Anonymous having gone quiet for the moment, World Cup cyber action falls into three categories: attempts against gaming sites (mostly denial-of-service extortion), malicious fútbol-baited mobile apps (particularly targeting Android devices), and the customary phishing scams.
Card data apparently stolen from restaurant chain P.F. Chang's have turned up for sale on black market stall rescator[dot]so, the same place the fruits of the Target breach were shopped. The P.F. Chang caper remains under investigation, and it's too soon to draw many parallels with Target, Neiman Marcus, and Sally Beauty, but rescator's involvement shows the persistence of black market actors.
POSCLOUD malware is currently scraping small business point-of-sale systems.
Feedly remains under denial-of-service attack as it refuses to pay off the extortionists responsible. The US Federal Communications Commission has denied it suffered a denial-of-service attack, but Naked Security offers reason to think that in fact the Commission was DDoSed in response to a comedian's viral net neutrality rant.
"Maple," a Zeus variant, is circulating through Canadian banking customers. The Zeus framework is proving highly adaptable, and affords an interesting if dismal case study of malware evolution.
VMware patches products against OpenSSL bugs. Recent Google Play permission changes are coldly received.
FireEye notes that mergers and acquisitions predictably raise the cyber risk of the businesses involved.
In product and industry news, companies work toward increasingly automated security solutions and superior encryption products. Aggressive red-teaming and penetration testing also gain respect (especially in the US Department of Defense).
World Cup Attracts Online Betting Cyber Attackers(Online-Casinos) The world of the internet and online gambling is ripe for cyber attack as was recently witnessed by Cloud-based security service Incapsula. The attack designed to blackmail gaming providers was experienced by Incapsula which the firm says is becoming more common. The 100 gigabits per second distributed denial-of-service attack against an online gambling website client of Incapsula utilized more than five DDoS attack vectors
Online Extortion Rears its Head Prior to World Cup(Online-Casino) An advanced cyperattack was prevented at an online gambling website recently. Cloud-based security service Incapsula has fought off what is becoming an increasingly common cyber attack tactic designed to blackmail gaming providers. The 100 gigabits per second (Gbps) distributed denial-of-service (DdoS) attack against an online gambling website client of Incapsula utilized more than five DDoS attack vectors. Vectors used in the attack included an SYN flood, Large SYN flood, NTP amplification, DNS flood, and DNS amplification
Watch Out For Fake Versions of World Cup 2014 Apps(TrendLabs Security Intelligence Blog) The 2014 FIFA World Cup in Brazil is all but underway, and the fervor of such a prestigious and newsworthy event is already setting competing nations' populations on fire. Unfortunately, cybercriminals are getting into the mood too
Banks: Credit Card Breach at P.F. Chang's(Krebs on Security) Nationwide chain P.F. Chang's China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide
P.F. Chang's Breach: Link to Target?(GovInfoSecurity) Restaurant chain P.F. Chang's China Bistro continues to investigate an apparent payments breach and subsequent payment card fraud. But several security experts and cyber-intelligence researchers say they believe the chain suffered a malware attack similar to those that compromised the point-of-sale networks of U.S. retailers Target Corp., Neiman Marcus and Sally Beauty Holdings Corp.. Other experts, however, say it's too soon to tell what the cause of the latest breach was, and whether it was linked to any previous breaches
A welcomed response, PF Chang's(Internet Storm Center) Krebs is running a story about the recent data breach that has happened to restaurant chain PF Chang's. As it so happens we decided to have lunch their today and I polled one of the managers if she had been briefed on the breach. She had been informed
