Hacktivists go after national governments in Brazil (over plans for a dam) and the US (for various reasons). Anonymous has for some months been making successful low-grade nuisance attacks on US government sites, and a vaguely worded FBI report to this effect fuels much speculation about the techniques Anonymous is using to get in.
Radio Free Europe and Radio Liberty have sustained intermittent denial-of-service attacks since last week. Attribution and motive remain unclear, but many of the bots used in the attacks are located in Russia and China. (This means little for attribution, but does indicate where the criminal botnet market is moving.)
VBulletin denies hacker claims of a zero-day enabling them to execute shell commands on a server, but someone's selling an exploit claiming to do just that.
The Chinese gang APT12, blamed for last year's New York Times hack, may be back. Symantec researchers detect the gang's spoor in exploitation of Japanese Ichitaro word-processing software.
Bitdefender reports that fake AV "Antivirus Security Pro" is using stolen certificates to evade detection.
Vulnerabilities in JBoss Java EE application servers are being exploited in the wild to expose the HTTP Invoker service.
CryptoLocker ransomware continues its malign spread. One small Massachusetts police department actually pays up to get its files decrypted.
Chinese security authorities tighten their grip on that country's Internet and social media to shore up "national stability." Britain's GCHQ allegedly tracks diplomats' hotel reservations through its "Royal Concierge" program. UK PM Cameron defends (and praises) both GCHQ and NSA.
Today's issue includes events affecting Brazil, China, France, Germany, Estonia, Japan, Republic of Korea, Netherlands, Oman, Romania, Russia, South Africa, Spain, Ukraine, United Arab Emirates, United States..
vBulletin.com Compromise — Possible 0–day(Internet Storm Center) Earlier today, vBulletin.com was compromised. The group conducting the attack claims to have a 0-day available that enabled the attacker to execute shell commands on the server. The attacker posted screen shots as proof and offered the exploit for sale for $7,000
New York Times hackers linked to Japan Ichitaro attacks(The Register) Backdoors targeting government victims. Security experts have uncovered attacks exploiting a zero day vulnerability in Japan's most popular word processing software, bearing all the hallmarks of a Chinese group blamed for last year's New York Times hack
Fake AV Uses Stolen Digital Certificate to Evade Detection(Hot for Security) Malware creators, who first started pumping out fake antivirus solutions in 2008, are now taking them to the next level by tinkering with user trust. Bitdefender just stumbled on a number of samples for a product called Antivirus Security Pro, a sub-species of fake antivirus that comes with a digitally-signed installer to circumvent some security mechanisms of the operating system and antivirus solution
More than 12k CryptoLocker victims in less than a week(SC Magazine) The researchers with security technology company Bitdefender Labs revealed that more than 12,000 victims have been claimed in less than a full week by a nasty piece of malware known as CryptoLocker, which has been locking up computers with ransomware over the past couple of months
US local police department pays CryptoLocker ransom(Naked Security) A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports
Cybercriminals spamvertise tens of thousands of fake 'Sent from my iPhone' themed emails, expose users to malware(Webroot Threat Blog) Cybercriminals are currently mass mailing tens of thousands of malicious emails, supposedly including a photo attachment that's been "Sent from an iPhone". The social engineering driven spam campaign is, however, the latest attempt by a cybercriminal/group of cybercriminals that we've been monitor for a while, to attempt to trick gullible users into unknowingly joining the botnet operated by the malicious actor(s) behind the campaign
Travelers are exposing their data on public networks(Help Net Security) While aware of the risks, U.S. travelers are not taking the necessary steps to protect themselves on public Wi-Fi and are exposing their data and personal information to cyber criminals and hackers
Battlefield 4 Servers Suffer Cyber Attack(Click) PC servers for DICE's Battlefield 4 came under a denial-of-service attack over the weekend, leaving players with either limited or entirely unresponsive connections for the entire weekend
Yahoo to Give Users Option for SSL on All Web Properties(Threatpost) Following months of criticism from security experts and privacy advocates for not deploying SSL across its Web offerings, Yahoo on Monday announced that it will be giving users the option to encrypt all of the data they exchange with the company by the end of the first quarter next year. The change is a long
It is vital that our banks score well in cyber war games(The Conversation) A war gaming exercise began in London recently to test financial institutions' effectiveness against a range of simulated attacks from cyberspace. It was called Waking Shark II, which sounds very exciting - possibly even entertaining
