Some banking Trojan reports surface on this slow news day. Dr. Web warns that "BackDoor.Caphaw" variants are being distributed via Skype. Trend Micro tracks "Ice IV" to servers in Nigeria. HSBC customers are targeted by spam that joins their devices to a botnet.
CSIS (the Danish security firm, not the Washington think tank) reports on a recently discovered exploit kit, "Atrax," that offers both Tor connectivity and Bitcoin extraction.
Cylance finds (and names) a successful, relatively stealthy cyber-espionage platform: "Grand Theft Auto Panda." So far it's targeting mostly Asian automotive companies, but was released against its principal targets only after testing against activist groups. This staging, and its exploitation of CVE-2012-0158, suggests a nation-state operation (probably, to be frank, Chinese).
White hats warn of public Wi-Fi hazards and Healthcare.gov security issues.
Cyber historians will read with interest eSecurity Planet's account of "Rain Forrest Puppy's" discovery of the first SQL injection attack.
Buffer, learning from its experience in the MongoHQ hack, adds two-step login to its social media scheduling service.
The US and Chinese governments remain at loggerheads over cyber-espionage, but their respective stalking horses, Cisco and Huawei, seem to be working toward a modus vivendi.
Two-person control, familiar from Cold War nuclear systems, gains traction as a cyber security method. Chinese activists circumvent the Great Firewall with cloud mirrors.
Brazil and Argentina push regional Internet security plans. While not strictly autarchic, the proposed measures will almost surely depress commerce.
Apparently several countries other than the US pwned Chancellor Merkel's phone.
Today's issue includes events affecting Argentina, Australia, Bolivia, Brazil, Chile, China, Ecuador, Estonia, Germany, Indonesia, Democratic Peoples Republic of Korea, Nigeria, Russia, South Africa, United Kingdom, United States, Uruguay, and Venezuela..
Cyber Attacks, Threats, and Vulnerabilities
Doctor Web : Mass distribution of banking Trojan via Skype(Global Security Mag) Russian anti-virus company Doctor Web is warning users about the wide distribution via Skype of a banking Trojan from the family BackDoor.Caphaw. The first half of November 2013 saw the peak of its dissemination. BackDoor.Caphaw can steal account information stored by remote banking software as well as other confidential information stored on a compromised machine
Ice 419: Cybercrime in Nigeria(TrendLabs Security Intelligence Blog) Several months ago, we found that several Ice IX servers were hosted in the .co.za (South Africa) top-level domain. Our research revealed that these servers were all tied to a group of individuals located in Nigeria
More Bad Port 0 Traffic(Internet Storm Center) Thanks to an alert reader for sending us a few odd packets with "port 0" traffic. In this case, we got full packet captures, and the packets just don't make sense. The TTL of the packet changes with source IP address, making spoofing less likely. The TCP headers overall don't make much sense. There are packets with a TCP header length of 0, or packets with odd flag combinations. This could be an attempt to fingerprint, but even compared to nmap, this is very noisy
Extensible Attack Platform has Familiar Feel(Threatpost) Researchers have discovered a mature attack platform that's enjoyed great success eluding detection and made good use of an exploit present in a number of espionage campaigns. The attacks have concentrated largely on the automotive industry, hitting large companies primarily in Asia and only after being tested against activist targets in the region. Nicknamed Grand Theft Auto Panda by researcher Jon Gross of Cylance
Crown Castle Acknowledges Data Breach(eSecurity Planet) Crown Castle recently began notifying an undisclosed number of its U.S. employees that their payroll information may have been accessed by hackers
How Was SQL Injection Discovered?(eSecurity Planet) The researcher once known as Rain Forrest Puppy explains how he discovered the first SQL injection more than 15 years ago
Security Patches, Mitigations, and Software Updates
After Last Month's Security Breach, Social Media Scheduling Service Buffer Adds 2–Step Login(TechCrunch) Buffer, the social media scheduling service, experienced a potentially brand-damaging security breach last month that saw a slew of weight-loss spam posted to Twitter and Facebook on behalf of its users. And although it turned out to be the company's database provider, MongoHQ, that was the origin of the compromise, Buffer, by its own admission, was squarely to blame as it hadn't encrypted access tokens for the social media services it supports. Today the startup is announcing a host of new security measures, including encrypting user email addresses and access tokens, and 2-step login, in a bid to restore confidence in its wares
The rise of unsolicited and malicious emails(Help Net Security) October saw spammers exploiting the themes of upcoming holidays, the names of well-known telecommunication service providers and the conflict in Syria, according to Kaspersky Lab's latest spam report. A rise of 6.6 percentage points in unsolicited and malicious emails took spam's share of global email traffic to 72.5 per cent for the month
