Internet censorship in Turkey (whose elections have wrapped up) and anti-regime hacktivism in Syria (whose civil war continues) affect Middle Eastern cyberspace. Scammers of uncertain provenance are using Syrian troubles as phishbait for their marks' personal information.
Other scammers cut sympathy for Ukraine into phishbait. Claims by AnonymousUkraine to have stolen 800 million credit cards receive skeptical scrutiny.
Webroot, taking the commonplace "ecosystem" metaphor with refreshing seriousness, points out the security danger of a cyber monoculture (and suggests this lies at the root of recent WordPress issues).
McAfee thinks there's a chance the recent iOS update may kill jailbreaking.
ComputerWeekly warns businesses to beware of "advanced evasion techniques," a fancy term for hackers' steadily improving obfuscation game. Dark Reading points out that Target was actually better prepared to fend off an attack than most other retailers. Both stories suggest two (largely) unmet needs: better threat intelligence (with the glare of war filtered) and improved automation for watchstanding and reverse engineering. Booz Allen sees a role for incentives in fostering information sharing. Microsoft researchers look to advanced sandboxing.
In industry news, Lockheed Martin announces its next cyber move, adding CyberPoint to its Cyber Security Alliance. Huawei promises to upgrade security against cyber espionage. Many companies address a shortage of cyber labor by growing their own talent. Early internship and mentorship are expected to help, as is support of STEM education. (So, from another angle, would improved automation.)
The EU and Brazil seek to bypass the US with a new undersea cable.
Today's issue includes events affecting Australia, Brazil, China, European Union, India, Israel, Japan, Republic of Korea, Kuwait, Saudi Arabia, Syria, Turkey, Ukraine, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Turkey Hijacking IP addresses for popular Global DNS providers(BGPMon) At BGPmon we see numerous BGP hijacks every single day, some are interesting because of the size and scale of the hijack or as we've seen today because of the targeted hijacked prefixes. It all started last weekend when the Turkish president ordered the censorship of twitter.com. This started with a block of twitter by returning false twitter IP addresses by Turk Telekom DNS servers. Soon users in Turkey discovered that changing DNS providers to Google DNS or OpenDNS was a good method of bypassing the censorship. But as of around 9am UTC today (Saturday March 29) this changed when Turk Telekom started to hijack the IP address for popular free and open DNS providers such as Google's 184.108.40.206, OpenDNS' 220.127.116.11 and Level3's 18.104.22.168
cmd.so Synology Scanner Also Found on Routers(Internet Storm Center) Yesterday, we talked about a scanner looking for Synology devices that was running on a ARM CPU equipped DVR. Looking at a few other sources of these scans, we did see a couple that didn't originate from similar DVRs. The first guess was that the scan originated from a device that was sitting behind a NAT gateway and wasn't exposed. At this point, it could have been "anything", even a good old infected Windows PC
How a hacked password can unlock a Tesla car(Graham Cluley) A luxury Tesla Model S car, which (when maxed out with options and bells-and-whistles) is worth over $100,000. You wouldn't really expect the only thing to prevent a thief from unlocking it to be a simple six character password would you?
Managed DDoS WordPress-targeting, XML-RPC API abusing service, spotted in the wild(Webroot Threat Blog) With WordPress continuing to lead the CMS market segment, with the biggest proportion of market share, cybercriminals are actively capitalizing on the monocultural insecurities posed by this trend, in an attempt to monetize the ubiquitous (for the cybercrime ecosystem) TTPs (tactics, techniques and procedures). Despite actively seeking new and 'innovative' ways to abuse this trend, cybercriminals are also relying on good old fashioned reconnaissance and 'hitlist' building tactics, in an attempt to achieve an efficiency-oriented 'malicious economies of scale' type of fraudulent/malicious process. We've recently spotted a managed WordPress installations-targeting, XML-RPC API abusing type of DDos (Denial of Service) attack service
Security Patches, Mitigations, and Software Updates
Apple Could Kill Jailbreaking with Latest Update 0(McAfee Blog Central) The latest iteration of Apple's iOS platform, iOS 7.1, launched on March 10 with an updated look and new features, as well as some key improvements to the security of the operating system. For this, you can thank hackers. Or, more specifically, you can thank the hackers who help people jailbreak their device
No grand strategy for cyberspace operations necessary(FierceGovernmentIT) Anyone lamenting today's lack of a cyber war grand strategist — someone "with great vision who will declare to the world what great power lies therein" — overlooks the properties of cyberspace, writes a Rand scientist in a paper
The Convergence of Performance & Security for Next-Gen Monitoring(LinkedIn) Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of data. Cyber security is at the center of data protection as well as business continuity. However, one cannot lose focus on how this all rolls up to business productivity and workflows (business process) within an organization
Securities & Exchange Commission (SEC) Holds Cybersecurity Roundtable Client Alert(National Law Review) On Wednesday, March 26, 2014, the Securities and Exchange Commission conducted a roundtable discussion on cybersecurity and the issues and challenges cyber-threats present for public companies, exchanges, and market participants. The roundtable consisted of four separate panel discussions and included participants from the SEC, Treasury, the National Security Council, the Department of Commerce, and the Department of Homeland Security, as well as data security experts and representatives of public market participants and broker-dealers
