skip navigation

More signal. Less noise.

Daily briefing.

The ISP hosting the SEA-themed (but SEA-denied) Mac malware campaign shuts it down.

This week's Apple IOS7 update received so much interest that downloads mimicked denial-of-service conditions. Microsoft is working to patch an IE zero-day vulnerability, and observers expect a wave of attacks as hackers try to exploit it before it's closed.

"Shylock" (a.k.a. "Caphaw") again hits twenty-four large banks, harvesting login credentials at some twenty-four institutions. The financial sector has seen a good recent return on cyber security investment, but tighter security has been expensive and will get pricier, more than smaller banks can sustain. The sector as a whole would benefit from less-labor-intensive security solutions.

Bkav researchers discover a novel malware self-defense technique: freeze the infected hard disk while the malware "respawns." Cisco continues to track watering-hole attacks on the energy sector.

Petty cyber crime presents an unusually sordid display today. One new ransomware wrinkle involves Bitcoin mining—crooks profit whether you pay up or not. And the black market again imitates the legitimate one as hackers offer online training for cyber criminals.

NSA describes where Snowden accessed the files he leaked—on a filesharing system established post-9/11 to improve analysis. How he exfiltrated the data remains under investigation.

Cisco, Django, and Firefox security upgrades are now available.

Macy's denies snooping on customers' phones (and suggests inter alia that competitors do—they should beware expansive wiretap-law interpretation). VUPEN cheekily invites journalists to FOIA its competition.

Brazil-US relations remain frosty over surveillance, which continues to attract unfavorable domestic attention.


Today's issue includes events affecting Argentina, Australia, Brazil, Bulgaria, China, Czech Republic, European Union, Finland, France, Germany, Morocco, Philippines, South Africa, Syria, Taiwan, United Arab Emirates, United Kingdom, United States, and Vietnam..

Cyber Attacks, Threats, and Vulnerabilities

Mac Trojan linked to Syrian Electronic Army shuttered (CSO) Apple's popular image of being immune from malware has fired up hacker interest in the platform in recent times. Shortly after it was discovered by security researchers, a rogue network linking Apple computers through a Mac Trojan had its nerve center shut down. "The command and control server is down," Lysa Myers, a senior security analyst with Mac antivirus softwarea maker Intego, said in an interview. "We talked to the ISP yesterday and had it shut down"

Apple DDOS? Nope, just the update coming down! (Internet Storm Center) The amount of press that Apples IOS 7 update has gotten today has had an unintended consequence — everyone seems to be pulling it down the instant they see that it's available. This is triggering IPS Sensors and causing real DOS conditions due to the traffic involved — an unintended "apple — zooka"

Heavy Attacks Expected as Microsoft Scrambles to Fix IE Flaw (TechNewsWorld) All versions of IE are potentially vulnerable to attack due to an unpatched critical flaw. Prior to Tuesday, it had been exploited only in a limited way, but now that it's been publicized, that's likely to change. "This exploit has quite a wide attack surface," said Websense Director of Security Research Alex Watson. "Seventy percent of all Windows computers would be vulnerable to this exploit"

Shylock Financial Malware Back and Targeting Two Dozen Major Banks (Threatpost) Two dozen major U.S. and European banks are in the crosshairs of the Shylock, or Caphaw, financial malware of late, and victims who trade with one of the 24 financial institutions are at risk of giving up their credentials and losing assets in their accounts

A New Wave of WIN32/CAPHAW Attacks (ThreatLabZ) Over the last month, the ThreatLabZ researchers have been actively monitoring a recent uptick in the numbers of Win32/Caphaw (henceforward known as Caphaw) infections that have been actively targeting users' bank accounts since 2011. You may recognize this threat from research done by WeLiveSecurity earlier this year in regards to this threat targeting EU Banking sites. This time would appear to be no different. So far, we have tied this threat to monitoring it's victims for login credentials to 24 financial institutions

Rootkit freezes computers' hard disk to respawn itself (Help Net Security) Researchers from Vietnamese security firm Bkav have recently spotted and analyzed a new piece of malware that uses an unexpected self-protection mechanism: it "freezes" the hard disk of the infected

Affiliate network for mobile malware impersonates Google Play, tricks users into installing premium–rate SMS sending rogue apps (Webroot Threat Blog) Affiliate networks are an inseparable part of the cybercrime ecosystem. Largely based on their win-win revenue sharing model, throughout the years, they've successfully established themselves as a crucial part of the cybercrime growth model, further ensuring that a cybercriminal will indeed receive a financial incentive for his fraudulent/malicious activities online. From pharmaceutical affiliate networks, iPhone selling affiliate networks, to affiliate networks for pirated music and OEM (Original Equipment Manufacturer) software, cybercriminals continue to professionally monetize each and every aspect of the underground marketplace, on their way to harness the experience, know-how and traffic acquisitions capabilities of fellow cybercriminals. In this

419 advance fee fraudsters abuse CNN's 'Email This' Feature, spread Syrian Crisis themed scams (Webroot Threat Blog) Opportunistic 419 advance fee scammers are currently using's "Email This" feature to spamvertise Syrian Crysis themed emails, in an attempt to successfully bypass anti-spam filters. Ultimately tricking users into interacting with these fraudulent emails. The emails are just the tip of the iceberg in an ongoing attempt by multiple cybercrime gangs, looking to take advantage of the geopolitical situation (event-based social engineering attack) for fraudulent purposes, who continue spamming tens of thousands of emails impersonating internationally recognized agencies, on their way to socially engineer users into believing the legitimacy of these emails

Malware Writers, Fraudsters Target Gamers with Fake GTA 5 Serials (Hot for Security) As the recent GTA 5 release made headlines worldwide and even increased the number of "sick" employees as workers stayed home for the game, cyber-criminals launched their own exquisite offer of bogus serials, kits and beta versions

