Mandiant reports that a previously unknown Iranian group is conducting cyber attacks on US domestic companies. It's unclear whether the group is a state agency, state-directed, or simply a patriotic hacking crew. Iran's government denies the group's existence.
Moxie Marlinspike blogs about a Saudi telecom's offer to hire him to work on Twitter interception, and thinks the (legitimate? corporate? governmental?) market for exploits has become unhealthy. Reuters and CSO have similar, unrelated observations about the US Government's role in that market.
FireEye discovers a fresh campaign against Chinese "political rights activists." The US National Vulnerability Database reports a Linux privilege escalation vulnerability. Dorkbot continues to chew its way through Facebook, and a bogus "free media player" ad distributes malware to the unwary. The implausibly handled "Mr. TruthizSexy" makes an unconfirmed boast of compromising Stanford's networks. More healthcare providers suffer data breaches.
Surprisingly, "tech support" phone scams still work: please don't give a caller remote access to your systems.
Mozilla releases eight security advisories and three critical patches.
China's Huawei dismisses US cyber security concerns as a fig leaf for protectionism. The US Defense Department's admission of Apple and Samsung mobile devices to unclassified networks will be, says network security firm Ixia "a debacle, a disaster waiting to happen."
North Carolina State University researchers announce development of an algorithm for peer-level SCADA security.
The International Telecommunications Union reconvenes to discuss (among other matters) Internet governance.
India intensifies investigation of recent ATM cybertheft. Russia declares a gmailing US diplomat persona non grata.
Today's issue includes events affecting Australia, China, Germany, India, Iran, Kenya, Republic of Korea, Portugal, Romania, Russia, Saudi Arabia, Turkey, United Arab Emirates, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
Iran-Based Hackers Traced to Cyber Attack on US Company(Businessweek) A previously unknown hacking group believed to be based in Iran has started cyber attacks inside the U.S., according to Mandiant Corp., a security company that's linked China's army to similar activity. The Iranian group emerged within the last six
Researcher refuses to help Saudi telco to spy on people(Help Net Security) You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher such as Moxie Marlinspike for help, but you would be wrong
A Saudi Arabia Telecom's Surveillance Pitch(Thoughtcrime.org) Last week I was contacted by an agent of Mobily, one of two telecoms operating in Saudi Arabia, about a surveillance project that they're working on in that country. Having published two reasonably popular MITM tools, it's not uncommon for me to get emails requesting that I help people with their interception projects. I typically don't respond, but this one (an email titled "Solution for monitoring encrypted data on telecom") caught my eye
Fed offensive fueling hacker underground, report says(CSO) The U.S. government is contributing to the Internet's underground economy by scooping up hacker tools to incorporate into offensive cyber weapons, a report from Reuters says. The feds have become the biggest buyer in a growing gray market where hackers and defense contractors sell tools to compromise computers, the report said. A major concern about the government's actions is that it's using what it buys for offensive weapons at the expense of not only the country's cyber defenses but the private
Targeted Attack Trend Alert: PlugX the Old Dog With a New Trick(FireEye) FireEye Labs has discovered a targeted attack towards Chinese political rights activists. The targets appear to be members of social groups that are involved in the political rights movement in China. The email turned up after the attention received in Beijing during the 12th National People's Congress and the 12th National Committee of the Chinese People's Political Consultative Conference, which is the election of a new core of leadership of the Chinese government, to determine the future of China's five-year development plan
CVE-2013-2094: Linux privilege escalation(Internet Storm Center) A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulnerability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions. CentOS even backported the vulnerability to 2.6.32
Facebook attacked with credential-harvesting malware(CSO) A new variant of the Dorkbot malware was discovered spreading through Facebook's internal chat service, in an attempt by cybercriminals to harvest users' passwords. Bitdefender researchers discovered links to the malware circulating among Facebook users in the United States, India, Portugal, the United Kingdom, Germany, Turkey and Romania. The security firm did not know the extent of the infection on Monday, but said it counted 9,000 malicious links to the malware in 24 hours
Fake 'Free Media Player' distributed via rogue 'Adobe Flash Player HD' advertisement(Webroot) Our sensors just picked up a rogue advertisement served through the Yieldmanager ad network, which exposes users to fake Adobe Flash Player HD ads, ultimately dropping a copy of the potentially unwanted application (PUA)/adware, known as Somoto Better Installer.Surprisingly, once users click, theyre presented with a rogue Free Media Player page, instead of of a Adobe Flash Player HD themed page. Users who fall victim to the social engineering scam will end up installing multiple potentially unwanted
