Sony continues to bleed sensitive information, and Hollywood is spooked by the apparent cost of the cyber attack — its exact price tag remains unknown but is surely very large. The FBI has thrown cold water on early reports of attribution of the hack to North Korea (we await the G-men's, and Norse's, conclusions with interest). Several industry sources sniff disdainfully at what they perceive as an attempt to inoculate Sony from security lapses by calling the attack "unprecedented": precedents (Shamoon, Dark Seoul, etc.) abound.
Patch Tuesday saw more than the usual array of Microsoft updates. Adobe, IBM, VMWare, and Yik Yak all address vulnerabilities, several of which are under active exploitation in the wild.
The season for retrospective and predictive trend studies has arrived. Noteworthy claims include Coalfire's forecast that cyber and risk management costs will double in 2015.
In industry news, Yahoo announces it will henceforth disclose within ninety days all vulnerabilities its researchers find. The Willis Wire thinks crypto-currencies may well prove uninsurable.
A decryption utility for OG3 crypto-malware is released. NIST delays release of its crypto standards report.
CSO believes catchy vulnerability nicknames have actually conduced to faster patching.
The US Congress increases cyber appropriations.
Also in the US, the Senate Select Committee on Intelligence releases a declassified version of its report on CIA interrogation techniques — there are references to cyber intelligence therein.
ISIS recruits using "slick" social media campaigns. Sabu talks of his arrest (for you Russian readers, Sabu would be the Father Gapon of Lulzsec).
Today's issue includes events affecting Australia, Canada, European Union, Germany, Iraq, Democratic Peoples Republic of Korea, Malaysia, Oman, Qatar, Russia, Sweden, Syria, Tunisia, Turkey, United Kingdom, United States.
Timeline: how Sony's two weeks of hacker hell unfolded(Boston Herald) Though Sony Pictures had known for months that North Korea was not pleased with the subject of its upcoming film "The Interview," it wasn't until late November that mayhem broke out, as executives received an ominous threat asking for money three days before employees' computers went down. It was just the beginning of an attack unprecedented in corporate history
Can You Guess Who Benefits The Most From Sony's Data Breach?(Forbes) The recent data breach scandal affecting Sony was not just an event where credit card data was stolen. It was something worse. It was the theft of confidential information from a company followed by the online disclosure of this information to the public. Seth Rogen and James Franco aside, the company's customers, partners and (most importantly) employees were seriously hurt by this
Insider Threats 101: The Threat Within(TrendLabs Security Intelligence Blog) Recent events — both in the United States and in Japan — have forced IT administrators everywhere to reevaluate the possibility of insider threats. Because of their very nature, it can be difficult to handle these problems, particularly because the mindset needed to handle them can vary
File Inclusion Attacks(Infosec Institute) A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files available on the web server or to execute malicious files on the web server by making use of the 'include' functionality. This vulnerability is mainly due to a bad input validation mechanism, wherein the user's input is passed to the file include commands without proper validation. The impact of this vulnerability can lead to malicious code execution on the server or reveal data present in sensitive files, etc
From Russia with love: phishing, hacking and intelligence(The Cyber Security Expert) I'm going to deviate from the usual 'ask the expert' today and talk instead about something I very much enjoy, which is digging around in data, and at the same time highlight the threat from what are apparently Russian state backed hackers. Sounds very Cold War right? Shake that martini and lets go!
Crimeware Marketplaces and Their Facilitating Technologies(Technology Innovation Management Review) The cybercrime community has evolved from one in which criminals develop their own tools into one in which crimeware — tools and services to carry out or facilitate illegal online activity — can be readily bought, sold, traded, hired, or licensed in online marketplaces
Microsoft released seven advisories, three are critical(Help Net Security) December's Patch Tuesday brings us seven advisories, three of which are listed as Critical. Depending on how you want to count it, we see a total of 24 or 25 CVEs because one of the Internet Explorer CVEs in MS14-080 overlaps with the VBScript CVE in MS14-084
Adobe patches Flash zero day under attack(CSO) Adobe has released fixes for six security vulnerabilities in Flash, which includes one that is reportedly under attack, as well as fixes for 20 flaws in Reader and Acrobat
IBM Issues More POODLE Patches, Warns Not to Use SSLv3(IT Jungle) IBM i shops that continue to use SSLv3 to encrypt their communications are susceptible to the POODLE security vulnerability and could have their data compromised, IBM warned today in a security bulletin. IBM also issued new security patches that disable SSLv3 in IBM i's Java runtime. While IBM recommends moving to the newer TLS protocol, many IBM i applications still require SSLv3 and will likely break when it's disabled, IBM warns
Yik Yak Patches Privacy Vulnerability in iOS App(Threatpost) Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical vulnerability in its iOS app that could have de-anonymized users and let attackers take total control of someone's account
Good-bye msfpayload and msfencode(Rapid7 Security Street) On behalf of the Metasploit's development teams, I'd like to officially announce the decision of deprecating msfpayload and msfencode. Also starting today, we no longer support or accept patches for these two utilities. On June 8th 2015, the elderly msfpayload and msfencode will retire from the Metasploit repository, and replaced by their successor msfvenom. The tool msfvenom is the combination of msfpayload and msfencode, and has been in testing for more than 3.5 years