FCC DoSed into silence as John Oliver roused net neutrality trolls(Naked Security) Around about minute 11:05 of comedian John Oliver's viral, epic rant about net neutrality, he invites trolls to do what they do best: channel "that anger, that badly spelled bile", at the Federal Communications Commission (FCC) site's comments section
Versatility of Zeus Framework Encourages Criminal Innovation(Threatpost) A new report on the Zeus trojan's evolution shows that the malware was moved from harvesting online banking credentials to controlling botnets and launching distributed denial of service attacks attributes the evolution to the highly customized and incredibly versatile framework Zeus is today
Xiaomi smartphones can wirelessly 'steal' bank card data: report(Want China Times (h/t Security Affairs)) Smartphones made by Chinese brand Xiaomi have been identified as a security threat for their ability to "steal" personal details from bank cards through wireless communication, reports the Nanjing-based Yangtse Evening News
A Day to Forget for Teen at Center of Tweetdeck Shutdown(Threatpost) The last 24 hours have been a sad, scary and frustrating time for an 19-year-old aspiring programmer in Austria who found himself smack in the middle of Wednesday's TweetDeck mess — all because of a Unicode heart
The state of GRX security(Help Net Security) Late last year, documents from Edward Snowden's NSA trove have revealed that Britain's GCHQ has mounted a successful attack against Belgacom (the largest telecom in Belgium) and its subsidiary BICS (Belgacom International Carrier Services), a Global Roaming Exchange (GRX) provider. Other GRXs have been targeted as well
Chinese counterfeiters are selling the iPhone 6 before it has even been released(Quartz) The release of Apple's iPhone 6 isn't expected for at least another two months. Yet, a former Taiwanese pop star has posted what he claims are photos of the phone on his blog (registration required). Meanwhile, merchants on China's largest e-commerce site Taobao are already selling non-working "models" of the iPhone 6 for anywhere between 15 yuan and 460 yuan ($2.40 and $74.06). Some are even selling something called an "iPnoho7"
Daktronics Responds to ICS-CERT Vanguard® Default Credentials Alert(Wall Street Journal) Recently, a small number of North Carolina Department of Transportation Daktronics (Nasdaq:DAKT) Vanguard® dynamic message signs were compromised. As a result, on June 5, 2014, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the U.S. Department of Homeland Security, issued alert ICS-ALERT-14-155-01A referencing a hardcoded password in the Vanguard controller as the primary cause. The ICS-CERT later clarified the alert on Friday, June 6, 2014, stating the password is not hardcoded but is a default password that display owners should change upon installation. ICS-CERT also communicated mitigation recommendations (reprinted below) within the alert
Security Patches, Mitigations, and Software Updates
VMware Patches ESXI Against OpenSSL Flaw, But Many Other Products Still Vulnerable(Threatpost) While the group of vulnerabilities that the OpenSSL Project patched last week hasn't grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an advisory confirming that a long list of its products are vulnerable to the latest OpenSSL bugs
Automatic updating of Android apps becomes riskier(Help Net Security) Google has made unwelcome changes to the way new app permissions are disclosed to users: no warnings will be shown if a new permission if is in the same category as an old one that has previously been accepted
Hot, Cold Reactions to New Google Play App Permissions(Threatpost) Google's revamped app permissions for Google Play are not being well received by Android users. Reddit threads are rife with adjectives such as "stupid" and "dangerous," primarily because Google's attempt to simplify permissions granted to automatically updated applications may in fact expose users to greater risk
Facebook to let advertisers see where you're surfing(Naked Security) Remember back in 2011, when Mark Zuckerberg dissed Google, Yahoo and Microsoft for following you around on the web, using browser cookies to collect a huge amount of information about who you are "behind your back"?
