PRISM has driven it from the front page, but remember that Anonymous promises big things tomorrow from #opPetrol. If the hacktivists' recent track record holds, #opPetrol will fizzle, but we shall see.
Flash implementations of Chrome are vulnerable to camjacking (IE10 may be similarly affected). The Carberp banking Trojan's source code is now offered on the black market; analysts see a leading indicator of a financial malware surge. More than a fifth of the most popular WordPress plugins are vulnerable to commonplace web attacks.
"Justin Bieber" joins "PRISM" as prime phishbait. Three Purdue students keylog their professors in an attempt to change grades.
Oracle issued its June security patches yesterday. The forty fixes include several rated "critical." BlackBerry has also issued a critical security advisory for its Z10 phone.
India sees itself as "an IT superpower," but one protected by only 556 cyber security experts. Leaving aside the specious precision of "556," India does seem to lag comparably advanced countries in this regard.
US tech companies fear the reputational damage abroad that reports of cooperation with NSA surveillance are inflicting. (Google, citing the First Amendment, goes to court to restore trust in its transparency.) It's difficult for international observers, given the cyber espionage odium the US Government attached to Huawei and ZTE, to regard this as anything but sauce for the gander.
Congress continues NSA surveillance hearings. The agency offers swiftly disputed claims of counterterrorism success. Japanese media compare GCHQ G20 surveillance to US codebreaking during 1920s' naval disarmament talks.
Today's issue includes events affecting Australia, Canada, China, European Union, Finland, France, Germany, India, Iran, Japan, South Africa, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
#Anonymous #opPetrol will hit petroleum industry on the 20th of June 2013(Cyberwarzone) It is known as black gold. Anonymous has published a new operation that will attack the Petroleum industry on the 20th of June. The operation seems to have an Islamic mindset as the operation founders are not happy with the fact that the currency that is being used to exchange the petroleum is based on the Dollar currency
Chrome Vulnerable to Camjacking(Infosecurity Magazine) Camjacking is clickjacking aimed at taking over the PC's webcam - and although Adobe fixed the Flash vulnerability that allows it back in 2011, it lives on in the Flash implementations of Chrome and (not verified) IE10
The security of WordPress plugins(Help Net Security) Checkmarx's research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research
Tor to blame for its users being unable to access Facebook(SC Magazine) Reports emerged Tuesday morning that the anonymity software Tor was blocking users from connecting to Facebook. It turns out the social networking site wasn't purposely barring access for Tor users, but flagging the service due to malicious activity on its network
BlackBerry in SA safe from spies(TechCentral) There was no "backdoor pipeline" to BlackBerry South Africa's platform, the company said on Tuesday following reports that the UK government had been monitoring e-mails and phone calls
Oracle to release massive Java SE update(FierceCIO: TechWatch) Oracle is scheduled to release fixes for 40 security vulnerabilities in a Critical Patch Update for Java SE today. These affect multiple versions of Java ranging from JRE 5.0 to the latest Java 7 update 21. A staggering 37 are remotely exploitable without authentication, which means that a remote attacker may break into a vulnerable system from over a network without needing a username or password
Why Huawei wants Nokia: Smartphones aren't as dominant as you think(Quartz) When the Financial Times reported that the world's number three manufacturer of smartphones, China's Huawei, might consider acquiring Nokia, that icon of the mobile phone revolution that has fallen on hard times, it was a bit of a head-scratcher. Why would a company making Android smartphones want to acquire the wreckage of the business it's disrupting? It would be like Henry Ford using proceeds from the Model T to buy a buggy whip company
An IT superpower, India has just 556 cyber security experts(The Hindu) China shows the way. For instance, in 2010, China's Central Military Commission approved "Information Support and Safeguarding Base" to serve as People's Liberation Army cyber command to address potential cyber threats and safeguard national security
Is accessing work apps on the move destructive?(Help Net Security) There's a lack of mobile working policies can lead to destructive consequences for businesses, according to Ping Identity. On a regular basis, 44% of employees access up to five applications via
