Britain's GCHQ's motive in intercepting G20 diplomats' messages is said to have been the traditional one: gain the UK a negotiating advantage. In the US, Apple and Yahoo describe their involvement in NSA surveillance. Whoever's behind the NetTraveler cyber espionage campaign is now using PRISM stories as bait.
Unrest in Brazil and Turkey is accompanied by hacktivist exploits. Indian bank accounts are hacked (and robbed) from Greece.
A Tactical Network Solutions researcher says he'll reveal significant surveillance camera vulnerabilities at Black Hat. A new iFrames obfuscation tool is offered for sale on the cyber black market, and more malware is hiding its activity in peer-to-peer communications. Old, unpatched SAP deployments are found to render many business systems vulnerable to exploitation.
Companies seek better employee vetting as they react to the PRISM affair, but lawyers caution too-enthusiastic exploration of potential hires' social media presence risks violation of anti-discrimination laws.
President Obama has now publicly defended NSA surveillance programs. More details of how such surveillance might work—and fresh suspicions about its scope—surface.
The US Department of Homeland Security (DHS) draws this lesson from the PRISM affair: it wishes it could do what the NSA did. (Also, the Public Affairs Council thinks DHS should do more to combat conspiracy theories. Similar cognitive dissonance appears in Canada, whose Privacy Commissioner decides, amid concerns about government overreach into citizens' privacy, that tightening privacy regulations on private companies is of first importance.)
Dutch and Belgian police catch smugglers betrayed by their own shipment-tracking hacks.
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, Germany, Greece, India, Netherlands, Russia, Turkey, United Kingdom, United States..
Evidence that the NSA Is Storing Voice Content, Not Just Metadata(Schneier on Security) Interesting speculation that the NSA is storing everyone's phone calls, and not just metadata. Definitely worth reading. I expressed skepticism about this just a month ago. My assumption had always been that everyone's compressed voice calls is just too much data to move around and store. Now, I don't know
It's not just metadata. The NSA is getting everything.(Rubbing ALcoholic) Read between the lines in Sen. Feinstein's carefully-crafted press statement. After a closed Senate briefing today, Senate Intelligence Committee leader Dianne Feinstein talked up the vast system of checks and balances protecting Americans from unwarranted dragnet surveillance by the NSA. She said (emphasis added)
Why Was Apple Late To The PRISM Party?(TechCrunch) If there's one striking thing about those PRISM slides, other than their hideous aesthetics, it's that Apple's allocated yellow oval, instead of a date, has the words "(added Oct 2012)" underneath it. That difference is most striking when you consider the fact that Apple competitor Microsoft cooperated with the government a full five years earlier
PalTalk: It Was 'Flattering' To Be Included In The PRISM Slidedeck(TechCrunch) The eyesore of a PowerPoint deck that contractor Edward Snowden had leaked had globally recognized names: Microsoft. Google. Yahoo. Facebook. Apple. AOL. Skype. YouTube. The NSA had allegedly collaborated with all of these Internet giants to request and access data on foreign users. But then there was also PalTalk. WTF? Even Stephen Colbert ribbed them last week. "You heard right
Mumbai Police Bank Accounts Hacked(eSecurity Planet) A skimming device was placed on an ATM next door to police headquarters, and thousands of dollars were then withdrawn from ATMs in Greece
225 Turkish Websites Hacked by Kurdish Hackers(Hack Read) While scrolling Zone-h, I got hold of a hack where a group of Kurdish hacker going with the handle of ColdHackers has hacked and defaced 225+ Turkish websites. All hacked sites were left with a deface page along with a message in Turkish language, explaining the reason for attacking Turkish sites, according to which
NetTraveler Attackers Using NSA PRISM Program as Bait(Threatpost) Never let it be said that attackers don't keep up with the news. The crew behind the NetTraveler cyberespionage attacks is now using the news about the NSA's PRISM surveillance program as bait in a new spear-phishing campaign. Security researcher Brandon Dixon of 9bplus came across a malicious email this week that plays off the
Scores of vulnerable SAP deployments uncovered(SC Magazine) Scan finds critical systems unpatched, facing the public web. Hundreds of organisations have been detected running dangerously vulnerable versions of SAP that are more than seven years old
