June 4 marks the twenty-fifth anniversary of the Tiananmen Square protests, with both hacktivists and Chinese security authorities expected to observe it in their diverse ways. Increased social media censorship is already reported in China.
In the Middle East, FireEye reports that the Molerat hacktivists are back. Possibly associated with the "Gaza Hackers Team," the Molerats have reopened campaigns against European and US government agencies with unsophisticated attacks (commonly known malware, no zero-days). FireEye hesitates to attribute control of the Molerats to any government.
The Syrian Electronic Army resumes its hacks against media outlets deemed insufficiently admiring of the Assad regime. CSO describes what it's like to be on the receiving end of the SEA's attentions. Like the Molerats, they're neither particularly skillful nor innovative, but they're a dangerous nuisance nonetheless.
Heartbleed remains a risk, but don't be taken in by Heartbleed-removal phishing.
TrueCrypt may be returning under new management.
An international police effort cripples the GOZeuS botnet and its CryptoLocker payloads, but authorities warn that Windows users in particular should expect a dangerous residual attack wave in about two weeks. The UK's NCA offers some useful advice on protection. FBI investigation has led to the indictment of Russian GOZeus mob boss Evgeniy Bogachev. (US readers will find his mug shot in post offices nationwide.) Information sharing with businesses contributed to the investigation.
A Fedsoop leader calls for formation of a US Federal cyber police agency, but it seems the country may already have one in the FBI's Pittsburgh office.
Today's issue includes events affecting Australia, China, European Union, Israel, Latvia, Macedonia, New Zealand, Palestinian Territories, Russia, Slovenia, Syria, Turkey, Ukraine, United Kingdom, United Nations, United States..
Cyber Attacks, Threats, and Vulnerabilities
Cyber Crackdown On June 4 Anniversary Forums(New Tang Dynasty Television) A social network meeting to commemorate the 25th Anniversary of June 4 Massacre experienced an unprecedented cyber attack. The Internet conference room was interfered and multiple backup conference rooms were also attacked. The web servers were down and the live broadcast websites were also down. The entire activities were seriously jeopardized. Organizers explain the meeting's theme as "Down the CCP" and believed the Communist regime conducted the attack
Middle East hackers target Europe and US(Financial Times) A group of Middle Eastern hackers has targeted European national governments and a major US financial institution in a recent cyber espionage campaign, according to research by FireEye, the US cyber security company
Protect yourself against new malware threat on Windows computers(GetSafeOnline) This page has been created to help you protect your computer, your finances, your identity and your family against a new global online threat. The threat is targeted at random private individuals and small businesses, so it is critical that you read this page and apply our advice immediately if you have a computer running any version of the Windows operating system — including Windows running as a virtual machine on an Apple Mac, any server running Windows and Windows embedded. This is not a case of isolated attacks, as over 15,000 computers in the UK alone are thought to have been already affected
Heartbleed Exploitable Over Enterprise Wireless Networks(Threatpost) Regardless that the fervor over the Heartbleed OpenSSL vulnerability has died down considerably, patching the bug should remain a top priority for enterprises because researchers continue to find new exploit vectors
SSL: Security's Best Friend Or Worst Enemy?(Dark Reading) A new report shows that applications using SSL are on the rise in enterprises, putting them at greater risk of attacks that hide in plain sight or use vulnerabilities like Heartbleed
Linkin Park's Facebook page suffers hack attack(Hot for Security) The official Facebook page of rock band Linkin Park has been hacked, and its 62 million fans bombarded with spam messages containing coarse images and out-of-character links to third-party sites
Security Patches, Mitigations, and Software Updates
Apple announces OS X Yosemite(IT World) Apple on Monday announced that the next version of the Mac OS — dubbed OS X Yosemite, after the popular National Park in California — will be available as a free upgrade to the public this fall
Latin American + Caribbean Cyber Security Trends(Symantec) This report provides an overview of cybersecurity and cybercrime related developments in Latin America and the Caribbean in 2013. It assesses the major trends in the region in terms of the threats to the cyber domain and those who depend on it, from government institutions to private enterprises to individual users. It also takes stock of the advances made by government authorities to better address the challenges they face in an increasingly connected and ICT-dependent world
CHART: The Dizzying Complexity Of Cyber Warfare(Business Insider) In January of 2013, the Pentagon's Defense Science Board released an alarming report about the military's vulnerability to an advanced cyber attack. "The cyber threat is serious," the report states in its opening pages, "and [the] United States cannot be confident that our critical Information Technology systems will work under attack from a sophisticated and well-resourced opponent"
Internet voting: A really bad idea whose time has come(ZDNet) Believe it or not, most states have some provisions for allowing people to vote over the Internet. The pressure is on to expand it, even though a secure online voting system is impossible using today's technology
Hacker Conference Will Invite Feds Back — in 2016(Nextgov) The Defense Advanced Research Projects Agency is expected to announce on Tuesday a deal with DEF CON to hold the final round of DARPA's two-year Cyber Grand Challenge at the organization's 2016 Las Vegas conference.
