skip navigation

More signal. Less noise.

Daily briefing.

As high-level Sino-American diplomacy (said to be "frank and productive") addresses cyber tensions, the US Department of Homeland Security acknowledges that Office of Personnel Management (OPM) networks were successfully attacked in March of this year. The attack was traced to China, but DHS stops short of attributing it to the Chinese government. The extent of penetration and data loss is unknown, or at least undisclosed, but the hackers were apparently after personal information on cleared US personnel.

Deep Panda appears to be a Chinese attempt to assess probable US courses of action with respect to Iraq and China's oil interests therein.

Combat in and around Gaza prompts hacktivist calls for an anti-Israel operation. Israeli security analysts expect denial-of-service attacks.

Foreign Policy marvels at ISIS/ISIL's information operations, asking bluntly how "a barbaric medieval caliphate" can use social media so deftly.

India's National Informatics Center was compromised to issue bogus Google certificates, quickly detected and revoked, but this is another blow to the shaky CA regime.

Cyphort discovers a "low-signal" campaign — "Nighthunter" — that's been quietly harvesting user credentials for five years. No attribution, but it appears to be reconnaissance for some unknown larger criminal or espionage effort.

FireEye finds the "BrutPOS" botnet active in the wild, going after poorly secured retail systems.

Zeus continues its evolution with a step back into retro obfuscation using PIF extensions.

The Blackshades RAT — multipurpose, easy-to-use, and relatively stealthy — remains a favorite of less technical cyber criminals.

Public disclosure of FireEye product vulnerabilities prompts discussion of NDAs.

Notes.

Today's issue includes events affecting Azerbaijan, China, Germany, India, Iraq, Israel, Italy, Norway, Pakistan, Palestinian Territories, Syria, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States..

Next week the CyberWire will be covering SINET's Innovation Summit in New York. In addition to interviews and a special issue, we'll be live-tweeting from the conference.

Cyber Attacks, Threats, and Vulnerabilities

Chinese Hackers Pursue Key Data on U.S. Workers (New York Times) Chinese hackers in March broke into the computer networks of the United States government agency that houses the personal information of all federal employees, according to senior American officials. They appeared to be targeting the files on tens of thousands of employees who have applied for top-secret security clearances

Deep Panda — three years of attacks to defend China's oil interests (SC Magazine) Attack vectors demonstrate the sophistication of malware available to cyber-criminals globally, says CheckPoint MD Keith Bird

Hackers threaten 'Israhell' cyber-attack over Gaza (Times of Israel) Israel already faces a million cyber-attacks a day; things might get worse before they get better, say experts

@ISIS Is #Winning (Foreign Policy) Why is a barbaric medieval caliphate so much better at social media than Washington?

Pakistan's major political Party "PPP" website hacked. (HackRead) The official website of Pakistan's major political party "Pakistan People's Party" was hacked

Anonymous Norway claim massive cyber-attack on Norwegian banks (Digital Journal) A massive cyber-attack was launched Tuesday, simultaneously affecting many of the top banks and financial institutions in Norway. Dubbed the country's biggest-ever network attack, responsibility has already been claimed by Anonymous Norway

Indian government agency issues fake Google certificates (ZDNet) Some systems trusted the fake certificates, some didn't, but Google moved quickly to tell others to revoke them

Google catches India with fake certificates (Help Net Security) As the world becomes more dependent, and some might say blindly so, on digital certificates it's only natural that attackers will seek to circumvent this trust. Whether because the Indian government was complicit or a victim of hacking in the issuance of certificates that impersonated Google, the result is the same — individuals, businesses, and even many governments placed blind trust in digital certificates and as such we're all the victims

Crypto certificates impersonating Google and Yahoo pose threat to Windows users (Ars Technica) OS currently has no reliable way to detect bogus credentials released into the wild

Campaign targeting user credentials discovered after five years (CSO) The low-signal campaign has operated undetected for years

BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems (Hacker News) Cyber criminals are infecting thousands of computers around the world with malware and are utilizing those compromised machines to break into Point-of-Sale (PoS) terminals using brute-force techniques, and the attackers have already compromised 60 PoS terminals by brute-force attacks against poorly-secured connections to guess remote administration credentials, say researchers from FireEye

BrutPOS Botnet Targets Retail's Low-Hanging Fruit (Dark Reading) FireEye discovers a botnet that's going after point-of-sale systems showing bad passwords and other basic security no-nos

Evolving Zeus malware used in targeted email attacks (ZDNet) New strains of the malevolent Zeus malware have been discovered using the Windows 'PIF' file extension to steal information from compromised computer systems

Blackshades RAT analysis finds key to popularity (CSO) Security vendor Akamai dissects notortious Blackshades toolkit and it rich in features for the nontechnical criminal

Blackshades RAT is a Serious Threat (Akamai Blogs) Akamai's Prolexic Security Engineering & Research Team (PLXsert) is warning companies of stealth surveillance and computer hijacking attacks by the Blackshades Remote Administration Tool (RAT) crimeware kit

Vulnerability in AVG security toolbar puts IE users at risk (PCWorld) Implementation issues with AVG Secure Search, a browser toolbar from antivirus vendor AVG Technologies that's supposed to protect users from malicious websites, could have allowed remote attackers to execute malicious code on computers

DHS Releases Hundreds of Documents on Wrong Aurora Project (Threatpost) In response to a Freedom of Information Act request for information about the Operation Aurora attack on Google and other organizations in 2009 the Department of Homeland Security released hundreds of pages of documents related not to that attack campaign, but to the Aurora project run at Idaho National Lab years earlier in which engineers destroyed a generator with a cyber attack as a demonstration

Google Aurora vs ICS Aurora — an industry and DHS debacle (Control Global) This is actually two blogs in one. The first is about DHS releasing critical information they weren't even asked for. The second is about the lack of progress on addressing a subject that DHS made public

Cyber criminals imitate FIFA website for phishing: Kaspersky (Economic Times) Trying to cash in on the ongoing football World Cup frenzy, cyber criminals have come up with a webpage that imitates the original FIFA website, which has been designed for phishing activities, according to Russian cyber security solutions provider Kaspersky

Android Data Wipe Leaves Personal Data (InformationWeek) Factory reset tool on Android smartphones does not remove all photos, emails, chats, and other personal data, says security firm

The new plague: Computer viruses that extort you (News4Jax) Ransomware locks you out of your files until you pay up

Security Patches, Mitigations, and Software Updates

Buffer Overflow Vulnerabilities in Yokogawa ICS Gear Patched (Threatpost) Vulnerabilities in production control system software used in manufacturing, energy and other critical industries worldwide have been patched by the vendor, an advisory from the Industrial Control System Cyber Emergency Response Team said

Cyber Trends

Firms braced for more cyber attacks as sloppy practices continue (Microscope) Customers are braced for more cyber attacks but are continuing to make fundamental mistakes in regards to caring for their data according to the latest insights into the industry

Hospitals mining credit card data to predict and control patient behavior (FierceBigData) Say hello to new risk scores. Yes, credit behavior is taking on a whole new meaning. Credit behavior is no longer only predicting your risk as a borrower, but additionally your risk as a health liability on society and to health providers

Marketplace

In Fog Of Cyberwar, US Tech Is Caught In Crossfire (Dark Reading) Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth

WatchGuard leads the way in key security markets (TechDay) WatchGuard Technologies has been identified as a leader in three categories of Unified Threat Management and Next Generation Firewall, cementing the company's position within the industry

Leidos Awarded Contract By Wichita Airport Authority (Wall Street Journal) Leidos (NYSE: LDOS), a national security, health, and engineering solutions company, was awarded a prime contract by the Wichita Airport Authority to install and integrate IT/communications systems for the new airport terminal at Wichita Mid-Continent Airport, now known as the Dwight D. Eisenhower National Airport. The single-award firm, fixed-price (FFP) contract has a 10-month period of performance and a total contract value of approximately $10 million. Work will be performed in Wichita, Kan

