As high-level Sino-American diplomacy (said to be "frank and productive") addresses cyber tensions, the US Department of Homeland Security acknowledges that Office of Personnel Management (OPM) networks were successfully attacked in March of this year. The attack was traced to China, but DHS stops short of attributing it to the Chinese government. The extent of penetration and data loss is unknown, or at least undisclosed, but the hackers were apparently after personal information on cleared US personnel.
Deep Panda appears to be a Chinese attempt to assess probable US courses of action with respect to Iraq and China's oil interests therein.
Combat in and around Gaza prompts hacktivist calls for an anti-Israel operation. Israeli security analysts expect denial-of-service attacks.
Foreign Policy marvels at ISIS/ISIL's information operations, asking bluntly how "a barbaric medieval caliphate" can use social media so deftly.
India's National Informatics Center was compromised to issue bogus Google certificates, quickly detected and revoked, but this is another blow to the shaky CA regime.
Cyphort discovers a "low-signal" campaign — "Nighthunter" — that's been quietly harvesting user credentials for five years. No attribution, but it appears to be reconnaissance for some unknown larger criminal or espionage effort.
FireEye finds the "BrutPOS" botnet active in the wild, going after poorly secured retail systems.
Zeus continues its evolution with a step back into retro obfuscation using PIF extensions.
The Blackshades RAT — multipurpose, easy-to-use, and relatively stealthy — remains a favorite of less technical cyber criminals.
Public disclosure of FireEye product vulnerabilities prompts discussion of NDAs.
Today's issue includes events affecting Azerbaijan, China, Germany, India, Iraq, Israel, Italy, Norway, Pakistan, Palestinian Territories, Syria, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States..
Next week the CyberWire will be covering SINET's Innovation Summit in New York. In addition to interviews and a special issue, we'll be live-tweeting from the conference.
Cyber Attacks, Threats, and Vulnerabilities
Chinese Hackers Pursue Key Data on U.S. Workers(New York Times) Chinese hackers in March broke into the computer networks of the United States government agency that houses the personal information of all federal employees, according to senior American officials. They appeared to be targeting the files on tens of thousands of employees who have applied for top-secret security clearances
Anonymous Norway claim massive cyber-attack on Norwegian banks(Digital Journal) A massive cyber-attack was launched Tuesday, simultaneously affecting many of the top banks and financial institutions in Norway. Dubbed the country's biggest-ever network attack, responsibility has already been claimed by Anonymous Norway
Google catches India with fake certificates(Help Net Security) As the world becomes more dependent, and some might say blindly so, on digital certificates it's only natural that attackers will seek to circumvent this trust. Whether because the Indian government was complicit or a victim of hacking in the issuance of certificates that impersonated Google, the result is the same — individuals, businesses, and even many governments placed blind trust in digital certificates and as such we're all the victims
BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems(Hacker News) Cyber criminals are infecting thousands of computers around the world with malware and are utilizing those compromised machines to break into Point-of-Sale (PoS) terminals using brute-force techniques, and the attackers have already compromised 60 PoS terminals by brute-force attacks against poorly-secured connections to guess remote administration credentials, say researchers from FireEye
Blackshades RAT is a Serious Threat(Akamai Blogs) Akamai's Prolexic Security Engineering & Research Team (PLXsert) is warning companies of stealth surveillance and computer hijacking attacks by the Blackshades Remote Administration Tool (RAT) crimeware kit
Vulnerability in AVG security toolbar puts IE users at risk(PCWorld) Implementation issues with AVG Secure Search, a browser toolbar from antivirus vendor AVG Technologies that's supposed to protect users from malicious websites, could have allowed remote attackers to execute malicious code on computers
DHS Releases Hundreds of Documents on Wrong Aurora Project(Threatpost) In response to a Freedom of Information Act request for information about the Operation Aurora attack on Google and other organizations in 2009 the Department of Homeland Security released hundreds of pages of documents related not to that attack campaign, but to the Aurora project run at Idaho National Lab years earlier in which engineers destroyed a generator with a cyber attack as a demonstration
Cyber criminals imitate FIFA website for phishing: Kaspersky(Economic Times) Trying to cash in on the ongoing football World Cup frenzy, cyber criminals have come up with a webpage that imitates the original FIFA website, which has been designed for phishing activities, according to Russian cyber security solutions provider Kaspersky
