skip navigation

More signal. Less noise.

Daily briefing.

FireEye researchers discover a watering hole campaign exploiting vulnerabilities in Microsoft Internet Explorer versions 9 and 10. No user interaction is required: visiting a compromised site triggers a drive-by download attack. Microsoft urged users late yesterday to upgrade to Internet Explorer version 11. The locus of the attacks is the domain belonging to the US veterans' organization, the Veterans of Foreign Wars. (Note: this is not, as some reports have it, a US military organization, but rather a large, non-governmental veterans' association.)

FireEye believes the campaign is linked to two earlier attacks, Deputy Dog and Ephemeral Hydra, both of which have been tentatively attributed to Chinese actors.

CERT Polska warns that home routers have been exploited to compromise bank accounts. SANS independently reports that a worm, "TheMoon," is infecting some vulnerable LinkSys routers. The purpose and attribution of this exploit remains unclear, but SANS advises updating router firmware. (Coincidentally, ASUS releases firmware updates that close five vulnerabilities in three of its router models.)

The Syrian Electronic Army hits another major media outlet, defacing Forbes' Twitter account. Forbes' writers who have their own Twitter feeds were also affected, suggesting a deeper vulnerability in Forbes' social media.

As NIST looks ahead to the first revisions of its just-published cyber security standards (the revisions will address privacy issues) observers consider the standards' implications for health care IT.

The "Day the Internet Fought Back" apparently fizzled.

Edward Snowden reportedly inveigled an NSA employee to share credentials with him, thus facilitating access to classified material.

Notes.

Today's issue includes events affecting China, European Union, Germany, Iran, Ireland, Israel, Poland, Singapore, Syria, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

New IE 10 Zero-Day Used in Watering Hole Attack Targeting U.S. Military (Security Week) Security researchers from FireEye have discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars' website

Microsoft investigating new IE9 and IE10 zero-day flaw exploited in targeted attacks (The Next Web) FireEye Labs today discovered a new zero-day vulnerability in Internet Explorer 9 and Internet Explorer 10 being exploited on a website based in the US. No user interaction is required: just visiting a compromised website is enough to trigger a classic drive-by download attack, download and install a payload from a remote server. We contacted Microsoft and the company confirmed with us that it is investigating

New zero-day bug in IE 10 exploited in active malware attack, MS warns (updated) (Ars Technica) Exploit hosted on hacked, US-based website commandeers visitors' PCs

Researchers Discover New Campaign Targeting American Miltary Personnel (CSO Salted Hash) Researchers, after investigating a new Zero-Day attack, have discovered a new campaign targeting American military personnel

Third of Internet Explorer users at risk from active attacks (ComputerWorld) Microsoft confirms both IE9 and IE10 contain vulnerability, urges customers to upgrade to IE11; leaves Vista users out in the cold

Vulnerabilities in home routers used for compromising bank accounts (SC Magazine) Researchers have observed attackers using DNS redirection attacks due to bugs in home routers. CERT Polska researchers have observed attackers using DNS redirection attacks — made possible due to vulnerabilities in home routers — to effectively access online banking accounts in Poland

Linksys home routers targeted and compromised in active campaign (Help Net Security) A yet undetermined vulnerability affecting certain Linksys WiFi routers is being actively and massively exploited in the wild to infect the devices with a worm dubbed "TheMoon", warns SANS

Security, functionality gaps exist in beacon deployments (FierceMobileIT) Security and functionality gaps exist in beacon deployments at retailers and other early adopters, warns Mobiquity Labs, an applied tech lab set up by mobility firm Mobiquity

Fake SSL certificates used to impersonate Facebook, Google, banks (Help Net Security) Analysts with UK-based Internet research firm Netcraft have discovered a considerable number of fake SSL certificates in the wild, created to impersonate banks, social networks, payment and ecommerce

Mac Bitcoin-stealing Trojan lurks on download sites and GitHub (Help Net Security) CoinThief, the recently discovered Bitcoin-stealing Trojan that targets Mac users, has been spotted being offered on several download websites such as CNET's Download.com and MacUpdate.com, as well as

Bogus Microsoft "Reactivate Your Email Account" emails doing rounds (Help Net Security) Phishing emails purportedly sent by Microsoft are targeting the company's customers and trying to get them to reveal their login credentials and some personal information. The given pretext is that

Fake "Track Shipments/FedEx" Emails Used to Distribute Malware (Softpedia) The emails carry the subject line "Track shipments/FedEx" and they contain information on the alleged shipment