Early Christmas Card Notification Comes With Malware (TrendLabs Threat Encyclopedia) It could be said that it's still too early to even think about Christmas, but it seems that cybercriminals have another idea entirely. Recently we received samples of a malicious spam campaign making the rounds. The spammed mail purports itself to be an early Christmas greeting from Hallmark, one of the biggest greeting card makers in the United States. The body of the mail asks the user to quickly open and execute the attached file, or else they will suffer a year of misfortune. The attached file, which is stored inside a zipped archive and is named 'snowfairy.exe' is of course malicious, and detected as MAL_PROLACO

Cybercriminals offer anonymous mobile numbers for 'SMS activation', video tape the destruction of the SIM card on request (Webroot Threat Blog) For years, cybercriminals have been abusing a rather popular, personally identifiable practice, namely, the activation of an online account for a particular service through SMS. Relying on the basic logic that a potential service user would not abuse its ToS (Terms of Service) for fraudulent or malicious purposes. Now that it associates a mobile with the account, the service continues ignoring the fact the SIM cards can be obtained by providing fake IDs, resulting in the increased probability for direct abuse of the service in a fraudulent/malicious fashion. What are cybercriminals up to in terms of anonymous SIM cards these days? Differentiating

Skimming made easier with hacked portable card payment machines (SC Magazine) For years electronic skimming devices have been stealing credit and debit card information with varied success, but the researchers at global cyber security company Group-IB have noticed an increasing amount of modified point-of-sale (POS) devices circulating in underground markets

NSA reveals how Snowden accessed secret Prism files (ComputerWeekly) Prism internet surveillance whistleblower Edward Snowden accessed the secret documents in a file-sharing location, US National Security Agency (NSA) officials have revealed. The file-sharing location had been set up on the NSA's intranet to enable NSA analysts and officials to read and discuss them, government officials told NPR news. Such file-sharing locations were set up after it was revealed that intelligence agencies failed to "connect the dots" before the 9/11 attacks in 2001 because they were unaware of what other agencies knew

The wisdom of Maxwell Smart on the NSA and Syria (Christian Science Monitor) The '60s TV super-spy and his boss on trust, security theater, and protecting secrets. I came across an old clip from Get Smart, Don Adam's hit '60s TV series about a bumbling American spy, that made me think about the news lately: Edward Snowden's defection to Russia with a trove of National Security Agency secrets, the role of trust in the debate over what the US should do about the war in Syria, and the security theater that continues to plague air travelers here in the US and abroad

Watering–Hole Attacks Target Energy Sector (Cisco) Beginning in early May, Cisco TRAC has observed a number of malicious redirects that appear to be part of a watering-hole style attack targeting the Energy & Oil sector. The structure consists of several compromised domains, of which some play the role of redirector and others the role of malware host. Observed watering-hole style domains containing the malicious iframe have included

EvilGrab Malware Family Used In Targeted Attacks In Asia (TrendLabs Security Intelligence Blog) Recently, we spotted a new malware family that was being used in targeted attacks — the EvilGrab malware family. It is called EvilGrab due to its behavior of grabbing audio, video, and screenshots from affected machines. We detect EvilGrab under the following malware families

Crooks Hijack Retirement Funds Via SSA Portal (Krebs on Security) If you receive direct deposits from the Social Security Administration but haven't yet registered at the agency's new online account management portal, now would be a good time take care of that: The SSA and financial institutions say they are tracking a rise in cases wherein identity thieves register an account at the SSA's portal using a retiree's personal information and have that retiree's benefits diverted to prepaid debit cards that the crooks control

Critical Vulnerability: Buy Any Product on eBay in just 0.01 USD (HackRead) Ever thought to buy an iPhone or a Play Station for free? well you could but its too late now, as an Indian security researcher going with the handle of Ishwar Prasad Bhat had found a critical vulnerability on the world's largest online shopping website eBay that allowed users to buy any product in just 1 Indian Rupee equivalent to 0.01 USD

Ransomware Puts Your System To Work Mining Bitcoins (Malware Bytes) The Ransomware family 'Reveton' has been a thorn in the sides of many for over two years. It has employed a dynamic approach by tailoring the malware to specific countries and frequently changing infection methods

Hacking courses offer cybercrooks tips on how to hone skills (Crime Online) A growing number of experienced hackers have begun offering structured hacking courses for crooks seeking to make a career in cybercrime. The courses range from the basics of online fraud to advanced courses on online anonymity tools, botnets, cleaning up electronic evidence and dealing with law enforcement, according to RSA, the security division of EMC Corp

Telecommunications provider Swisscom investigates stolen data (SC Magazine) Four data tapes belonging to Switzerland-based telecommunications provider Swisscom have ended up in the hands of Swiss German-language newspaper Neue Zürcher Zeitung (NZZ)

Anonymous: We Are Not Behind DDOS Attack on Sweden's SJ (Softpedia) A distributed denial-of-service (DDOS) attack has disrupted the ticketing systems of SJ, Sweden's state-owned passenger train operator. Anonymous hackers say they have nothing to do with the attack

Dissecting FireEye's Career Web Site Compromise (Danchev) Remember when back in 2010, I established a direct connection between several mass Wordpress blogs compromise campaigns, with the campaign behind the compromised Web site of the U.S. Treasury, prompting the cybercriminal(s) behind it to redirect all the campaign traffic to my Blogger profile? It appears that the cybercriminal/gang of cybercriminals behind these mass Web site compromise campaigns is/are not just still in business, but also — Long Tail of the malicious Web — managed to infect FireEye' (external network) Careers Web Site

