Anonymous and Islamist hacktivists voice support for OpUSA, but so far there's little sign that it's having much effect (claims by Algeria's Charaf Anons to the contrary). The Izz ad-Din al-Qassam Cyber Fighters are suspending attacks this week to avoid confusion of purpose and attribution, but they also call for Anonymous to strike US banks. US banks tell customers their online transactions might be a bit slow today.
The Syrian Electronic Army claims penetration of Israeli intelligence sites. They also hijack the Onion and E! Online's Twitter feeds (the former to post pro-Assad propaganda, the latter, oddly, to spread Justin Bieber rumors).
Indian government websites continue to report attacks—there's no clear attribution yet. A new Android Trojan surfaces in Germany. AutoIt sees increasing use in malware coding. Malware posing as a Flash update appears in Dropbox. The Sans Institute sees signs of an incipient typosquatting epidemic.
More information on the IE zero-day appears—researchers note waterholes' advantages over spearphishing, and observers discern a lesson about large-enterprise software updates. A Metasploit module for the exploit is out.
The US Department of Defense officially accuses China's army with cyber espionage (which China indignantly denies).
Defense News describes the challenges of acquiring cyber companies. A new version of password cracker Cain & Abel is released. Los Alamos National Laboratory demonstrates a prototype quantum-encrypted network.
McAfee's Chief Privacy Officer suggests the key to enterprise privacy is to think like a teenager concealing something from her parents (like "a crush on a football player").
Today's issue includes events affecting Algeria, Australia, Canada, China, European Union, France, Germany, India, Indonesia, Iran, Israel, Netherlands, New Zealand, Syria, Turkey, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Government Takes Precautions Over Expected 'OpUSA' Cyber Attack(ABC News) The Department of Homeland Security and the FBI are cautioning American government and financial institutions that they could be targets of a wave of cyber attacks Tuesday from Anonymous-linked hacktivists in the Middle East and North Africa
Anonymous, Islamist Hackers Plan Major Assault for Tuesday(Mashable) Anonymous and various Islamist groups claim that they will take down nine U.S. government websites on May 7, including those of the Pentagon, the National Security Agency, the FBI and the White House, along with over 130 bank websites, such as those
Izz ad-Din al-Qassam Cyber Fighters Pause OpAbabil During OpUSA(Softpedia) In April, Izz ad-Din al-Qassam Cyber Fighters revealed their contribution to OpUSA. They said they would continue focusing on their own campaign, Operation Ababil, but they urged the OpUSA hacktivist groups to help them attack US banks. However, according to a statement published a few hours ago, the hackers say they're pausing Operation Ababil. In fact, they will not be launching any attacks this week.As was specified in the previous statements, al-Qassam Cyber Fighters's purpose of DDoS attacks
1062 Websites Hacked by Charaf Anons from Algeria(Hack Read) Famous hacker from Algeria going with the handle of Charaf Anons has hacked and defaced 1062 websites from all over the world for Opersation USA (#Op:USA). Hacker left a deface page along with a simple message on all hacked websites, displaying Islamic prayer on the index page of targeted websites.Hacked by Charaf Anons, There is no god but one God and Prophet Muhammad is the final messenger of God. Jihad is coming. All hacked sites belong to different countries of the world such as China, India
Cyber-attack could target Ohio banks, credit unions(Dayton Daily News) Ohio's banks and credit unions are warning of a potential cyber-attack Tuesday that could render online banking services unavailable. U.S. financial institutions, including some in Ohio, have been threatened by an attack by the Internet activist group
Syrian Hackers Strike(Free Beacon) A hacker group known as the Syrian Electronic Army (SEA) claims to have penetrated one of Israels central Internet infrastructure systems in Haifa in response to an Israeli attack over the weekend on Syrian weapons shipments.The Anonymous-affiliated SEA, or SCADA Attackers, announced Monday afternoon that it had penetrated one of the main infrastructural systems (SCADA) in Haifa and managed to gain access to some sensitive data, according an email announcement by the group released on Pastebin
Meet the new paid-archive malware families(Technet) In a previous post, "Fake apps: Behind the effective social strategy of fraudulent paid-archives," we exposed the social engineering technique behind Win32/Pameseg - our detection for a family of "paid-archives."We described the use of "low-ball" techniques and explained how users are led to believe they are making an informed choice. However, the choice ultimately leads to the user being deceived into doing what the attacker wants - downloading and executing an installer.The scheme begins with
Malware you can "live with", but shouldn't(Help Net Security) The main symptom of a computer being infected with the ZeroAccess (or Sirefef) malware is that online searches via Google Search often lead to unhelpful pages filled with ads and equally useless links
Heads-Up - AutoIt Used To Spread Malware and Toolsets(Trend Micro) AutoIt is a very flexible coding language thats been used since 1999 by coders looking for a fast, easy, and flexible scripting language in Windows. From simple scripts that change text files to scripts that perform mass downloads with complex GUIs, AutoIt is an easy-to-learn language that allows for quick development. The trend for malicious actors to use AutoIt to code malware and tools however has been increasing, and the trend appears to be getting strongerAutoIt Hacker Tools
