Iraq's government moves to block social media as ISIS insurgents adeptly use Twitter in information operations.
With #OpWorldCup Anonymous succeeds in counting coup against various Brazilian sites. The principal successes appear to have been data breaches (achieved through phishing); denials-of-service and webpage defacements are also reported.
US officials (and satellite users) mull the significance of an increasingly sophisticated Chinese anti-satellite capability. While kinetic interceptors will draw the most headlines, cyber attack is the more proximate threat.
Rex Mundi's attack on French and Belgian Domino's Pizza has exposed the personal information of 650,000 customers and is now revealed as a cyber extortion caper: the crooks want €30,000 or they'll publish the stolen data. (One of our stringers remains shaken by the news that 650,000 francophones apparently eat take-out pizza.)
Last week's P.F. Chang's hack remains under investigation, with analysts so far seeing little stolen paycard data offered for sale. The Digital Citizens Alliance criticizes Google for not doing more to eliminate blackmarket paycard advertising from YouTube.
Caveat emptor: G DATA reports finding pre-loaded malware in Star's N9500 Android phone.
A new banking remote access Trojan (RAT), called either "Dyreza" or "Dyre," has surfaced. It introduces novel man-in-the-middle functionality. CSIS says Bank of America, Natwest, Citibank, RBS, and Ulsterbank are among the targets.
"Svpeng" financial ransomware has moved on from Russian targets and is now active in the US. In some good news, a decryption solution for Simplelocker has been released.
In the UK, GCHQ expands both web surveillance and cyber-intelligence sharing.
Today's issue includes events affecting Belgium, Brazil, China, France, Germany, Iraq, Republic of Korea, Netherlands, Russia, Tunisia, United Kingdom, United States..
Brazil's World Cup Of Cyber Attacks: From Street Fighting To Online Protest(Forbes) Spear-phishing, DDoS attacks, malware. While people are protesting in the streets of São Paulo or Rio de Janeiro against the organizers of the FIFA World Cup, which they see as a useless waste of money, taking place while the majority of the population is still struggling to make a living, another conflict is raging online
New Chinese Threats to U.S. Space Systems Worry Officials (National Defense) Last year, China launched a mysterious missile from its southwest region. While Chinese news sources said it was a scientific experiment, there is widespread speculation that the payload was a more advanced anti-satellite test
Hackers target Domino's Pizza, demand $40,000 ransom for customer data(Neowin) Hackers have targeted Domino's Pizza servers and claim to have downloaded details of over 650,000 customers. The group, calling itself Rex Mundi, has said that unless the company pays up €30,000 EUR (around $40,600 USD / £24,000 GBP) by today, it will publish the full database online
600,000 customer details compromised at Domino's(Help Net Security) Today's news that 600,000 customer records have been stolen from Domino's France and Belgium yet again raises questions about just how seriously large corporations and big brands are taking data protection. It is the second time in less than a month that we have seen customers' personal details compromised after the records of 145 million people were affected by the eBay breach
P.F. Chang's Breach: 6 Key Developments(BankInfoSecurity) While the restaurant chain P.F. Chang's China Bistro has warned customers that their debit and credit card information may have been compromised in a data breach, several fraud experts say they have yet to see a related increase in fraud
Another RAT crawls out of the malware drain(The Register) Dyreza/Dyre MITMs SSL sessions. Yet another banking trojan has appeared, using browser hooking to steal data from Internet Explorer, Chrome and Firefox users. Dyreza, or Dyre, is pitched the usual way, via a phishing e-mail (a lesson that's never learned well enough for the approach to fail), and the e-mail contains what purports to be a zipped document that actually drops the malware payload
Project Dyre: New RAT Slurps Bank Credentials, Bypasses SSL(Phishme) When analyzing tools, tactics, and procedures for different malware campaigns, we normally don't see huge changes on the attackers' part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry, named "Dyre". This new strain not only bypasses the SSL mechanism of the browser, but attempts to steal bank credentials
New banker trojan in town: Dyreza(CSIS) We have been analyzing a new piece of banking malware, which is targeting some major online banking services. Among many, we have verified the following to be on the target list: Bank of America, Natwest, Citibank, RBS, Ulsterbank
Malicious Web-based Java applet generating tool spotted in the wild(Webroot Threat Blog) Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem's primary infection vector, in a series of blog posts, we've been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on 'visual social engineering' vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a cybercriminal's botnet
Financial ransomware now targeting U.S. users(Help Net Security) Although the GameOver Zeus botnet and CryptoLocker ransomware have been disrupted, it is still too early for a victory celebration. First, the two week deadline expires on June 17th, leaving just one week left before cybercriminals could regain control of their botnet. Second, stories of the GameOver Zeus and CryptoLocker campaign have already spawned a number of copycats among mobile malware writers
Hacking into someone's webcam isn't funny(Graham Cluley) Last year I described how American comedian Jack Vale had demonstrated how careless Twitter and Instagram users were with their privacy, and duly freaked them out
If It Sounds Too Good To Be True…(Krebs on Security) The old adage "If it sounds too good to be true, it probably is" no doubt is doubly so when it comes to steeply discounted brand-name stuff for sale on random Web site, especially sports jerseys, designer shoes and handbags. A great many stores selling these goods appear to be tied to an elaborate network of phony storefronts and credit card processing sites based out of China that will happily charge your card but deliver nothing (or at best flimsy knockoffs)
Cyber security(Energy Global) Energy firms are facing an ever-increasing risk from cyber-attacks. According to global insurer Willis, the future cost of such attacks will reach US$ 1.87 billion by 2018. Robin Somerville, Communications Director for Willis' Global Energy Practice, believes a major cyber-attack on the energy industry 'is only a matter of time'