Why Brazil's privacy push could cost firms dear(Computing) The leaks by former National Security Agency (NSA) contractor Edward Snowden have led to widespread condemnation in the world's media of state-sponsored snooping, and have also highlighted business concerns over where their data is stored - an issue usually referred to as data sovereignty
Inside Huawei and Cisco's ceasefire(IT News) Let's not mention the whole government backdoor thing, agreed? CiCisco and Huawei, two of the world's largest communications equipment makers, have been slugging it out for a decade now — in court, in emerging markets, in the lobbies of government and even on blogs
Leidos to Assess Cloud Providers Under FedRAMP(GovConWire) Leidos (NYSE: LDOS) has been certified by the General Services Administration and National Institute of Standards and Technology to perform third-party assessments of cloud computing services and products made by companies seeking to provide their tools to agencies
Are you an entrepreneur in need of a jump start?(InvestMaryland) The InvestMaryland Challenge is a national seed and early-stage business competition hosted by the Maryland Department of Business and Economic Development in partnership with Inc. Magazine. The Challenge will award $400,000 in grants and a host of business services to companies in the life sciences and high tech industries. Grants are provided by the Department's Maryland Venture Fund and the BioMaryland Center
Trend Micro Partners with United Nations' International Telecommunication Union to Provide Ongoing Cybersecurity Support(Wall Street Journal) Trend Micro (TYO: 4704; TSE: 4704), a global pioneer in security software and solutions, today announced its partnership with the International Telecommunication Union (ITU), the United Nations' specialized agency for information and communication technologies, in support of its Global Cybersecurity Agenda. This relationship will better equip ITU's 193 Member States, as well as more than 700 private-sector entities and academic institutions, with the latest information to fight cyber threats globally. The collaboration was commemorated at ITU Telecom World 2013 in Bangkok, Nov. 19-22
Red October crypto app adopts "two–man rule" used to launch nukes(Ars Technica) Engineers at content delivery network CloudFlare have released open-source encryption software that is designed to prevent data theft by decrypting sensitive information only when two or more authorized people provide keys. It's an organizational solution that could counter any future rogue employees
Great Firewall of China bypassed by cloud mirrors(Naked Security) Activists have uploaded mirrored copies of blocked sites to cloud hosting services, challenging China to block major brands like Amazon and Google cloud hosting, or allow freer access to banned material. How long can the Great Firewall last
Six Things You Can Learn from the Affordable Care Act (ACA) Website Snafus: Part I(Cyveillance Blog) Since the introduction of the US government's new Affordable Healthcare Act (ACA) website, healthcare.gov, most of the press coverage has been focused on the difficulties people have had signing up for new "Obamacare" health insurance exchanges and the technical glitches that have plagued the site. Some security experts have even called for healthcare.gov to be shut down until the problems are fixed
Hacked for the Holidays: How Shopping Online Leads to Cybercrime(Private Wi-Fi) More Americans than ever are planning to buy their Christmas presents online this year, according to an annual survey by Deloitte Consulting of New York. Consumers will spend $61.8 billion on e-commerce in November and December, up 15% from the same time last year, says eMarketer
Do two–factor authentication vulnerabilities outweigh the benefits?(SearchSecurity) My organization advocates that users should use their mobile phones for two-factor authentication when logging into email and the like, but I'm concerned about whether the end device represents a problem in this equation. For example, should users avoid using Android devices for the purposes of two-factor authentication because of the malware problem on the Android platform? Or does that not come into the equation for two-factor authentication
Two–factor authentication options, use cases and best practices(SearchSecurity) It's becoming increasingly obvious that security programs that are reliant on single-factor password-based authentication systems are doomed to fail. As Verizon noted in its 2013 Data Breach Investigations Report, the use of something other than a single-factor username-password credential would have likely thwarted 80% of the hacking attacks reported last year. Yet many enterprises still don't use multifactor authentication
Gartner on security impact of evolving corporate identity standards(SearchSecurity) In this SearchSecurity podcast recorded at the 2013 Gartner Security and Risk Management Summit, Gregg Kreizman, research vice president at Stamford, Conn.-based Gartner Inc., explains how evolving corporate identity standards are affecting the IT security landscape
ThreatVlog Episode 10: Mobile security tips(Webroot Threat Blog) In this edition of the Webroot ThreatVlog, Grayson Milbourne talks about ways to keep your mobile device secure from the physical aspect. As our lives become more and more mobile focused, with an increasing amount of private information being stored on tablets and phones, it is always smart to remain vigilant to possible security breaches direct into the phone