ESPN Football Analyst Mark May Says His Twitter Was Hacked (Softpedia) The verified Twitter account of former American professional football player Mark May (@mark_may) was allegedly hacked a few hours ago

30% of Tor Web Browser Transactions Found to Be Fraudulent (Infosecurity Magazine) Tor is known as a privacy browser, favored by political dissidents, journalists and others looking to be online anonymously. But a new report shows that almost a third of its traffic is fraudulent as well, pointing to its potential status as a criminals' haven

Security Patches, Mitigations, and Software Updates

Cisco DCNM Update Released (Internet Storm Center) We continue to see web applications deployed to manage datacenter functions. And I'm sorry to say, we continue to see security issues in these applications — some of them so simple a quick run–through with Burp or ZAP would red-flag them

Patches for Django Framework Fix DoS Vulnerability (Threatpost) Developers behind the web framework Django have pushed out a new build of the software that fixes a handful of security issues, including a denial of service vulnerability in the authentication framework

Firefox 24 available now! 17 fixes, 7 critical (Naked Security) Sometimes I wonder if the folks over at Mozilla Security are trying to embarrass me

Cyber Trends

UAE Firms Not Proactive About Cyber Threats (Gulf Business) Companies in the UAE should have a proactive strategy as opposed to a reactive strategy when addressing cyber threats to their businesses, experts said. "The value of information is appreciated only when it (security) is compromised," said Ahmad Al Mulla, vice-president of IT at Dubal

Security incidents in the financial sector have fallen, but there's no cause to celebrate (CSO) SilverSky has published a report that says security incidents are down year over year for the first half of 2013, but there's always more work to be done

Cyber security costs soar at global financial institutions: experts (Xinhua) With the global rise of hacker attacks, banks are keeping up with the latest technologies to secure their own and customers' assets, experts said here at an ongoing banking transaction fair. Cyber security at global financial institutions is a central topic at this year's Sibos, a four-day exhibition held for the first time in the Middle East

US regulator says small banks could face cyber threat (Reuters) In July, the Securities Industry and Financial Markets Association, an industry group, organized a simulated cyber attack to test how banks would respond

ISACA EuroCACS 2013: Boardrooms not investing enough in cyber–security (ITProPortal) Speaking at ISACA's EuroCACS conference in London this week, IT security insiders claimed enterprise executives are still failing to invest sufficient funds into bolstering cyber-security. The information security world has long-bemoaned the gap that exists between the average CISO and his boardroom seniors, and addressing a packed hall at the Hilton London Metropole Hotel, leading lights in the sector claimed company execs were not backing their IT staff when it came to enforcing comprehensive security strategies

2013 Mid–Year Threat Landscape Report from ENISA (Softpedia) The European Network and Information Security Agency (ENISA) has published a 2013 mid-year report that analyzes the threat landscape. According to the study, the top threats that have had a major impact since 2012 are drive-by exploits, code injections, botnets, denial-of-service (DOS) attacks, scareware, targeted attacks, search engine poisoning and identity theft

Cyber–Attacks Cost Small Businesses Nearly $9,000 (FoxBusiness) Small businesses are becoming increasingly tech savvy, but limited resources and knowledge still leave many vulnerable to cyber-threats. A new survey from the National Small Business Association finds 84% of small businesses today use laptops and 74% use smartphones, compared to 67% and 57% in 2010, respectively

Global Phishing Survey: Trends and Domain Name Use in 1H2013 (APWG) Phishers must remain hidden in the shadows, but they also need potential victims to see their work. To combat phishing, we must learn how the phishers create and advertise their bogus sites. These methods change constantly. By analyzing the phishing that took place in the first half of 2013, we have learned how the phishers perpetrated their attacks. The bad guys are trying new tricks and taking advantage of promising new resources. The good guys have won a few battles. And overall, phishing is expanding in places where Internet-using populations are growing

Half of Facebook–quitters leave over privacy concerns (Naked Security) Facebook, which boasts over a billion users, is by far and away the largest social network in the world. In fact, many of us would be hard pressed to name any of our own contacts who are not already registered. Lately, however, there's been a trend for people to disconnect from the network. Specialised sites such as The Suicide Machine and Seppukoo (both now unavailable due to issues with the social giant) made it easy for users to delete their content and contacts before having a new and inaccessible password set on their behalf in order to block their return. So why are people committing "virtual identity suicide"

Encryption goes mainstream (USA Today) Encryption is on the verge of going mainstream. In this age of corporate cyberspies and government snoops, the ancient art of encoding messages is something ordinary citizens will soon come to view as an essential service


James Winnefeld: Pentagon Plans $23B for Cyber Over 4 Years (ExecutiveGov) Winnefeld also told the audience U.S. Cyber Command has designated one cyber team to defend "dot-gov" and "dot-com" domains, a second team to help

Nine further suppliers added to Australian govt cloud panel (ZDNet) Fujitsu and Verizon headline the latest additions to the list of suppliers on the Australian government's datacentre-as-a-service multi-use list. The Department of Finance and Deregulation has brought its total number of cloud suppliers to 66, with nine new vendors being announced today

When Is Data Collection Creepy? Mr. Macy, Meet Mr. Hooper (Storefront Backtalk) Macy's is not, repeat not, capturing signals from customers' mobile phones to identify them at POS. That's the main thing people are remembering from a presentation by Macy's customer strategy VP Julie Bernard at a conference last week. Aside from the implication that some other chains are doing that, it's too bad, because it misses Bernard's two key points. One is that customers demand marketing messages that are relevant to them, but they're at the point of paranoia about retailers collecting the information necessary to make the messages relevant. The other is that some ways of collecting that information truly are creepy

