skip navigation

More signal. Less noise.

Daily briefing.

The UK's Ministry of Justice was hit by a distributed denial-of-service attack earlier this week. Websites were unavailable for several hours before service was restored.

Anonymous Ukraine claims to have accessed communications belonging to the Ukrainian Democratic Alliance for Reform.

The University of Toronto's Citizen Lab says Hacking Team's RCS lawful intercept tool has been found monitoring the Ethiopian Satellite Television Service (ESAT).

Kaspersky has released the slides from its presentation on Mask, to an accompanying chorus of dire predictions from security companies that Mask foreshadows an escalating cyber arms race.

Fazio Mechanical speaks out on the Target breach. TechTarget raises questions about Target's PCI compliance.

The ongoing spam campaign directed against Bitcoin exchanges raises questions about virtual currencies' viability.

Kaspersky researchers report that weak implementations of Absolute Software's Computrace anti-theft software can be remotely hijacked.

The US National Institute of Standards and Technology has released its long-anticipated "Framework for Improving Critical Infrastructure Cybersecurity." The document, which will probably become the de facto standard applied in regulation and litigation, has three basic components. A "Core" prescribes a set of common activities designed to provide a high-level view of risk management. "Profiles" are intended to help organizations align cybersecurity with business requirements. Four "Tiers" help organizations evaluate cybersecurity implementations and manage risk. Observers note that work remains to be done on privacy and the special needs of small businesses.

The University of Nebraska and the Indian Institute of Technology Delhi announce they'll undertake cooperative research into information assurance and cyber security.

Notes.

Today's issue includes events affecting Canada, Ethiopia, European Union, India, Italy, Malaysia, Netherlands, Russia, Ukraine, United Kingdom, United States..

Monday, February 17, is Presidents Day in the US, and the CyberWire will take a break in observance of the holiday.

Cyber Attacks, Threats, and Vulnerabilities

Cyber Attack On Ministry Of Justice Website (Sky News) The Government department's site was overloaded by a distributed denial of service attack (DDoS), which left it out of action

Anonymous Ukraine Claims to hack and leak secret email conversations of Vitali Klitschko's UDAR party (HackRead) Activists in Ukraine are fighting a battle on ground, while hacktavists are putting their share online. The Anonymous Ukraine, in an email to us claimed that it has hacked and leaked hundreds of email conversations belonging to Vitali Klitschko's Ukrainian Democratic Alliance for Reform of Vitali Klitschko Party (UDAR). Hackers have uploaded the hacked email

Hacking Team Spyware 'Hits Ethiopian Journalists' (TechWeekEurope) "Lawful intercept" tech allegedly used in attacks on Ethiopian journalists, as civil rights activists fret about abuse of the software

Slides from Kaspersky's 'The Mask' malware presentation (ZDNet) Researchers shared their discovery and research on espionage malware "The Mask" (aka Careto) at the Kaspersky Labs security summit this week. ZDNet took photos of the presentation

'The Mask' malware sets standards hackers are sure to follow (CSO Salted Hash) Malicious software can steal encryption keys used in machine-to-machine communications

Vendor speaks out on Target data breach (FierceRetailIT) It is so unfortunate and strange that Target's (NYSE: TGT) massive data breach can be traced back to one vendor. An HVAC vendor at that. However, that is what investigators found after the months-long investigation into the breach

Target Corp. Breached at Weakest Link (Epoch Times) Target could be fined up to to $1.1 billion in class action suits

Target breach details: Was the retailer PCI DSS compliant? (TechTarget) I've been catching up with the latest Target breach details, and current speculation is that the retailer may not have been complying with PCI DSS regulations in a number of ways. Can you shed any light on the incident? What PCI provisions may have been violated

Cyber attack on bitcoin a big warning to currency's users (Reuters via the Chicago Tribune) A massive cyber attack from unknown sources that has been spamming bitcoin exchanges is highlighting some of the dangers people can encounter when they exchange cash for digital currencies like the bitcoin, experts said on Wednesday

Sands cyber attack raises privacy concerns (Fox5 Vegas) The websites for the Venetian and Palazzo are still down after hackers attacked the Las Vegas Sand Corp. on Monday. The hack seems to be politically motivated. Anti-weapons of mass destruction messages were posted with a picture of Sands Chief Executive Officer Sheldon Adelson with Israel's prime minister

Absolute Computrace anti-theft software can be remotely hijacked (Help Net Security) Kaspersky Lab's security research team published a report confirming and demonstrating that the weak implementation of anti-theft software marketed by Absolute Software can turn a useful defensive utility into a powerful utility for cyberattackers