Threat intelligence starts with the human element(SC Magazine) It can be easy to forget that there are people behind just about everything that happens on the internet. However complicated a technology may be, it was engineered by people and is used by people too, and people are predictable. The British code breakers at Bletchley Park knew this when they set about decrypting messages from the German Enigma machines during World War II. Insight into human behavior was critical to the codebreakers' success, and it can be an important tool in building modern, predictive cyber intelligence programs as well
Maslow and Malware: Developing a Hierarchy of Needs for Cybersecurity(Microsoft Security Blog) The pervasive use of computing and the Internet means that cybersecurity is now a major concern for organizations around the world. In response, decision makers are developing plans that seek to ensure key assets, systems and networks remain protected in this new environment, while preserving the benefits that come with broad connectivity. However, these approaches vary considerably, according to the different needs and stages of development of individual countries
Design and Innovation
Innovations that will shape network security(Help Net Security) Headline after headline, some company reports a cyber incident and hangs its head in shame. While it is disappointing, strong businesses have strong leaders that show us how to operate a company in times of crisis. Responding to an information security incident is not just an IT thing anymore, it is a business thing. 2014 is the year businesses will finally realize that leveraging the Internet for business growth also means that responding to incidents is par for the course
Brazil, Argentina push for joint cyber shield for South America(The Hindu) Alarmed by large-scale spying on their state-owned oil and mining firms and monitoring of personal communication of their top leaders and bureaucrats by the U.S. National Security Agency (NSA), South America's two biggest countries are urging all other countries in the region to form a joint cyber shield to deflect such surveillance. The move, led by Brazil and Argentina, is the first such effort by a group of countries since NSA revelations about mass surveillance began to come out in June
German Minister Urges US to Restore Trust(AP via ABC News) Members of the U.S. Congress met German officials and lawmakers in Berlin Monday in an effort to relieve tensions over allegations of massive National Security Agency surveillance
N.S.A. May Have Hit Internet Companies at a Weak Spot(AP via the New York Times) The recent revelation that the National Security Agency was able to eavesdrop on the communications of Google and Yahoo users without breaking into either companies' data centers sounded like something pulled from a Robert Ludlum spy thriller
Guide: How NSA Is Under a Microscope(Wall Street Journal) The National Security Agency's surveillance activities are the subject of four separate reviews, in addition to continuing congressional oversight hearings. Here are brief descriptions, below
Estonia to host NATO cyber defence exercise(Estonian Defence Forces) Starting Tuesday, November 26 Estonia will host a major NATO cyber defence exrcise called Cyber Coalition 2013 to test Alliance capabilties for responding large scale cyber attacks targeting information infra-structures of NATO and partner nations
$1 Million Heist Reminds Us That Bitcoin is Neither Safe nor Secure(Gizmodo) Let's play a little game called Good Idea/Bad Idea. Round One: Saving money. That's a good idea! Round two: Saving thousands of dollars in a Bitcoin wallet that's highly susceptible to hackers and heists. As the customers of Bitcoin payment processor BIPS will tell you, that's a bad idea
New Resources to Grow Cyber Security Companies in Maryland(Rockville, Maryland, USA, November 25, 2013) Learn about new resources available locally to grow your cybersecurity company, including the Maryland Cybersecurity Investment Incentive Tax Credit and the Montgomery County Supplemental Incentive Program...
Oil and Gas Cyber Security 2013(London, England, UK, November 25 - 26, 2013) It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred...
IT Forum Expo/Black Hat Regional Summit(, January 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions...
DefCamp 2013(Bucharest, Romania, November 29 - 30, 2013) DefCamp is one of the most important conferences on hacking & information security in South-East Europe, bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under...
2nd Annual East Africa IT and Cyber Security Convention 2013(Nairobi, Kenya, November 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber...
Operationalize Threat Intelligence(Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...
Cloud Security Alliance Congress 2013(Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...
SINET Showcase: THE SINET 16(Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...
World Congress on Internet Security(London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...
ACSAC 2013(New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...
2013 ASE International Conference on Cyber Security(Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...
Cyber Defense Initiative 2013(Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.