The Islamic State's well-organized online video campaign continues to shock.
A cyber attack on Canada's National Research Council that CSEC attributed to the Chinese government has implications for Canada's IT infrastructure as a whole. China's Foreign Ministry issues a non-denial denial in high dudgeon, calling Canadian attribution of the hack "irresponsible" and "without evidence," asking for an apology, and reiterating China's long-asserted principled opposition to hacking.
Kaspersky offers an alternative to Crowdstrike's analysis of "Energetic Bear." Pace Crowdstrike, Kaspersky says it's not clear the espionage does come from Russia. (So Kaspersky renames the campaign "Crouching Yeti," because Yetis are mysterious. Also Himalayan? In any case, as the wrestling announcers used to say of Gorilla Monsoon, from parts unknown.)
Ransomware, now a staple of the cyber black market, is increasingly being assembled from readily available commodity code.
Black Hat and DEF CON are around the corner, and the customary vulnerability studies and exploit demonstrations appear. Noteworthy are a study of USB's inherent vulnerabilities, questions about a management tool used to remotely configure phones, Android's "FakeID" issues, exploitation of Android voice search, and, of course (although this one might not get to Vegas) the apparent breach of Tor anonymity.
Researchers raise doubts concerning AV software security, and analysts advise enterprises to vet such tools before installing them.
Observers note, again, the tension between compliance and security. Target's security team sensibly preaches collaboration as the retailer recovers from last winter's breach.
PrivCo expects VCs to invest $788M in early-stage cyber startups this year.
Today's issue includes events affecting Canada, China, Iran, Iraq, Ireland, Israel, Japan, Russia, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
Islamic State video wages psychological war on Iraqi soldiers(Reuters) Islamic State, the al Qaeda spin-off that seized wide swathes of Iraq almost unopposed last month, has released a video warning Iraqi soldiers who may still have some fight in them that they risk being rounded up en masse and executed
China slams Canada for 'irresponsible' hacking accusations(Reuters) China's foreign ministry accused Canada on Thursday of making irresponsible accusations lacking any credible evidence after Canada singled out Chinese hackers for attacking a key computer network and lodged a protest with Beijing
Energetic Bear: more like a Crouching Yeti(SecureList) Energetic Bear/Crouching Yeti is an actor involved in several advanced persistent threat (APT) campaigns that has been active going back to at least the end of 2010. Targeted sectors include: Industrial/machinery, Manufacturing, Pharmaceutical, Construction, Education, [and] Information technology. Most of the victims we identified fall into the industrial / machinery building sector, indicating this is of special interest
Assessing MH17-Themed Cyber Threats(Recorded Future) In our webinar today we assessed the aftermath of the MH17 tragedy from a threat intelligence perspective. Together with our guest Rich Barger, Chief Intelligence Officer of Cyber Squared Inc., we expanded on our previous assessment to address MH17-themed cyber threats by blending open source intelligence (OSINT) with network-derived intel — with a particular focus on NetTraveler
Russian ransomware author takes the easy route(Symantec Security Response) Symantec Security Response has observed a new variant of ransomcrypt malware which is easy to update and uses open source components to encrypt files. The variant, detected as Trojan.Ransomcrypt.L, uses a legitimate open source implementation of the OpenPGP standard to encrypt files on the victim's computer. The threat then displays a ransom notice in Russian, asking the user to pay in order to unlock the files
New Crypto-Ransomware Emerge in the Wild(TrendLabs Security Intelligence Blog) One of the recent triumphs against cybercrime is the disruption of the activities of the Gameover ZeuS botnet. Perhaps what makes this more significant is that one major threat was also affected — the notorious CryptoLocker malware
Why the Security of USB Is Fundamentally Broken(Wired) Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn't just in what they carry, it's built into the core of how they work
Hackers Can Control Your Phone Using a Tool That's Already Built Into It(Wired) A lot of concern about the NSA's seemingly omnipresent surveillance over the last year has focused on the agency's efforts to install back doors in software and hardware. Those efforts are greatly aided, however, if the agency can piggyback on embedded software already on a system that can be exploited
Android Malware Hijacks Voice Assistant(Infosecurity Magazine) The bug needs no permissions to carry out its deeds. A new type of Android malware hijacks the Google Voice Search function to essentially blab sensitive data back to criminals
How anyone can hack your Instagram account(Naked Security) Stevie Graham, a security researcher who reported an authentication flaw in Instagram's iOS software a few days ago, was denied a bug bounty by Facebook
Tor security advisory: "relay early" traffic confirmation attack(Tor Project) On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks
Multipath TCP introduces security blind spot(Threatpost) If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream
Gizmodo Brazil Compromised, Leads to Backdoor(TrendLabs Security Intelligence Blog) Recently, I learnt that attackers compromised Gizmodo's Brazilian regional site. The attackers were able to modify the Gizmodo main page to add a script which redirected them to another compromised website. This second compromised site was hosted in Sweden, and used a .se domain name. The attackers also uploaded a web shell onto this site (the site hosted in Sweden) to keep control of this server
SocialBlade.com Redirects to Exploit Kit(Softpedia) Popular websites are always a target for cybercriminals, and in a recent campaign, YouTube statistics tracker SocialBlade.com has been compromised to steer users to pages serving the Nuclear Pack exploit kit (EK)
Alert (TA14-212A) Backoff Point-of-Sale Malware(US-CERT) This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense
97% of Global 2000 remain vulnerable to due to Heartbleed(Help Net Security) 97 percent of Global 2000 organizations' public-facing servers remain vulnerable to cyber attacks due to incomplete Heartbleed remediation, according to Venafi. This leaves the door open for attackers to spoof legitimate websites, decrypt private communications, and steal sensitive data sent over SSL
375 million customer records compromised in 2014(Help Net Security) Between April and June of this year, there were a total of 237 breaches that compromised more than 175 million customer records of personal and financial information worldwide. For the first half of 2014, more than 375 million customer records were stolen or lost as a result of 559 breaches worldwide
Security Patches, Mitigations, and Software Updates
Facebook Plans to Fix Instagram Mobile Session Hijack — Eventually(Threatpost) Two unrelated researchers this week disclosed a similar session hijack bug in the Instagram mobile applications for Android and iOS. Facebook has reportedly acknowledged the problem, which arose from a failure to fully encrypt all data traffic on the service, but the world's largest social network is in no rush to fully encrypt the mobile variety of its popular photo-sharing service
How safe is your quantified self? Tracking, monitoring, and wearable tech(Symantec Connect) Each day, millions of people worldwide are actively recording every aspect of their lives, thoughts, experiences, and achievements in an activity known as self-tracking (aka quantified self or life logging). People who engage in self-tracking do so for various reasons. Given the amount of personal data being generated, transmitted, and stored at various locations, privacy and security are important considerations for users of these devices and applications. Symantec has found security risks in a large number of self-tracking devices and applications. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking
Hackers to target managed IT services suppliers(MicroScope) The managed IT services market is worth over $142bn per annum and is set to grow dramatically in European countries such as the UK, according to research from MarketsandMarkets
PCI compliance contributes to false sense of security(Help Net Security) Despite industry data to the contrary, a new Tripwire retail cybersecurity survey indicates that organizations that rely on PCI compliance as the core of their information security program were twice as confident that they could detect rogue applications, such as those used to exfiltrate data
Heads in the Sand When It Comes to Small Business Security(Huffington Post) Last week I attended a round-table that explored how micro businesses are targeted by cybercriminals. It may be surprising to many people to learn just how at risk from cybercriminal activity even the smallest of businesses can be
Target's VP of security: Collaboration is key(FierceRetailIT) Collaboration is the key to cyber security. This was the underlying message delivered by Target's (NYSE:TGT) security team as the retailer tries to move past the massive data breach of 2013
Protecting the Grid from Cyberattack(Verizon Enterprise Solutions) The U.S. energy infrastructure is aging: Seventy percent of the power transformers are more than 25 years old, and power plants, on average, are more than 30 years old. Yet threats — specifically, cyberthreats — are evolving at a greater rate than the grid can keep up with
Does The Internet Of Things Need Its Own Network?(PTC) As billions of Bluetooth-enabled mattresses, toothbrushes, dog collars, soccer balls — you name it — join the Internet of Things (IoT), the networks that bind them to smartphones, tablets and other devices inevitably will become crowded, leaving current Internet capacity inadequate to handle the influx. French Internet service provider Sigfox says the solution is to build a separate network specifically for "things"
- See more at: http://blogs.ptc.com/2014/07/23/does-the-internet-of-things-need-its-own-network/#sthash.1vWGeAIJ.dpuf
'Govt, people can make cyber space safe'(New Indian Express) Mobile phones now have more computing power than what National Aeronautics and Space Administration (NASA) had when they put man on moon, said former director of Global Cyber Security in Department of Homeland Security, the United States recently