Rogue ads target EU users, expose them to Win32/Toolbar.SearchSuite through the KingTranslate PUA(Webroot Threat Blog) Who would need a virtually unknown, but supposedly free, desktop based application in order to translate texts between multiple languages? Tens of thousands of socially engineered European ads, who continue getting exposed to the rogue ads served through Yieldmanager's network, are promoting more Potentially Unwanted Applications (PUAs) courtesy of Bandoo Media Inc and their subsidiary Koyote-Lab Inc
New boutique iFrame crypting service spotted in the wild(Webroot Threat Blog) In a series of blog posts shedding more light into the emergence of the boutique cybercrime 'enterprise', we've been profiling underground market propositions that continue populating the cybercrime ecosystem on a daily basis, but fail to result in any widespread damage or introduce potential ecosystem disrupting features. Despite these observations, the novice cybercriminals behind them continue earning revenue from fellow cybercriminals, continue generating and maintaining their botnets, and, just like small businesses in a legitimate economy model, continue to collectively occupy a significant market share within the cybercrime ecosystem
Researcher finds latest Office zero-day was first used in 2009(CSO Magazine) Microsoft patched an Office zero day flaw that was recently reported by Google's security team but may have been first exploited over three years ago. After releasing its customary fixes on Patch Tuesday cycle last week, Microsoft revealed that a flaw
Surveillance cameras can be hacked - who is watching you?(Infosecurity Magazine) A security expert has promised to reveal security flaws in thousands of surveillance cameras. He will not, he says, disclose the vulnerabilities to the vendors before his presentation at Black Hat, Las Vegas, starting 31 July
Palmer's company hit in cyber attack(Sky News) Mining magnate Clive Palmer says his company's computer systems were hacked and a laptop was stolen after he announced he was forming a political party
Why Cash is King in Today's Cyber World(SecurityWeek) There was a popular Aflac Insurance commercial series that ran several years ago featuring New York Yankee great Yogi Berra, known as much for his clever quips as his Hall of Fame baseball talents. In the spot Berra stated about the company, "they give you cash, which is just as good as money." Turns out Yogi may have been onto something because in today's cyber world, cash may be even better than money. Confused? Let me explain
Security Patches, Mitigations, and Software Updates
Oracle Improves Java Security – What It Means For End Users(TrendLabs Security Intelligence Blog) About two weeks ago, Oracle published a blog post describing – and promising – to improve the security of Java. Since then, I've been asked a few times: what exactly did they say, and what does it mean for end users
Americans gave away online privacy to advertisers long ago(Quartz) New stories surface every day detailing the National Security Agency's administration of secret programs designed to keep the US "safe" in an era of internet communication and global networks. Having a strong opinion on any particular set of details would be premature
It takes 10 hours to identify a security breach(Help Net Security) Businesses are vulnerable to security breaches due to their inability to properly analyze or store big data, according to McAfee. The ability to detect data breaches within minutes is critical in
Account takeover attempts have nearly doubled(Help Net Security) ThreatMetrix announced its Cybercrime Index, a series of Web fraud data aggregated from 1,500 customers, 9,000 websites and more than 1.7 billion cyber events. In a recent six-month snapshot ending
Global Telework on the Rise(The American Interest) Roughly 20 percent of the world's workforce works from home at least once a week. Via Meadia's telework coverage often focuses on the American experience, but remote working is frequently generating more success stories abroad. According to research done by Ipsos, China, Russia, Indonesia, Turkey, and Saudi Arabia all have larger percentages of workers working from home. South Africa and India lead the world in telework, with both countries having 32 percent of their workforce engaged in fulltime telecommuting, and 82 percent working remotely at least once a week
NSA leak case gives vendors reason to reevaluate personnel(FederalNewsRadio.com) Ryan, of course, is referring to Edward Snowden, the former Booz Allen Hamilton employee who leaked details of a classified surveillance program. Booz Allen Hamilton will not likely be subject to a suspension and debarment proceeding, Ryan said
NTT to Acquire Managed Security Services Provider Solutionary(Security Week) In a bid to enhance its end Cloud Services portfolio and security offerings, Japanese IT and telecommunications services giant NTT has agreed to acquire Solutionary, an Omaha, Nebraska-based Managed Security Services Provider for an undisclosed cash sum
