address issues in Chrome, OSX, Safari, and Schneider SCADA products. Industry observers remain skeptical of Oracle's new approach to Java security.
Purdue researchers demonstrate "temporal cloaking" as a technique for hiding signals. Wired calls DARPA's Plan X Angry Birds for cyber war.
The US Government is sifting Verizon phone records as part of a three-month security sweep.
Today's issue includes events affecting China, European Union, France, Germany, India, Israel, Saudi Arabia, Turkey, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Social Media Is "Worst Menace To Society" Says Turkey PM, 25 Twitter Users Arrested(TechCrunch) Turkish authorities have arrested 25 protesters for the high crime of using Twitter. Amid widespread violent clashes, police rounded up netizens on Tuesday night for "spreading untrue information." Embattled Turkey Prime Minister Recep Tayyip Erdoğan has labeled social media "the worst menace to society," saying of Twitter, "The best example of lies can be found there."
#OpTurkey: Grand National Assembly of Turkey Website Hacked, Login details Leaked by China Blue Army(Hack Read) Just couple of hours ago I reported a breach conducted by China Blue Army on Shalom Hartman Institute of Israel, the same group has now started participating in ongoing #OpTurkey by breaching into the official website of Grand National Assembly of Turkey. As a result of breach the hackers were able to access the server of Turkish Grand National Assembly and compromising sensitive login information
Shalom Hartman Institute of Israel Hacked, 200 login accounts leaked by China Blue Army(Hack Read) A group of hackers from China Blue Army are claiming to breach the official website of Shalom Hartman Institute of Israel (hartman.org.il), ending up with leaking login credentials of around 200 Israelis online. Hackers who contacted me via Twitter shows that data has been dumped online on Pastebin along with a message, targeted and vulnerable link of Shalom Hartman Institute of Israel
India prime target of Chinese cyber-espionage: Kaspersky(The Hindu) India has been a prime target of a Chinese cyber-espionage campaign that has been active for at least eight years, according to Russia's leading IT security provider. A report released by the Kaspersky Global Research and Analysis Lab said an ongoing
Red Star: Another advanced hacking crew from China is revealed(Foreign Policy) In the spirit of last February's report by Mandiant detailing the exploits of a Chinese-government-linked hacker group, Russian IT security giant Kaspersky Lab today released a report on another sophisticated Chinese cyber-espionage outfit, dubbed the
Backdoor Wipes MBR, Locks Screen(TrendLabs Security Intelligence) German users are at risk of having their systems rendered unusable by a malware that we're seeing being sent via spam messages. This particular malware, on top of its ability to remotely control an affected system, is able to wipe out the Master Boot Record – a routine that had previously caused a great crisis in South Korea
Google researchers publish Windows 0-day exploit(Help Net Security) Less than two weeks after Google researcher Tavis Ormandy released information about a new Windows zero-day vulnerability on the Full Disclosure mailing list and asked for help in creating an exploit
Is data fragmentation putting businesses at risk?(Help Net Security) IT managers believe that fragmentation of corporate data across their IT infrastructure and an emerging 'Shadow IT' network of user devices or consumer cloud services outside their control, is putting
Security Patches, Mitigations, and Software Updates
BIND 9 Update fixing CVE-2013-3919(Internet Storm Center) Today BIND9 received an update fixing a "recursive resolver with a RUNTIME_CHECK error in resolver.c"  Affected versions are BIND 9.6-ESV-R9, 9.8.5, and 9.9.3. The rated CVSS on this one is 7.8
Schneider Patches 18-Month Old SCADA Bugs(Threatpost) More than 18 months after a security researcher revealed a long list of vulnerabilities in its SCADA products, Schneider Electric has released patches for a subset of those bugs for a couple of the affected products
Google Ships 12 Security Patches in Latest Chrome Update(Threatpost) Google released a stable channel update for its Chrome browser yesterday, resolving 12 vulnerabilities, one of which one was considered 'critical', Google's most severe rating, ten of which received second most severe 'high' ratings, and one receiving a third-in-line 'medium' rating
Apple's OS X and Safari get biggish security fixes(Naked Security) Apple has published updates for all supported versions of OS X and for Safari version 6. A largish number of remote code execution vulnerabilities have been patched, so these aren't just cosmetic fixes