FOIA our competitors, please (TLDR) Earlier this week, government transparency site Muckrock published a story about how the NSA bought hacking exploits from Vupen, a French hacker company. Muckrock unearthed that information via FOIA, and in response, Vupen did something unusual. The French hackers gave the journalists a bunch of fresh leads on which of their US competitors might be involved with the NSA. (Chaouki Bekrar is Vupen's CEO)

Cyber insurance and the hurdle of business impact (The Guardian) If we can show that our security is fit for purpose and validated by third parties, we could turn a corner in being more willing to share business impact metrics

BlackBerry reportedly prepping to lay off up to 40 percent of workers (The Verge) It seems the outlook for BlackBerry is growing more bleak by the day. Only hours after the company introduced a new 5-inch smartphone, the Z30, a report from The Wall Street Journal says up to 40 percent of BlackBerry's workforce could be laid off by year's end. Citing people familiar with the matter, the report claims that thousands employees are likely to be impacted by the deep cuts, which will span all departments of the troubled manufacturer

Google to acquire data-sharing app Bump (FierceCMO) Google announced it will acquire Bump, a data-sharing start-up that raised $20 million and was once a top downloaded mobile app. Financial terms of the deal weren't disclosed, but several reports said Google paid about $35 million

Apple needs Chinese customers, but some Chinese companies need Apple even more (Quartz) Apple's stock price has fallen 6% since the company introduced the iPhone 5S and 5C, as disappointed analysts and consumers criticized everything from the phones' premium prices to their lack of mind-blowing features. Chinese consumers were particularly dismissive of the new devices (and the company's underwhelming Beijing launch), and now stocks of Chinese companies linked with Apple are suffering as well

GoDaddy Buys Afternic To Beef Up Its Domain Registry Marketplace (TechCrunch) GoDaddy has made another acquisition, its fourth in 14 months: it has bought Afternic, a specialist in aftermarket domain sales — that is, reselling domain names that are already owned. Afternic was owned by NameMedia, and GoDaddy says it is also acquiring SmartName, a domain parking service, as well as NameFind, a kind of name generator, from the same group

Products, Services, and Solutions

Virtual Panda Thrives in the Cold at Peter Green Chilled ( The all-in-one GateDefender security provides an additional layer to the endpoint protection, also provided by Panda Security. The UTM halts malware, spam

Microsoft Windows Phone 8 granted government security standard (ZDNet) Will government security accreditation increase the adoption rates of Microsoft's Windows Phone 8

CipherCloud Ratchets Up Security for Box Cloud Storage (eWeek) CipherCloud enables only users to access encryption keys, so nobody else--not even the NSA or hackers of any type--can see the data

CA Technologies eComMinder with CA RiskMinder (SC Magazine) Here's another situation where a customer is at risk - not only from fraudsters, but from the convenience of online buying. For decades we have preached that security should not get in the way of usability. Died-in-the-wool security pros took the position that one could have security or convenience, but both was out of the question. Of course that's not how it is today, for the most part, but in the world of online business transactions it is a tough tightrope to walk

HP unveils community-sourced threat intelligence platform (Help Net Security) HP announced HP Threat Central, a community-sourced security intelligence platform that will enable automated, real-time collaboration between organizations to combat advanced cyber threats

OWASP in Paris : Diving in Firefox OS Security ! (Poulpitablog) You might have heard about it, a new mobile operating system was announced few months ago : Firefox OS, by Mozilla.This mixing of a browser product together with the 'OS' word is not a typo. It is a new type of operating system, web based, which will get rid of the open-but-proprietary mobile operating systems. On a web-based operating system, web apps will be the application bringing the services to the user. And Mozilla, is offering to have HTML5/CSS3 web apps running on their Firefox OS. Together with special APIs, names Web APIs that will enable some mobile-phone related features, such as access to phone call, SMS, and few other nice things

It's New And Shiny. Be Afraid. Be Very Afraid. (Dark Reading) In the age of page views and breaking news, we have to reserve judgement until the facts emerge. Apple's Touch ID launch is just another example of fear-mongers favoring FUD over fact

Hackers Pool Together A Reward For First To Hack iPhone's Fingerprint Reader (Forbes) For hackers, the iPhone 5s's Friday release marks the start of a race to crack its new fingerprint reader. Now a few dozen of them are raising the stakes. On Wednesday afternoon independent security researcher Nick Depetrillo launched, a website designed to crowdfund a reward for the first person to demonstrate in a video that he or she can lift a fingerprint from any surface, reproduce the print, and use it to unlock the owner of that fingerprint's iPhone 5s

Cyveillance Monitoring Service Targets Rogue, Unauthorized Mobile Apps (Executive Biz) QinetiQ North America subsidiary Cyveillance has rolled out a monitoring service designed to target six types of rogue mobile applications that could affect a business. The expanded Mobile Application Monitoring Solutions falls under the company's brand protection services suite and work to provide users analysis and takedown services, Cyveillance said Monday

FireEye, Verdasys Partner In Endpoint Security (Dark Reading) Verdasys-FireEye solution leverages FireEye's Multi-Vector Virtual Execution (MVX) engine and Verdasys' Digital Guardian platform

Stackdriver Rolls Out Monitoring-As-A-Service Solution For AWS (CRN) Stackdriver, a cloud-based application monitoring services startup, is making moves in Amazon (NSDQ:AMZN) Web Services analytics, announcing Wednesday the launch of an intelligent monitoring program for public cloud through application analytics

VIPRE Internet Security 2014 Tailors Threat Protection to Online User Behavior (ThreatTrack) ThreatTrack Security's premier home antivirus software protects users from threats on Facebook, bad search results and vulnerable software programs

