The Syrian regime continues its indirect approach to information operations, seeking advantage from regional ant-Israeli sentiment. The latest move (implausible, but it will probably find its audience) profiles ISIS/ISIL leader al-Baghdadi as an MI6/NSA tool who received his theological training from Mossad.
Crowdstrike reports increased Chinese attention paid to ISIS/ISIL's insurgency in Iraq. "Deep Panda" has shifted its interest toward the Iraqi oil sector, approaching its targets by compromising various US not-for-profit think tanks. The Wall Street Journal runs two interesting pieces on the PLA's cyber capabilities, one an overview of "3PLA," the principal Chinese electronic intelligence agency, the other a look at 3PLA's subordinate Shanghai command Unit 61398, famous as the workplace of Ugly Gorilla.
DragonFly, Havex, and Energetic Bear, increasingly regarded as aspects of a single complex cyber espionage and sabotage campaign probably run by Russian security organs, continue to infest European and US energy targets. Observers wonder at this effort's goals, but battlespace preparation for economic conflict over Russian re-assimilation of the Near Abroad seems likely. Meanwhile a cyber attack by Russian-sympathizing (and probably Russian-run) Cyber Berkut strikes a major Ukrainian bank.
MiniDuke is back, and the alleged cyber mercenaries behind the malware seem to be going after both drug dealers and governments.
Brazil's "Bolware" fraud seems to have siphoned off billions, and shows the current state-of-the-art in browser-based crime.
Android security vulnerabilities could enable apps to make rogue calls. Netgear switches are found with hard-coded passwords.
The US arrests alleged Russian carder "Track2." Russia cries provocation.
Today's issue includes events affecting Australia, Brazil, China, France, Germany, Greece, Iraq, Israel, Italy, New Zealand, Poland, Romania, Russia, Serbia, Spain, Syria, Turkey, Ukraine, United Kingdom, United States..
Motives Behind Havex ICS Malware Campaign Remain a Mystery(Threatpost) Since Stuxnet there have been few confirmed reports of malware targeting particular industrial control system software. But now we have a campaign using the Havex remote access Trojan that has three European energy sector vendors in its crosshairs — or does it?
Dragonfly is the latest advance in weaponised malware(Tech Guru Daily) The discovery of the Dragonfly attack pulls back the veil ever so slightly on some of the tradecraft used in modern espionage. If the researchers' conclusions prove even only partially correct, it confirms the adoption of tactics and techniques by nation states or their proxy groups in the use of weaponised malware
Pro-Russian Hackers Mug Key Ukrainian Bank(Nextgov) Hacktivist group Kiberberkut, sometimes called Cyber Berkut, accessed and published customer data from a major Ukrainian commercial bank co-owned by the head of the pro-government Dnipropetrovsk region
MiniDuke hackers attack governments, hunt drug dealers(TechTimes) Cyber mercenaries MiniDuke not only attacked government bodies, but also used their hacking skills to hunt down drug dealers. The group has also released a new malware CosmicDuke, which can steal sensitive information
Browser-Focused Banking Attacks Evolve(BankInfoSecurity) Banking Trojans combine sophistication with localization. Security firm RSA recently issued a warning over a fraud ring that targets the Boleto, which is one of Brazil's most popular payment methods
Travelers targeted by infected travel websites(Help Net Security) Proofpoint security researchers recently were the first to discover that a large number of travel destination websites had been compromised and were being used to deliver the Nuclear exploit kit
Trend Micro Research Ties SEFNIT/MEVADE Malware to Ukraine, iBario in Israel(Trend Micro Simply Security) Adware often lives in the shadow between legitimate software and malware. And for a long time InstallBrain lived in that grey world. At least it did until 2013 when it crossed the line to become outright malware by installing SEFNIT/MEVADE on user's systems without their consent. While this connection has been known, our research can now show clear ties between the people behind the SEFNIT/MEVADE malware and InstallBrain, the adware that installed it. Our research shows clear ties between the threat actors behind SEFNIT/MEVADE based in Ukraine and iBario, maker of InstallBrain, based in Israel
Houston Astros hacked, trade data stolen(Digital Journal) The Houston Astros have become the latest victims in the growing cybercrime epidemic. Sensitive data related to purposed trades, some of which were actually executed, has been stolen and leaked online