Negligence, Glitches Push Up Cost Of Breaches Worldwide(Dark Reading) The costs of data breaches inched up globally, but in the U.S. companies have managed to continue bringing breach costs down, according to the eighth annual Cost of Data Breach Study out this week. Conducted by Ponemon Institute on behalf of Symantec, the study found that mistakes and human errors accounted for the bulk of all breaches studied, but malicious or criminal attacks costs businesses more when they are at the root of breaches
Huawei faces UK heat over cyber-attack fears(The Australian) TELECOMS equipment made by Chinese companies should be independently tested by the British government to guard against cyber-attacks, an intelligence report says
David Cameron warned of cyber attack threat(ITV News) Telecoms equipment made by Chinese firms should be independently tested by security services in order to protect against cyber attack, the Prime Minister has been warned. The key role played by the Chinese company Huawei in Britain's telecoms network
Lunarline Provides Beckman Coulter with Air Force DIACAP Services(PRNewswire) Lunarline was recently contracted by Beckman Coulter to provide cyber security services, specifically certification and accreditation, by way of the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) for one of their cutting edge custom remote management systems. As part of the support, Lunarline will be assisting in hardening the system to meet department wide standards and requirements, as well as individual military department specifications in order to support deployment of their solution eventually across the DoD
CACI, Be Informed Partner to Offer Agencies Cloud Service(GovConWire) CACI International (NYSE:CACI) and business software maker Be Informed have started developing a cloud computing-based platform intended to help federal agencies deliver services to the public. The companies plan to build an on-site software-as-a-service system for agencies to communicate with citizens, gather stakeholder information and fulfill regulatory measures, CACI said Tuesday
Jane Snowdon Named IBM Federal Chief Innovation Officer(GovConWire) Jane Snowdon Dr. Jane Snowdon, a 17-year veteran of IBM Research (NYSE: IBM), has been appointed to the newly-created position of chief innovation officer for the company's U.S. federal business unit, Information Week reports
Salesforce acquires email company ExactTarget for $2.5B(FierceCMO) Salesforce.com has agreed to purchase ExactTarget for $2.5 billion in cash. The acquisition is Salesforce's biggest ever and is designed to beef up its marketing cloud offerings with ExactTarget's marketing technology, which includes primarily email, but also social and mobile
Dell faces tough road ahead(FierceFinance) Dell is in a tough spot. On the one hand, it has a difficult business to run, so it has to project the aura of a winning company with cool products. It has to be a company with a bright future
'A new war'(Washington Jewish Week) Israeli cyber-security firms meet potential investors and strategic partners. "We're always looking for innovative partners," said Ed Jaehne, chief strategy officer for KeyW Corporation. It's for that reason that Jaehne - and about 100 other local entrepreneurs and investors - showed up on May 29 for the Maryland/Israel Development Center's (MIDC) Cyber Security Forum
AirWatch updates Secure Content Locker(FierceContentManagement) This week, AirWatch--which has developed a variety of mobile management tools--released the latest version of its Secure Content Locker, a tool that provides a way to control key documents when they go in motion
Spooks nicking your tech? What you need is THE CLOUD - NSA boss(Register) General Keith Alexander, National Security Agency (NSA) director and commander of US Cyber Command, made his comments during the NATO-organised CyCon conference in Estonia today. "Theft of intellectual property has resulted in the greatest transfer
Flaws in the Carbon Layer: Is a Penetration Test Without a Social Engineering Component Really a Penetration Test?(StoreFrontBackTalk) Every QSA gets asked the same question about penetration testing: What is acceptable (translation: what is the least I can do) for PCI compliance? In the current environment of criminal (and state-sponsored) hacking, that is the wrong question. Instead retailers should ask: How do I get the greatest value from the penetration testing I am already required to do? I would like to make the point that at least part of the answer is for every retailer and payment card merchant to include some form of social engineering as a part of their pen testing
Celebrate Internet Safety Month this June - Stay Safe Online All Summer(MarketWatch) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is celebrating Internet Safety Month this June by encouraging all digital users to STOP. THINK. CONNECT. when accessing the Web. Summer break brings increased Internet use and NCSA advises everyone to take security measures, understand the consequences of their behavior and actions and enjoy the benefits of the Internet
