skip navigation

More signal. Less noise.

Daily briefing.

Iraq's government moves to block social media as ISIS insurgents adeptly use Twitter in information operations.

With #OpWorldCup Anonymous succeeds in counting coup against various Brazilian sites. The principal successes appear to have been data breaches (achieved through phishing); denials-of-service and webpage defacements are also reported.

US officials (and satellite users) mull the significance of an increasingly sophisticated Chinese anti-satellite capability. While kinetic interceptors will draw the most headlines, cyber attack is the more proximate threat.

Rex Mundi's attack on French and Belgian Domino's Pizza has exposed the personal information of 650,000 customers and is now revealed as a cyber extortion caper: the crooks want €30,000 or they'll publish the stolen data. (One of our stringers remains shaken by the news that 650,000 francophones apparently eat take-out pizza.)

Last week's P.F. Chang's hack remains under investigation, with analysts so far seeing little stolen paycard data offered for sale. The Digital Citizens Alliance criticizes Google for not doing more to eliminate blackmarket paycard advertising from YouTube.

Caveat emptor: G DATA reports finding pre-loaded malware in Star's N9500 Android phone.

A new banking remote access Trojan (RAT), called either "Dyreza" or "Dyre," has surfaced. It introduces novel man-in-the-middle functionality. CSIS says Bank of America, Natwest, Citibank, RBS, and Ulsterbank are among the targets.

"Svpeng" financial ransomware has moved on from Russian targets and is now active in the US. In some good news, a decryption solution for Simplelocker has been released.

In the UK, GCHQ expands both web surveillance and cyber-intelligence sharing.

Notes.

Today's issue includes events affecting Belgium, Brazil, China, France, Germany, Iraq, Republic of Korea, Netherlands, Russia, Tunisia, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Iraqi government blocks social media (ComputerWeekly) The government in Iraq is reportedly blocking access to social media sites amid growing armed conflict in the country

How ISIS Games Twitter (The Atlantic) The militant group that conquered northern Iraq is deploying a sophisticated social-media strategy

#OpWorldCup: Anonymous Hacks Brazilian Govt, Police, Court, Globo TV and Cemig Telecom (HackRead) Anonymous has fulfilled its promise of conducting cyber attacks on the government of Brazil during football World Cup

Brazil's World Cup Of Cyber Attacks: From Street Fighting To Online Protest (Forbes) Spear-phishing, DDoS attacks, malware. While people are protesting in the streets of São Paulo or Rio de Janeiro against the organizers of the FIFA World Cup, which they see as a useless waste of money, taking place while the majority of the population is still struggling to make a living, another conflict is raging online

New Chinese Threats to U.S. Space Systems Worry Officials (National Defense) Last year, China launched a mysterious missile from its southwest region. While Chinese news sources said it was a scientific experiment, there is widespread speculation that the payload was a more advanced anti-satellite test

Hackers target Domino's Pizza, demand $40,000 ransom for customer data (Neowin) Hackers have targeted Domino's Pizza servers and claim to have downloaded details of over 650,000 customers. The group, calling itself Rex Mundi, has said that unless the company pays up €30,000 EUR (around $40,600 USD / £24,000 GBP) by today, it will publish the full database online

600,000 customer details compromised at Domino's (Help Net Security) Today's news that 600,000 customer records have been stolen from Domino's France and Belgium yet again raises questions about just how seriously large corporations and big brands are taking data protection. It is the second time in less than a month that we have seen customers' personal details compromised after the records of 145 million people were affected by the eBay breach

Domino's breach underlines value of personal data, say experts (ComputerWeekly) The latest cyber breach to hit a high-profile brand underlines the high value of personal data and the need for businesses to increase defences around such data, say security experts

P.F. Chang's Breach: 6 Key Developments (BankInfoSecurity) While the restaurant chain P.F. Chang's China Bistro has warned customers that their debit and credit card information may have been compromised in a data breach, several fraud experts say they have yet to see a related increase in fraud

Stolen Credit Card Info Relatively Easy to Find Via YouTube, Group Says (Re/Code) Thieves routinely sell stolen credit card numbers and other personal information via videos on YouTube, a new report by a nonprofit group alleged Monday

Android smartphone shipped with spyware (G DATA Security Blog) G DATA discovers dangerous computer malware in firmware of Android device

Another RAT crawls out of the malware drain (The Register) Dyreza/Dyre MITMs SSL sessions. Yet another banking trojan has appeared, using browser hooking to steal data from Internet Explorer, Chrome and Firefox users. Dyreza, or Dyre, is pitched the usual way, via a phishing e-mail (a lesson that's never learned well enough for the approach to fail), and the e-mail contains what purports to be a zipped document that actually drops the malware payload