CERDEC Supports U.S. Army Effort to Modernize Crypto Devices (SIGNAL) CERDEC's Space and Terrestrial Communications Directorate engineers integrate modern protective equipment into an active circuit while simultaneously pulling out the legacy hardware. One by one, U.S. Army engineers are updating legacy cryptographic equipment in an effort to catch up, and then keep pace, with 21st century technological advances already made to the service's tactical networks

KnowBe4 Acts on Security Threat Concerns with Ransomware Warranty (Insurance News Net) In response to a recent study done on IT professionals, KnowBe4 CEO Stu Sjouwerman announced an extension of the company's offer to pay any customer's cyber ransom with Bitcoin if they are hit after stepping through KnowBe4's security awareness training. Our 300+ sample study shows 88% of IT professionals expect ransomware to grow the rest of this year. The proliferation of ransomware attacks include a shift from PCs to mobile devices and can add up to dire consequences for organizations with BYOD

Products, Services, and Solutions

Tufin security orchestration puts spotlight on policies (TechTarget) Tufin Technologies introduced an upgraded version of its security orchestration platform that gives administrators a unified, easy-to-digest display of network segments and their associated security policies

Technologies, Techniques, and Standards

Is encryption the prescription for smartphone-based medical care? (FierceMobileIT) I came across an interesting survey about mobile healthcare. It seems that most smartphone users want to communicate with their doctors using their smart device

Big Data security mistakes, tips and tricks (Help Net Security) In this interview, Mark Cusack, Chief Architect at RainStor, talks about the main challenges of handling petabyte-scale volumes of data, illustrates the most obvious mistakes that companies make with their Big Data projects and offers advice to organizations about to welcome Big Data into their cloud storage environments

Titan: Enabling Low Overhead and Multi-faceted Network Fingerprinting of a Bot (SysNet) Botnets are an evolutionary form of malware, unique in requiring network connectivity for herding by a botmaster that allows coordinated attacks as well as dynamic evasion from detection. Thus, the most interesting features of a bot relate to its rapidly evolving network behavior. The few academic and commercial malware observation systems that exist, however, are either proprietary or have large cost and management overhead. Moreover, the network behavior of bots changes considerably under different operational contexts. We first identify these various contexts that can impact its fingerprint. We then present Titan: a system that generates faithful network fingerprints by recreating all these contexts and stressing the bot with different network settings and host interactions. This effort includes a semi-automated and tunable containment policy to prevent bot proliferation. Most importantly, Titan has low cost overhead as a minimal setup requires just two machines, while the provision of a user-friendly web interface reduces the setup and management overhead

How to Block Automated Scanners from Scanning your Site (Acunetix) This blog post describes how to block automated scanners from scanning your website. This should work with any modern web scanner parsing robots.txt (all popular web scanners do this)

6 Things That Stink About SSL (Dark Reading) Users might not care to trust the very mechanism that's supposed to provide online trust

User Education Key in Fighting Mobile Malware (eSecurity Planet) Train users to read and heed mobile application permissions, says McAfee Labs

Design and Innovation

In defense of techno-panics: Why a little worry can be a good thing (IT World) We're not endorsing full-on freakouts about every exciting new technology. But sometimes a little pushback can be a good thing

Research and Development

Locking Down The Chip (Semiconductor Engineering) The push toward securing chips is complicated by the amount of third-party IP that is being used inside of today's complex SoCs. This has cast new light on the potential for on-chip networks to also function in securing signals that flow through those networks

US lawmaker asks FTC to probe implications of Facebook 'big data' experiment (CSO) A U.S. senator has asked the Federal Trade Commission to scrutinize the use of big data by Facebook and other Internet companies, following a controversy over a Facebook experiment on some of its users

What would make you quit Facebook? Here's what you said… (Naked Security) Last week we asked our readers to take a poll about Facebook's controversial social experiment on thousands of unknowing users

Academia

Academia's Cyber Awakening (Hacksurfer) Academia is finally starting to really invest in cybersecurity as an option of course study for many students at the undergraduate and graduate levels. Schools like Carnegie Mellon, University of Southern California, Duke, and several others are creating programs and adding courses to their existing curricula