Iowa City Police Investigating ATM Scam(KCRG) Police are investigating an ATM scam at a US Bank in Iowa City. The bank says someone installed an ATM skimmer at the Towncrest branch off William Street.The skimmer steals personal information like account and pin numbers.The bank says customers will not be liable for any unauthorized transactions.Fraud can happen anywhere, any time to anyone. Here are some fraud prevention tips for your viewers
Hacker claimed to breach into Stanford University Website and leaked personal details(Hackers News Bulletin) According to last tweet of hacker named Mr. TruthizSexy he managed to get in the Stanford University website (www.stanford.edu) and leaked large amount of personal details from their website. After a short chat with hacker he told that there is no motive behind that hack just he wants to ensure to them that how insecure they are. According to the hacker he claimed to hack the website through SQLi Injection Vulnerability and managed to get the details which contain a large amount of personal data
Across the U.S., healthcare organizations suffer data breaches(FierceHealthIT) More than 21,000 patients have been impacted by a trio of recent healthcare data breaches throughout the U.S. Indiana University Health Arnette in Lafayette, Ind., announced last week that an employee's password-protected laptop with patient information--including names, dates of birth, medical record numbers, diagnoses and dates of service--was stolen from a car in April. The organization indicated that it doesn't have reason to believe the information has been improperly accessed or used, but police were immediately notified, regardless. IU Health Arnett began mailing letters to affected patients--nearly 10,000, according to the Journal and Courier--informing them about the breach on May 10
WTOP, Federal News Radio Web site access restored after attack(Washington Post) John Spaulding, the D.C. director of information systems for Hubbard Radio, said that Hubbard Media worked with the cybersecurity firm Mandiant to analyze its full site. "We have found and eliminated the vulnerabilities that were exploited," he said in
Android malware continues to rise(Help Net Security) The first quarter of 2013 was marked by firsts for Android malware that add complexity to the Android threat landscape. According to F-Secure Labs, January through March saw the first Android threat
Security Patches, Mitigations, and Software Updates
Microsoft takes care of IE zero day with Patch Tuesday update(PCWorld) Andrew Storms, director of security operations for nCircle (a Tripwire company), says, "As anticipated, Microsoft released a critical update for Internet Explorer 8 today that patches an outstanding zero-day bug reportedly used in a targeted watering
There are 12.5 unprotected versions of the average American's personal information on the web(Quartz) Safe Shepherd is a company that searches the web for all the public records available on Americans, and then presents them in a dashboard. Try it for yourself—it's free—and the results are almost guaranteed to be unnerving. The information is mostly innocuous, and includes your address, phone number and email, but the fact that it's public is more than enough to create a healthy stream of business for Safe Shepherd, which, according to founder Robert Leshner, is "lightly profitable"
How employees use business email(Help Net Security) The conventional 9am–5pm working day and five-day working week is a thing of the past for the overwhelming majority of workers at SMBs, according to a new survey on work-related email habits
The top three threats facing enterprises(Help Net Security) Globalization and mobility are fueling opportunities for enterprises today, but they have a nemesis: amplification. As physical perimeters become flexible and the tools and devices organisations utilise become mobile, the downside is that the risks introduced become amplified
Kids access porn sites at 6, begin flirting online at 8(Detroit Free Press) Bitdefender correlated results of an online survey of parents with data compiled from its parental control services, such as which sites parents choose to block, and which sites children access regularly. Almost a quarter of the kids accounted for in
Cyber security claims just protectionism(Global Times) The founder of China's telecommunications equipment-maker Huawei, Ren Zhengfei, gave an interview with some local reporters in New Zealand recently. It's the first time Ren has spoken to media over the past 26 years. Ren criticized the US accusations on Huawei over cyber security issues, saying the company "has no connection to the cyber security issues the US has encountered."Chinese telecommunications enterprises like Huawei and ZTE in recent years have been suppressed in the US market on cyber
Defense Experts Warn Of More Cuts, Murky Future(Norfolk Virginian-Pilot) Pentagon officials and defense experts painted a gloomy picture Tuesday at an annual warfighting conference, warning that automatic defense cuts that began this year may be around for a while
