skip navigation

More signal. Less noise.

Daily briefing.

Although many such promised operations have fizzled, the Israeli government is taking precautions against a threatened pro-Palestinian cyber action this weekend: Israel is restricting foreign access to some of its governmental websites until Monday.

Incapsula provides details on a large denial-of-service campaign it detected this week. The application layer DDoS attack exploited compromised browsers.

"UPATRE" malware (notorious in its own right, and also for distributing Zeus and Cryptolocker) evolves into a more dangerous form, adding attachment-within-attachment evasion features.

Malwarebytes notes threat evolution elsewhere: an unusually convincing phishing site that spoofs Google login, warns users of "outdated plug-ins," and invites them to download "updates." The updates are, of course, malware of an unusually difficult to detect variety.

An iOS flaw enables thieves to disable Apple's Find My iPhone and bypass anti-theft Activation Lock, thereby enabling them to prepare stolen iPhones for resale.

Castle Clash's developers say they've got nothing to do with the catphishing bots infesting Tinder—Castle Clash is a victim, too.

Among previews of next week's Patch Tuesday are farewells to Windows XP and notes on fixes to the Outlook zero-day that enabled infections through the Preview pane.

Former NSA Director Hayden dismisses the threat of cyber terrorism as a mere bugaboo: cyber espionage, he says, is the real threat. Regulators in both the US and the EU want banks, especially smaller banks, to increase their cyber security posture.

The US Congress pushes data sharing. US agencies look to automation to fill cyber labor gaps. Rogers takes over at NSA.

Notes.

Today's issue includes events affecting China, European Union, France, Israel, Russia, Turkey, Ukraine, United Kingdom, United States..

The CyberWire will cover ITSEF 2014 in special issues next week. See the Events section below for information on the conference.

Cyber Attacks, Threats, and Vulnerabilities

Fearing cyberattack, Israel curbs government websites' foreign traffic (Reuters via the Chicago Tribune) Israel will temporarily suspend some of its government websites' international traffic to fend off a potential mass-cyber attack by pro-Palestinian hackers, an Israeli security source said on Thursday, without elaborating on the threat

Vulnerability in World's Largest Site Turned Million of Visitors into DDoS Zombies (The Hacker News) An application layer or 'layer 7' distributed denial of service (DDoS) attacks is one of the most complicated web attack that disguised to look like legitimate traffic but targets specific areas of a website, making it even more difficult to detect and mitigate. Just Yesterday Cloud-based security service provider 'Incapsula' detected a unique application layer DDoS attack, carried out using traffic hijacking techniques. DDoS attack flooded one of their client with over 20 million GET requests, originating from browsers of over 22,000 Internet users

UPATRE Ups the Ante With Attachment Inside An Attachment (TrendLabs Security Intelligence Blog) In 2013, the malware UPATRE was noted as one of the top malware seen attached to spammed messages. The malware was also notorious for downloading other malware, including ZeuS and ransomware, particularly its more sophisticated form, Cryptolocker. This was enough reason to believe that the UPATRE threat is constantly advancing its techniques—this time, by using multiple levels of attachments

This phishing page can do more than steal your credentials (Help Net Security) Every now and again, we read reports about phishing sites that look dangerously convincing—you can hardly tell the real one apart from the fake one anymore, unless you know what to look for and where. Our friends at Symantec found one such site some time in March

New iOS 7 bug allows anyone to disable Find My iPhone feature (Security Affairs) A new iOS 7 bug allows anyone to disable Find My iPhone feature and to bypass Activation Lock without user's Apple credentials

F-Secure has discovered MiniDuke malware samples in the wild (Security Affairs) Security Experts at F-Secure discovered a collection of pdf documents, that had references to Ukraine, containing MiniDuke malware samples

Hunting Session Fixation Bugs (Infosec Institute) Improper handling of session variables in asp.NET websites is considered a serious threat and opens various doors to malicious hackers. For instance, a session variable could be manipulated in a way to subvert login authentication mechanisms. However, this article illustrates a session fixation bug in a .NET website by demonstrating various live scenarios which usually leads to a website becoming vulnerable, in terms of session hijacking. Moreover, the article circulates detailed information about exploiting vulnerable websites, as well as recommendations of practices for protecting them against session fixation attacks

"Castle Clash" Game Developer Claims It's Not Behind The Tinder Exploit (TechCrunch) A quick follow-up to the problem with the bots invading dating app Tinder which are pushing people to download a mobile game called "Castle Clash" using fake profiles and a domain ("Tinderverified.com") designed to give the scam an air of legitimacy: the company behind the game in question is today claiming they are a victim, too, not the culprit

