The Syrian Electronic Army (SEA) resurfaced last week with simple defacements of major British, Canadian, and American media sites, including NBC, CBC, Forbes, the Chicago Tribune, the Telegraph, and the Independent. Closely linked to the Assad regime, and with apparent ties to Hezbollah, the SEA's motives for its Thanksgiving campaign remain obscure.
TechDirt publishes an overview of Syria's Internet censorship, another facet of Assad's information operations capability.
Zscaler believes it's found the Pro-Palestinian hacktivists of AnonGhost distributing the Dokta Chef exploit kit through website defacements.
France's UMP (Union pour un mouvement populaire) conducts internal leadership elections despite hacker disruptions.
Investigation of the Regin cyber espionage campaign continues. Most observers think it's a British operation, with connections to other Five Eyes' services. Circumstantial evidence of GCHQ's hand hasn't stopped breathless op-eds from perceiving Regin as an opening shot (heard 'round the world six years after the trigger was pulled) in a broader US cyber offensive. The security companies who detected Regin defend the delayed timing of their disclosures. Unsurprisingly, Chinese and Russian cyber operations persist, although news about them is somewhat muted by interest in Regin.
Last week's other large exploit — the Sony hack — has apparently caused leaks of unreleased films and personal data of some Sony stars. Some signs point to North Korean responsibility: the Seth Rogen vehicle "The Interview" may be an act of lèse-majesté against Kim Jong-un. Sony has hired FireEye's Mandiant unit to help clean things up.
German, Canadian, Australian, and Qatari surveillance policies receive public scrutiny.
Today's issue includes events affecting Afghanistan, Australia, Austria, Belgium, Canada, China, Colombia, European Union, France, Germany, India, Iran, Japan, Democratic Peoples Republic of Korea, Mexico, New Zealand, Pakistan, Russia, Saudi Arabia, Spain, Syria, United Kingdom, United Nations, United States.
The CyberWire will be covering the 2014 SINET Innovation Showcase this week, live tweeting from the event on Wednesday and Thursday and devoting special issues to the Showcase.
Lessons On Censorship From Syria's Internet Filter Machines(TechDirt) Norwegian writer Mette Newth once wrote that: "Censorship has followed the free expressions of men and women like a shadow throughout history." As we develop new means to gather and create information, new means to control, erase and censor that information evolve alongside it. Today, that means access to information through the internet, which motivates us to study internet censorship
So, who *did* write the Regin malware?(Graham Cluley) No-one knows for sure who created the highly-sophisticated Regin malware that appears to have been spying on organisations in the telecommunications, energy and health sectors for some years
Latest underground big data project: Regin(FierceBigData) While there is much hand-wringing over privacy invasions by governments and corporations involved in big data projects, it's prudent to remember that not all privacy threats come from friendly fire. Quite a bit of data collection is actually underground and decidedly malicious. Case in point: Regin, a malicious platform that spies on GSM networks worldwide. Can you hear me now? Because a gazillion spies can hear you perfectly fine
Why Regin Malware Isn't the Next Stuxnet(Tripwire: the State of Security) Earlier this week, Symantec issued a report about the Regin family of malware. The malware itself appears to be sophisticated enough that many security analysts and researchers believe it was developed by a government specifically for cyber espionage
Aggressive Chinese IP Highlights Attribution Issues(Infosec Institute) Recently, the Norse DarkWolf Labs noted that the IP address 184.108.40.206 had jumped into the top quadrant for malicious activity. Investigation into the activity and the IP itself highlights the many challenges in accurately attributing such events to known actors, as illustrated in this article
Sony hires Mandiant to help clean up after cyber attack(Reuters) Sony Pictures Entertainment has hired FireEye Inc's Mandiant forensics unit to clean up a massive cyber attack that knocked out the studio's computer network nearly a week ago, three people with knowledge of the matter said on Sunday
Hackers With Apparent Investment Banking Background Target Biotech(New York Times) For more than a year, a group of cybercriminals has been pilfering email correspondence from more than 100 organizations — the vast majority publicly traded health care or pharmaceutical companies — in apparent pursuit of information significant enough to affect global financial markets
AGbot DDoS Attacks Internet VNC Servers(Fortinet Blog) Update: After further analysis, we found that this bot will attempt to download another exploit tool from an FTP server once it is able to connect successfully. We will update you once we have more information
Skimmer Innovation: 'Wiretapping' ATMs(KrebsOnSecurity) Banks in Europe are warning about the emergence of a rare, virtually invisible form of ATM skimmer involving a so-called "wiretapping" device that is inserted through a tiny hole cut in the cash machine's front. The hole is covered up by a fake decal, and the thieves then use custom-made equipment to attach the device to ATM's internal card reader
