Recorded Future updates its report on Al-Qaeda's improved encryption to show how it accounts for the impact of Snowden's leaks.
CyberSquared describes "Operation Arachnophobia," which it associates with a Pakistani hacking group (possibly private, possibly government-controlled — attribution remains unclear) working against India.
The New York Times yesterday reported that cyber criminals of Russia's CyberVor gang have stolen more than 1 billion user credentials. The revelation comes from Hold Security, which has declined to say where CyberVor got them. Other observers (notably writing in The Verge) are cautiously skeptical: there aren't that many services with over a billion users (apparently the credentials were stolen from multiple sources), and the credentials don't appear as expected on the black market, instead being used for Twitter-spamming services (pretty low-grade crime, with a low ROI).
US-CERT warns that Backoff malware has been found in some 600 point-of-sale systems; US banks consider their response.
Malicious macros in MS Office documents are making a comeback among cyber criminals: they're cheap and easy tools, and still find their marks.
Tor anonymity remains under question after proof-of-concept breach research is released, then pulled at lawyers' request.
Symantec has patched the privilege-escalation vulnerability in it Endpoint Protection.
Some good news: NTP attacks have fallen off dramatically in the wake of widespread adoption of countermeasures. Also, protection against and recovery from second-generation ransomware seems to be advancing.
The financial sector is adding cyber intelligence specialists to their security teams. Pricey labor, but judged worth it.
Today's issue includes events affecting China, European Union, Germany, India, Ireland, Pakistan, Russia, United Kingdom, United States, and Uzbekistan.
Cyber Attacks, Threats, and Vulnerabilities
Al-Qaeda and Snowden: Correlation, Causation, and Temporal Analysis(Recorded Future) Our recent research on Al-Qaeda encryption again generated a tremendous amount of interest which we were thrilled to see, with stories in NPR, Wall Street Journal, Ars Technica, ABC News, Washington Post, etc. Much of the reaction was very positive and underscored the combined value of open source analysis and reverse engineering
Operation Arachnophobia: Caught in the Spider's Web(CyberSquared) Cyber Squared Inc.'s ThreatConnect Intelligence Research Team (TCIRT) tracks a number of threat groups around the world. We first discovered a suspected Pakistani threat group in 2013, and have since followed their activity and found new observations and insight into the group and its tactics that we call,
The Russian 'hack of the century' doesn't add up(The Verge) Yesterday, The New York Times dropped an exclusive account of what reporter Nicole Perlroth called "the biggest hack ever." By the numbers it certainly held up: 1.2 billion accounts, covering 500 million unique email addresses over 420,000 websites. The data had been captured by a Russian hacker group called CyberVor, and revealed by Hold Security. But as the smoke clears, the hack seems to be less of a criminal masterwork than the article might have you believe
All Passwords have been lost: What's next?(Internet Storm Center) Some of it may be hype. But no matter if 500 Million, 1.5 Billion or even 3.5 Billion passwords have been lost as yesterday's report by Hold Security states, given all the password leaks we had over the last couple years it is pretty fair to assume that at least one of your passwords has been compromised at some point
How 'Backoff' Malware Works and Why Banks Should Care(American Banker) Bankers, beware Backoff. The Department of Homeland Security sounded an alarm last week about this young strain of malicious software. The agency directed its warning mainly at retailers, but banks are also vulnerable to Backoff in several ways and need to put defensive mechanisms in place
Can Planes Be Hacked via Onboard Wi-Fi?(CIO Today) Are planes really at risk of cyberattack through the Wi-Fi connections we love to use while sky high? If you believe Ruben Santamarta, a consultant with cybersecurity firm IOActive, the answer is yes. But other security Relevant Products/Services researchers are skeptical
Hacking Tor and Online Anonymity(Infosec Institute) Tor is the acronym of "The onion router", a system implemented to preserve online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers that hide user information, eluding surveillance of government and other bad actors
Tor Anonymity Questioned After FBI Infected Visitors of Criminal Sites with Malware(Softpedia) It is already known that Tor is a thorn in the side of law enforcement because it provides complete anonymity to Internet users. It has already been reported that the NSA has been trying for a long time to snoop in on people using the intricate network providing complete protection by monitoring access points, but now it looks like the FBI is the one too curious
