skip navigation

More signal. Less noise.

Daily briefing.

Hacktivists go after national governments in Brazil (over plans for a dam) and the US (for various reasons). Anonymous has for some months been making successful low-grade nuisance attacks on US government sites, and a vaguely worded FBI report to this effect fuels much speculation about the techniques Anonymous is using to get in.

Radio Free Europe and Radio Liberty have sustained intermittent denial-of-service attacks since last week. Attribution and motive remain unclear, but many of the bots used in the attacks are located in Russia and China. (This means little for attribution, but does indicate where the criminal botnet market is moving.)

VBulletin denies hacker claims of a zero-day enabling them to execute shell commands on a server, but someone's selling an exploit claiming to do just that.

The Chinese gang APT12, blamed for last year's New York Times hack, may be back. Symantec researchers detect the gang's spoor in exploitation of Japanese Ichitaro word-processing software.

Bitdefender reports that fake AV "Antivirus Security Pro" is using stolen certificates to evade detection.

Vulnerabilities in JBoss Java EE application servers are being exploited in the wild to expose the HTTP Invoker service.

CryptoLocker ransomware continues its malign spread. One small Massachusetts police department actually pays up to get its files decrypted.

Chinese security authorities tighten their grip on that country's Internet and social media to shore up "national stability." Britain's GCHQ allegedly tracks diplomats' hotel reservations through its "Royal Concierge" program. UK PM Cameron defends (and praises) both GCHQ and NSA.

Notes.

Today's issue includes events affecting Brazil, China, France, Germany, Estonia, Japan, Republic of Korea, Netherlands, Oman, Romania, Russia, South Africa, Spain, Ukraine, United Arab Emirates, United States..

Cyber Attacks, Threats, and Vulnerabilities

Belo Monte Dam Protest: Brazil's Main Government Portal Disrupted by Anonymous (Softpedia) Brasil.gov.br, the main online portal of the Brazilian government, has been disrupted for around a couple of hours by Anonymous hacktivists

Security breaches at federal agencies fuel speculation on break-in tactics (CSO) Reuters obtains memo that indicates Anonymous behind breaches that affected U.S. Army, DOE, DHHS

RFE/RL Computer Network 'Targeted' By Internet Attack (Radio Free Europe/Radio Liberty) Radio Free Europe/Radio Liberty has been targeted in an Internet attack known as a distributed denial of service (DDoS)

Official Franklin County, Ohio Website/Portal Hacked and Defaced by Nullroot (Hack Read) A hacker going with the handle of /Nullroot has hacked and defaced the official website of Franklin County, Ohio State on 17th Nov, 2013

VBulletin denies hackers' claims of zero–day exploit in forum software (Graham Cluley) VBulletin, who admitted late last week that its site was hacked and users' credentials exposed, has denied claims by hackers that they exploited an unpatched zero-day vulnerability in the popular web forum software to compromise VBulletin's systems

Hackers Claim vBulletin 0-Day Allowed Them Access to Def Con Forums (CSO) A group calling itself Inj3ct0r Team claims to have used a 0-Day in vBulletin to obtain a backup copy of the DEF CON user forum

vBulletin.com Compromise — Possible 0–day (Internet Storm Center) Earlier today, vBulletin.com was compromised. The group conducting the attack claims to have a 0-day available that enabled the attacker to execute shell commands on the server. The attacker posted screen shots as proof and offered the exploit for sale for $7,000

New York Times hackers linked to Japan Ichitaro attacks (The Register) Backdoors targeting government victims. Security experts have uncovered attacks exploiting a zero day vulnerability in Japan's most popular word processing software, bearing all the hallmarks of a Chinese group blamed for last year's New York Times hack

Fake AV Uses Stolen Digital Certificate to Evade Detection (Hot for Security) Malware creators, who first started pumping out fake antivirus solutions in 2008, are now taking them to the next level by tinkering with user trust. Bitdefender just stumbled on a number of samples for a product called Antivirus Security Pro, a sub-species of fake antivirus that comes with a digitally-signed installer to circumvent some security mechanisms of the operating system and antivirus solution

Hackers actively exploiting JBoss vulnerability to compromise servers, researchers say (CIO) Hackers exploit exposed JBoss management interfaces and invokers to install Web shells on servers

