FireEye researchers discover a watering hole campaign exploiting vulnerabilities in Microsoft Internet Explorer versions 9 and 10. No user interaction is required: visiting a compromised site triggers a drive-by download attack. Microsoft urged users late yesterday to upgrade to Internet Explorer version 11. The locus of the attacks is the domain belonging to the US veterans' organization, the Veterans of Foreign Wars. (Note: this is not, as some reports have it, a US military organization, but rather a large, non-governmental veterans' association.)
FireEye believes the campaign is linked to two earlier attacks, Deputy Dog and Ephemeral Hydra, both of which have been tentatively attributed to Chinese actors.
CERT Polska warns that home routers have been exploited to compromise bank accounts. SANS independently reports that a worm, "TheMoon," is infecting some vulnerable LinkSys routers. The purpose and attribution of this exploit remains unclear, but SANS advises updating router firmware. (Coincidentally, ASUS releases firmware updates that close five vulnerabilities in three of its router models.)
The Syrian Electronic Army hits another major media outlet, defacing Forbes' Twitter account. Forbes' writers who have their own Twitter feeds were also affected, suggesting a deeper vulnerability in Forbes' social media.
As NIST looks ahead to the first revisions of its just-published cyber security standards (the revisions will address privacy issues) observers consider the standards' implications for health care IT.
The "Day the Internet Fought Back" apparently fizzled.
Edward Snowden reportedly inveigled an NSA employee to share credentials with him, thus facilitating access to classified material.
Today's issue includes events affecting China, European Union, Germany, Iran, Ireland, Israel, Poland, Singapore, Syria, United Kingdom, United States..
Microsoft investigating new IE9 and IE10 zero-day flaw exploited in targeted attacks(The Next Web) FireEye Labs today discovered a new zero-day vulnerability in Internet Explorer 9 and Internet Explorer 10 being exploited on a website based in the US. No user interaction is required: just visiting a compromised website is enough to trigger a classic drive-by download attack, download and install a payload from a remote server. We contacted Microsoft and the company confirmed with us that it is investigating
Vulnerabilities in home routers used for compromising bank accounts(SC Magazine) Researchers have observed attackers using DNS redirection attacks due to bugs in home routers. CERT Polska researchers have observed attackers using DNS redirection attacks — made possible due to vulnerabilities in home routers — to effectively access online banking accounts in Poland
Forbes website hacked by the Syrian Electronic Army(Graham Cluley) Once again, a well-known media establishment has fallen victim to the hackers of the notorious Syrian Electronic Army (SEA). This time it's Forbes which has "published" an eyebrow-raising headline
Statistics point to increased physical danger risks of cyberterrorism(CSO) Are current laws enough to prevent the growing threat of cyber terrorists? "Traditional terrorism refers to violent acts that indiscriminately target civilians," says Jon Iadonisi, former Navy SEAL, cyber security expert and co-founder, White Canvas Group. Traditional terrorists are largely interested in achieving or thwarting political or ideological goals in the process. "Cyberterrorism invokes the specific use of computer networks to induce violence against innocent civilians," says Iadonisi
Study finds attack detection takes too long(SC Magazine) Critical shortcomings in the current approach to cyber security and incident response are putting companies at risk, with 86 percent of respondents to a Ponemon Institute study saying that it takes too long to detect a cyber attack
Some IT security pros would lie to CEO about cyberattack(FierceITSecurity) A full 36 percent of IT security pros say that they would tell the CEO and board of directors that a cyberattack had been resolved even if they didn't know that it had been, according to a survey of 1,083 IT security pros in the U.S. and Europe by the Ponemon Institute on behalf of threat intelligence provider AccessData
Cyber security talent goes to the highest bidder(Computing) When former White House cyber security co-ordinator Howard Schmidt congratulated the UK government for the launch of its Cyber Security Information Partnership scheme in March 2013, he said: "What you've been able to do in two years has taken us about 17 years to do"
BlackBerry laughs at Samsung's Knox security struggles(BGR) Let BlackBerry clue you in, Samsung: It is not to be laughed at; it is the laughter. It is the one who mocks. BlackBerry Global Enterprise Services president John Sims this week wrote up a scathing putdown of Samsung's Knox security service, which he deemed woefully inadequate compared with BlackBerry's own mobile security offerings
Products, Services, and Solutions
Google cloud platform to be HIPAA compliant, support BAAs(FierceHealthIT) Google, following up on its move late last year to enter into business associate agreements enabling its Google Apps customers to support HIPAA-regulated data, recently announced that its cloud platform will support BAAs, as well
Privacy high on agenda for second cybersecurity framework revision(FierceGovIT) Although the National Institute of Standards and Technology backed down from including a dedicated privacy appendix in the newly released critical infrastructure cybersecurity framework, it hasn't given up on the prospect of including privacy controls in future iterations of the framework
NTIA wary of gTLD explosion(FierceGovIT) The National Telecommunications and Information Administration is concerned that new generic Top-Level Domains being made available by the Internet Corporation for Assigned Names and Numbers may not be considering consumer protections
How to keep your data safe from even a supernova(Chicago Tribune) If you're worried about whether the government, or anyone else, can read your emails, I have good news and bad news. The bad news is that a determined, well-resourced attacker will almost always find a way. The good news is that you can take basic steps to protect your privacy, and those steps most likely will make a difference
NSA snooping: MEPs table proposals to protect EU citizens' privacy(Help Net Security) The European Parliament should withhold its consent to an EU-US trade deal unless it fully respects EU citizens'data privacy, says an inquiry report on NSA and EU member states surveillance of EU citizens, approved by the Civil Liberties Committee on Wednesday. It adds that data protection rules should be excluded from the trade talks and negotiated separately with the US
German official doubtful on binding no-spy deal(Washington Post) The German government's new coordinator for trans-Atlantic relations says he doubts talks aimed at securing a "no-spy" agreement with the U.S. will produce a deal that's legally binding
Groups defend DATA Act from OMB suggestions(FierceGovIT) A coalition of advocacy groups criticized the Obama administration for revisions it proposed to the Digital Accountability and Transparency Act in a Feb. 11 letter to the president
Litigation, Investigation, and Law Enforcement
NSA employee implicated in Snowden probe resigned, memo says(Washington Post) A National Security Agency employee has resigned from his job after admitting to FBI investigators that he allowed Edward Snowden, then an NSA contractor, to use his personal computer credentials to gain access to classified information, according to an agency memo
New global partnership to fight cybercrime(Help Net Security) Microsoft announced three new global partnerships with the Organization of American States, Europol and FIS to increase cooperation between international law enforcement and the private sector in combatting cybercrime and helping build a safer Internet
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Free OWASP Training and Meet Up(San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...
RSA Conference USA(San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...
Nellis AFB - Technology & Cyber Security Expo(Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...
Cybersecurity Tax Credits Webinar(Online, March 11, 2014) Learn about tax credits designed to help your cybersecurity company grow in Maryland. Details will be presented by Jeffrey Wells, Executive Director of Cyber Development and Mark Vulcan, Esq., CPA, Program...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Fourth Annual China Defense and Security Conference(Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.