skip navigation

More signal. Less noise.

Daily briefing.

Did you hear Russia's PM Medvedev had resigned? Neither had Mr. Medvedev — his Twitter account was hijacked to tweet a resignation in (implausible) shame over his government's conduct. Anti-Putin hacktivists Sholtay-Boltay claim credit.

Taiwan complains publicly of Chinese cyber attacks.

Iranian dissidents (and ordinary Internet users) increasingly work Tor to evade Islamic Republic censorship. (Tor also retains its attractiveness to botnet masters.)

Symantec releases a study of obfuscation and finds, interestingly, noticeably fewer instances of malware shutting down upon detection of a virtual machine. Since determining that software is running in a VM is a useful indicator that the software may be under analysis, this shift indicates either that malware authors are becoming careless or (far more likely) they've decided other forms of evasion are a better investment.

Anonymous continues to hack Ferguson, Missouri, USA, over a controversial police shooting. Someone — possibly a hacktivist opposed to Anonymous — sets up a spoof site to troll Anonymous sympathizers.

Hold Security responds to critics of its handling of the CyberVor discovery, and publishes a CyberVor FAQ.

Researchers offer an overview of automotive cyber attack surfaces.

BlackBerry has patched its OS and enterprise server software.

Harvard Business Review and the Atlantic publish, respectively, a call for a workplace cyber panopticon and a rebuke to the Internet's marketing roots.

Frances' ANSSI issues guidelines for ICS cyber security.

NATO is again encouraged to think through Article 5's application in cyberspace.

US Department of Homeland Security critical infrastructure protection and cyber security programs receive marks from partners.

Notes.

Today's issue includes events affecting Austria, China, European Union, France, Iran, Netherlands, Russia, Syria, Taiwan, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Russian PM's Twitter hacked, posting 'I resign' (BBC) The Twitter account of Russia's prime minister was hacked on Thursday. The infiltrators posted a message saying Dmitry Medvedev had resigned

China launching 'severe' cyber attacks on Taiwan: Minister (Economic Times) "The Chinese cyberwar units have been engaging with Taiwan units almost every day, with some severe attacks every few months," Simon Chang said. Taiwan's science and technology minister today said that China is launching frequent cyber attacks on the island despite warming ties between the two former rivals

Iran's Internet Users Outsmart Government in Cat-and-Mouse Censorship Game (Global Voices) Tor, a popular online anonymity tool used by many Iranians to bypass Internet censorship, was blocked from late July until the beginning of August. The block prevented 75 percent of the network's estimated 40,000 daily users in Iran from connecting to Tor

Fake Tor Browser Bundle Reversed, Researcher Talks to Botmaster (Softpedia) A security researcher found a fake Tor Browser Bundle that contained malware and reverse engineered his way to communicating with the botmaster for a while

Malware is less concerned about virtual machines (ComputerWorld) Symantec finds most malware doesn't quit if it runs on VM, which used to be a sign it was being analyzed

Threats to virtual environments (Internet Storm Center) In the past few years the virtualization concept becomes very popular. A new study by Symantec discussed the threats to the virtual environment and suggests the best practice to minimize the risk

Malware targets jailbroken iOS devices, hijacks ad revenue (Help Net Security) AdThief (or Spad) is the name of a recently discovered iOS malware that has managed to infect some 75,000 jailbroken iOS devices and steal revenue from around 22 million ads in a period that spanned a little over four months

DorkBot, a Twin Botnet of NgrBot (Fortinet Blog) DorkBot is another modified IrcBot that is extremely similar to NgrBot, which is why many antivirus software treat them the same way, oftentimes using the same detection. Our botnet monitoring system has even captured NgrBot and DorkBot at almost the same time. However, according to a deeper analysis of both NgrBot and DorkBot, we find that they should be treated differently

"Anonymous" attack disrupting Ferguson city government (Fox 2 St. Louis) Protests in the streets have not been the only disruption in the city of Ferguson since the shooting of Michael Brown by police. A cyber attack by the hacker group "Anonymous" has done more damage than any bottle or brick

This Phony 'Anonymous' Site Was Set Up to Trap Ferguson Hacktivists (Motherboard) As military police forces gather around Ferguson, trying to quell an angry, frustrated, and betrayed population, some people are taking their fight online. 'OpFerguson', being spear-headed by members of the hacktivism collective Anonymous, launched a couple of days ago

CyberVor Update: Hold Security Responds (BankInfoSecurity) Firm posts FAQ, defends its intentions. Hold Security continues to deal with the backlash prompted by its recent warning that a Russian cyber gang breached 420,000 web and FTP sites to pilfer more than 1.2 billion credentials.

CyberVor Breach: Frequently Asked Questions (Hold Security) [Eleven questions asked and answered.]

