The "Guardians of Peace" (whoever they are — investigators are getting close to attribution, but investigators aren't talking) invoke 9/11 and threaten Sony with physical attacks on theaters. The US Departments of State and Homeland Security say the threats aren't credible, but Sony cancels the New York premiere of "The Interview" anyway. (Graham Cluley notes that this is a pretty big result for an anonymous post on Pastebin to achieve.) Speculation about Chinese involvement in the attack seems based on thin and circumstantial evidence (and absence of any obvious motive, either political or criminal). Sony now faces two lawsuits: one alleging failure to safeguard employee data, the other alleging negligent disregard that "The Interview" would foreseeably place employee safety at risk.
ESET dissects TorrentLocker ransomware. Two Cisco security products are reported susceptible to POODLE attacks. Security Explorations says it's found vulnerabilities within Google's App Engine.
A Linux vulnerability, which Alert Logic seasonably names "Grinch," potentially provides attackers with root access to Linux systems. While there are no reports of exploitation in the wild, the vulnerability could affect the full range of Linux systems, including those running in the cloud.
Trend Micro assesses the Automatic Identification System (AIS), which since 2002 has provided vessel tracking and identification for the maritime domain. It's found some issues.
Dark Reading and InfoWorld look at the criminal cyber market, respectively describing the most lucrative exploit kits and the difficulties of monetizing stolen data.
Microsoft's fight to keep Feds out of overseas servers has significant privacy implications.
Today's issue includes events affecting Armenia, Australia, China, Ireland, Israel, Democratic Peoples Republic of Korea, Netherlands, United Kingdom, United States.
Hackers Invoke 9/11 in New Chilling Sony Threat(AFP via SecurityWeek) Hackers invoked the 9/11 attacks Tuesday in their most chilling threat yet against Sony Pictures, again warning the Hollywood studio not to release a film which has angered North Korea
NYC premiere of Rogen film canceled as threats fly(AP via KLTV ABC 7) The blow that the hacking attack has dealt Sony is spreading beyond the entertainment corporation itself to theater chains and movie goers alike. And the financial toll is adding up too
Sony Pictures Tries to Restore Confidence of Employees after Damaging Cyber Attack(Macro Insider) In its attempt to restore employees' confidence executives from the Sony Pictures studio said that the company would make an all out effort to recover from the damaging effects brought about by the cyber attack which had exposed not only sensitive employee information but internal communications as well. To address the issue two separate meetings were called — one by the Sony CEO and Chairman of Sony Pictures Entertainment, Michael Lynton and the other by Amy Pascal, the Co-chairman
Could China Be Behind The Sony Attack?(Deadline) Although many believe that North Korea is behind the cyber attack on Sony Pictures, investigators also have looked at the possibility that the Chinese military was behind the original break-in. That might be why Mandiant, the cyber security firm, was brought in to investigate, according to a source who has worked with Sony, Mandiant and the FBI on many previous hack attacks. "Mandiant has investigated so many Chinese attacks," the source said. "It's kind of their forte"
Two Cisco Products Vulnerable to POODLE Attack on TLS(Threatpost) Two of Cisco's products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco's Adaptive Security Appliance software and its Application Control Engine module
Security Vulnerabilities Found in Java Version of Google App Engine(Application Development Trends) Multiple serious vulnerabilities in the Java environment of Google's App Engine (GAE) showed up recently on the radar of researchers at Security Explorations. The flaws in the search giant's platform-as-a-service (PaaS) offering could "allow for a complete Java VM security sandbox escape," the researchers reported on the Full Disclosure mailing list. Escaping the sandbox would allow an attacker to execute code on the underlying system
Android Hacking and Security, Part 16: Broken Cryptography(Infosec Institute) In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. We will also see some of the ways an attacker can exploit this kind of vulnerability
Threats at Sea: A Security Evaluation of AIS(Trend Micro: Security News) Automatic Identification System (AIS) is a system used to enhance maritime safety by providing real-time information such as tracking and monitoring for ships. Since its inception in 2002, it has already been installed in 300,000 vessels across the globe to monitor marine traffic and avoid vessel collisions. The system has also been proven to be useful for accident investigation as well as search-and-rescue (SAR) operations
Banks: Park-n-Fly Online Card Breach(KrebsOnSecurity) Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly, an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide
What's New in Exploit Kits in 2014(TrendLabs Security Intelligence Blog) Around this time in 2013, the most commonly used exploit kit — the Blackhole Exploit Kit — was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals
Breach Therapy: 10 Companies Who Can’t Wait For 2014 To Be Over(Webroot Threat Blog) Whether it be iPhones with bigger screens, major video game releases to make next-gen systems finally worth it, or wearables that are actually appealing to consumers, it's safe to say any technological 'advancement' of this year was overshadowed by the seemingly endless wave of breaches that plagued companies and consumers alike
Security Patches, Mitigations, and Software Updates
2014: The Year of Privilege Vulnerabilities(Dark Reading) Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers
Sony leaks, CIA report highlight the 'Snowden Privacy Paradox'(TownHall) The ongoing leaks of confidential business data from Sony Pictures Entertainment and the U.S. Senate Intelligence Committee report on the use of enhanced interrogation techniques by the Central Intelligence Agency have something in common. Call it the "Snowden Privacy Paradox"
In data security we (lost) trust(The Hill) Companies are losing the battle to protect customer data and information, and what is at stake is one of the most important aspects in the relationship between consumers and the companies they do business with: Trust
Cisco Enhances Security Portfolio With Neohapsis Buy(Forbes) In a bid to enhance its cyber-security capabilities, Cisco recently announced its intent to acquire Chicago-based security advisory firm Neohapsis for an undisclosed sum. The deal is expected to close by the end of January next year. Neohapsis currently provides risk management, compliance advice as well as cloud, mobile and enterprise security solutions to Fortune 500 companies. The deal follows Cisco's acquisition of ThreatGRID earlier this year and will likely enhance Cisco's Advanced Malware Protection portfolio of security solutions and help it improve its network security services, both on-premise and in the cloud. Cisco's AMP products and solutions were originally developed by Sourcefire, which the networking giant acquired in a $2.7 billion deal in 2013
Syniverse enters messaging deal with Grameenphone Bangladesh(Telecompaper) Syniverse has entered a messaging deal with Grameenphone, an operator in Bangladesh and part of the Telenor Group, to provide its subscribers with global-reaching mobile messaging services. By leveraging Syniverse's SMS and MMS interoperability services, Grameenphone subscribers can access messaging experiences across geographic and technological borders
Up and Coming Data Center Appliances for 2015(CloudWedge) Data center appliances are gaining in popularity due to their set-and-forget nature. A data center appliance sits in your data center and performs a specific task that enables you to administrate your network easier and more effectively. Many of the world largest data center equipment manufacturers have begun to build data center appliances in order gain market share in this booming vertical. You might be wondering, "What are some of the top data center appliances I should look out for in 2015?"
