Another Chinese unit, for now going by the nom de guerre "Putter Panda," has been fingered by researchers investigating cyber attacks on US and European defense and aerospace sectors. Crowdstrike associates Putter Panda with Unit 61486 of the People Liberation Army's (PLA's) Third General Staff Department, and says the cyber espionage crew has been operating since 2007. Five members of sister Unit 61398 were indicted in the US; official US response to this freshly identified unit is awaited. One interesting sidelight: a brochure for a yoga studio in Toulouse, France, appears to have been one of Putter Panda's more effective spyware vectors.
Sino-US relations remain vexed as an incipient trade war brews and China officially decries American "bellyaching."
The World Cup runneth over with phishing spam, cyber attacks on sponsors, and a social media boycott campaign. The final issue of this hacktivist and criminal activity remains in doubt, but Anonymous seems to have staked its reputation on delivering at the very least serious cyber nuisance.
RSA researchers find a modular ZeuS alternative for sale on the cyber black market.
A new exploit kit, RIG, is delivering CryptoWall ransomware in the wild.
A "red button" flaw exposes smart televisions to exploitation.
Worries about ATM security have recently focused on the machines' lingering dependence on Windows XP, but two teenagers find a simpler vulnerability hiding in plain sight: they were able to compromise Bank of Montreal ATMs after finding an operator's manual freely available online. (They're not crooks; they informed the bank.)
Today's issue includes events affecting Australia, Canada, Brazil, China, Russia, United Kingdom, United States..
We're filing today's issue from the Cyber 5.0 conference, meeting today on the campus of the Johns Hopkins University Applied Physics Lab in Laurel, Maryland, USA. Follow our conference tweets @thecyberwire, #MDgovconnects. We'll devote a special issue to Cyber 5.0 in tomorrow's CyberWire.
Cyber Attacks, Threats, and Vulnerabilities
Second China unit accused of cyber crime(Financial Times) A second Chinese military unit has been accused of cyber crime, just weeks after the US charged five Chinese officers with alleged economic espionage
The World's Cup's biggest corporate sponsors are already being ambushed(Quartz) FIFA, the organization behind the World Cup, will reap an estimated $1.6 billion from corporate sponsorships of the 2014 edition of the planet's biggest sporting event. In exchange for large sums of money, multinational corporations can market their association with the tournament in their own ads, and get their brands seen by the enormous audiences the tournament will attract. So expect to see the following logos on plenty of field-side billboards over the next few weeks
Phishing Sites Intensify World Cup Campaigns(TrendLabs Security Intelligence Blog) With the 2014 FIFA World Cup in Brazil about to kick off in less than a week, it should be no surprise that phishing sites have intensified their own spam campaigns targeting Brazilians as well
#NotGoingtoBrazil hits Twitter: a campaign against 2014 World Cup in Brazil(HackRead) Protests against the FIFA World Cup 2014 to be held in Brazil has now turned to Twitter to garner support against the World Cup expenditure of nearly US$11 billion, which could have been otherwise used to address the prevalent poverty and its related issues in Brazil, according to media reports
RIG Exploit Kit Pushing Cryptowall Ransomware(Threatpost) With Cryptolocker quite possibly on its way to becoming yesterday's ransomware news after the successful takedown of part of its distribution infrastructure, alternatives are already available
RIG Exploit Kit Strikes Oil(Cisco) In the last month we have observed high levels of traffic consistent with the new "RIG" exploit kit (EK), as identified by Kahu Security. This new EK reportedly began being advertised on criminal forums in April, which coincides with when we first began blocking this traffic on April 24th
How 14-Years-Old coders hacked the ATM Machine(Hackers News Bulletin) The smallest security researcher we reported here is 14-Years-Old and again the same age students hacked a Bank of Montreal ATM in WINNIPEG and informed the BANK about how they were able to do that
Social Engineering Watch: UPATRE Malware Abuses Dropbox Links(TrendLabs Security Intelligence Blog) Threats like UPATRE are continuously evolving as seen in the development of the techniques used so as to bypass security solutions. UPATRE malware are known downloaders of information stealers like ZeuS that typically spread via email attachments. We recently spotted several spam runs that use the popular file hosting service Dropbox. These use embedded links lead to the download of UPATRE malware variants. What is noteworthy in these spam attacks is that it is the first instance we saw TROJ_UPATRE being deployed via URL found in an email message