More than 12k CryptoLocker victims in less than a week (SC Magazine) The researchers with security technology company Bitdefender Labs revealed that more than 12,000 victims have been claimed in less than a full week by a nasty piece of malware known as CryptoLocker, which has been locking up computers with ransomware over the past couple of months

US local police department pays CryptoLocker ransom (Naked Security) A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports

Facebook scammers impersonate missing persons org to harvest "likes" (Help Net Security) Creating a Facebook page, making it popular and followed by many by using a number of approaches, then finally selling it to the highest bidder that's interested in spamming the willing followers

Cybercriminals spamvertise tens of thousands of fake 'Sent from my iPhone' themed emails, expose users to malware (Webroot Threat Blog) Cybercriminals are currently mass mailing tens of thousands of malicious emails, supposedly including a photo attachment that's been "Sent from an iPhone". The social engineering driven spam campaign is, however, the latest attempt by a cybercriminal/group of cybercriminals that we've been monitor for a while, to attempt to trick gullible users into unknowingly joining the botnet operated by the malicious actor(s) behind the campaign

Netflix users in danger of unknowingly picking up malware (Help Net Security) Users of Silverlight, Microsoft's answer to Adobe Flash, are in danger of having malware installed on their computers and being none the wiser, as an exploit for a critical vulnerability

Travelers are exposing their data on public networks (Help Net Security) While aware of the risks, U.S. travelers are not taking the necessary steps to protect themselves on public Wi-Fi and are exposing their data and personal information to cyber criminals and hackers

Battlefield 4 Servers Suffer Cyber Attack (Click) PC servers for DICE's Battlefield 4 came under a denial-of-service attack over the weekend, leaving players with either limited or entirely unresponsive connections for the entire weekend

Milwaukee contractor loses flash drive, compromises thousands (SC Magazine) Thousands of city workers in Milwaukee, as well as their spouses and domestic partners, had personal information compromised after a flash drive that contained the data was stolen

Security Patches, Mitigations, and Software Updates

Google Completes Upgrade of its SSL Certificates to 2048–Bit RSA (Threatpost) Google announced today it has completed upgrading all of its SSL certificates to 2048-bit RSA or better, up from 1024

Yahoo to Give Users Option for SSL on All Web Properties (Threatpost) Following months of criticism from security experts and privacy advocates for not deploying SSL across its Web offerings, Yahoo on Monday announced that it will be giving users the option to encrypt all of the data they exchange with the company by the end of the first quarter next year. The change is a long

Cyber Trends

It is vital that our banks score well in cyber war games (The Conversation) A war gaming exercise began in London recently to test financial institutions' effectiveness against a range of simulated attacks from cyberspace. It was called Waking Shark II, which sounds very exciting - possibly even entertaining

Time To Face Reality: Utilities Are Vulnerable To Cyber Attacks (Renew Grid) There has been significant debate among security experts as to whether the power grid can be hacked. The short answer is yes - anything directly or indirectly reachable from the Internet can be hacked, whether it be a computer, smart car or even a toilet. This, of course, includes power grid control systems. The real question is: What is the risk of an attack causing a large, long-duration power outage? This is where opinions vary wildly and where the stakes for society at large are very high

Supply Chain Cyber Security: What Are The Risks And How Can Companies Address Them? (Manufacturing.net) As the CEO of a supply chain management, e-procurement, and financial productivity solutions company, Tim Garcia draws on real-life experiences to provide four tips for incorporating web security into companies' overall risk management strategies. Lax procedures that fail to protect critical data leave businesses vulnerable to attacks that threaten customers and damage brands

Security Think Tank: Risk–based security will ease software testing challenge (ComputerWeekly) It is a truism that most organisations will not have the ability to test all the software they buy. In many cases, they will have to rely on the supplier's assurances that the software has been tested and passed those tests

Big data analytics: New patterns emerge for security (SearchSecurity) The Boston Marathon bombings offer a stark reminder of the failings of big data and security, namely intelligence agencies inabilities to connect the dots--before and after the April 15 attacks

High-performing IT organizations embrace, support BYOD, says Accenture (FierceMobileIT) High performers in IT encourage and support their employees in using their own mobile devices at work, according to Accenture's fourth high-performance IT research report