Pentagon Risk Raised With Apple, Samsung Devices(Businessweek) The electronics company worked with the U.S. National Security Agency to create Knox, a secure version of Google (GOOG)'s Android operating system with multiple layers of software and hardware protection. The system lets employers keep corporate and
Northrop teams with DHS to expand cybersecurity protections(Washington Technology) The program is an information-sharing program to assist critical infrastructure owners and operators in enhancing the cybersecurity protections of their information systems from unauthorized access, exploitation and data exfiltration, Northrop Grumman
Bloomberg aims to reassure on executive terminal monitoring(FierceFinance) Bloomberg's top editorial executive has apologized for the shocking revelation that its reporters were able to use the company's terminal to snoop on executives. He also added some details meant to reassure users that any monitoring was limited in scope and certainly not "spying" in the traditional sense
Dell special committee seeks more information(FierceFinance) We could be settling in for a protracted tactical war when it comes to the Dell leveraged buyout saga. The latest development is that the special committee of the Dell board has asked for more specific information from Carl Icahn and Southeastern Asset Management. The committee apparently wants to determine if the proposal is a formal proposal or merely an alternative to be considered if the current deal isn't approved
Products, Services, and Solutions
SAFECode Launches Software Security Training Program For Enterprises(Dark Reading) Free curriculum will help businesses build software security training programs in-house, SAFECode says. The Software Assurance Forum for Excellence in Code (SAFECode) today will publish the first modules in a free program of software security training that enterprises can implement themselves
Cydia Substrate Comes To Android (Cydia Store Next?)(TechCrunch) Cydia, a platform commonly thought of as the alternative app store for jailbroken iPhones and iPads, has just today arrived on Android of all places. Though Android is by its nature more open and customizable than Apple's locked-down iOS, it now has a growing collection of apps designed for power users who root their devices – a process that's similar in spirit to the iOS jailbreak
Rexxfield Offers Cyber Investigation Services to General Public(Softpedia) Rexxfield, a company that provides cyber investigation support services to law enforcement agencies from all over the world, has decided to make its offering available for the general public as well. Currently, law enforcement agencies dont have the resources to investigate every cybercrime that takes place, which is where Rexxfield steps in.After developing governance and best practice policies, the company has decided to offer its services to the general public
GFI MailArchiver 2013 released(Help Net Security) GFI Software announced a new version of its email archiving solution, GFI MailArchiver, which now provides managers with the ability to better understand employee email habits and identify their email
Internet Explorer best at blocking malware(Help Net Security) NSS Labs released the results and analysis from its web browser security comparative evaluating the protection offered by five browsers - Safari 5, Chrome 25/26, Internet Explorer 10, Firefox 19 and Opera 12 - against malware downloads (also known as socially engineered malware)
NIKSUN NetDetector/NetVCR Alpine 4.2.1(SC Magazine Australia) The system provides many network resources that allow users to see a variety of details on the network, such as IP communication, cyber attack detection and
Technologies, Techniques, and Standards
Web Application Testing Using Real-World Attacks(Dark Reading) Using exploits to test Web applications can be an enlightening way to test for vulnerabilities, but there are downsides as well. Vulnerability management and scanning systems typically combine a number of techniques to assess the risk faced by a business's information technology, from scanning files and evaluating the current patch level to launching attacks and testing for practical vulnerabilities
Know Your Pen Tester: The Novice(Dark Reading) Penetration testers put their pants on just like the rest of us, one leg at a time. Except once their pants are on, they break into computers. Not all pen testers, however, are created equal
Here's How the Next Mark Felt Can Leak to the Press(Wired) With the a recent revelation that the Department of Justice under the Obama administration secretly obtained phone records for Associated Press journalists — and previous subpoenas by the Bush administration targeting the Washington Post and New York Times
White House warns of open data mosaic effect(FierceGovernmentIT) Beyond asking agencies to guard against the release of data with personally-identifiable information, the Open Data Policy published by the White House May 9 directs agencies to account for the "mosaic effect" of data aggregation. The mosaic effect occurs when information alone is not identifiable but when coupled with other available information poses a privacy or security risk