Online love scams flourish around Valentine's Day (CSO Salted Hash) Online dating and romance sites are obviously popular and because of that, regardless of the millions of admonitions to watch out for con artists, they are also a growing favorite of heartless scammers

In the wild: Phony SSL certificates impersonating Google, Facebook, and iTunes (Ars Technica) Bogus credentials may be enough to ensnare some smartphone apps, researchers say

Linksys Worm Captured (Internet Storm Center) Finally our honeypot did capture something that looks like it is responsible for the scanning activity we see

Oracle Confirms Existence of 30 Security Holes in Java Cloud Service (Softpedia) Security Explorations has informed me that Oracle has confirmed the existence of the 30 Java Cloud Service security issues reported to the company in late January

Malicious campaign relies on rogue WordPress sites, leads to client-side exploits through the Magnitude exploit kit (Webroot Threat Blog) In a cybercrime ecosystem populated by commercially available WordPress brute-forcing and mass vulnerable WordPress installation scanning tools, cybercriminals continue actively capitalizing on the platform's leading market share within the Content Management System's market segment

Embassy Suites Acknowledges Data Breach (eSecurity Planet) Credit card information was illegally obtained 'with a manual device,' according to the hotel

Security Patches, Mitigations, and Software Updates

MS update coming to block MD5 digital certificates (ZDNet) On Patch Tuesday, Microsoft will issue an update that removes support for TLS/SSL and other digital certificates that use MD5 hashes

Cyber Trends

Why hacktivism scares security leader Eugene Kaspersky (CDN) There are a lot of threats in the cyberworld but one that concerns Eugene Kaspersky the most is hacktivism

Cyber security experts face big challenges in wake of Target breach (Phoenix Business Journal) Institutionalizing cyber security standards and certifications. Quantifying economics of cyber defense to companies. Finding ways to automate fraud detection to reduce human capital investment

US Companies Ahead Of Their European Counterparts In Cyber Security Readiness, Survey Reveals (gnomes) Hacktivism and malicious insider threats (intentional leaks) perceived to be on the rise

Marketplace

Lockheed Martin CEO Hewson pushes small business incentives for cyber adoption (Baltimore Business Journal) Lockheed Martin Corp. CEO Marillyn Hewson is pushing incentives for small and midsize businesses to comply with a new cyber security framework announced by the Obama administration Wednesday to lock down the country's most vulnerable computer networks

Failed Obamacare website-maker scored $6 billion Homeland Security contract weeks before flop went live (Daily Caller) The company that botched the Obamacare website landed a five-year, $6 billion contract with the Department of Homeland Security (DHS) less than a month before the Obamacare site disastrously went live

Trend Micro targets 35% revenue growth in 2014 (The Sun Daily) Security software company Trend Micro Malaysia Sdn Bhd is targeting 35% growth in revenue this year, driven by its consumerisation, cloud and virtualisation as well as cyber threat solutions

FireEye Still Operating at a Loss, Despite Revenue Growth (eSecurity Planet) Enterprise security firm FireEye grows revenue by 94 percent in 2013. But that increase wasn't enough for it to turn a profit

Why FireEye, Inc. Shares Plunged (The Motley Fool) Although we don't believe in timing the market or panicking over market movements, we do like to keep an eye on big changes — just in case they're material to our investing thesis. What: Shares of FireEye (NASDAQ: FEYE ) plunged 11% Wednesday after the cyber-security specialist beat expectations with its fourth-quarter results, but followed with disappointing forward guidance

RedSeal Networks Appoints Board Chairman Ray Rothrock Chief Executive Officer (Fort Mill Times) RedSeal Networks, the leader in network infrastructure security management, today announced that Ray Rothrock, chairman of the board of directors, is appointed chief executive officer

Christian Mezger Promoted to CFO at Ciber (GovConWire) Christian Mezger, formerly senior vice president of finance at information technology consulting company Ciber (NYSE: CBR), has been promoted to chief financial officer

Michelle Hertz Promoted to General Counsel at CGI Federal (GovConWire) Michelle Hertz — who joined CGI Federal as managing counsel in 2010 and is also a vice president and corporate secretary there — has been promoted to general counsel, GovCon Wire has learned

Products, Services, and Solutions

Richard Clarke: Context Relevant, Good Harbor Team to Help Target Cyber Threats (GovConWire) Good Harbor Security Risk Management and big data analytics software developer Context Relevant have forged a cybersecurity alliance that will work to help customers counter threats

