Much political hacktivism around the world over the weekend. The Syrian Electronic Army defaces PayPal UK and eBay websites, Pakistani hackers count coup with claims of 2000 intrusions into Indian sites, and the Svoboda Party (described by Hack Read as "neo-fascist") vandalizes thirty Ukrainian government and media websites.
Yahoo! works to contain (and claims to have done so successfully) last week's attack on Yahoo Mail.
Telecom companies Orange and Bell Canada sustain separate attacks. The criminals in the Bell Canada incident were apparently after sensitive small business data.
A banking Trojan exploits an Android debugging feature in a novel way by using enabled Developer Option as a backdoor into devices.
Daily Motion is still infected and still serving up fake AV malware.
Russia's English-language customs site is hacked, as are sites belonging to the UK's National Health Service.
Romanian police (with a technical assist from Bitdefender) unpack a seized Reveton/Icepol server.
In industry news, investors are watching cyber security start-ups closely. The usual darlings are mentioned in dispatches, but Israeli companies are also entering the market with some éclat.
The Target breach prompts businesses to reevaluate cyber insurance and disclosure policies.
Google may be selling Motorola to Lenovo, but it's keeping Motorola's patents.
High-ranking GCHQ cyber official Andrew France retires to join security startup Darktrace.
Observers comment on and summarize the forthcoming NIST cyber framework. Experts advise businesses on avoiding drive-by malware attacks and recovering from collateral reputational damage.
Legal observers in the US warn of a rise in "COURTINT."
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, France, Germany, India, Israel, Netherlands, Pakistan, Philippines, Romania, Russia, Sweden, Switzerland, Syria, Ukraine, United Kingdom, United States..
30 Ukrainian government and media websites defaced by neo-fascist Svoboda party(Hack Read) Hacktivists from Ukrainian neo-fascist 'Svoboda' party hacked and defaced more than 30 Ukrainian government and media websites. Hackers have left a deface page along with a statement on all hacked websites that 'Svoboda' is ready to seize power in Ukraine and that they are the only real political force in the country. We are ready
Reactions to the Yahoo Mail hack(Help Net Security) Unknown attackers have attempted to access a number of Yahoo Mail accounts and urged users to change their passwords even if they haven't been affected. Here are some of the comments we received
Kaspersky issues data theft warning(ihotdesk) Experts at the Kaspersky cyber security firm have issued a new warning about data theft. The company claims to have seen a spike in the number of loan offers sent through spam email messages in recent months and has posted a new guidance document on the subject
Researchers uncover months-old POS malware botnet(Help Net Security) With the Target and Neiman Marcus breach being all over the news in the last few weeks, the topic of malware that collects card data directly from Point-of-Sale devices has received renewed interest
Android banking malware with a twist in the delivery(Naked Security) Here's an intriguing tale of an Android malware curveball spotted recently in SophosLabs. You're expecting the pitch to come at you in a predictable direction, but a hidden twist in the action brings the onslaught from another angle altogether
Orange: Hackers nab data from 800,000 clients(The Local (French edition)) Telecom giant Orange revealed on Monday that the names, addresses and phone numbers of hundreds of thousands of French customers have been pilfered in a mammoth data breach. Find out how the hackers could cause headaches for those affected
Cyber-attack on Bell supplier highlights rising hacker threat(The Globe and Mail) Bell Canada is the latest big-name company to become ensnared in a hacking incident after announcing that a cyberattack on a third-party supplier compromised the confidential account information of more than 22,000 of its small business customers
Belgian professor in cryptography hacked(De Standaard) A new Belgian episode in the NSA scandal: Belgian professor Jean-Jacques Quisquater, internationally renowned expert in data security was the victim of hacking. And, as was the case in the Belgacom hacking affair, there are indications the American secret service NSA and its British counterpart, the GCHQ might be involved
Today's Cyber Attack on Lawfare(Lawfare) Y'all might have noticed: Lawfare was inaccessible, in an on-again, off-again fashion, for a good part of the day. We asked our hosting service, Blue Water Media, to resolve the problem and report back to us
Seized Server Yields Details on Icepol (aka, Reveton) Ransomware Infections(InfoSecurity Magazine) A malware server was seized by the Romanian police in September 2013. Disk images were provided to Romanian security firm BitDefender, and have since been analyzed, giving insights into both the malware it distributed and the method and reach of the malware distribution network
PSA: Missed Call From A Mystery Number? Be Careful.(TechCrunch) The people who read our site are a pretty savvy lot. You know not to accept checks from distant princes. You can spot a phisher from a mile away. But here's one that might be new for you: scammers are apparently trying to exploit your "missed call" screen, now
Hacker steals teacher's direct deposit paycheck: University says too bad so sad(ComputerWorld) No matter how much you love your job, very few people work for free. About 80% of Americans receive their paychecks via direct deposit, but if a hacker manages to reroute your paycheck to his or her account, is that just tough luck and you don't get paid? That's basically what a faculty member at Western Michigan University (WMU) was told