Time To Face Reality: Utilities Are Vulnerable To Cyber Attacks(Renew Grid) There has been significant debate among security experts as to whether the power grid can be hacked. The short answer is yes - anything directly or indirectly reachable from the Internet can be hacked, whether it be a computer, smart car or even a toilet. This, of course, includes power grid control systems. The real question is: What is the risk of an attack causing a large, long-duration power outage? This is where opinions vary wildly and where the stakes for society at large are very high
Supply Chain Cyber Security: What Are The Risks And How Can Companies Address Them?(Manufacturing.net) As the CEO of a supply chain management, e-procurement, and financial productivity solutions company, Tim Garcia draws on real-life experiences to provide four tips for incorporating web security into companies' overall risk management strategies. Lax procedures that fail to protect critical data leave businesses vulnerable to attacks that threaten customers and damage brands
Big data analytics: New patterns emerge for security(SearchSecurity) The Boston Marathon bombings offer a stark reminder of the failings of big data and security, namely intelligence agencies inabilities to connect the dots--before and after the April 15 attacks
Small firms 'easy prey for cyber criminals'(BusinessDay) Millions of small businesses with fewer than 20 employees, ranging from dental surgeries, financial advisers, independent legal counsellors, information technology consulting firms, and other companies, are neglecting the security of their information technology (IT) equipment and putting their customers, and the future of their business, at risk, according to a report by international software security group Kaspersky Lab
Divided Strategies of Information Security Companies for Overseas Expansion(Business Korea) Domestic security companies are competing for overseas business expansion, and their similar but different strategies in doing so are grabbing attention. Some are using the standard strategy, aiming for the globally advanced market in the US, while others are going for the niche markets in Japan, the Middle East, and Southeast Asia, where domestic businesses are more welcome
Yahoo to NSA: Get off my lawn, too(VentureBeat) Yahoo wants to keep the NSA out, just like Google. The media company announced today that it will be rolling out heavy, 2048-bit key encryption, across all of its products and covering all of Yahoo's data center communications between servers
Quel Cloud Après PRISM?(Journaleuse de l'Etrême) Au lendemain des révélations d'Edward Snowden sur le système d'écoute baptisé PRISM, et organisé par les services de renseignements américains, les entreprises françaises et européennes ont eu plusieurs types de réactions
Mobile System 7 Selected as a 2013 SINET 16 Innovator(PRWeb) Mobile System 7, Inc., a leader in enterprise mobile security, today announced that it has been selected as a SINET 16 Innovator. The Security Innovation Network (SINET) advances cyber security innovation and enables collaboration between the public and private sectors to defeat global cyber threats
Salesforce forms strategic partnership with HP to launch new cloud collaboration product(TNW) On the heels of its Q3 FY2014 earnings, Salesforce announced it has formed a strategic partnership with computer equipment manufacturer HP. Through this agreement, the two companies will create what's being called the Salesforce Superpod, which will be a dedicated instance of Salesforce's "multi-tenant cloud running on HP's Converged infrastructure"
Winpmem — Mild mannered memory aquisition tool??(Internet Storm Center) There should be little argument that with today's threats you should always acquire a memory image when dealing with any type of malware. Modern desktops can have 16 gigabytes of RAM or more filled with evidence that is usually crutial to understanding what was happening on that machine. Failure to acquire that memory will make analyzing the other forensic artifacts difficult or in some cases impossible. Chad Tilbury (@chadtilbury) recently told me about a new memory acquisition tool that I want to share with the ISC readers. It is called winpmem. It is written by Michael Cohen. It is free and it is available for download here
Enterprises Should Practice For Cloud Security Breaches(Dark Reading) With cloud services collecting more data from businesses, firms should prepare for potential breaches that involve their provider. Companies are increasingly moving to cloud: Over the 18 months ending June 2013, enterprises boosted their use of cloud storage by 90 percent, resulting in 45 percent more revenue for cloud service providers, according to report released by Verizon
Doomsday Prepping Your Business(Dark Reading) I don't watch much television, but I've stumbled a few times upon a popular show called "Doomsday Preppers." If you are unfamiliar with it, it is a reality show where people explain how they think the world will fall into chaos, as well as their corresponding preparation efforts will ensure their survival
Research and Development
Hiding Information in Flash Memory(Cornell) This paper introduces a novel information hiding technique for Flash memory. The method hides data within an analog characteristic of Flash, the program time of individual bits. Because the technique uses analog behaviors, normal Flash memory operations are not affected and hidden information is invisible in the data stored in the memory
US Private Firms Boost Internal R&D Spending(Defense News) Publicly traded US defense companies, citing shareholder pressure and uncertainty about Defense Department plans, have generally kept research and development (R&D) spending low
