skip navigation

More signal. Less noise.

Daily briefing.

Indian patriotic hacktivists predictably hit back at Pakistani sites in round two of the annual Republic Day cyber riot. Ottoman revanchists are back, this time with a tacky defacement of the European Jewish Press.

Yahoo Mail comes under attack. Yahoo is releasing few details, but it's resetting passwords for potentially affected accounts. In a separate criminal campaign, Google users are being phished for credentials with "suspicious sign-in prevented" emails.

More point-of-sale attacks are detected, conducted via the ChewBacca botnet. The Tor-enabled malware has collected some 50,000 cards' data from 119 point-of-sale infections in eleven countries. The tally will almost certainly grow.

As the techniques used in the Target breach become clearer, law enforcement agencies have determined that stolen card data have been used to make unauthorized purchases, and that the data themselves remain for sale in criminal black markets. "Main Street stores," not just big retail chains, are expected to discover themselves the victims of similar attacks.

More than 10,000 UK users were infected with ICEPOL Trojan ransomware in 2013.

Online payment service Clinkle hasn't yet launched, but it's already been breached.

HALOCK Security Labs reports having determined that 70% of US mortgage lenders permit applicants to transmit sensitive personal data over unencrypted email.

The US Securities and Exchange Commission (SEC) will begin assessing asset managers' cyber security during examinations. The examiners are expected to be most interested in how financial service providers manage vendor access to their systems, and in whether they can show due diligence in vendor selection.

Notes.

Today's issue includes events affecting China, Egypt, European Union, India, Israel, Pakistan, Palestine, Turkey, Syria, Ukraine, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Indian hackers deface Pakistani websites after massive Republic Day cyber-attack (Tech2) It's becoming a bit of an annual ritual now: Pakistani hackers deface Indian websites and Indian hackers hit back

Hackers attack European Jewish Press website (The Times of Israel) Visitors to the site greeted by oriental music and a picture of the Turkish flag in the shape of a mushroom cloud

Israeli Organizations Compromised by Phishing Attacks (eSecurity Planet) Fifteen machines were compromised, including ones belonging to the Civil Administration

Hackers Hit Yahoo Mail With Mass Account Checker Attack (SecurityWeek) Yahoo has issued a warning of an attack targeting users of its email service, and is initiating password resets for potentially affected accounts

Beware of bogus Google "Suspicious sign-in prevented" emails (Help Net Security) A very convincing phishing attempt aimed at harvesting users' Google account credentials has been spotted by a security researcher

Tor-enabled malware stole credit card data from PoS systems at dozens of retailers (InfoWorld) Details of over 50,000 credit and debit cards have been stolen from 119 PoS terminals infected with a malware program called ChewBacca

More card-stealing malware found (ZDNet) RSA researchers found an operational Tor-based network collecting card data from point of sale (POS) systems in11 countries including the US

New details about Target breach come to light (Help Net Security) As data dumps of cards stolen in the Target breach continue to be sold on underground cybercrime forums, and the stolen information is being used to perform unauthorised payments, US Attorney General Eric Holder has stated the Department of Justice is "committed to working to find not only the perpetrators of these sorts of data breaches — but also any individuals and groups who exploit that data via credit card fraud"

NBC News: Target-Style Cyber Thefts Are Spreading to Main Street Stores (Money News) Consumers are focused on massive cyber thefts aimed at big retailers like Target, but the real security problems to be wary of are at small and medium-sized businesses with fewer digital defenses, NBC News reported

URM cyber attack investigation coming to a close (KXLY Spokane) URM Stores' investigation of a criminal cyber attack is coming to a close. The company says they now know which stores were affected by the attack and the incident was limited to credit and debit card transactions made in those stores made between September 1, 2013 — November 24, 2013

CID warns of phishing scam involving Government Travel Card (The Mountaineer) U.S. Army Criminal Investigation Command, commonly referred to as CID, is warning the greater Army community about a new phishing scam where criminals are targeting U.S. Government Travel Card holders