Small firms 'easy prey for cyber criminals' (BusinessDay) Millions of small businesses with fewer than 20 employees, ranging from dental surgeries, financial advisers, independent legal counsellors, information technology consulting firms, and other companies, are neglecting the security of their information technology (IT) equipment and putting their customers, and the future of their business, at risk, according to a report by international software security group Kaspersky Lab

4 In 5 Travelers Fear Mobile Use Of Unsecured Public Wi-Fi Exposes Personal Data To Cyberthreats (Dark Reading) Smartphones increase traveler Wi–Fi use by 200 percent in some unsecure public venues, yet 84 percent are not actively protecting their information

iOS Mobile Point–of–Sale Fail (Dark Reading) Trendy 'i' mobile payment systems often rolled out with major security flaws, researcher says

Marketplace

Divided Strategies of Information Security Companies for Overseas Expansion (Business Korea) Domestic security companies are competing for overseas business expansion, and their similar but different strategies in doing so are grabbing attention. Some are using the standard strategy, aiming for the globally advanced market in the US, while others are going for the niche markets in Japan, the Middle East, and Southeast Asia, where domestic businesses are more welcome

Yahoo to NSA: Get off my lawn, too (VentureBeat) Yahoo wants to keep the NSA out, just like Google. The media company announced today that it will be rolling out heavy, 2048-bit key encryption, across all of its products and covering all of Yahoo's data center communications between servers

Quel Cloud Après PRISM? (Journaleuse de l'Etrême) Au lendemain des révélations d'Edward Snowden sur le système d'écoute baptisé PRISM, et organisé par les services de renseignements américains, les entreprises françaises et européennes ont eu plusieurs types de réactions

Mobile System 7 Selected as a 2013 SINET 16 Innovator (PRWeb) Mobile System 7, Inc., a leader in enterprise mobile security, today announced that it has been selected as a SINET 16 Innovator. The Security Innovation Network (SINET) advances cyber security innovation and enables collaboration between the public and private sectors to defeat global cyber threats

FireEye, Inc. Ranked Fastest Growing Communications/Networking Company in North America on Deloitte's 2013 Technology Fast 500™ (Wall Street Journal) FireEye, Inc. (Nasdaq:FEYE), the leader in stopping today's advanced cyber attacks, today announced it ranked number one in the list of fastest growing communications/networking companies on Deloitte's Technology Fast 500™. The ranking is based on percentage fiscal year revenue growth from 2008 to 2012. FireEye's annual revenue grew 36,667 percent during this period

End Of An Era, As Nokia Shareholders Approve $7.2BN Deal For Sale Of Devices Business To Microsoft (TechCrunch) Nokia's shareholders have approved the sale of its devices & services unit to Microsoft at an EGM held today in Helsinki, the FT reports. The transaction is still expected to close in the first quarter of next year, with Nokia in a caretaker role of its own mobile making division until early 2014

Jason Aiken Appointed General Dynamics CFO, Hugh Redd to Retire (GovConWire) Jason Aiken, senior vice president and chief financial officer of General Dynamics' (NYSE: GD) Gulfstream subsidiary, has been elected by the board of directors to serve as CFO of General Dynamics starting Jan, 1. 2014

Products, Services, and Solutions

Procera Networks Selected by NTT DATA for NAVL–Based Network Visibility (MarketWatch) Procera Networks, Inc. PKT +0.87% , the global Internet Intelligence company, today announced that their Network Application Visibility Library (NAVL) has been selected by NTT DATA Corporation for development of a network traffic analytics product

CyberArk Introduces Privileged Threat Analytics To Detect In-Progress Attacks (Dark Reading) CyberArk, the company securing the heart of the enterprise, today announced the availability of Privileged Threat Analytics&trade, the industry's first analytics solution to detect malicious privileged account behavior and disrupt in-progress attacks before damage is done to a business

Blue Coat Empowers Enterprises to Bridge the Gap Between Threat Detection and Incident Containment (Digital Journal) Blue Coat Systems, Inc., the market leader in business assurance technology, today introduced the Blue Coat Content Analysis System with malware analysis to automate advanced threat protection at the Internet gateway

Salesforce forms strategic partnership with HP to launch new cloud collaboration product (TNW) On the heels of its Q3 FY2014 earnings, Salesforce announced it has formed a strategic partnership with computer equipment manufacturer HP. Through this agreement, the two companies will create what's being called the Salesforce Superpod, which will be a dedicated instance of Salesforce's "multi-tenant cloud running on HP's Converged infrastructure"