Android apps with Trojan SMS malware infect 300,000 devices, net crooks $6m (V3) The apps reportedly infect users' handsets via a bogus permissions notification, which when agreed to instigates a complex process that forces the victim to send text messages to a premium-rate number owned by the hackers

Forbes website hacked by the Syrian Electronic Army (Graham Cluley) Once again, a well-known media establishment has fallen victim to the hackers of the notorious Syrian Electronic Army (SEA). This time it's Forbes which has "published" an eyebrow-raising headline

Tesco customers' usernames and passwords exposed by hackers (Graham Cluley) A list revealing more than 2000 usernames and passwords, belonging to owners of Tesco Clubcards, has been published on the internet raising concerns once again about how accounts are protected from online criminals

Las Vegas Sands Cites Progress on Sites After Hacker Attack (Bloomberg) Las Vegas Sands Corp. (LVS), its websites down for a third day after a cyber-attack by hackers, said it was making progress toward restoring service and repairing its internal systems in the U.S

State Says Cyber Attack 'An Orchestrated Intrusion From A Foreign Entity' (OPB) The Oregon Secretary of State's website says that a recent cyber attack appears to be "an orchestrated intrusion from a foreign entity"

How hackers stole millions of credit card records from Target (ZDNet) How did the cyberattack on Target, which resulted in the theft of millions of records, take place

Hackers circulate thousands of FTP credentials; New York Times among those hit (ComputerWorld) A list of compromised FTP credentials is circulating in underground forums

Security Patches, Mitigations, and Software Updates

ASUS Fixes Vulnerabilities in RT-N66U, RT-N66R and RT-N66W Routers (Softpedia) ASUS has released firmware updates for ASUS RT-N66U (Ver.B1), RT-N66R and RT-N66W routers. Version 3.0.0.4.374.4422 brings several improvements, but it also addresses a total of five security issues

Cyber Trends

Statistics point to increased physical danger risks of cyberterrorism (CSO) Are current laws enough to prevent the growing threat of cyber terrorists? "Traditional terrorism refers to violent acts that indiscriminately target civilians," says Jon Iadonisi, former Navy SEAL, cyber security expert and co-founder, White Canvas Group. Traditional terrorists are largely interested in achieving or thwarting political or ideological goals in the process. "Cyberterrorism invokes the specific use of computer networks to induce violence against innocent civilians," says Iadonisi

Study finds attack detection takes too long (SC Magazine) Critical shortcomings in the current approach to cyber security and incident response are putting companies at risk, with 86 percent of respondents to a Ponemon Institute study saying that it takes too long to detect a cyber attack

Some IT security pros would lie to CEO about cyberattack (FierceITSecurity) A full 36 percent of IT security pros say that they would tell the CEO and board of directors that a cyberattack had been resolved even if they didn't know that it had been, according to a survey of 1,083 IT security pros in the U.S. and Europe by the Ponemon Institute on behalf of threat intelligence provider AccessData

Work/Life Business Puts Businesses at Risk of Cyber-Attack (Fresh Business Thinking) The shifting boundaries between work and home life mean staff at many small businesses are unwittingly putting their employers at risk of cyber-attack, according to TalkTalk Business

Modern threats require better risk management (IT Web) Risk managers need to have meaningful data, to make informed decisions about processes and tools, says Simon Campbell-Young, CEO of Phoenix Distribution

Marketplace

Cyber security talent goes to the highest bidder (Computing) When former White House cyber security co-ordinator Howard Schmidt congratulated the UK government for the launch of its Cyber Security Information Partnership scheme in March 2013, he said: "What you've been able to do in two years has taken us about 17 years to do"

IAI opens cyber R&D center in Singapore (Jerusalem Post) Israeli defense corporation aims to find new techniques and technologies to provide early warnings of impending cyber attacks

DHS Hire Booz to Finish Cyberattack Drill Job (Nextgov) The Homeland Security Department has decided to extend a contract for help on a biennial cyberattack drill with Booz Allen Hamilton

BlackBerry laughs at Samsung's Knox security struggles (BGR) Let BlackBerry clue you in, Samsung: It is not to be laughed at; it is the laughter. It is the one who mocks. BlackBerry Global Enterprise Services president John Sims this week wrote up a scathing putdown of Samsung's Knox security service, which he deemed woefully inadequate compared with BlackBerry's own mobile security offerings

Products, Services, and Solutions

Google cloud platform to be HIPAA compliant, support BAAs (FierceHealthIT) Google, following up on its move late last year to enter into business associate agreements enabling its Google Apps customers to support HIPAA-regulated data, recently announced that its cloud platform will support BAAs, as well