Cost of cybersecurity and risk management to double(Help Net Security) "As 2014 ends, it's clear this was the year everything changed in the world of information security," said Rick Dakin, Coalfire's CEO and chief security strategist. "As high-profile data breaches were announced one after another, consumers stopped believing companies took protecting their information seriously
Cyber attacks now longer than ever(Help Net Security) Cyber attacks have reached a tipping point in terms of quantity, length, complexity and targets. As cyber threats are growing and expanding to new targets, 52% of respondents to a report by Radware, reveal they can effectively fight an around-the-clock campaign for only a day or less
Healthcare Security In 2015: 9 Hotspots(InformationWeek) With data breaches growing, 2015 promises to be the healthcare industry's most challenging security year yet. These nine areas demand attention in 2015
Corporate data: Protected asset or a ticking time bomb?(Help Net Security) Despite a growing number of data breaches occurring under the glare of the public spotlight, 71 percent of employees in a new survey report that they have access to data they should not see, and more than half say that this access is frequent or very frequent
Inside the minds of senior security leaders(Help Net Security) More than 80 percent of security leaders believe the challenge posed by external threats is on the rise, while 60 percent also agree their organizations are outgunned in the cyber war, according to IBM. Technology is seen as a critical component in addressing these security issues and threats, with big data, cloud and mobile named as the most significant areas of prioritization
Security predictions for 2015(IT-Online) 2014 has been particularly busy for IT security professionals. Many of the threats that we predicted at the start of the year duly emerged, while other significant issues caught the entire sector by surprise
United States Ranked Most Committed to Cybersecurity Followed by Canada, Australia, Malaysia, and Oman In Global Cybersecurity (Herald Online) The final results of the Global Cybersecurity Index (GCI) have been officially announced at the ITU Telecom World 2014 taking place in Doha, Qatar. The GCI ranks the United States as the country with the highest national cybersecurity commitment, followed by Canada in second place. Jointly in third position are Australia, Malaysia, and Oman. The GCI is a joint project between private sector firm ABI Research and the UN specialized agency, the International Telecommunication Union (ITU). The aim of the project is to drive the issue of cybersecurity to the forefront of national agendas. The GCI provides insight into the cybersecurity engagement of sovereign nation states
Bitcoin: Impossible to Insure?(Willis Wire) Virtual currency may be an inevitable part of our increasingly virtual world, but that doesn't mean insurance companies have to like it — or insure it
Threat Stack Raises $5M For Its Cloud Security Service(TechCrunch) Last month, at Amazon's re:Invent conference, Threat Stack launched its cloud security solution out of beta during Amazon CTO Werner Vogel's startup launch keynote. The service helps companies that want to use Amazon's cloud computing service to monitor their infrastructure and applications for potential threats. As more businesses start adopting public clouds, the need for services like this is also increasing, something the venture capital community has also realized and Threat Stack today announced that it has raised a $5 million Series A1 round of additional funding
Top Places to Work: IntelliGenesis(Baltimore Sun) IntelliGenesis LLC is a woman and veteran-owned Defense Technology company headquartered in Columbia, MD. Since establishment in 2007, IntelliGenesis has been the premiere provider of Intelligence Analysis, Aritificial Intelligence, Computer Network Operations, and Cyber related Internal Research and Development services
Top Places to Work: KEYW Corporation(Baltimore Sun) KEYW is a total solutions company that focuses on solving the toughest challenges in Cyberspace, Geospace and Counterterrorism. We help our Government and Enterprise customers prevent cyber threats, transform geospatial imaging into intelligence, and combat global terrorism
Following Numerous Data Breaches, Dashlane And LastPass Apps Can Now Reset Passwords For You(TechCrunch) Data breaches like the ones at Target, Neiman Marcus, Staples, Home Depot, and most recently Bebe, are now exceedingly common. Combined with large-scale security incidents like Heartbleed, web users are often asked to quickly change their account passwords to protect themselves against further attacks. Unfortunately, doing so is easier said than done — users tend to re-use their passwords across websites, making it difficult to fully batten down the hatches when one password makes it out into the wild
Lastline Adds OS X Support and Unlimited 10 Gbps Sensors in 6.0 Release of Its Breach Detection Platform(Herald Online) Lastline, a global breach detection provider, today announced the 6.0 release of its software-based security platform. Major updates include the addition of OS X support and a 10 gigabits-per-second (Gbps) sensor interface on standard servers. Lastline offers its security service as an annual subscription, so all new features in 6.0 are included in the existing price per user, making scaling breach detection both flexible and predictable for enterprise customers
Tripwire Announces Integration With Lastline for Advanced Threat Protection(DarkReading) Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions today announced a partnership and technology integration with Lastline, Inc. that provides mutual customers with the ability to detect and defend against breaches caused by advanced and evasive threats. The collaboration is part of Tripwire's Technology Alliance Program (TAP), designed to allow a wide variety of vendors to team with Tripwire to deliver innovative security solutions