PF Chang's data breach lasted 8 months(Help Net Security) Asian-themed US restaurant chain P.F. Chang's China Bistro has finally provided some more details about the breach it suffered earlier this year, including the 33 restaurant locations where the security of their PoS systems was compromised
Security Patches, Mitigations, and Software Updates
DDoS attack volumes plummet as NTP servers got patched(Help Net Security) Wise to attackers' exploitation of the Network Time Protocol (NTP) vulnerability to create distributed reflection denial of service (DrDoS) attacks, information security executives thwarted these types of amplified assaults by patching weaknesses or making upgrades in their systems associated with the protocol, causing an 86 percent drop in the peak bit volume of NTP DrDoS attacks to 59 gigabits per second (Gbps) in Q2 2014
The weak links in an increasingly dynamic threat landscape(Help Net Security) The Cisco 2014 Midyear Security Report, released today at Black Hat U.S., examines the "weak links" in organizations — outdated software, bad code, abandoned digital properties, or user errors — that contribute to the adversary's ability to exploit vulnerabilities with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, infiltration of encryption protocols, social engineering and "life event" spam
Studies confirm epidemic of cyberattacks(FierceCIO) A majority of organizations experienced some sort of external cybersecurity incident in the past year, and cybersecurity breaches are now driving organizational strategy for most of them
Mobile device security in health industry 'immature'(FierceMobileHealthcare) The global healthcare industry is not keeping pace when it comes to mobile device security, specifically unsanctioned device and application use, according to a new survey by IDG Connect for security vendor ForeScout
What do you do when Facebook is spying on you?(Phys.org) Facebook, Twitter, Google Plus and other social media were designed to connect friends. But they are also used to connect extremely complex marketing and surveillance systems, all meant to subtly shape online interactions
Smart Building Technologies Could Expose Companies To A New Breed Of Cyber Attack(TechCrunch) Last month major corporations and household names such as Evernote, TweetDeck and Feedly were held ransom by Internet hackers. Many found this concerning, but even more serious is that some businesses may not realize how highly vulnerable they are to such an attack. What if it were your building that was held ransom? Are there things that could have been done to prevent a cyber attack?
China Apparently Takes Apple Off Procurement Lists In Bid To Limit Overseas Influence(TechCrunch) China has removed iPads and MacBooks from its procurement lists for government agencies and officials, according to a new report from Bloomberg. The iPad, iPad Mini, MacBook Air, MacBook Pro and other products, totalling ten altogether, were left off a new procurement list distributed to government organizations in July, after initially appearing in a draft version in June, per the report. The move is just the latest example of China seeking to encourage sourcing of hardware and software from Chinese companies, and it's being billed as a security move by Chinese authorities
Cyber security entrepreneurs: balancing secrecy and publicity(Financial Times) As an address, "Nimrod House, Enigma Business Park", seems particularly appropriate for a company involved in encryption and secure communications for the British military. A German Enigma machine was used by Allied codebreakers to decipher intelligence in the second world war, while the Nimrod was a UK maritime surveillance aircraft in the cold war
Vectra Networks Raises $25M to Empower Enterprises in Their Battle Against Cyber Attacks(Broadway World) Vectra Networks, the leader in real-time detection of cyber attacks in progress, today announced it has received $25M in an oversubscribed Series C financing round. Accel Partners led the financing round and Eric Wolford, partner at Accel Partners, has joined Vectra Networks' Board of Directors. Prior investors Khosla Ventures, IA Ventures and AME Cloud Ventures all participated in the round. In addition, Intel Capital and Juniper Networks, through its Junos® Innovation Fund, joined the round. The investment will accelerate research and development, sales and marketing to meet CIOs' growing demand for real-time detection of cyber attacks in progress
Former NSA Chief Defends Cybersecurity Venture(AP via ABC News) Even in an era when former officials routinely profit from business ventures linked to their public service, recently retired National Security Agency chief Keith Alexander raised eyebrows when he disclosed he is working on patents for what he calls a game-changing cybersecurity model
