Brazil and Turkey seem most affected by recent waves of hacktivism. #opPetrol, on the other hand, can now probably be written off as a fizzle, although oil-producing states remain vigilant. Anonymous seems to have moved on, announcing North Korea and Burma as its next targets.
Trend Micro reports a new banking Trojan active in South Korea, and also finds Gh0stRAT back in action in Taiwan.
Late Friday Facebook issued a data breach notification and shut down its DYI (Download Your Information) function. Packet Storm Security, which discovered the bug, describes Facebook's "shadow profiles" as "frightening" secret dossiers maintained (inadvertently) on users and non-users alike.
The Guardian claims the US conducted cyber espionage against China's Tsinghua University. Other reports suggest use of anonymizing services (notably Tor) flags Internet users for close NSA attention. Skype is reported to have anticipated Government surveillance requests by making its data easier to share, and Booz Allen's close relationship with the Intelligence Community (as well as its hiring practices) draws attention.
In the wake of PRISM disclosures many companies introduce services designed to enhance privacy, with Silent Circle singled out for particular mention by the Washington Post. The industry press is also rife with stories on how electronic surveillance and privacy technologies work—these have a strong DIY flavor.
Debate over electronic surveillance continues in the US. International reaction, notably in the European Union and China, trends negative.
Edward Snowden remains on the wing, having apparently left Hong Kong via Moscow for parts unknown (possibly Ecuador).
Today's issue includes events affecting Burma, Brazil, China, Cuba, Ecuador, European Union, Germany, India, Iran, Israel, Italy, Democratic People's Republic of Korea, Republic of Korea, Morocco, Russia, Turkey, United Arab Emirates, United Kingdom, United States..
UAE unscathed by coordinated cyber attack against oil companies(The National) Richard Sheng, senior director of enterprise security at Trend Micro Asia Pacific, said the IT threat landscape was evolving. "Cyber attacks are now targeted, customised and persistent," he said. "While hacktivists makes announcements of their attack
Cyber attacks a grave threat to Turkish institutions(www.worldbulletin.net) A good number of public institutions came under Cyber attack during the protests, which started in the end of May. Although most of the Cyber attacks were rendered ineffective, the web pages of the Ministry of the Interior, ?stanbul's Police Department
Cyber attack fails to hack Iranian Oil Ministry(Trend.az) The ministry's network as well as NIOC and some other affiliated websites are reportedly down due to the cyber attack. Various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be
Targeted Attack in Taiwan Uses Infamous Gh0st RAT(TrendLabs Security Intelligence Blog) From the arrest of one of the head members of the ransomware gang to the successful Rove Digital takedown, coordination between law enforcement agencies and security groups has time and again yielded positive results. This time, the Taiwan Criminal Investigation Bureau (CIB), in cooperation with Trend Micro, resolved a targeted attack involving the notorious Ghost RAT family. One person was arrested by the CIB
Firm: Facebook—s shadow profiles are —frightening— dossiers on everyone(ZDNet) The security researchers who found Facebook's 'shadow profiles' bug have rung the alarm that Facebook is compiling "frightening" dossiers on everyone possible. Facebook's shadow profile data collection activities came to light Friday when the social network disclosed a bug fix. The security researchers who found the vulnerability, Packet Storm Security, say Facebook is compiling "frightening" dossiers on everyone possible, including people without Facebook accounts
Facebook: Where Your Friends Are Your Worst Enemies(Packet Storm Security) Packet Storm has spent 15 years shedding light on dark subject matter. We strongly believe that it is in the interest of the public to give them the facts and let them know the details. The debate over privacy and the extensive overreach by government entities is currently a hot topic in the media and today's announcement will not make anyone feel any better about the situation. However, it does set the stage for a much larger discussion that must be had on a national and global scale
New frontier for cybersecurity(Sky News Australia) This finding prompted a warning from the Department of Homeland Security's Cyber Emergency Response Team for industrial systems, which said security should be stepped up for surgical devices, ventilators, drug infusion pumps and other equipment
Adobe Flash spoof leads to infectious audio ads(Webroot Threat Blog) We've seen quite a few audio ads infecting users recently. We think it's a good idea to go over an in-depth look at how they infect your computer and how to remediation them
New malware poses as Amazon order confirmation for 55-inch TV(GMA News) Security vendor Bitdefender said the new spam campaign targets customers of online retailer Amazon.com, directing them to a malware-infested webpage. "The fake notifications, which appear to confirm the order of 55-inch TVs associated with brands