M&A Activity Makes Companies Cyber Targets(Wall Street Journal) Companies involved in merger and acquisition deals are a target for data thieves who may try to exploit employee confusion to gain access to internal systems. FireEye Inc., a Silicon Valley maker of security software, released case studies Thursday, culled from its experience investigating breaches relating to M&A deals
Report: Slow Detection, Slow Response(Dark Reading) More than one-third of data breaches aren't detected for hours, and recovering from a breach takes anywhere from days to months, a new survey says
Authentication innovation, identity and credential management(Help Net Security) In this interview, Richard Parris, CEO of Intercede, talks about how the digital world has shaped our identity, the main catalyst behind authentication innovation as well as key issues you have to deal with when implementing identity and credential management
DHS readies next CDM task orders(Federal Times) The Department of Homeland Security is gearing up to issue new task orders for its Continuous Diagnostics and Mitigation program, ensuring that more agencies can obtain the necessary tools to improve the security and resilience of their networks
Korean Banks Subject to Spending Billions of Won on Every Expiration of Windows OS(Business Korea) Major Korean banks are actively seeking to strengthen security of automatic teller machines (ATMs), since most ATMs still run Windows XP. Microsoft's official support of the aging operating system (OS) ended as of April 8, and thus it has become more vulnerable to hacking or security attacks. However, the replacement of Windows XP with Windows 7 and the upgrade of the existing security solution for ATMs would cost a huge amount of money. Even with the upgrade, security problems cannot be solved completely. Therefore, Industry analysts are saying that it is necessary to come up with a measure that can fundamentally address the problem
BAE Systems Applied Intelligence joins BBA to counter digital crime(Banking Business Review) BAE Systems Applied Intelligence is announcing that is has become an associate member of the British Bankers' Association (BBA), as part of a broader working partnership in which the two organisations will work together to counter the growing threat to the UK banking and financial services industry from cyber-enabled financial crime.
Panda Security Rewards Beta Tester of the Year With Up to $800(Digital Journal) Panda Security, The Cloud Security Company, today announced the beta release of Panda Global Protection 2015, its comprehensive anti-malware solution for protecting the information and digital life of home computer users. The new version has more features and is lighter, more secure and more complete than ever before
Chrome Perfected: Fast, Massively Secure and Gloriously Private (1/2)(Bromides on Infrastructure) Bromium or Chromium? The right answer is both. Chrome users have an almost religious passion for their browser, whose rapid ascent threatens to eclipse IE. Bromium's micro-virtualized Chrome substantially surpasses Google's own vision, delivering fast, massively secure and gloriously private browsing. Micro-virtualization delivers superior security, and its granular, task-centric isolation preserves the Chrome user experience while rigorously protecting user privacy — something that no browser has ever achieved before
Check Point releases software-defined protection security architecture(BusinessDay) Check Point Software Technologies Limited, the worldwide leader in securing the internet, says it has introduced Software-defined Protection (SDP), a revolutionary security architecture that can protect organisation in today's fast-evolving IT and threat landscape. Software-defined Protection offers modern security today that can effectively protect against tomorrow's threats, through a design that is modular, agile and most importantly, secure
Lockheed Martin Earns NSA Cyber-Response Accreditation(HS Today) Lockheed Martin's Cyber Incident Response Assistance (CIRA) program earned accreditation from the National Security Agency's (NSA) Information Assurance Directorate (NSA/IAD), becoming one of the first federally-recognized companies to help organizations respond to cyberattacks
Life after XP: a survival guide(Trend Micro Simply Security) April 8, 2014 marked the end of an era: the day when Microsoft withdrew support for its hugely successful Windows XP operating system for good. Statistics show that, despite declines of late, the OS is still extremely popular. In fact, it still has a market share of around 25% globally, a figure which has changed only slightly since April 8. It's true that some organizations need to stick with XP because of third-party app support reasons, and Trend Micro can help these firms, more of which I'll share later. The problem for those who refuse to migrate onto a newer system, however, is that they're unnecessarily exposing themselves to a much higher risk of infection
NIST Guide Targets Supply Chain Risks(GovInfoSecurity) Breaking down silos should help organizations mitigate vulnerabilities introduced into their systems from the information and communications technology supply chain, says the co-author of revised guidance being drafted by the National Institute of Standards and Technology