FireEye Announces John McGee as SVP, Worldwide Sales(MarketWatch) FireEye, Inc. FEYE -2.65%, the leader in stopping today's advanced cyber attacks, today announced that John McGee, formerly Executive Vice President, Worldwide Field Operations for Informatica, has joined FireEye as the company's Senior Vice President, Worldwide Sales
Products, Services, and Solutions
Next-Gen Splunk Serves Up Faster Threat Detection(CIO Today) When it comes to real-time Relevant Products/Services operational intelligence Relevant Products/Services, Splunk is vying for market leadership Relevant Products/Services. The company just rolled out version 3.1 of the Splunk App for Enterprise Security, complete with a new risk scoring framework that promises faster threat Relevant Products/Services detection and containment
Lumeta ESI Delivers Real-Time Network Situational Awareness into Splunk Enterprise(Digital Journal) Lumeta Corporation has enhanced the integration between its Lumeta ESI (Enterprise Situational Intelligence) software and Splunk Enterprise real-time operational intelligence software. Feeding Lumeta's comprehensive network intelligence into Splunk increases its effectiveness and provides joint customers with enhanced network situational awareness
Universal Security Suite From eScan Officially Launched (Streetwise Tech) On August 1, 2014, Universal Security Suite a new product of eScan was launched in Kathmandu, Nepal. The company, Phoenix Trading, has officially launched the new product — Universal Security Suite. The new security suite is going to ensure users a more secured computing experience when it comes to various devices and across all different platforms such as Android, Macintosh, Linux and Windows using one license key. This is based on the statement given by the company
Detect threat patterns across your web and mobile assets(Help Net Security) RiskIQ announced an automated platform with global reach that enables organizations to discover, scan for malware and gather threat intelligence on all websites and mobile apps that are legitimately or illegally associated with their business
LogRhythm Introduces Honeypot Security Analytics Suite(LogRhythm) LogRhythm, The Security Intelligence Company, today released a new analytics suite that monitors honeypots to track would-be attackers, enabling customers to analyze nefarious tactics and generate targeted threat intelligence that facilitates an ongoing adaptive defense posture. The new Honeypot Security Analytics Suite is the latest in a series of innovations from LogRhythm Labs designed to expedite the detection, prioritization and response to advanced cyber threats
General Dynamics Fidelis Cybersecurity Solutions Partners with CrowdStrike to Enhance Threat Intelligence(MarketWatch) General Dynamics Fidelis Cybersecurity Solutions announced that it has partnered with CrowdStrike to provide customers with access to shared threat intelligence that will further improve the prevention, detection, attribution and remediation of cyber-attacks in real-time. Supplementing the proprietary threat intelligence provided by General Dynamics Fidelis' threat research team, integrated YARA rules and other industry partnerships , the information from the CrowdStrike Intelligence Exchange provides Fidelis XPS customers with an even broader range of threat intelligence
Open source threat visualization engine for infosec pros(Help Net Security) OpenDNS has released OpenGraphiti, an interactive open source data visualization engine that enables security analysts, researchers and data scientists to pair visualization and Big Data to create 3D representations of threats
Hexis Cyber Solutions Unveils NetBeat Product Line for Simplified Network Visibility & Control(IT Business Net) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today launched its NetBeat product line featuring solutions built to provide organizations with simplified network monitoring, analysis and control. NetBeat MON and NetBeat NAC deliver 360 degree network visibility in a set of easy-to-use applications that improve organizational productivity
Technologies, Techniques, and Standards
Advanced threat detection is more than one moment in time(IT Pro Portal) The changing nature of the threat landscape, and the ever-growing sophistication of hackers, means that the way organisations protect themselves against advanced cyber-attacks must change too. Hackers are no longer focused on what was traditionally deemed to be their destination — the perimeter of the enterprise. They're now focused on the journey itself, leveraging an array of attack vectors, taking endless form-factors, launching attacks over time, and cleverly hiding the leakage of data