WhatsApp experiences major outage after record user numbers (ITProPortal) If WhatsApp is down for you, you're not alone

Revealed — the most eclectic spam in the world! (Naked Security) When we write about spams and spammers, it's usually as part of a security warning. But from time to time, we write about them simply because they've made us laugh. They might have been hapless, bizarre or even insulting. We once had an email offering us a liver, or part of one, in case we needed a transplant

5-year-old Ocean Beach boy exposes Microsoft Xbox vulnerability (10News) A young Ocean Beach boy is in the spotlight after he discovered a back door in to one of the most popular gaming systems in the world

Security Patches, Mitigations, and Software Updates

Final Windows XP-Office 2003 Patch Tuesday a light one (ZDNet) Windows XP and Office 2003's final Patch Tuesday will have only four updates total and only one critical each for Office and XP. The number of vulnerabilities is still undisclosed. The recent zero-day vulnerability in Word will be one of the fixed problems

Yes, you *can* still get Windows XP security updates after April 8th. But it will cost you £5.5 million (Graham Cluley) So, Microsoft was telling us fibs all along. It turns out that when they said, way back in 2007, that they would no longer support Windows XP after April 8th 2014, and that no more security updates would be made available, they weren't actually telling the truth

Windows 8.1 Update will be available on April 8 — here's what's new (Beta News) Microsoft has just unveiled the Windows 8.1 Update at Build, and it will be rolling it out to users of the tiled operating system on April 8

Patch Tuesday will fix zero-day flaw that meant just previewing an Outlook email could infect your computer (We Live Security) Patch Tuesday, the day when Microsoft releases its regular bundle of security fixes, is looming — and now we have some details of what it is going to contain. A Microsoft Security Bulletin pre-announces that the company will release four bulletins, two rated Critical and two rated Important in severity, on 8th April

Cyber Trends

Cyberespionage, not cyber terror, is the major threat, former NSA Director says (Threatpost) The list of threats on the Internet is long and getting longer each day. Cybercrime, nation-state attackers, cyber espionage and hacktivists all threaten the security and stability of the network and its users in one way or another. But the one threat that some experts have warned about for years and has never emerged is cyber terrorism, a former top U.S. intelligence official said

U.S. regulators warn banks about rise in cyber-attacks (Reuters) A group of top U.S. regulators on Wednesday warned about the threat of rising cyber-attacks on bank websites and cash machines, urging the industry to put proper measures in place to guard against fraud. The Federal Financial Institutions Examination Council (FFIEC) said it had seen a rise of so-called denial-of-service attacks on bank websites, which were sometimes a cover for criminals committing fraud

Smaller banks warned of hackers raising ATM withdrawal limits (Computerworld) A US federal agency warns of 'unlimited operations' where payment card limits are raised by attackers

EU regulators call for tougher defences against cyber-attacks (Financial News) European regulators have called on financial institutions to bolster their defences against cyber-attacks and recommend that firms put money aside to deal with potential incidents

Senate Homeland Security and Governmental Affairs Committee Hearing (Insurancenewsnet) Chairman Carper, Ranking Member Coburn, and distinguished Members of the Committee, thank you for the opportunity to present to you today. My name is Tiffany Jones, and I represent iSIGHT Partners, a leading cyber threat intelligence firm. Over the last seven years, we have built a team of 200+ experts dedicated to studying cyber threats in many nations across the

Kenneth van Wyk: Where mobile apps go wrong (ComputerWorld) More so than Web-based applications, mobile apps tend to have security design flaws that attackers can exploit

The top security worry keeping businesses awake at night? Insider threats (ZDNet) Today's modern business has to worry about stiff competition, rising energy prices, innovation, and how to poach talent to keep a corporation thriving — as well as the persistent threat of cybercrime. However, new research suggests that within European organizations, one worry tops the rest: the possibility of insider threats

Marketplace

2014 May Be Cyber Insurance's Most Popular Year Yet (Law360) February 2014 may ultimately be seen as the month when the cyberinsurance coverage market really began. Although certain insurance companies are writing cyber coverage, and some insureds have acquired that coverage, neither group is currently comprised of significant numbers of entities. That may be about to change