Project Dyre: New RAT Slurps Bank Credentials, Bypasses SSL (Phishme) When analyzing tools, tactics, and procedures for different malware campaigns, we normally don't see huge changes on the attackers' part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry, named "Dyre". This new strain not only bypasses the SSL mechanism of the browser, but attempts to steal bank credentials

New banker trojan in town: Dyreza (CSIS) We have been analyzing a new piece of banking malware, which is targeting some major online banking services. Among many, we have verified the following to be on the target list: Bank of America, Natwest, Citibank, RBS, Ulsterbank

Malicious Web-based Java applet generating tool spotted in the wild (Webroot Threat Blog) Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem's primary infection vector, in a series of blog posts, we've been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on 'visual social engineering' vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a cybercriminal's botnet

Financial ransomware now targeting U.S. users (Help Net Security) Although the GameOver Zeus botnet and CryptoLocker ransomware have been disrupted, it is still too early for a victory celebration. First, the two week deadline expires on June 17th, leaving just one week left before cybercriminals could regain control of their botnet. Second, stories of the GameOver Zeus and CryptoLocker campaign have already spawned a number of copycats among mobile malware writers

Police tell UK public they have only hours to combat GameOver Zeus malware (Graham Cluley) Two weeks ago, the National Crime Agency had a scary message for computer users up and down the United Kingdom

Mobile protection from botnets and ransomware (ProSecurityZone) David Emms of Kaspersky Lab comments on the disruption of GameOver Zeus and CryptoLocker and the need for mobile users not to lower their guard

Evernote forum hacked, some users warned passwords could be exposed (Graham Cluley) Evernote's official discussion forum has suffered a security breach, which has allowed hackers to access user's profile information and (in some cases) password hashes

Hacked Synology NAS systems used in high-profit cryptocurrency mining operation (ComputerWorld) A hacker exploited publicly known vulnerabilities to install malware on network-attached storage systems manufactured by Synology and used their computing power to generate Dogecoins, a type of cryptocurrency

Hacking into someone's webcam isn't funny (Graham Cluley) Last year I described how American comedian Jack Vale had demonstrated how careless Twitter and Instagram users were with their privacy, and duly freaked them out

DNS servers still sitting ducks inside many organisations, IDC survey finds (TechWorld) Awareness of risk high but protection low

If It Sounds Too Good To Be True… (Krebs on Security) The old adage "If it sounds too good to be true, it probably is" no doubt is doubly so when it comes to steeply discounted brand-name stuff for sale on random Web site, especially sports jerseys, designer shoes and handbags. A great many stores selling these goods appear to be tied to an elaborate network of phony storefronts and credit card processing sites based out of China that will happily charge your card but deliver nothing (or at best flimsy knockoffs)

The latest stage in the evolution of content piracy is apps that look like they're legal (Quartz) Online streaming companies are booming. Netflix has now amassed more than 46 million paying subscribers for its video content, both original and licensed. Spotify has convinced 10 million people to pay it each month for unlimited and offline access to its vast library of music

1-15 June 2014 Cyber Attacks Timeline (Hackmaggedon) It just looks like attackers are enjoying the beginning of the Summer, since the first half of June confirms the decreasing trend

Security Patches, Mitigations, and Software Updates

For Internet Explorer 11 users, no update now means no security fixes (Ars Technica) Windows Update no longer offers patches for the original IE11 release

Windows 2003: Microsoft's next support sinkhole (InfoWorld) Microsoft won't support Windows Server 2003 after July 2015, and businesses need to think about migration sooner, not later

Analysis of 3000 vulnerabilities in SAP (Help Net Security) According to official information from SAP portal, more than 3000 vulnerabilities have been closed by SAP

Comcast is turning your home router into a public Wi-Fi hotspot (KSPR 33) So far, company has turned 3M home devices into public ones

Cyber Trends

Cyber security (Energy Global) Energy firms are facing an ever-increasing risk from cyber-attacks. According to global insurer Willis, the future cost of such attacks will reach US$ 1.87 billion by 2018. Robin Somerville, Communications Director for Willis' Global Energy Practice, believes a major cyber-attack on the energy industry 'is only a matter of time'

Cyber technology gap divides financial and energy sectors (E&E news) The Citadel cybercrime connection, which has raided bank accounts around the world, was hit hard last year by a team of software firms and a sophisticated financial services organization that is deploying automated systems to share, analyze and block cybersecurity threats in tandem with the Department of Homeland Security

The public/private imperative to protect the grid (Federal Times) Last week, three high-powered flares erupted from the Sun in a single 24-hour period, emitting electro-magnetic energy particle toward Earth and throughout the Solar System. The flares were categorized as X-class flares, capable of inflicting damage to the electrical grid