Stopping Cyber Kill Chains Dead, Including New Types (Forbes) Security is taking to the networks to identify and stop attacks, even from sources that have never been identified before

Winpmem — Mild mannered memory aquisition tool?? (Internet Storm Center) There should be little argument that with today's threats you should always acquire a memory image when dealing with any type of malware. Modern desktops can have 16 gigabytes of RAM or more filled with evidence that is usually crutial to understanding what was happening on that machine. Failure to acquire that memory will make analyzing the other forensic artifacts difficult or in some cases impossible. Chad Tilbury (@chadtilbury) recently told me about a new memory acquisition tool that I want to share with the ISC readers. It is called winpmem. It is written by Michael Cohen. It is free and it is available for download here

BeyondTrust Launches BeyondSaaS (Dark Reading) Cloud-based solution scans externally facing Web pages and IP addresses for vulnerabilities

VMware and Palo Alto Team to More Quickly Secure Virtual Resources (CIO) In connection with its NSX network virtualization software effort, VMware is teaming with Palo Alto Networks to jointly develop a virtualized network-generation firewall (NGFW) tightly integrated with VMware's platform

Technologies, Techniques, and Standards

Enterprises Should Practice For Cloud Security Breaches (Dark Reading) With cloud services collecting more data from businesses, firms should prepare for potential breaches that involve their provider. Companies are increasingly moving to cloud: Over the 18 months ending June 2013, enterprises boosted their use of cloud storage by 90 percent, resulting in 45 percent more revenue for cloud service providers, according to report released by Verizon

Doomsday Prepping Your Business (Dark Reading) I don't watch much television, but I've stumbled a few times upon a popular show called "Doomsday Preppers." If you are unfamiliar with it, it is a reality show where people explain how they think the world will fall into chaos, as well as their corresponding preparation efforts will ensure their survival

Research and Development

Hiding Information in Flash Memory (Cornell) This paper introduces a novel information hiding technique for Flash memory. The method hides data within an analog characteristic of Flash, the program time of individual bits. Because the technique uses analog behaviors, normal Flash memory operations are not affected and hidden information is invisible in the data stored in the memory

US Private Firms Boost Internal R&D Spending (Defense News) Publicly traded US defense companies, citing shareholder pressure and uncertainty about Defense Department plans, have generally kept research and development (R&D) spending low

IBM looks past Watson, taps graphics chips to speed Power servers (ITWorld) IBM achieved a computing breakthrough when the Watson supercomputer outperformed humans in game show "Jeopardy," but the company now wants to supercharge its high-end Power servers by tapping into graphics processors for the first time

Investors Do Not Fund Research And Development (Startup Professionals Musings) I still get business plans, looking for an investor, that say all too clearly that the primary "use of funds" will be to do research and development (R&D) on some promising new technology, like superconductivity or cancer cures. Entrepreneurs forget that investors are looking for commercial products to make money, rather than R&D sunk costs, so investment hopes are sunk as well

Legislation, Policy, and Regulation

China to tighten hold on Internet, citing worries about nation's stability (ITWorld) China is moving to tighten its grip over social networking services even more, citing possible threats to stability

British spies reportedly monitor hotel bookings of diplomats around the world (ITWorld) The tracking is done through a secret program called "Royal Concierge" that automatically monitors booking confirmation messages sent by 350 upscale hotels from around the world to email addresses hosted on government domains (gov.cctld), German magazine Der Spiegel reported Monday based on documents leaked by former U.S. National Security Agency contractor Edward Snowden

David Cameron on the techniques, ability and *brilliance* of GCHQ and the NSA (Graham Cluley) GCHQHave you been following the revelations about the NSA and GCHQ spying upon internet usage, intercepting communications inside Google and Yahoo, weakening encryption standards, bugging the phones of EU leaders, and infecting companies with malware

US, EU agree on increased cooperation against terrorism (Kuwait News Agency) US Attorney General Eric Holder and Acting Department of Homeland Security (DHS) Secretary Rand Beers held here Monday a meeting with European counterparts on combating terrorism and cyber security and the two sides agreed to enhance cooperation in these sectors

