skip navigation

More signal. Less noise.

Daily briefing.

Some banking Trojan reports surface on this slow news day. Dr. Web warns that "BackDoor.Caphaw" variants are being distributed via Skype. Trend Micro tracks "Ice IV" to servers in Nigeria. HSBC customers are targeted by spam that joins their devices to a botnet.

CSIS (the Danish security firm, not the Washington think tank) reports on a recently discovered exploit kit, "Atrax," that offers both Tor connectivity and Bitcoin extraction.

Cylance finds (and names) a successful, relatively stealthy cyber-espionage platform: "Grand Theft Auto Panda." So far it's targeting mostly Asian automotive companies, but was released against its principal targets only after testing against activist groups. This staging, and its exploitation of CVE-2012-0158, suggests a nation-state operation (probably, to be frank, Chinese).

White hats warn of public Wi-Fi hazards and security issues.

Cyber historians will read with interest eSecurity Planet's account of "Rain Forrest Puppy's" discovery of the first SQL injection attack.

Buffer, learning from its experience in the MongoHQ hack, adds two-step login to its social media scheduling service.

The US and Chinese governments remain at loggerheads over cyber-espionage, but their respective stalking horses, Cisco and Huawei, seem to be working toward a modus vivendi.

Two-person control, familiar from Cold War nuclear systems, gains traction as a cyber security method. Chinese activists circumvent the Great Firewall with cloud mirrors.

Brazil and Argentina push regional Internet security plans. While not strictly autarchic, the proposed measures will almost surely depress commerce.

Apparently several countries other than the US pwned Chancellor Merkel's phone.


Today's issue includes events affecting Argentina, Australia, Bolivia, Brazil, Chile, China, Ecuador, Estonia, Germany, Indonesia, Democratic Peoples Republic of Korea, Nigeria, Russia, South Africa, United Kingdom, United States, Uruguay, and Venezuela..

Cyber Attacks, Threats, and Vulnerabilities

Doctor Web : Mass distribution of banking Trojan via Skype (Global Security Mag) Russian anti-virus company Doctor Web is warning users about the wide distribution via Skype of a banking Trojan from the family BackDoor.Caphaw. The first half of November 2013 saw the peak of its dissemination. BackDoor.Caphaw can steal account information stored by remote banking software as well as other confidential information stored on a compromised machine

Ice 419: Cybercrime in Nigeria (TrendLabs Security Intelligence Blog) Several months ago, we found that several Ice IX servers were hosted in the (South Africa) top-level domain. Our research revealed that these servers were all tied to a group of individuals located in Nigeria

More Bad Port 0 Traffic (Internet Storm Center) Thanks to an alert reader for sending us a few odd packets with "port 0" traffic. In this case, we got full packet captures, and the packets just don't make sense. The TTL of the packet changes with source IP address, making spoofing less likely. The TCP headers overall don't make much sense. There are packets with a TCP header length of 0, or packets with odd flag combinations. This could be an attempt to fingerprint, but even compared to nmap, this is very noisy

Cybercriminals impersonate HSBC through fake 'payment e–Advice' themed emails, expose users to malware (Webroot Threat Blog) HSBC customers, watch what you execute on your PCs. A circulating malicious spam campaign attempts to socially engineer you into thinking that you've received a legitimate 'payment e-Advice'. In reality, once you execute the attachment, your PC automatically joins the botnet operated by the cybercriminal(s) behind the campaign

New Exploit Kit Atrax Boasts Tor Connectivity, Bitcoin Extraction (Threatpost) Atrax, is an inexpensive crimeware kit that comes with a slew of capabilities including browser data extraction, Bitcoin mining and the capability to launch DDoS attacks

Extensible Attack Platform has Familiar Feel (Threatpost) Researchers have discovered a mature attack platform that's enjoyed great success eluding detection and made good use of an exploit present in a number of espionage campaigns. The attacks have concentrated largely on the automotive industry, hitting large companies primarily in Asia and only after being tested against activist targets in the region. Nicknamed Grand Theft Auto Panda by researcher Jon Gross of Cylance