Cyber technology gap divides financial and energy sectors(E&E news) The Citadel cybercrime connection, which has raided bank accounts around the world, was hit hard last year by a team of software firms and a sophisticated financial services organization that is deploying automated systems to share, analyze and block cybersecurity threats in tandem with the Department of Homeland Security
The public/private imperative to protect the grid(Federal Times) Last week, three high-powered flares erupted from the Sun in a single 24-hour period, emitting electro-magnetic energy particle toward Earth and throughout the Solar System. The flares were categorized as X-class flares, capable of inflicting damage to the electrical grid
Is full disclosure always a good idea?(Talk Tech to Me) Today's public demands far more transparency than in the past — from government agencies, publicly traded corporations, even privately held companies and individuals. The clamor for "full disclosure" comes from both sides of the political aisle and extends across a wide range of industries. We want to know everything about everything: top secret war plans, business financials, what celebrities wear (or don't wear) to bed — and yes, what security vulnerabilities have been discovered in computer software
Q&A: Black Lotus Strives to Get Ahead of DDoS Curve(Channelnomics) As cyberspace evolves, security, speed and reliability are ongoing concerns. That is why Black Lotus, a provider of distributed denial of service (DDoS) solutions, is focused on building strategic relationships that offer the company new avenues to improve the customer experience
AhnLab's mobile security software recognized(Korea Times) AhnLab, a leading security software firm in Korea, proved its technological caliber in the mobile security software sector with its product receiving high marks from an international test agency
Lynis v1.5.6 Released(Toolswatch) Lynis is an auditing tool which tests and gathers (security) information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers
Cyberdéfense : Bertin IT déploie une plateforme pilote de sécurisation de linformation à l'état major des armées(Theatrum-Belli) Bertin IT vient de lancer le déploiement expérimental de sa plateforme logicielle de sécurisation des systèmes d'information sensibles, PolyXene, à l'Etat-Major des Armées. Ce déploiement, qui s'étalera jusqu'à fin 2014, s'inscrit dans le cadre d'une longue collaboration de Bertin avec la Direction Générale de l'Armement (DGA), menée au travers du Programme d'Etude Amont (PEA) SINAPSE. Le système sera en démonstration sur le stand de la DGA à Eurosatory
Amazon AWS continues to use TrueCrypt despite project's demise(IDG via CSO) The first paragraph of the story "Amazon AWS continues to use TrueCrypt despite project's demise," posted Friday, mischaracterized the limitations on the options for encrypting data imported to or exported from the Amazon Simple Storage Service (S3). It is the AWS Import/Export tool that only supports TrueCrypt as a means of encryption
Technologies, Techniques, and Standards
Five great computer security tips that few people follow(Help Net Security) If you're an infosec professional, you probably know a ton of security tips and best practices; use a firewall, update antivirus, patch regularly, adhere to the least privilege principle, don't click unsolicited attachments, and so on. Chances are, you probably have implemented most, if not all, of those important best practices already
How to Anonymize Everything You Do Online(Wired) One year after the first revelations of Edward Snowden, cryptography has shifted from an obscure branch of computer science to an almost mainstream notion: It's possible, user privacy groups and a growing industry of crypto-focused companies tell us, to encrypt everything from emails to IMs to a gif of a motorcycle jumping over a plane
Simplelocker Gets Decrypted(Softpedia) Simon Bell, the UK student that presented an in-depth analysis of the Simplocker code, has just released the solution for decrypting the files taken hostage by the ransomware
A new defense against kernel-mode exploits(Help Net Security) Over the past many years, there've been a plethora of security solutions available for Windows-based endpoints, but most of them are helpless against malicious code targeting the kernel — even when we employ layered security and stack them one upon the other
You can't spell "cryptography" without a "why"(Amtel) When considering adding cryptography to an embedded system (or any other information system) manufacturers always ask: "Why do I need cryptography?" That is, unless they have already been burned by a security breach. The answer is quite simple: "Because you have a lot to lose and the dangers are multiplying every day"
Design and Innovation
FTC Launches Contest at DEF CON 22 to Help Track Down Perpetrators of Illegal Robocalls(Federal Trade Commission) The Federal Trade Commission is looking to expand the technological arsenal that can be used in the battle against illegal phone spammers by challenging DEF CON 22 attendees to build the ultimate "honeypot" to lure in and identify perpetrators of illegal robocalls. A robocall honeypot is an information system designed to attract robocallers, which can help experts and law enforcement authorities understand and combat illegal calls
Cyber Students face off at Louisiana Tech University(Bossier Press) With the school year ending in May, most high school teachers and students are enjoying a well-deserved summer vacation pool-side, on beaches, or in the mountains. However, over 30 teachers and 90 students from high schools across the region have spent the beginning of their summer break in the world of cyberspace at the 7th annual Cyber Discovery camp at Louisiana Tech University
Legislation, Policy, and Regulation
British Spy Agencies Are Said to Assert Power to Intercept Web Traffic(New York Times) In a broad legal rationale for collecting information from Internet use by its citizens, the British government has reportedly asserted the right to intercept communications that go through services like Facebook, Google and Twitter that are based in the United States or other foreign nations, even if they are between people in Britain
Canada's Anti-Spam Legislation (CASL) 2014(Internet Storm Center) Canada recently passed anti-spam legislation. Starting July 1 2014, organizations now need consent to send unsolicited emails or other electronic communications, which includes text messages, faxes and anything else you might think of. This doesn't cover just mass marketing, a single email to a single person is covered in this new legislation
2014 Spring National SBIR Conference(Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...
MeriTalk's Cyber Security Brainstorm(Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...
Suits and Spooks New York(, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.