Guy Fawkes Day seems to have fizzled as far as cyber attacks were concerned, but a number of masked Anonymous types succeeded in getting themselves arrested in physical space.
Surveillance outrage puts Australian businesses in the crosshairs of Indonesian patriotic hacktivists. Belgium's prime minister has sustained a cyber attack (it appears criminals are responsible). Chinese cyber criminals hack at least one Canadian bank.
Microsoft warns of a zero-day affecting Office and issues an emergency mitigation. Bogus emails purporting to emanate from UK agencies are spreading a Trojan. A search about (not on) Chrome can lead to a malware-laden site.
North Carolina State researchers claim Samsung and HTC inadvertently introduce vulnerabilities when they customize smartphones (many involve granting apps excessive privileges).
Take your pick as to whom you believe about BadBios, but skepticism rises as researchers are unable to duplicate Dragos Ruiu's reported findings.
The Android banking Trojan Svpeng now has phishing capabilities and seems poised to break out of Russia.
The crowd-funded audit of TrueCrypt is reported ready to begin.
Brazil, recently in high dudgeon over US surveillance allegations, receives some high dudgeon in return from France, as reports surface that Brazilian intelligence monitored the DGSE. Brazil also tightens surveillance as the World Cup approaches.
Germany calls the UK ambassador in for explanations of alleged GCHQ surveillance of the Federal Republic. A US-German "no-spying" treaty seems unlikely, even as both countries work to repair surveillance-dinged relations.
An inspector general finds US agencies remain unable to effectively share cyber threat intelligence.
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, Cyprus, European Union, France, Germany, Indonesia, Ireland, New Zealand, Philippines, Russia, Spain, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Indonesians hackers fume at Aussie spooks(TechEye) Indonesian hackers have declared war on Australian businesses and hit more than 100 targets including a major Queensland hospital, a children's cancer association and an anti-slavery charity
Zero–Day attacks hit Windows, Office, Lync(ZDNet) Certain versions of Windows, Office and Microsoft Lync are being attacked in the wild via a new remote code execution vulnerability, says Microsoft in a disclosure
Fake UK Government Emails Used to Distribute New Trojan Variant(Softpedia) Experts have spotted a couple of malicious emails purporting to come from UK government organizations. The bogus notifications are being used by cybercriminals to distribute malware onto the computers of internauts, particularly ones from the United Kingdom
Chrome Search Leads to Malware(ISS Source) Users who search for "google chrome download" on Yahoo! could very well end up with a malware infection. That is because some of the sponsored ads point to a website called softpack(dot)info/chrome
Dragos Ruiu on the badBIOS Saga(Threatpost) Dennis Fisher talks with researcher Dragos Ruiu about his years-long struggle with a group of attackers who have infiltrated his network and are using malware that seems to resist all removal attempts and may have the ability to communicate using sound
New vendor of 'professional DDoS for hire service' spotted in the wild(Webroot Threat Blog) In a series of blog posts, we've highlighted the emergence of easy to use, publicly obtainable, cracked or leaked, DIY (Do It Yourself) DDoS (Distributed Denial of Service) attack tools. These services empower novice cybercriminals with easy to use tools, enabling them to monetize in the form of 'vendor' type propositions for DDoS for hire services. Not surprisingly, we continue to observe the growth of this emerging (international) market segment
Malicious PDF Analysis Evasion Techniques(TrendLabs Security Intelligence Blog) In many exploit kits, malicious PDF files are some of the most common threats used to try to infect users with various malicious files. Naturally, security vendors invest in efforts to detect these files properly — and their creators invest in efforts to evade those vendors
Android Banking Trojan Svpeng Goes Phishing(Threatpost) Kaspersky Lab researchers say the Android banking Trojann Svpeng now has phishing capabilities and may be testing the waters to infect devices outside of Russia
Alert (TA13-309A): CryptoLocker Ransomware Infections(US-CERT) US-CERT is aware of a malware campaign that surfaced in 2013 and is associated with an increasing number of ransomware infections. CryptoLocker is a new variant of ransomware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. As of this time, the primary means of infection appears to be phishing emails containing malicious attachments
Are anti–virus testers measuring the right things?(Naked Security) Do we measure resilience? What aspects of test sample selection may bias results? What are the methods used in a field-trial of anti-malware? These were among the presentations at the first Workshop on Anti-Malware Testing Research (WATeR), where we looked at the sort of things current tests of