iOS Malware Does Exist(Fortinet Blog) With our FortiGuard Labs reporting that 96.5% of all mobile malware is Android based it would be easy to see why someone might opt for an iPhone. But, users beware. Don't write off iOS as the secure alternative to Android just yet! Despite, Android malware being nearly an epidemic, or as Tim Cook referenced, "a toxic hellstew", iOS is not immune
After Heartbleed, We're Overreacting to Bugs That Aren't a Big Deal(Wired) Here's something else to blame on last April's Heartbleed security bug: It smeared the line between security holes that users can do something about, and those we can't. Getting that distinction right is going to be crucial as we weather a storm of vulnerabilities and hacks that shows no sign of abating
Security Patches, Mitigations, and Software Updates
iOS 8 Will Randomize Mac Addresses to Help Stop Tracking(Threatpost) Apple enthusiasts have been poring over the feature list for iOS 8, due out this fall, geeking out over the tighter integration among all iOS devices, the improved mail app and myriad other bells and whistles. But perhaps the most important change is a subtle one hidden beneath the covers that will help prevent much of the tracking of mobile devices that's done through WiFi hotspots
GAO: Maritime security plans don't address cyber threats(FierceHomelandSecurity) Maritime security plans at three high-risk U.S. ports do not address how to assess, manage and respond to cybersecurity threats, according to a Government Accountability Office assessment of their policies and plans
Banks warn Britain's financial system remains at high-risk of cyber(The Drum) The British Bankers' Association is to host a conference of financial institutions, as well as Interpol and Europol, the United Nations, Cabinet Office and Home Office tomorrow as part of efforts to shore up Britain's vulnerable financial system from attack by criminals and enemy states
Have today's privacy policies made us a society of liars?(Help Net Security) The importance of data privacy is becoming more and more prevalent: From major retailer breaches to identity and healthcare theft, the general public is growing more aware of the risk of data breaches and the importance of data privacy in all aspects of their online lives. In fact, a recent GfK survey of U.S. citizens found that 88 percent of respondents are concerned about the privacy of their personal data
China-U.S. cyber spat risks corporate casualties(Reuters) China's security spat with the United States risks corporate casualties on both sides. The People's Republic has responded to U.S. allegations of cyber spying by targeting American tech companies. A continuing dispute could lead to blocked deals in the United States and lost sales in China. Though companies can try to ease concerns, it's hard for them to escape a political escalation
Microsoft, Qihoo 360 Sign Tie-up Deal(CRI) Microsoft and China's leading Internet security company Qihoo 360 on Monday signed a cooperation deal covering mobile Internet and artificial intelligence, underscoring the multinational's determination to further tap the Chinese market
MACH37™ Stars Mentor Network Begins Global Expansion Phase(Digital Journal) The MACH37™ Cyber Accelerator announced the expansion of its Stars Network with a global call for new members. The Stars Network includes successful cybersecurity entrepreneurs, domain experts, and industry thought leaders from throughout the United States. These mentors have committed to helping MACH37™ entrepreneurs validate their disruptive cybersecurity concepts and prepare their companies for investment
The new era of cyberinsurance(Examiner) Data breaches, work interruption and network damage along with the intangible losses to business reputation for security are among the issues facing businesses. Cyberinsurance has become a priority business expense in planning in the new era for cyber-attacks, according to The New York Times
Cyberattack Insurance a Challenge for Business(New York Times) Julia Roberts's smile is insured. So are Heidi Klum's legs, Daniel Craig's body and Jennifer Lopez's derrière. But the fastest-growing niche in the industry today is cyberinsurance
Cyber Insurance May Be Vital, But Not Widely Available(Live Insurance News) Retailers may need to begin taking cyber liability insurance more seriously. The world is becoming more digital and businesses are beginning to follow consumers into the digital space in order to better accommodate their needs. This means that a growing number of businesses are beginning to expose themselves to digital threats, and these businesses may not be equipped to handle these threats in their various forms. Businesses have yet to fully comprehend the risks that are inherent in digital world and as such are falling prey to malicious groups that would exploit sensitive information
