skip navigation

More signal. Less noise.

Daily briefing.

Observers note the downside of blocking barbarism on social media. In a dilemma familiar to targeteers, when you jam adversaries, you forego an opportunity to collect against them. Some believe Western intelligence services are seeing an instance of this is Twitter's (understandable) suspension of ISIS accounts.

Hacking groups operating out of Syria, Lebanon, and Russia escalate cyber operations in Syria's civil war.

Community Health Services networks may indeed have had a Heartbleed issue, but reports say they had other problems as well, among them: Asprox, Kelihos, Conficker, Ramdo, Sality, and GamoverZeus. The FBI has issued a general hacking alert to the US healthcare sector.

The UPS point-of-sale breach post mortem continues, with UPS receiving generally positive reviews for its swift containment of the problem.

Krebs reports on the state-of-the-art in hard-to-detect ATM card skimmers — they're small and slender.

Researchers haul up a fresh catch of mobile vulnerabilities: malicious apps, expensive involuntary calls, in-app payment holes, etc.

Palo Alto's CSO offers perspective on the CSO's evolving role.

Frost and Sullivan's analysts forecast a surge in the denial-of-service mitigation market.

Colleges and universities, studies suggest, are particularly vulnerable to data breaches.

An academic study sheds light on the Chinese government's censorship goals and techniques.

Someone claiming responsibility for the recent attack on Gamma that exposed FinFisher details offers a "how-to" guide to the attack. Caveat lector, except for the following: "This is illegal, so you'll need to take same basic precautions." We would add that the basic precaution should be, "just don't."

Notes.

Today's issue includes events affecting Brazil, China, European Union, India, Lebanon, Mexico, Pakistan, Peru, Russia, Syria, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Twitter crackdown on terrorist group hampers U.S. intelligence efforts (Washington Times) U.S. counterterrorism officials say Twitter's crackdown on tweets from the Islamic State is complicating efforts to identify the terrorist group's key members and activities by intelligence agencies that increasingly use social media to spy on the militants

Here's The Final Email ISIS Sent To James Foley's Family (Global Post via Business Insider) American journalist James Foley was murdered by Islamic State militants, who on Aug. 19 publicized the killing in a graphic video uploaded to YouTube

Syrian Cyber-Attacks Expose Activists, Firms to Malware Infection (eWeek) Hacking groups operating from Syria, Russia and Lebanon have targeted activists on both sides of the Syrian civil war with malware campaigns, says security firm Kaspersky

Pakistani hacker hacks Indian ruling party BJP's politician L.K Advani website (Hack Read) A Pakistani hacker going with the handle of Muhammad Bilal from Pak Cyber Experts team has hacked and defaced the official website and blog of Lal Krishna Advani, an Indian politician who is a senior leader of the ruling Bharatiya Janata Party (BJP)

FBI issues cyber-attack warning to healthcare providers (Engineering and Technology Magazine) US healthcare companies have been subjected to a series of cyber-attacks targeting patient data and intellectual property information, the FBI has said

More problems emerge on the Community Health Systems network (CSO) Heartbleed was only half the battle

Firms still hemorrhaging from Heartbleed (FierceITSecurity) Although the Heartbleed bug was revealed months ago, it continues to cause security problems for companies

The UPS Store breach — what went wrong and what UPS got right (Naked Security) Data breaches at 51 UPS Stores in two dozen US states have put as many as 100,000 customers at risk of identity theft and credit card fraud, after malware was found on the stores' networks, the company said

UPS data breach: Another one bites the dust (CSO) What can brown do for you? If you're one of the unlucky customers, the answer might be that brown can compromise your credit card information. UPS revealed that it is the latest high-profile company to fall victim to a data breach resulting from a point-of-sale system compromise

UPS the 41st Company Tied to Point-of-Sale Malware in 2014 (HackSurfer) The UPS Store is just the latest in a long string of companies that have been tied to point-of-sale (POS) malware so far this year

Stealthy, Razor Thin ATM Insert Skimmers (Krebs on Security) An increasing number of ATM skimmers targeting banks and consumers appear to be of the razor-thin insert variety. These card-skimming devices are made to fit snugly and invisibly inside the throat of the card acceptance slot. Here's a look at a stealthy new model of insert skimmer pulled from a cash machine in southern Europe just this past week

Website Add-on Targets Japanese Users, Leads To Exploit Kit (TrendLabs Security Intelligence Blog) In the past few weeks, an exploit kit known as FlashPack has been hitting users in Japan. In order to affect users, this particular exploit kit does not rely on spammed messages or compromised websites: instead, it uses a compromised website add-on

Mobile apps could be abused to make expensive phone calls (IDG via CSO) A security precaution skipped in mobile applications such as Facebook's Messenger could be abused to make an expensive phone call at a victim's expense, a developer contends

Most popular Android apps open users to MITM attacks (Help Net Security) An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing man-in-the-middle (MITM) attacks, and occasionally additional ones, as well

