Israel's ground incursion into Gaza is accompanied by cyber operations on both sides. Israel is jamming Hamas (causing Hamas sites to show error messages); Hamas sympathizers are defacing Israeli sites with pro-Palestinian images and messages.
Ukrainian security services release transcripts of what purport to be intercepted telephone conversations of Russian intelligence officers regarding yesterday's horrific shootdown of Malaysian flight MH17 near Donetsk. Russian organs conduct an extensive information campaign in support of the slow-motion re-engorgement of Ukraine.
Observers close-read the US criminal complaint against Chinese businessman Su Bin and conclude it contains evidence of an ongoing privatization of cyber espionage.
A Pushdo Trojan variant emerges in the UK. It's using a new domain-generating algorithm and has infected more than 11k machines.
A new piece of ransomware, "Critroni," is being dropped by the Angler exploit kit. Citroni is unusual in being the first instance of crypto ransomware observed to use Tor for command-and-control.
Sentinel Labs updates its discovery of the bolt-on evasion kit Gyges, which Dark Reading calls "government-grade stealth malware." Gyges brings crimeware "anti-detection, anti-tampering, anti-debugging, and anti-reverse-engineering capabilities."
"Mayhem" malware is found in Australia and New Zealand, where it is roping Linux and Unix servers into botnets.
HP researchers buy an Aloha point-of-sale system on eBay and are appalled by what they find therein.
Chancellor Merkel calls for "sensible" US-German talks over espionage.
In what appears to be a policy shift, US Treasury Department is devoting more attention to cyber risk.
Australia moves closer to mandatory breach disclosure laws.
Today's issue includes events affecting Australia, European Union, France, Germany, India, Ireland, Israel, New Zealand, Palestinian Territories, Romania, Russia, Turkey, Ukraine, United Kingdom, United States, and Vietnam..
Israeli TV hijacked by Hamas hackers(Hot for Security) Some satellite TV viewers in Israel got a surprise on Monday, when their regular programming was interrupted by an unscheduled transmission calling for an end to Israeli airstrikes in Gaza
Russian State TV Edits Wikipedia to Blame Ukraine for MH17 Crash(Global Voices) A day after a horrific plane crash in eastern Ukraine claimed the lives of nearly 300 people, speculation about who is to blame for shooting down the aircraft is in full swing. Leaders of Ukraine, Russia, and even the separatists in Donetsk have all placed responsibility on each other. In Kyiv, President Poroshenko blamed rebels in the east and criticized Russia for destabilizing the border. In Moscow, Vladimir Putin claimed that Kyiv is accountable for anything that happens in Ukraine. Donetsk's putative leader denies any role in the attack on Malaysian Flight MH17, saying it must have been the Ukrainian Air Force
Su Bin, Lode-Tech, And Privatizing Cyber Espionage In The PRC(Digital Dao) The criminal complaint against Chinese businessman Su Bin (aka Stephen Su, Stephen Subin) is a must-read. Be sure to read the Wall Street Journal article as well. It marks the first time that the FBI has issued an arrest warrant for a foreigner charged with an act of cyber espionage via a network attack that has until now been attributed solely to state actors like the PLA
Pushdo Trojan infects 11,000 systems in 24 hours(Help Net Security) Bitdefender has discovered that a new variant of the Trojan component, Pushdo, has emerged. 77 machines have been infected in the UK via the botnet in the past 24 hours, with more than 11,000 infections reported worldwide in the same period
Critroni Crypto Ransomware Seen Using Tor for Command and Control(Threatpost) There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say it's the first crypto ransomware seen using the Tor network for command and control
Malcovery Security Issues Special Brief on the Asprox/Kuluoz Malware Used in EZPass Email Security Attack(Digital Journal) Malcovery®, the leader in delivering actionable intelligence that can be applied to neutralize the threats and actions by cyber criminals in the areas of phishing, spam and malware, released today a "Special Brief: Today's Top Threats Report: Asprox/Kuluoz Malware," a free threat intelligence briefing that details the malware that was used in the recent headline making attacks on E-ZPass. Unfortunately, E-ZPass is the latest in a long list of brands infected by this dangerous malware
How I gained access to Amazon EC2 servers from Github Search(Appgrounds) GitHub is a great place to host public code repositories so you can share and show off your work. However, some unwary programmers will include sensitive information such as passwords or private keys in their git repos and push their code to the public, where it can be viewed by anyone who knows where to look. Github Search allows advanced filters that allow us to search for these private keys
Apple Implements Email Encryption in Transit for iCloud(Threatpost) Apple quietly began encrypting virtually all of the email flowing in and out of its servers for its iCloud.com, mac.com and me.com domains, a move that throws up an important roadblock for attackers and others attempting to snoop on those transmissions
IT security pros prioritise new tech over training(SC Magazine) New research from IT security vendor Websense and Ponemon Institute indicates that security professionals want their companies to invest in new technology, but are doing little to 'upskill' existing staff