If it's worth coding, it's worth securing(Sydney Morning Herald) "Do what you can to secure your part of cyberspace because that makes us all better." So says Howard Schmidt, former cyber tsar to US President Barack Obama, now a cyber security consultant and board member of the Software Assurance Forum for Excellence in Code (SAFECode), a non-profit organisation aimed at making the internet safer.As cyber security, or the lack thereof, reaches global levels of awareness driven by financially-motivated hacking, hacktivism, country-sponsored espionage and
Hospital Cyber Security: 10 Emergency Prevention Tips(Beckers Hospital Review) While hospitals may be highly advanced when it comes to saving lives, many of them are not quite as astute when it comes to securing patient and protected health information. Nine out of 10 hospitals in the U.S. have suffered a data breach or intrusion in their networks over the past two years, according to the "Third Annual Benchmark Study on Patient Privacy and Data" by the Ponemon Institute. That is far from acceptable in any industry, but especially horrendous in a field where highly sensitive
Big Data Requires New Thinking in Security(EdTech) Threats to data and secure information change daily and demand agile security solutions. The Big Data boom isn't all about analytics; it's also about smart data management and protecting data assets
The Morning Risk Report: From Cyber Lemons to Lemonade(Wall Street Journal) For many firms, disclosing a cyberattack can lead to wary customers and a tarnished brand. But some companies are taking a different approach: they're trying to turn the disclosure of a cyber incident into a positive public-relations event
Design and Innovation
Meet the Woman Behind Pakistan's First Hackathon(Wired) Sabeen Mahmud has short-cropped hair and rectangular glasses; she'd fit right in hunched over a laptop at Philz or behind the counter at one of Apple's Genius Bars. Her resume matches her style. She's founded a small tech company, opened
Research and Development
New Algorithm Lets SCADA Devices Detect, Deflect Attacks(Dark Reading) Embedded software prototype operates under the 'new normal' that many SCADA environments have already been breached. Researchers have built a prototype that lets SCADA devices police one another in order to catch and cut off a fellow power plant or factory floor device that has been compromised
Dreaming of atomic-level big data(FierceBigData) Talk about ubiquity. Andreas Heinrich, research scientist at the IBM (NYSE: IBM) Almaden Research Center, says that when it comes to shrinking computational components, the natural end to Moore's law has been reached--at least at the research level--and that one day big data collection will be handled effortlessly by nano-sized components interwoven into everyday communications tools. He said that the research community "has jumped into a world where devices are made with atomic-scale control"
Legislation, Policy, and Regulation
U.N.'s ITU pursues Internet control—again—this week(ZDNet) U.S. State Department and global civil society groups prep as U.N. telecommunication arm ITU tackles Internet control at WPTF-13 this week. The Fifth World Telecommunication/ICT Policy Forum ("WTPF-13") will be held in Geneva, Switzerland, this week for three days, May 14-16. As with the bellicose WCIT-12 (the U.N.'s 2012 World Conference on International Telecommunications) last December in Dubai and its accompanying protests and dramatic walkout by the U.S. delegation, this Forum will be run by the United Nations notoriously dubious telecommunications arm, the ITU
Kenya Opens High-Tech Anti-Terrorism Facility(All Africa) The newly opened Kenya Police Operations Centre, whose mission is to co-ordinate and carry out anti-terrorism operations with the country's various national security agencies, will make Kenya and the region safer in the face of extremist threats, officials say
Too much infosec regulation undermines security, warns NAB(The Register) More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. We have to become much more agile and proactive how we look at, how we react to cybercrime. Our posture is changing from 'observe and analyse' to 'detect and respond', Dell told the 2013 Trend Micro Evolve Security Conference
White House cites progress in cyber talks with China, Russia(Reuters) Michael Daniel, the Obama administration's cybersecurity policy coordinator, said that China has agreed to establish a joint working group with the United States to address Internet security issues such as cyber espionage.The group will convene for the first time this summer, stepping up communication that had previously been relegated to sporadic discussions or long-running unofficial talks between private citizens from the two countries."We're working to set the agenda" for the initial meeting
Chambliss wants bill allowing cyber threat info sharing(Augusta Chronicle) An ongoing series of cyber-attacks on federal banks, government agencies and private companies has U.S. Sen. Saxby Chambliss pushing legislation that would bolster the nations defenses against computer hackers, both domestic and foreign.The Georgia lawmaker said he plans to draft a bill that would allow the U.S. to share classified cyber threat information with companies who say they are losing billions of dollars annually to stolen patents and government contracts chiefly those negotiated for
Why the US needs to flex its cyber muscles(USA TODAY) So it's fair to say that the average citizen has plenty of reason to follow the federal government's actions in this domain. It is a positive step that the Cyber Command in Washington intends to hire 4,000 new recruits, quintupling its current force