Technologies, Techniques, and Standards

NIST cybersecurity framework: How it will impact healthcare (FierceHealthIT) In its long-awaited cybersecurity framework, the National Institute of Standards and Technology heeded the call from the American Hospital Association and others to keep it flexible and voluntary in the private sector

Privacy high on agenda for second cybersecurity framework revision (FierceGovIT) Although the National Institute of Standards and Technology backed down from including a dedicated privacy appendix in the newly released critical infrastructure cybersecurity framework, it hasn't given up on the prospect of including privacy controls in future iterations of the framework

NTIA wary of gTLD explosion (FierceGovIT) The National Telecommunications and Information Administration is concerned that new generic Top-Level Domains being made available by the Internet Corporation for Assigned Names and Numbers may not be considering consumer protections

How to keep your data safe from even a supernova (Chicago Tribune) If you're worried about whether the government, or anyone else, can read your emails, I have good news and bad news. The bad news is that a determined, well-resourced attacker will almost always find a way. The good news is that you can take basic steps to protect your privacy, and those steps most likely will make a difference

Legislation, Policy, and Regulation

Iran's supreme leader tells students to prepare for cyber war (Russia Today) Ayatollah Ali Khamenei has delivered a sabre-rattling speech to Iran's 'Revolutionary foster children' (in other words, university students) to prepare for cyber war.

NSA snooping: MEPs table proposals to protect EU citizens' privacy (Help Net Security) The European Parliament should withhold its consent to an EU-US trade deal unless it fully respects EU citizens'data privacy, says an inquiry report on NSA and EU member states surveillance of EU citizens, approved by the Civil Liberties Committee on Wednesday. It adds that data protection rules should be excluded from the trade talks and negotiated separately with the US

German official doubtful on binding no-spy deal (Washington Post) The German government's new coordinator for trans-Atlantic relations says he doubts talks aimed at securing a "no-spy" agreement with the U.S. will produce a deal that's legally binding

Low capture rate undermines rationale for bulk telephone metadata, says Sen. Blumenthal (FierceGovIT) Reports that the National Security Agency stores records of less than a third of telephone calls passing through U.S. carrier switches undermines its stated rationale for the bulk telephone metadata program, charged Sen. Richard Blumenthal (D-Ore.) during a congressional hearing

'The Day the Internet Fights Back' falls flat (Deseret News) Well, that was a dud

Interagency individual data sharing protocols unclear in implementation, says GAO (FierceGovIT) There's confusion within the federal government regarding the requirements for setting up information exchanges between agencies, finds the Government Accountability Office in a newly released Jan. 13 report

Groups defend DATA Act from OMB suggestions (FierceGovIT) A coalition of advocacy groups criticized the Obama administration for revisions it proposed to the Digital Accountability and Transparency Act in a Feb. 11 letter to the president

Litigation, Investigation, and Law Enforcement

NSA employee implicated in Snowden probe resigned, memo says (Washington Post) A National Security Agency employee has resigned from his job after admitting to FBI investigators that he allowed Edward Snowden, then an NSA contractor, to use his personal computer credentials to gain access to classified information, according to an agency memo

New global partnership to fight cybercrime (Help Net Security) Microsoft announced three new global partnerships with the Organization of American States, Europol and FIS to increase cooperation between international law enforcement and the private sector in combatting cybercrime and helping build a safer Internet

Irish research key to bringing down SpyEye creator (Irish Times) Cork-based experts help FBI track major online fraudster

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...

Nellis AFB - Technology & Cyber Security Expo (Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...

cybergamut Technical Tuesday: Virtualization Technologies in Cyberwarfare (Columbia, Maryland, USA, March 11, 2014) Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Jason Syversen of Siege Technologies will introduce Intel, AMD and ARM virtualization...

Reducing the Nation's Cyber Risk: White House Insights on the President's Critical Infrastructure Framework (New York, New York, USA, March 11, 2014) The Fordham School of Professional and Continuing Studies and the Fordham Computer and Information Science Department present this informative panel, open and free to the public.

Cybersecurity Tax Credits Webinar (Online, March 11, 2014) Learn about tax credits designed to help your cybersecurity company grow in Maryland. Details will be presented by Jeffrey Wells, Executive Director of Cyber Development and Mark Vulcan, Esq., CPA, Program...

ICS Summit 2014 (Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...

Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, March 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified,...

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...

Fourth Annual China Defense and Security Conference (Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...

ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).

Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...

Corporate Counter-Terrorism: the Role fo Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.