We thought this had already happened, but perhaps we missed a peace treaty: Anonymous "declares war" on the United States government.
Indonesian-Australian cyber-rioting brews up with multiple attacks on Australian sites even as Australia's PM seeks to mollify Indonesian resentment over surveillance.
A backdoor worm "Java.Tomdep," apparently designed to stage denial-of-service attacks, is found infecting machines running Apache Tomcat—attack servers are in Taiwan and Luxembourg.
The Internet Storm Center is following Renesys' warning of a large-scale man-in-the-middle campaign. (The fishy signal? Traffic between Ashburn, Virginia, and Washington, DC, being routed through Russia and Belarus.)
Banks are advised to beware of new financial malware, "i2Ninja," quietly being sold on the Russian blackmarket. One interesting feature: it uses the I2P darknet for command-and-control, thus avoiding the attention Mevade drew to itself by spiking Tor traffic.
Microsoft joins in recommending backup as the best defense against CryptoLocker; their warning also contains some useful insight into the dangerous ransomware.
BitSight rates security by industry: the financial sector is tops, tech scores rather low, and the energy sector has seen a significant drop-off over the past year. EY (the consultancy formerly known as Ernst & Young) says CIOs are taking cyber security more seriously (but other observers still see significant underinvestment).
Trend Micro wonders whether the days of unencrypted HTTP are drawing to an end.
China's newly revamped security apparat uses natural-language-tracking technology for domestic surveillance. Germany increases counterintelligence vigilance against its allies. Calls to sanction China for cyber espionage reappear in the US.
Today's issue includes events affecting Australia, Bahrain, China, Czech Republic, Ethiopia, India, Indonesia, Iran, Republic of Korea, Libya, Luxembourg, Morocco, Pakistan, Russia, Syria, Taiwan, United Arab Emirates, United Kingdom, United States..
Hackers target AFP, Reserve Bank sites(The Australian) The websites of the Australian Federal Police and the Reserve Bank of Australia have been the victims of an apparent cyber attack, with Indonesian hackers claiming responsibility
New backdoor worm found attacking websites running Apache Tomcat(Ars Technica) Tomdep harnesses strength of servers to wage powerful denial-of-service attacks. Researchers have identified new self-replicating malware that infects computers running the Apache Tomcat Web server with a backdoor that can be used to attack other machines
Are large scale Man in The Middle attacks underway?(Internet Storm Center) Renesys is reporting two separate incidents where they observed traffic for 1500 IP blocks being diverted for extended periods of time. They observed the traffic redirection for more than 2 months over the last year. Does it seem unusual for internet traffic between Ashburn Virginia (22.214.171.124) and Washington DC (126.96.36.199) to go through Russia to Belarus? That is exactly what they observed. Once traffic flows through your routers there are countless opportunities to capture and modify the traffic with classic MiTM attacks. In my humble opinion we should put very little stock in the safety of SSL traffic as it flows through them. Attacks such as the SSL Crime attack, Oracle Padding attacks, Beast and others have shown SSL to be untrustworthy in circumstances such as this
Banks Should Beware i2Ninja Malware: Trusteer(American Banker) A low-profile strain of malware — recently discovered on a Russian cybercrime forum — could spell big trouble for bank customers and financial services companies alike, says computer security company Trusteer
i2Ninja Financial Malware Lurking on I2P Darknet(Threatpost) The Mevade botnet made news when it was found to be using the Tor anonymity network to communicate with its command and control infrastructure. Running C&C on Tor, however, turned out to be a fatal mistake when Tor usage spiked alerting administrators to the unusual activity
Bogus "free Bitcoin generator" offer leads to malware(Help Net Security) The rising popularity of Bitcoin hasn't gone unnoticed by online scammers, and according to ThreatTrack's Chris Boyd, they have started tricking users into completing online surveys with promises
Backup the best defense against (Cri)locked files(Microsoft Malware Protection Center) Crilock - also known as CryptoLocker - is one notorious ransomware that's been making the rounds since early September. Its primary payload is to target and encrypt your files, such as your pictures and Office documents. All of the file types that can be encrypted are listed in our Trojan:Win32/Crilock.A and Trojan:Win32/Crilock.B descriptions
Who's The Boss Over Your JBoss Servers?(Dark Reading) If you haven't patched a 2011 vulnerability found in more than 21,000 servers connected online, then the answer could be the person who installed a crimeware webshell
Is a pop–up ad from optimize–app.com a new type of attack?(ComputerWorld) Yesterday, while reading an article in Pulse on my iPad, I was interrupted by a pop-up ad (below), seemingly from optimize-app.com. The pop-up was modal, blocking all use of Pulse. I turned on airplane mode (just in case), clicked the OK button and the pop-up disappeared without trying to load another web page. A few minutes later, the pop-up re-appeared