STMicroelectronics Signs Comprehensive Agreement With Rambus(MarketWatch) For its part, ST has secured license terms from the Cryptography Research, Inc. (CRI) division of Rambus to make it possible for ST to deploy Differential Power Analysis (DPA) countermeasures and CryptoFirewall(TM) core security technology across a
Guidance Software Recognized as a Leader for E-Discovery Software(Sarbanes-Oxley Compliance Journal) Guidance Software, Inc. (NASDAQ: GUID), the World Leader in Digital Investigations™, has been named a "leader" in Gartner Inc.'s Magic Quadrant for e-discovery software, in its third annual industry report. Guidance Software's EnCase® eDiscovery has been placed in the leaders' quadrant every year since the report's inception
Technologies, Techniques, and Standards
Streamlining Coalition Mission Network Participation(SIGNAL Magazine) NATO and eight coalition nations participating in the Coalition Warrior Interoperability eXploration, eXperimentation and eXamination, eXercise (CWIX) are working to reduce the amount of time it takes to join coalition networks in the future
Vulnerability Disclosure – Open or Private?(TrendLabs Security Intelligence Blog) At the end of May, two Google security engineers announced Mountain View's new policy regarding zero-day bugs and disclosure. They strongly suggested that information about zero-day exploits currently in the wild should be released no more than seven days after the vendor has been notified. Ideally, the notification or patch should come from the vendor, but they also indicated that researchers should release the details themselves if the vendor was not forthcoming
Cloud data security: Share the responsibility, minimize the risks(TechTarget) "It's not a situation where you're absolved of the responsibility," said Jim Reavis, executive director of the Cloud Security Alliance, an organization that promotes best practices and training to improve cloud data security. "There's a fair amount of
How to Block the NSA From Your Friends List(Slate) After recent revelations of NSA spying, it's difficult to trust large Internet corporations like Facebook to host our online social networks. Facebook is one of nine companies tied to PRISM––perhaps the largest government surveillance effort in world history. Even before this story broke, many social media addicts had lost trust in the company. Maybe now they'll finally start thinking seriously about leaving the social network giant
Big Data causes big problems for security(Infosecurity Magazine) For enterprises, the ability to detect data breaches within minutes is critical in preventing data loss, yet only 35% of firms stated they have the ability to do this. The culprit? An ever-escalating array of data sources stemming from virtualization, anywhere, anytime work habits and an explosion of end-user devices and applications. In short, organizations around the world are finding themselves unable to harness the power of Big Data for security purposes
Healthcare attorney: 'Secure the human' to keep patient data safe(FierceHealthIT) For healthcare providers looking to ensure the security of electronic patient information, it's just as important to solidify employee knowledge as it is to encrypt data and implement improved IT solutions, said Lee Kim, an attorney with Pittsburgh-based firm Tucker Arensberg who also serves as chair of the mHIMSS Legal/Policy Taskforce
Design and Innovation
Graphical Tools Help Security Experts Track Cyber-Attacks in Real Time(eweek) Cyber-sleuths use tools that appear to have come straight out of a science fiction movie in their quest to detect attacks in time to raise defensive shields. The image on the screen shows a cyber-attack in progress, but it doesn't look like the rows of reports that you usually expect to see as event data flows from intrusion prevention systems, next-generation firewalls and security reporting systems
Spotting The Right Time To Innovate(InformationWeek) Everyone likes to talk about changing the game, but how do you actually see and shift the field? With every passing year, competitive intensity across industries seems to increase. The long-term impact of digitization, globalization and all other forms of connectivity in our hyper-networked world has shortened the half-life of innovations. Years ago, smart innovation plays could provide differentiation and lasting competitive advantage for a decade or more. Today, when we look at examples like the Flip camera, which went from dazzling to defunct in less than five years, or Blockbuster, which went from a market capitalization of $5 billion to roughly $300 million in less than a decade -- we're living in a fundamentally more dynamic (and deadly) era