Google Docs Abused to Protect Malicious Traffic(SecurityWeek) Researchers at FireEye have spotted a malware campaign using Google Docs to redirect victims and evade callback detection mechanisms. Connecting the malicious server via Google Docs, offers the malicious communication the protection provided by the legitimate SSL offered by Google, explained FireEye researcher Chong Rong Hwa
Exploring Iran's Hidden Internet(Cyberwarzone) With the first public Internet services available through dial-up in 1995, Iranians had around six years of unfettered, albeit slow, access before governmental regulations began to impose limitations on the availability of content
The Hidden Internet of Iran: Private Address Allocations on a National Network(Cornell University Library) While funding agencies have provided substantial support for the developers and vendors of services that facilitate the unfettered flow of information through the Internet, little consolidated knowledge exists on the basic communications network infrastructure of the Islamic Republic of Iran. In the absence open access and public data, rumors and fear have reigned supreme. During provisional research on the country's censorship regime, we found initial indicators that telecommunications entities in Iran allowed private addresses to route domestically, whether intentionally or unintentionally, creating a hidden network only reachable within the country. Moreover, records such as DNS entries lend evidence of a 'dual stack' approach, wherein servers are assigned a domestic IP addresses, in addition to a global one. Despite the clear political implications of the claim we put forward, particularly in light of rampant speculation regarding the mandate of Article 46 of the 'Fifth Five Year Development Plan' to establish a "national information network," we refrain from hypothesizing the purpose of this structure. In order to solicit critical feedback for future research, we outline our initial findings and attempt to demonstrate that the matter under contention is a nation-wide phenomenom that warrants broader attention
Regional cyber security imperative in the Middle East(CSO) One of the most common means of cyber attack "Distributed Denial of Service (DDoS)" undermined the entire nation. Why this example? Imagine what attacks like these can look like on a regional level with every second country in the region being attacked
10000 users face phishing attacks daily in India: Kaspersky(Economic Times) About 10,000 Internet users in India face phishing attacks from cyber criminals daily, says a report by security solutions provider Kaspersky. Phishing is a form of Internet fraud in which criminals create a fake copy of a popular site (an
Too many CSOs ignore the reality of today's threats(CSO) Too many CSOs ignore the reality of today's threats. George Viegas argues that recent research, like Mandiant's APT1 report, finds too many security managers suffer from "ain't gonna happen to me" syndrome and fail to protect their business because of it
Report on crime against businesses ignores cybercrime(Help Net Security) A new Home Office report finds that the number of crimes committed against wholesale and retail business premises has fallen significantly over the last ten years - from around 21.5m in 2002 to seven
Phishing attacks impacted 37.3 million users last year(Help Net Security) 37.3 million users around the world were subjected to phishing attacks in the last year, which is a massive 87 percent increase for the number of targeted user in 2011-2012. According to the result
Contractors doing secret work for NSA donate big to politicians(allvoices) The six largest contractors doing secret work for the National Security Agency (NSA) have given more than $16 million to lawmakers since 2007, according to Maplight, a firm that keeps track of political donations. The largest donor was Lockheed Martin
Cyber Careers(Army Times) Army Chief of Staff Gen. Ray Odierno has approved a new cyber school for soldiers to consolidate training of the Armys growing cyber force in one location at Fort Gordon, Ga., the first step in what could be a significant reorganization of soldiers with connections to cyberspace operations
NSA contractor Booz Allen admits fault with hiring practices(VR-Zone) Booz Allen Hamilton is responsible for staffing many areas of the NSA's intelligence gathering network and of course information analysts, which included the likes of Edward Snowden. The type of information these employees can evaluate helps to bring
The Most Profitable Spy Organization in the World(Daily Press) Booz Allen Hamilton (NYSE:BAH) is today the most profitable company specialized in national intelligence, reporting revenues in March 2013 of $7 billion and a net profit of $219 million. Booz Allen Hamilton Holding Corporation (the complete name of the
Malwarebytes acquires ZeroVulnerabilityLabs(Help Net Security) Malwarebytes, a provider of anti-malware software, announced the acquisition of ZeroVulnerabilityLabs, a vulnerability, exploit and security research and development firm whose technology proactively