Splunk Disappoints with Full Year Revenue Guidance; OmniVision Technologies Soars to New Yearly High(Baystreet) Splunk, Inc. (NASDAQ: SPLK) shares closed down 16.35% on about 19.3 million shares traded. The stock was a big decliner on the NASDAQ this past Friday and even hit a new yearly low of $41.05. The company revealed guidance for full-year revenue that was in line with analysts' expectation while investors waited for raised guiadance. Splunk's management expects fiscal 2015 revenue between $402 million and $410 million, just shy of an average $410.9 million estimated by analysts surveyed by Thomson Reuters
TrueCrypt Is Back, But Should It Be?(Forbes) Last week I wrote about the suspicious and abrupt announcement that TrueCrypt, a popular free open source encryption solution, was being abandoned and is considered "harmful and no longer secure". In the article I covered the potential motives for this including the technical challenges with producing full disk encryption on modern hardware and operating systems. Whilst at this time there is little to add in terms of the potential motives for this sudden announcement a variety of interesting things have happened to the project since — including announcements that mean TrueCrypt may not be as dead as we thought
FireEye Inc (NASDAQ:FEYE): Launches Network Threat Prevention Platform With IPS(US Trade Voice) FireEye Inc (NASDAQ:FEYE) has announced that it will launch the new Network Threat Prevention Platform with the new IPS features starting from June 2, 2014. FireEye is a leading name in the world of security applications that deals with the advanced cyber attacks. The new platform with IPS will be available as an add-on license to the NX series
Trend Micro and Broadcom Collaborate to Provide Home Gateway Security Solution(Wall Street Journal) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global pioneer in security software, announced today a joint collaboration with Broadcom Corporation in the development of an integrated security solution optimized to protect home security networks from cyber threats and improve network visibility without compromising performance
NAS, Swett & Crawford to offer "state-of-the-art" cyber coverage(Insurance Business) According to a global survey conducted by the Economist Intelligence Unit, 80% of business executives do not feel adequately prepared to handle a cyber attack, even though 77% of companies have been the victims of cyber crimes in the past two years
Argus v3.0.6 — Real Time Auditing Network Activity(Kitploit) Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information
Following the framework: Government standards(SC Magazine) Guidelines and practices to help key organizations reduce their internet-based risk. Delivering an accessible roadmap to guide the array of the nation's most vital organizations through cyber crisis does sound like a pretty tall order. That may be the reason why the very tool that sets out to do that is meeting with such a mixed bag of praise and criticism
Why endpoint backup is critical(Help Net Security) Enterprises are at an increasing risk for data loss due to the growing amount of company data stored on endpoints—the laptops, smartphones, tablets and other devices which reside on the edge of the network
A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 1(Malware Must Die!) If you are having an experience as a system administration in an ISP, IDC or etc internet portal, security issues is part of the job description; you'll deal with IDS alerts, IR cases, and some claims to follow in your watched network territory. In my day work, I am receiving the cases escalated to my mailboxes from sysadmins of various services for those cases. If you are a "sysadmin" maybe this post will be a fine reading to you
A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 2(Malware Must Die!) As per explained in the first part, there were some IRC bots detected in the abused FTP sites reported, one of the bots called pbot(s), and in this part we will explain how the IRC Bot PHP Pbot evolved. In all of the cases 4, 5, 6 and 7 there are pbots found. I guess the IDS scanner can detect some significant strings to filter this contents of these bot's codes, good job
It's time to quarantine infected computers(Trend Micro CounterMeasures) Quarantine is a word derived from the the 17th century Venetian for 40 (quaranta). The purpose of quarantine is to separate and restrict the movement of otherwise healthy organisms who may have been exposed to disease, to see if they become ill. The 40 day period was designed to identify carriers of the Bubonic plague or Black Death, before they could go ashore and spread the contagion more widely. Desperate times call for desperate measures, nevertheless the concept was widely adopted and remains with us to this day
