Belgacom, having stepped up its network monitoring, announces that a change to router software has prompted it to investigate another possible intrusion. The Belgian telecom is an attractive target because of the large volume of Middle Eastern traffic its cables carry.
Apple iMessage protocols are found vulnerable to man-in-the-middle attacks. A researcher identifies several issues with Bugzilla that could be exploited in cross-site request forgery and cross-site scripting attacks. Tenda's routers are found to contain a backdoor.
FireEye describes how ASLR bypass techniques are becoming a routine feature of sophisticated malware. Naked Security pulls apart the CryptoLocker ransomware.
Last week an unnamed "trading platform" suffered a sustained—150-hour—and determined denial-of-service attack. (The attackers are unidentified but their motives are said to have been "competitive"). Incapsula reports the attack was unusual in using "headless browsers"—versions of Phantom JS.
South African authorities struggle to contain and mitigate the Dexter Trojan, which has been stealing bankcard data from fast-food outlets. (Dexter has been found on the same servers as Alina and Citadel.) Elsewhere in the cyber underworld, a Pinterest scam may herald the return of the RU:8080 gang.
Research suggests that half the US Federal Government breaches are traceable to user noncompliance with security measures. There's a dilemma here: the more thorough security policies become, the more burdensome (and hence self-defeating) they tend to be.
Lenovo may buy part of BlackBerry. Huawei denies receiving government data requests.
Observers see an anti-surveillance bandwagon in the US Congress.
Snowden explains why he leaked.
Today's issue includes events affecting Algeria, Australia, Belgium, China, European Union, Finland, France, Germany, India, Russia, South Africa, United Kingdom, United States..
Apple iMessage Open to Man in the Middle, Spoofing Attacks(Threatpost) The Apple iMessage protocol has been shrouded in secrecy for years now, but a pair of security researchers have reverse-engineered the protocol and found that Apple controls the encryption key infrastructure for the system and therefore has the ability to read users' text messages-or decrypt them and hand them over at the order of a government agency
Apple's iCloud protocols cracked and analyzed(Help Net Security) Smartphones carry a lot of sensitive data that in theory should be accessible only to their owners. In practice, a lot of it can be exfiltrated from the devices and from the backups either stored on the device or in the cloud by employing different forensic methods
From China, With Love(/DEV/TTYS0) Lest anyone think that D-Link is the only vendor who puts backdoors in their products, here's one that can be exploited with a single UDP packet, courtesy of Tenda
ASLR Bypass Apocalypse in Recent Zero–Day Exploits(FireEye Blog) ASLR (Address Space Layout Randomization) is one of the most effective protection mechanisms in modern operation systems. But it's not perfect. Many recent APT attacks have used innovative techniques to bypass ASLR bypass techniques
DDoS Attack Used 'Headless' Browsers In 150–Hour Siege(Dark Reading) Distributed denial-of-service attack employed a browser app toolkit to simulate Web visitors accessing the victim's website. "Headless" browsers pummeled a trading platform's website this past week in a rare form of a distributed denial-of-service (DDoS) attack that lasted for 150 hours. The attack employed some 180,000 IP addresses — and as of today continues to rebound in smaller pockets — according to cloud–based DDoS mitigation service provider Incapsula, which discovered and mitigated the massive attack for its customer
Inside a malware campaign: Alina + Dexter + Citadel(XyliBox) I am going to start this article by mentioning that the server i am about to talk was under strong investigations. But now i can talk, and there are some interesting things i want to mention about Alina and Dexter (both most popular PoS malwares for the moment)
Mac tech support scam reported(ZDNet) Online tech support can be an opportunity to trick unsophisticated users into buying unnecessary software and services. Malwarebytes found a company that offers such disservices to Mac users
Got a mobile phone? Then you've got a Trojan problem too(Register) This time it's personal. Something wonderful has happened: phones have got smart, but the bad news is they may open the door to those you don't want to let in. Time was when getting software to run properly on your mobile phone was such a challenge that it was nigh on impossible for bad guys to write malware that worked
Red Bull Energy Drink Server Hacked, Domains of 09 Countries Defaced by Oxer–X(HackRead) A famous Algerian hacker Over-X has hacked into the server of world renowned Red Bull energy drink, as a result company's blog and domains of 15 domains have been defaced just 3 hours ago. This is not all because other then Red Bull's blog and 9 domain, the hacker has also defaced 6 domains belonging to company's several contests and promotional campaigns. I will put their details in the end