Exploiting MS14-066 / CVE-2014-6321 (aka "Winshock")(Security Sift) I think enough time has passed now to provide a little more detail on how to exploit MS14-066 schannel vulnerability (aka "Winshock"). In this post I won't be providing a complete PoC exploit, but I will delve into the details on exactly how to trigger the heap overflow along with some example modifications to OpenSSL so you can replicate the issue yourself
Black Friday, Cyber Monday for Crooks, Too!(KrebsOnSecurity) Underground cybercrime shops that sell credit and debit card accounts stolen from retailers are slashing prices and promoting their own Black Friday and Cyber Monday sales as fraudsters gear up for the busy holiday shopping season
JoomDonation Compromised(Sucuri Blog) We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into JoomDonation. The emails went to the registered accounts and contained the full names, so it looks like JoomDonation did in fact get breached
Bulletin (SB14-335) Vulnerability Summary for the Week of November 24, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Siemens pushes out emergency SCADA updates(Help Net Security) Siemens has released an out-of-band update for the SIMANTIC WinCC SCADA system, which is integrated in its PCS7 distributed control system and its TIA Portal, engineering software for SIMATIC products that is deployed across several industrial sectors primarily in the US and Europe
SSA-134508: Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC in TIA Portal (Siemens Security Advisory by Siemens ProductCERT) The latest software update for SIMATIC WinCC fixes two critical vulnerabilities. One could allow unauthenticated remote code execution. Siemens has released software updates for WinCC, PCS 7 and TIA Portal. Siemens is working on updates for further versions of the affected products and recommends specific countermeasures until fixes are available
Firewalls are the cornerstone of security(IT Online) Despite claims of its demise, the firewall is still the foundation stone of security deployments. Doros Hadjizenonos, Check Point South Africa sales manager, looks at how it has adapted to combat three decades of threats
The Impact of Collaboration in Cyber Risk Insurance(National Law Review) Former FBI Director Robert Mueller once said, "There are only two types of companies: those that have been hacked and those that will be. Even that is merging into one category: those that have been hacked and will be again." This is the environment in which risk managers must protect their businesses, and it isn't easy
FireMon Extends Network Security Monitoring to AWS and OpenStack(Policy Charging Control) FireMon, the industry leader in proactive security intelligence solutions, has unveiled FireMon Security Intelligence Platform, an expanded network security monitoring capabilities for cloud services, including Amazon Web Services (AWS) and OpenStack Icehouse
MegaCryption Adds Record-Level Encryption for Increased Cryptographic Control and Flexibility(IT Business Net) MegaCryption now offers the ability to encrypt and decrypt individual records for usage in a specific program or transaction, commonly known as record-level encryption (RLE). As a record-level and file-level cryptography solution, MegaCryption provides a comprehensive approach to encrypting virtually any record and file in your z/OS environment while complementing any communication level encryption process you may already have in place. MegaCryption offers support of the most secure non-proprietary and well-known algorithms available today, ensuring security and compatibility with other standard implementations
Review: Oxygen Forensic Suite 2014(Forensic Focus) Oxygen Forensic Suite 2014 is specialist software aimed squarely at mobile phone forensics. It claims to have the "widest range of supported devices" with over 8,400 models listed and is geared towards smart-phones with a particular emphasis on the analysis of data recovered from them
Security/Projects/Bandit(Openstack) Bandit provides a framework for performing security analysis of Python source code, utilizing the ast module from the Python standard library
Crunch — Password Cracking Wordlist Generator(Kitploit) Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations
Leveraging network intelligence and deep packet inspection(Help Net Security) Tomer Saban is the CEO of WireX Systems, a provider of network intelligence solutions. In this interview he talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and illustrates what the information security industry needs to in the next 5 years to combat highly targeted attacks
Dynamic Cybersecurity Needs: Reassessing Security(SmartDataCollective) As a recent report on Defending Data by Nuix found, cybersecurity needs are dynamic — 73 percent of surveyed participants report that their organization's cybersecurity needs have changed in the past year. Another 69 percent expect their needs to change again within another year
Proactive Infosec(CSO) Ongoing security incidents, are we spending in the right places?