Dempsey: 'We Are Vulnerable' to Cyber Attacks(Wall Street Journal) Military and private sector cooperation on cyber security is the ideal for General Martin Dempsey, chairman of the Joint Chiefs of Staff. He spoke with WSJ's John Bussey at Wall Street Journal CEO Council in Washington, D.C
A look at security effectiveness by industry(Help Net Security) BitSight analyzed security ratings for over 70 Fortune 200 companies in four industries - energy, finance, retail and technology. The objective was to uncover quantifiable differences in security effectiveness and performance across industries from October 2012 through September 2013
Serious Trust Issues Abound in the McAfee Labs Q3 Threats Report(McAfee Executive Perspectives) For IT security executives and security-responsible business executives, McAfee Labs' Q3 Threats Report poses an interesting set of developments that call into question what industry and non-industry leaders should take note of
Moving from Do Not Track to Can Not Track(Threatpost) The movement in the security and privacy communities to push the Do Not Track standard as an answer to the problem of pervasive online tracking by ad companies and other entities has resulted in the major browser vendors including DNT as an option for users, giving them a method for telling advertisers and Web sites their preferences on tracking. But DNT may well have outlived its usefulness and needs to be replaced by something that's more effective and efficient, security experts say
These Companies Build The Technology Used To Spy On You(Forbes) Privacy International has released a collection of 1,203 documents on the private surveillance sector, detailing mass surveillance technologies capable of covertly collecting millions of emails, text messages, and phone calls on citizens around the world. The documents mention two companies known for selling Internet monitoring technology and unpublished software vulnerabilities to the U.S. National Security Agency
DoD tasks innovation experts with stretching out technology dollars(Federal News Radio) The Pentagon has fewer dollars to invest in technology, but it's trying to make the best of a bad situation, officials say. Among the military's efforts to cope with declining dollars is a greater emphasis on making use of commercial technologies and using the process of innovation to improve the acquisition process itself
Nokia's Finland HQ To Become A Microsoft Site Next Year, After Devices & Services Sale(TechCrunch) The wheel of fortune symbolism is clear: as Apple prepares to break ground on a new UFO-esque HQ, the former kingpin of mobile is quietly preparing to move out of its own headquarters — to make way for Microsoft. Nokia will be moving out of its current headquarters in Espoo, Finland, once the sale of its Devices & Services unit to Microsoft goes through in Q1 next year
Products, Services, and Solutions
Secure Dropbox data using a hardware security token(Help Net Security) Intrinsic-ID released Saturnus, an application that enables enterprises to protect digital assets stored and shared on Dropbox. With Saturnus, files are encrypted before they leave the device
FireEye Introduces New Cloud-Based Email Threat Prevention(ComputerWorld) FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, has announced the introduction of FireEye® Email Threat Prevention™, a new cloud-based email security platform. With no hardware or software to install, FireEye now offers a flexible deployment option to protect enterprise infrastructure from email-based attacks. FireEye Email Threat Prevention will be generally available in early December 2013
Electric industry responds to grid attack(FierceSmartGrid) Cyber and physical threats are constantly evolving and require quick action and flexibility that comes from constant vigilance and collaboration between government and industry. Reviewing the security response to the grid's critical components during a disruptive, coordinated attack on the grid in a simulated exercise helps the industry make the electric system more secure
Co–ops Join Industry Grid Drill(ECT.COOP) An industry-wide drill to simulate a cyber attack on North America's electric grid played out this month and dozens of electric cooperative staffers took part
Are The Days Of Unencrypted HTTP Numbered?(TrendLabs Security Intelligence Blog) Throughout all of 2013, there have been numerous revelations about how the NSA conducts mass surveillance on the Internet. These have sent the Internet Engineering community reeling. Protocols that have been in use for decades and based heavily on intrinsic trust have had that trust violated
How to build a website security programme(ComputerWeekly) The key to improving a web security programme is having a comprehensive metrics programme in place — a system capable of performing ongoing measurement of the security posture of production systems, exactly where the proverbial rubber meets the road
Employee Social Media Posts, iCloud Use, Government Leaks — Your Questions Answered(Cyveillance Blog) We've received some great feedback and questions from our recent webinar on "The Impact of Social Media on Information Security," and wanted to share responses to them with a broader audience. In this webinar, we discussed how social media websites and other user-generated content platforms can easily enable employees to leak sensitive information and data and some advice for security professionals on how they can deal with this
