Shin Bet and IDF say they stopped a "massive" cyber campaign against Israel during Gaza fighting, which they again say was directed by Iran. Meanwhile Moroccan Hamas sympathizers deface the municipal website of DuBois, Pennsylvania, USA (population 7,794) with messages supporting Gaza (DuBois being a softer target than Tel Aviv).
Observers now generally attribute the JPMorgan cyber attack to Russia. Many security analysts (Ponemon, for one) describe it as unusually sophisticated, and aimed more at demonstrating a significant attack capability (in this case hitting the bank's network layer) than doing direct damage. KnowBe4 says the attack vector was an employee's computer connected to a VPN, but the investigation is ongoing and details are sparse.
Interestingly, FS-ISAC has declined to raise its alert level from "guarded," saying that, unfortunately, they don't see this attack as terribly out-of-the-ordinary.
The campaign against Norway's energy sector (which Statoil says it's recovered from) remains unattributed, but many suspicious eyes are looking toward Russia here as well. Reports say phishing emails led to keylogger installation.
Lizard Squad skids, apparently weary of supporting ISIS barbarians, again invite arrest by hitting Twitch.
Gameover Zeus runs wild in countries where Windows XP remains in widespread use, notably Turkey. Trend Micro says it's found a new BlackPOS malware variant. Mozilla discloses a user data leak from its Bugzilla vulnerability-reporting project.
Dairy Queen, tipped off by banks warning of card-fraud patterns, acknowledges a breach. Other point-of-sale malware investigations continue. Aorato believes it's found an Active Directory angle in the Target breach.
Today's issue includes events affecting Brazil, Canada, China, Iran, Israel, Republic of Korea, Morocco, Norway, Palestinian Territories, Russia, Syria, Turkey, Ukraine, United Kingdom, United States.
The CyberWire is pleased to say we'll be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events. Also, the CyberWire will take a break Monday as our staff enjoys the US Labor Day holiday (and the Maryland State Fair). We'll resume normal publication on Tuesday, September 2.
US banks, Norwegian energy firms latest cyberattack victims(FierceCIO) Large-scale cyberattacks used to make the tech headlines on a monthly, and then weekly, basis. But the pace has increased to almost daily now, with the latest being word of cyberattacks against several financial institutions and approximately 300 energy firms in Norway
KnowBe4 Says Employee PC Wreaks Havoc in JP Morgan Hack(MENAFN) The Wall Street Journal reported today that J.P. Morgan was hacked and suffered a cyberheist called "a significant breach of corporate computer security." Bloomberg reported that the FBI the US Secret Service and even the NSA are investigating the incident that seems to have occurred in mid-August. According Bloomberg Russian hackers breached the bank's defenses and compromised gigabytes of data but exact nature of that data remains unknown. However it was stated attackers "grabbed sensitive data from the files of bank employees including executives"
JPMorgan Working With FBI in Cyber-Attack Probe(AFP via SecurityWeek) JPMorgan Chase said Thursday that it was cooperating with law-enforcement officials to determine the scale of reported cyber attacks against US financial institutions
FBI Examining Whether Russia Is Tied to JPMorgan Hacking(Bloomberg) Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe
US banking group says unaware of any significant cyber attack(Tech 2) An influential U.S. financial services industry group that shares information about cyber threats has said it is unaware of any "significant" cyber attacks, downplaying concerns about possible breaches at JPMorgan Chase & Co and other banks
Cyber attacks on US businesses, banks mounting(AFP via Business Insider) Investigators were digging Thursday to find who initiated and what was taken in an apparent intense hacker effort this month to penetrate the systems of US banks including JPMorgan Chase
Bitcoin Phishing Scam Hits Over 400 Businesses, Says Proofpoint(Spamfighter News) Proofpoint, the e-mail security company situated in California has just exposed one Bitcoin phishing scam that of late targeted over 400 organizations while attempting at deceiving end-users into giving away personal passwords of their Bitcoin purse
FBI-Hunted Hacking Group Continues Attacks, Targets Twitch(Forbes) Despite tweeting out a bomb threat to ground a Sony executive's flight this Sunday and landing themselves on the radar of the FBI, hacking group "Lizard Squad" remains unmolested and continues to orchestrate attacks on various gaming services
Microsoft's Active Directory is missing link in Target breach saga(FierceITSecurity) Once the Target attackers penetrated the retailer's network using stolen credentials from a third party vendor, they exploited weaknesses in Microsoft's Active Directory to get access to the core of its network, according to an analysis by security firm Aorato
Phishers targeting crypto currency and retail sites(Help Net Security) Online payment services and crypto-currency sites are being targeted by phishers. The number of phishing attacks remained high, and the second quarter of 2014 saw the second-highest number of phishing attacks ever recorded in a quarter since the APWG began tracking by quarterly periods in 2008