10,000+ UK systems affected by ICEPOL Trojan ransomware (Help Net Security) At least 10,331 successful installs of ICEPOL Trojan ransomware took place in the UK last year

FBI alerts Ohio company of breach involving Social Security numbers (SC Magazine) The FBI alerted Ohio-based State Industrial Products that the personal information — including Social Security numbers — of an undisclosed number of current and former employees may be at risk

GoDaddy owns up to role in Twitter account hijacking incident (CSO) PayPal dismissed claims that its customers representatives were tricked into helping the attacker

HALOCK Finds Over 70% Of Mortgage Lenders May Be Putting Sensitive Financial Data At Risk (Dark Reading) Lenders permitted applicants to send personal and financial information over unencrypted email as email attachment

Clinkle Gets Hacked Before It Even Launches (TechCrunch) Clinkle is the hottest app around to have done mostly nothing. The stealth payments service, which has raised $30 million from big-name investors, has yet to publicly launch. But that doesn't mean it can't be hacked. Today, a guest user posted a list of 33 usernames, user IDs, profile photos, and phone numbers to PasteBin. Based on the data provided, it seems as though these users are Clinkle

Newly released Web based DDoS/Passwords stealing-capable DIY botnet generating tool spotted in the wild (Webroot Threat Blog) Driven by the never ending supply of newly released DIY (do it yourself) underground market releases, in combination with the systematically rebooted life cycles of releases currently in circulation, cybercriminals continue actively developing new cybercrime-friendly malware generating/botnet building applications. Motivated by the desire to further continue the monetization of this ever-green market segment, a key driving force behind the consequential rise of E-shops offering access to compromised accounting data like those we've extensively profiled at Webroot's Threat Blog in the past, these cybercriminals continue to 'innovate' and reboot the life cycles of known releases through the systematic and persistent introduction of

Cyber Trends

Higher stakes from business of cyber crime (TCM) Graham Welch, Sourcefire, explains the business of cyber crime is on the lookout for maximum returns. Cloud and mobile banking are expected to be next high value target zones

Changing forms of APTs, malware, sandboxing (TCM) A series of revelations about the National Security Agency that shook the international security community, made 2013 an interesting year for trend watchers. A look at possible emerging trends in 2014 from Ralf Haubrich at Sophos

Counterintelligence Now Riskier Than Terrorism, Intelligence Officials Report (Risk Management Monitor) During a Senate hearing yesterday, top U.S. intelligence officials released a new threat assessment report that outlines the top risks to national security. While cybersecurity remains the greatest threat for a second year, the report said dangers from foreign spies and from leakers have surpassed terrorism as threats

19 Numbers That Explain the Internet of Things (FedTech) The world of connected devices is growing … fast. These numbers offer some much-needed perspective on the future of government

Why the 'Internet of Things' may never happen (ComputerWorld) It's also a lousy name for a great idea that is doomed from the start. Here's why

Arbor Networks Reports Surge in DDoS Attacks (eSecurity Planet) More than 70 percent of service providers operating data centers experienced DDoS attacks last year

Report: Israel subjected to incessant cyberattacks (Al-Monitor) The information security company FireEye, which specializes in providing protection against advanced cyberthreats, has released today, Wednesday, Jan. 29, a report outlining the map of advanced cyberthreats to Israel. The study released by the company is designed to provide a glimpse into the challenges faced by Israel in cyberspace. The study conducted by FireEye is based on the company's database, which indicates that global cyberthreats have definitely not skipped Israel

Marketplace

Engility Finalizes Cash Tender Offer for DRC; Jim Regan Comments (GovConWire) Engility Holdings (NYSE: EGL) has completed a cash tender offer to acquire Dynamics Research Corp. (NASDAQ: DRCO) for $11.50 each

Cyber-Security Stocks With Potential (Wall Street Daily via Investing) When it comes to the burgeoning Internet of Things (IoT) — whereby companies are equipping everyday objects with internet connectivity — security is an afterthought