The developer's guide to future car technology(IT World) Forget the Jetsons. Instead, think tech innovations from a developer's point of view: embedded systems, networking challenges, human-machine interaction, and software standards
Security Patches, Mitigations, and Software Updates
VMware Release Multiple Security Updates(Internet Storm Center) VMware released the following security updates. The first one is VMSA-2013-0012 which address multiple vulnerabilities in vCenter Server, vSphere Update Manager, ESXi and ESX. The second is VMSA-2013-0006.1 which address multiple vulnerabilities in vCenter Server Appliances and vCenter Server running on Windows. The last is VMSA-2013-0009.1 which address multiple vulnerabilities in vCenter Server, ESX and ESXi that updates third party libraries
The Chilling Implications Of Democratizing Big Data: Facebook Graph Search Is Only The Beginning(Forbes) While privacy advocates have expressed concern about the phenomenon of massive data collection and analytics colloquially known as "big data," most people are more familiar with social media anxiety, like inappropriate Facebook posts leading to embarrassing and reputation ruining incidents. This situation is likely to change, and in the near future society will have to confront a profound question
Why Christmas is a hacker's favorite season(Baltimore Business Journal) The holiday season is a prime time for hackers in search of big bucks from online shoppers. It may only be October and Halloween has yet to come, but people are already beginning their holiday shopping. Large retailers are already beginning their layaway programs and some have already begun displaying Christmas decorations. But some people — and not the kind that retailers like — have been doing their "shopping" since the beginning of the year
10 Escalating DDoS And Web Hacking Trends(CRN) Threat reports from application hosting firm Akamai and DDoS mitigation appliance maker Arbor Networks highlighted the increasing sophistication of distributed denial-of-service attacks and commonly targeted Internet protocols in the second quarter of 2013. Arbor Networks said DDoS attacks are getting larger, while Akamai said its having trouble filtering out legitimate and malicious traffic. Meanwhile, attack traffic continuously targets both open and secure websites and Web applications. Here are 10 trending hacking techniques identified in the reports
Report: Feds must make security less burdensome for workers(FierceHealthIT) Though insiders say federal agencies such as the U.S. Department of Health & Human Services and the Department of Veterans Affairs are vulnerable to cybersecurity threats, federal employees report bypassing burdensome security measures when those measures interfere with their work
New Study: Half Of Federal Agency Security Breaches Caused By Lack Of User Compliance(Dark Reading) MeriTalk, a public-private partnership focused on improving the outcomes of government IT, today announced the results of its new report, "Cyber Security Experience: Cyber Security Pros from Mars; Users from Mercury." The study, underwritten by Akamai Technologies, Inc. , compares what cyber security professionals report about their agency's security with what end users – Federal workers – actually experience. According to the report, agencies often fail to take the user experience into account when deploying cyber security solutions. As a direct result, end users often circumvent security measures and open their agencies up to data theft, data loss, and denial-of-service attacks
Dealing with Uncle Sam(SC Magazine) The U.S. presents opportunities for Canadian cyber security firms. So why aren't more of them approaching? Danny Bradbury finds out
RLPC: CACI readies launch of $1.7B credit for Six3 buy(Reuters) U.S. contractor CACI International is launching October 22 a $1.681 billion credit facility that will back the company's acquisition of Six3 Systems Inc and refinance existing debt, sources told Thomson Reuters LPC
China's Lenovo Likely Eyeing Portions Of BlackBerry — Not The Whole Pie(TechCrunch) Chinese phone and PC maker Lenovo has once again been linked with a potential BlackBerry acquisition. Yesterday the Wall Street Journal suggested Lenovo is actively considering a bid for all of BlackBerry. However, according to Reuters, which cites a source familiar with the matter, Lenovo is likely only after parts of BlackBerry pie -- owing to regulatory obstacles that would stand in the way of it acquiring the whole company