Be Careful Beating Up Target(Dark Reading) Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices
Lockheed Martin Adds CyberPoint to Cyber Security Alliance(MarketWatch) Lockheed Martin LMT +1.68% today welcomed CyberPoint International into its Alliance, adding their deep technical expertise, innovative solutions, and easy-to-use products to address the advanced persistent threats faced by every global government and commercial organization
EventTracker Enters Strategic Partnership With Altaware(PR-Inside) EventTracker, a leading provider of award-winning SIEM solutions, today announced that Altaware, a California-based security and networking provider, has joined the Solutions Partner Program. Altaware will provide and manage EventTracker's comprehensive suite of log management and SIEM solutions which offer security, operational, and regulatory compliance monitoring
China's Huawei vows security after alleged US hacks(AFP via NDTV) Chinese telecommunications equipment giant Huawei on Monday pledged to protect cyber security, following reports this month that a US government agency had been secretly tapping the company's networks
CyberSecurity Shortage Threatens Rapid Tech Boom(BestTechie) With the rapid development of technology and the increased connectivity of all things, aka, the Internet of things, one area that is falling drastically behind is cybersecurity. In fact, there is shortage of nearly one million skilled security professionals worldwide, according to Cisco's 2014 Annual Security Report
Security Solutions Provider Seccuris Opens New Office in Austin(Digital Journal) Seccuris Inc., the leader in Enterprise Security Architecture and Information Assurance Integration, announced that it opened a new office in Austin, Texas. This move is part of the company's plan to expand its operations across North America
Allianz launches cyber risk insurance product(Financial Standard) Allianz Global Corporate & Specialty (AGCS) has launched a cyber risk insurance product to counter the growing threat to security faced by Australian businesses
ATM of the future: No cards, no buttons(ZDNet) Diebold has deployed the first of a completely different kind of ATM. The device has a minimal user interface; instead the customer uses a smartphone app
Pompem — Exploit Finder(Kitploit) Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases
Dropbox says it isn't poking around in our stuff(Naked Security) "We don't look at the files in your private folders and are committed to keeping your stuff safe", the company said in the wake of an internet freakout sparked by a user finding himself unable to share copyrighted content. Time to relax, or time to consider encrypting your files before they get to
Rebunking Google's Glass "myth" debunking(Naked Security) Google's published a listicle about what it says are the Top 10 Glass Myths. Here's Naked Security's security- and privacy-centric view of some of those "myths"
What's quality got to do, got to do with it? (CSO Salted Hash) At the CSO40 conference next week, I'll be speaking on ISO 9001 and its application to information security. But what does ISO 9001, an international standard of quality management, have to do with information security? Answer: Lots
How the Channel Can Help Companies Bridge the Windows XP Security Gap 0(McAfee Blog Central) With just one week to go until Windows XP is scheduled for official End of Life (EOL) on April 8, it's clear that many businesses will be at risk of data loss if action is not taken now. Almost a third of the world's machines are still running Windows XP, and many of these businesses are in need of security consultancy and advice to help mitigate risk past the looming April 8 deadline
Creating an intelligent "sandbox" for coordinated malware eradication(Microsoft Malware Protection Center) Hello from China where I am presenting on coordinated malware eradication at the 2014 PC Security Labs Information Security Conference. Coordinated malware eradication was also the topic of my last blog. I said the antimalware ecosystem must begin to work with new types of partners if we are going to move from the current state of uncoordinated malware disruption, to a state of coordinated malware eradication
Part 2: Protecting patient data in the cloud(Government Health IT) As we discussed in Part I of this series, encryption plays a vital role in healthcare IT security, but not everyone understands the ins and outs. In Part I of our articles on encryption, we talked about the methods that do and don't meet HIPAA encryption requirements. Today we're going to focus on the other more critical components of encryption: selecting an appropriate algorithm/method, managing the keys used in the encryption process, encrypting data in transit and encryption verification
Connecting Private Innovation and National Security(SIGNAL Magazine) A new effort hopes to improve relationships between nontraditional performers and government agencies. Tandem NSI is designed to connect the dots and create transparency, ultimately accelerating the D.C. region's position as a technology center
Teenager wins cyber security competition (Acumin) The title of UK Cyber Security Champion has been awarded to a student, after he managed to fend off opponents in a contest that put the entrants' defence skills to the test. Nineteen-year-old Will Shackleton from the University of Cambridge
No three-month course can teach you how to code(Quartz) Organizations such as Codecademy, the Flatiron School, and General Assembly regularly get lauded for churning out legions of seemingly qualified engineers. The latest came in a recent Wall Street Journal article headlined, "Have Liberal Arts Degree, Will Code." Student X took Course Y and in a mere three months became an amazing developer now working for SuperStartup earning a salary far above the national average. How can you not love that story?