Scientists working to develop most powerful cyber security(Business Standard) Hackers at present are able to intercept communications without the sender or recipient knowing, Morello added. But quantum cryptography will be able to prevent access by detecting hackers and destroying or altering messages as hackers try to obtain them
National Security Agency to reveal details of foiled plots(The Australian) The National Security Agency plans to reveal details about terror plots it says were thwarted by surveillance, part of an effort to assuage concern about is secret online snooping. In a rare move, the NSA wants to declassify what its director says were
Does the NSA Really Need "Direct Access"?(IEEE Spectrum) We're now well into the second stage of the controversy surrounding the allegations that the NSA is conducting large-scale surveillance of U.S. citizens. Whistleblower/leaker/traitor (the exact term varying according to individual opinion.) Edward Snowden is being scrutinized, as are the articles written by Glenn Greenwald for The Guardian newspaper
In Electronic Snooping, Level Of Oversight Is Key(Washington Post) Americans are learning what electronics whizzes and hackers have known all along--that computers and smartphones, which make our lives more productive and entertaining, have at the same time ended privacy as most of us have understood it
Put The Spies Back Under One Roof (New York Times) Congress must act now to re-establish a government-run intelligence service operating with proper oversight. The first step is to appoint an independent review board with no contractors on it to decide where the line for government work should be drawn. The best response to the Snowden affair is to reduce the size of our private intelligence army and make contract spying a thing of the past. Our democracy depends on it
Opinion: Obama, NSA deserve thanks(The Hill) We should congratulate President Obama and his National Security Agency director, Gen. Keith Alexander, for defending the NSA and the other intelligence agencies that have been working to protect us from another major terrorist attack
Obama Defends Broad Surveillance(Washington Post) President Obama defended his administrations right to engage in extensive surveillance of U.S. communications in an interview with PBS host Charlie Rose, saying the programs had disrupted multiple terrorist plots and had adequate checks and balances
In First NSA Interview, Obama Can't Confirm If Courts Ever Rejected Spying Requests(TechCrunch) President Obama finally took a sit-down interview on the National Security Agency scandal and we've pasted a partial transcript below. Disappointingly, most of it is (very) generic and defensive. But, there is one important takeaway: President Obama couldn't answer whether oversight courts (FISA) have ever rejected a single NSA spying request. PBS's Charlie Rose asked, pointedly
Spying on Foreigners is A Big Deal(Slate) As Edward Snowden has had more opportunity to talk, it's clear that one thing that bothers him about U.S. intelligence conduct is that something perfectly legal is happening—large-scale snooping on foreigners. And many Americans are going to shrug at that. The constitution is here to protect our rights, and spying on foreigners is exactly what the NSA is supposed to be doing
Apple, Facebook, Microsoft Detail Surveillance Requests(InformationWeek) Newly published information details the total number of government surveillance requests received; Google abstains, citing "a step back for users." Apple, Facebook and Microsoft, under fire from customers domestic and foreign, have received permission from the Department of Justice and FBI to detail the number of requests they've received for customer data from the U.S. government
Worried About PRISM? It's Just the Tip of the Surveillance Iceberg(Slate) The revelations of the highly classified National Security Agency program that takes records from Internet companies has received lots of attention recently. But it's really a small part of "a much more expansive and intrusive eavesdropping effort," notes the Associated Press. Those concerned that the U.S. government may be reading their emails should be more worried about a parallel NSA program that takes data straight from "the fiber optic cables that make up the Internet's backbone." But the existence of that program has been known for years
Watching the NSA Watchers(National Review) Congress may not be capable of keeping a check on our Byzantine bureaucracy. On Sunday, former vice president Dick Cheney addressed the dilemma many conservatives face in assessing the revelations about the National Security Agency's data collection. On the one hand, they are suspicious of the federal government. On the other, they often mute such concerns when it comes to anything touching on national security