Huawei denies government influence and calls for cyber security standards(ComputerWeekly) China-based telecoms supplier Huawei has reiterated denials of government influence and called for common international cyber security standards. Huawei has now issued a cyber security white paper, which it says is designed to inform on-going discussions on how the global industry can address cyber security challenges
Dan Allen to take over as CEO at Serco(Washington Business Journal) A shakeup at Serco Inc. in Reston will bring a CEO transition in December, when former CACI International Inc. chief executive Dan Allen will take the helm
How meaningful are AV tests?(Help Net Security) Anti-malware software from vendors big and small is regularly tested by several antivirus test labs, which may result in awards and certification, but also in disappointment
Products, Services, and Solutions
Introducing the Deep Security as a Service AWS Test Drive(TrendMicro Simple Security) The AWS Test Drive program provides people with an opportunity to quickly test and evaluate new technologies within the AWS cloud. The idea is to be able to hit the ground running and allow students to explore the featured technology without worrying about first deploying and configuring a learning environment
SecureDrop(Schneier on Security) SecureDrop is an open-source whistleblower support system, originally written by Aaron Swartz and now run by the Freedom of the Press Foundation. The first instance of this system was named StrongBox and is being run by the New Yorker. To further add to the naming confusion, Aaron Swartz called the system DeadDrop when he wrote the code
avast! 2014 released(Help Net Security) AVAST Software launched avast! 2014 - the latest version of the antivirus solution used by a quarter of all protected PCs worldwide. The new version improves performance, download and install times
Webroot enhances mobile threat protection(Help Net Security) Webroot released a new edition of Webroot SecureAnywhere Business - Mobile Protection to ensure mobile devices and company data stay secure. As more organizations face the challenges of corporate data
USPS offers a peek at cloud credential exchange(FierceGovIT) The Federal Cloud Credential Exchange will reduce the complexity of credentialing, speed up integration with identity providers, improve consumer privacy and ease of use, and cut agency authentication costs, said Douglas Glair, manager of digital partnerships and alliances at the Postal Service, during a recent presentation
Technologies, Techniques, and Standards
10 Pitfalls Of IT Risk Assessment(Dark Reading) As IT organizations seek to make better risk-based decisions about security practices, perhaps the number one component for success is the IT risk assessment. However, even when organizations actually conduct a risk assessment, they frequently fall prey to mistakes that can greatly devalue the exercise. Here are some of the most common blunders to avoid
With Shared Power Comes Shared Responsibility(Dark Reading) It's National Cyber Security Awareness Month, and the official theme for the month is "Our Shared Responsibility." A bit trite, perhaps, but it's a message that is all too often lacking when security professionals communicate with users in their organizations. If you've ever felt that IT or the security group is public enemy number one in your workplace, it may be time to rework your trainings, presentations, and emails to integrate the shared responsibility message
Essential considerations when making changes to security(CSO) When it comes to security policies and practices, there are rules (both written and unwritten) that need to be adhered to. An organization simply cannot implement changes to security on the fly as it could lead to disaster. Yet, there are times when changes are necessary, or mandated due to an incident response plan. In that instance, what should business leaders be focusing on
How to sniff local network traffic on an unrooted Android device(Help Net Security) Google Play hosts a number of applications that focus on local network traffic sniffing for Android devices, but for the majority of them you would first need to root the device. I worked on a project where I needed a quick glance on what networking requests an Android application does in the background, so the easiest way was to setup a local sniffer on the device itself
Overcoming Data Residency Issues(InformationSecurityBuzz) Dave Anderson, Senior Director, Voltage Security, explains how organisations can overcome a common barrier to cloud computing adoption. The benefits of adopting cloud technologies have been widely reported, and are commonly understood. However, the decision to adopt a cloud strategy brings with it many questions and concerns about jurisdictional and regulatory control over the privacy and protection of sensitive data
