Russia-sympathizing hacktivists of Cyber Berkut claim responsibility for defacing Polish governmental and financial sites with images of the Holocaust. Poland's offense, according to Cyber Berkut, is "sponsoring fascism" in Ukraine at the behest of meddling Americans.
Russia's application of a strong hand to Internet censorship shows mixed success (witness the case of "Sergeant Selfie") but Ukraine's government seems ready to implement similarly restrictive policies.
Cyber rioting continues to shadow physical protest in Ferguson, Missouri, USA.
New Zealand's NCSC warns government agencies of an ongoing spearphishing campaign.
German researchers publish anti-surveillance software.
Lockheed Martin, long engaged against cyber espionage services seeking to penetrate its networks, reports that its familiar attackers seem to have, not disappeared, but gone quiet. Continued vigilance is in order.
Ransomware remains in the news. "Kovter" takes a retro approach — it doesn't encrypt your files, it just blackmails you directly in the old-fashioned way. Synolocker's controllers appear ready to move to a different form of crime, as they hold what amounts to a fire sale of encryption keys. Webroot warns of ZeroLocker's ascendance. And another extortion attempt (announcing itself as such) threatens to destroy its victims through "negative SEO."
The Gameover Zeus botnet continues its unwelcome rise from the dead.
Talk of automated cyber retaliation prompts Schneier to remind all of the difficulties of attribution.
Thycotic, hoping to gain insight into bad actors' motivation, surveys people who identify themselves as "hackers." The "hackers" mostly say they hack for artistic and altruistic reasons, not gain. (Tell it to Sabu.)
Today's issue includes events affecting Australia, Canada, China, European Union, Germany, Iran, Israel, Democratic Peoples Republic of Korea, New Zealand, Palestinian Territories, Russia, Ukraine, United Kingdom, United States.
'Anonymous' Twitter Feed Suspended During Ferguson Protests(NBC News) A Twitter account from online "hacktivist" group Anonymous was suspended on Thursday after it claimed to reveal the name of the police officer who shot unarmed teenager Michael Brown, setting off five nights of unrest in the suburb of Ferguson, Missouri. Sgt. Colby Dolly of the St. Louis County Police told NBC News that the person named by Anonymous was not the officer who shot Brown, nor was he a member of the St. Louis County Police Department
Spearphishing campaign targeting multiple government departments(New Zealand NCSC) The NCSC is aware of a current spearphishing campaign targeting a wide number of government sector employees. To the recipient, the spearphishing email appears to be sent from a legitimate but spoofed (i.e. using a forged sender address) email address. The NCSC recommends all government IT Security Managers advise employees not to follow the hyperlink contained in the body of the spearphishing email
The HACIENDA Program for Internet Colonization(Heise) Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations
Some Cyber Attackers Lie Low(SIGNAL) Some Cyber Attackers Lie Low
August 14, 2014
By George I. Seffers
E-mail About the Author
Some of the hackers who have persistently attacked Lockheed Martin's networks have "gone quiet" in recent months, officials told reporters yesterday at an Arlington, Virginia, media summit hosted by the company's recently restructured Defense and Intelligence Solutions division. "We've seen a number of the adversaries — I wouldn't say they've disappeared — but they've gone quiet," said Darrell Durst, Lockheed Martin's vice president, cyber solutions. "I think we have been able to counter a number of the adversaries relative to our networks"
SynoLocker gang planning to move on?(Help Net Security) The crooks behind SynoLocker have made some changes to the website sporting the payment instructions. They are trying to spur more victims to pay up by saying that the website will be take offline soon and, once that happens, they will not be able to get the private keys needed to decrypt their files
ZeroLocker(Webroot Threat Blog) Recently in the news we saw FireEye and Fox-IT provide the ability to decrypt files encrypted by older crpytolocker variants. They used the command and control servers seized by the FBI during operation Tovar
Hello, this is an extortion email.(DEJANSEO) Over the years we have been a target of various negative SEO campaigns. This morning's email tops it all though. The sender doesn't beat around the bush and makes it very clear saying: "this is an extortion email"
The Gyroscopes in Your Phone Could Let Apps Eavesdrop on Conversations(Wired) In the age of surveillance paranoia, most smartphone users know better than to give a random app or website permission to use their device's microphone. But researchers have found there's another, little-considered sensor in modern phones that can also listen in on their conversations. And it doesn't even need to ask
Thousands of computers open to eavesdropping and hijacking(Naked Security) There's a gaping hole in thousands of unsuspecting people's computers that lets any random internet passerby not only look over their shoulder but reach through to take over their systems. The hole is caused by a remote access tool: specifically, unsecured use of a product known as Virtual Network Computing (VNC)
Disqus WordPress plugin vulnerabilities(Help Net Security) During a penetration testing for a client, Australian based independent security consultant Nik Cubrilovic, discovered a couple of security issues within the very popular Disqus WordPress plugin. So far the plugin has been downloaded nearly 1.5 million times from the official Wordpress plugin repository
Suspicious Login Message Faked, Distributes Backdoor(TrendLabs Security Intelligence Blog) Legitimate services are often used by cybercriminals to try and make their attacks more convincing. Recently, I spotted attacks that used services and platforms like Google Drive and Dropbox in order to look less suspicious to unwary users