White hat Wi–Fi hacking shows vulnerability of business data (ComputerWeekly) White hat hackers have shown that usernames, passwords, contact lists, details of e-commerce accounts and banking details can be sniffed easily from public Wi-Fi hotspots

Credit Card Machines Shut Down At Some Local Stores Following Cyber Attack Aimed At Stealing Vital Information (KHQ Spokane) Hundreds of debit and credit cards have been compromised in the last few weeks and today some local URM stores shut down their credit and debit machines, to help keep your money safe

Crown Castle Acknowledges Data Breach (eSecurity Planet) Crown Castle recently began notifying an undisclosed number of its U.S. employees that their payroll information may have been accessed by hackers

No security ever built into Obamacare site: Hacker (CNBC) It could take a year to secure the risk of "high exposures" of personal information on the federal Obamacare online exchange, a cybersecurity expert told CNBC on Monday

How Was SQL Injection Discovered? (eSecurity Planet) The researcher once known as Rain Forrest Puppy explains how he discovered the first SQL injection more than 15 years ago

Security Patches, Mitigations, and Software Updates

After Last Month's Security Breach, Social Media Scheduling Service Buffer Adds 2–Step Login (TechCrunch) Buffer, the social media scheduling service, experienced a potentially brand-damaging security breach last month that saw a slew of weight-loss spam posted to Twitter and Facebook on behalf of its users. And although it turned out to be the company's database provider, MongoHQ, that was the origin of the compromise, Buffer, by its own admission, was squarely to blame as it hadn't encrypted access tokens for the social media services it supports. Today the startup is announcing a host of new security measures, including encrypting user email addresses and access tokens, and 2-step login, in a bid to restore confidence in its wares

Cyber Trends

Malware: War without end (ComputerWorld) We may be facing a stalemate. Or, we may be evolving a new cyber biosphere

The rise of unsolicited and malicious emails (Help Net Security) October saw spammers exploiting the themes of upcoming holidays, the names of well-known telecommunication service providers and the conflict in Syria, according to Kaspersky Lab's latest spam report. A rise of 6.6 percentage points in unsolicited and malicious emails took spam's share of global email traffic to 72.5 per cent for the month

Study: Companies are not as secure as they think (CSO) 80 percent of respondents satisfied with current level of security despite only 13 percent having recently updated security approach

Lessons Learned From 4 Major Data Breaches In 2013 (Dark Reading) Breach stats are declining, but data is still at risk from poorly protected databases, applications, and endpoints


Why Brazil's privacy push could cost firms dear (Computing) The leaks by former National Security Agency (NSA) contractor Edward Snowden have led to widespread condemnation in the world's media of state-sponsored snooping, and have also highlighted business concerns over where their data is stored - an issue usually referred to as data sovereignty

Inside Huawei and Cisco's ceasefire (IT News) Let's not mention the whole government backdoor thing, agreed? CiCisco and Huawei, two of the world's largest communications equipment makers, have been slugging it out for a decade now — in court, in emerging markets, in the lobbies of government and even on blogs

Jacobs to Continue Air Force Info Security, Engineering Services (GovConWire) A Jacobs Engineering Group (NYSE: JEC) subsidiary has been awarded a $12,800,149 contract modification to continue providing engineering and information security services to the U.S. Air Force

Leidos to Assess Cloud Providers Under FedRAMP (GovConWire) Leidos (NYSE: LDOS) has been certified by the General Services Administration and National Institute of Standards and Technology to perform third-party assessments of cloud computing services and products made by companies seeking to provide their tools to agencies

Are you an entrepreneur in need of a jump start? (InvestMaryland) The InvestMaryland Challenge is a national seed and early-stage business competition hosted by the Maryland Department of Business and Economic Development in partnership with Inc. Magazine. The Challenge will award $400,000 in grants and a host of business services to companies in the life sciences and high tech industries. Grants are provided by the Department's Maryland Venture Fund and the BioMaryland Center