The Pando Tor conspiracy troll(Errata Security) Tor, also known as The Onion Router, bounces your traffic through several random Internet servers, thus hiding the source. It means you can surf a website without them knowing who you are. Your IP address may appear to be coming from Germany when in fact you live in San Francisco. When used correctly, it prevents eavesdropping by law enforcement, the NSA, and so on. It's used by people wanting to hide their actions from prying eyes, from political dissidents, to CIA operatives, to child pornographers
SEC Risk Factors: How To Determine The Business Value Of Your Data To A Foreign Government(Digital Dao) The SEC's Cybersecurity Disclosure Guidance of 2011, President Obama's Executive Order 13636 on Critical Infrastructure Cybersecurity (2013) and the launch of NIST?s Cybersecurity Framework (2014) has had a major impact on publicly traded companies and financial institutions who are struggling with quantifying their risk analysis in the new domain of cyberspace
The importance of Street Cred(SC Magazine) Among the many elements that make up a successful information security programme, street cred is one with many ramifications and consequences says Josh Goldfarb
How iboss Network Security approaches innovation(Enterprisers Project) Every company talks about being innovative as a strategic advantage. Paul Martini co-founder and CEO of iboss Network Security sees innovation as a way to solve problems for customers. He and his executive team guide their staff to concentrate on solving problems for customers and use innovative thinking as a way to arrive at their goals
U.N. committee spotlights 'highly intrusive' digital spying(Reuters) A United Nations General Assembly committee on Tuesday expressed concern at digital spying and said unlawful or arbitrary mass surveillance, interception and collection of online data are "highly intrusive acts" that violate the right to privacy
How to evaluate national cyber security strategies(Help Net Security) ENISA issued an Evaluation Framework on National Cyber Security Strategies (NCSS) addressed to policy experts and government officials who design, implement and evaluate an NCSS policy
Qatar cracks down on cybercrime with new laws(Gulf Times) Qatar's Law number 14 of 2014, the Anti-Cybercrime Law (Law), was issued on September 15, 2014, and seeks to target aggressively a wide range of crimes and abuses relating to electronic data and online activity through the imposition of significant penalties
The Cooperative Effort of Cyber Defense(Armed with Science) "Cyber blur" is an enormous challenge to those seeking to defend the nation?s networks, said Navy Adm. Michael S. Rogers, the National Security Agency's director
Ruppersberger nearing end of 12-year run on House intel committee(Baltimore Sun) When Rep. C.A. Dutch Ruppersberger joined the House committee that oversees the nation's intelligence agencies, Osama bin Laden was still alive, Edward Snowden was still in college and the government's response to the threat of cyber attacks was still in its infancy
Vodafone in the Dock After Leaking Hacks' Records to Cops(Infosecurity Magazine) Vodafone accidentally leaked the records of over 1,700 News UK journalists and staffers to the Metropolitan Police Service (MPS) after the cops requested the details of just one hack under investigation last year, it has emerged
DOJ scores two cyber crime wins(The Hill) The Justice Department scored several more punches blows against cyber criminals this week. In separate cases, a judge imprisoned another member of a massive bank hacking ring and the government secured a guilty plea in its first ever conviction for selling smartphone stalking software
School employee charged in cyber attack(Sarasota Observer) The Sarasota County Sheriff's Office charged 28-year-old Michael Levanti with two second-degree felonies for installing malware that affected the district's email system. Deputies arrested a Sarasota County School District technology support employee this morning for allegedly disrupting the school system's computer network in a cyber attack last month
SINET 16(Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...
Healthcare Cyber Security Summit 2014(San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)2 Security Congress, now in its fourth year, (ISC)2 Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East...
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
Tax Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...
Cybersecurity 2015: Beyond the Breach(Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.