Fighting in Gaza and Israel calls out cyber-rioters, mostly pro-Palestinian hacktivists. So far attacks seemingly amount to nuisance-level vandalism.
The scanner-based campaign against international shipping, traced to China and increasingly attributed to the Chinese government, now has a name: "Zombie Zero." Logistics companies using industrial scanners are most affected by the pre-installed malware, which exploits vulnerabilities in Windows XP. TrapX notes that the command-and-control server appears to be located at the Lanxiang Vocational School, an institution associated with the PLA's 2012 Operation Aurora.
The US indicts another Chinese national, a businessman accused of industrial espionage conducted by compromise of Boeing networks. The Washington Post reports a Chinese cyber espionage campaign against US biofuel manufacturer Algenol, suggesting broad, continuing Chinese interest in the energy sector.
Neither side in the ongoing Sino-US cyber dispute seems ready to back off: Chinese state media denounce the iPhone as a security threat because of its geolocation features. (Apple issues a surprising mild demurral.) US authorities say no data appear to have been lost in the recent Chinese cyber attack on the Office of Personnel Management.
The US Secret Service warns the hospitality industry that hotel Wi-Fi is dangerously insecure.
The goal of a long-running Facebook and Dropbox credential theft effort remains unclear, but the campaign itself suggests preparation for large-scale crime or espionage.
As expected, Gameover Zeus and Cryptolocker have begun to recover from their takedowns.
Corporate boards worry about cyber security, but corporate resources aren't following their concerns. Insurers grapple with assessing cyber risk.
Today's issue includes events affecting Albania, Australia, Canada, China, India, Israel, Japan, Palestinian Territories, South Africa, United Kingdom, United States..
We'll be providing live coverage from New York City of Thursday's SINET Innovation Summit.
Why were this company's computers attacked millions of times this year? Algae.(Washington Post) About 16 months ago, a Florida-based biofuel company called Algenol noticed that its Internet service was slowing down. In checking that out, Jack Voth, Algenol's information technology chief, stumbled on something odd: a telnet connection to its videoconference camera from an Internet Protocol address in China, a country where Algenol has never sought to do business
China Labels iPhone a Security Threat(Wall Street Journal) China's influential state broadcaster on Friday called a location-tracking function offered by Apple Inc. AAPL +0.78%'s iPhone a "national security concern," in the latest sign of a backlash in the country against U.S. technology firms
No likely data breach from reported Chinese hacking: US(AFP via Yahoo! News) The personal data of thousands of US government workers was not compromised in a recently reported cyber attack, officials say, amid fresh allegations that Chinese hackers accessed computers housing employee information
Beware Keyloggers at Hotel Business Centers(Krebs on Security) The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests
"Gameover" malware returns from the dead…(Naked Security) In early June 2014, international law enforcement agencies combined to carry out a hugely successful action called Operation Tovar against the cybercrime group behind the malware family known variously as Gameover, Gameover Zeus or GOZ
Gameover Zeus Trojan Returns(BankInfoSecurity) Gameover Zeus appears to have returned, just one month after an international law enforcement operation targeted the malware in a high-profile takedown operation
CryptoLocker's delivery platform remains operational(CSO) A new report from BitDefender warns that the content delivery network used by CryptoLocker is still up and running, and while it isn't serving the ransomware that made it famous, it's still a vital communications channel for various other threats
The Vice in the Device #2(Cyactive) With the number of new mobile malware growing by 167 percent over the past year, and mobile phones taking an ever increasing part in people's daily lives, a number of major new mobile malware were discovered lately, reusing code and methods from earlier malware
Hacking Gets Physical: Utilities At Risk For Cyber Attacks(Forbes) Imagine this: Your city has been out of electricity for a full day because the power grid is being held ransom by an international group of hackers, demanding money before electricity will be restored. While this might sound like the plot of a dystopian novel, Dr. Larry Ponemon, founder of the Ponemon Institute, says this kind of attack on an electrical grid or water system could be in our future if critical infrastructure sectors don't improve their security systems
Cyber attacks target teleco industry(Business Tech) Kaspersky Lab has found that targeted cyber attacks are on the rise year-over-year, and also identified the business sectors most likely to be targeted
Exploring the BYOD security dynamic(Help Net Security) Webroot examined the use and security of personal mobile devices in the work environment from both the employee and employer perspectives
Empowered Millennials expect BYOD(Help Net Security) New data finds that Millennials — the new generation of workers born between the early 1980s and the early 2000s — are highly dedicated to their jobs and often times work well beyond normal business hours. Yet they remain fiercely independent in their work habits — craving greater freedom and flexibility to work whenever and wherever they feel most productive
Japan rushes to thwart cyber onslaught(The Age) Shortly after the alert sounded at 9.10pm, Yahoo Japan Corp.'s risk team knew it had a problem. More than 20 million usernames and passwords belonging to its customers were being dumped into a file, primed to be stolen