Internet Noise and Malicious Requests to a New Web Server(Lenny Zeltser on Information Security) I set up a brand new web server to see what type of connections it will receive. Since the server had no "production" purpose, all attempts to access it could be considered suspicious at best. Such requests are associated with scans, probes and other malicious activities that tend to blend into the background of web traffic. Here's what I observed
The Logic of Purposely Using Poor English in Scam Emails(NoVA Infosec) I am not sure of the original source of this graphic but it illustrates an interesting analysis of why scam emailers actually use bad English on purpose. The off kilter language serves as a simple method of filtering out the more highly desirable "gullible" marks from the rest of the crowd
The Internet's Vulnerable Backbone(Slate) How cybercriminals hijacked the Web's architecture to mine bitcoins. Some Internet security problems can be fixed. Vulnerabilities like Heartbleed, for instance, may have massive reach and widespread impact, but they ultimately come down to a clear flaw that we can mend by rewriting code. It's a long, slow, painful process — but we know what needs to be done
Security Patches, Mitigations, and Software Updates
PHP 5.3.29 is available, PHP 5.3 reaching end of life(Internet Storm Center) The PHP development team announces the immediate availability of PHP 5.3.29. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively
Google Adds Warnings About Deceptive Software To Safe Browsing Service(Threatpost) The Google Safe Browsing service has become an integral part of most of the major browsers, integrating malware alerts, warnings about malicious Web sites and suspicious content. The company has been expanding the capabilities of the service steadily over the last few years, and now Google is adding warnings about deceptive software to the service
86% of hackers don't worry about repercussions(Help Net Security) Thycotic announced the results of a survey of 127 self-identified hackers at Black Hat USA 2014. The survey found that 86% of hackers are confident they will never face repercussions for their activities. In a double-edged sword conundrum, 88% of respondents also believe their own personally identifiable information (PII) is at risk of online theft
Wearing Your Tech on Your Sleeve(TrendLabs Security Intelligence Blog) Sartorial decisions and technology are often considered two separate, distinct items. However, the surge of wearable "smart" devices has blurred the line between the two. Nowadays, it is common to see people accessorized in pieces of equipment that complement their day-to-day activities
Cybersecurity And The National Association Of Corporate Directors(Metropolitan Corporate Counsel) Editor: Why is cybersecurity a current area of focus for NACD? Bew: Cybersecurity and cyber breaches are no longer emerging issues. The headlines about breaches in both the public and private sectors have put the issue on every organization's agenda, whether large or small, whatever the industry and whether the organization is public, private or nonprofit
Cyber Insurance(Infosec Institute) Cyber insurance coverage has been available on the market for a decade, but only recently companies have been seeing a significant growth — sales of cyber insurance in 2013 escalated 30 percent in comparison with 2012, according to the Global Head of Professional Liability for AIG Tracie Grella
CloudFlare's CEO On Expanding In Key Markets Like China And Brazil(TechCrunch) As Web security startup CloudFlare grows internationally, it plans to take a slow and steady approach to dealing with the challenges of expanding in key markets like China and Brazil. In a discussion with TechCrunch senior editor Jonathan Shieber this week at TechCrunch Beijing (organized with TechNode), CloudFlare co-founder and CEO Matthew Prince talked about dealing with laws and regulations in different countries and the challenges of finding a partner in China, its second-largest market
Cisco cutting 6,000 jobs; industry total now at 'great recession' level(FierceCIO) As had been rumored this week, Cisco announced major layoffs yesterday, with 6,000 jobs expected to be cut over the next 12 months. The news comes in the wake of a series of major layoff announcements throughout the tech industry, with job cuts now rivaling the numbers at the beginning of the recession in 2009
Products, Services, and Solutions
DOSarrest Adds New DDoS Protection Node in Singapore(MarketWired) DOSarrest Internet Security announced today that they have expanded their DDoS protection cloud into Asia, with a new DDoS mitigation node in Singapore. The new node will work in conjunction with their existing nodes in New York, Los Angeles and London and will have the same connectivity as the others, including multiple 10 Gb/Sec uplinks to multiple carriers
Continuous monitoring for your perimeter(Help Net Security) Qualys Continuous Monitoring is a next-generation cloud service that gives you the ability to identify threats and unexpected changes in your Internet perimeter before they turn into breaches. With it, you can track what happens within Internet-facing devices throughout your DMZs and cloud environments — anywhere in the world
Technologies, Techniques, and Standards
TUM researchers develop defense software "TCP Stealth"(Technische Universität München) Today, a group of journalists has reported the existence of the "Hacienda" spy program. According to this report, five western intelligence agencies are using the Hacienda software to identify vulnerable servers across the world in order to control them and use them for their own purposes. Scientists at the Technische Universität München (TUM) have developed free software that can help prevent this kind of identification and thus the subsequent capture of systems
Is your encryption getting out of control?(Help Net Security) 2014 marks the 25th anniversary of the creation of the World Wide Web. From its earliest beginnings, users have demanded security for their sensitive information and web sites have universally responded by supporting encryption protocols such as SSL/TLS to encrypt data as it moved across the wires
Why Patching Makes My Heart Bleed(Dark Reading) Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again