Finding A Niche In Surveillance(Washington Post) New disclosures about the National Security Agency's surveillance efforts have given a boost to at least one Washington area company seeking to thwart prying eyes. Silent Circle, a National Harbor-based start-up that encrypts phone calls and texts so that users don't leave a trail, saw a jolt in business after news reports of the NSA's initiative
Former McAfee CTO Strikes Back with Crowdstrike(eSecurity Planet) Crowdstrike launches active defense platform. George Kurtz literally wrote the book on hacking. The seminal Hacking Exposed series that Kurtz co-authored started back in 1999 and is now in its seventh edition. Over that time period, Kurtz started
Netgear releases the ProSafe WN203 Wireless AP(Help Net Security) Netgear has shipped its ProSAFE Single-Band Wireless-N Access Point (WN203) to satisfy demand from small and medium-sized businesses to improve the performance and security of their wireless networks
Barracuda Web Filter models with 10 GbE interfaces(Help Net Security) Barracuda Networks announced new high-performance 10 GbE interfaces for its Web Filter 1010 and 1011 models. The new models feature increased performance and capacity to offer comprehensive web content
Tabernus Certified by NATO Information Assurance(SBWire) NATO approved products are sold into the Military and Government via the NATO Information Assurance Product catalogue (NIAPC). NATO Certified products are also used by end users in the commercial sector as an independent verification of a products
Hail Open Source Authentication! The Password Is 'dead' — Long Live The Pin!(Sacramento Bee) CertiVox, a leading provider of web 2.0 security services, today announced the launch of the M-Pin™ Strong Authentication System, the first open source, multi-factor authentication system based on proven elliptic curve cryptography, for web, cloud and mobile applications which will reduce authentication costs by up to 93% and banish username and passwords forever. The M-Pin System achieves this by turning any HTML5 browser into a strong authentication client that authenticates to the open-source M-Pin Server, which only stores one leak-proof cryptographic key, replacing the username / password database
Keeping Your Data Private Denies You Access to the Latest Tech(Wired) There are ways to encrypt all your emails, documents, photos and other sensitive data. But they'll lock you out from the increasingly social, distributed, and proscriptive future of computing. The only real computer privacy these days is the one everyone
How to run your own NSA spy program(IT World) The U.S. government takes a big data approach to intelligence gathering. And so can you! Everybody's talking about PRISM, the U.S. government's electronic surveillance program. We don't know all the details about PRISM (also called US-984XN). But we learned enough from a badly designed PowerPoint presentation leaked by NSA contractor Edward Snowden to feel outraged by its reach and audacity
Guide: How to find the darknet or deepweb(Cyberwarzone) The Darknet or Deepweb is a collection of un-indexed domains that are not being indexed by search engines. An estimation from 2011 reported that there is over 600 terabytes of data on the Darknet
Recommendations for securing Active Directory(Help Net Security) Active Directory plays a critical role in the IT infrastructure, and ensures the harmony and security of different network resources in a global, interconnected environment. Microsoft released a
5 Ways to Boost Your Company's Cybersecurity Strategy(Corporate Counsel) "The survey results tell us that many organizational leaders do not know or appreciate what they are up against... and have made little headway in developing strategies to defend against both internal and external cyber-adversaries," the report says
Cyber Security in the Internet of Things(blogs.hbr.org) What's more, as systems built by different OEMs interact, there is infighting among them as to what constitutes sensitive or competitive intelligence. Simultaneously, everyone must address the…What's more, government resources, with their own
BYOD: The why and the how(Help Net Security) Brad Keller and Robin Slade are Senior Vice Presidents at The Santa Fe Group. In this interview they talk in detail about the challenges involved in evaluating, deploying and maintaining BYOD
Healey: NSA undermines U.S. cyberpower(FierceGovtIT) Pervasive National Security Agency surveillance of Internet content that involves foreigners suspected of terrorist ties undermines American cyber power, said Jason Healey, director of the Cyber Statecraft Initiative of the Atlantic Council
Five myths about the National Security Agency(Washington Post) When the National Security Agency was created through a top-secret memorandum signed by President Harry Truman in 1952, the agency was so secret that only a few members of Congress knew about it. While the NSA gradually became known over the
NSA's motherlode(The Week) How does NSA hack into emails? Now we know. The latest classified documents released by the Guardian and the Washington Post answer some of the bigger questions we've been asking about how the National Security Agency deals with content that belongs to what it calls a "U.S. person."