Vulnerability in In-App Payment SDKs May Lead to Phishing (TrendLabs Security Intelligence Blog) Vulnerabilities in apps are always a cause for concern, especially when said apps handle sensitive information, particularly financial. We examined two popular in-app payment (IAP) SDKs — Google Wallet and the Chinese payment platform Alipay — and discovered that these contain a vulnerability that can be exploited for phishing attacks. The versions we analyzed were Google IAP versions 2 and 3 and Alipay SDK 1.0

Your Anonymous Posts to Secret Aren't Anonymous After All (Wired) White hat hacker Ben Caudill is halfway through his sandwich when he casually reaches over to his iPhone, swipes the screen a few times, then holds it up to me. "Is that you?" he asks

Critical Delphi and C++Builder VCL library bug found (Help Net Security) A buffer overflow vulnerability that could be exploited to execute malicious code has been discovered in the Visual Component Library (VCL) library of Embarcadero's Delphi and C++Builder application development environments, and could, therefore, also affect applications that were built by using the software and that use the affected library

A DIY Guide for those without the patience to wait for whistleblowers (Hack Back) I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack sh*t. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request

Security Patches, Mitigations, and Software Updates

Amazon CloudFront Turns on Perfect Forward Secrecy (Threatpost) Amazon Web Services announced that it has turned on Perfect Forward Secrecy and other SSL improvements for its CloudFront content delivery platform

Dropbox beefs up security of shared links — for business users, at least (Tripwire: the State of Security) Earlier this year, it was discovered that Dropbox users had been unwittingly leaking sensitive information, such as their tax returns and mortgage applications because of the way the file-syncing service handled so-called "Shared Links"

Cyber Trends

Hacker Or Military? Best Of Both In Cyber Security (Dark Reading) How radically different approaches play out across the security industry

How the role of the CSO is changing (Help Net Security) Since Steve Katz became the first CISO back in 1996, both business leaders and the security industry in general have been thinking and rethinking the need for such a person and the responsibilities that he or she should have

Brazil, Peru and Mexico rampant with malware attacks in 1H14 (BNAmericas) Brazil, Peru and Mexico saw the highest number of cyber attacks in Latin America in 1H14, especially during the World Cup, according to Russian IT security specialist Kaspersky Lab

Marketplace

Increase in DDoS attack size, frequency will fuel surge in DDoS mitigation market, says Frost (FierceITSecurity) Distributed denial of service, or DDoS, attacks against enterprises are increasing in scale and frequency, prompting firms to invest in purpose-built DDoS mitigation tools

Wanted: Cloud Brokers (InformationWeek) Do you know the ins and outs of cloud software stacks and security? Got the finesse to break through cultural resistance? Then you may have found your next career

Rook Security Earns Spot on Inc. 500 List as One of the Fastest Growing Private Companies in America (BusinessWire) Rook Security, a global IT security provider that offers protection of sensitive data and brand reputation against dynamic emerging threats, today announced that it has earned a spot on the prestigious Inc. 500 list of fastest growing privately-held companies in America. Based in Indianapolis, Indiana, Rook Security achieved 942.3 percent revenue growth between 2010 and 2013

Lastline Secures $10 Million Funding Round (BusinessWire) Lastline, an advanced malware defense platform provider, has raised $10 million from new investors Dell Ventures and Presidio Ventures, as well as existing investors Redpoint Ventures and e.ventures. With the new round of funding, Lastline will continue to focus on serving its rapidly growing, global enterprise customer base as well as new and existing partnerships to improve information security and threat intelligence worldwide

Austin security software maker raises more financing (Austin Business Journal) Toopher Inc., an Austin authentification [sic] software maker, reported raising $790,599 of a planned $815,765 financing

Symantec opens $12m Sydney office (ComputerWorld) Security operations centre expanded as well

Secunia Appoints Jack Wilson as Vice President and General Manager of North America (Broadway World) Secunia, the leading provider of IT security solutions for vulnerability management, today announced the appointment of technology industry veteran Jack Wilson as Vice President and General Manager of North America

Products, Services, and Solutions

AWS Achieves DoD Authorization for Sensitive Workloads (ExecutiveGov) Amazon Web Services has attained a provisional authorization from the Defense Department to help defense agencies process workloads in an AWS cloud platform

CBP, Maryland Prisons Look to Industy for Cellular Phone Protective Technology (SIGNAL) U.S. border patrol agents watched on surveillance videos as suspected drug smugglers chatted on cellular phones. But when agents sought phone records for investigations into the suspected nefarious activity along the Texas-Mexico divide, commercial service providers came up empty-handed. There simply were no logs. How were the smugglers evading commercial providers?

Aorato's directory services application firewall protects Active Directory from attack and abuse (NetworkWorld) The threat landscape has been shifting to more dangerous territory, and companies have been deploying more IT security solutions that are purpose-built to protect specific areas of their broad enterprise environment. One such solution brought to market by Aorato earlier this year is a directory services application firewall (DAF)

WatchGuard Firebox T10 review (IT Pro) Is the Firebox T10 the best featured small business security appliance on the market?