Cyber crime still evolving, many breaches uninsured: Crawford & Company(Canadian Underwriter) Crawford & Company has released a white paper meant to help insurance companies and adjusters better understand the current cyber risk environment and how insurers are addressing a risk that continues to be a global threat to millions of commercial enterprises and consumers
Closing the Back Door — Responding to the Whisper Campaign(Trend Micro: Simply Security) The Information Technology (IT) industry is a huge economic driver for the world economy. Purchasing products and solutions are based not only on superior technology, but also whether you have trust and confidence in a vendor
Security approval gives Samsung access to Australian government market(CSO) Media reports may have suggested that that Samsung was going to give up on its Knox security platform, but the Common Criteria approval of its flagship Galaxy S5 smartphone is likely to give the platform new momentum as the company pushes into the lucrative Australian government market
The Return Of FireEye (FEYE)(Seeking Alpha) FireEye Inc. (FEYE) provides IT security software for corporations and government entities to detect, remove, and prevent cyber-attacks. With a virtual-based platform, FireEye products can protect against threats in real time, and prevent threats from materializing in the first place. In short, this company is a hacker''s worst nightmare. Since its IPO, FEYE has had a somewhat rocky ride, evidenced by the graph below
ARM, Quarri ink Web security deal(ITWeb) African security management provider African Risk Mitigation (ARM) has signed a distribution agreement with Quarri Technologies, a Web information security software company that empowers organisations to keep their sensitive data secure, to distribute its Web and browser security solutions
eScan Internet Security Features(Streetwise Tech) eScan Internet Security has been designed to protect homes and businesses from threats, viruses, malware, worms, spyware and Trojan horses from destroying their system
Technologies, Techniques, and Standards
Securing the virtual environment(Help Net Security) So you have you a shiny new virtual environment up and running. You may have virtualised all your servers, so that your business-critical databases, CRM systems, ERP applications and email all reside in a virtual environment. It has been a long project, but now it is complete and you are experiencing the operational, performance and cost gains. Stop! Think! Have you covered all the bases? Have you thought about security?
Firewall Policies: How to Build a Better Policy(Fortinet Blog) As networks become more advanced, so do the demands placed upon your firewall. As such, it is equally important to know how to make a firewall policy work, and to make it work well
The Internet of Things: How do you "on-board" devices?(Internet Storm Center) Certified pre-pw0ned devices are nothing new. We talked years ago about USB picture frames that came with malware pre-installed. But for the most part, the malware was added to the device accidentally, or for example by customers who later returned the device just to have it resold without adequately resetting/wiping the device
Heuristic Scanning and Sandbox Protection: Best of Both Worlds(TrendLabs Security Intelligence Blog) We have been dealing with targeted attacks and know that there is no single technology that can practicably defend an organization's network against these high-impact campaigns. This is sad, true, but it does mean there are ways to harness security technologies like sandboxing and heuristic scanning so that they work together to protect as a stronger whole
Army Issues RFI on Biometrics Research and Development Work(Executive Gov) The U.S. Army is seeking information on potential vendors that can perform biometrics-related research, development and implementation work for the Intelligence and Information Warfare Directorate of the Communications Electronics Research and Development Engineering Center
Welcome to the era of social network tyranny(Quartz) Amid growing calls for formal investigations into Facebook's disturbing mood manipulation research, media scholar Jay Rosen has a reminder for journalists, editors, and personal social media users alike: "Facebook has all the power. You have almost none"
DSU Develops Cyber Security Camp For High School Students(Yankton Daily Press and Dakotan) Next summer will bring a new kind of camp to South Dakota, one that not only features the time honored traditions of meeting new friends and staying up all night, but teaches campers the basics of cyber security. Dakota State was recently awarded a $100,000 grant from the National Science Foundation (NSF) to develop and host a cyber security camp July 20-25, 2014, for students entering grades 10-12
New York Gets Another Learn To Code Academy(TechCrunch) New York is getting a new tech skills training academy. The twist it that the just launched academy is being created by a dev studio drawing on their existing expertise making apps for others to teach budding entrepreneurs the web development skills they're going to need to turn their big idea into a big business. At a price, of course
Big Brother is Watching: Policing of the Future is Here Today Says Morgan Marquis-Boire(International Business Times) "There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time." This is a quote from George Orwell's dystopian novel Ninteen Eighty-Four which was publised 65 years ago. On Tuesday the UK government will fast-track legislation through parliament in order to safeguard the security of the country and its people — according to David Cameron at least
Liberty in security bodies law bid(Belfast Telegraph) A civil liberties campaign group says it has taken legal action against Government intelligence services because it believes its private communications have been "interfered with" in breach of human rights legislation
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
Resilience Week(Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day(Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.