Astros investigating security breach(MLB.com) The Astros reacted sternly Monday afternoon after text messages containing internal correspondence between team officials regarding trade talks with other clubs, some of which were about deals that came to fruition, were released on the website Deadspin.com
HotelHippo Insecure, so I've herd(Scott Helme) I recently had the pleasure of booking a night away from it all at a nice little hotel in the Lake District. As I'm sure most people with an interest in security do, I couldn't help but shudder at the word 'Secure' being plastered across the site. Prompting some incredibly quick poking around, I easily discovered a method of extracting the personal and sensitive data of thousands of customers that had used the site before me. Not only could this kind of information allow an attacker to launch an effective and convincing phishing scam, there are other concerns too
What can the Hotel Hippo debacle teach us about testing?(Neil Studd) If you haven't heard about Hotel Hippo, you should start by reading Scott Helme's exposé. It contains a full blow-by-blow account of the problems that he uncovered, and sets the context for this testing-focused article
Phishers Use Luis Suarez Bite as Bait(Threatpost) The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been running rampant
Security Patches, Mitigations, and Software Updates
Oracle: Future Java updates for Windows XP users may not arrive(TechTarget) Enterprises using Windows XP have already seen Microsoft pull security support for the nearly 13-year-old platform as part of its April end-of-life process. Now, in another blow for those clinging to the operating system, Oracle Corp. has informed XP users that they will not receive the latest security updates for Java, though some form of support remains a possibility in the near future
Cyber Criminals Never Sleep, Nor Should Your Fraud Prevention(Security Intelligence) If you thought we'd ever catch a break from the onslaught of cyber crime, think again: Cyber criminals never sleep, and Senior Fraud Prevention Strategist Etay Maor of Trusteer, an IBM company, illuminated this reality during his webinar "Cybercrime Threat Landscape: Cyber Criminals Never Sleep." Maor began his discussion with a bit of humor, demonstrating how a security team operating in isolation is doomed to work-arounds from both the constituency and the adversary with a visual: a security gate on a road with open field on either side
Payment Card Data Isn't The Only Lucrative Loot In A Data Breach(Forbes) Hackers love payment card information. After all, it's lucrative and easily sold on the black market. However, as we continue to see during our post-breach forensics investigations, payment card information is not the only popular loot. Criminals are diversifying, targeting any kind of information that they can turn into a profit
VSB attitude towards cyberthreats: dangerous but not too important(Kaspersky Lab) Alright, we said this before, now there is a statistical confirmation: According to a fresh Kaspersky Lab survey of businesses worldwide — 2014 IT Security Risks summary report, very small businesses (VSBs) with fewer than 25 employees are the least likely to view "IT Strategy" anywhere near the top of their strategic concern. Only 19% of VSBs worldwide reported IT Strategy as one of their top-two strategic concerns, compared to 30% of businesses with more than 100 employees, and 35% of enterprises with 5,000 employees or more. Alarmingly, this often-neglected business category includes internet and data security policies
3 questions about the future of cyber warfare(Safe & Savvy) "We're not creative enough when we imagine cyber warfare," F-Secure Security Advisor Sean Sullivan recently told me. "It's not kinetic explosions. It could be a guy whose crimeware business has dried up and is looking for new business"
Exploring the mobile security landscape(Help Net Security) In this interview, Adam Ely, COO of Bluebox, discusses the most significant mobile security challenges for enterprise security professionals, illustrates how BYOD is shaping the enterprise mobile security landscape, and offers advice for CISOs trying to protect data confidentiality and integrity while working with an increasingly mobile workforce
Why IAM will be worth over $10 billion by 2018(Help Net Security) Enterprises are increasing their investment in Identity and Access Management (IAM) solutions. According to research firm MarketsandMarkets, the IAM Market is expected to grow 15.1% over the five years from 2013 to 2018. IAM isn't new, so what's driving adoption?