A Look at PC Gamer Security(Webroot Threat Blog) In the new study on security and PC gamers, Webroot found that many gamers sacrifice their protection to maximize system performance and leave themselves vulnerable to phishing attacks and gaming-focused malware. The study also provides tips for protecting gaming credentials and safeguarding against phishing attacks
BlackBerry's motto: Never say die(FierceMobileIT) Nearly dead in 2013, BlackBerry has fought back under its new CEO John Chen to regain some momentum — particularly in the enterprise market
Cybersecurity Startup Gold Rush for Venture Capitalists(NetWork) According to PrivCo, a financial data provider on privately-held companies, venture capital firms are poised to push $788 million into early stage cybersecurity startups this year. This investment amounts to a 74% increase from last year's $452 million (note: see this article for more details)
Darktrace Stars Among New Killer50 Companies(Business Weekly) Cambridge-based cyber security startup Darktrace zooms straight into a greatly changed line-up in The Killer50 rankings — making Business Weekly's list of the Cambridge Cluster's hottest technology companies in record time
ZeroFOX Recognized by CRN as a 2014 Emerging Vendor(PR.com) ZeroFOX, The Social Risk Management Company™, announced today it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel. The annual Emerging Vendors list identifies up-and-coming technology vendors that have introduced innovative new products, creating opportunities for channel partners in North America to create high-margin, cutting-edge solutions for their customers
Splunk Adds Risk Scoring Framework to SIEM Platform(IT Business Edge) One of the more challenging aspects of IT security is the sheer volume of data that security professionals need to sort through to determine whether their organization has been compromised in some way
Alliance Key Manager Now Available on IBM Cloud Marketplace(Broadway World) Townsend Security today announced a partnership with IBM that brings the power of Alliance Key Manager to the IBM Cloud marketplace. Starting today, IBM clients can use Alliance Key Manager for IBM Cloud to manage their encryption keys with the same FIPS 140-2 compliant technology that is in the company's hardware security module (HSM) and in use by over 3,000 customers worldwide
imatrix corp Launches CYREN WebSecurity Service in Japan(IT Business Net) CYREN (NASDAQ: CYRN) today announced an expansion of its partnership with Tokyo-based imatrix corp. imatrix will now offer the cloud-based CYREN WebSecurity service to its channel partners, telecom service providers as well as enterprises throughout the Japanese market
Glasswall and NTT Com Security seal partnership(MicroScope) Glasswell Solutions continues to form partnerships to extend its abilities to counter cyber attacks after getting together with NTT Com Security to provide the channel with greater options in the face of ever growing threats
ForeScout and Rapid7 Partner to Deliver Real-time Assessment and Remediation Capabilities(IT News Online) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced a partnership that will enable Rapid7 Nexpose and ForeScout CounterACT™ interoperability to address user demand for real-time assessment and mitigation of vulnerabilities, exposures and violations
Technologies, Techniques, and Standards
Ransomware and Cyber Extortion: What You Need to Know and Do(IBM Security Intelligence) Ransom, which refers to some kind of payment that is demanded in exchange for the release of someone or something that has been taken, is a simple yet effective ploy that has been used by criminals for thousands of years
Antivirus products riddled with security flaws, researcher says(PCWorld) It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned
FTP remains a security breach in the making(TechRepublic) Many IT administrators still rely on FTP to move files around on enterprise networks, download patches and share data. However, FTP poses some major security challenges and can leave networks open to intrusion
6 best practices to assure PCI compliance(Help Net Security) With recent PCI DSS compliance incidents costing companies millions of pounds in fines and losses and inflicting damage to valuable brand reputations, Netwrix is urging organizations processing payment cards to follow six best practices to safeguard against a security incident
5 Ways Boards Could Tackle Cybersecurity(InfoRiskToday) Putting cyber-speak into a language directors understand. A new handbook from National Association of Corporate Directors, titled "Cyber-Risk Oversight," offers five principles to guide boards of directors in helping their organizations address IT security threats
How security analytics help identify and manage breaches(Help Net Security) In this interview, Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more
Looking at insider threats from the outside(Help Net Security) Cybersecurity is a never-ending battle requiring around-the-clock attention. From malware to DDoS to APT attacks, front-line IT security teams are being constantly bombarded. With all this attention on external actors, many businesses do not take seriously enough the risk of insider threats — those acting from within the company