Mike Brown on RSA's Increased Global Focus, Cyber Trends, Public–Private Sector Collaboration (ExecutiveBiz) Mike Brown elevated over the summer to a new role of vice president and general manager of the global public sector at RSA, the security division of EMC Corp., after serving as VP and GM of RSA's U.S. federal operations

Trend Micro Partners with United Nations' International Telecommunication Union to Provide Ongoing Cybersecurity Support (Wall Street Journal) Trend Micro (TYO: 4704; TSE: 4704), a global pioneer in security software and solutions, today announced its partnership with the International Telecommunication Union (ITU), the United Nations' specialized agency for information and communication technologies, in support of its Global Cybersecurity Agenda. This relationship will better equip ITU's 193 Member States, as well as more than 700 private-sector entities and academic institutions, with the latest information to fight cyber threats globally. The collaboration was commemorated at ITU Telecom World 2013 in Bangkok, Nov. 19-22

Premier Alliance to Offer Cutting-Edge Cyber–Security Services Through Acquisition of Root9B (MarketWired via Yahoo! Finance) Premier Alliance Group, Inc., (OTCQB: PIMO), a leading provider of business performance, compliance and energy management solutions, acquired root9B LLC, a cyber-security company that supports Federal Government and commercial companies globally. Premier Alliance purchased the company in a cash and stock transaction

Charlton Walker Named Northrop Info Systems Sector Counsel (GovConWire) Charlton Walker, an 11-year Northrop Grumman (NYSE: NOC) veteran, has been appointed vice president, associate general counsel and sector counsel for the company's information systems division

Products, Services, and Solutions

Thales, Microsoft serve secure crypto in the cloud (ZDNet) Microsoft and Thales e-Security have deployed an architecture for encrypted cloud storage where you, the customer, control the keys and the provider has none

Red October crypto app adopts "two–man rule" used to launch nukes (Ars Technica) Engineers at content delivery network CloudFlare have released open-source encryption software that is designed to prevent data theft by decrypting sensitive information only when two or more authorized people provide keys. It's an organizational solution that could counter any future rogue employees

YouTube comment spam on the rise. Google tries to fight back (Graham Cluley) YouTube has never been home to high quality debate and quality conversations in its comments section. But Google's latest changes to the system seem to have brought a new wave of spam and malicious links

LG fumbles response to Smart TV spying revelation, withdraws Smart Ad video (Graham Cluley) Here's the video that LG doesn't want you to see. See for yourself what the firm may have been planning to do with its Smart Ad technology, which can snoop on your TV watching behaviour

DISA to Roll Out Unclassified and Classified Mobile Capabilities, App Store (SIGNAL) DISA expects to have its Defense Department Mobile Unclassified Capability (DMUC) ready for initial operational capability in the first quarter of fiscal year 2014 along with an app store available soon

Technologies, Techniques, and Standards

Great Firewall of China bypassed by cloud mirrors (Naked Security) Activists have uploaded mirrored copies of blocked sites to cloud hosting services, challenging China to block major brands like Amazon and Google cloud hosting, or allow freer access to banned material. How long can the Great Firewall last

AWS fends off 'bouncy' cloud computing performance perception (SearchCloudSecurity) Some Amazon Web Services customers blame 'noisy neighbors' for fluctuating cloud performance, but AWS officials say that's not what's happening

Six Things You Can Learn from the Affordable Care Act (ACA) Website Snafus: Part I (Cyveillance Blog) Since the introduction of the US government's new Affordable Healthcare Act (ACA) website,, most of the press coverage has been focused on the difficulties people have had signing up for new "Obamacare" health insurance exchanges and the technical glitches that have plagued the site. Some security experts have even called for to be shut down until the problems are fixed

Cyber Monday security tips for businesses (Help Net Security) Security experts at Neohapsis have put together the following tips to help keep businesses safe