Cyber security is economic opportunity for the UK, says government (ComputerWeekly) Cyber security is not a necessary evil, it is both an essential feature of — and a massive opportunity for — the UK's economic recovery, says Francis Maude, Cabinet Office minister

Russia's War on Internet Freedom Is Bad for Business and the Russian Economy (Forbes) Russia's invasion of the Crimea could push the country into a sharp recession. Yet Moscow's war on Internet freedom should spook investors even more. It risks long term damage to Russia's economy, according to a recent report by Dalberg. President Putin should change course and support a free and open Internet before it's too late

Microelectronics Technology Corporation Acquires Bitcoin Cyber Currency Digital Mining Company (MarketWatch) Microelectronics Technology Corporation MELY +262.50% (otcqb:MELY), is pleased to announce the Company has entered completed negotiations for the acquisition of an established digital mining company and its digital mining assets. The acquisition is now subject to final formal documentation to be completed by April 18, 2014

Hackathon gold: How to win a job offer in a coding competition (ITWorld) Some developers say hackathons can stifle innovation and chill the vibe of camaraderie because they offer large prizes. But that doesn't have to always be the case. Here's how to parlay those coding competitions into potential job offers

James Gillie Joins Telos as Cyber Operations VP, Deputy GM (GovConWire) James Gillie, formerly vice president of business operations at CACI International's intelligence business group, has joined Telos a VP and deputy general manager of cyber operations and defense

Jim Anderson Named BAE Applied Intell Division Americas Region President (GovConWire) Jim Anderson, formerly director of unified computing global sales at Cisco, has joined BAE Systems' applied intelligence division as president for the Americas region

Products, Services, and Solutions

Fidelis, Fortinet, Sourcefire, Trend Micro top NSS Labs' breach detection system ranking (FierceITSecurity) General Dynamics' Fidelis, Fortinet, Cisco's SourceFire and Trend Micro all ranked above average in security effectiveness and value (cost per protected Mbps) for their breach detection systems, according to an assessment by NSS Labs

eScan Internet Security Suite with Cloud Security Proves 100% Effective Against Zero-Day Malware Attacks (Virtual Strategy) eScan, one of the leading Anti-Virus and Content Security Solution providers, has bagged the AV-Test certification for their Home user product, eScan Internet Security Suite with Cloud Security, for the tests conducted in January and February 2014

Which Web browser is the most secure? (proofpoint) Internet Explorer is the most secure Web browser, according to a study by NSS Labs

7 all-in-one security suites: Anti-malware for all your devices (Computerworld via Networkworld) Let's face it: No matter what device you use, you're in danger. Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device — like most of us do — that makes it even more difficult and expensive to be vigilant and keep yourself safe

New Windows Phone security necessary, but not groundbreaking (CSO via Networkworld) Microsoft, which is far behind Apple and Google in the smartphone market, has introduced a number of security features in Windows Phone that are not groundbreaking, but necessary to attract businesses

Cryptocat sticks to openness despite grief over audits (IDG News Service via Networkworld) Cryptocat's founder says the project will continue to release its audits and improve its code

Interface Masters Technologies Announces New Deep Packet Inspection System Supporting Application Identification (MarketWired) Interface Masters Technologies, an industry leader and innovator in networking solutions, today announced a new addition to the Niagara Deep Packet Inspection (DPI) product family, the Niagara 5004. The Niagara 5004 provides application identification, session based load balancing, 50,000 complex filters, VoIP call based load balancing, and flow/traffic statistics. The system has a network analytics engine providing session statistics, metadata and CDRs according to user specifications

Microsoft and secunet Team Up on Secure Tablet (InfoSecurity Magazine) secunet and Microsoft Germany are showing how a reliable, highly secure and ultra-mobile solution can become reality through a combination of security technology made in Germany and a high-performance tablet

EMC intros data protection-as-a-service: You shall D-PAAS (The Register) Firm faces up to virtual reality

Is Amazon hacking our apps? Or doing us all a security favour? (Naked Security) A war of words that started out as a fairly stinging criticism of Amazon has mellowed out into praise for the cloud services behemoth

Technologies, Techniques, and Standards

Bridging the cybersecurity skills gap with automation: a blueprint for federal agencies (Government Security News) Major security breaches in 2013 have raised the level of interest in cybersecurity to near fever-pitch. Such breaches shine a spotlight on a shared challenge in successful cybersecurity strategy implementation: the increased sophistication of cyber attacks and the shortage of skilled workers available to defend against them