7 Places to Check for Signs of a Targeted Attack in Your Network(TrendLabs Security Intelligence Blog) Targeted attacks are designed to circumvent existing policies and solutions within the target network, thus making their detection a big challenge. As we've stressed in our previous entry about common misconceptions about targeted attacks, there is no one-size-fits-all solution against it; enterprises need to arm themselves with protection that can provide sensors where needed, as well as IT personnel equipped enough to recognize anomalies within the network and to act accordingly
AppLocker Event Logs with OSSEC 2.8(Internet Storm Center) In a previous post, Monitoring Windows Networks Using Syslog, I discussed using syslog to send the event logs to a SIEM. This post covers another technique for collecting event log data for analysis
Before Getting Rid of Your Old Printer, Say "Goodbye" to Lingering Data(HackSurfer) In the security business, there's a lot of talk about protecting your smartphones and computers from malware and viruses, as well as loss and theft. It makes sense. Most of us use our smartphones and computers on a daily basis and keep important information on them like passwords, user names, and credit card numbers. But there are other devices that hold sensitive data that we don't really talk about. For example, printers
Password confessions of a security expert(ITProPortal) I have a confession. It's hard to admit, and I know it might make me a bit of a social pariah and an outcast in the industry I work in but I need to get this off my chest: I used a single password for many online services *deep breath* for a long time
What Businesses Can Learn from Public Safety Analytics(Data Informed) Big data, at its core, is an optimist's game. Using surveys and numbers, we hope to learn why someone buys a certain shaving cream, or one car over another — and then to turn that knowledge into dollars. In this scrutiny, we are imagining ourselves at our most reasonable, our most profitable. But to best understand human behavior, should commerce look at our most destructive acts, too?
Hackers in demand to fight cyber-attacks(Yomiuri Shimbun) Confusing the word "hacker," which usually refers to individuals with expert computer and networking talents, with "cracker," referring to those who use such skills for illegal activities, is considered a major reason why there was little demand in Japan to foster more individuals that have expert computer and information security knowledge
Time To Broaden CompSci Curriculum Beyond STEM(Dark Reading) Having a visual arts background may not be the traditional path for a career in infosec, but it's a skill that makes me no less effective in analyzing malware patterns — and often faster
In the Fight Against Russia, Ukraine Flirts with Kremlinesque Internet Censorship(Global Voices) A new draft law in Ukraine threatened to empower the government to shut down media outlets and block websites in the name of national security. The law, which passed its first reading in parliament yesterday, has exasperated local journalists, civil society figures, and the international community. The outrage grew so loud that today deputies agreed to remove and soften most of the censorship measures, but proposed moving some of them to existing media laws to achieve some measure of control over dissenting media outlets
Rogers sets course for a new era at NSA(FedScoop) There may be more tales yet to come from Edward Snowden, arguably the most wanted man in the world, but Adm. Michael Rogers will be damned if he'll allow one man and a handful of journalists to write the final chapter in the National Security Agency's storied history
Hack.lu 2014(arc Hotel Alvisse, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
Resilience Week(Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day(Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...
Build IT Break IT Fix IT: Build IT(Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
The Hackers Conference(New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...
SEACRYPT 2013(Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...
Build IT Break IT Fix IT: Break IT(Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
Security B-Sides Cape Breton(Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...
BalCCon2k14: Balkan Computer Congress(Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...
Ground Zero Summit, Sri Lanka(Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.
Detroit SecureWorld(Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...
Cyber Attack Against Payment Processes Exercise 1(Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...
Build IT Break IT Fix IT: Fix IT(Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
Suits and Spooks London(London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...
NOPcon Security Conference(Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...
SINET Global Summit(London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...
Cyber Attack Against Payment Processes Exercise 2(Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...
Global Identity Summit(Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...
Fraud Summit Toronto(Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...
Cloud Security Alliance Congress 2014(, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...
CSA Congress 2014 & IAPP Privacy Academy 2014(San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...
Ft. Meade Technology Expo(Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...
The 2014 Cyber Security Summit(New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...
Dutch Open Hackathon(Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation
St. Louis SecureWorld(, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
Rock Stars of Cybersecurity(Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...
VB2014(, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...
DerbyCon 4.0(Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...
BruCON 2014(Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...
ROOTCON 8(, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...
INTEROP(New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.