Key obstacles to effective IT security strategies(Help Net Security) Drawing on data gathered from a total of 3,037 individuals - 1,944 technicians and 1,093 executives - in the United States, Canada, United Kingdom, Australia, Germany France and Japan, a Ponemon Institute
Businesses not fully implementing infosec programs(Help Net Security) Many U.S. small businesses are taking a passive approach when it comes to protecting their data leaving themselves vulnerable to data loss and possible financial and reputational damage
The Tech Company Lawyers Who Stand Between You and Government Snoops(Bloomberg Businessweek) The in-house legal teams at Silicon Valley companies are usually associated with intellectual property disputes, anti-trade spats, and the maneuvering around initial public offerings. Yet the latest revelations about Prism, the U.S. National Security Agency's digital-snooping program, make it clear that the top lawyers inside the tech giants have spent years fielding significant numbers of surveillance requests from U.S. government agents, putting them on the murky frontiers of national security law
Spying for the NSA is Bad for U.S. Business(Bloomberg Businessweek) The National Security Administration (NSA) dealt a blow to Google (GOOG), Facebook (FB), Microsoft (MSFT) and other U.S. corporations. In addition to forcing them to engage in the PRISM spy program, the agency made it difficult for these companies to defend their reputations by limiting disclosures of their involvement
Microsoft Wins $412M DISA Badge, Cardholder Support IDIQ(GovConWire) Microsoft (NASDAQ: MSFT) has won a potential $412,240,000 contract to provide software developers and product teams to the Defense Department for blue badge and cardholder support. The Defense Information Systems Agency awarded the indefinite delivery/indefinite quantity contract, which includes one base year and four option years, the Defense Department said Monday
Unisys to Move Interior Dept's Financial, Business Mgmt System Into Cloud(GovConWire) Unisys (NYSE: UIS) has won a potential $44 million contract to move the Interior Department's financial and business management system into a cloud computing environment. DOI's FBMS is based on SAPSimplified Acquisition Procedures / Special Application Program's enterprise resource planning software, which the department uses to account for its revenue and expenditures, Unisys said Tuesday
McAfee Appoints Bill Rielly to Lead Worldwide Small and Medium Business Segment(Daily Finance) McAfee today announced the appointment of Bill Rielly as senior vice president for small and medium-sized business (SMB). Rielly joins McAfee from Apple where he led the worldwide SMB segment for the Apple Online Store. Rielly was selected for his exceptional combination of hands-on SMB expertise and experience driving growth across the globe
How do I keep the Spooks out of my inbox?(TrendLabs Countermeasures) Note: The answer to this question is FREE and it's at the end of this post. Digitally signing an email is a way of assuring the recipient that the content, while not encrypted, has not been modified in transit, it's effectively a personal cryptographic certification of the content and attributes of the mail
Risk I/O Integrates Real-Time Attack Data(SecurityWeek) Risk I/O, a vulnerability intelligence platform designed to help organizations efficiently report and mitigate security vulnerabilities, on Wednesday announced that it now analyzes real-time, global attack data alongside security vulnerabilities
Free anti-spam software for the Mac(Help Net Security) Cloudmark announced the latest version of Cloudmark DesktopOne for Mac, an anti-spam solution that users can use to filter email to eliminate messaging threats, protecting them against spam, phishing
F-Secure advances fight against exploits(Help Net Security) Exploitation of software vulnerabilities has become one of the most popular ways to gain access to users' machines, but F-Secure is reinforcing its exploit defenses with enhanced proactive protection
CyanogenMod founder aims to thwart data-grabbing apps(Help Net Security) There's some very good news for users of CyanogenMod, one of the most popular modified Android firmware on the market: its founder and main developer Steve Kondik (aka Cyanogen) has announced that he
eview: FireMon Security Manager with Risk Analyzer and Policy Planner(SC Magazine) The FireMon Security Manager with Risk Analyzer and Policy Planner modules offers comprehensive network security management, including firewall and router risk analysis, policy compliance auditing, change management and risk analysis. This product features tools that allow administrators and security professionals to analyze the entire network infrastructure through visualization. This provides an easy and intuitive way to see where possible risks and weak points may be found in the network so that they can be assessed quickly before they become a bigger problem. This solution also offers fully integrated change management and rule cleanup capabilities, as well as remediation recommendations and ongoing change monitoring