Obama studies more disclosure on surveillance programs(USA TODAY) The Obama administration has come under criticism after disclosures about National Security Agency programs that harvest phone numbers and Internet activity. In a series of public comments, Obama and aides have said the programs enable NSA analysts
America a new national security state(Shreveport Times) America has become a national security state driven by crisis and fear. Recent revelations that the National Security Agency has turned its vast spying capabilities onto Americans' communication -- their phone data, e-mail accounts and Facebook
National security checks and balances out of alignment(Post-Tribune) This was the impression given by members of the House intelligence committee as they held an open-to-the-public hearing Tuesday on the National Security Agency's snooping into Americans' phone and Internet records
Europeans Will Now Know When And What Data Gets Compromised In A Breach — Unless It Was Encrypted(TechCrunch) In the wake of the latest notice from a major internet company revealing that user data has been compromised — Facebook's admission of a security bug compromising data from 6 million users — the European Commission today is publishing new, Europe-wide rules that will require ISPs, carriers, broadband providers and others to report to both national regulators and to subscribers more specific
China fury at new snooping claims(Cyberwarzone) China yesterday attacked the United States as an espionage 'villain' after former spy Edward Snowden raised new allegations about the far-reaching extent of US cyber-snooping against Chinese targets
Snowden and the US-China cyber debate(Blouin News Blogs) A debate about the role insider firms like Booz Allen Hamilton and General Dynamics have in U.S. intelligence and defense arrangements might not hurt either. Yet while a deeper debate about domestic surveillance may benefit genuine internet freedom in
"Aaron's Law" Would Help Reform Our Awful Computer Crime Laws. Will Congress Pass It?(Slate) On Thursday, Rep. Zoe Lofgren brought a bill to the floor of the House of Representatives that would reform certain provisions of the Computer Fraud and Abuse Act, the controversial and outdated computer crime statute that I've criticized numerous times in this space. The bill is dubbed "Aaron's Law," after Aaron Swartz, the computer programmer and digital advocate who committed suicide in January. It addresses the sections of the CFAA that allowed prosecutors to threaten Swartz with charges that could have earned him decades in prison--charges that may have contributed to Swartz's decision to take his own life
U.S. legislators introduce Aaron's Law(Help Net Security) As the Internet's influence on global commerce, culture and information continues to tread new ground, there is a need to update and reform outdated laws that threaten its continued development
The U.S.-Russia Cybersecurity Pact: Just Paper(The Foundry) The U.S. and Russia announced the completion of a joint cybersecurity agreement, two years in the making, intended to promote international peace and security and improve cyber relations between the two countries. The agreement, however, amounts to little more than a piece of paper, as such policies will scarcely improve U.S. cybersecurity
India's digital battleground(Business Standard) Its job is to issue forecasts and alerts, coordinate responses to incidents of cyber-attack, and issue guidelines and advisories as required. CERT-In is also required to conduct regular cyber-security drills, within the country and bilaterally with
Air Force Cyber Command gains new commander to replace Vautrinot(San Antonio Business Journal) Air Force Cyber Command gains new commander to replace Vautrinot. James Aldridge: Web Editor- San Antonio Business Journal: Email | Twitter | Google+ | LinkedIn. Joint Base San Antonio - Lackland is welcoming a new commander to the 24th Air Force
New batch of Israeli graduates to foil cyber attacks(Kuwait News Agency) A new batch has graduated within the Israeli Army specially trained to foil any cyber-attack on Israeli institutions in the future, a military spokesman said on Sunday. The personnel are the third batch of a special force
Snowden Saga Moves To Moscow(Washington Post) Edward Snowden, the former government contractor who leaked top-secret documents about U.S. surveillance programs, fled Hong Kong for Moscow on Sunday with the assistance of the anti-secrecy organization WikiLeaks and asked the government of Ecuador to grant him asylum