Why You Need to Allow Your IT Systems to Be Hacked (by the Good Guys)(IT Business Edge) If you were to give permission for an ethical hacking team to try to penetrate your systems, how difficult do you think it would be for the team to get in? According to one IT security expert who specializes in this sort of penetration testing, it would likely be a walk in the park
Leaking Trade Secrets: A Conversation with Michael Schrenk(Cyveillance) Cyveillance was recently lucky enough to chat with business intelligence specialist, author, and developer Michael Schrenk in advance of his upcoming DEF CON talk, "You're Leaking Trade Secrets." Read on for a first glimpse at his lecture and his thoughts on organizational secrets
Life after TrueCrypt(Help Net Security) While speculation continues around the fate of popular disk encryption software TrueCrypt, Sophos conducted a survey of over 100 IT professionals regarding their use of encryption. including TrueCrypt
Tool for creating booby-trapped PDFs made public(Help Net Security) Freelance security researcher Claes Spett has made available a tool he dubbed "PDF Exploit Generator," which allows penetration testers — but also malicious attackers — to create a booby-trapped PDF in a matter of minutes
Made any new friends lately?(Internet Storm Center) Earlier this week, we were testing the security aspects of an application that integrates with LinkedIn. Given that I do not own a LinkedIn account, I had to create one temporarily, to be able to test. I used a throw-away email address, and did not add any personal data, but I happened to connect to LinkedIn from the business where we were performing the work
Guest Post: The Foreign Intelligence Surveillance Court: Is Reform Needed?(Just Security) With the advent of the Edward Snowden leaks commencing in June 2013, much has been written about Snowden and the United States intelligence community. This short blog post examines one of the only proposals to emerge that would constitute systemic procedural change, namely the creation of a special advocate or institutional amicus system before the Foreign Intelligence Surveillance Court — the FISC (hereafter referred to as a "special advocate" reform, for ease of reference). Such a system would be beneficial for both substantive and procedural reasons. A recently passed House bill, which merely keeps the status quo by permitting the court to appoint an amicus — a power it has now — falls short of what is needed
The Facebook War(Slate) Would taking down the social network justify a real-world attack?
Former NSA director backs House bill to rein in spy agency(Washington Times) The head of the government's civil liberties protection board said Thursday that its classified review of the NSA's collection of Americans telephone records didn't turn up any evidence of abuses — but both he and the man who lead the National Security Agency's program said it's still time to end bulk collection
NSA Chief: Military Not Organized for Cyber Warfare(National Defense) The U.S. military's hidebound culture and outdated procurement system are slowing down efforts to improve cyber defenses against increasingly sophisticated network attacks, said Navy Adm. Michael S. Rogers, director of the National Security Agency and head of U.S. Cyber Command
Cyber Policy Chief Shares Perspective on Mission(American Forces Press Service) Teamwork, balancing between opportunity and risk, and transparency of intent are the keys to U.S. efforts in the cyber domain, the acting deputy assistant secretary of defense for cyber policy said today
US cyber official: Treat IT architecture as a weapon(Defense Systems) If the Defense Department wants to improve cybersecurity it needs to get a handle on its IT infrastructure and start treating it more like a weapons system, the U.S. Cyber Command's former deputy commander said this week
Police lack cyber skills(The Times) Police forces in England and Wales are unprepared to tackle cyber crime which is fast becoming a major element of offending, according to a report published yesterday
U.S. To Answer N.S.A. Spy Claim(Tribune242) John Kerry, the United States Secretary of State, has stepped in to oversee the investigation of reports that the National Security Agency is intercepting and recording all cell phone conversations in The Bahamas, with the ability to store them for up to 30 days
The Feds Are Auctioning a Small Fortune in Silk Road Bitcoins(Wired) The Bitcoin world has been waiting for more than six months to see where the millions in cryptocash seized from the Silk Road black market for drugs would end up. Now that fortune is about to be sold off, like so many mafiosos' cars or drug dealers' bling, to the highest bidder
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
BSidesLV 2014(Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...
EDSC 2014(Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)2 Security Congress, now in its fourth year, (ISC)2 Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East...
Global Summit on Computer and Information Technology(, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer...
NRC Cyber Security Seminar/ISSO Security Workshop(Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.
2014 Spring National SBIR Conference(Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...
MeriTalk's Cyber Security Brainstorm(Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
Suits and Spooks New York(, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.