Dark Reading calls CrowdStrike's report on Putter Panda the "tip of the iceberg." Quartz draws attention to one of the alleged hackers' personal details CrowdStrike casually uncovered. One Chen Ping (is that you, Chen Ping?) leaves digital exhaust consistent with the Dunder-Mifflinesque lifestyle Shanghai intelligence officers apparently lead.
PLA officers aren't the only ones leaving their spoor on the Internet: compare today's NPR account of what it's like to be subjected to Web surveillance. There's a lot of information out there about all of us on the grid. (Which is why the UK's GCHQ has found about a quarter of the hoods it was tracking have dropped off that grid since Snowden taught them OPSEC religion.)
Apple's HealthKit raises concerns about the personal information it could expose. Comcast's ongoing conversion of home Xfinity wireless routers into public hotspots by default is coldly received (despite Comcast's protestations of public spirit and good security).
Clandestine Fox is back, still unattributed and targeting the energy sector, now with fresh social-media savvy.
Cyber criminals remain active around the World Cup. Anonymous hacktivists have subjected a São Paulo military network to denial-of-service as part of its World Cup protest.
Other denial-of-service attacks, these of conventional criminal motivation, hit Evernote and Feedly.
The financial sector remains concerned about ZeuS, particularly in its Pandemiya variant. Pandemiya is unusual in that so much of its code is new—a departure from the black market's customary repurposing tweaked variants of familiar malware.
Ransomware surges unabated, despite the recent CryptoLocker takedown.
Today's issue includes events affecting Australia, Canada, China, Italy, Republic of Korea, Russia, United Kingdom, United Nations, United States..
U.S. SEC official urges broader cyber-attack disclosure(Reuters via the Chicago Tribune) Public companies that are victims of cyber attacks should consider disclosing additional information beyond what's required to help protect customers whose private data could be at risk, a top U.S. regulator said Tuesday
Putter Panda: Tip Of The Iceberg(Dark Reading) What CrowdStrike's outing of Putter Panda — the second hacking group linked to China's spying on US defense and European satellite and aerospace industries — means for the security industry
World Cup Brazil 2014: How cybercriminals are looking to score(Help Net Security) Starting this week, 32 national teams and thousands of football fans will descend on Brazil for the 2014 FIFA World Cup. Right now the teams are fine-tuning their strategies in order to outwit their opponents — and so are the cybercriminals
New Pandemiya Banking Trojan Written from Scratch(Threatpost) Brand new, written-from-scratch malware is a relatively rare undertaking on the underground. Aside from some private endeavors, source code is available for a number of popular Trojans, including Zeus, Citadel and Carberp, making it easy for attackers to simply grab one off the shelf and get started. These three in particular have been adapted over and over, fortifying the illicit reputations of banking Trojans
Coding flaw leaves Zeus admin panels easily exploited(CSO) Blacklisting is a bad idea when designing an upload script. A flaw in the Zeus Trojan's admin panel leaves the C&C (command and control) server vulnerable to remote compromise. The flaw, which is located in an array function used by the malware's core code, fails to prevent malicious files from being uploaded
Feedly, Evernote And Others Become Latest Victims Of DDoS Attacks(TechCrunch) Who have the DDoS attackers not hit, is the question? This morning, RSS reader and feed-syncing platform Feedly is being hit by a distributed denial-of-service attack, where again the criminals are attempting to extort money in return for returning the service to normal operations. And only yesterday, Evernote was a victim of a similar attack
Pay attention to Cryptowall!(Internet Storm Center) CryptoLocker might be pretty much off the radar. But Cryptowall is alive and kicking, and making the bad guys a ton of money. It mainly spreads by poisoned advertisements and hacked benign websites, and then sneaks its way onto the PCs of unsuspecting users by means of Silverlight, Flash and Java Exploits
CryptoLocker takedown unlikely to deter growing ransomware(TechTarget) The recent move by law enforcement agencies to take down the GameOver Zeus botnet has also dramatically reduced infection rates for the infamous CryptoLocker ransomware. However, experts caution that CryptoLocker's demise might only be temporary, and that the threat ransomware poses to enterprises may only be growing