We need to start defining acceptable mobile advertising(Naked Security) Advertising supports a large chunk of the apps we use on our mobile devices. But without oversight, the behaviour of ad frameworks risks crossing all manner of privacy and security lines. A proposed project aims to address this issue and define a standard for acceptable mobile ads
Cyber security capability varies "dramatically" across UK public sector(UKAuthority) John Thorton, Secretary to the Digital Government Security Forum.The ability of UK public sector bodies to combat cyber security threats and the understanding of such threats by senior managers varies "dramatically" across the UK, the head of a new information security forum has told UKAuthority.com
Most users don't trust app developers with their data(Help Net Security) Research by ISACA shows that, of 1,000 employed consumers surveyed in the UK, only 4% named the makers of their mobile phone apps as the entity they most trust with their personal data. Yet, 90% don't always read privacy policies before downloading apps to their devices
IT pros lack confidence when dealing with server security threats(Search Security) Enterprise servers are among the most tantalizing targets for malicious actors due to the intellectual property and user credentials stored on them, but many IT security pros do not feel confident in their ability to prevent or detect attacks against servers, according to a new survey
Navy Outlines Data Center Closure Goals, Commercial Push(GovConWire) The U.S. Navy plans to consolidate more than 12,000 servers and close 67 data centers, Federal Times reported Monday. Nicole Blake Johnson writes the Navy originally planned to close 4,932 servers by fiscal 2017 and has close-to-tripled its goals
Mandiant® Managed Defense™ Expands Capabilities with Off–Network Threat Detection and One–Click Containment(Fort Mill Times) Mandiant®, the leader in security incident response management, today announced new capabilities for its Managed Defense™ service. No system is left unprotected with Mandiant's new Agent Anywhere™ technology, an innovation enabling the search for Indicators of Compromise even when users are highly mobile, behind network address translation (NAT) or not connected to the corporate network. When attacks are confirmed, users can respond immediately and isolate affected systems with a single click from the Managed Defense portal to stop attacks in their tracks
Bitdefender announces significant price drop for Security–as–a–Service for AWS(BWW) Bitdefender, the creator of leading antimalware solutions, today announced a 50% price drop for its solution, Security-as-a-Service for AWS (Amazon Web Services). Bitdefender maintains the AWS philosophy of self-service, flexibility and pay-as-you-go by providing its security solution built to match the economics of AWS on demand and by the hour - to the AWS DevOps, Startup and Enterprise communities
KitKat security has room for improvement — Bitdefender(MobileWorld) There are a number of areas in which the latest version of Android, 4.4/KitKat, could be improved to prevent security incidents, according to Catalin Cosoi, chief security strategist at anti-virus provider Bitdefender
NetCitadel Joins with FireEye for Enterprise Security(CIO Today) NetCitadel, Inc., the pioneer in innovative threat management solutions, today announced that its Threat Management Platform has integrated with the leading threat protection platform from FireEye®, Inc. FireEye is the leader in stopping today's new breed of cyber-attacks, enabling immediate response and comprehensive protection against today's advanced persistent threats (APTs) and zero-day attacks. NetCitadel also announced that it has joined the FireEye Fuel Partner Program
Trend Micro and CSC Partner to Protect Global Enterprises Against Cyber Threats(Wall Street Journal) Trend Micro Inc. (TYO: 4704; TSE: 4704) today announced a partnership with CSC (NYSE: CSC) to provide global threat intelligence through the Trend Micro(TM) Smart Protection Network(TM) infrastructure to keep corporate networks and data safe. In addition, CSC has been confirmed as a member of the Trend Ready for Cloud Service Providers Program to verify compatibility with Trend Micro solutions for its customers. CSC will leverage these capabilities for cloud data, and threat detection and protection both internally and for its customer base in order to identify and mitigate cyber attacks
Triumfant detects and stops in–memory malware attacks(Help Net Security) Advanced Volatile Threats are malware attacks that take place in a computer's RAM or other volatile memory, and are difficult to detect because they are never stored to the hard disk. Unlike APTs that create a pathway into the system and then automatically execute every time a machine is rebooted, an Advanced Volatile Threat enters a machine in volatile, real-time memory, exfiltrates the data, then immediately wipes its fingerprints clean
LastPass 3.0 comes with new design and features(Help Net Security) Popular password manager LastPass has reached version 3.0. The new release features an updated, clean design across the LastPass browser addons, the iOS and Android mobile apps, and the website
Patch first, ask questions later(InfoWorld) You'll never have a perfectly patched environment, so play the odds — patch software hit most by successful exploits first