Hacked for the Holidays: How Shopping Online Leads to Cybercrime (Private Wi-Fi) More Americans than ever are planning to buy their Christmas presents online this year, according to an annual survey by Deloitte Consulting of New York. Consumers will spend $61.8 billion on e-commerce in November and December, up 15% from the same time last year, says eMarketer

Top 5 Cyber Monday Safety Tips: What to Know Before Shopping Online This Holiday Season ( via CBS8) The internet makes holiday shopping so easy-no fighting for parking spaces at jam-packed malls, no waiting in endless lines to get to the register

Do two–factor authentication vulnerabilities outweigh the benefits? (SearchSecurity) My organization advocates that users should use their mobile phones for two-factor authentication when logging into email and the like, but I'm concerned about whether the end device represents a problem in this equation. For example, should users avoid using Android devices for the purposes of two-factor authentication because of the malware problem on the Android platform? Or does that not come into the equation for two-factor authentication

Two–factor authentication options, use cases and best practices (SearchSecurity) It's becoming increasingly obvious that security programs that are reliant on single-factor password-based authentication systems are doomed to fail. As Verizon noted in its 2013 Data Breach Investigations Report, the use of something other than a single-factor username-password credential would have likely thwarted 80% of the hacking attacks reported last year. Yet many enterprises still don't use multifactor authentication

Gartner on security impact of evolving corporate identity standards (SearchSecurity) In this SearchSecurity podcast recorded at the 2013 Gartner Security and Risk Management Summit, Gregg Kreizman, research vice president at Stamford, Conn.-based Gartner Inc., explains how evolving corporate identity standards are affecting the IT security landscape

ThreatVlog Episode 10: Mobile security tips (Webroot Threat Blog) In this edition of the Webroot ThreatVlog, Grayson Milbourne talks about ways to keep your mobile device secure from the physical aspect. As our lives become more and more mobile focused, with an increasing amount of private information being stored on tablets and phones, it is always smart to remain vigilant to possible security breaches direct into the phone

Threat intelligence starts with the human element (SC Magazine) It can be easy to forget that there are people behind just about everything that happens on the internet. However complicated a technology may be, it was engineered by people and is used by people too, and people are predictable. The British code breakers at Bletchley Park knew this when they set about decrypting messages from the German Enigma machines during World War II. Insight into human behavior was critical to the codebreakers' success, and it can be an important tool in building modern, predictive cyber intelligence programs as well

Maslow and Malware: Developing a Hierarchy of Needs for Cybersecurity (Microsoft Security Blog) The pervasive use of computing and the Internet means that cybersecurity is now a major concern for organizations around the world. In response, decision makers are developing plans that seek to ensure key assets, systems and networks remain protected in this new environment, while preserving the benefits that come with broad connectivity. However, these approaches vary considerably, according to the different needs and stages of development of individual countries

Design and Innovation

Innovations that will shape network security (Help Net Security) Headline after headline, some company reports a cyber incident and hangs its head in shame. While it is disappointing, strong businesses have strong leaders that show us how to operate a company in times of crisis. Responding to an information security incident is not just an IT thing anymore, it is a business thing. 2014 is the year businesses will finally realize that leveraging the Internet for business growth also means that responding to incidents is par for the course

Research and Development

My quantum algorithm won't break the internet…yet (New Scientist) MIT's Peter Shor explains why he devised an algorithm for a quantum computer that could unravel our online data encryption

Legislation, Policy, and Regulation

Brazil, Argentina push for joint cyber shield for South America (The Hindu) Alarmed by large-scale spying on their state-owned oil and mining firms and monitoring of personal communication of their top leaders and bureaucrats by the U.S. National Security Agency (NSA), South America's two biggest countries are urging all other countries in the region to form a joint cyber shield to deflect such surveillance. The move, led by Brazil and Argentina, is the first such effort by a group of countries since NSA revelations about mass surveillance began to come out in June

Indonesian president offers Australia spying truce (The Guardian) Susilo Bambang Yudhoyono says his country will restore normal diplomatic relations if Tony Abbott signs up to ethics code