Security Patches, Mitigations, and Software Updates
The Many Fields of Digital Forensics and Incident Response(SANS DFIR) As the world of information technology grows in size and complexity, sectors within the IT industry become more and more specialized. Within IT, information security used to be considered niche. Nowadays, saying that your're an infosec professional positions you as somewhat of a generalist. After all, within the infosec field there are several specialization areas, including compliance, pen testing, application security, etc
The Internet of Things is under attack!(Silicon Angle) Most of us enjoy using some kind of Internet of Things device these days — after all, IoT devices run the whole gamut of smaller gadgets, including smartphones, tablets, cars, homes, wearable devices and home appliances that are connected to the Internet, as they make our lives so much easier
BYOD and the Internet of Things bring unique challenges for hospital CIOs(Computer World) There are two trends in healthcare that should give hospital IT professionals pause: BYOD and the Internet of Things. The bring-your-own-device (BYOD) trend is certainly not new, but hospitals are still figuring out how to navigate the security concerns. While BYOD is a trend in the corporate world, too, there are two major differences for hospitals. First, the folks accessing corporate networks are, almost exclusively, employees and they use corporate-owned devices for most of that access. Second, when they do use their own devices, they are mostly reading email, not accessing sensitive data
Troubling increase in data breaches(Sea Coast Online) Did you know that this past Tuesday was National Data Privacy Day? I hope so, otherwise we could be in for another record year for data breaches. This is not a record to aspire to. Last year, more than 740 million online records were exposed. This is not something we want to see repeated or made worse
Patching times improved in 2013 as vulnerability battle goes on(TechWorld) Report finds improvement but is is enough? Software vendors have improved their response to security flaws in the last 12 months but some still take too long to patch the highest-risk vulnerabilities, figures from Swiss testing firm High-Tech Bridge have suggested
Cyber Security Providers Prepare For New Wars(The Street) The New Year has been auspicious for cyber security companies. FireEye's (FEYE_) agreement to pay nearly $1 billion for Mandiant in early January suggests that M&A activity will remain high in 2014. Companies such as KEYW Holding (KEYW_), Palo Alto Networks (PANW_), Imperva (IMPV_), Proofpoint (PFPT_) and Qualys (QLYS_) have made double-digit percentage gains in share price since FireEye announced the purchase
Watch out Silicon Valley: Israel's cybersecurity start-ups are coming (CSO Salted Hash) When most people think about Israel, topics like Middle East peace talks or touring Holy Land sites usually come to mind. But over the past few years, a powerful transformation has been occurring in focused areas of science and technology in Israel. It's time to take a new look
Private Companies: Risks, Exposures and Insurance(The D&O Diary) In general, and at least in the United States, executives at public companies don't need to be convinced that their companies need to have D&O insurance. That is not always true with officials at private companies. Some officials at some private companies — particularly very closely held private companies — are skeptical that they need the insurance. These individuals believe they will not see any claims that would trigger the insurance
The Target Cyber Breach and Cyber Disclosure Practices(The D&O Diary) In a front-page, above-the-fold article on Saturday, January 18, 2014 — that is, more than a month after Target first learned from the Secret Service that the company had been the subject of a massive cyber security hack — the New York Times reported that the company was vulnerable to the cyber attack because its systems were "astonishingly open — lacking the virtual walls and motion detectors found in secure networks like many banks'"
Tony Smeraglinolo: Engility Targets New Contract Vehicles As DRC Buy Closes(GovConWire) Engility Holdings (NYSE: EGL) has closed its $11.50-per-share acquisition of Dynamics Research Corp. as part of a growth strategy to target markets such as healthcare and homeland security. DRC holds 300 active contracts and that figure includes several positions on indefinite-delivery/indefinite-quality contract vehicles awarded by the Defense Department and civilian agencies, Engility said Friday
This Company Says Its Technology Could Have Detected Snowden's Intrusions(NextGov) Government servants are hardly the best paid employees in the world, even if they are spies. But the older ones do have pensions of the sort most young people could never imagine. So why would a 30-year veteran of Britain's secret service, with a "gold-plated" pension to look forward to, leave his position as deputy director for cyber defense operations at GCHQ (The Government Communications Headquarters, Britain's equivalent to the US's National Security Agency) for a start-up with no history and no security
Google Highlights Value of Patents in Motorola Sale to Lenovo(IEEE Spectrum) Google has exited the smartphone manufacturing business and shored up Android's legal defenses in the smartphone patent wars in a single week. The technology giant sold off Motorola Mobility to Lenovo in a US $12.5-billion deal on Wednesday that allowed it to hold onto most of Motorola's patent portfolio
