Hackers continue to bite at Sony, with demands to stop distribution of "The Interrogation" and with opportunistic identity theft. Reports say the company received a threat and an extortion demand shortly before it sustained attack. Observers continue to differ over both attribution (Kaspersky and AlienVault releasing information that more-or-less points to North Korea, Norse saying it's got the forensic goods on an insider) and novelty (FireEye's Mandiant calling the attack unprecedented, others calling hooey and pointing to Shamoon, Dark Seoul, and other incidents). But consensus holds that the attack's effects are very serious, and unlikely to be contained by what the Register calls a "don't sue me, bro'" memo.
Iran's Operation Cleaver is seen as that country's emergence as a serious cyber operator: the Islamic Republic has moved beyond counting coup and on to battlespace preparation.
Russian espionage kit Turla (a.k.a. Uroboros, etc.) is back, and infesting Linux systems at watering holes.
Tripwire warns all to take 360's discovery of the "Facebuggerd" Android exploit seriously.
POODLE is also back in the news, and troubling SSL/TLS stacks. A number of popular websites are likely to be affected.
LusyPOS malware is circulating in Russian criminal collaboration sites.
AliExpress and Yik Yak both find themselves dealing with vulnerabilities that expose customer information to potential compromise.
The Federation of American Scientists notes a twenty-year high in US Government patent secrecy restrictions.
There's apparently a growing movement to reconceive denial-of-service campaigns as the cyber equivalent of sit-ins.
Chinese authorities deny Kenyan allegations of cyber attack.
Today's issue includes events affecting China, European Union, Ireland, Italy, Kenya, Democratic Peoples Republic of Korea, Republic of Korea, Poland, Russia, Saudi Arabia, Singapore, United Arab Emirates, United Kingdom, United States.
Hackers Demanded Monetary Compensation from Sony Before Cyber Attack(Variety) An email sent to Sony Pictures chiefs Michael Lynton and Amy Pascal has emerged in which monetary compensation was demanded days before the studio was crippled in a cyber attack. "We've got great damage by Sony Pictures," writes "God'sApstls" in the message that was sent Nov. 21, with the subject line: "Notice to Sony Pictures Entertainment Inc"
Researchers Try to Connect Sony with Saudi Aramco and Dark Seoul Attacks(Norse: Dark Matters) Following malware analysis, researchers at Kaspersky claim that the destructive code used in the recent Sony hack by a previously unknown group called the "Guardians of Peace" (GOP) is connected to the 2012 attack on oil and gas giant Saudi Aramco and the 2013 Dark Seoul hacks, asserting that the same actors may behind all three attacks
New 'Fakedbuggerd' Vulnerability Must be Taken Seriously(Tripwire: the State of Security) In November 2014, information about "Fakedebuggerd" — a new vulnerability used to gain root access to install files on the Android device file system — was published by Chinese antivirus company 360
POODLE attack now targeting TLS(Help Net Security) There's a new SSL/TLS problem being announced today and it's likely to affect some of the most popular web sites in the world, owning largely to the popularity of F5 load balancers and the fact that these devices are impacted. There are other devices known to be affected, and it's possible that the same flaw is present in some SSL/TLS stacks. We will learn more in the following days
LusyPOS Malware Seen in Russian Underground Forums(TrendLabs Security Intelligence Blog) Earlier this month, security researchers discovered a new PoS malware family, which they named "LusyPOS" after a reference in Russian underground forums. We detect this as TSPY_POSLUSY.A. In their analysis, they mentioned that while it had some characteristics linked to the Dexter family of PoS malware, due to its behavior they also linked it to the Chewbacca PoS malware (which we detect as TSPY_FYSNA.A), which is known to use the Tor network to connect to its command-and-control (C&C) servers
More on Wiretapping ATM Skimmers(KrebsOnSecurity) Last month, this blog featured a story about an innovation in ATM skimming known as wiretapping, which I said involves a "tiny" hole cut in the ATM's front through which thieves insert devices capable of eavesdropping on and recording the ATM user's card data. Turns out, the holes the crooks make to insert their gear tend to be anything but tiny
Bulletin (SB14-342) Vulnerability Summary for the Week of December 1, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
ISC Releases Security Updates for BIND(US-CERT) The Internet Systems Consortium (ISC) has released security updates to address multiple vulnerabilities in BIND, one of which may allow a remote attacker to cause a denial of service
Software security in a market for lemons(Help Net Security) There is little doubt that it's difficult to develop secure software. First, you need to be aware of the need for security, accepting it as an important element of software quality. This is generally not something we learn in school. Not that it matters much, given how many developers are skipping education only to dive straight into building software