Twitter's new typeface neglects the countries where it's growing the fastest(Quartz) When companies tweak their designs, it often seems like little more than changing the drapes—or, literally, moving a few pixels around. But sometimes small changes reorient the user experience or quietly herald a shift in corporate strategy. So what to make of Twitter's May 30 announcement that it was switching its main typeface from Neue Helvetica to Gotham?
Apple just took another step towards obscuring the way the web works(Quartz) At Apple's Worldwide Developer Conference today the company rolled out a new look for its web browser, Safari. Apple executives didn't point it out, but sharp-eyed observers have noticed one significant change to the interface. The address bar truncates URLs to the domain-name level
Cyber Security Research Alliance Workshop Pursuing 'Roots of Trust' Research Focus to Protect Cyber Physical Systems(Broadway World) Cyber Security Research Alliance Workshop Pursuing 'Roots of Trust' Research Focus to Protect Cyber Physical Systems The Cyber Security Research Alliance (CSRA) today announced that it will prioritize research in "Roots of Trust" for cyber physical systems (CPS), to help address growing cyber security threats to public and private critical infrastructure. With this affirmation of the CSRA's research direction, additional industry participation in CSRA is now sought, to bring industry perspectives and insights to the early stages of research, and later to leverage industry strengths for the transition from research to practice
DISA searches for fit with evolving Cyber Command(Federal Times) As the Defense Department continues to build up its cyber forces, including with the hiring of some 6,000 cyber professionals in the coming months, officials are starting to piece together exactly where the Defense Information Systems Agency will fit in
Operationalizing Cyber is New Commander's Biggest Challenge( American Forces Press Service) U.S. Cyber Command's greatest challenge is to operationalize cyberspace to turn the electro-digital network of networks into a command-and-control environment where warriors can see the adversary and whose operations defense leaders can integrate into options for commanders and policymakers, the new director of the National Security Agency and commander of U.S. Cyber Command said here last week
Don't let US freedoms tumble in balancing privacy, security(Youngstown Vindicator) Ever since the devastating 9/11 terrorist attacks on America, maintaining a proper balance between personal privacy and national security often has required the dexterity, tenacity and agility of a skillful high-wire artist
Is it finally time for federal cybersecurity law enforcement?(Fedscoop) Greetings to all my fellow techies. This week CNN reported that with the year not yet half over, 47 percent of all Americans have had their personal information stolen online. These thefts come from many of the high-profile attacks, like what happened with Target, Adobe, Snapchat, Neiman Marcus, Michaels, AOL and eBay, but not any of the smaller, likely unreported breaches that happen every day
Free DHS Cyber Assessments(ISS Source) Cyber attacks are growing and most people cannot deny that, but for the small- to medium-sized manufacturers, the idea of taking on a cyber security program can be daunting. That is why the Department of Homeland Security's (DHS) Office of Cybersecurity & Communications (CS&C) will conduct complimentary and voluntary assessments to evaluate operational resilience and cyber security capabilities within critical infrastructure sectors, as well as state, local, tribal, and territorial governments
12,000 Europeans ask Google to forget them(Naked Security) On the first day that Google unenthusiastically provided a form to allow Europeans to ask that their pasts be e-forgotten, 12,000 made the request, according to Agence-France Presse
Litigation, Investigation, and Law Enforcement
U.S. v Evgeniy Mikhailovich Bogachev et al and Disruption of Gameover Zeus and Cryptolocker(US Department of Justice) Due to public interest in this case, the Department of Justice is releasing documents that may not be in an accessible format. If you have a disability and the format of any material on the site interferes with your ability to access some information, please email the Department of Justice webmaster at email@example.com or contact Office of Public Affairs at 202.514.2007. To enable us to respond in a manner that will be of most help to you, please indicate the nature of the accessibility problem, your preferred format (electronic format (ASCII, etc.), standard print, large print, etc.), the web address of the requested material, and your full contact information so we can reach you if questions arise while fulfilling your request