Dell's Android Dongle Dare(InformationWeek) $129 Cloud Connect, a wireless network card, turns any modern display into a computer; use with Android apps, virtualized PC desktops, and Dell cloud services
What You Need To Know About The Cybersecurity Framework(Information Security Buzz) On February 13, 2014, the National Institute of Standards and Technology (NIST) plans to publish a comprehensive and detailed cybersecurity framework for critical infrastructure sectors. Developed pursuant to a February 2013 executive order issued by President Obama, this cybersecurity framework promises to fundamentally alter how critical infrastructure asset owners and technology suppliers develop, implement and update their cyber risk assessment and protection systems
Fuzzy math: The need for a national cyber breach notification standard(SC Magazine) It is a well-known fact that cyber attacks pose a significant risk to businesses. Most recently, we have seen how the cyber attack on Target resulted in lower sales, higher costs, and a loss of customer trust. In addition, business partners, such as the card issuers and payment processors are also impacted financially by this breach. According to Lloyd's Risk Index Report for 2013, only high taxation and loss of customers ranked higher than cyber security as top concerns faced by global businesses. The key difference between these top two risks and cyber risk is the availability of information
How Difficult Is Your Maze? How To Be A 'Hard Target'(SecurityWeek) Suddenly, an early 90's Jean Claude Van Damme movie is relevant again, at least due of its name. Every security team that can fog a mirror is asking the question "what just happened at Target, and how do we make sure that doesn't happen to us?". The objective, of course, is to be a "hard target" — that's a great goal for any security practice (although in the real world, it doesn't involve bumping off the bad guy at the end of the movie)
Forensic analysis of the ESE database in Internet Explorer 10(Forensic Focus) This project started out as a collaboration with the Swedish Tax Agency (SKV) in Gothenburg. Due to time issues, they are not able to acquire images of drives in many of their investigations and are thus forced to gather as much data as possible using live forensics. They presented us with a problem they encounter while doing live forensics on various systems; the browser artifacts are often difficult to acquire due to outdated software or time-frame problems. In early draft versions our project goal was therefore to create a script for EnCase, using EnScript, which would be able to parse web artifacts from the latest versions of the browsers Internet Explorer, Firefox, Chrome, Safari and Opera and present this in an easily-readable format
More From Strings(Total Hash) If you have viewed the analysis page for a sample on the #totalhash site you might have seen a section entitled strings. Strings can be a great way to get some more information from a sample in a very quick way without having to resort to dynamic analysis
Identifying and Protecting Sensitive Data(Dark Reading) You already know the story: enterprises need strong security to keep their secrets secret, but data protection is a tough beast to tame. There are countless variables to consider, and different data types require different treatment. Add the constant x factor of human unpredictability and you have a potentially feral pack of valuable data, complexity, and fallibility
Defending against drive-by downloads(Help Net Security) In case you haven't heard the term before, a drive-by download (DbD) is a class of cyber attack where you visit a booby-trapped web site and it automatically, and silently, downloads and executes malicious
When an Attack isn't an Attack(Internet Storm Center) I think I have seen it referred to as the "X-Files Effect". You just installed a new firewall or IDS, it is still all new and shiny and the logs are still fresh and interesting. Looking at your logs, it starts dawning at you: "They are out there to get me!". While many of these attacks are attacks, there are also quite a few false positives that typically show up in your logs. At this point, lets quickly define false positives: These are either benign traffic that is mistaken for an attack, or an attack, that just doesn't affect you (famous SQL Slammer attack against a Linux host)
Stopping the Edward Snowden in your Organisation(CollaboristaBlog) In the eyes of some, NSA whistleblower Edward Snowden is a hero who leaked information about top secret state-sponsored surveillance operations to journalists, stoking a global debate on privacy. But from the point of view of his employer, he hardly turned out to be a model staff member
Want privacy? Build a new Internet(VB) The Internet was simply not designed with privacy in mind. We don't have to look much further than the continued cybersecurity revelations to prove that state-run agencies and hackers alike continue to carjack the Information Superhighway
Research and Development
Hopkins researchers are creating an alternative to Bitcoin(Baltimore Sun) Zerocoin is an anonymous, cash-like, virtual currency. Inside a drab computer lab at the Johns Hopkins University, a team of researchers is trying to build something that has never existed before: a digital currency that changes hands completely in secret. Its name is Zerocoin
Canada's Eavesdropping Agency Blasts Tradecraft Leak(SecurityWeek) Canada's ultra-secret eavesdropping agency on Friday blasted the disclosure of its tradecraft, after it was reported the agency had tracked airline passengers connected to Wi-Fi services at airports