Malicious Flash Player Updates Hosted on Dropbox(Softpedia) Cybercriminals often disguise malware as updates for Flash Player. An interesting example has been analyzed recently by security experts from Zscaler.The attack starts with a number of websites that redirect their visitors to click-videox.com. Once victims land on this site, they're urged in English or Turkish to update their Adobe Flash Player in order to see a video.The interesting thing about this particular attack is that the malicious Flash Player update is actually stored in a Dropbox
300 Indian Websites Hacked & Defaced by [IN]SecInjection(Hack Read) A hacker going with the handle of [IN]SecInjection has hacked and Defaced 300 Indian websites yesterday.It seems the hacker is from Latin America, as the sites are left with a deface page along with a message in Portuguese language
ZertSecurity Android trojan hits German users(lookout) We have been investigating a new piece of Android malware that was being sent out to German Android users as part of a phishing campaign targeting customers of Postbank.ZertSecurity is a banking trojan which masquerades as a certificate security application that asks the user to input their bank account number and PIN.ZertSecurity was found in the Google Play store, although less than 100 copies had been downloaded in the 30 or so days that it was live. It has since been removed by Google
US Convenience Store Chain Mapco Express Hacked, Payment Cards Compromised(Softpedia) Mapco Express, the US-based convenience store chain, is notifying customers about a security breach. The company says hackers have managed to gain access to customer credit/debit card information by planting malware on payment processing systems. The precise number of affected customers hasnt been revealed. However, all individuals that made payments with their debit and credit cards at Mapco locations between March 19-25, April 14-15 and April 20-21 could be impacted.The affected stores are
Internet Explorer 8 Zero Day Exploit Targeted Nuclear Workers(PC Magazine) Late in April, security researchers discovered an exploit in Internet Explorer 8 that allowed attackers to execute malicious code on a victim's computer. Most troublingly, the exploit has been found in the wild on a U.S. Department of Labor
IE8 0-day used in watering hole attacks(Help Net Security) Last week a U.S. Department of Labor website was discovered to be redirecting users to sites serving a hard-to-detect variant Poison Ivy backdoor Trojan. Researchers are now saying that the exploit
Watering Hole Attacks an Attractive Alternative to Spear Phishing(Cisco Blogs) "Watering Hole" attacks, as evidenced by the recent attack involving the U.S. Department of Labor, are becoming increasingly popular as alternatives to attacks such as Spear Phishing. In a "Watering Hole" attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly. Eventually, someone from the targeted group visits the "trusted" site (A.K.A. the "Watering Hole") and becomes compromised
Evernote Says Cyber Breach Which Cost Millions Wasn't From China(Businessweek) Evernote Corp., an online note-taking and document storage service, said a March cyber attack that obtained usernames and encrypted passwords cost "many millions of dollars" and didn't come from China. The attack wasn't state-sponsored and appears to
U.S. Directly Blames China's Military For Cyberattacks(New York Times) The Obama administration on Monday explicitly accused Chinas military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map military capabilities that could be exploited during a crisis
Espionage fuels China's fast-paced military buildup: Pentagon(Reuters) China is using state-sponsored industrial espionage to acquire the technology it needs to forge ahead with a fast-paced military modernization program and cut its reliance on foreign arms makers, the Pentagon said in a new report on Monday
China denies Pentagon cyber-attack claims(Telegraph) China denies Pentagon cyber-attack claims. China has denied claims from the US that it is using espionage to acquire technologies to fuel its fast-paced military modernisation programme. China has denied claims from the US that it is using espionage to
It's not just about China and America—smaller countries want to wage cyberwar too(Quartz) America's Department of Defense yesterday released its annual report on China's military capabilities (pdf). The report includes "electronic warfare" and "information dominance" as part of a larger campaign it says is an "essential element, if not a fundamental prerequisite" of China's defense planning. The report is good PR for China's cyberwarriors but there is nothing surprising about the country's ambitions. America itself is relatively open about its cyberwarfare activities
Security Patches, Mitigations, and Software Updates
Google Fixes CSRF Vulnerability in Translator and Clickjacking Flaw in Gmail(Softpedia) Security researchers Prakhar Prasad has identified a couple of vulnerabilities in Google services. Both have been addressed by Google, so the expert published proof-of-concept videos for each of them.The first security hole was a cross-site reference forgery (CSRF) that affected Google Translate.[The vulnerability] allowed me to become an Editor on someone's Google Website Translator Service. The page had CSRF Protection, but the CSRF token check was skipped on server side, the expert explained
The anonymous denizens of the Indonesian 'twitterverse'(The Jakarta Post) Oscar Wilde once said "man is least himself when he talks in his own person. Give him a mask and he will tell you the truth." Given the discreet nature of online social media, many users opt to wear masks to broadcast the truth, or some part of it