What Homeland Security wants utilities to know and do (SmartGridNews) Quick Take: You know that NERC is developing more and more security mandates for utilities. And you may recall that two congressmen want the federal government to take over grid security. But don't forget that the U.S. Department of Homeland Security has its eyes on our industry, as demonstrated by its recently revised National Infrastructure Protection Plan

3 smarter ways to fight social engineering (FierceITSecurity) If Chris Hadnagy wants your data, he's probably going to get it. Social engineering experts like Hadnagy have a pretty high success rate in getting employees to cough up passwords, open unknown attachments, and otherwise take whatever bait they're offered. This is despite the fact that social engineering is nothing new—anybody who didn't already connect the concept of non-technical manipulation to information security should have caught on after Kevin Mitnick's antics grabbed headlines in the 90s

Sweeping Away a Search History (New York Times) Your search history contains some of the most personal information you will ever reveal online: your health, mental state, interests, travel locations, fears and shopping habits

Her website was hacked away; here's how she got it back (Naked Security) Jordan Reid, a blogger and what one news outlet called "A star of the post-expertise how-to landscape", learned on Saturday that her "Ramshackle Glam" site was gone — poof! Suddenly, the site that had been hers for five years was whisked away

Design and Innovation

A Fresh Coat of Paint Makes Bitdefender Better Than Ever (PC Magazine) I've looked at a lot of Android security apps, and finding an app that does it all is pretty tricky. It needs to be easy on your smartphone's limited resources, but also robust enough to defend against malicious applications. It also needs to go further, and protect your device with anti-theft tools since loss and theft are still the biggest threats to Android users. Oh, and one more thing: it needs to look the part

Research and Development

Quantum cryptography for mobile phones (Science Codex) Secure mobile communications underpin our society and through mobile phones, tablets and laptops we have become online consumers. The security of mobile transactions is obscure to most people but is absolutely essential if we are to stay protected from malicious online attacks, fraud and theft

A Survey of Intrusion Detection in Wireless Network Applications (Virginia Tech) Information systems are becoming more integrated into our lives. As this integration deepens, the importance of securing these systems increases. Because of lower installation and maintenance costs, many of these systems are largely networked by wireless means. In order to identify gaps and propose research directions in wireless network intrusion detection research, we survey the literature of this area. Our approach is to classify existing contemporary wireless intrusion detection system (IDS) techniques based on target wireless network, detection technique, collection process, trust model and analysis technique. We summarize pros and cons of the same or different types of concerns and considerations for wireless intrusion detection with respect to specific attributes of target wireless networks including wireless local area networks (WLANs), wireless personal area networks (WPANs), wireless sensor networks (WSNs), ad hoc networks, mobile telephony, wireless mesh networks (WMNs) and cyber physical systems (CPSs). Next, we summarize the most and least studied wireless IDS techniques in the literature, identify research gaps, and analyze the rationale for the degree of their treatment. Finally, we identify worthy but little explored topics and provide suggestions for ways to conduct research

Academia

Stanford University Offering Free Course on Cryptography (NewsBTC) If you thought that the University of Nicosia's free bitcoin introductory course was a deal, you might be happy to learn that Stanford University is offering a free course on Cryptography, as pointed out on Reddit

Legislation, Policy, and Regulation

Rogers Takes Over as NSA Director (BankInfoSecurity) The new director of the National Security Agency, Navy Adm. Michael Rogers, says he accepts the challenge of regaining the trust of some Americans "who don't believe in us"

NSA's Big Surprise: Gov't Agency Is Actually Doing Its Job (Dark Reading) When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen. As I read all of the stories about the NSA, they come across as if this is somehow surprising. You can search back to the early 2000s and find stories that state how the NSA was behind the technology curve, and was woefully unprepared to deal with the ever-growing Internet and new technologies

Obama's NSA overhaul may require phone carriers to store more data (Reuters) President Barack Obama's plan for overhauling the National Security Agency's phone surveillance program could force carriers to collect and store customer data that they are not now legally obliged to keep, according to U.S. officials

The Grill: Rep. William Keating wants cross-sector data sharing (ComputerWorld) This cybersecurity-focused lawmaker wants cross-sector data sharing for faster response to cybersecurity threats

Clarity in OMB, DHS roles should be addressed in cybersecurity legislation (FierceGovernmentIT) Confusion over which responsibilities for federal cybersecurity policy reside in the Office of Management and Budget rather than in the Homeland Security Department isn't helping federal networks be more secure, a witness told a Senate panel