NSA E-Spying: Bad Governance(BankInfoSecurity) In addition to raising concerns about violating Americans' civil liberties, revelations about how the National Security Agency collects and uses e-mail and instant messaging contact lists demonstrate bad data governance practices, a leading privacy attorney says. Fundamental rules of good data governance call for only collecting what is needed for a purpose, giving access to only those who need to know and then scrubbing the information when it's no longer needed. "Putting aside the Fourth Amendment issues, NSA is not even following these basic principles," attorney Ron Raether says. "NSA is collecting everything about everyone and keeping all of it in the event it might become relevant"
How CISOs get executive buy-in for security budgets(Help Net Security) Wisegate released a new report that shares how CISOs successfully gain executive buy-in on security budgets and strategically manage them. Most CISOs face significant challenges communicating the
Plan to fail for better security(Help Net Security) We've all heard the old saying: "If you fail to plan, you're planning to fail." Of course, it's true: and from a security viewpoint, it's also interesting to turn the cliché on its head
Internet wide DNS scanning(Internet Storm Center) We have received a request from a research group to let everyone know that they will be conducting Internet wide scanning of DNS servers. This is their request: "Our team at the Network Architectures and Services Dept. (I8) of TU München, Germany, has started a DNS scan. This has similar goals as the scans that we have conducted for SSL and SSH in the past months. Once again, the purpose is purely scientific. The scanning machine is 18.104.22.168. We are querying DNS servers to resolve host names. We do not in any way try to compromise the servers. Additionally, the load caused by our activities should be very low on a single server. The idea of our queries is to get a better understanding of the inner workings of DNS, one of the most ubiquitous protocols of the Internet. We would it appreciate it very much if you added a comment in your database. Please note that we respond to every complaint and are happy to blacklist systems with annoyed admins"
Real-time analytics troubles(FierceBigData) Last month, Vitria Technology decided to poll attendees at two leading big data analytics conferences to assess where real-time analytics stood in practice. The resulting State of Big Data Analytics Survey found that while 41 percent of respondents reported the need to take action on streaming data across diverse sources within mere seconds or minutes, 67 percent "admitted to having little to no technology support for analyzing and immediately acting on streaming big data"
Creating a Science of Security(GovInfoSecurity) Frederick Chang, the new head of the cybersecurity program at Southern Methodist University, says the time has come to create a "science of security." "The field of cybersecurity today is very reactive and after the fact," Chang says in an interview with Information Security Media Group (transcript below). "Something bad has to happen, and then actions are taken. The field needs to get to a point where it can become proactive, where we can get ahead of the problem. In science, we talk about prediction, models and repeatability. The idea of taking the longer-term approach and creating a foundational science and engineering of cybersecurity is a key part of our mission"
NSA revelations bolstering demands for congressional action(CSO) Latest report about contact list collection raises more ire. Jaw-dropping revelations on the extent of Internet spying by the National Security Agency is having a huge political impact in the U.S., as Americans demand that lawmakers curb the agency's craving for personal data, experts say
NSA shakeup: Spy chief, deputies eye the doors(Washington Post) As if the National Security Agency and the U.S. Cyber Command weren't already in enough turmoil (perhaps you've heard of that Edward Snowden guy?), things are expected to get even more unstable around Snoop Central
New NSA deputy expected to be leaks task force head: sources(Reuters) Richard Ledgett, who heads a new task force at the National Security Agency to handle information leaks, is expected to take over as the deputy director of the spy agency after the current No. 2 retires in January, sources told Reuters
Honeywell CEO calls for stricter cyber crime punishments(SC Magazine) Honeywell CEO and Chairman David M. Cote says the world is looking at cyber security backward because "nobody's getting physically hurt." He says nations need to form treaties to deal with the what he calls "a new kind of warfare"
EC: Europe should become a 'trusted cloud region' in the post–Prism age(ComputerWeekly) European cloud providers must turn the Prism surveillance revelations into a Europe-wide opportunity to build trusted cloud services for customers globally, the European Commission (EC) has said. According to the EC, Prism revelations could slow down the adoption of cloud computing services and Europe should build on its "relatively high standards" of data protection, security, interoperability and transparency of cloud services to become the world's trusted cloud region