Spark Labs Raises $4.9 Million For An Internet Of Things OS(TechCrunch) Spark Labs, the same folks that made this open-source Nest-like thermostat, has raised $4.9 million in Series A funding led by Lion Wells Capital, and with participation from O'Reilly AlphaTech Ventures, SOSventures, and Collaborative Fund, as well as a host of angel investors
Q&A: Panda Security Staging A Comeback(Dark Reading) New Panda CEO and former IBM security executive Diego Navarrete shares his strategy and insight into turning around the security company that has fallen off the radar screen over the last couple of years
Cyber Security Executive Got A Little Carried Away With His Hedge-Fund Hacking Attack 'Illustrative Scenario'(DealBreaker) Last month, BAE Systems' Paul Henninger breathlessly reported that a "major" U.S. hedge fund had fallen victim to a spear phishing cyberattack after an apparently dull employee clicked on link he or she shouldn't have. This was very bad news: The attack went on for two months and totally fucked up the hedge fund's high-frequency trading strategy — which vulnerability did not stop the hackers from wanting to steal it, which they also did, according to Henninger. "It was having a material impact on performance across the portfolio," he said, forcing the hedge fund's board to "review" it
Products, Services, and Solutions
G Data vs. BullGuard Antivirus — What Are Their Features?(Streetwise Tech) It would be difficult to combat a virus spreading into a system if you do not have any protection. This is the reason why you do need to have an antivirus installed in your PC. In this way, whatever virus or threat comes in, it will be eliminated and will not cause any damage to your system
eScan Launches Range of Advanced Products for Enterprise Security(IT News) eScan, an anti-virus and content security solution provider, has introduced three new lines of corporate products, all of which have cloud integration and support for hybrid networks — eScan Corporate 360, New eScan Corporate Edition (with Hybrid Network Support) and eScan Endpoint Security (with Hybrid Network Support). The launch of this new range of advanced products is a significant milestone of the brand's ongoing growth in the enterprise security market
Why Section 702 Reform Matters(TechCrunch) A recent report in the Washington Post delved into the National Security Agency's (NSA) Section 702 surveillance activities, and although it found that the program returns useful information to the agency, it also revealed broad use of the legal authority to collect data and communications from non-target parties
NSA catches only 10% of data legally, but is it a fair trade off?(Naked Security) Up until now, Edward Snowden has revealed the techniques and tools used by the National Security Agency (NSA) in its surveillance activities, but he's kept the actual content of intercepted messages close to the vest, assuring journalists and the public that his evidence would eventually show that the spy agency pretty much sees all, knows all
Senators Clueless About NSA Bombshell(Daily Beast) These are the men and women who are supposed to keep watch over the nation's spies. And they have no idea about the latest revelations of inappropriate NSA snooping
Push ahead on spying reforms(Denver Post) Edward Snowden's days on the front page have waned, but the debate sparked by his disclosures of government spying has not
Banks Dreading Computer Hacks Call for Cyber War Council(Bloomberg BusinessWeek) Wall Street's biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document
Big push this month for more widespread cybersecurity effort(SFGate) In an 11-story office building in the Washington suburbs, hundreds of U.S. cybersecurity analysts work around the clock to foil hackers. Possible breaches of government networks show up as red flashes on screens that line the walls
'Wake up Germany and smell the cyber-coffee'(The Local — German Edition) As chests puff in Germany once again over the behaviour of the US intelligence services, the Tagesspiegel's Malte Lehming argues it's time for Germany to stop complaining and wake up — and tool up — in the cyber age
Prominent Carder "Track2" Arrested by the U.S. Secret Service(Softpedia) Russian hacker Roman Valerevich Seleznev has been arrested on July 5 by the U.S. Secret Service. He is accused of hacking into the POS systems of restaurants across the United States, stealing credit and debit card information, and selling it on multiple carding forums
Who is UglyGorilla? On the Trail of China's Alleged Cyber-Thieves(Wall Street Journal) Where does UglyGorilla work? The U.S. Justice Department said in an indictment last month that "UglyGorilla" is the online handle of Wang Dong, a man it alleged is a People's Liberation Army officer and cyber-thief responsible for pilfering corporate secrets
The Ex-Google Hacker Taking on the World's Spy Agencies(Wired) During his last six years working as an elite security researcher for Google, the hacker known as Morgan Mayhem spent his nights and weekends hunting down the malware used to spy on vulnerable targets like human rights activists and political dissidents
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
INSCOM Cyber Day(Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber)...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.