Beepip unleashes email Snowden would be proud of(CoinTelegraph) When it comes to privacy, the shortcomings of email have been touted for years by various groups. Now an alternative seeks to use cryptography to decentralize private messaging over the internet
Kim Dotcom Can Encrypt Your Files. Why Can't Google?(Wired) On the one-year anniversary of Edward Snowden's first NSA document leaks, Bahaa Nasr spent the day in Beirut, teaching a roomful of Middle East activists how to thwart the kind of government-backed spying that Snowden so shockingly exposed
NIST guidance helps agencies break from static IT system reauthorization cycle(FierceGovernmentIT) In a November 2013 memorandum, the Office and Management and Budget told agencies they could abandon a security reauthorization process required every three years in favor of ongoing authorization of information systems. Now, the National Institute of Standards and Technology is advising agencies on how exactly to make that transition
Supplemental Guidance on Ongoing Authorization Transitioning to Near Real-Time Risk Management(NIST, US Department of Commerce) Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, stated that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity and availability of Federal information and information systems"and directs the National Institute of Standards and Technology (NIST) to publish guidance establishing a
process and criteria for federal agencies to conduct ongoing assessments and authorization
Five ways to avoid costly compliance risks(Help Net Security) When it comes to violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, the stakes can be high. Recently, the New York Presbyterian Hospital and Columbia University agreed to settle, in the amount of $4.8 million, charges that they potentially failed to secure thousands of patients' electronic protected health information (ePHI) held on their network
In Praise Of Shadow IT(InformationWeek) 80% of those employed by enterprises larger than 1,000 people circumvent IT to use cloud-based tools, new research says. I say let them
Big tech walking fine line on data(Politico) A year after Edward Snowden shocked citizens with details of how much of their lives are being snapped up by the National Security Agency, tech giants have sounded alarms about the government's practices — but maintained near radio silence about their own data-collection efforts
Jennifer Kerber to Lead GSA's Cloud Credential Program(ExecutiveGov) Jennifer Kerber, executive director of the nonprofit Government Transformation Initiative for a year, will join the General Services Administration's office of citizen services and innovative technologies to oversee its cloud credential program
Litigation, Investigation, and Law Enforcement
How Much Did Snowden Take? Not Even the NSA Really Knows(Newsweek) It was just over a year ago this week that former U.S. intelligence contractor Edward Snowden leaked a trove of secret National Security Agency documents detailing the agency's massive online spy program. What and how much Snowden took remains a mystery. On Tuesday, James Clapper, the director of National Intelligence, told The Washington Post that Snowden took less than the agency previously thought
Watchdog rebuffed on EPA data turns to NSA(Washington Times) A pro-business watchdog group sued the National Security Agency on Monday, demanding that the spy agency turn over metadata logs for some phones registered to top EPA officials in a pioneering legal maneuver that seeks to use the government's own secret data to check up on other agencies
Did Microsoft hand the NSA access to encrypted messages?(CFO World) In July last year, when the news broke that Microsoft had allegedly collaborated closely with US intelligence services to allow users' communications to be intercepted, it severely dented the image of the tech giant
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber 5.0 Conference(Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
NRC Cyber Security Seminar/ISSO Security Workshop(Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.
SC Congress Toronto(Toronto, Ontario, Canada, June 17 - 18, 2014) SC Congress Toronto is Canada's premier information security conference and expo experience. Join us for this year's SC Congress Toronto on June 17-18, 2014! The two-day gathering brings industry thought...
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
MeriTalk's Cyber Security Brainstorm(Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
INSCOM Cyber Day(Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber)...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.