Windows XP use rises among Irish businesses(The Independent) New figures show that use of the condemned computer operating system Windows XP has increased in Ireland since Microsoft ceased security support for the system in April. The figures, from global statistics firm Statcounter, suggest that Irish businesses still using the system may be dragging their feet in upgrading to a more secure platform
Are endpoints the most vulnerable part of the network?(Help Net Security) Only 39% of companies have advanced endpoint security protections in place even though 74% consider endpoints to be "most vulnerable" to a cyber-attack, and 76% say the number of endpoints is rising
Community Defense: World Cup Insights(Imperva) While most sports fans followed World Cup matches and results anxiously, some of us number geeks decided to add another dimension of analytics to this beautiful game. We wanted to have some fun with the data that we gather during the World Cup from our crowd-sourced threat intelligence service, called Community Defense, and map that data to matches
Unlocking the hidden value of information(Help Net Security) Unstructured content accounts for 90% of all digital information. This content is locked in a variety of formats, locations, and applications made up of separate repositories, according to IDC
Firms ready to invest in special cyber-security softwares: Study(Economic Times) Ensuring safety of financial transactions is becoming a priority for the firms, as many of them are willing to invest in a software specifically designed to protect financial details, says a survey by Russian cyber security solutions provider Kaspersky and B2B International
Tassie startup StratoKey headed to security stratosphere(CSO) After nearly three years in development, the May debut of Tasmanian startup company's StratoKey security tool has been rewarded with a finalist berth in upcoming awards from security giant RSA and the opportunity for the founders to present to a massive audience of regional security-industry figures
Tenable's TRM Dashboard Eases Compliance with Singapore's Complex Financial Services Regulations(IT Business Net) Tenable Network Security®, Inc., the leader in continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance, today announced the new SecurityCenter Continuous View (CV)™ pre-defined IBTRM dashboard, which makes it easy for the Financial and Insurance Institution sector to comply with the complex regulatory environment created by the Monetary Authority of Singapore's Technology Risk Management Guidelines
HP Appoints CEO Meg Whitman To Chairman Of The Board(TechCrunch) Meg Whitman just gained a bit more power within HP. The company's Board of Directors has appointed her to the chairman's spot following the departure of Ralph Whitworth earlier this week. Whitman was already serving as president and CEO of HP. She came on board following a tumultuous period of always-shifting leadership within HP and immediately set out to stabilize the
Products, Services, and Solutions
TrustPort Antivirus Software — The most interesting Software(Streetwise Tech) TrustPort antivirus software is the most interesting software nowadays. It has two scanning engines: AVG and BitDefender, however it lacks some features that most antivirus software have. It is great in detecting and removing viruses, threats, malware and spyware. Unfortunately, it does have the features of detecting new generation viruses and threats
Review: Microsoft Security Essentials Trusted Freeware(Streetwise Tech) According to the latest estimates, with over 90% of the people across the world owning a personal computer and laptop making use of the Windows Microsoft operating system, Microsoft Security essentials are in great demand. However, you need not fear. Microsoft Security essentials always provides a real-time antivirus and all the other protection for the home PC, which helps you to guard against spyware or any other malicious software that can create a problem in your personal computer
U.S. Army Grants Certificate of Networthiness (CoN) for 21 SolarWinds® IT Management Products(MarketWatch) SolarWinds SWI +2.13%, a leading provider of powerful and affordable IT management software, today announced that the U.S. Army Network Enterprise Technology Command (NETCOM) has accredited 21 unique SolarWinds solutions with a new Certificate of Networthiness (CoN), empowering Army IT Professionals to implement the network, systems and security management solutions in their IT infrastructures. The software is also listed on the U.S. Army CHESS IT e-mart, providing an easy and approved way for Army IT Pros to purchase SolarWinds software
eScan Anti Virus Edition with Cloud Security Antivirus(Steetwise Tech) Before moving towards eSacn Anti-Virus it is necessary to discuss what actually the word Anti-Virus Stand for?? Antivirus, anti-virus, or AV software is computer software used to avert, recognize and remove malicious computer viruses
Snowden Says Drop Dropbox, Use SpiderOak(Wall Street Journal) Edward Snowden singled out cloud-storage provider Dropbox for lacking security measures he says would protect users from government snooping. He then plugged smaller competitor SpiderOak, which he says does
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying(Wired) The internet is littered with burgeoning email encryption schemes aimed at thwarting NSA spying. Many of them are focused on solving the usability issues that have plagued complicated encryption schemes like PGP for years. But a new project called Dark Mail plans to go further: to hide your metadata