Security Patches, Mitigations, and Software Updates
Buffer Overflow Vulnerabilities in Yokogawa ICS Gear Patched(Threatpost) Vulnerabilities in production control system software used in manufacturing, energy and other critical industries worldwide have been patched by the vendor, an advisory from the Industrial Control System Cyber Emergency Response Team said
In Fog Of Cyberwar, US Tech Is Caught In Crossfire(Dark Reading) Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth
WatchGuard leads the way in key security markets(TechDay) WatchGuard Technologies has been identified as a leader in three categories of Unified Threat Management and Next Generation Firewall, cementing the company's position within the industry
Leidos Awarded Contract By Wichita Airport Authority(Wall Street Journal) Leidos (NYSE: LDOS), a national security, health, and engineering solutions company, was awarded a prime contract by the Wichita Airport Authority to install and integrate IT/communications systems for the new airport terminal at Wichita Mid-Continent Airport, now known as the Dwight D. Eisenhower National Airport. The single-award firm, fixed-price (FFP) contract has a 10-month period of performance and a total contract value of approximately $10 million. Work will be performed in Wichita, Kan
CERDEC Supports U.S. Army Effort to Modernize Crypto Devices(SIGNAL) CERDEC's Space and Terrestrial Communications Directorate engineers integrate modern protective equipment into an active circuit while simultaneously pulling out the legacy hardware. One by one, U.S. Army engineers are updating legacy cryptographic equipment in an effort to catch up, and then keep pace, with 21st century technological advances already made to the service's tactical networks
KnowBe4 Acts on Security Threat Concerns with Ransomware Warranty(Insurance News Net) In response to a recent study done on IT professionals, KnowBe4 CEO Stu Sjouwerman announced an extension of the company's offer to pay any customer's cyber ransom with Bitcoin if they are hit after stepping through KnowBe4's security awareness training. Our 300+ sample study shows 88% of IT professionals expect ransomware to grow the rest of this year. The proliferation of ransomware attacks include a shift from PCs to mobile devices and can add up to dire consequences for organizations with BYOD
Products, Services, and Solutions
Tufin security orchestration puts spotlight on policies(TechTarget) Tufin Technologies introduced an upgraded version of its security orchestration platform that gives administrators a unified, easy-to-digest display of network segments and their associated security policies
Big Data security mistakes, tips and tricks(Help Net Security) In this interview, Mark Cusack, Chief Architect at RainStor, talks about the main challenges of handling petabyte-scale volumes of data, illustrates the most obvious mistakes that companies make with their Big Data projects and offers advice to organizations about to welcome Big Data into their cloud storage environments
Titan: Enabling Low Overhead and Multi-faceted Network Fingerprinting of a Bot(SysNet) Botnets are an evolutionary form of malware, unique in requiring network connectivity for herding by a botmaster that allows coordinated attacks as well as dynamic evasion from detection. Thus, the most interesting features of a bot relate to its rapidly evolving network behavior. The few academic and commercial malware observation systems that exist, however, are either proprietary or have large cost and management overhead. Moreover, the network behavior of bots changes considerably under different operational contexts. We first identify these various contexts that can impact its fingerprint. We then present Titan: a system that generates faithful network fingerprints by recreating all these contexts and stressing the bot with different network settings and host interactions. This effort includes a semi-automated and tunable containment policy to prevent bot proliferation. Most importantly, Titan has low cost overhead as a minimal setup requires just two machines, while the provision of a user-friendly web interface reduces the setup and management overhead
Locking Down The Chip(Semiconductor Engineering) The push toward securing chips is complicated by the amount of third-party IP that is being used inside of today's complex SoCs. This has cast new light on the potential for on-chip networks to also function in securing signals that flow through those networks
Academia's Cyber Awakening(Hacksurfer) Academia is finally starting to really invest in cybersecurity as an option of course study for many students at the undergraduate and graduate levels. Schools like Carnegie Mellon, University of Southern California, Duke, and several others are creating programs and adding courses to their existing curricula