How to foil SynoLocker and minimize the damage(Help Net Security) We wrote on Monday warning about Synology NAS users being targeted with SynoLocker, a customized version of the Cryptolocker ransomware, which encrypts the files contained on the devices and asks 0.6 BitCoin ($350) for the decryption key
iOS security myths and threats(Help Net Security) In this interview, Zuk Avraham, CEO of Zimperium, talks about iOS security myths and threats, discusses the difficulties in exploring iOS security vs. "breaking" Android and offers advice to those managing a variety of iOS devices in a large organization
New type of cryptography that can better resist "dictionary attacks"(Phys.org) Cryptographers in China have have developed a new type of cryptography that can better resist so-called offline "dictionary attacks", denial of service (DoS) hacks, and cracks involving eavesdroppers. Their approach, reported in the International Journal of Electronic Security and Digital Forensics, extends and improves a type of cryptography that uses an intractable mathematical problem as its basis
Is artificial intelligence as big a threat as nuclear weapons?(Naked Security) He brainstormed an 800 mph subsonic air travel machine made of friction-foiling aluminum pods, provided the concept behind what's now the second largest provider of solar power systems in the US, invested $100 million of his own money into putting people on Mars, and open-sourced electric car company Tesla's patents for the betterment of mankind — or, well, at least, to jump-start development of electric cars
Osborne announces seven university technical colleges(ComputerWeekly) Chancellor George Osborne has announced seven new university technical colleges (UTCs) and four new studio schools, backed by employers to equip young people with the skills needed to secure high-tech jobs in the IT and engineering sectors
Aaron's Law Is Doomed Leaving US Hacking Law 'Broken'(Forbes) A bill named after the late internet activist Aaron Swartz that was supposed to update much-criticized US hacking law is almost certain to be left to wither in Congress, according to various sources with knowledge of the matter. A stalemate has emerged between Representative Zoe Lofgren, who was carrying the bill into the House, and the House Judiciary Committee headed up by Representative Bob Goodlatte, which has chosen not to discuss or vote on Aaron's Law
Litigation, Investigation, and Law Enforcement
OIG: ONC's inadequate oversight left EHRs vulnerable to hackers(FierceEMR) The Office of the National Coordinator for Health IT's lackluster monitoring of the Authorized Testing and Certified Bodies (ATCBs) under the temporary certification program did not fully ensure that test procedures and standards could secure and protect patient information in electronic health record, according to a new report by the U.S. Department of Health and Human Services' Office of Inspector General (OIG)
The Tech War On Child Porn Is Not Limited To Google Scanning Gmail(Forbes) Google GOOGL +0.05% has suddenly become the poster boy for child porn searches after the search giant reported a child porn image in a Texas man's Gmail, leading to his arrest. Many in the tech community, including my colleagues here at Forbes seem shocked, saying we should "be afraid of Google's power" and that its pairing up with law enforcement like this is leading us into the Panopticon. I have news for you: Google is far from the only tech giant scanning your messages for child porn, and this is only one of the technological methods being used to try to eradicate the societal scourge that is kiddie porn
How Google handles child pornography in Gmail, search(MSN) Google's email-scanning practices are used to fight evil as well as target ads. The company revealed Monday that it's created a digital database of images displaying child sexual abuse, which it compares to images sent via Gmail
Wikimedia Attacks Europe's Right To Be Forgotten Ruling As Threat To Its Mission(TechCrunch) The Wikimedia Foundation, the not-for-profit organization behind Wikipedia, has strongly condemned the recent right to be forgotten (rtbf) ruling in Europe, warning the requirement to allow private individuals to request the de-indexing of links from search results associated with their name is going to have "critical repercussions" for its online crowdsourced encyclopedia
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Black Hat USA 2014(, January 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning,...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
Resilience Week(Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day(Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...
Build IT Break IT Fix IT: Build IT(Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
The Hackers Conference(New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.