GitHub enlists its hacker army to hunt down security nightmares in new bounty program (Venture Beat) GitHub, the code repository to the stars (and everyone else), is aware that it has vulnerabilities in its massive codebase. This is bad news for GitHub's millions of users, but not to fear — the company is putting its best hackers on the job. In a new bug bounty program, GitHub is specifically reaching out to white/gray-hat hackers in the security community to find all the nooks and crannies where bad guys might sneak into its codebase

Yahoo to Donna Users: We're Dispensing With Your Indispensable App (TIME) When Yahoo — or any big company — buys your favorite startup, worry. Incredible Labs — the company behind smart-calendar app Donna — is being acquired by Yahoo. The app is being shut down, and most of the folks who worked on it will join the Yahoo Mail team

Box Said To Have Filed For IPO, Could Go Public As Early As April (TechCrunch) Cloud-based storage company Box is said to have filed an IPO, according to an initial report from Quartz, later followed up by confirmations from The Wall Street Journal and Forbes. It did so quietly, filing the paperwork recently (possibly at the beginning of this week), according to the reports, and also silently, something it shares in common with Twitter, and which is made possible under a

Janet Foutty Adds New Role of Deloitte Federal Practice Head; Jim Moffatt Comments (GovConWire) Janet Foutty, national managing director of the federal consulting practice at Deloitte Consulting LLP, has been appointed to also serve as leader of Deloitte's federal practice

Nicholas Percoco Named KPMG Data Protection Group Director; Greg Bell Comments (GovConWire) Nicholas Percoco, head of Trustwave's security organization for more than 10 years, has joined KPMG LLP as director of the firm's information protection group, Health IT Security reported Wednesday

Offit Kurman Attorney Ira Hoffman Appointed to MD Governor's International Advisory Council (PRWeb) Offit Kurman, P.A. is proud to announce that the Hon. Martin O'Malley, Governor of Maryland, has appointed Ira E. Hoffman, a Principal in Offit Kurman's International, Cybersecurity, and Government Contracts Practice Groups, to the Governor's International Advisory Council. The mission of the Council is to provide strategic direction to the Governor and the Maryland Department of Business and Economic Development (DBED) on ways to enhance Maryland's global profile

Products, Services, and Solutions

Google Glass: A mind meld with the surveillance state (The Week) Our cyborg future is here. And it is terrifying

US-based Skyhigh aims to help quash qualms about cloud providers' security practices with a new rating scheme. (ITWire) The Skyhigh CloudTrust program provides an objective and comprehensive assessment of a cloud service's security capabilities, company officials stated

FireEye Scales Threat Protection Management With New Release; Bolsters Email Threat Protection and Operational Readiness (MarketWatch) New FireEye OS 7.1 simplifies virtual machine-based security management as well as extends VM analysis to IPv6 traffic

Webroot SecureAnywhere Internet Security Complete review: Protection needs improvement (PC World) Webroot's suite has a nice interface, but the program needs to get better at detecting zero-day attacks and distinguishing between threats and nonthreats

VIPRE Internet Security 2014: Adequate protection, interface needs a makeover (PC World) Vipre's suite competently guards against known threats, but its zero-day detection was below average in our roundup and its interface lacks polish

Google + Microsoft = Process Explorer 16.0 (ZDNet) Process Explorer, a free tool from Microsoft, now integrates support for VirusTotal, a free public service from Google

McAfee Internet Security 2014 review: Intuitive interface, decent protection (PC World) McAfee's touch-optimized interface is ideal for Windows 8 users, but the suite is a bit weak on zero-day defense

ThreatTrack Security Makes It Easier For OEMs To Integrate Malware Defense Into Their Solutions (Sacramento Bee) ThreatTrack Security OEM partners secure more than 10 million endpoints worldwide with the VIPRE Antivirus SDK

Review: GreenSQL Database Security (eSecurity Planet) Business databases are the holy grail for hackers. Matt Sarrel reviews some products from GreenSQL that help protect databases

Technologies, Techniques, and Standards

Why governance and policy can strengthen compliance efforts (Help Net Security) A colleague of mine recently made a joke and it made me pause to think. During our discussion on compliance and how internal policy can help organizations comply with external regulation, she said "…like an Amazon suggestion 'People who comply with PCI also like the following regulations'…". I smiled because it was funny, but there was also wisdom in what she said. Many of the requirements in compliance regulations seem similar as you go from regulation to regulation — so you see what could be considered as duplication