Breach Puts Database Security Back In Spotlight (Daily Business Review) Reports of a Russian crime ring amassing 542 million unique email accounts and 1.2 billion username and password combinations once again raises questions about database security

15 new vulnerabilities reported during router hacking contest (InfoWorld) Five popular router models were hacked during the SOHOpelessly Broken competition at DefCon 22

A Survey of Remote Automotive Attack Surfaces (Illmatics) Modern automobiles consist of a number of different computer components, called Electronic Control Units (ECUs). Each automobile contains from 20-100 of these devices, with each ECU being responsible for one or more particular features of the vehicle. For example, there is an ECU for seatbelt tightening, one for monitoring the steering wheel angle, one to measure if a passenger is in the car, one to control the ABS system, and so on. These ECUs need to pass data to one another so they can make decisions on how to act. For example, an ECU may act differently depending on if the car is in drive or reverse or whether it is moving or stationary

How the NSA (accidentally) took Syria off the internet (Hot for Security) In late 2012, as fighting intensified around Damascus, all internet services in and out of Syria suddenly shut down

The internet just BROKE under its own weight — we explain how (The Register) Next time, big biz, listen to your network admin. On Tuesday, 12 August, 2014, the internet hit an arbitrary limit of more than 512,000 routes. This 512K route limit is something we have known about for some time

Security Patches, Mitigations, and Software Updates

BlackBerry patches vulnerabilities in BlackBerry OS, enterprise server software (CSO) The flaws could allow attackers to access data stored on BlackBerry phones or sensitive credentials logged on servers

Users should patch critical flaw in Adobe Reader and Acrobat, researchers say (CSO) Adobe also releases critical updates for Flash Player and AIR

Gmail introduces filters for non-Latin characters, weeding out more phishing emails (Naked Security) Just one week after Google announced that it was to become the first major email provider to adopt the Internet Engineering Task Force (IETF) standard for addresses containing non-Latin and accented characters, it has had to introduce filters to minimise the risks posed by the change

Cyber Trends

The Danger from Within (Harvard Business Review) See how resilient your organization is to insider cyberattacks and whether you're helping or hurting the cause

The Internet's Original Sin (The Atlantic) It's not too late to ditch the ad-based business model we have and build the web we want

Marketplace

The Man Who Found 1.2 Billion Stolen Passwords: Negative Publicity Harming My Business (Forbes) Alex Holden, CTO of Milwaukee-based Hold Security, looks surprisingly buoyant. Perhaps it's just his attempt at a brave face. In the past week, his integrity as a security researcher has been called into question. He's been called a liar and a scaremonger. He hasn't been talking to the press until now

SafeNet, Gemalto reached $890M deal after less than 2 months of talks (Baltimore Business Journal) Amsterdam-based Gemalto N.V. was following Belcamp cyber security firm SafeNet Inc. for years before striking a deal to buy it

Lockheed buying up suppliers? Chalk it up to serendipity, says one exec (Washington Business Journal) Tim Reardon, chief of Lockheed Martin Corp.'s defense and intelligence solutions group, acknowledged that some have surmised that Lockheed is buying up its suppliers, in an attempt to bring capabilities under its own umbrella and perhaps trim costs tied to the supply chain. So is it?

Products, Services, and Solutions

ESET releases new SOHO security SKUs (ChannelLine) Slovakian-based security software maker ESET has announced two new solutions for the Small Office/Home Office (SOHO) market: ESET Multi-Device Security Home Office and ESET Small Office Security

Panda 2015 consumer range now available (Beta News) Panda Security has announced the launch of its 2015 consumer range, claiming that it's "lighter, safer and easier to use than ever before"

Drew Morin: TCS to Integrate Cyber Training Modules into Sypris Platform (ExecutiveGov) TeleCommunication Systems has been awarded a contract to design a cybersecurity training program for Sypris Electronics

CTC, SilverSky Partner, Eye Global Managed Security Services Expansion (Talkin' Cloud) CTC will leverage SilverSky to deliver managed security services to its customers

Technologies, Techniques, and Standards

ANSSI key measures to improve the cybersecurity of industrial control systems (ANSSI) Since February 2013, industrial stakeholders (final users, vendors, integrators, professional organizations, etc.) and French governmental entities have been working together as part of a working group, lead by ANSSI, which aims at elaborating concrete and practical proposals to improve the cybersecurity of critical infrastructures

How to Detect SSL Leakage in Mobile Apps (eSecurity Planet) LinkedIn researchers find piles of SSL configuration flaws in mobile apps and so can you

Wireless Auditing, Intrusion Detection & Prevention System (Ethical Hacking) WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit (penetration testing) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all WiFi information in the surrounding and store in databases. This will be useful when it comes to auditing a network if the access point is 'MAC filtered' or 'hidden SSID' and there isn't any existing client at that moment