Carahsoft to Offer ReversingLabs Products on GSA Schedule; Michael Shrader Comments (ExecutiveBiz) Carahsoft Technology has added cyber threat product provider ReversingLabs to its General Services Administration schedule as part of a partnership on bringing ReversingLabs' solutions to public-sector customers

Bitdefender Wins AV-TEST #1 Spot in Protection and Performance (Broadway World) Bitdefender, the innovative provider of antivirus software solutions, was confirmed as the global leader in its field after winning awards for both protection and performance in 2013's independent home user trials by AV-TEST. Bitdefender earned perfect scores for protecting users against malware and zero-day attacks and maintaining the lowest possible impact on the system

Wombat Security Technologies Adds Automation to Security Awareness and Training to Significantly Improve Employee Response to Potential Cyber Attacks (CEN) Wombat Security Technologies (Wombat) today announced a market innovation in security awareness training that automates educational programs to dramatically improve employee engagement in, and completion of, cyber security training

HP says server security and safety updates will remain free (Help Net Security) The news that starting on February 19, HP will provide firmware updates for its servers only to customers with a valid warranty, Care Pack Service or support agreement, has hit like a ton of bricks those who haven't and don't intend to pay for the service

Technologies, Techniques, and Standards

Feds Launch Cyber Security Guidelines For US Infrastructure Providers (InformationWeek) The White House on Wednesday released the first version of its cyber…the Department of Homeland Security is also launching a voluntary Critical

Framework for Improving Critical Infrastructure Cybersecurity (NIST) The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company's bottom line. It can drive up costs and impact revenue. It can harm an organization's ability to innovate and to gain and maintain customers

NIST Roadmap for Improving Critical Infrastructure Cybersecurity (NIST) This companion Roadmap to the Framework for Improving Critical Infrastructure Cybersecurity ("the Framework") discusses NIST's next steps with the Framework and identifies key areas of development, alignment, and collaboration. These plans are based on input and feedback received from stakeholders through the Framework development process particularly on the "Areas for Improvement" section of the Preliminary Framework, which has been moved to this document

Cybersecurity framework released with incentives unfinished and privacy appendix gone (FierceGovIT) The federal government today released a framework for cybersecurity meant for voluntary adoption within the private sector while acknowledging that work remains to be done in constructing incentives for adoption, and within the framework itself

White House Unveils Cybersecurity Plan For Big Firms, Looks To Silicon Valley Next (TechCrunch) The Obama administration unveiled Wednesday a long-awaited plan for bolstering the cybersecurity of critical-infrastructure providers — including big information technology and communications companies — and is gearing up to try to enlist smaller Silicon Valley shops in its battle against hackers

Verizon Comments on NIST Cyber Framework (Wall Street Journal) President Obama on Wednesday (Feb 12) released the National Institute of Standards and

AWWA Releases Cybersecurity Guidance Document (EP Magazine) The association notes that the FBI, the Department of Homeland Security, and the National Intelligence Agency agree cybersecurity is … available guidance document to help water utilities reduce their vulnerability to cyber attacks

How Big Data Could Help the U.S. Predict the Next Snowden (Defense One) National Intelligence Director James Clapper, at Tuesday's Senate Armed Services Committee hearing, asserted (again) that malevolent insiders with access to top secret material, like Edward Snowden, constituted a top threat to our nation's national security. The lawmakers agreed and pressed Clapper to explain how he was changing the practices within his office and across the intelligence community to prevent another Snowden-scale data breach. One key step that Clapper outlined: our nation's top intelligence folks will become subject to much more surveillance in the future

PayPal chief says his staff should remember their PayPal passwords. I say he's wrong (Graham Cluley) A bigwig at PayPal says staff can clear off if they can't remember their passwords. But, I say he's wrong. It's a good thing if you can't remember your passwords

Revamping an old technology to jam the GPS jammers (Naked Security) Illegal GPS jammers, sold cheap online, can endanger space stations and ship navigation, not to mention potentially preventing emergency calls or keeping rescue teams from homing in on injured people. But recently, a new version of an old, longwave technology, eLORAN, is showing great promise in

Biometric authentication adds layers of IT security, one blood vessel at a time (TechTarget) Google most common passwords 2013, and you'll find that 123456 has nudged out password for the No. 1 spot. Yep, those easy-to-remember and oh-so-easy-to-hack favorites are still in play. (Cue the collective CIO sigh.) But there's good news on the not-so-distant horizon