Healthcare InfoSec: Checking for a Pulse(Trend Micro: Simply Security) Last week, I had the pleasure to attend the SANS Healthcare Security Summit in San Francisco. It was great to see one of the leading educational and awareness organizations team up with the National Health Information Sharing and Analysis Center (NH-ISAC) to put on this important event
The cybersecurity skills gap(SC Magazine) The information security profession, which evolved largely in reaction to threats, is now paying the price of an entire "missing generation." Companies are challenged finding pros with the combination of business and technical savvy that is needed to combat growing threats
CYREN WebSecurity Wins Biz Award(PRNewswire) CYREN (NASDAQ: CYRN) today announced that its cloud-based CYREN WebSecurity solution has been named a bronze winner in the Best New Product of the Year — Enterprise category in Best in Biz Awards 2014, the only independent business awards program judged by members of the press and industry analysts
CRGT Announces Key Hire to Strengthen CyberSecurity Expertise(Virtual Strategy Magazine) Charles L. (Chuck) McGann, the former Corporate Information Security Officer (CISO) for the United States Postal Service (USPS), has joined CRGT Inc. as the Chief Cyber Strategist. His initial responsibilities include assisting customers to meet their Cyber Security goals
TrustPipe Rolls Out Marker-Based Security Technology(Dark Reading) After two years of testing in real-world deployments and at West Coast Labs, digital security vendor TrustPipe emerged from stealth mode today to introduce its breakthrough, marker-based security technology
Facebook launches keyword searching on past posts(Naked Security) Here's news that will horrify those of us whose pasts include truly embarrassing Facebook posts: Facebook has enabled keyword search on past posts, thus killing the concept of privacy by obscurity
Technologies, Techniques, and Standards
Bypassing Windows and OSX Logins with NetHunter & Kon-boot(Offensive Security) The Kali Linux NetHunter platform has many hidden features which we still haven't brought to light. One of them is the DriveDroid application and patch set, which have been implemented in NetHunter since v1.0.2. This tool allows us to have NetHunter emulate a bootable ISO or USB, using images of our choosing. That's right, you can use NetHunter as a boot device which holds a library of bootable ISOs and images
Symantec Renews Support of CyberPatriot at Cyber Gold Level(MarketWatch) The Air Force Association today announced that Symantec Corp. has renewed their support for CyberPatriot, the National Youth Cyber Education Program, as a Cyber Gold sponsor. For the second consecutive year, Symantec has contributed to CyberPatriot, achieving their pledge to provide $1 million in Science, Technology, Engineering, and Math (STEM) grants to non-profit organizations around the globe
The dangers of a militarized internet(Access) Access is celebrating International Human Rights Day by bringing you a series of blog posts covering the next big digital rights challenges. The fundamental freedoms of Expression, Privacy, Association, Conscience, along with a number of others, were codified through the Universal Declaration of Human Rights, which was signed 66 years ago this week
Senate Dem plans 'botnet' bill for 2015(The Hill) Sen. Sheldon Whitehouse (D-R.I.) thinks the 2015 landscape will be friendly to his bill combating hackers who remotely take over millions of computers to launch attacks
Pentagon, Congress make changes to DoD CIO's role(Federal News Radio) The Pentagon is making some adjustments to the role of its chief information officer, intended in part to help lay down where the CIO's role begins and ends with respect to DoD's still-developing cyber doctrine
DoD to begin going live January 1 with core portion of JIE(FierceGovernmentIT) The Defense Department will begin going live with pieces of its Joint Regional Security Stacks on January 1 and will continue rolling out JRSS across locations with the goal of reaching all JRSS installations by the end of 2016, said DoD Acting Chief Information Officer Terry Halvorsen. JRSS will reach initially operating capability across the DoD network by the end of 2016, and JRSS capability will be 98 percent complete by the end of 2017, he said
Kenya: Chinese deny cybercriminal network claim(ITWebAfrica) Last week, media reports focussed on 77 Chinese nationals who were arrested in Kenya after the authorities established that they were running a cyber command centre within the country's capital, Nairobi
U.K. Court Case Against Google Could Clarify Law On Private Data(TechCrunch) The U.K. data protection watchdog, the ICO, has intervened in a court case brought against Google on privacy grounds by a group of U.K. Internet users because it is interested in how aspects of the case might help clarify questions around the jurisdiction of national data protection law vis-à-vis Internet giants, which are invariably based overseas
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
InfoSec Southwest 2015(Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...
Cybersecurity 2015: Beyond the Breach(Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...
Tax Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...
Healthcare Cyber Security Summit 2014(San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.