China Said To Have Made Call To Let Leaker Depart(New York Times) The Chinese government made the final decision to allow Edward J. Snowden, the former National Security Agency contractor, to leave Hong Kong on Sunday, a move that Beijing believed resolved a tough diplomatic problem even as it reaped a publicity windfall from Mr. Snowdens disclosures, according to people familiar with the situation
Russia Defiant As U.S. Raises Pressure Over Snowden(Reuters.com) Washington pressed Moscow on Monday to do all in its power to expel former U.S. spy agency contractor Edward Snowden before he gets the chance to take an expected flight to Cuba to evade prosecution in the United States for espionage
Offering Snowden Aid, WikiLeaks Gets Back In The Game(New York Times) WikiLeaks once again seized the global spotlight on Sunday by assisting Edward J. Snowden in his daring flight from Hong Kong, mounting a bold defense of the culture of national security disclosures that it has championed and that has bedeviled the United States and other governments
US charges Snowden with espionage(Washington Post) Federal prosecutors have filed a criminal complaint against Edward Snowden, the former National Security Agency contractor who leaked a trove of documents about top-secret surveillance programs, and the United States has asked Hong Kong to detain him
Edward Snowden: The cyber houdini(Cyberwarzone) Edward Snowden has succesfully distracted the media and the government. He was supposed to be in a plane heading towards Cuba - but he was not in the Cuba plane. Woot! now the United States have revoked his passport and have demanded that he is deported to the U.S. - but they have one problem. No one knows where he is at the moment
Snowden an eccentric, but hardly stood out at NSA(Los Angeles Times) Cedric Leighton, a retired Air Force intelligence officer who was the NSA's deputy director for training in 2009-10, said vetting procedures were stricter for analysts and those engaged in offensive cyber operations than for systems administrators like
Edward Snowden a —threat— to national security - Cheltenham MP(This is Gloucestershire) The newspaper says documents allege GCHQ has been tapping into internet and telephone cables, accessing personal information and sharing it with America's National Security Agency (NSA). The Lib Dem MP believes Mr Snowden has been "incredibly
The NSA Leaks Don—t Put Us At Risk(Chicago Tribune) If a person in government says the sun will come up tomorrow, it's sensible to believe that person -- but not until the first rays seep over the horizon. Skepticism is even more justified when the government has been caught hiding something from the public and needs to excuse the secrecy
Hacking Back is a Bad Idea after a Cyber Attack, DOJ Official Says(Main Justice) Hacking back is a bad idea, says the head of the Justice Department's cyber crime section. When a company's data systems are breached, the temptation is to dig back into the outside computer system where the company thinks the cyber attack originated
Video : Moroccan Anonymous-Hacker wanted by FBI arrested in Italy(Cyberwarzone) Without guns, without masks or bombs; all he needed is a computer and a keyboard to make up to $ 8 million out of bank hacking. Moroccan hacker known as "The Ghost" Rachid Ibn Al-Yamani, who was arrested in Rome, Italy was deported to the USA at the request of the Federal Bureau of Investigation (FBI) as reported by the Moroccan news outlet Hespress based on the Italian newspaper "La Republica" on Wednesday, May 29 2013
Bitcoin Foundation told to cease and desist(Infosecurity Magazine) The Bitcoin Foundation has received a cease and desist letter from the California Department of Financial Institutions, alleging that it may be engaged in money transmissions without the requisite state license
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
International Common Criteria Conference(Orlando, Florida, USA, September 10 - 11, 2013) FBC invites you to participate in the International Common Criteria Conference (ICCC) taking place in Orlando, Florida. This is the first time since 2000 that the ICCC is taking place in the U.S. The ICCC...
NASA National Capital Region Industry Days(Washington, DC, USA, June 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in...
AFCEA International Cyber Symposium 2013(Baltimore, Maryland, USA, June 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government,...
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
Digital Forensics and Incident Response Summit(Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
3rd Cybersecurity Framework for Critical Infrastructure Workshop(San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...
cybergamut Technical Tuesday: Remote Digital Forensics(Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information...
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.