Internet Territories: Introducing IP Infection Maps(Umbrella Security Labs) When it comes to network security research, we usually find ourselves looking at wide IP address sets. Often, we're interested in understanding the distribution of the IP addresses we are looking at in terms of geolocation as well as IP prefixes/ranges
Detect and respond: How organizations are fighting off targeted attacks faster(ComputerWorld) It doesn't matter how high, deep, or long the IT walls are that security pros build around their networks, it seems attackers find ways to fly over, dig under, or drill through. The most recent Verizon Data Breach Investigations Report found that more than 50 percent of all breaches were caused by some form of hacking — and it took months to years for more than two thirds of successful breaches to be detected
Design and Innovation
Twitter Tests Cleaner Web Client Design With More Prominent Logo And Tweet Composer(TechCrunch) Twitter is testing a new website design, which opts for a lighter, flat design that seems at least partly inspired by its shift to similar design trends on mobile. The screens below were sent in by Boris Bošiak, founder of Czech startup Reservio, who is apparently part of a small pool of users being seeded with the new design
FSB's Olympic Spying(The Moscow Times) As the date for the Olympic Games in Sochi draws closer, Russia's siloviki are becoming more active in terms of collecting data from Russians and foreigners. Although they can at least partially justify their decision to register every Russian who comes to Sochi during the Olympics with the desire to prevent terrorist attacks, the decree that Prime Minister Dmitry Medvedev signed Nov. 8 has no relationship whatsoever to that goal
US NSA chief on India visit today(Times of India) General Keith Alexander, director of US' now infamous National Security Agency (NSA), will be on a quiet trip to India on Thursday, where he will meet national security adviser (NSA) Shivshankar Menon and other senior officials in the national security establishment. Both American and Indian officials are tight-lipped about the visit, so it is not immediately clear the trip's purpose
Reform the NSA to stop future Snowdens(ZDNet) An agency like the NSA can't operate if all its work is going to be exposed to the world. Whatever reforms we make to their practices, the NSA must tighten their internal security first
How Will Fraud Impact U.S. Bitcoin Regulation?(Storefront Backtalk) U.S. regulators this week tackled the tough issue of regulating virtual currencies such as Bitcoin. The Senate Committee on Homeland Security and Government Affairs heard from Justice Department officials, who say they need help regulating digital currencies as well as Bitcoin proponents, who say the government should stay out
AFP remain in Indonesia amid cyber–attack(Sydney Morning Herald) Australian Federal Police Commissioner Tony Negus has refused to comment on whether officers serving in Indonesia will be withdrawn amid the country's ongoing diplomatic row with Australia
Brilliant But Evil: Gaming Company Fined $1 Million For Secretly Using Players' Computers To Mine Bitcoin(Forbes) Back in April, an online gamer noticed that his computer seemed to be working harder than it should be given what he had running on it. When he checked his logs, he realized that his computer, much to his surprise, had joined a Bitcoin mining pool in the Czech Republic and was helping someone to mine the cryptocurrency. The activity was being conducted by a client he had downloaded from E-Sports Entertainment Association
Feds Charge Cybercriminals as 21st Century Racketeers(Wired) Until it closed two years ago, Carder.su was an online cybercrime forum used by some 7,900 fraudsters around the world. The site was allegedly headed by a Russian named Roman Zolotarev, and it boasted a slew of high-end vendors and
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
New Resources to Grow Cyber Security Companies in Maryland(Rockville, Maryland, USA, November 25, 2013) Learn about new resources available locally to grow your cybersecurity company, including the Maryland Cybersecurity Investment Incentive Tax Credit and the Montgomery County Supplemental Incentive Program...
Cyber Education Symposium(Arlington, Virginia, USA, November 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways...
APPSEC USA(New York, New York, USA, November 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security...
Oil and Gas Cyber Security 2013(London, England, UK, November 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred...
IT Forum Expo/Black Hat Regional Summit(, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...
DefCamp 2013(Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...
2nd Annual East Africa IT and Cyber Security Convention 2013(Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...
Operationalize Threat Intelligence(Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...
Cloud Security Alliance Congress 2013(Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...
SINET Showcase: THE SINET 16(Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...
World Congress on Internet Security(London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.