Should the G20 forum discuss Internet security?(Help Net Security) The G20 should tackle the vastly important issue of Internet security and "articulate a vision for shaping the Internet economy for the next five to 10 years," a new commentary issued by The Centre for
Litigation, Investigation, and Law Enforcement
India IT watchdog investigating breach in ATM heist(Reuters) The Indian government's cyber watchdog is investigating how security at two companies that are part of the country's vast IT services industry was breached in a global ATM heist that saw $45 million stolen from two banks in the Middle East
Email: Even The CIA Uses It. Time To Get Serious About Its Legal Protections(Forbes) A new spy scandal is unfolding. In a nutshell Russia is expelling a U.S. diplomat from Moscow, accusing him being an undercover Central Intelligence Agency officer was trying to recruit someone from the Russian intelligence services. Now here is the kicker: Allegedly the U.S. diplomat told his would-be recruit to set up a Google GOOG +1.09% Gmail account to respond if he wanted to pursue such a relationship
What the strange case of alleged US spy Ryan Fogle doesn't tell you about how espionage really works(Quartz) Today's brouhaha around Ryan Fogle, a junior US diplomat in Moscow whom Russian authorities detained and accused of spying, may have seemed to some like a joke, or else suspiciously like a bad frame-up. Fogle was paraded in front of cameras at Russia's state security service, the FSB, along with his alleged tools of tradecraft—which included two wigs, a wad of cash, a compass, and a "Dear Friend" letter intended for a potential Russian recruit—before being declared persona non grata and told to leave the country
Homeland Security Freezes the Dwolla Accounts of Largest Bitcoin Exchange Mt. Gox(Softpedia) The US Department of Homeland Security has ordered Dwolla, a mobile payments company, to stop making payments to Mt. Gox, the largest and best known Bitcoin exchange. The reason for the order is unknown, and Mt. Gox itself says it has not seen any documents and has not been served with anything. All it knows is from news reports on the issue.The DHS and the US District Court of Maryland have seized Mutum Sigillum LLC's (Mt. Gox) Dwolla account, Dwolla itself revealed, so it can't process any
PHH Corporation Suffers Security Breach(eSecurity Planet) A temp who had been indicted for identity fraud was given access to names, addresses, e-mail addresses, phone numbers, and Social Security numbers
Audit finds WA unis fail to fix known security weaknesses(ZDNet) An independent audit has found that many of Western Australia's universities and state training providers have failed to resolve the cheap and easy-to-fix information system weaknesses that they were informed about in previous years.The Western Australian auditor general has tabled his report into the state's universities and training providers, finding that although they were generally performing well, they suffered from a number of easy and cheap-to-fix information system issues
'LulzSec leader's' victim named: tiny Oz council(The Register) So: the person alleged to have described himself as the leader of LulzSec was arrested for what, exactly?There's been a lot of noise flowing around, and the odd tip-off (including some to The Register in an extensive phone call on April 29). Since we try to avoid jumping ahead of the court process, we have kept our traps shut.However, with one Matthew Flannery having appeared in the Central Local Court in Sydney today, it is now on the public record that the charges he's facing are for defacing
Deputy AG defends AP subpoenas(WCTI12.com) Thomas Drake, a former National Security Agency official, was sentenced to one year of probation and 240 hours of community service in 2011, while former CIA officer John Kiriakou was sentenced to 30 months in prison after admitting to identifying a
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Second Maryland Cybersecurity Center Symposium (MC2)(College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote...
FOSE(Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers...
7th Annual INSA IC Industry Day(Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is...
Hack Miami(Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools,...
CEIC 2013(Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers.
IEEE Symposium on Security and Privacy(San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...
U.S. Department of State Mobile Computing Forum(Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services...
International Workshop on Cyber Crime (IWCC)(San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field...
Web 2.0 Security and Privacy(San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations...
Maryland/DC Celebration of International Trade(Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international...
IEEE-Cyber 2013(Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT(Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend...
Cyber Security for the Chemical Industry(Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced...
DGI Cyber Security Conference & Expo(Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.