Narus and Politecnico di Torino Announce New Cyber Innovation Center (IT Business Net) Narus, Inc., a subsidiary of Boeing NYSE:BA and leader in big data analytics for cybersecurity solutions, and the Politecnico di Torino, one of the most recognized research universities in Italy, announced a new Cyber Innovation Center. Located on the prestigious engineering university's campus, the new center will focus on advanced cybersecurity research projects and prototyping of technologies that help identify and resolve cyber threats. Leveraging the expertise of local talent, the new center will also foster advanced science, technology, engineering and math (STEM) education while generating new technologies that will be integrated into Narus products

Penn State's Security and Risk Analysis program receives NSA designation (Penn State News) From allegations of Chinese hackers stealing American companies' trade secrets to a security breach at Target that compromised the personal and financial data of millions of customers, the United States is dealing with increasingly sinister security and privacy threats. To combat the onslaught of cybercrime, the government is in dire need of robust cybersecurity tools and practices, as well as individuals who are qualified to develop and execute them

Legislation, Policy, and Regulation

Joint Statement by the Office of the Director of National Intelligence and the Department of Justice on Court-ordered Legal Surveillance of U.S. Persons (IC on the Record) It is entirely false that U.S. intelligence agencies conduct electronic surveillance of political, religious or activist figures solely because they disagree with public policies or criticize the government, or for exercising constitutional rights

China, U.S. say committed to managing differences (Reuters via Yahoo! News) China and the United States need to manage their differences, the leaders of both countries said on Wednesday at the start of annual talks expected to focus on cyber-security, maritime disputes, the Chinese currency and an investment treaty

Review aimed at framework for cyber stability plows familiar ground (Inside Cybersecurity) A yearlong State Department study effort to craft a "framework for international cyber stability" has produced a draft report endorsing ongoing work on international norms of behavior for cyberspace and urging industry involvement, though the document fails to break much new ground

NSA efforts to gather data by weakening cybersecurity are self-defeating, experts say (FierceGovernmentIT) The National Security Agency's attempts to enhance U.S. security through the massive collection of personal computer and communications data has actually had the opposite effect, a panel of industry experts maintained

The Era of the Unfettered Surveillance State (Valdosta Today) On Sunday, the Washington Post released a bombshell stemming from a four-month long investigation by The Post, finding that "ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks"

UK Fast Tracks Emergency Surveillance Law (TechCrunch) The UK government has confirmed it will introduce emergency legislation next Monday that will require Internet and phone companies to keep records of customer metadata

UK's emergency data retention law: Balancing security and fundamental rights is a tricky business (TNW) The UK's Prime Minister David Cameron and Deputy Prime Minister Nick Clegg have just wrapped up a press conference explaining why emergency security legislation had to be put into place to ensure that ISPs and other communications providers continued to keep records of users' activity for up to 12 months

Azerbaijan's Electronic Safety Centre joins APWG (Azernews) The Azerbaijani Centre of Electronic Safety under the Communications and High Technologies Ministry has become member of the Anti-Phishing Working Group (APWG). The membership will create opportunities for successful continuation of Azerbaijani electronic safety policy on the international arena

Final deadline: Register your UAE Sim card now or lose it forever (Emirates 24/7) All mobile subscribers of the UAE's two telecom operators, etisalat and du, who have not re-registered their Sim cards with their respective service providers will have their numbers deactivated from July 16

Army Leaders Defend Flawed Intelligence System (Boston.com) Gen. John Campbell, the army's vice chief of staff and nominee to lead U.S. forces in Afghanistan, cited his son's experiences as a soldier there to answer a senator's tough questions last year about a troubled intelligence technology system

Instagram's ambiguous takedown highlights the challenge for foreign apps in China (Quartz) Another day, another foreign app blocked in the world's biggest mobile market