Targeted Attack Methodologies for Cybercrime(TrendLabs Security Intelligence Blog) We recently wrote about the difference between cybercrime and a cyber war, which narrows down to the attack's intent. With the same intent of gaining information to use against targets, cybercriminals and attackers tend to stress less importance in their choice of "tools", as these campaigns are all about who carries out the attack. Ultimately, a simple equation can be drawn from these observations, in which a highly successful attack is composed of the attack's intent and the right tools
Retail breaches and the SQL injection threat(Help Net Security) Continuous monitoring of database networks is the best approach to avoid breaches such as the high-profile attacks against major U.S. retailers, according to a Ponemon Institute and DB Networks study
Comcast Is Turning The US Into Its Own Private Hotspot(TechCrunch) On paper it looks like a win-win: in the next few days, Comcast is quietly turning on public hotspots in its customers' routers, essentially turning private homes into public hotspots. Comcast customers get free Wi-Fi wherever there is a Comcast box and the company gets to build out a private network to compete with telecoms. Win-win
The man who may be one of China's top hackers likes grain alcohol and Heineken(Quartz) It turns out Chinese military hackers are way sneakier than anyone had realized. This is evident in a new report (registration required) by a security company called CrowdStrike. Throughout the last seven years, the People's Liberation Army hackers have baited their targets—including foreign companies and governments involved in the space and satellite industry—with email attachments advertising French yoga retreats, project manager job openings and industry conferences
Security Patches, Mitigations, and Software Updates
Microsoft Security Bulletin Summary for June 2014(Microsoft Security TechCenter) This bulletin summary lists security bulletins released for June 2014. With the release of the security bulletins for June 2014, this bulletin summary replaces the bulletin advance notification originally issued June 5, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification
Security updates available for Adobe Flash Player(Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player 184.108.40.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 220.127.116.119 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions
Stable Channel Update for Chrome OS(Chrome Releases) The Stable channel has been updated to 35.0.1916.155 (Platform version: 5712.88.0 / 5712.89.0) for all Chrome OS devices. This build contains a flash update (18.104.22.168), number of bug fixes, and security updates. Here is the Chromium change log. Systems will be receiving updates over the next several days
Stable Channel Update(Chrome Releases) The Stable Channel has been updated to 35.0.1916.153 for Windows, Mac and Linux
Winning the war on web stealth attacks(Help Net Security) The "National Strategic Assessment of Serious and Organised Crime 2014", published in May by the UK National Crime Agency, listed DDoS as a major concern for business critical systems for the first time
How the cloud can be used and misused(Help Net Security) Peter Jopling, CTO and Software Security Executive, IBM UK & Ireland, talks about threats to cloud infrastructure providers, the importance of real-time data analytics, illustrates the way cloud enables cybercriminals to expand the scope and size of their attacks, and more
The backlash over Snowden could hurt US firms(Microscope) Netscape founder Marc Andreessen has hit the headlines for his comments in a recent interview with CNBC where he labelled Edward Snowden "a traitor". He went further, adding that if someone looked up 'traitor' in the encyclopaedia, they would find a picture of Ed Snowden: "Like he's a textbook traitor. They don't get much more traitor than that"
Security software market grew 4.9 percent in 2013(Help Net Security) Worldwide security software revenue totaled $19.9 billion in 2013, a 4.9 percent increase from 2012 revenue of $19.0 billion, according to Gartner, Inc. The lower-than-expected growth was due to commoditization of key subsegments and the decline in growth for two of the top five vendors
Cisco gains in security appliance market share, Juniper slips(infotech Lead) Enterprise networking vendor Cisco has increased its security appliance market share to 17.5 percent in Q1 2014 from 16.9 percent in Q1 2013, said IDC. Juniper slipped to fifth position. Fortinet and Palo Alto Networks improved their market share, while Check Point slipped marginally