A major cyber threat to critical infrastructures is from…the electric utilities(Control) Critical infrastructures include water, oil/gas, pipelines, chemicals, manufacturing, telecommunications, transportation, etc. Their continued operation requires the electric utility industry to be available. However, the electric utility industry is also a cyber threat to all of those end-users. That threat is Aurora. As a result, Aurora throws the traditional concept of interdependencies on its ear
This Pentagon Project Makes Cyberwar as Easy as Angry Birds(Wired) The target computer is picked. The order to strike has been given. All it takes is a finger swipe and a few taps of the touchscreen, and the cyberattack is prepped to begin. For the last year, the Pentagon's top technologists have been working on a program that will make cyberwarfare relatively easy. It's called Plan X. And if this demo looks like a videogame or sci-fi movie or a sleek Silicon Valley production, that's no accident. It was built by the designers behind some of Apple's most famous computers — with assistance from the illustrators who helped bring Transformers to the silver screen
Motorola ponders cybersecurity via tattoo, pill(GMA News) At the D11 conference, Motorola said the tattoo and an FDA-approved pill may make the human body transmit passwords to smart devices, Bitdefender reported. "It means my arms are like wires, my hands are like alligator clips, and when I touch my phone
Biostamps - freedom from password tyranny, or Hollywood science?(Naked Security) Last week Motorola execs showed off experimental biostamps - digital "tattoos" capable of authenticating you to your phone. Could this be the ultimate solution to the problem of authentication and passwords, or is it just a sci-fi pipe dream?
Stonesoft certification at ESIEA starting autumn 2013(4-Traders) Stonesoft, the specialist in cyber security, and ESIEA, French state-recognized Graduate Engineering school, have signed an ETS (Educational Training Site) agreement to include Stonesoft ANSSI-qualified solution certification in the education curriculum of the school
Congress questions details of STEM reorganization(FierceGovernment) The administration's plan to reorganize science, technology, engineering and math education programs--cutting the number of programs from 226 to 110 while increasing funding by 6 percent in fiscal 2014--came under scrutiny Tuesday during a hearing before the House Science, Space and Technology Committee
Telecommunications Supply Chain is Safe—for Now(SIGNAL Magazine) Concerns about the telecommunications supply chain have led U.S. network providers to institute extensive security procedures, but government officials are looking at establishing formal guidelines for procuring network components overseas—for better or worse
Government Has A False Sense Of Cybersecurity(Investor's Business Daily) If our military is unable to counter the serious cyber threats that exist today, it's hard to believe that bureaucrats at the Department of Homeland Security can improve our cyber defense with additional regulatory powers tomorrow. With trust in
Saudi Arabia bans Viber web communication tool(Emirates 24/7) Viber allows subscribers to make free calls, send instant messages and share files over the Internet. Saudi Arabia's telecom regulator has banned use of the web-based communication application Viber, which is hard for the state to monitor and deprives licensed telecom companies of revenue from international calls and texts
Net neutrality soon to be on EU's agenda(Help Net Security) Lack of regulation has contributed much to the success of the Internet, and made it a hotbed for new ideas. But there are some things that should be regulated and enforced in order for it to remain
Obama To Press Xi On Cyber Attacks(Los Angeles Times) In January 2010, when Google accused Chinese hackers of infiltrating its network to track emails of human rights activists, the Obama administration didn't disclose what U.S. diplomats in Beijing believed: China's Politburo had directed the attack
China Calls Out U.S. for Hacking(Threatpost) The predominant narrative among U.S. officials and cybersecurity experts is that Chinese hackers, allegedly at the behest of their government, are thoroughly compromising the computer networks of American government, defense, and public sector organizations in order to steal any valuable data found within them on a daily basis. What you don't hear so often, though we'd be remiss to ignore it and you'd be a fool not to believe it, is that the U.S. is doing the same exact thing to China
Hash Value: Authentication adn Adminissibility in Indian Perspective(Ground Report) Hash value plays a significant role in establishing the authenticity and integrity of data/evidence in the digital world particularly in Cryptography, Data Analyses and Forensic Imaging etc. Hash Value popularly known as Fingerprint of data is the crucial single factors which not only authenticate the integrity of data but also play crucial role in the validation of the forensic processes & equipments used for the forensic examination