Snapchat's Snapcash: Is Peer-to-Peer Payment Safe?(Huffington Post) Do you need to pay a friend back for buying your movie ticket but won't see them for a while? Or maybe you want to send your nephew money for his birthday but fear the check would be lost in the mail? Snapchat has partnered up with Square for a new feature, Snapcash, which allows its users to send and receive money on the app. It's as easy as sending selfies with Snapchat, but how safe is it?
The Trouble with Tor(eSecurity Planet) Confidence that Tor can reliably provide users with anonymity on the Internet has been shattered, thanks to recent revelations. Tor alternatives do exist, however
Passwords are the New Data: Protecting Healthcare's First Line of Defense(Tripwire: The State of Security) From a security perspective, 2014 has clearly been the year of the compromised password. From Yahoo Mail to Apple iCloud to JP Morgan Chase, an alarming number of data breaches are successfully carried out using misappropriated account credentials. There is even a newly discovered piece of malware, known as the Citadel Trojan virus, that's specifically designed to track and abuse passwords that have been stored in open source, freeware password managers
Privacy policies a must to protect your customers(Better Business Bureau via Journal-Advocate) Trust is an essential element of customer relationships. When it comes to Internet security, your customers trust you to protect the personal information they share with you
PuttyRider — Hijack Putty sessions in order to sniff conversation and inject Linux commands(Kitploit) PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an internal penetration test when you already have access to a sysadmin's machine who has a Putty session open to a Linux server. You can use PuttyRider to take control of the remote server using the existing SSH session
Wyden's drive to protect privacy is smart — and on-time(Oregon Live) Even though the Sony hacking scandal makes for juicy water cooler conversation (who knew studio suits doubted Angelina Jolie's talent or thought it funny President Obama might enjoy slavery films?), it hardly approaches in significance the security breach by Edward Snowden. Computer records furnished to journalists by the former government techie showed, among other things, that the National Security Agency had for years secretly vacuumed up huge amounts of telephone metadata from private as well as public sources. It became plain as day, as if anyone had doubted it, nothing anywhere anymore is private
Terrorism insurance in jeopardy as Senate wraps up(USA TODAY) A federal terrorism insurance program that helped revive commercial development after 9/11 is about to shut down unless the Senate can find a way around the objections of retiring Sen. Tom Coburn, R-Okla., in the next few days
Obama likely to sign two bills that could impact arms sales(Reuters) U.S. President Barack Obama is expected to sign in coming weeks two bills passed by Congress despite concerns raised by U.S. officials that they could add time and cost to the already complex process for approving foreign arms sales
Killing Is Not Enough: Special Operators(Breaking Defense) "We have, in my view, exquisite capabilities to kill people," said Lt. Gen. Charles Cleveland. "We need exquisite capabilities to manipulate them"
Litigation, Investigation, and Law Enforcement
Data retention may have helped police in Sydney siege: Abbott(ZDNet) Although the man involved in a fatal siege in Sydney on Monday was well known to police and out on bail, Prime Minister Tony Abbott has said that retaining every Australians' telecommunications data for two years may have helped police in the incident
RiskIQ.com Files Suit Again Risk.io For Federal Trademark Infringement(The Domains) RiskIQ.com. sued Risk.IO, for trademark infringement and unfair competition based upon Risk IO's having improperly and willfully used the names, yesterday in the United States District Court in the Northern District Of California San Francisco Division for trademark infringement asking for disgorgement of profits, for civil penalties, and for preliminary and permanent injunctions enjoining Risk IO, its officers, agents, servants, employees, and all other persons in active concert with it, from unfair and unlawful business practices of directly or indirectly infringing RiskIQ's Trademark
IsoHunt raises a sunken Pirate Bay(Naked Security) Less than a week after Swedish authorities took down The Pirate Bay, fellow swashbuckling site IsoHunt has put all hands on deck and yanked it out of Davy Jones' locker
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
FloCon 2015(Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.