Norton, Kaspersky, and Bitdefender Rule New Antivirus Test (SecurityWatch) Researchers at German lab AV-Test keep twenty-odd antivirus products under observation constantly, collating and reporting their results every couple months. They cycle between testing under Windows XP, Windows 7, and Windows 8, sometimes using 64-bit editions. The latest results, released today, relate to testing under 64-bit Windows 7. Some products scored much better than when tested under the 32-bit operating system; others lost points galore

DuckDuckGo continues making huge audience gains (FierceContentManagement) DuckDuckGo has more than doubled its average daily searches in 6 months, moving from 1.6 million to 4 million, according to its most recently published statistics. The move still isn't enough, however, for it to make comScore's search engine report where, as you would expect, Google still dominates…As Infoworld reports, recent revelations about the NSA have people more aware of internet monitoring, and as such, a service like DuckDuckGo, which doesn't collect any personal information, is becoming an increasingly attractive alternative

CloudSigma launches hybrid hosting with private patching (Help Net Security) CloudSigma launched its hybrid hosting offering for customers at its cloud locations, including Switch SuperNAP in Las Vegas, Nevada; Interxion in Zurich, Switzerland; and Equinix globally

LynuxWorks releases a rootkit detection system (Help Net Security) LynuxWorks announced the RDS5201, a new product to help detect the rootkit. Built on the LynxSecure 5.2 separation kernel and hypervisor, this small-form-factor appliance has been designed to offer a

Software for DIY data recovery, data protection and data destruction (Help Net Security) Kroll Ontrack announced Ontrack EasyRecovery 11, a solution for DIY data recovery, data protection and data destruction. It includes new S.M.A.R.T. scan technology to monitor the health of data storage

Kaspersky Lab launches solution for multi-device security (Help Net Security) Kaspersky Lab announced Kaspersky Internet Security – Multi-Device, a new security product that provides a way for customers to secure their Internet activity across multiple devices

Self–healing BIOS security from HP (Help Net Security) HP announced HP BIOSphere with SureStart technology, a self-healing security solution created to help organizations better manage risk and protect user and IT productivity

Technologies, Techniques, and Standards

How to avoid unwanted software (Webroot Threat Blog) We've all seen it; maybe it's on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you've never heard of, there's a new, annoying toolbar in your browser. Maybe you're getting popup ads or have a rogue security product claiming you're infected and asking you to buy the program to remove the infection. Even worse, you don't know how it got there! Welcome to the world of Potentially Unwanted Applications (PUAs.) Chances are that these programs were inadvertently installed while installing software from sites that use

Got Fingerprints? Biometric Security Isn't That Simple (Storefront Backtalk) Sometimes it's the little things. Apple just announced its new version of the iPhone, and among the (mostly minor) changes, the company added a little thing that is a potential game changer: a fingerprint reader to authenticate the user. It's a simple biometric of the type that has been on many computers for years. But just as the addition of the iTunes store to the iPod transformed digital purchases, and the addition of apps to iOS transformed software, the addition of the biometric reader can transform identity management, online purchases, key management and DRM, and can be used to either enhance or destroy privacy as we know it

RI National Guard conducts cyber defense exercise (The Public) Members of the Rhode Island National Guard are wrapping up a four-day cyber defense drill. The exercise, called Cyber Shield 2013, is intended to test the state's Cyber Disruption Team and the state's Emergency Operations Center to determine how well they would respond to an actual cyber attack

Is Your Incident Response Plan Ready for a Cyber Security Breach? (Dell SecureWorks) Nearly every day the media report on organizations, companies and nation states that are dealing with information security breaches. From the smallest companies to the largest conglomerates, organizations around the world are attacked every second of every day and many do not have an incident response plan in place. Cyber threats are evolving within hours, when previously it took days or even weeks. We've experienced a 24-hour-a-day hand-to-hand combat war for many years. Cyber attackers don't stop working when your business closes down for the day

Breaking Kryptonite's Obfuscation: A Static Analysis Approach Relying on Symbolic Execution (Diary of a reverse-engineer) Kryptonite was a proof-of-concept I built to obfuscate codes at the LLVM intermediate representation level. The idea was to use semantic-preserving transformations in order to not break the original program. One of the main idea was for example to build a home-made 32 bits adder to replace the add LLVM instruction. Instead of having a single asm instruction generated at the end of the pipeline, you will end up with a ton of assembly codes doing only an addition

IE11 shows that browser security tech has peaked (ZDNet) Every new version of Internet Explorer for a decade has had important new security features. Internet Explorer 11 on Windows 7 has basically none, and that's a good thing

XSS Filter Evasion Cheat Sheet (OWASP) This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing. The initial contents of this article were donated to OWASP by RSnake, from his seminal XSS Cheat Sheet, which was at: That site now redirects to its new home here, where we plan to maintain and enhance it. The very first OWASP Prevention Cheat Sheet, the XSS (Cross Site Scripting) Prevention Cheat Sheet, was inspired by RSnake's XSS Cheat Sheet, so we can thank him for our inspiration. We wanted to create short, simple guidelines that developers could follow to prevent XSS, rather than simply telling developers to build apps that could protect against all the fancy tricks specified in rather complex attack cheat sheet, and so the OWASP Cheat Sheet Series was born

Takedown vs. Intelligence (Malcovery) Today's cybercriminals are highly sophisticated, intelligent and organized. The downside of being involved in online transactions is that cyber criminals are targeting you and your business – each and every day. Is the traditional takedown strategy enough to protect your brand from cybercrime? It's not

The legal implications of BYOD (Help Net Security) The legality of the common practice of remotely wiping or tracking an employee's mobile device while asking workers to sign waivers giving their consent for such a policy remains highly ambiguous, as there is little to no case law in this area