Investors Do Not Fund Research And Development(Startup Professionals Musings) I still get business plans, looking for an investor, that say all too clearly that the primary "use of funds" will be to do research and development (R&D) on some promising new technology, like superconductivity or cancer cures. Entrepreneurs forget that investors are looking for commercial products to make money, rather than R&D sunk costs, so investment hopes are sunk as well
British spies reportedly monitor hotel bookings of diplomats around the world(ITWorld) The tracking is done through a secret program called "Royal Concierge" that automatically monitors booking confirmation messages sent by 350 upscale hotels from around the world to email addresses hosted on government domains (gov.cctld), German magazine Der Spiegel reported Monday based on documents leaked by former U.S. National Security Agency contractor Edward Snowden
US, EU agree on increased cooperation against terrorism(Kuwait News Agency) US Attorney General Eric Holder and Acting Department of Homeland Security (DHS) Secretary Rand Beers held here Monday a meeting with European counterparts on combating terrorism and cyber security and the two sides agreed to enhance cooperation in these sectors
Government adjusts to pace of cyber attacks(FierceHomelandSecurity) The pace at which cyber attacks transpire has posed a challenge to efforts to combat them, top Obama administration officials said during a Senate hearing Nov. 14
LYONS: Putting NSA spying in perspective(Washington Times) The current uproar over National Security Agency (NSA) activities both in this country and internationally as a result of Edward Snowden's treasonous conduct has caused undue focus on U.S. intelligence capabilities to the net detriment of our national security. Sensitive intelligence leaks by Mr. Snowden have received wide coverage by European media under the byline of the hard-left activist Glenn Greenwald. Their objective seems to be to curtail U.S. superior intelligence-collection capabilities, which has kept us safe since Sept. 11, 2001
Technology Outpacing Policymakers, Needs Of NSA(KRWG) The controversy over the National Security Agency's surveillance programs has exposed a problem in the oversight of those programs: The development of the relevant technology has outpaced the laws and policies that govern its use
DHS gets risk management system in place(FCW) The Department of Homeland Security has transitioned to a new information assurance architecture manager that will allow it to more easily manage network risk across its multitude of operations
Obama Rebuffs Senate's Security Clearance Overhaul(Nextgov) The White House has rejected a Senate plan to reform the security clearance process, including elements that would regularly search social media and other commercial data sources for signs of a potential rogue employee
Litigation, Investigation, and Law Enforcement
NSA vowed repeatedly to fix its collection errors(AP via NewsTimes) The National Security Agency reported its own violations of surveillance rules to a U.S. intelligence court and promised additional safety measures to prevent similar missteps over and over again, according to more than 1,000 pages of newly declassified files about the federal government's controversial program of collecting every American's phone records during the past seven years
Judge questions his role in NSA case(Politico) A federal judge hearing a pair of the first legal challenges to National Security Agency surveillance efforts in the wake of high-profile leaks about the programs sounded skeptical Monday about his authority to wade into the disputes -- more skeptical, in fact, than the Justice Department attorneys defending the government in the cases
FBI as cyber crime sleuth: Is it any match for computer bad guys?(Christian Science Monitor via Yahoo! News) The FBI's evolution into a cyber-crime-fighting agency, a decade in the works, has made the bureau 'one of the best in the world' at cracking computer crime. Cyber threats are poised to rival terrorism as the primary danger to US, says FBI's director
Five Arrested in $45 Million Cyber Heist(SecurityWeek) Five people were arrested Monday following a global "cyber heist" in which hackers stole $45 million by overriding the cash withdrawal limits of prepaid debit cards, US officials said
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Education Symposium(Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways...
APPSEC USA(New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security...
Oil and Gas Cyber Security 2013(London, England, UK, November 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred...
IT Forum Expo/Black Hat Regional Summit(, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...
DefCamp 2013(Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...
2nd Annual East Africa IT and Cyber Security Convention 2013(Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...
Operationalize Threat Intelligence(Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...
Cloud Security Alliance Congress 2013(Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...
SINET Showcase: THE SINET 16(Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...
World Congress on Internet Security(London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.