No strategy for data protection?(Help Net Security) While financial services organizations are obligated to establish and report stringent service availability objectives for mission-critical systems, they are actually among the worst performing
High Stakes And The Sequester Squeeze(Foreign Policy) It's all about national security, isn't it? Or is it? Rick's back room is alive and well in Washington, D.C. And it is shocking, just shocking, to learn that as the defense drawdown continues, not a single player at the defense table has stopped placing bets, stopped trying to fix the outcome of the game, or tried another role of the dice to end-run the impact of the sequester
Federal funding drying up for anti-terror centers(WLUK Fox 11) Two centers that link Wisconsin to a national antiterrorism intelligence network are trying to figure out how to keep functioning as federal funding is starting to dry up. The so-called fusion center in Madison has been getting state funds to
NSA plans new computing center for cyber threats(Baltimore Sun) Keith B. Alexander, the director of the National Security Agency and head of U.S. Cyber Command, said during a groundbreaking ceremony Monday at Fort Meade. The 600,000-square-foot facility, similar in function to an existing computer center
Interior Dept Picks 10 for $1B Cloud IDIQ(GovConWire) Ten companies have won positions on a potential 10-year $1 billion cloud computing services contract with the Interior Department, Federal Times reported Thursday. Nicole Johnson writes the indefinite-delivery/indefinite-quantity includes three base years and seven option years through 2023. Contractors will compete to provide cloud storage, file transfer, database and Web hosting, development and testing
Dell acquires Enstratius(Help Net Security) Dell today announced the acquisition of Enstratius, which helps organizations manage applications across private, public and hybrid clouds, including automated application provisioning and scaling
Avast Acquires Secure.me(The Droid Guy) Avast a consumer antivirus maker has just acquires the Facebook-focuesd…cut down the amount of cyber bullying and prevent the children from spending way
BMC to go private in $6.9 bln deal led by Bain, Golden Gate(Reuters) Business software maker BMC Software Inc , whose anemic growth has been a source of frustration for its largest shareholder, said it would be taken private by a group led by Bain Capital and Golden Gate Capital for about $6.9 billion
The Challenge of Buying Cyber Companies(Defense News) Every major US defense contractor is busy building a new cyber center or announcing a revolutionary new cyber tool. And to support those cyber efforts, they are buying companies with new technology and approaches, buttressing their in-house capabilities
Gordon Johndroe Named Lockheed Media Relations VP(GovConWire) Gordon Johndroe, a former National Security Council spokesman and deputy White House press secretary during the George W. Bush administration, has joined Lockheed Martin (NYSE: LMT) as vice president of media relations and international communications. The 15-year communications and public relations veteran will serve as the company's chief spokesperson and lead campaigns and strategies for
DynCorp to Realign Business Units, Start New Intl Org(GovConWire) DynCorp International is reorganizing from five business units to three, with one of them a new organization intended to focus on international opportunities, the Washington Post reports. Marjorie Censer writes the company will restructure into three business units: DynAviation, DynLogistics and the new DynGlobal organization. Steve Gaffney, DynCorp chairman, president and CEO told the Post
Cain & Abel 4.9.44 released(Help Net Security) Cain & Abel is a password recovery tool for Microsoft operating systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary
Interop Las Vegas: 10 Cool Products(InformationWeek) From video conferencing knockouts to data protection tools, intriguing new products are on tap at Interop Las Vegas 2013. Take a closer look
Technologies, Techniques, and Standards
How to Stop DNS Application Attacks(Cloudshield) We already discussed strategies to secure a Domain Name Service (DNS) infrastructure from a network point of view, ways to reduce the DNS traffic load, and how to secure the DNS protocol itself…but what about DNS application security
Security Logging in an Enterprise, Part 1 of 2(Cisco Blogs) Logging is probably both one of the most useful and least used of all security forensic capabilities. In large enterprises many security teams rely on their IT counterparts to do the logging and then turn to the IT logging infra when they need log information. That in itself isn't bad; however, the needs/requirements for IT may not be a 100% fit for a CIRT. Read on to find out how we handled it
Amid a barrage of password breaches, "honeywords" to the rescue(Ars Technica) Security experts have proposed a simple way for websites to better secure highly sensitive databases used to store user passwords: the creation of false "honeyword" passcodes that when entered would trigger alarms that account hijacking attacks are underway.The suggestion builds on the already established practice of creating dummy accounts known as honeypot accounts. It comes as dozens of high-profile sites watched user data become jeopardizedincluding LivingSocial, dating site Zoosk, Evernote
Companies explore self-detonating data as security control(CSO) Putting controls on what people see and putting expiration dates on sensitive documents. The popular Snapchat photo-messaging app used mainly by Android and iOS mobile device owners to share images that then self-destruct after 10 seconds is the sort of security idea that businesses say can help them secure online transactions with business partners