DOD switches to NIST security standards (Defense Systems) In a far-reaching move, the Pentagon has chosen to move all IT systems used by its organizational entities to a governmentwide set of IT security accreditation standards

Lightening the Workload for Cyber Command (SIGNAL) The U.S. Defense Department struggles to defend the current network infrastructure

New law increases cyber attack risks for French companies (Out-Law) Businesses in France are being asked to compile a database of commercially sensitive information that will potentially attract increased interest from cyber criminals

China to work with EU on cybersecurity as Xi wraps up Europe tour (South China Morning Post) Beijing's updated EU policy paper also suggests studying Europe's approach to urbanisation

'We have to implement it, but we don't have to respect it,' Turkish PM says on Twitter ruling (Hurriyet Daily News) Prime Minister Recep Tayyip Erdoğan has publicly expressed his discomfort at the Turkish Constitutional Court's ruling to unblock access to Twitter, describing the move as an attempt to protect "an American company's product"

Litigation, Investigation, and Law Enforcement

Target breach: Court of public opinion not as forgiving as court of law (FierceITSecurity) While Target continues to suffer in the court of public opinion, its fortunes in a court of law just improved

Federal Agencies Fail To Protect Personal Data (InformationWeek) Government agencies have inconsistently responded to both cyber and non-cyber incidents, a watchdog group says

DOJ Apologizes (Twice) to Court in NSA Case (US News and World Report) Government attorneys failed to note preservation of evidence orders, leading judge to write inaccurate ruling

DOJ Notifies Terror Suspect Evidence Gathered Through NSA Program (Wall Street Journal) Federal prosecutors have notified a terror suspect in Portland, Ore., that some of the evidence against him was gathered through the controversial National Security Agency bulk surveillance program—marking another case where judges will likely have to rule on the legality of such government programs. Reaz Qadir Khan, 48, is the fourth terror suspect in the U.S. to receive such a notification. The first came in October

U.S. States Investigating Breach at Experian (Krebs on Security) An exclusive KrebsOnSecurity investigation detailing how a unit of credit bureau Experian ended up selling consumer records to an identity theft service in the cybercrime underground has prompted a multi-state investigation by several attorneys general, according to wire reports

City investigates Anonymous cyber attack (KRQE) The City of Albuquerque is still dealing with the major cyber attack that shut down some online pages over the weekend

Former Microsoft employee accused of leaking software pleads guilty (SC Magazine) A former Microsoft employee has pleaded guilty to charges related to sharing software code for looming company products

Scottish Officers Convicted Of On-Duty Data Offences (InformationSecurityBuzz) Following news that an increasing number of Scottish police officers are being investigated for breaching data protection laws whilst on duty, find the following comments and thoughts from John Walker, Patrick Oliver Graf and Girish Bhat

Barrett Brown Signs Plea Deal in Case Involving Stratfor Hack (Wired) Barrett Brown, whose case became a cause célèbre after he was charged with crimes related to the Stratfor hack, has agreed to a plea deal with prosecutors, according to court filings

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SyScan 2014 (Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

2014 GovCon Cyber Summit (McLean, Virginia, USA, April 9, 2014) The U.S. Computer Emergency Readiness Team (US-CERT) noted that last year federal networks saw a substantial increase in hacking incidents, with 48,000 attacks reported by agencies. In recognition of this...

2014 GovCon Cyber Summit (McLean, Virginia, USA, April 9, 2014) The U.S. Computer Emergency Readiness Team (US-CERT) noted that last year federal networks saw a substantial increase in hacking incidents, with 48,000 attacks reported by agencies. In recognition of this...

2014 Computer Security Day (Eugene, Oregon, USA, April 11, 2014) The Fourth Computer Security Day at the University of Oregon will feature a slate of distinguished speakers from academia, industry, and government, discussing current challenges and future opportunities...

Women in Cyber­security Conference (Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

NSA Procurement in today's business arena (Elkridge, Maryland, USA, April 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

cybergamut Technical Tuesday: Malware Reverse Engineering (Columbia, Maryland, USA, May 6, 2014) An introduction to the tools, workflows, and tricks of the trade to attack sophisticated malware by Dale Robson of CyberPoint. Industry standard cyber security products do a good job in blocking and defending...

STEM Café (Geneva, Illinois, USA, May 6, 2014) At the next STEM Café, Raimund Ege, associate professor in NIU's Department of Computer Science, will lead a lively discussion on how computer crime affects our everyday lives and what we can do to protect...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.