Is full disclosure always a good idea? (Talk Tech to Me) Today's public demands far more transparency than in the past — from government agencies, publicly traded corporations, even privately held companies and individuals. The clamor for "full disclosure" comes from both sides of the political aisle and extends across a wide range of industries. We want to know everything about everything: top secret war plans, business financials, what celebrities wear (or don't wear) to bed — and yes, what security vulnerabilities have been discovered in computer software

Marketplace

Cyber security an economic opportunity, says UK government (ComputerWeekly) "Cyber security should not be seen as a necessary evil," says Francis Maude, minister for the Cabinet Office

Microsoft to cooperate with Qihoo 360 amid security concerns in China: Xinhua (Business Recorder) Microsoft Corp will work with Chinese Internet security specialist Qihoo 360 Technology Co on mobile Internet and artificial intelligence technology, state media reported, as the U.S. software giant fights security concerns in the country

Black Lotus Communications Launches New Scrubbing Centers in Virginia and Amsterdam (Broadway World) Black Lotus Communications, a provider of availability security and distributed denial-of-service (DDoS) protection, today announced that two new network traffic scrubbing centers in Ashburn, Virginia and Amsterdam, Netherlands are now live

Q&A: Black Lotus Strives to Get Ahead of DDoS Curve (Channelnomics) As cyberspace evolves, security, speed and reliability are ongoing concerns. That is why Black Lotus, a provider of distributed denial of service (DDoS) solutions, is focused on building strategic relationships that offer the company new avenues to improve the customer experience

Procera Networks Receives ContentLogic Order From Tier 1 EMEA Mobile Operator (MarketWatch) Follow-on software order delivers parental control services on existing PacketLogic solutions

Vodafone buys into Internet of Stuff, sinks fangs into Cobra (The Register) Gets vehicle-tracker tech for a cool €145m

BofA/Merrill Lynch Downgrades Booz Allen Hamilton (BAH) Two-Notches to Underperform (StreetInsider) BofA/Merrill Lynch downgraded Booz Allen Hamilton (NYSE: BAH) from Buy to Underperform with a price target of $22.00

Former National Security Agency Internet specialist gets funds for e-mail security tool (Washington Post) A District-based cyber start-up founded by two brothers, one of whom is a former National Security Agency Internet specialist, is receiving $10 million from big-name investors who are betting that the firm's product will set a standard for universal e-mail security

Good steps up mobile security push with Fixmo acquisition, new tools (IDG via NetworkWorld) Mobile device management company Good Technology is stepping up its efforts to attract organizations that want to leave BlackBerry behind by acquiring assets from Fixmo and launching a new secure mobile collaboration app

Products, Services, and Solutions

Bitdefender vs Kaspersky — An Overview of Features and Drawbacks (The Fuse Joplin) Both the antivirus softwares are verified as effective and efficient softwares to battle Trojans, malwares, spyware and viruses and both are available as boxed softwares

AhnLab's mobile security software recognized (Korea Times) AhnLab, a leading security software firm in Korea, proved its technological caliber in the mobile security software sector with its product receiving high marks from an international test agency

Lynis v1.5.6 Released (Toolswatch) Lynis is an auditing tool which tests and gathers (security) information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers

User-shaming robot Pic Nix banned by Instagram (Naked Security) Is your Instagram experience polluted by people who post too many selfies? Cat photos? Pictures of food?

Cyberdéfense : Bertin IT déploie une plateforme pilote de sécurisation de linformation à l'état major des armées (Theatrum-Belli) Bertin IT vient de lancer le déploiement expérimental de sa plateforme logicielle de sécurisation des systèmes d'information sensibles, PolyXene, à l'Etat-Major des Armées. Ce déploiement, qui s'étalera jusqu'à fin 2014, s'inscrit dans le cadre d'une longue collaboration de Bertin avec la Direction Générale de l'Armement (DGA), menée au travers du Programme d'Etude Amont (PEA) SINAPSE. Le système sera en démonstration sur le stand de la DGA à Eurosatory

Amazon AWS continues to use TrueCrypt despite project's demise (IDG via CSO) The first paragraph of the story "Amazon AWS continues to use TrueCrypt despite project's demise," posted Friday, mischaracterized the limitations on the options for encrypting data imported to or exported from the Amazon Simple Storage Service (S3). It is the AWS Import/Export tool that only supports TrueCrypt as a means of encryption

Technologies, Techniques, and Standards

Five great computer security tips that few people follow (Help Net Security) If you're an infosec professional, you probably know a ton of security tips and best practices; use a firewall, update antivirus, patch regularly, adhere to the least privilege principle, don't click unsolicited attachments, and so on. Chances are, you probably have implemented most, if not all, of those important best practices already