Positioning your institution's response in the face of data breach (CSO) Data breaches are going to happen. The important part, says ACI Worldwide's Seth Ruden, is how an association chooses to handle them

The power of two — All you need to know about two-factor authentication (Naked Security) What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it

How to recover deleted or corrupted digital currency (Help Net Security) The popularity of Bitcoin and other digital / cryptographic currency cannot be denied. Different users like using it for different reasons, but many agree that the question of keeping their stash safe is something that occasionally keeps them up at night

Moving to the Cloud? Learn From CBP's Mistakes (FCW) A few years ago, CBP made email-as-a-service for its 60,000 employees one of its first major cloud projects. According to Wolf Tombe, the agency's CTO, it was a huge mistake. Tombe, speaking Jan. 29 at an executive briefing in Washington, D.C., said the agency did not specify with the vendor how the migration to cloud email would occur, nor did it contractually demand visibility into the vendor's cloud infrastructure

US phone companies to explore replacing all phone numbers with IP addresses (Engadget) Voice-over-IP (VoIP) is nothing new, of course, but so far it's been regarded merely as an add-on to America's regular, analog-based copper and cellular voice networks -- networks that are currently maintained as a matter of legal requirement. The FCC isn't necessarily such a stickler for tradition, however, as it is now encouraging phone networks to explore what would happen if VoIP replaced everything else

Flipping the Switches on Facebook's Privacy Controls (New York Times) Facebook is all about sharing. But if you value your privacy, using the service means deciding not only what you want to share, but also who gets to see it

Design and Innovation

The Analogies Project (The Analogies Project) "I can think of nothing that an audience won't understand. The only problem is to interest them; once they are interested, they understand anything in the world." — Orson Welles (1915 — 1985). The Analogies Project has a clear mission. To tackle the unintelligibility of information security head on and secure the engagement of a much broader audience. Its aim is to bridge the chasm between the users, stakeholders and beneficiaries of information security and those responsible for delivering it

Research and Development

"Honey Encryption" overwhelms attackers with fake results (Help Net Security) Former RSA chief scientist Ari Juels is working on an innovative approach at encryption that could make cyber crooks' life a lot more difficult

Academia

UL Lafayette props Air Force cyber defense (KATC 3) Research at the University of Louisiana at Lafayette is helping the U.S. military identify malware, software designed to disrupt computer systems. Charles River Analytics, in partnership with the University, has won an Air Force contract to develop novel cyber defense techniques for the Semi-Supervised Algorithms against Malware Evolution program

Trend Micro contributes more than $300,000 to support responsible technology use in students (Trend Micro Simply Security) In the "Internet of Everything" era, even refrigerators can go online. Knowing how to navigate the Internet safely is no longer optional. This know-how is even more crucial for children, since they are often unaware of the dangers lurking in the World Wide Web, and so that they are prepared for the digital careers of tomorrow. This need will only continue to become stronger as children increasingly utilize social media to interact with each other virtually

Legislation, Policy, and Regulation

SEC examiners to review how asset managers fend off cyber attacks (Reuters via the Baltimore Sun) U.S. regulators said Thursday they plan to scrutinize whether asset managers have policies to prevent and detect cyber attacks and are properly safeguarding against security risks that could arise from vendors having access to their systems

Kerry in Berlin: 'US is committed to privacy' (The Local (German edition)) US Secretary of State John Kerry acknowledged on Friday that relations with Germany had gone through a "rough period" of late over NSA snooping but he said the US was "committed to privacy"

EU warns United States: SHAPE UP on data protection OR ELSE (The Register) Reding: Sort it out soon or Safe Harbor framework is toast

Holder: Not stopping terrorism doesn't mean telephony metadata not useful (FierceGovIT) Whether or not the intelligence community's bulk storage of telephony metadata has actually prevented a terrorist attack shouldn't be the only metric by which the program's efficacy should be measured, said Attorney General Eric Holder