Los Alamos Scientists Build A Prototype Quantum Network(Forbes) The way quantum cryptography works is not at all simple, but here's the basic idea: in quantum mechanics, it's possible for two photons of light to become entangled. Meaning that when you change the quantum "spin" of one of the photons, the spin of the
Commercial Quantum Cryptography Satellites Coming(IEEE Spectrum) Satellites capable of performing quantum cryptography, a form of communication that is theoretically unhackable, don't even exist outside of the lab yet, but researchers at the Institute for Quantum Computing (IQC), in Waterloo, Ont., Canada, are
New Software Security Center To Evaluate Cyberthreats(Dark Reading) S2ERC will be launched at Georgetown later this month. A new Security and Software Engineering Research Center (S2ERC) that will research cyber threats and other security and technology issues will be launched at Georgetown later this month. Eric Burger, research professor of computer science, will serve as director of the new center, which will have its first face-to-face meeting on May 28
Why Tech's Finance Wizards Are Tearing Out Their Hair(Wired Business) Already overdue, SEC rules implementing the "crowdfunding" provisions of the JOBS Act aren't expected to take effect until the middle of next year. In the meantime, some startups are already burning through capital
Privacy Fail: House Passes Cyber Intelligence Law(LiveScience.com) But, unfortunately, the hacker collective largely failed recently to derail the Cyber Intelligence Sharing and Protection Act (CISPA) in much the same way that earlier efforts helped derail the Stop Online Piracy Act (SOPA). As a result, CISPA is still
DHS urged to hire outsider for new cyber chief(The Hill) [Keith] Alexander's role at the National Security Agency and the deputy undersecretary for cybersecurity at DHS," Weatherford told The Hill. "Not just because of the executive order, but when you look at DHS's responsibility of working with the 16
Australian privacy regime leads world but 17-year-old girls lead by example: expert(CSO) Australia's pragmatic privacy legislation is "the gold standard" for world privacy legislation even when compared with the European Union's long-established privacy regime, a US-based privacy expert has concluded – while advising privacy-conscious executives to make employees think like high-school girls if they really want to guarantee data integrity
DoD forming information operations executive steering group(FierceGovernmentIT) The Defense Department will form an information operations executive steering group to better streamline IO, or the mechanisms the department uses to integrate and implement information-related capabilities during military operations, says a May 2 DoD directive
Self Propagated LulzSec Leader 'Aush0k' Arrested By Australian Federal Police(Voice Of Grey Hat) Many of us knew Hector Xavier Monsegur widely known as 'Sabu' as the leader of infamous international hacker group LulzSec and Antisec. But this idea will surely be changed when you will hear the histrionic story, which came to light when a 24 old Australian proclaimed himself as the leader of notorious hacker collective group Lulz Security also known as LulzSec. The man, known online as Aush0k, is a senior Australian IT professional who works for the local arm of an international IT company
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Interop Las Vegas(Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes,...
(ISC)² CyberSecureGov(Crystal City, Virginia, USA, May 7 - 8, 2013) Join (ISC)² for an exciting two days as they explore the prevailing factors working against US Government IT Security practitioners and managers, how existing technical and personnel resources are faring...
ITWeb Security Summit 2013(Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers...
The Computer Forensics Show(New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity...
ASIS 23rd New York City Security Conference and Expo(New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges...
Software Engineering Institute Invitational Hiring Event(Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on...
Baltimore Tech-Security Conference(Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
CyberSecurity UAE Summit 2013(Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising...
GovSec(Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of...
Thriving in the Post-Sequestration GovCon Era(McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each...
Second Maryland Cybersecurity Center Symposium (MC2)(College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote...
FOSE(Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers...
7th Annual INSA IC Industry Day(Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is...
Hack Miami(Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...
CEIC 2013(Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers.
IEEE Symposium on Security and Privacy(San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...
U.S. Department of State Mobile Computing Forum(Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services...
International Workshop on Cyber Crime (IWCC)(San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field...
Web 2.0 Security and Privacy(San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations...
Maryland/DC Celebration of International Trade(Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...
IEEE-Cyber 2013(Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT(Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...
Cyber Security for the Chemical Industry(Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced...
DGI Cyber Security Conference & Expo(Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.