MPs to review laws on UK spy–snoopery after GCHQ Tempora leaks(Register) Intelligence and Security Committee chairman says 'balance to be found'. Parliament's intelligence services watchdog is to hold an inquiry into whether or not UK surveillance laws need updating in light of Edward Snowden's revelations into GCHQ's activities
Cyber security and governance(Deccan Chronicle) What emerges from various statements made by key members of the government in the last few days is India's incipient policy on cyberspace. If India is genuinely opposed to any control on the Internet in the name of cyber security, we need to see those words put into action. Great difficulties may lie in the fact that the Internet is so new, relatively speaking, and expanding so rapidly, that it throws up issues not thought of before
Snowden: 'I have data on EVERY NSA operation against China'(Register) New York Times interview sure to interest Beijing. NSA whistleblower Edward Snowden has claimed he taught a course in "cyber-counterintelligence" against China and has access to data on every active operation mounted against the People's Republic by the US spy agency
Does This $17 Million Bitcoin Wallet Belong To Alleged Silk Road Creator Ross Ulbricht?(Forbes) When the FBI took down online drug bazaar Silk Road and seized its assets, the government became the proud new owner of over 26,000 Bitcoins, or almost $4 million that Silk Road customers had sitting in their accounts. The FBI plans to liquidate those when judicial proceedings are over, but it also hopes to seize many more Bitcoins. The FBI suspects that alleged Silk Road mastermind Ross Ulbricht, 29, who was arrested in San Francisco earlier this month, is sitting on 600,000 Bitcoins, or $80 million. I suspect that number's overblown
Feds Sued for Hiding NSA Spying From Terror Defendants(Wired) Five years after Congress authorized warrantless electronic spying, the Obama administration has never divulged to a single defendant that they were the target of this type of phone or email surveillance — despite lawmakers' claims the snooping has stopped terrorist plots and resulted in arrests
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Ahead of the Threat: Driving Innovation for Cyber Security(Bethesda, Maryland, USA, October 30, 2013) Sponsored by the Tech Council of Maryland, this conference will feature a presentation by Sondra L. Barbour, Lockheed Martin Information Systems & Global Solutions (IS&GS) Executive Vice President, will...
Securing the Internet of Things Summit(San Francisco, California, USA, October 21, 2013) The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and applications,...
13th Industrial Control Systems Cyber Security Conference(Atlanta, Georgia, USA, October 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security...
Cloud Connect(Chicago, Illinois, USA, October 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully...
Cyber Security Seminar and IT Expo at Peterson AFB(Colorado Springs, Colorado, USA, October 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest...
Hack.lu 2013(Luxembourg, October 22 - 24, 2013) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society.
Joint Federal Cyber Summit 2013(Washington, DC, USA, October 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished...
NSU's 12 Simple Cybersecurity Rules For Your Small Business(Fort Lauderdale, Florida, USA, October 24, 2013) In this presentation twelve simple and inexpensive techniques for protecting small businesses from cyber threats will be discussed. While complex and expensive solutions exist to improve the security...
BREAKPOINT 2013(Melbourne, Australia, October 24 - 25, 2013) Over two days, 14 world-renowned speakers front Breakpoint to share their knowledge on a full range of security issues, from unpublished research to the latest trends in information security.
Ruxcon(Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...
2013 ACT–IAC Executive Leadership Conference(Williamsburg, Virginia, USA, October 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for...
FIRST Energy Symposium(Leesburg, Virginia, USA, October 28 - 29, 2013) Recent reports have shown that the Energy Sector has seen a large increase in the reported number of cyber attacks. The need to protect against threats and improve upon incident management has never been...
SAP NS2: National Security Solutions Summit(Falls Church, Virginia, USA, October 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S.
RSA Conference Europe(Amsterdam, the Netherlands, October 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning...
Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary,...
NSA Hawaii — Cyber Security, Intelligence & IT Day(Honolulu, Hawai'i, USA, October 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.