Five reasons why you'll take your storage to the cloud (The Register) And five reasons why you won't…The cloud will inevitably replace all other forms of IT. The cloud is a passing fad. The cloud is good, it is bad and it is hideously ugly. The cloud is a paradigm shift that will obliterate all previous technological developments. The cloud is an iterative evolutionary augmentation of extant technologies and nothing to write home about

Testers penetrated DOT–wide network (FierceGovIT) Weak user authentication permitted testers to penetrate the Transportation Department-wide network undetected, says a new departmental office of inspector general report

Security Weakness In DOT's Common Operating Environment Expose Its Systems and Data To Compromise (DoT Office of the IG) On September 10, 2013, we issued our self-initiated report on the Department of Transportation (DOT) Common Operating Environment (COE) information security controls. The COE provides Operating Administrations (OAs) at the Department's Headquarters in Washington, DC, with IT services, such as data storage, email and web application access, and database services. The COE also provides a centralized environment for applications that OAs use in support of their operations

DHS to launch mobile, multifactor authentication pilot (FierceMobileGovernment) The Homeland Security Department will soon launch a mobile device security pilot for multifactor authentication that does not directly use personal identity verification, or PIV. "We're taking derived credentials from the PIV or CAC and we're basically deploying that with a non-person cert on to that mobile or tablet device," said Greg Capella, deputy executive director of enterprise system development at the Homeland Security Department's office of the chief information officer

NSA aims to plug holes that sprang Snowden leaks (Ars Technica) NSA official: "Could someone today do what [Snowden] did? No." Trying to prevent the kind of leaks carried out by former contractor Edward Snowden, National Security Agency (NSA) officials will now tag sensitive documents and data with digital identifiers that limit access to select intelligence analyst, according to a published report. The measure is one of several security reforms being implemented three months after the publication of reams of highly classified reports documenting the agency's expansive surveillance programs

Recommendations for strengthening cyber security policies (Help Net Security) McAfee and the Digital Government Security Forum (DGSF) released a new report which explores the cyber risks confronting government and offers recommendations to mitigate these risks. The report provides the outlines of two tools, a suggested Review Process and proposed Development Framework to help boards, senior managers and information teams in organisations that would like to review their information security strategies and governance arrangements

Cybersecurity an occupation, not a profession, says report (FierceGovIT) Cybersecurity as a field is yet too young and the threats change too rapidly for the federal government to undertake its professionalization, concludes a study from a National Academy of Sciences panel commissioned by the Homeland Security Department. Professionalization is distinct from specialized knowledge, intensive training or education, the report notes; nor is it "a proxy for 'better'"

Design and Innovation

Linus Torvalds Talks Linux Development at LinuxCon (eWeek) Torvalds responds to a question about whether the U.S. government asked him to put a backdoor in Linux, and explains why he's a developer and how others can be

Frustrated geek explains what he does in a children's book (Quartz) Robert M. Lee is an expert on a topic few people have heard of and even fewer understand: supervisory control and data acquisition (SCADA). It refers to systems that control nuclear power plants, satellites, water filtration systems, the power grid, that sort of thing. Yet it is so complicated that even the people who run these systems don't always fully comprehend them. So Lee decided to help us all out by writing an illustrated, easy-to-read children's book, "SCADA and Me: A Book for Children and Management"

An Insider's View of Mobile–First Design: Don't Make These Mistakes (Wired) Everyone from users to entrepreneurs to advertisers loves the "mobile" category because those products are always with us, always on, and instantly accessible. But these opportunities are also design constraints: Mobile screens are small, driven by touch, and often connected to spotty networks. Which is why companies like Facebook, Google, PayPal, and countless startups taking the plunge into mobile-first design quickly realize that designing for mobile is not the same as designing for the desktop PC

Research and Development

NIST awards $7M in NSTIC grants (FierceGovIT) The National Institute of Standards and Technology awarded $7 million in grants that will support five identity protection and verification pilots in support of National Strategy for Trusted Identities in Cyberspace implementation

Researchers can slip an undetectable trojan into Intel's Ivy Bridge CPUs (Ars Technica) New technique bakes super stealthy hardware trojans into chip silicon. Scientists have developed a technique to sabotage the cryptographic capabilities included in Intel's Ivy Bridge line of microprocessors. The technique works without being detected by built-in tests or physical inspection of the chip. The proof of concept comes eight years after the US Department of Defense voiced concern that integrated circuits used in crucial military systems might be altered in ways that covertly undermined their security or reliability. The report was the starting point for research into techniques for detecting so-called hardware trojans. But until now, there has been little study into just how feasible it would be to alter the design or manufacturing process of widely used chips to equip them with secret backdoors

Google's attempting to solve the online translation riddle (FierceContentManagement) But machine translation still has a long way to go. One of the biggest issues facing business on the web is appealing to a worldwide audience and that involves translation. For now, machine translation is still rather crude, but it's making huge leaps and if a German scientist working for Google has his way, we will one day see automatic, instant translation


NYU–Poly Expects More Than 10,000 to Compete in Hacking Competition (SecurityWeek) The Brooklyn campus of the Polytechnic Institute of New York University (NYU-Poly) will be the nerve center this week for the world's biggest hacking competition, as more than 10,000 participants from across the world compete in the preliminary round to find the best student teams for the tenth annual NYU-Poly Cyber Security Awareness Week (CSAW)

Become A Data Scientist…In 12 Weeks? (InformationWeek) San Francisco-based academy claims to turn qualified applicants into big data gurus in less than three months. What's the best way to become a data scientist? Well, you could earn an advanced degree from an accredited university, a process that may take several years and cost tens of thousands of dollars. Or you could go the express route: A 12-week boot camp that teaches the pragmatic skills needed to land a data science gig at a reputable business