Needed: More eyes on Canada's spies(The Globe and Mail) The playful, almost giddy tone of the Communications Security Establishment Canada's power-point presentation that was revealed last week suggests an extraordinary lack of perspective on what the spy agency's powers and duties consist of — and what is against the law
John Kerry seeks to calm German anger at NSA reports(Tech2) U.S. Secretary of State John Kerry said Friday that relations with Germany have gone through a "rough patch" recently because of revelations about NSA spying, but insisted that the two countries can put the episode behind them
FACT CHECK: NSA leaks worst intelligence breach?(Wichita Falls Times Record News) The U.S. intelligence chief, James Clapper, said this week that the loss of state secrets as a result of leaks by former National Security Agency analyst Edward Snowden was the worst in American history. Clapper backed up his assertion with dire forecasts about emboldened enemies abroad, but some historians and researchers said the U.S. has struggled with even more devastating intelligence breakdowns over the past century
White House Added Last-Minute Curbs on NSA Before Obama Speech(Wall Street Journal) On the day before President Barack Obama gave a highly anticipated speech on the National Security Agency, White House officials rushed to include additional surveillance restrictions to address concerns of privacy advocates and the president's own review panel, said people familiar with the process
Why the NSA gets higher marks for privacy than business(ComputerWorld) Those of you following the steady stream of news stories on the National Security Agency's insatiable appetite for information already know that the spy agency has figured out how to snatch data from mobile apps. Since 2007, The NSA and its partner Britain's Government Communication Headquarters (GCHQ) have siphoned from apps address books, buddy lists, phone logs and geographic data
Clapper Praises Rogers' Nomination as Next Cyber Chief(American Forces Press Service) Director of National Intelligence James R. Clapper has praised President Barack Obama's nomination of Navy Vice Adm. Michael S. Rogers to be the next commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service
Healthcare IT Security at Risk Due to Business Associate Negligence(SecureWorks) Healthcare companies and businesses that do contract work for them may soon be left singing the blues to the tune of an old popular song by The Who. I can hear the new lyrics now: "Too much, Omnibus." That "too much" could refer to rising penalties for noncompliance with HIPAA requirements under the new Omnibus Final Rule Summary, which went into effect Sept. 23 and has a maximum penalty of $1.5 million per violation
Judges Poised to Hand U.S. Spies the Keys to the Internet(Wired) How does the NSA get the private crypto keys that allow it to bulk eavesdrop on some email providers and social networking sites? It's one of the mysteries yet unanswered by the Edward Snowden leaks. But we know that so-called SSL keys are prized by the NSA — understandably, since one tiny 256 byte key can expose millions of people to intelligence collection. And we know that the agency has a specialized group that collects such keys by hook or by crook. That's about it
Delayed breach response prompts lawsuit against Kaiser(FierceHealthIT) California Attorney General Kamala Harris sued Kaiser Foundation Health Plan Inc. in state court on Jan. 23, alleging the company was too slow to notify more than 20,000 current and former employees that their personal information was compromised in a 2011 security breach, Law360 reported. In the breach, an external hard drive that contained personal information of Kaiser employees—including Social Security numbers, dates of birth and addresses—had been sold to a member of the public at a thrift store
Dallas student accused of 'cyber terrorism'(Luzerne County Citizens' Voice) A tenth-grade Dallas High School student is being accused of a "cyber terrorism" attack on the school's computer system last week, but his attorney claims he's innocent
Operation Endeavour: The Tip of the Iceberg?(Forensic Focus) In mid January 2014, reports began emerging of a cybersex ring that had recently been under investigation in the Philippines. Crime agencies across the UK, USA, Australia and the Philippines themselves have been working together since 2012 on a case codenamed Operation Endeavour, and recently results have started to be published in the media
Hackers file complaint against government(The Local (German edition)) Hacking group, the Chaos Computer Club (CCC), has filed a criminal complaint against the entire German government, including Chancellor Angela Merkel, over the spying scandal
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Training Forum at NGA(Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...
U.S. Department of Commerce Technology Expo(, January 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact...
Cyber Security 2014(, January 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security...
Security Analyst Summit 2014(Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.
FBI HQ Cloud Computing Vendor Day(, January 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing...
Free OWASP Training and Meet Up(San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Nellis AFB Technology & Cyber Security Expo(, January 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...
Cloud Expo Europe(, January 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex...
Suits and Spooks Security Town Hall(, January 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton...
Trustworthy Technology Conference(, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens...
Creech AFB Technology & Cyber Security Expo(, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.