HUG: Protactive Security(ISS Source) It is very easy to take a fatalistic approach to security because it seems attackers have the upper hand, but it doesn't have to be that way
How to trap malware in a sandbox(RealBusiness) Threat emulation is a key new technique for preventing zero-day and targeted attacks. Check Point explains how this method delivers unmatched protection against both unknown and known threats
Disarming Corruptor Can Temporarily Scramble 3D Models To Confuse Snoops(TechCrunch) Fans of outré 3D prints like the Liberator or trademark-protected Mechwarrior robots can now obfuscate their prints using Disarming Corruptor, a system that temporarily scrambles 3D objects and allows authorized users to descramble them with a key. Created by Matthew Plummer-Fernandez, the program is a commentary on the censorship of 3D objects and an interesting way to trip up folks who might be
Le Brésil a espionné les services secrets français(Le Monde) Après avoir qualifié d'affront les écoutes de la NSA sur son territoire, le gouvernement brésilien a admis avoir surveillé des diplomates entre 2002 et 2004, au début de la présidence de Lula da Silva. D'après des documents de l'ABIN – l'agence de renseignement du pays – publiés dans le quotidien Folha de Sao Paulo lundi 4 et mardi 5 novembre, le Brésil a surveillé des diplomates russes, iraniens, irakiens, nord-américains et…des espions français de la DGSE, dont "Olivier"
NSA files — Germans call in British ambassador — live(The Guardian) The Independent says its story on Britain operating a network of "electronic spy posts" near the Bundestag and German chancellor's office is based on "documents leaked by the US National Security Agency whistleblower Edward Snowden"
Senate panel approves intelligence authorization bill(Chicago Tribune) A Senate panel approved its annual authorization of funding for intelligence operations on Tuesday, including measures to increase spy agencies' ability to prevent leaks of classified information like those by former National Security Agency contractor Edward Snowden
What It Takes: In Defense of the NSA(World Affairs Journal) "Freedom must be won anew by every generation." I was reminded of the truth behind these words of my old boss, Jack Kemp, in considering the current debate over Edward Snowden and the collection programs of the National Security Agency
U.S. power to shape global Web seen undermined by NSA spying(Chicago Tribune) Revelations about the scale of U.S. spying on the Internet have badly damaged the country's negotiating power in international talks on cyberspace regulation and law enforcement, analysts and industry leaders said at a conference on Tuesday
The dangers of weakening cybersecurity to facilitate surveillance(Help Net Security) In response to the controversy over the alleged surveillance practices of the NSA, the White House established the Review Group on Intelligence and Communication Technologies, which is expected to provide recommendations to the president next week
Army Cyber seeks command center site at Gordon or Meade(Army Times) Army Cyber Command plans to lead a worldwide corps of 21,000 soldiers and civilians from a proposed 179,000-square foot command center at either Fort Meade, Md., or Fort Gordon, Ga., according to an Army report
Apple says it has 'never received an order under Section 215'(Threatpost) In a new report detailing the number and kind of requests for user information it's gotten from various governments, Apple said it has never received a request for information under Section 215 of the USA PATROT Act and would likely fight one if it ever came
New Subjects Added to Cyber's Most Wanted List(FBI) Five individuals have been added to the FBI's Cyber Most Wanted list for their roles in domestic and international hacking and fraud crimes collectively involving hundreds of thousands of victims and tens of millions of dollars in losses
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Operationalize Threat Intelligence(Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...
InfoSec World Conference & Expo 2014(, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
MIRcon 2013(Washington, DC, USA, November 5 - 6, 2013) With targeted attacks becoming more prevalent, today's incident responders are faced with the tremendous challenge of accelerating their response times while capturing relevant data from attacks in progress.
KMWorld 2013(, January 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development...
CyberInnovation Briefing(Baltimore, Maryland, USA, November 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being...
Maryland Art Place Annual Fall Benefit(Baltimore, Maryland, USA, November 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner...
Teaching Computer Forensics(Sunderland, England, UK, November 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student...
Cyber Education Symposium(Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways...
APPSEC USA(New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security...
IT Forum Expo/Black Hat Regional Summit(, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...
2nd Annual East Africa IT and Cyber Security Convention 2013(Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.