How PCI 3.0 changes the PCI DSS penetration testing requirement (TechTarget) I saw that the PCI DSS 3.0 preview made penetration testing a requirement for everyone, including SMBs. Could you detail what exactly is required out of PCI DSS penetration tests to achieve compliance? What do you think would be the cheapest method for SMBs to meet this requireme

How Windows XP end of life conflicts with PCI DSS requirement 6.2 (TechTarget) I work for a regional retailer, and we still utilize Windows XP machines throughout most of the organization. Our IT team has tried to convince higher-ups of the need to migrate to newer OSes, but they frankly don't seem to care, as long as the machines they have are still functioning. We process millions of card transactions a year, so we're obviously subject to PCI DSS requirements. I'm curious how Windows XP reaching end-of-life status will impact our PCI compliance status. Will it matter to a QSA that we're running XP machines, and if so, is there a way to stay compliant, particularly after XP updates end in 2014

Academia

NU announces collaboration with Indian institute (SFGate) The University of Nebraska says it's collaborating with the Indian Institute of Technology Delhi to study information assurance and cyber security

Legislation, Policy, and Regulation

On NSA surveillance, privacy panel presents divided front (CBS News) Internal divisions were on full display Wednesday as the panel of privacy experts that reviewed the National Security Agency's mass surveillance program testified before a Senate committee

NSA Surveillance Proponent Unsure if Program Will Continue (Defense News) A vocal proponent among US Senate liberals for controversial National Security Agency (NSA) surveillance efforts says the program could be shut down, and experts are unsure how many Americans' phone numbers have been gathered

A Coalition Unites To Fight NSA Overreach (TRNS) TRNS spoke with Linda Schade, the Communications Director for Defending Dissent, about what this call for action means and what those concerned with the invasion of privacy want

Lawmakers want to see the 'black budget' (The Hill) Dozens of House lawmakers want the Obama administration to release the secret "black budget" used to fund intelligence agencies

Litigation, Investigation, and Law Enforcement

Joint Statement by Director of National Intelligence James Clapper and Attorney General Eric Holder on the Declassification of Additional Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act February 12, 2014 (IC on the Record) On Jan. 3, 2014, the Director of National Intelligence declassified and disclosed publicly that the U.S. government had filed an application with the Foreign Intelligence Surveillance Court seeking renewal of the authority to collect telephony metadata in bulk, and that, on Jan. 3, 2014, the court renewed that authority. The Director of National Intelligence also announced that the Administration was undertaking a declassification review of the court's Jan. 3 primary order

US senator sues President Obama to stop NSA metadata dragnet (Ars Technica) Class action suit wants to nix NSA programs, but some say it's a hopeless case

Spy Agencies Send Congress Faulty Contractor Data: GAO (Bloomberg) Civilian U.S. intelligence agencies have provided unreliable and incomplete reports to Congress since 2011 on the use of private contractors who perform core functions, according to a new congressional audit

Silk Road-alike "Utopia" dark-net market seized by Dutch police (Naked Securirty) It was meant to rival Silk Road, which the US FBI shut down in October and which sold the same type of merchandise: drugs, firearms, stolen bank account information and forged identity documents

European press chief to UK: Ease up on Guardian over Snowden leaks (Reuters) Europe's main media freedom watchdog told Britain on Wednesday it believed political pressure applied to the Guardian newspaper over its handling of leaked intelligence data could have a "chilling effect" on independent journalism

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.

Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...

Nellis AFB - Technology & Cyber Security Expo (Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...

cybergamut Technical Tuesday: Virtualization Technologies in Cyberwarfare (Columbia, Maryland, USA, March 11, 2014) Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Jason Syversen of Siege Technologies will introduce Intel, AMD and ARM virtualization...

Reducing the Nation's Cyber Risk: White House Insights on the President's Critical Infrastructure Framework (New York, New York, USA, March 11, 2014) The Fordham School of Professional and Continuing Studies and the Fordham Computer and Information Science Department present this informative panel, open and free to the public.

Cybersecurity Tax Credits Webinar (Online, March 11, 2014) Learn about tax credits designed to help your cybersecurity company grow in Maryland. Details will be presented by Jeffrey Wells, Executive Director of Cyber Development and Mark Vulcan, Esq., CPA, Program...

ICS Summit 2014 (Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...

Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, March 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified,...

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...

Fourth Annual China Defense and Security Conference (Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...

ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).

Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...

Corporate Counter-Terrorism: the Role fo Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.