DHS S&T App Technology Transitions to Commercial Market(Newswise) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced on Dec. 5, that a mobile app funded by the directorate, has transitioned to the commercial market. Developed by S&T's Visual Analytics for Command, Control, and Interoperability Environments (VACCINE) Center of Excellence, the first mobile security application archiving technology successfully transitioned over through the small business, KryptoWire
Rook Security Certified As PCI Security Standards Council Qualified Security Assessor(BusinessWire) Rook Security, a provider of global IT security solutions protecting sensitive data against dynamic, emerging threats, has successfully completed the PCI Security Standards Council Qualified Security Assessor (QSA) Company testing process and is validated to perform Payment Card Industry Data Security Standard (PCI DSS) assessments
Can we expect a future free from passwords and PINs?(Naked Security) Global authentication working group the FIDO Alliance has released the final draft of version 1.0 of its authentication specifications, which it hopes will reduce or even end our reliance on passwords for online authentication
Moving Mountains In Cyber War: Automated Virtual 'Maneuver'(Breaking Defense) In real-world warfare, troops and tanks maneuver to take advantage of the terrain. In the looking-glass world of cyberspace, however, "maneuver" may mean changing the terrain itself. If the enemy's invading your country, you can dig a trench or blow a bridge, but otherwise you go to war with the landscape you have
Encrypt and password protect existing Mac OS X folders(Julian Evans) One security and privacy feature of Mac OS X (includes Yosemite) that you might not know about is how to encrypt and password protect existing folders. The Disk Utility app allows you to create an encrypted disk image (and when mounted is called a "volume") from an existing folder, thereby hiding the folder from prying eyes
8 Facebook Privacy Settings To Check(InformationWeek) Facebook's renewed focus on privacy brought new settings and apps to the social network in 2014. Check out the settings you should review
Defining cyber roles at DOD(FCW) A recent Defense Department directive is an important clarification of the different roles played by the Pentagon's CIO, principal cyber advisor and other officials in setting the department's cybersecurity policy, acting DOD CIO Terry Halvorsen told reporters on Dec. 5
Statement by President Obama — Report of the Senate Select Committee on Intelligence(IC on the Record) Throughout our history, the United States of America has done more than any other nation to stand up for freedom, democracy, and the inherent dignity and human rights of people around the world. As Americans, we owe a profound debt of gratitude to our fellow citizens who serve to keep us safe, among them the dedicated men and women of our intelligence community, including the Central Intelligence Agency
Release of Senate Select Committee on Intelligence Report(IC on the Record) Release of this report affirms again that one of America's strengths is our democratic system's ability to recognize and wrestle with our own history, acknowledge mistakes, and correct course. This marks a coda to a chapter in our history. President Obama turned the page on these policies when he took office and during week one banned the use of torture and closed the detention and interrogation program. It was right to end these practices for a simple but powerful reason: they were at odds with our values. They are not who we are, and they're not who or what we had to become, because the most powerful country on earth doesn't have to choose between protecting our security and promoting our values
Statement from Director Brennan on the SSCI Study on the Former Detention and Interrogation Program(IC on the Record) Over the past several decades, and especially since the terrible tragedy of 9/11, the CIA has been at the forefront of our Nation's campaign against al-Qa'ida and other terrorist organizations worldwide. The women and men of the CIA have operated around the globe, 24-hours-a-day, working with their U.S. colleagues as well as with foreign partners to prevent terrorist attacks. As a result of these efforts, including the many sacrifices made by CIA officers and their families, countless lives have been saved and our Homeland is more secure
Counterfeit sites seized(Professional Security Magazine) Some 292 domain names illegally selling counterfeit merchandise online to consumers have been seized in an operation by Euro-police body Europol and US Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI), with 25 law enforcement agencies from 19 countries. The 292 names seized are part of project 'In Our Sites (IOS) Transatlantic V'
Cybersecurity's not done until the paperwork is finished(GCN) The Veterans Affairs Department has been dinged once again by the Government Accountability Office for lack of follow-through in its cybersecurity operations. In a recent report, VA Needs to Address Identified Vulnerabilities, the GAO warned that unless VA's security weaknesses are fully addressed, "its information is at heightened risk of unauthorized access, modification and disclosure, and its systems at risk of disruption"
Teen arrested, identified as Polk "swatting" suspect(WTSP) On Sunday, December 7, the Royal Canadian Mounted Police arrested a 17-year-old male suspect in Coquitlam, British Columbia, Canada, after a Polk County Sheriff Office investigation into three incidents of "Swatting" that occurred in Polk County positively identified the young man
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Threats Masterclass(Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...
Healthcare Cyber Security Summit 2014(San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.