How to Investigate a Bitcoin Mining Malware Infection(Bit9+CarbonBlack) In my previous blog, I explained Bitcoin mining and provided an overview of a new type of malware used by malicious Bitcoin miners. In today's post, I take a closer look at a specific sample of this new breed of malware
Even Script Kids Have a Right to Be Forgotten(Krebs on Security) Indexeus, a new search engine that indexes user account information acquired from more than 100 recent data breaches, has caught many in the hacker underground off-guard. That's because the breached databases crawled by this search engine are mostly sites frequented by young ne'er-do-wells who are just getting their feet wet in the cybercrime business
Is use-after-free exploitation dead? The new IE memory protector will tell you(Fortinet) The Isolated Heap for DOM objects included in the Microsoft Patch Tuesday for June 2014 was just a fire drill aimed at making the exploitation of use-after-free (UAF) vulnerabilities more difficult. The patch for July 2014, however, has been quite a shock to exploit developers! In this release, Microsoft showed some determination in fighting back against UAF bugs with this improvement - the introduction of a new memory protector in Microsoft Internet Explorer, which would make exploitation of UAF vulnerabilities extremely difficult
Mitigating UAF Exploits with Delay Free for Internet Explorer(TrendLabs Security Intelligence Blog) After introducing the "isolated heap" in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call "delay free." This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits by making sure Internet Explorer does not free object's heap space immediately when its reference count is zero
Successful Heartbleed response still raises important questions(TechTarget) Heartbleed, the vulnerability in the open source OpenSSL encryption library, left organizations across the globe scrambling to apply patches in April. Security experts warned the flaw may expose enterprises' most sensitive of data, including keys used for X.509 certificates, user credentials and online communications
After Heartbleed: New realities of open source software security(TechTarget) According to a recent survey, security and quality are two of the top reasons enterprises leverage open source software in the workplace. Yet, after the events of Heartbleed, many organizations are looking at open source software with a wary eye
Keeping the RATs out: **it happens — Part 2(Internet Storm Center) As we learned in Part One of our exploration of Hazrat Supply's series of unfortunate events, our malicious miscreants favored multiple tools. We first discussed developing IOCs for HackTool:Win32/Zeloxat.A which opens a convenient backdoor on a pwned host. One note on that front, during analysis I saw network calls to zeroplace.cn (no need to visit, just trust me) and therefore added matching URI and DNS items to the IOC file. Again, I'll share them all completed for you in a day or two
Treasury's New Focus on Cyber-Risks(BankInfoSecurity) Treasury Secretary Jacob Lew this week took the precedent-setting step of publicly addressing what he referred to as the financial system's cybersecurity shortcomings. Lew's comments were noteworthy because they apparently mark the first time a member of the Treasury Department has directly addressed cyber-risks
Senate Weighs Botnet Busting Changes(infoRisk Today) The Obama administration wants Congress to update U.S. anti-hacking laws to allow law enforcement agencies to more easily crack down on fraudsters operating abroad, disrupt botnets used to distribute spam and distributed-denial-of-service attacks and bust "for hire" malware and botnet service providers
Guest Post: Would the USA Freedom Act End All Authorities for Bulk Collection?(Just Security) When the House passed the USA Freedom Act (H.R. 3361) in May, both Members and the administration announced that it would end bulk collection of metadata about Americans' communications. The administration is now urging Congress to pass the bill as soon as it can and Senators are now considering revisions to specific language in the House-passed bill
ACLU joins appeal of Idaho woman suing NSA(FierceHomelandSecurity) More than a month after a federal judge struck down a lawsuit that an Idaho woman filed against the National Security Agency's collection of cellphone data, the American Civil Liberties Union and the Electronic Frontier Foundation have taken on the case in the appeals process
ATM Cash-Out Strikes Red Cross Accounts(GovInfoSecurity) Federal authorities have announced the successful prosecution of yet another member of an international cybercrime ring that's been tied to a global ATM cash-out scheme. This time, the scheme was linked to the exploitation of prepaid cards provided by the American Red Cross to disaster relief victims after the network hack of a payments processor used by the charity, investigators say
Engineer Arrested Over Massive Benesse Holdings Data Leak(Softpedia) The Tokyo Metropolitan Police Department announced on Thursday, July 17, the arrest of a systems engineer for allegedly stealing private information of about 7.6 million customers of the education service provider Benesse Holdings
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
Resilience Week(Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
AFCEA Technology & Cyber Day(Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...
Build IT Break IT Fix IT: Build IT(Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
The Hackers Conference(New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.