Legislation, Policy, and Regulation

'Just not interested': Will Germany's voters see this week's election through a PRISM? (ZDNet) The country's upcoming federal election is unlikely to turn into a referendum on government co-operation with the NSA

Brazil data plan aims to keep US spies at bay (BBC News) Brazil is considering ways to make local use of the internet less dependent on US-based services, following leaks about Washington's cyberspy operations. The South American nation has suggested forcing internet firms to open data centres in Brazil, which would be used to store locally generated material

Rousseff dashes White House hope of stronger ties with Brazil (Financial Times) First, it was Barack Obama, US president, who snubbed Russian president Vladimir Putin after Mr Snowden, the former National Security Agency contractor who

Brazil's Petrobras 'Uncomfortable' With Spying Allegations (Wall Street Journal) The president of Brazilian state-run oil company Petroleo Brasileiro SA (PBR, PETR4.BR), or Petrobras, says she's "uncomfortable" with news that the company may have been the target of spying by the U.S., but said she doesn't believe any crucial technology was stolen. "This [allegation of spying] makes us uncomfortable. We don't know what got out," Petrobras President Maria das Gracas Foster told a committee in the Brazilian senate

The Bigger Story Behind the Brazilian President's White House Snub (Slate) Brazilian President Dilma Rousseff's decision to cancel her state visit to Washington—the White House's only State Visit planned for this year—is probably the most dramatic diplomatic ramification of Edward Snowden's NSA leaks so far. But it's also worth keeping an eye on what the fallout of the story will mean for the future of the Internet in Latin America's largest country and largest IT market

Rep. Goodlatte Demands "Further Protections" From NSA Snooping (TechCrunch) Today Rep. Bob Goodlatte, chairman of the House Judiciary Committee, stated that he is "convinced that further protections" of the civil liberties of U.S. citizens are necessary following review of the nation's surveillance efforts

After Navy Yard Shooting, Ayotte Calls for Hearing on Contractor Hiring (Roll Call) Republican Sen. Kelly Ayotte of New Hampshire urged leaders of the Senate Homeland Security and Governmental Affairs panel to hold a hearing on federal contractor hiring practices at military installations, following a mass shooting Monday at Washington, D.C.'s Navy Yard

Navy Yard shooting exposes flawed security clearance process (Washington Post) The tragedy of the Navy Yard shootings has gripped Washington. Many dimensions of this episode call for deep assessment: How could a clearly troubled man bring a weapon into a highly secure venue only to gun down government workers? How can we prevent such incidents in the future

Congress Has No Clothes: A Quick and Dirty Summary of the New FISC Opinion (Lawfare) Today's release of two important FISC documents probably won't generate the media frenzy that previous releases of NSA materials have sparked. As of this writing, the New York Times did not even have the story on its website's home page. The breezy attitude towards this latest release is understandable enough. The documents don't disclose a new program—or a new raft of government errors—after all. In fact, they are a pretty exclusively good-news story for the government: A FISA judge writes a strong opinion in defense of the legality of the 215 collection that has been so controversial and, what's more, treats the past compliance issues as, well, matters in the past

White House Asks FCC To Unlock Cell Phones (InformationWeek) National Telecommunications and Information Administration asks FCC to issue new regulations allowing consumers to use their devices with any carrier. The National Telecommunications and Information Administration (NTIA) has formally petitioned the Federal Communications Commission to issue new regulations that would require wireless carriers to unlock mobile devices — cellphones, tablets and other devices — for consumers that wish to use other carriers

Our data is our digital identity — and we need to reclaim control (The Guardian) Director Cullen Hoback's campaigning documentary Terms & Conditions May Apply is a call to digital arms. He explains why now is the time to reclaim control of ourdigital privacy. I'm a film-maker by trade, so heading to Capitol Hill the other week was a new experience for me. I was there to talk privacy, and in essence, to advocate. I didn't have the first clue where to begin. The architecture, both impressive and oppressive, made me feel simultaneously important and meagre, and as I was later told, this was intentional

Litigation, Investigation, and Law Enforcement

More Google StreetView Fallout: Even Grabbing MAC Addresses Might Be Wiretapping (Storefront Backtalk) As if retailers didn't have enough conventional privacy concerns, now even touching customers' Wi-Fi may have more legal problems than previously thought. On Sept. 10, a federal appeals panel in San Francisco ruled that Google violated the Wiretap Act when its StreetView cars scooped up lots of Wi-Fi data from unencrypted connections. But in its convoluted inspection of what "radio" means (did you realize that if it's not audible, it's not radio?), the judges actually open up the possibility that even capturing the MAC addresses that mobile phones send out over Wi-Fi might be Wiretap Act violations

Critics say federal court got it wrong in defense of NSA activity (CSO) Court's rationale allows collection of almost any information on Americans, including all financial transactions and Internet activity

NSA Revelations of Subversion of the Constitution Warrant Impeachment Investigation (Huffington Post) This summer, any weekly reel of headlines about Edward Snowden and the National Security Agency should have served as an embarrassment to the very idea of integrity in public service under the national security state. No sooner did President Obama facilely assure the American people that the government was not listening to our phone calls, or the NSA's Gen. Keith Alexander and Sen. Dianne Feinstein (chair of the "oversight" Senate Intelligence Committee) make broad assertions about a legally correct bureaucratic record on surveillance, than new revelations from official documents — as reported in three major newspapers — undermined the probity of government at the highest levels

MPAA Says Google Fosters Piracy, Because Why Wouldn't It (Wired) The Motion Picture Association of America took another swipe at Google today, releasing a report that states the obvious: Google's search engine leads to pirate sites. None of this is likely news to anyone. But the MPAA's report comes as