Legislation, Policy, and Regulation
Transatlantic cables will bypass USA to avoid NSA spying(Naked Security) EU says "A new fibre-optic submarine cable, connecting Latin America directly with Europe" will "enhance data protection". Is NSA evasion really the reason for new undersea cable projects wrapping around the globe?
China hopes U.S. matches words with policy on cybersecurity(Reuters via the Star) China's Foreign Ministry on Monday it welcomed comments by the U.S. defence chief saying the United States would exercise restraint in using the military in cyberspace, but added Beijing hoped Washington would match its words with actual policy
Tribute in US-China cybersecurity relations(The Strategist) Documents leaked by Edward Snowden last week appear to show that the National Security Agency (NSA) has secretly tapped into the networks of Chinese telecommunications company Huawei Technologies. Meanwhile, on the sidelines of the 2014 Nuclear Security Summit in Hague, Presidents Obama and Xi were vowing to cooperate on cybersecurity. These simultaneous events reveal the contradictory behaviour of major powers when it comes to their relations in cyberspace
Rubio fears 'unilaterally disarming' the NSA(MSNBC) It's been about a week since the Obama White House sketched out sweeping changes to U.S. surveillance policy, including an end to the National Security Agency's bulk data collection. For the most part, the political fight that often hangs over these questions related to national security has been extremely muted
What I Told the NSA(Huffington Post) Because of my service on the President's Review Group last fall, which made recommendations to the president about NSA surveillance and related issues, the NSA invited me to speak today to the NSA staff at the NSA headquarters in Fort Meade, Maryland, about my work on the Review Group and my perceptions of the NSA. Here, in brief, is what I told them
Cyberwars: Will The Pentagon's Plan For Defeating Insider Attacks Work?(Forbes) Last week Secretary of Defense Chuck Hagel gave his first major speech on cybersecurity in a live broadcast from the National Security Agency. Hagel detailed the impressive progress his department has made in coping with a rising tide of network attacks, describing how thousands of newly-trained specialists will enhance the nation's ability "to deter aggression in cyber space, deny adversaries their objectives, and defend the nation from cyber attacks that threaten our national security." However, in a curious omission, Secretary Hagel made no mention of plans for dealing with the kind of insider attacks perpetrated by former NSA contract employee Edward Snowden
DHS grant to fund Nevada cybersecurity efforts(Watchdog.org) U.S. taxpayer dollars are being spent to beef up state cybersecurity efforts, despite the lack of a dedicated Department of Homeland Security cybersecurity grant program to help state and local operators comply with a new set of security expectations
Porn site age-check law demanded by UK media watchdog(Naked Security) A video-on-demand watchdog in the UK — whose government seems to have its knickers in a permanent twist over children potentially accessing internet porn — is demanding an age-check law for porn sites
How the Aaron Swartz Case Unfolded(Boston Globe) Aaron Swartz, a brilliant young programmer and political activist, lurked on the Massachusetts Institute of Technology campus for more than three months in late 2010 and the early days of 2011, allegedly downloading 4.8 million articles from an academic journal archive called JSTOR as the university and the archive tried to stop him. After MIT sought help from the police, Swartz was arrested and charged with federal computer crimes that could have put him in jail for years. He committed suicide in January 2013
What's behind Albuquerque police shooting protest and cyber attack?(Los Angeles Times) What started as a peaceful protest over Albuquerque police involvement in a series of fatal shootings escalated into what the mayor called "mayhem" as cops and demonstrators clashed on Sunday. While tensions have been building for a while in the New Mexico city, the latest confrontation illustrates the continuing power of the Web and Internet groups to move beyond electrons into the streets, highlighting how the politics of protest has changed. Here is a primer to the issues
U.S. Is Weighing Release of a Spy for the Israelis(New York Times) The Obama administration is discussing the release of an American convicted of spying for Israel more than a quarter of a century ago, American officials said Monday, as it struggles to avert a collapse in peace talks between Israel and the Palestinians
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
InfoSec World Conference & Expo 2014(, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
IT Security Entrepreneurs Forum (ITSEF) 2014(, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...
Defensive Cyberspace Operations & Intelligence Conference(, January 1, 1970) Two days of presentations, workshops, training, and networking on defensive operations and intelligence activities in cyberspace. Speakers from government, universities, and industry will share their insights...
SOURCE(, January 1, 1970) The purpose of SOURCE Conference is to bridge the gap between technical excellence and business acumen within the security industry. SOURCE fosters a community of learning where business and security professionals...
2014 GovCon Cyber Summit(McLean, Virginia, USA, April 9, 2014) The U.S. Computer Emergency Readiness Team (US-CERT) noted that last year federal networks saw a substantial increase in hacking incidents, with 48,000 attacks reported by agencies. In recognition of this...
Women in Cybersecurity Conference(Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
NSA Procurement in today's business arena(Elkridge, Maryland, USA, April 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages...
Suits and Spooks San Francisco(, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...
US News STEM Solutions: National Leadership Conference(, January 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is...
East Africa Banking and ICT Summit(Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...
InfoSecIndy(Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
United States Cyber Crime Conference 2014(, January 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics...
Infosecurity Europe 2014(, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.