Narus and Politecnico di Torino Announce New Cyber Innovation Center(IT Business Net) Narus, Inc., a subsidiary of Boeing NYSE:BA and leader in big data analytics for cybersecurity solutions, and the Politecnico di Torino, one of the most recognized research universities in Italy, announced a new Cyber Innovation Center. Located on the prestigious engineering university's campus, the new center will focus on advanced cybersecurity research projects and prototyping of technologies that help identify and resolve cyber threats. Leveraging the expertise of local talent, the new center will also foster advanced science, technology, engineering and math (STEM) education while generating new technologies that will be integrated into Narus products
Penn State's Security and Risk Analysis program receives NSA designation(Penn State News) From allegations of Chinese hackers stealing American companies' trade secrets to a security breach at Target that compromised the personal and financial data of millions of customers, the United States is dealing with increasingly sinister security and privacy threats. To combat the onslaught of cybercrime, the government is in dire need of robust cybersecurity tools and practices, as well as individuals who are qualified to develop and execute them
China, U.S. say committed to managing differences(Reuters via Yahoo! News) China and the United States need to manage their differences, the leaders of both countries said on Wednesday at the start of annual talks expected to focus on cyber-security, maritime disputes, the Chinese currency and an investment treaty
Review aimed at framework for cyber stability plows familiar ground(Inside Cybersecurity) A yearlong State Department study effort to craft a "framework for international cyber stability" has produced a draft report endorsing ongoing work on international norms of behavior for cyberspace and urging industry involvement, though the document fails to break much new ground
The Era of the Unfettered Surveillance State(Valdosta Today) On Sunday, the Washington Post released a bombshell stemming from a four-month long investigation by The Post, finding that "ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks"
UK Fast Tracks Emergency Surveillance Law(TechCrunch) The UK government has confirmed it will introduce emergency legislation next Monday that will require Internet and phone companies to keep records of customer metadata
Azerbaijan's Electronic Safety Centre joins APWG(Azernews) The Azerbaijani Centre of Electronic Safety under the Communications and High Technologies Ministry has become member of the Anti-Phishing Working Group (APWG). The membership will create opportunities for successful continuation of Azerbaijani electronic safety policy on the international arena
Army Leaders Defend Flawed Intelligence System(Boston.com) Gen. John Campbell, the army's vice chief of staff and nominee to lead U.S. forces in Afghanistan, cited his son's experiences as a soldier there to answer a senator's tough questions last year about a troubled intelligence technology system
Researcher: I Was Suspended For Finding Flaws In FireEye Security Kit(Forbes) A security researcher's life is one filled with with awful nadirs and dizzying zeniths. In uncovering weaknesses in other people's kit, damaging the reputation of the affected manufacturer but making the web that little bit safer, they risk being torn apart by interested parties or exalted by the security community for doing a good job. Yesterday, one thought he'd lost his job simply because he posted information on the internet about vulnerabilities in security technologies made by FireEye, one of the hottest names in the malware defence industry
Target to Seek Lawsuit Dismissals(Data Breach Today) Target Corp. has requested that a U.S. district court halt the discovery process for class action lawsuits stemming from its December 2013 data breach until the court can consider its forthcoming motions to dismiss most of the suits
Vermont Attorney General Fines Local Business For Failing To Notify Consumers Of Security Breach(Office of Inadequate Security) Shelburne Country Store in Shelburne, Vermont will pay a $3,000 civil penalty for failing to inform 721 internet buyers of a security breach of their credit card information. In late 2013, the company's website was hacked and credit card information stolen. Upon being informed of the breach in January 2014, the company quickly fixed the problem, but did not notify consumers until it was contacted by the Attorney General's Office
Germany investigates second U.S. spy case(USA Today) Germany is investigating a second case of a German allegedly spying for the United States. The country is already outraged over allegations that the National Security Agency (NSA) carried out mass surveillance of both politicians and voters
Glenn Greenwald on Why the Latest Snowden Leak Matters(Wired) After weeks of broadcasting his intention to "name names" and publish the identities of specific Americans targeted by the NSA and FBI for surveillance, journalist Glenn Greenwald finally made good on his promise
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
Resilience Week(Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day(Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.