The Chinese campaign against international supply chains discovered this week appears to have used contaminated firmware in commonly used industrial barcode scanners to gain access to shipping and logistical networks. Coincidentally the US Government Accountability Office (GAO) releases a report excoriating the Department of Homeland Security (and subordinate agencies FEMA and the Coast Guard) for inattention to port and maritime cyber security.
South Asian cyber-rioting returns with Indonesian hackers defacing more than 2000 Indian websites. But a more consequential problem for India remains the digital certificate breach found this week. Both Google and Microsoft hustle to mitigate the problem: the effects of the breach are unknown, but are surely international and larger than one initially hoped.
IBM discovers two new variants of the Boleto malware. Gameover Zeus returns, as expected. The Blackshades RAT remains popular despite the attentions of international law enforcement.
The denial-of-service campaign suffered by Norwegian banks, airlines, telecom companies, and insurers earlier this week is resolved with the arrest of a teenaged script kiddie who exploited WordPress's pingback feature in the hack.
SANS expert Pescatore describes tension between compliance and security (and says he'd take security every time).
A Ponemon study finding power utilities poorly prepared to withstand cyber attacks prompts concerned punditry from the Economist and others.
The US investigates supply chain and OPM network hacking, and objects to Chinese espionage. Germany expels the CIA's Berlin station chief and objects to US espionage.
International police work hits Shylock and Blackshades. Seleznev fils faces a RICO rap.
Today's issue includes events affecting Brazil, China, Colombia, European Union, France, Germany, India, Indonesia, New Zealand, Norway, Russia, Ukraine, United Kingdom, United States..
How a Scanner Infected Corporate Systems and Stole Data: Beware Trojan Peripherals(Forbes) A new form of highly targeted cyber attack patently demonstrates the shift in malware sophistication and motivation. Annoying hacker pranks done for fun and sport have been supplanted by sophisticated, multi-stage software systems designed for espionage and profit. The new attack, discovered by TrapX, a developer of security software formerly known as CyberSense, is one of an increasingly common genre known as an Advanced Persistent Threat (APT) of the type that stole debit card numbers from Target TGT -0.02% or sensitive data and login credentials from any number of companies. What makes this recent attack noteworthy isn't its basic design, operation or targets, but means of initial delivery: contaminated firmware on a type of industrial barcode scanner commonly used in the shipping and logistics industry
Boleto Malware: Two New Variants Discovered(Security Intelligence) Cyber criminals have been targeting the Boleto payment method in Brazil throughout the past year, leading to an estimated $3.75 billion in losses, according to a recent report issued by RSA, the security division of EMC. The report details the actions of one specific fraud ring — the "Boleto bandits" — and discusses the Boleto malware they use to commit fraud. The report is very helpful in exposing this dangerous threat, which is well known to the Brazilian banking industry, to the general public. Like every bit of news, there is always more to the story
Gameover Zeus Trojan Returns(BankInfoSecurity) After takedown, criminals launch new version, botnet. Gameover Zeus appears to have returned, just one month after an international law enforcement operation targeted the malware in a high-profile takedown operation
Crooks Seek Revival of 'Gameover Zeus' Botnet(Krebs on Security) Cybercrooks today began taking steps to resurrect the Gameover ZeuS botnet, a complex crime machine that has been blamed for the theft more than $100 million from banks, businesses and consumers worldwide. The revival attempt comes roughly five weeks after the FBI joined several nations, researchers and security firms in a global and thus far successful effort to eradicate it
New Version Of NgrBot Wipes Hard Drives(Fortinet) NgrBot is a modified IrcBot. It has the capability to join different Internet Relay Chat (IRC) channels to perform various attacks according to the IRC-based commands from the command-and-control (C&C) server. Recently, our botnet monitoring system captured an NgrBot variant with hardcoded version 184.108.40.206
Tinba Banker Trojan Source Code Leaked(Threatpost) The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the crimeware kit
Hacking Any Facebook Accounts using REST API(eHacking News) Stephen Sclafani , a Security Researcher, has discovered a critical security vulnerability in the Social Networking giant Facebook that allowed him to hack any facebook accounts
Brazilians in the Russian Underground(TrendLabs Security Intelligence Blog) Monitoring the cybercriminal underground sometimes leads us down some interesting paths. We recently encountered a cybercriminal posting in a Russian underground forum which led to the discovery of more than 136,000 stolen credit card credentials
Microsoft Security Advisory 2982792: Improperly Issued Digital Certificates Could Allow Spoofing(Microsoft Security Tech Center) Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue
Google Constrains India CCA Root Cert in Wake of Bad Google and Yahoo Certificates Appearing(Threatpost) The Indian Controller of Certifying Authorities said that the certificate-issuance process for the National Informatics Centre of India, which issued several fraudulent certificates recently, which were blocked by Google, has been compromised and Google has decided to constrain India CCA's root certificate to a handful of domains in a future Chrome release
Hackers Inc(Economist) Cyber-attackers have multiplied and become far more professional
World War Zero: How Hackers Fight to Steal Your Secrets(TIME) Aaron Portnoy started his hacking career when he was still in high school, at the Massachusetts Academy of Math & Science in Worcester, which not coincidentally was the institution he hacked. He did it as follows: Portnoy had a friend call one of the dorms, posing as tech support. The students were more than happy to give him their passwords. Hiding behind those borrowed accounts and routing his approach through proxies in various foreign countries, Portnoy wormed his way into the school's network through a bug in the system that's technically known as a vulnerability, or even more technically as a zero-day. "I had access to every email, grades, everything," he says. "They had a number of issues with their
The emergence of the Digital Risk Officer(Help Net Security) More than half of CEOs will have a senior "digital" leader role in their staff by the end of 2015, according to the 2014 CEO and Senior Executive Survey by Gartner. Gartner said that by 2017, one-third of large enterprises engaging in digital business models and activities will also have a digital risk officer (DRO) role or equivalent
Say hello to the Power Pivoting CISO(Graham Cluley) A few years ago, if a CEO had posed the question of "Are we secure?" to the security team or CISO, many would have responded with statements revolving around new technology they've deployed or point to trailing indicators of success, anecdotally proving their worth by stating they haven't been breached
Cyber Crime in Colombia: An Underestimated Threat?(InsightCrime) Cyber crime costs Colombia's economy hundreds of millions of dollars and affects up to six million Colombians every year, according to some estimates. Is the government doing enough to combat this rapidly evolving threat?