Cyber Warfare: What Are the Rules?(Huffington Post) Cyber warfare occurs when one country perpetrates a cyber attack against another country that would to the reasonable person constitute a state act of war. This is the time to encourage dialog to explore and define what constitutes a cyber attack and
The German Prism: Berlin Wants to Spy Too(Spiegel) All of these motives probably play a role. The truth is that the Germans would love to be able to engage in more online espionage. Until now, the only thing missing has been the means to do so. Consequently, an outraged reaction from Berlin would have seemed fairly hypocritical
US, Russia create communications link on cyber security(The Australian Financial Review) The pact also establishes a formal channel through which the US Computer Emergency Readiness Team, run by the Department of Homeland Security, can exchange technical information with its Russian counterpart. Any shared data would be stripped of
DHS hopes get same cyber-spying powers as NSA(Daily Caller) Domestic spying capabilities used by the National Security Agency to collect massive amounts of data on American citizens could soon be available to the Department of Homeland Security — a bureaucracy with the power to arrest citizens that is not
Facts not enough for DHS to fight conspiracy theories(FierceHomelandSecurity) The Homeland Security Department needs to debunk falsehoods and conspiracy theories about it more aggressively, said Doug Pinkham, president of the Public Affairs Council, at a House hearing June 14
US Energy Department creates cybersecurity council(Infosecurity Magazine) The US Department of Energy is tackling cybersecurity for its various branches, including the National Nuclear Security Administration (NNSA), with a new cybersecurity council tasked with formulating best practices in the security arena
NPPD should do more to encourage FISMA compliance, evolve CyberScope, says OIG(Fierce Homeland Security) When the Homeland Security Department was designated in July 2010 as the lead agency to protect federal agencies' information systems and networks, the National Protection and Programs Directorate took on additional responsibilities. But a June 5 DHS Office of Inspector General report finds NPPD's Office of Cybersecurity and Communications has not fully met its obligations to improve the security posture of the dot-gov domain
Spygate Leaks Imperil State-Secrets Defense(Wired) First it was the President George W. Bush administration and then the President Barack Obama administration, which for years have been arguing in court that the state secrets privilege shields the government from lawsuits accusing it of siphoning Americans' electronic
Snowden Says He Can't Get A Fair U.S. Trial(Washington Post) Edward Snowden, who acknowledged leaking top-secret documents about extensive U.S. surveillance of telephone calls and Internet communications, claimed in an unusual live Web chat Monday that he sees no possibility of a fair trial in the United States and suggested that he would try to elude authorities as long as possible
Snowden Says Leaks Didn't Disclose U.S. Military Targets(Bloomberg) Edward Snowden, the former National Security Agency contractor who leaked classified documents about government surveillance programs, said he didn't reveal any U.S. operations "against legitimate military targets." I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous," Snowden said during an Internet question-and-answer session today on the website of U.K.'s Guardian newspaper
Who Is Edward Snowden? Background on NSA Leaker Emerges(Viral Read) He was a teenage aficionado of role-playing video games and Japanese anime cartoons who dropped out of high school and turned his avid interest in computer technology into a career that paid him more than $100,000 a year before he turned 30, living every nerd's dream with a beautiful girlfriend and a job in the tropical paradise of Hawaii
WikiLeaks Trial Focuses Army Email List(Yahoo) A huge database of troop names and email addresses an Army private allegedly downloaded to a personal computer could be used by foreign adversaries to launch cyberattacks on service members, a government witness said Monday as the trial of Pfc. Bradley Manning entered its third week
Chase, Citigroup among banks reportedly hacked in $15-million heist(Los Angeles Times) Hackers allegedly targeted 15 financial institutions, including JPMorgan Chase & Co., Citigroup Inc. and E-Trade, as part of a nearly two-year-long scheme to hack into customer accounts online to steal at least $15 million, U.S. authorities announced this week
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris(Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...
2013 ICAM Information Day and Expo(Washington, DC, USA, June 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now(Laurel, Maryland, Sioux Falls, June 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium.
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.