German Chancellor Merkel says trust with US needs to be re-established after NSA scandal (Washington Post) German Chancellor Angela Merkel said Monday the relationship between Germany and the United States as well as the future of a trans-Atlantic free trade agreement have been "put to the test" by allegations of massive spying by the U.S. National Security Agency — including tapping her own phone

Government adjusts to pace of cyber attacks (FierceHomelandSecurity) The pace at which cyber attacks transpire has posed a challenge to efforts to combat them, top Obama administration officials said during a Senate hearing Nov. 14

LYONS: Putting NSA spying in perspective (Washington Times) The current uproar over National Security Agency (NSA) activities both in this country and internationally as a result of Edward Snowden's treasonous conduct has caused undue focus on U.S. intelligence capabilities to the net detriment of our national security. Sensitive intelligence leaks by Mr. Snowden have received wide coverage by European media under the byline of the hard-left activist Glenn Greenwald. Their objective seems to be to curtail U.S. superior intelligence-collection capabilities, which has kept us safe since Sept. 11, 2001

Technology Outpacing Policymakers, Needs Of NSA (KRWG) The controversy over the National Security Agency's surveillance programs has exposed a problem in the oversight of those programs: The development of the relevant technology has outpaced the laws and policies that govern its use

Fine Print: Questions about security and privacy (Washington Post) Two interesting questions came up last week, both related to national security

Spying on our allies is senseless (Great Falls Tribune) It was recently discovered that the National Security Agency (NSA) was spying on U.S. allies such as France, Spain and Germany

DoD finalizes unclassified information protection rule for contractors (FierceGovIT) Private sector handling 'unclassified controlled technical information' must use controls from NIST SP-800-53

Defense Federal Acquisition Regulation Supplement: Safeguarding Unclassified Controlled Technical Information (DFARS Case 2011-D039) (Federal Register) DoD is issuing a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to add a new subpart and associated contract clause to address requirements for safeguarding unclassified controlled technical information

DHS gets risk management system in place (FCW) The Department of Homeland Security has transitioned to a new information assurance architecture manager that will allow it to more easily manage network risk across its multitude of operations

Jailbreaking and unlocking might be restricted in treaty pushed by Obama (Ars Technica) International ban could make it difficult to change US law for the better

Obama Rebuffs Senate's Security Clearance Overhaul (Nextgov) The White House has rejected a Senate plan to reform the security clearance process, including elements that would regularly search social media and other commercial data sources for signs of a potential rogue employee

Litigation, Investigation, and Law Enforcement

NSA vowed repeatedly to fix its collection errors (AP via NewsTimes) The National Security Agency reported its own violations of surveillance rules to a U.S. intelligence court and promised additional safety measures to prevent similar missteps over and over again, according to more than 1,000 pages of newly declassified files about the federal government's controversial program of collecting every American's phone records during the past seven years

Judge: "NSA exceeded the scope of authorized acquisition continuously" (Ars Technica) New declassifed documents show legal arguments over bulk metadata collection

Judge questions his role in NSA case (Politico) A federal judge hearing a pair of the first legal challenges to National Security Agency surveillance efforts in the wake of high-profile leaks about the programs sounded skeptical Monday about his authority to wade into the disputes -- more skeptical, in fact, than the Justice Department attorneys defending the government in the cases

FBI as cyber crime sleuth: Is it any match for computer bad guys? (Christian Science Monitor via Yahoo! News) The FBI's evolution into a cyber-crime-fighting agency, a decade in the works, has made the bureau 'one of the best in the world' at cracking computer crime. Cyber threats are poised to rival terrorism as the primary danger to US, says FBI's director

Five Arrested in $45 Million Cyber Heist (SecurityWeek) Five people were arrested Monday following a global "cyber heist" in which hackers stole $45 million by overriding the cash withdrawal limits of prepaid debit cards, US officials said

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Education Symposium (Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways...

APPSEC USA (New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security...

Oil and Gas Cyber Security 2013 (London, England, UK, November 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred...

IT Forum Expo/Black Hat Regional Summit (, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...

DefCamp 2013 (Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...

Operationalize Threat Intelligence (Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...

SINET Showcase: THE SINET 16 (Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, December 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation...

World Congress on Internet Security (London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

Cyber Defense Initiative 2013 (Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.