Consumers don't trust any industry with their personal data(Help Net Security) U.S. consumers have little faith that companies are able to keep their person data safe. The sentiment crosses nearly all industries with consumers saying that the lack of trust will likely affect purchase habits, according to Radius Global Market Research
Here's why you may never be truly anonymous in a big data world(Quartz) Big data — the kind that statisticians and computer scientists scour for insights on human beings and our societies — is cooked up using a recipe that's been used a thousand times. Here's how it goes: Acquire a trove of people's highly personal data — say, medical records or shopping history. Run that huge set through a "de-identification" process to anonymize the data. And voila — individuals become anonymous, chartable, and unencumbered by personal privacy concerns
KEYW and Oracle Collaborate on Advanced Security Solutions(MarketWatch) The KEYW Holding Corporation's subsidiaries KEYW Corporation KEYW +7.93% and Hexis Cyber Solutions, Inc. (Hexis) are working with Oracle's National Security Group (NSG) on advanced solutions for certain mission applications and advanced analytic development for KEYW's U.S. Government customers
AVG Internet Security 2014 — All New Features and Updates(Streetwise Tech) AVG is one of the online security company providing top rated software and services to protect information, data, gadgets and devices from numerous viruses and threats. As of March 31, 2014, the company has garnered over 187 Million active PC users who frequently make use their products and services including Identity protection, privacy and their ever famous Internet Security
PhishLabs Launches New ATO|Prevent Service for Banks and Credit Unions(Digital Journal) PhishLabs, the leading provider of cybercrime protection and intelligence services that fight back against online threats, announces the launch of ATO|Prevent™ to help banks and credit unions stop account takeover (ATO) and reduce losses due to online fraud. ATO|Prevent provides proactive detection and mitigation of account takeover attacks that target bank customers and credit union members
Assessing Akamai Kona Security Solutions(InformationWeek) Distributed denial of service (DDoS) and Web application attacks can have a significant negative impact on Web application data and security, business operations, and company reputation
How to Fix the Government's Security Clearance Mess(DefenseOne) The federal government's security clearance process has been under intense scrutiny since last year's Washington Navy Yard shooting by Aaron Alexis, a Marine Corp contractor with secret-level clearance and Edward Snowden's unprecedented leak of classified information. In March, Defense Secretary Chuck Hagel pledged to correct "gaps or inadequacies in the department's security" that could facilitate these types of incidents. If the federal government applied the same sort of risk analysis tools that insurance companies perform when they take on new clients, we could remove internal threats and maintain the safety of federal employees and government contractors
Cyber camp gives students a peek into high-paying field(Daytona Times) Forty students from schools throughout Central Florida became junior cyber sleuths June 23-26, participating in a virtual world of fun, learning and interactive challenges at Daytona State College's second annual summer cyber camp
Global Raids Target 'Blackshades' Hacking Ring(Wall Street Journal) The Federal Bureau of Investigation and foreign police agencies have launched a series of raids around the world at the homes of people linked to a type of hacking software called Blackshades, according to posts on hacker forums and people familiar with the investigation
Computer cops strike at the heart of Shylock malware(Hot for Security) Computer crime fighters have today announced that they have seized essential infrastructure used by the highly advanced Shylock banking malware, effectively neutralising an attack which has already infected at least 30,000 Windows computers
Roman Seleznev (AKA Bulba, AKA Track2, AKA NCUX) appears in US Court in Guam(Cyber Crime and Doing Time) The media is buzzing about the arrest of hacker and stolen credit card vendor Roman Seleznev who has appeared in court in the US territory of Guam after being arrested in the Maldives. We wrote about Seleznev as part of the RICO racketeering case against the owners and operators of the Carder.su website. (See The Carder.su indictment: United States v. Kilobit et. al.) but that was only the first part of Seleznev's trouble. Until this weekend, the original 27-page indictment against Seleznev in the Western District of Washington was under court seal
Microsoft busts cyber crooks(My Broadband) Microsoft said it has freed at least 4.7 million infected personal computers from control of cyber crooks
'The Americans have humiliated us again'(The Local: German Edition) Germany's expulsion of the CIA station chief in Berlin in a spy row with the United States has found widespread support in the country. But what happens now?
Teen arrested for bank hack crime(The Local: Norwegian Edition) A 17-year-old youth from Bergen has been charged with Tuesday's cyber-attack on 11 businesses across Norway
Blogger fined €1,500 for harsh restaurant review(The Local: French Edition) A French blogger has been ordered by a court to pay €2,500 in damages and costs after a judge ruled that her harsh review of a restaurant crossed the line from criticism into insult. Does the judgement set a dangerous precedent for internet freedom?
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
i-Society 2014(London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.