Litigation, Investigation, and Law Enforcement

Researcher: I Was Suspended For Finding Flaws In FireEye Security Kit (Forbes) A security researcher's life is one filled with with awful nadirs and dizzying zeniths. In uncovering weaknesses in other people's kit, damaging the reputation of the affected manufacturer but making the web that little bit safer, they risk being torn apart by interested parties or exalted by the security community for doing a good job. Yesterday, one thought he'd lost his job simply because he posted information on the internet about vulnerabilities in security technologies made by FireEye, one of the hottest names in the malware defence industry

Newly Released Foreign Intelligence Surveillance Court Primary Orders Related to Collection and Use of Telephony Metadata (IC on the Record) Following a declassification review by the Executive Branch, the Department of Justice released on July 8, 2014, in redacted form, three primary orders issued by the Foreign Intelligence Surveillance Court in 2009. These orders authorized the National Security Agency's collection and use of telephony metadata under Section 501 of the Foreign Intelligence Surveillance Act

New Verizon Transparency Report Shows Large Government Appetite for Location, Content Data (Threatpost) Verizon said in a new transparency report that though the number of some kinds of orders dropped — including wiretap orders and warrants — others rose, including general orders and pen register and trap and trace orders, and the company received nearly 150,000 total orders in the first half of 2014

Target to Seek Lawsuit Dismissals (Data Breach Today) Target Corp. has requested that a U.S. district court halt the discovery process for class action lawsuits stemming from its December 2013 data breach until the court can consider its forthcoming motions to dismiss most of the suits

Google lawsuit highlights why every business needs to manage its online presence (Naked Security) Long before the internet was born, the secret to running a successful business was, according to my business tutor, primarily about location, location, location

Vermont Attorney General Fines Local Business For Failing To Notify Consumers Of Security Breach (Office of Inadequate Security) Shelburne Country Store in Shelburne, Vermont will pay a $3,000 civil penalty for failing to inform 721 internet buyers of a security breach of their credit card information. In late 2013, the company's website was hacked and credit card information stolen. Upon being informed of the breach in January 2014, the company quickly fixed the problem, but did not notify consumers until it was contacted by the Attorney General's Office

Microsoft drops case that severed DNS hosting for millions of No-IP nodes (Ars Technica) No-IP didn't knowingly harbor botnet operators targeted in takedown, MS declares

Judge denies Silk Road's demands to dismiss criminal prosecution (Ars Technica) Ross Ulbricht claimed he couldn't have laundered money, as Bitcoin isn't money

Germany Just Kicked Out The CIA Chief In Berlin (Business Insider) Germany has asked the top U.S. spy in the country to leave, according to multiple reports

Germany investigates second U.S. spy case (USA Today) Germany is investigating a second case of a German allegedly spying for the United States. The country is already outraged over allegations that the National Security Agency (NSA) carried out mass surveillance of both politicians and voters

Motorola devices could be banned in Germany after it loses patent fight (ZDNet) A local court in the country has found that some Moto handsets infringe a manufacturing process

Lawyer: Snowden asks to extend stay in Russia (Seattle Times) Former National Security Agency contractor Edward Snowden has applied to extend his stay in Russia, his lawyer said Wednesday

Jill Abramson Talks Obama Secrecy and Her New York Times Firing (Daily Beast) Two months after her abrupt exit from the Gray Lady, the former executive editor delivered a speech about how different Obama is from Bush — and why she was dismissed from her post

Glenn Greenwald on Why the Latest Snowden Leak Matters (Wired) After weeks of broadcasting his intention to "name names" and publish the identities of specific Americans targeted by the NSA and FBI for surveillance, journalist Glenn Greenwald finally made good on his promise

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, July 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics...

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...

Seminar: Cybersecurity Framework for Protecting our Nation's Critical Infrastructure (Marietta, Georgia, USA, July 22, 2014) The Automation Federation and Southern Polytechnic State University will co-sponsor the "Cybersecurity Framework for Protecting our Nation's Critical Infrastructure." a free seminar from 8 a.m. to noon...

SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...

STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, August 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT.

Passwords14 (Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...

BSidesLV 2014 (Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...

DEF CON 22 (Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

South Africa Banking and ICT Summit (Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.