Cloud data security strife receives a silver bullet from HyTrust and Intel (V3) Virtualisation and cloud computing are helping companies overcome geographical barriers and establish flexible IT infrastructures without incurring excessive costs. However, as this new wave of IT grows exponentially, so too do concerns over data security and regulations. Step up HyTrust, which hopes to have solved the internal data theft issues and regulation requirements associated with use of the cloud

Bitdefender updates to Add Android Wear Support (Android Headlines) Add another app to the list of Android Wear apps. Bitdefender has just updated their app to be compatible with Android Wear. So what can you do with Bitdefender on your Android Wear smartwatch? well all kinds of things. Here's their full feature list

Android users — Sophos needs you (and you could bag a prize)! (Naked Security) Sophos is looking for beta testers for the new version of Sophos Mobile Security, our free security app for Android

Technologies, Techniques, and Standards

This Dating Site Is Teaching the Internet an Important Lesson About Anonymity (Wired) Online dating site Zoosk is rolling out a new feature that lets users verify the authenticity of profile pictures

Lessons learned from UPS Store breach (CSO) Experts have a long list of suggestions for retailers to avoid security breaches

NIST vetting guide helps in testing mobile apps (Help Net Security) While many mobile device apps such as a calendar or collaboration tools are very handy and can improve productivity, they can also introduce vulnerabilities that can put sensitive data and network resources at risk

Google Says HTTPS Is A Ranking Signal, But It’s Not Really (Search Engine Land) Is it worth it for webmasters to switch to HTTPS in light of Google's recent announcement?

BladeRunner — Adventures in Botnet Tracking (Arbor Networks) This presentation explores the 'adventurous' side of botnet tracking based on ongoing, in-depth research conducted within the world-renowned ASERT team at Arbor Networks

Six Clicks: Two factors are better than one (ZDNet) Time and again we write about security breaches that would have been prevented by two-factor authentication. What are the ways people do this in the real world?

How Blocking BYOD Leads to Shadow IT (CBR) And here's how to deal with the issue

What can we learn from the top 10 biggest data breaches? (Help Net Security) You can't blink these days without hearing about yet another data breach. While some may be suffering from "breach fatigue" and becoming jaded, we argue that it's more important than ever to take cyber threats seriously

ReMASTering Applications by Obfuscating during Compilation (Trail of Bits) In this post, we discuss the creation of a novel software obfuscation toolkit, MAST, implemented in the LLVM compiler and suitable for denying program understanding to even the most well-resourced adversary. Our implementation is inspired by effective obfuscation techniques used by nation-state malware and techniques discussed in academic literature. MAST enables software developers to protect applications with technology developed for offense

Research and Development

DARPA Uses Preteen Gamers to Beta Test Tomorrow's Military Software (Motherboard) Sieg Hall doesn't look like much from the outside. Located at the University of Washington, the building was constructed in the 1960s, when it was a focal point for Vietnam-era antiwar protests. Before renovations were carried out it had become so dilapidated that students had a tradition of taking home chunks of rock off its façade. If I didn't know better, Sieg is just another nondescript computer science building, not a front line in military research and development

Academia

Colleges and universities among highest risk for data breaches (FierceCIO) While retailers and healthcare organizations have dominated much of the data breach media attention in recent weeks, a new study finds that the nation's colleges and universities are at even greater risk for cyberattacks

Summer program at NYU Poly teaches cybersecurity to young women (Technical.ly Boston) NYU Poly wants more women in the digital security industry. Its summer program for high school-age girls looks to expose them to cybersecurity skills, and potential careers

Legislation, Policy, and Regulation

Reverse-engineering censorship in China: Randomized experimentation and participant observation (Science) Existing research on the extensive Chinese censorship organization uses observational methods with well-known limitations. We conducted the first large-scale experimental study of censorship by creating accounts on numerous social media sites, randomly submitting different texts, and observing from a worldwide network of computers which texts were censored and which were not

Can Cyber Security Legislation Save the EU? (IT Governance) The fact is, the EU is not universally popular with the voters. Even the UK's rising star and media-magnet politician, Boris Johnson, has said that the UK Should Not Fear EU Exit — and he's always on the money when it comes to the voters. Ordinary people are sensing their new political power

DISA to undergo cyber-focused restructure (Federal Times) Defense Department officials are considering a reorganization at Fort Meade, Maryland, that could restructure the Defense Information Systems Agency and other cybersecurity-focused military offices in a bid to better defend DoD networks

Litigation, Investigation, and Law Enforcement

FBI Probing Reported Theft of 1.2 Billion Passwords by Russian Hackers (NDTV) The U.S. Federal Bureau of Investigation is investigating a report by a US cyber-security firm that it uncovered some 1.2 billion Internet logins and passwords amassed by a Russian crime ring, the largest known collection of such stolen data

FTC Approves Final Orders Settling Charges Against Fandango and Credit Karma (FierceITSecurity) Following a public comment period, the Federal Trade Commission has approved final orders settling charges against Fandango, Inc. and Credit Karma, Inc

Kaspersky Lab Partners London Police To Tackle Cyber Crime (TechWeekEurope) Kaspersky Lab to help train the City of London Police on how to tackle the growing cybercrime menace

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Upcoming Events

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community...

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and...

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic...

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.