Downloading Xplico(Infosec Institute) In this article we'll present Xplico, which is a network forensics tool installed in major digital forensics Linux distributions like Kali, Backtrack, Security Onion, DEFT, etc. In this tutorial, we'll take a look at the DEFT Linux distribution, which we can download from here: we need to download the 3GB large deft-8.1.iso file. Additionally, we can also take a look at the enclosed md5.txt file, which presents the MD5 hashes of the present files, presented on the picture below
The Complete Workflow of Forensic Image and Video Analysis(Forensic Focus) In this article we'll describe the complete workflow for image and video forensics. In fact, just like computer forensics is not only simply copying and looking at files, forensic video analysis is broad and complex and there are many steps that are commonly missed and rarely taken into account. It can be quite overwhelming if we think of all the tasks related to analysis. As a forensic video analyst, it is important to be aware of all the possible steps needed for a really complete analysis. This way, you can stay organized and minimize the possibility of skipping or missing steps. Also, if you do have to go to court, you have an outline that serves as the basis of your presentation
Overstock's Radical Plan to Reinvent the Stock Market With Bitcoin(Wired) Overstock.com and its swashbuckling CEO, Patrick Byrne, are hoping to create a new kind of corporate stock based on the computer software that drives bitcoin, aiming to overhaul the stock market in much the same way that bitcoin overhauled how we store and exchange money
OkCupid Sometimes Messes A Bit With Love, In The Name Of Science(NPR) OkCupid, the online dating site, disclosed Monday that they sometimes manipulate their users' profiles for experiments. Christian Rudder, co-founder and president of OkCupid, tells Audie Cornish that these experiments help the site improve how it works
Social media messes with our minds(ITWeb) Facebook raised everyone's ire when it did it and OKCupid crossed a line with its experiment. Yet the reality is that manipulation through social media channels — from Fakecations to click baiting — is more prevalent than people think, and users happily buy into the trend
Using Multiple Concepts to Secure IT(GovInfoSecurity) Imagine a cyber-attack that disables an electricity distribution center. What's the role of the U.S. military, government or the utility company in defending and retaliating? That's a question on the mind of Army Col. Gregory Conti
The NSA's Patents, in One Searchable Database(Foreign Policy) What do a voice identifier, an automated translator, a "tamper-indicating" document tube, and a supersecure manhole cover have in common? They're all technologies for which the secretive National Security Agency (NSA) has been granted patents by the U.S. government, giving the agency the exclusive rights to its inventions
FAU seeks entrepreneurs to create cybersecurity solutions(South Florida Business Journal) Florida Atlantic University is looking for entrepreneurs to dream up cybersecurity solutions. With recent data breaches at Target and Neiman Marcus getting consumers' attention, the university hopes to help companies prevent leaks
Elite cyber talent(UDaily) Students from around the state train to become cyber professionals
Russia says "Hand over your code."(Network Security Blog) Well, this should be interesting. The Russian Communications Minister suggested, rather strongly, that Apple and SAP share their source code with the Russian government so that it could be reviewed to make sure it wasn't being used to spy on Russian citizens. Yes, Russia is playing the privacy card to sneak a peek at the crown jewels of two of the biggest high tech companies in the world. Who says Russian politicians don't have a sense of humor?
China steps up the arms race in the digital cold war(Business Spectator) The digital cold war between China and the United States grew chillier still this week with a surprise raid of the offices of US technology giant Microsoft in four cities across China on Monday
Was fleeing the country Snowden's best option?(ABC PM) While Julian Assange himself is still stuck in a room in Ecuador's embassy in London, the NSA (National Security Agency) whistleblower Edward Snowden is in Moscow, where he got stuck on his way from Hong Kong more than a year ago
NSA sued over fears that former director is selling secrets(Russia Today) The National Security Agency has received its fair share of lawsuits since former contractor Edward Snowden began to disclose secret documents last year, and now the NSA is being taken to court for failing to produce files about its former director
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Managing BYOD & Enterprise Mobility USA 2014(San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...
Black Hat USA 2014(, January 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning,...
SHARE in Pittsburgh(Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today.
FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles.
ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
Passwords14(Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
South Africa Banking and ICT Summit(Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...
SANS Cyber Defense Summit and Training(Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...
AFCEA Technology & Cyber Day(Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...
Resilience Week(Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.
The Hackers Conference(New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.