How to detect hidden administrator apps on Android(Help Net Security) Following the discovery of a new Android Trojan that uses several errors and vulnerabilities in the Android OS to make analysis harder for researchers and to remain hidden from users and practically inexpugnable from the device, Trend Micro has created a tool that helps users find and remove this and other similar malicious software
Technologies, Techniques, and Standards
WinLink Check-In(Internet Storm Center) This weekend (June 22-23) the Amateur Radio Relay League and Radio Amateurs of Canada and holding their annual Field Day exercise in North America. Amateur radio operators participate in an emergency preparedness exercise where they deploy their equipment outside the comfort of their home radio shacks and many operate on alternative/emergency power sources. Each year around this time, I realize that I've forgotten that this is coming up, and I hurriedly assemble my kit at the last minute and I try to fit in more than I can accomplish on my own. In other words, it's a realistic drill for me
How prepared is your company for a cyber-attack?(The Guardian) Sadly, in my experience this is when most companies realise they are ill-prepared to deal with a cyber-attack. I have seen companies struggle to come to terms with the loss of intellectual property (IP), funds, a fall in share value, and their
Strategies for health IT success from risk managers(FierceHealthIT) Debating the role of becoming an expert in health IT, risk managers across hospital systems in the U.S. shared their tips for health IT success in a recent report published by Plymouth Meeting, Pa.-based nonprofit research firm ECRI Institute
How secure are your USB ports?(FierceCIO: TechWatch) It is widely known that the infamous Stuxnet malware was transported into a protected Iranian network using a USB flash drive. And now, it appears that whistle-blower Edward Snowden also used the humble USB flash drive to single-handedly exfiltrate top-secret information past the various security measures of the National Security Agency. You can read more about it here
The Attribution Revolution(Foreign Policy) A five-point plan to cripple foreign cyberattacks on the United States. The Obama-Xi summit in Sunnylands ended without any Chinese concessions on cyber-espionage. This came as no surprise; cyber spying has been an indispensable accelerant for China's military and economic rise. And though Beijing may someday agree that international law governs cyberspace, that won't help the victims of espionage, which is not regulated by international law. So if negotiation won't work, what will? Not a strategy that relies entirely on defense. That's like trying to end street crime by requiring pedestrians to wear body armor
Yoroku: Gentleman then and now(Mainichi) In 1929, then U.S. Secretary of State Henry Stimson shut down the State Department's cryptanalysis operations, saying, "Gentlemen do not read each other's mail." He changed his mind soon afterwards, however, and served as secretary of war in World War II
Congress Delves Into Clearance Screening(Wall Street Journal) Edward Snowden's privileged access to America's most closely held secrets has triggered a new push in Congress to overhaul what many see as an antiquated, Cold War-era security-clearance process ill-suited to detect a new generation of tech-savvy dissidents
The NSA Hearing, by the Numbers(Wired) A federal hearing today on NSA surveillance programs leaked by former NSA contractor Edward Snowden produced some interesting numbers about the scope of the data collections and other issues. We've produced a roundup below of some of the interesting stats
Moves to limit contractor access to secrets meets resistance(Reuters, via WKZO) Industry executives and some corners of the U.S. intelligence community are pushing back against possible legislative moves to curb contractors' access to classified information. Following leaks by former National Security Agency
Details On Spying, Not More Assurances(New York Times) Battered by weeks of criticism about surveillance abuses, President Obama has embarked on a reassurance offensive. The spy programs have been used narrowly, he said on PBSs Charlie Rose program on Monday, and have been effective in stopping several terror plots