Rogers Nominated To Helm NSA/Cyber Command (Defense News) President Obama has nominated Vice Adm. Michael Rogers, the US Navy's cyber chief and long viewed as the likely successor to US Cyber Command (CYBERCOM) and National Security Agency (NSA) head Gen. Keith Alexander, to take over for Alexander when he retires later this year, the Defense Department announced late Thursday

Obama Picks Navy Admiral For NSA; Keeps CyberCom Ties (Breaking Defense) In a statement, Hagel said he is "delighted" to designate Rogers to the NSA post. But what a time to take over the agency. As the secretary notes in his statement with what can only be called massive understatement, "this is a critical time for the NSA…" Rogers selection was not a surprise

Litigation, Investigation, and Law Enforcement

Ukrainian police use cellphones to track protesters, court order shows (Ars Technica) "Tower dumps" help government profile people attending demonstrations

Obama: Clapper 'should have been more careful' in congressional testimony (The Hill) Obama said Clapper felt "that he was caught between a rock and a hard place." President Obama said Friday that Director of National Intelligence James Clapper "should have been more careful" when he testified to a Senate panel last year that the National Security Agency did not collect data on millions of Americans

Super Bowl Prostitution Digitally Mapped by Data Trackers (Bloomberg) Sitting in an operations center outside Washington, Josh Gearheart and his team have spent the last week tracing the digital footprints of Super Bowl sex traffickers with the same technology he once used to hunt insurgents in Afghanistan

Delayed breach response prompts lawsuit against Kaiser (FierceHealthIT) California Attorney General Kamala Harris sued Kaiser Foundation Health Plan Inc. in state court on Jan. 23, alleging the company was too slow to notify more than 20,000 current and former employees that their personal information was compromised in a 2011 security breach, Law360 reported. In the breach, an external hard drive that contained personal information of Kaiser employees—including Social Security numbers, dates of birth and addresses—had been sold to a member of the public at a thrift store

Metro woman sues Neiman Marcus over security breach (Atlanta Journal-Constitution) A metro Atlanta woman has become one of the first plaintiffs nationwide to sue Neiman Marcus over a security breach that may have exposed more than 1.1 million of its customers' credit cards

Defendants in data-breach case cite NIST framework in opposing federal mandates (Inside Cybersecurity) The defendants in a landmark data-breach case that could determine the Federal Trade Commission's authority to mandate security measures are citing a preliminary framework of cybersecurity standards to argue that the court should throw out the lawsuit

Digital Currency Founder: U.S. Indicted Me For Not Giving FBI My Source Code (Wired) The founder of digital currency Liberty Reserve says he was indicted and arrested last year after refusing to hand over the source code for his system to the FBI

The UK government moves to unblock websites inadvertently affected by ISP porn filters (TNW) The porn opt-in debate divided opinions and generally caused a stink when UK ISPs revealed plans to 'protect' children from adult content on the Web. And many of the initial concerns, vis-à-vis perfectly legitimate sites being inadvertently blocked by filters, have proven to be valid

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Suits and Spooks Security Town Hall (, January 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton...

Suits and Spooks Singapore (, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...

Suits and Spooks San Francisco (, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...

Suits and Spooks San Diego (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. This two-day event...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

Cyber Training Forum at NGA (Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...

U.S. Department of Commerce Technology Expo (, January 1, 1970) Department of Commerce is interested in hearing from you! The OCIO Office is specifically looking for speakers on Vulnerability Management and Implementation of Continuous Monitoring. Please contact...

Cyber Security 2014 (, January 1, 1970) The threats and the opportunities conference brings together over 150 business leaders, senior decision makers, business development managers and IT professionals from across the whole defence and security...

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.

FBI HQ Cloud Computing Vendor Day (, January 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing...

New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, January 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll...

Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...

Nellis AFB Technology & Cyber Security Expo (, January 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...

Cloud Expo Europe (, January 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex...

Trustworthy Technology Conference (, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens...

Creech AFB Technology & Cyber Security Expo (, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.