International action against Gameover Zeus botnet and CyptoLocker ransomware(Help Net Security) On Friday, 30 May 2014, law enforcement agencies from across the world, supported by the European Cybercrime Centre (EC3) at Europol, joined forces in a coordinated action led by the FBI which ensured the disruption of the Gameover Zeus botnet and the seizure of computer servers crucial to the malicious software known as CryptoLocker
FBI, EuroPol And NCA Hijack Botnet And What You Should Do(Forbes) I love it when life is made hard for cyber criminals, but the truth is it doesn't happen very often . You would think writing malicious code is hard, but it often isn't. You would think that users follow simple security best practice and that attackers have to come up with new high end attacks, but they often do not. It is therefore a good day when law enforcement or the legitimate Internet user community get one up on the cyber criminals. Today is such a day
Has CryptoLocker been cracked? Is Gameover over?(Naked Security) Gameover, also known as Gameover Zeus, is one of the most notorious botnets of recent times, used to grab covert control of innocent users' computers and to "borrow" them to carry out cybercrime on a giant scale
No public action on China cyber spy case despite attorney general's pledge(AP via the Fort Frances Times) In the two weeks since the Obama administration, with fanfare, accused five Chinese military officers of hacking into American companies to steal trade secrets, they have yet to be placed on Interpol's public listing of international fugitives, and there is no evidence that China would even entertain a formal request by the U.S. to extradite them
What Are Today's Top Cyber Crime Threats?(Bloomberg TV) Tom Kellerman, chief cybersecurity officer at Trend Micro, and Gene West, an instructor at the FBI National Academy, discuss combating cyber crime with Trish Regan on Bloomberg Television's "Street Smart"
Former NSA head: Snowden has done irreparable harm to national security(Washington Post) Former National Security Agency director Michael Hayden, speaking on CBS's "Face the Nation," insisted that Edward Snowden has harmed national security by disclosing previously classified NSA data-collection programs to The Washington Post and other news media outlets
U.S. Destroyed Key Spy Records, EFF Claims(Courthouse News Service) The government violated court orders to preserve records showing that the National Security Agency illegally spied on ordinary Americans, a digital watchdog group says
Federal Information Security Management Act Audit for Fiscal Year 2013(US Department of Veterans Affairs) Attached is our report on the performance audit we conducted to evaluate the Department of Veterans Affairs' (VA) compliance with the Federal Information Security Management Act of 2002 (FISMA) for the federal fiscal year ending September 30, 2013 in accordance with guidelines issued by the United States Office of Management and Budget (OMB) and applicable National Institute for Standards and Technology (NIST) information security guidelines
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Area41(, January 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester(Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
NSA SIGINT Development Conference 2014(, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...
Cyber Security Summit(Huntsville, Alabama, USA, June 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center.
AFCEA Presents: Insider Threat to Small Business(Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their...
The Device Developers' Conference: Scotland(Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
The 2014 Cyber Security Summit (DC Metro)(Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible...
MIT Technology Review Digital Summit(, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies...
Cyber 5.0 Conference(Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
Global Summit on Computer and Information Technology(, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer...
NRC Cyber Security Seminar/ISSO Security Workshop(Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.
2014 Spring National SBIR Conference(Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...
MeriTalk's Cyber Security Brainstorm(Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
Suits and Spooks New York(, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.