SAMHAIN v3.1.2 Released (Toolswatch) The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes

Hybrid Cloud Security: New Tactics Required (InformationWeek) Interested in shuttling workloads between public and private cloud? Better make sure it's worth doing, because hybrid means rethinking how you manage compliance, identity, connectivity, and more

Academia

Schools Buy Into Cyber Security Business As Investment Swells (BusinessBecause) A cluster of the world's leading business schools have begun rolling out cybersecurity classes, as markets begin recognizing its importance in the corporate world

Cyber Engineering at Louisiana Tech Positions Graduates, Region to Lead Industry (My ArkLaMiss) Cyber is everywhere. From the way we communicate to the way we buy goods and services to the way we share information, our lives and activities today are largely reliant on a strong and secure global cyber infrastructure

Legislation, Policy, and Regulation

The Three Cyber-Security Challenges Facing Nato (International Business Times) Cyber is already an integral part of all conflicts and wars in today's world. For NATO there is plenty of work and planning ahead, before it, as alliance, is a credible player in the cyber domain. NATO must pay special and rapid attention improving its Article 5 policy and collective cyber capabilities, and also remind its member-states that collective cyber credibility begins with countries' own cyber defences. Decisions and guidelines are needed in the Nato Summit in September

The story behind DOT's cyber makeover (FCW) Richard McKinney says that when he came to the Transportation Department as CIO in May 2013, the agency's reputation for cybersecurity was dismal — marked by insufficient staff, inconsistent tools and siloed visibility

Who Receives Hacker Threat Info From DHS? (Nextgov) Health care, banking and other key sectors at risk of cyberattacks have not joined a Department of Homeland Security program required to offer these industries protections against a potential catastrophic hack, according to federal inspectors

Agencies slow to move out on DHS cyber program, survey says (Federal News Radio) A year after the Department of Homeland Security formally launched its effort to move agencies toward a continuous diagnostic and mitigation approach to cybersecurity, things are off to a slow start. On the plus side, the agencies that have gotten the ball rolling already are seeing good results

Cyber Uncertainty [National Guard] (TMC Net) Governors want to tap the Guard's growing cyber capability. The Guard wants to help, but a lack of clear policy from Washington is an impediment

Litigation, Investigation, and Law Enforcement

Snowden: lies pushed me over the edge (AFP via Yahoo! News) Edward Snowden says dishonest comments to Congress by the US intelligence chief were the final straw that prompted him to flee the country and reveal a trove of national security documents

Snowden's New Lies for Old (XX Committee) WIRED has a new interview with Edward Snowden, conducted over several days in Moscow, which claims to be the most significant media discussion with the world's most famous IT contractor since he fled to Russia in June of last year. I won't comment on the magazine cover shot, with Ed wrapped in Old Glory, representing an American super-patriot, which is a rare breed in Putin's Russia

Snowden leaks show that terrorists are JUST LIKE US (The Register) … on infosec, that is. Jihadis' OPSEC rivalled GCHQ's, says Glenn Greenwald

USIS Breach May Open Door To Foreign Agent Recruitment (HS Today) The largest provider of background investigations for the Department of Homeland Security (DHS) recently became the latest victim of a major cyberattack that may have compromised the personal information of employees, prompting the government to suspend its work with the firm

Gartner Magic Quadrant: NetScout Says Secret Is Green (InformationWeek) After Gartner analysts rank NetScout only a "challenger," Netscout files lawsuit alleging Gartner's rankings involve pay for play. Let's examine both sides of this street

US construction company sues bank over cyber-heist (Computing) A US heavy industrial construction company is sueing its bank after losing $327,000 in a cyber attack, claiming negligence on the part of the bank and breach of contract after it was subject to a "corporate account takeover" in a sophisticated sting

IG: Former DARPA head promoted own company, violating rules (Military Times) A former director of the Defense Advanced Research Projects Agency used her influential position to help shine a spotlight on a high-tech research company that she created, actions that the Defense Department Inspector General says violated ethics rules

Facial recognition software leads to arrest after 14-year manhunt (Naked Security) A US child sex abuse suspect hiding out in Nepal who was on the run for 14 years has been caught using facial recognition technology

US Companies Still Mine Europeans' Private Data despite Promises, CDD says (Hot for Security) Dozens of US tech companies, including Adobe Systems, AOL and Salesforce.com, continue to violate Europeans' privacy despite promises to comply, according to the Center for Digital Democracy. The advocacy group filed a complaint against 30 data brokers, tech giants and data management firms that promised to better handle personal information of EU residents

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

SINET 16 (Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...

Upcoming Events

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community...

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.