German Minister Urges US to Restore Trust (AP via ABC News) Members of the U.S. Congress met German officials and lawmakers in Berlin Monday in an effort to relieve tensions over allegations of massive National Security Agency surveillance

NSA Wasn't Only Spy Agency to Target Merkel's Phone (UPI via Hispanic Business) German Chancellor Angela Merkel's cellphone was tapped by at least five foreign intelligence agencies, not just by the United States, a German magazine said

N.S.A. May Have Hit Internet Companies at a Weak Spot (AP via the New York Times) The recent revelation that the National Security Agency was able to eavesdrop on the communications of Google and Yahoo users without breaking into either companies' data centers sounded like something pulled from a Robert Ludlum spy thriller

Guide: How NSA Is Under a Microscope (Wall Street Journal) The National Security Agency's surveillance activities are the subject of four separate reviews, in addition to continuing congressional oversight hearings. Here are brief descriptions, below

PCAST calls for auditable cybersecurity processes in federally regulated industries (FierceGovIT) A report by presidentially appointed science advisors says the federal government should require regulated industries to implement an auditable cybersecurity process and that the Securities and Exchange Commission should require publicly traded companies to disclose details of their cybersecurity program

Estonia to host NATO cyber defence exercise (Estonian Defence Forces) Starting Tuesday, November 26 Estonia will host a major NATO cyber defence exrcise called Cyber Coalition 2013 to test Alliance capabilties for responding large scale cyber attacks targeting information infra-structures of NATO and partner nations

Litigation, Investigation, and Law Enforcement

Spies worry over "doomsday" cache stashed by ex–NSA contractor Snowden (Reuters) British and U.S. intelligence officials say they are worried about a "doomsday" cache of highly classified, heavily encrypted material they believe former National Security Agency contractor Edward Snowden has stored on a data cloud

$1 Million Heist Reminds Us That Bitcoin is Neither Safe nor Secure (Gizmodo) Let's play a little game called Good Idea/Bad Idea. Round One: Saving money. That's a good idea! Round two: Saving thousands of dollars in a Bitcoin wallet that's highly susceptible to hackers and heists. As the customers of Bitcoin payment processor BIPS will tell you, that's a bad idea

Lavabit founder submits final arguments in potentially game–changing privacy case (Help Net Security) The saga surrounding secure email provider Lavabit and its legal fight against the US government continues with a reply brief filed last Friday by the former, arguing that both the government's pen-trap order and Stored Communications Act warrant are invalid

Jury: Newegg infringes Spangenberg patent, must pay $2.3 million (Ars Technica) Determined lawyers—and the father of modern crypto—couldn't stop TQP patent

Ding Ding Ding! Video Poker 'Hackers' Cleared of Federal Charges (Wired) Two gamblers who took advantage of a software bug to win a small fortune from casino video poker machines will enjoy Thanksgiving this year without the threat of federal prison hovering over them like a carving knife

Bridgestone Sues IBM for Fraud in $600 Million Lawsuit over Failed IT Implementation (IEEE Spectrum) This is already turning into one nasty, public fight

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

cybergamut Tech Tuesday: Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques (Columbia, Maryland, USA, December 10, 2013) Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction...

cybergamut Tech Tuesday: Malware Reverse Engineering - An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (Columbia, Maryland, USA, January 21, 2014) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer...

New Resources to Grow Cyber Security Companies in Maryland (Rockville, Maryland, USA, November 25, 2013) Learn about new resources available locally to grow your cybersecurity company, including the Maryland Cybersecurity Investment Incentive Tax Credit and the Montgomery County Supplemental Incentive Program...

Oil and Gas Cyber Security 2013 (London, England, UK, November 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred...

IT Forum Expo/Black Hat Regional Summit (, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...

DefCamp 2013 (Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...

Operationalize Threat Intelligence (Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...

SINET Showcase: THE SINET 16 (Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, December 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation...

World Congress on Internet Security (London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

Cyber Defense Initiative 2013 (Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.