SourceClear Raises $1.5M Seed Round For Its Software Security Platform(TechCrunch) Modern development frameworks and libraries can make writing software quite a bit easier, but at the same time, hackers are also aware of this and they specifically target popular frameworks to find potential exploits. Unless you constantly track alerts and update your frameworks religiously, there is a good chance you end up vulnerable sooner or later. SourceClear believes that the best approach to tackle this problem is to build security tools right into the development tools that developers are already using
Products, Services, and Solutions
FireHost Takes Intelligent Approach to Protecting Applications in the Cloud(Broadway World) FireHost, the secure cloud provider, is delivering a unique new service that creatively combines the strengths of an application delivery controller (ADC) and a web application firewall (WAF) technology as one offering to enrich both the security and performance of critical customer applications operating within the company's secure cloud infrastructure
Businesses are not ready for PCI DSS 3.0(Help Net Security) Many U.S. businesses are unprepared for the Payment Card Industry Data Security Standard 3.0, or PCI DSS 3.0, as issued by the Payment Card Industry Security Standards Council, according to NTT Com Security
Defense best practices for a man-in-the-middle attack(TechTarget) If a company has its own certificate authority (CA) and only signs user certificates if they use a one-time password (OTP) with a short time before expiration, can it be assumed that there is little chance (if any at all) for a man-in-the-middle attack?
Cyber Defense Research Receives National Designation, Again(Insurance News Net) The National Security Agency (NSA) and the U.S. Department of Homeland Security (DHS) have re-designated UNC Charlotte as a National Center of Academic Excellence in Information Assurance/Cyber Defense Research. In 2008, the University was one of the first in the country to receive this designation
UNO earns Nat'l Security Agency tech designation(New Orleans City Business) The University of New Orleans has been designated a National Center of Academic Excellence in Cyber Operations by the National Security Agency for a period of five years. UNO is the first university in Louisiana to achieve the designation
Black Hat Student Scholarship Program(Black Hat) This year, we are pleased to announce the launch of the Black Hat Student Scholarship Program. As a way to introduce the next generation of security professionals to the Black Hat community, we will be awarding a limited number of complimentary Academic Passes for Black Hat USA 2014. Each pass allows full access to all Black Hat Briefings, Arsenal, the Business Hall, and Sponsored Sessions & Workshops
What NATO Is Doing To Improve Cyber Defence(Forbes) Cyberspace is increasingly becoming a battlefield where hackers from different nations fight in order to gain geopolitical advantages. The kind of menace might vary, from direct attacks on critical infrastructures, to more subtle operations to steal industrial and military secrets, but there's no doubt that the phenomenon is bound to grow, as modern societies become more and more dependent on Internet connectivity for their existence
Moscow Hacking Duo Confess to Hijacking and Locking Apple Devices(Intego) UPDATED: This article has been updated to reflect that those arrested in Moscow may not be connected with the "Oleg Pliss" attack. Russian authorities appear to have scored a victory against cybercrime, extracting a confession from a Moscow duo in connection with a mysterious "ransomware"-style attack that hit owners of iPhones, iPads and Macs
Al Gore finds spot defending Snowden(Politico) Al Gore isn't just the Democratic party's conscience on climate change. He's also become its inner voice in defending Edward Snowden in the debate over government surveillance overreach
Who is Snowden?(The International News) It is hard to imagine that just one year ago, Edward Snowden famously walked away. He was a low-level employee of Dell contractor at a nondescript National Security Agency site. A non-entity by design. Just one of hundreds of thousands of people working in the burgeoning national security complex in the United States — the ultimate faceless cog
NRC Cyber Security Seminar/ISSO Security Workshop(Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.
SC Congress Toronto(Toronto, Ontario, Canada, June 17 - 18, 2014) SC Congress Toronto is Canada's premier information security conference and expo experience. Join us for this year's SC Congress Toronto on June 17-18, 2014! The two-day gathering brings industry thought...
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
MeriTalk's Cyber Security Brainstorm(Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
INSCOM Cyber Day(Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber)...
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.