BIFROSE Now More Evasive Through Tor, Used for Targeted Attack(TrendLabs Security Intelligence Blog) We recently investigated a targeted attack against a device manufacturer, and in our analysis, we found that the malware deployed into the target network is a variant of a well-known backdoor, BIFROSE. BIFROSE has been around for many years now, highly available in the cybercriminal underground, and has been used for various cybercriminal activities
The Evolution of Asprox Malware(Recorded Future) Asprox is the malware used in a long campaign of phishing and drive-by downloads that has recently taken on APT-like evasion techniques, garnering the full attention of FireEye analysts. While the TTPs utilized are not novel — how Asprox's authors aptly evolved the common TTPs over the past six years to become highly efficient, evasive, and technical is unique
Cyber: A Real and Present Danger(Diplomatic Courier) Much has been said in the press of the dreaded threat of 'cyber warfare', but little detail or clarity has given dimension to this threat of sinister activity. Comments from the UK's Secretary of State for Defence Phillip Hammond such as, "It's a new capability… we should explore the boundaries of it," do little to reassure us that world politicians are imbued with the necessary understanding of this emerging threat
Defending Against Hackers of the Future(Bloomberg BusinessWeek) Fully functioning quantum computers don't exist yet, but a lot of really smart scientists think they soon will. A two-year-old startup's 12 employees spend their days trying to figure out what to do if the bad guys get there first
Naval center seeks information assurance assistance(FCW) What: The Naval Surface Warfare Center Corona is seeking a firm fixed price contract for information assurance (IA) certification and accreditation (C&A) support, as well as advanced systems training services
CipherTechs to Extend Managed Network Security Service Offerings Leveraging ForeScout CounterACT Platform(Newswire Today) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced that CipherTechs, a privately held information security services provider, will offer a new suite of managed network security services to its customers enabled by ForeScout's CounterACT™ solution. This offering will provide CipherTechs customers dynamic network and endpoint intelligence, context-based access controls and policy-based mitigation of violations and threats
5 things infosec can learn from adventure games(Help Net Security) As an active adventure gamer and a natural seeker of reusable patterns, I've noticed that some of the things I do to achieve success in video games can be applied to information security
A Primer on BitCoin(Webroot Threat Blog) Editors Note: One day, we found ourselves discussing the security of bitcoin, only to realize that many readers may not truly understand the digital currency. Luckily, a team member's father, Eoin Meehan, is well versed in the subject and has submitted a guest blog to help everyone understand this popular form of cryptocurrency
The NSA's School of Cyber(Armed with Science) The National Security Agency (NSA) is host to one of the most inclusive and formidable cybersecurity training programs in the world. It's a program designed to not only train the future cybersecurity force, but to improve the skills of the teachers — and even civilian counterparts — as well. It's called the College of Cyber
Obama’s next technology guru may be this staunch supporter of women in tech(Quartz) Megan Smith, a former Google executive, is a top choice for the role of the White House's chief technology officer, Bloomberg reported today. If Smith takes the job that would mean the third person to hold the position created by president Barack Obama in 2009 would be a woman, a notable milestone given the gender imbalance of the US tech scene
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
The Hackers Conference(New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...
SEACRYPT 2013(Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...
Build IT Break IT Fix IT: Break IT(Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
Security B-Sides Cape Breton(Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...
BalCCon2k14 (Balkan Computer Congress)(Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking...
BalCCon2k14: Balkan Computer Congress(Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...
Detroit SecureWorld(Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...
Ground Zero Summit, Sri Lanka(Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.
Cyber Attack Against Payment Processes Exercise 1(Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...
Suits and Spooks London(London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...
Build IT Break IT Fix IT: Fix IT(Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
NOPcon Security Conference(Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...
5th Annual Billington Cybersecurity Summit(Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...
SINET Global Summit(London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.