Did Media Cross the Red Line? (Dev/Random) With the recent buzz arround the pwnage of the fist Belgian telco operator, media are again surfing the wave of cyber-[threats/criminality/espionage]. They know that, today, an article with the word "cyber" in the title will attract more people! Usually, I try to not trust (or at least to be very careful) with the stories reported by media. When I see how they treat a subject that I understand, I'm really scared about what they tell me about topics that I don't master

LinkedIn asks to disclose NSA data requests, says secrecy 'threatens the entire internet' (The Verge) So far, LinkedIn has mostly stayed out of the fight for more NSA disclosure, but yesterday they jumped into the fray, filing a brief to the FISA court demanding the right to report government data requests. It's similar to lawsuits undertaken by Microsoft and Google in the wake of PRISM revelations, but notable because, unlike those companies, LinkedIn has yet to be directly implicated in any leaked documents

What does the government want with LinkedIn's data? (TLDR) Yesterday, LinkedIn's general counsel published a letter to the site's users expressing frustration that the company's not allowed to disclose the number of national security-related data requests it receives each year

Lawyer emails for 9/11 suspects monitored: defense (Agence France-Presse) The email accounts of lawyers for the five men accused of plotting the September 11, 2001, attacks were monitored, the chief defense counsel alleged Wednesday. Colonel Karen Mayberry also claimed that, at one point, "hundreds of thousands" of files went missing from a computer network used by the legal team to communicate

9 Taiwanese and 5 Chinese Arrested in the Philippines for Role in Cybercrimes (Softpedia) A total of 14 individuals, five from China and nine from Taiwan, have been arrested by Filipino authorities on suspicion of being involved in cybercrimes

Teenager busted for running botnet that stole $50,000 a month (SC Magazine) A 19-year-old Argentinean man, whose identity has not been revealed, could face up to 10 years behind bars after being arrested and charged with intercepting $50,000 a month from gaming and money transfer sites and dumping it into his bank account

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Shaping the Future of Cybersecurity Education Workshop (Gaithersburg, Maryland, USA, September 17 - 19, 2013) The third annual Shaping the Future of Cybersecurity Education Workshop will be held at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD and focus on "Navigating the National...

Strange Loop (, January 1, 1970) Meet us in St. Louis, Sept 18-20th, 2013, to make connections with the creators and users of the languages, libraries, tools, and techniques at the forefront of the industry. Find out where we're going…and...

ISSA Cyber Security Forum at Ft Belvoir (Fort Belvoir, Virginia, USA, September 19, 2013) This event will allow personnel from Fort Belvoir the chance to learn about the latest cyber security trends, network with peers, discuss Army best practices and to view and demo some of the latest cyber...

CISO Executive Summit (Atlanta, Georgia, USA, September 19 - 20, 2013) Be on the forefront of a new global initiative where today's world-class leaders in information security will gather to navigate through international waters. Join these leaders as they follow the wind...

CCBC Leadership Seminar Luncheon: Cyber Awareness: What Employers Need To Know (Owings Mills, Maryland, USA, September 20, 2013) , no later than September 13, 2013.

cybergamut Technical Tuesday: Malware Analysis for the Masses (Columbia, Maryland, USA, September 17, 2013) With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. With...

2013 Cyber Security Summit (New York, New York, USA, September 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be...

4th Annual Cybersecurity Summit (Washington, DC, USA, September 25, 2013) GEN Keith Alexander, Commander of U.S. Cyber Command, Director of the NSA/Chief, Central Security Service and Dr. Pat Gallagher, Director, NIST are among the distinguished speakers confirmed to keynote...

Information Security Conference (Charleston, West Virginia, USA, October 2, 2013) On October 2, the WVOT Office of Information Security and Controls, will be sponsoring a no-charge information and cyber security awareness event at the Charleston Civic Center. The agenda will offer...

The Monktoberfest (Portland, Maine, USA, October 4, 2013) Our speakers will explore how social trends can change the way we build and use technology, and how technology in turn can change the way we socialize.

Suits and Spooks NYC 2013 (New York, New York, October 5, 2013) Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state...

Forensics and Incident Response Summit EU (Prague, Czech Republic, October 6 - 13, 2013) The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. In addition, we encourage you to take every opportunity to...

CyberMaryland 2013 (Baltimore, Maryland, USA, October 8 - 9, 2013) Join cybersecurity leaders, luminaries and rising stars at CyberMaryland 2013. This two-day event at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for...

2013 Maryland Cyber Challenge (Baltimore, Maryland, USA, October 8 - 9, 2013) Held in conjunction with Cyber Maryland and intended to let students and young professionals showcase their cybersecurity skills, Maryland Cyber Challenge offers competition in three divisions: high school,...

AFCEA Hill AFB Technology & Cyber Security Expo (Ogden, Utah, USA, October 9, 2013) The purpose of this first-time event is to allow base personnel the opportunity to learn about the latest computer security trends, network with peers, share remediation strategies and to view and demo...

International Conference on Cyber–Enabled Distributed Computing and Knowledge Discovery (Shanghai, China, October 10 - 12, 2013) International Conference on Cyber-enabled distributed computing and knowledge discovery -promotes research and development of the cyber-related technology. It is unique and significant that spans through...

VizSec 2013 (Atlanta, Georgia, USA, October 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, October 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer...

USDA Cyber Security Symposium and Expo 2013 (Washington, DC, USA, October 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit...

SNW Fall 2013 (Long Beach, California, USA, October 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and...

Hexis Exchange (Athens, Greece, October 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such...

Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, October 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers,...

Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, October 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have...

13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security...

Cloud Connect (Chicago, Illinois, USA, October 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully...

cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, October 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting...

Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, October 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest...

Joint Federal Cyber Summit 2013 (Washington, DC, USA, October 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished...

2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, October 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for...

SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, October 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S.

Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary,...

NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, October 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.