Congress Wields Its Rubber Stamp(Washington Post) The Founders created a system of checks and balances. Those overseeing the nation's spying have switched to a system of cheers and bouquets. This was the impression given by members of the House intelligence committee as they held an open-to-the-public hearing Tuesday on the National Security Agency's snooping into Americans' phone and Internet records
Why You Should Worry About Government's Data Grabs(USA Today) Less than two weeks after news broke that the government has been secretly seizing millions of phone and Internet records, polls show about half of the public approves of the vacuum-cleaner approach to keeping them safe from terrorism. Tuesday's House hearing on the National Security Agency programs did nothing to disturb that foolishly compliant attitude
Officials: Dozens Of Plots Derailed(Washington Post) The U.S. government's sweeping surveillance programs have disrupted more than 50 terrorist plots in the United States and abroad, including a plan to bomb the New York Stock Exchange, senior government officials testified Tuesday
In Coded E-Mails, Clues That Helped Authorities Foil Attacks(Washington Post) In recent days, U.S. intelligence and law enforcement officials, as well as congressional officials, have pointed to the authority that allowed them to target the Yahoo account - Section 702 of the Foreign Intelligence Surveillance Act (FISA) - as a critical tool in identifying and disrupting terrorist plots here and abroad. But some critics of NSA surveillance suggested that the collection of data under a program called PRISM was not essential to Zazi's capture because the British first obtained the critical e-mail address
NSA Disruption of Stock Exchange Bomb Plot Disputed(Wired) Did the government really disrupt a bomb plot targeting the New York Stock Exchange? The FBI deputy director said that today in a Spygate hearing where the government for the first time said the secret spy techniques publicly disclosed
Has U.S. started an Internet war?(CNN) Today, the United States is conducting offensive cyberwar actions around the world. More than passively eavesdropping, we're penetrating and damaging foreign networks for both espionage and to ready them for attack. We're creating custom-designed Internet weapons, pre-targeted and ready to be "fired" against some piece of another country's electronic infrastructure on a moment's notice
In Defense of the NSA(Hoover Institution) Its wiretapping program has been derided as an intolerable invasion of individual privacy rights, but it has benefits for national security
No Simple Answers on Security and Freedom(Real Clear Politics) Years ago, the government snooped on my phone calls. It happened in Soviet Russia, where, at 16, I already knew it was dangerous to have politically risky conversations even near the telephone, let alone on it. Shortly after my parents sought permission to emigrate in 1979, we received startling accidental proof that Big Brother was listening. While on the phone with a friend, my mother suddenly heard mysterious clicks--followed by a playback of her own conversation. Moments later a strange voice asked, "Are you recording?", and then the sound was cut off
Google Fights Spying Gag Order, But Key Details Would Be Missing Even If Successful(TechCrunch) As it promised it would, Google is fighting the government's gag order on releasing how many users are monitored by the National Security Agency. Unlike Facebook and Microsoft, Google and Twitter publicly rejected a government deal to disclose the total number of spying warrants for user data, which would include (but not detail) the number of requests coming from the controversial Foreign
Alexander: Snowden got call-tracking order during training(Politico) Alexander told reporters after a House Intelligence Committee hearing that the man who's acknowledged being the source of the recent leaks, Booz Allen Hamilton information technology specialist Edward Snowden, had access to the Foreign Intelligence
Whistleblowers and the economy of esteem(The Economist) Edward Snowden, the erstwhile IT guy who worked for the National Security Agency (NSA) and is responsible for the Powerpoint heard 'round the world, is (a) a hero (b) a narcissist (c) a traitor (d) courageous (e) all of the above
TOS, app permissions are not good cover from big data lawsuits(FireceBigData) To date, the courts have mostly been supportive of terms-of-service, or TOS, agreements even though most acknowledge that the majority of private citizens don't read them or don't understand them. This brings some feeling of relief to companies everywhere but most especially to those currently spoon-feeding big data to the government (and to more agencies than just the NSA)
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris(Paris, France, June 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted...
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.