Visa To Genesco: PCI Compliance? What PCI Compliance?(StoreFrontBackTalk) The predictable other shoe has dropped (please forgive that heel of a play on words) in the legal battle between apparel chain Genesco (NYSE: GCO) and Visa over PCI penalties, with Visa officially asking a federal judge to dismiss the retailer's lawsuit. The $2.6 billion Genesco chain, which owns Journeys, Lids and Johnston & Murphy, had been breached in 2010 and later had to reimburse its acquiring bank for about $13 million in fines charged by Visa. It sued Visa—with its acquirer's permission and blessing—saying that it hadn't violated any PCI rules
White House defends Verizon phone record collection(Baltimore Sun) The Obama administration on Thursday acknowledged that it is collecting a massive amount of telephone records from at least one carrier, reopening the debate over privacy even as it defended the practice as necessary to protect Americans against attack
Sweep of digital wiretapping too broad, says human rights report(FierceGovernmentIT) Coincidentally, British newspaper The Guardian published June 5 an article revealing a top secret order from the U.S. Foreign Intelligence Surveillance Court directing American telecommunications provider Verizon to provide the FBI all telephony metadata recorded by its Business Network Services unit for a 3 month period ending July 19
FAS management pressured officers to award contracts(FierceGovernment) The Federal Acquisition Service overrode its contracting officers and pressured them to extend or award schedules contracts based on complaints from contractors, a June 4 General Services Administration office of inspector general report says
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Pen Test Berlin 2013(Berlin, Germany, June 3 - 9, 2013) SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlin's River Spree. SANS will offer penetration testing courses as well as a series of presentations...
CyCon 2013: 5th International Conference on Cyber Conflict(Tallinn, Estonia, June 4 - 7, 2013) CyCon 2013 is an annual NATO Cooperative Cyber Defence Centre of Excellence conference that is conducted with the technical cooperation of the IEEE Estonia Section. CyCon 2013 will focus on the technical,...
Capital Connection 2013(Washington, DC, USA, June 5 - 6, 2013) Capital Connection™, a MAVA premier event, is designed for seasoned executives, entrepreneurs, and investors at all stages to come together under one roof to expand their innovations, create industry connections,...
RSA Conference Asia Pacific 2013(Singapore, June 5 - 6, 2013) Join your fellow information security professionals at the inaugural RSA Conference Asia Pacific, where we'll be discussing security issues from both a global and Asia Pacific perspective. Delegates will...
29th Annual INSA William Oliver Baker Award Dinner(Washington, DC, USA, June 7, 2013) his year's awardee is General Michael V. Hayden, former Director of the Central Intelligence Agency and the National Security Agency. Registration is now open and tables are available for purchase.
2013 Cybersecurity Innovation Expo(Baltimore, Maryland, USA, June 10 - 13, 2013) Do not miss the opportunity to participate in the 2013 Cyber Innovation Forum with active participation from National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and...
CISSE 17th Annual Colloquium(Mobile, Alabama, USA, June 10 - 13, 2013) The Colloquium for Information Systems Security Education will meed in Mobile to discuss topics of great interest to our community, including cyber security education, certification, and accreditation.
3rd annual Cyber Security Summit(, January 1, 1970) Over the last 2 years, the summit has gathered 150+ senior Defence, National Security and Industry executives to address current and emerging cyber threats to Australia's security. Now in its 3rd year,...
NovaSec!(McLean, Virginia, USA, June 13, 2013) NovaSec! is Northern Virginia's largest Cybersecurity and physical security networking event of the year. We are bringing together security professionals from commercial and government organizations with...
Suits and Spooks La Jolla 2013(LaJolla, California, USA, June 15 - 16, 2013) Exploring Cyber Warfighting and Threat Mitigation for Corporations and Governments. The original concept for this event was to look at what special operations forces and corporate CERTs or SOCs have in...
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris(Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...
2013 ICAM Information Day and Expo(Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now(Laurel, Maryland, Sioux Falls, June 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium.
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.