How Not To Respond To A DDoS Attack (Dark Reading) Common mistakes made by victims of distributed denial-of-service attacks

A Roadmap for CIOs & CSOs After the Year of the Mega Breach (Dark Reading) The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture

How to Anonymize Everything You Do Online (Wired) One year after the first revelations of Edward Snowden, cryptography has shifted from an obscure branch of computer science to an almost mainstream notion: It's possible, user privacy groups and a growing industry of crypto-focused companies tell us, to encrypt everything from emails to IMs to a gif of a motorcycle jumping over a plane

Simplelocker Gets Decrypted (Softpedia) Simon Bell, the UK student that presented an in-depth analysis of the Simplocker code, has just released the solution for decrypting the files taken hostage by the ransomware

A new defense against kernel-mode exploits (Help Net Security) Over the past many years, there've been a plethora of security solutions available for Windows-based endpoints, but most of them are helpless against malicious code targeting the kernel — even when we employ layered security and stack them one upon the other

You can't spell "cryptography" without a "why" (Amtel) When considering adding cryptography to an embedded system (or any other information system) manufacturers always ask: "Why do I need cryptography?" That is, unless they have already been burned by a security breach. The answer is quite simple: "Because you have a lot to lose and the dangers are multiplying every day"

Design and Innovation

FTC Launches Contest at DEF CON 22 to Help Track Down Perpetrators of Illegal Robocalls (Federal Trade Commission) The Federal Trade Commission is looking to expand the technological arsenal that can be used in the battle against illegal phone spammers by challenging DEF CON 22 attendees to build the ultimate "honeypot" to lure in and identify perpetrators of illegal robocalls. A robocall honeypot is an information system designed to attract robocallers, which can help experts and law enforcement authorities understand and combat illegal calls

Research and Development

Accountable HTTP seeks to increase data privacy through transparency (ITWorld) MIT researchers have a developed a protocol to let us see who's using our information

Academia

Britain's Top Code Breakers Announced as Cyber Security Challenge Schools Champs (Infosecurity Magazine) Cabinet Office co-sponsors pioneering program to find best country's best young coders

Cyber Students face off at Louisiana Tech University (Bossier Press) With the school year ending in May, most high school teachers and students are enjoying a well-deserved summer vacation pool-side, on beaches, or in the mountains. However, over 30 teachers and 90 students from high schools across the region have spent the beginning of their summer break in the world of cyberspace at the 7th annual Cyber Discovery camp at Louisiana Tech University

Legislation, Policy, and Regulation

British Spy Agencies Are Said to Assert Power to Intercept Web Traffic (New York Times) In a broad legal rationale for collecting information from Internet use by its citizens, the British government has reportedly asserted the right to intercept communications that go through services like Facebook, Google and Twitter that are based in the United States or other foreign nations, even if they are between people in Britain

GCHQ to share threat intel — and declassify SECRET inventions (The Register) Inspector Gadget watch? IP with no 'secret applications', sadly

UK's cyber security strategy enters collaborative phase (SC Magazine) Cabinet Office Minister Francis Maude looks back at two years of the National Cyber Security Programme and says that public-private collaboration is key to protecting British businesses from cyber attacks

The digital arms race — and what is being done to fight it (The Guardian) With surveillance-security software on the rise, the fight against the use of espionage malware on citizens is gathering steam

Canada's Anti-Spam Legislation (CASL) 2014 (Internet Storm Center) Canada recently passed anti-spam legislation. Starting July 1 2014, organizations now need consent to send unsolicited emails or other electronic communications, which includes text messages, faxes and anything else you might think of. This doesn't cover just mass marketing, a single email to a single person is covered in this new legislation

Litigation, Investigation, and Law Enforcement

LinkedIn Faces Lawsuit Over Privacy Violation (InfomationWeek) US federal judge orders LinkedIn to face a lawsuit that claims the social network sent emails to users' contacts without their consent

UK Supreme Court Extends Pool of Whistleblowers (Willis Wire) The cornerstone of protection for UK employees against discrimination based on whistleblowing is Section 2 of the UK Public Interest Disclosure Act 1998

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, July 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics...

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's...

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.

AFCEA Information Technology Expo at Joint Base Lewis-McChord (JBLM) (, January 1, 1970) Federal Business Council, Inc. (FBC) and the Armed Forces Communications & Electronics Association (AFCEA) Pacific Northwest Chapter (PNC) will be partnering once again to co-host the 4th Annual Information...

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information...

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...

SINET Innovation Summit (New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.