The Syrian Electronic Army succeeded in redirecting Reuters traffic to one of its own sites. The SEA accomplished this through an indirect approach, compromising Taboola's recommended content widget embedded in Reuters' pages. Taboola confirms the compromise, but offers no comment so far on the SEA's claim to have also accessed Taboola's PayPal account.
The incident highlights, again, the risk of attacks via third-party vendors and partners. Target, one recalls, was compromised via an HVAC contractor, and other reports warn that advertising agencies have become attractive targets of espionage services looking for the agencies' clients' intellectual property.
Not much news on last week's threatened OpPetrol (which suggests an Anonymous hacktivist fizzle). The Scotsman, however, warns of the economic consequences of attacks on offshore oil production. Vietnam's Ministry of Natural Resources and Environment (MONRE) has sustained a targeted cyber espionage campaign. Since Vietnam is one of the countries embroiled with China in territorial disputes over resource rights in the South China Sea, a short list of suspects is relatively easily developed.
The Code Spaces post mortem continues. Remember that it wasn't denial-of-service that killed the business: DDoS was the extortion threat; compromised logins and data destruction were the kill shot.
The US hedge fund that was recently attacked remains unidentified, but the attackers' motives are growing clearer: theft of traders' tools to enable front-running trades.
US tech firms continue to face NSA-related headwinds in international markets. Anonymity-promising services like ProtonMail draw many ready customers.
The Breakthrough Prize Foundation awards five mathematicians $15M.
Today's issue includes events affecting Australia, Brazil, Canada, China, Germany, Israel, New Zealand, Norway, Russia, Syria, United Kingdom, United States, and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Reuters website 'hacked' by the Syrian Electronic Army(Hot for Security) The notorious Syrian Electronic Army (SEA) has claimed the scalp of another high profile media organisation, redirecting internet users visiting articles on the Reuters website to one under the control of the attackers
Taboola confirms security breach, and has its PayPal account pwned(Graham Cluley) This weekend, visitors to news articles on the Reuters website found themselves redirected to a page belonging to the Syrian Electronic Army hacking group. As I wrote at the time, rather than this being a straightforward hack of Reuters' servers, suspicion pointed in the direction of the Taboola recommended content widget that Reuters had embedded on its site
Targeted attack against Vietnamese government: right on the MONRE(We Live Security) ESET researchers recently came across a targeted attack against the Vietnamese government's Ministry of Natural Resources and Environment (MONRE). In this report, we will look at how the attackers targeted Vietnamese government employees, the behavior of the malware on MONRE's systems, and how the attackers attempted to exfiltrate data
Cyber attack claims 'groundless': Holden Chow(Hong Kong Standard) The chairman of the Young DAB, Holden Chow Ho-ting, says claims that Beijing orchestrated major cyber attacks ahead of Occupy Central's vote on political reform are groundless
How a hacker destroyed a promising cloud service with a few clicks of the mouse(FierceCIOTechWatch) A code-hosting and software collaboration platform was put out of business by an attacker who deleted a significant portion of the company's online data and backups. Ironically, Code Spaces offered a code-hosting service that boasted of the ability to protect customer data from catastrophic events with a proven "full recovery plan"
DDoS + Breach = End of Business(GovInfoSecurity) A distributed-denial-of-service attack and subsequent data breach that led to the shuttering of source code hosting firm Code Spaces offers an eye-opening reminder: Beware of DDoS attacks used as a diversionary tactic to draw attention away from devastating hacking
This Video Shows A Day In The Life Of DDOS Cyber Attacks(TechCrunch) Update: This is a video that's been shared throughout the Internet purporting to show a concerted DDOS attack coming mainly from China and concentrated on United States internet servers on the day that Facebook's service was down for many users worldwide. We've looked into this further, however, and it turns out this attack bore no relation to Facebook's outage on Thursday
Are your third-party vendors leaving the door open to hackers?(Help Net Security) By now, every security professional in the world should know the story about Fazio Mechanical Services. The Pennsylvania-based company specializes in heating, air conditioning and refrigeration services, and numerous large companies, including Target, trusted Fazio for its HVAC expertise. Fazio's level of security expertise, however, was another matter. Its reliance on a free version of a malware detection tool, plus its access to Target's external billing system and online project management portals, plus a savvy attacker added up in 2013 to the fourth largest data breach of all time
Darkness Still Lurks(Fortinet Blog) Darkness, a.k.a. Optima, is a bot that majors in performing distributed denial-of-service (DDoS) attacks. This botnet is an old one that has been in the Russian cybercrime underground market for a long time. Since 2013, there has been no new update and so most variants are down. According to our botnet monitoring system's continued tracking, there is still one variant that has been active for almost one year. During this period, this DDoS bot has performed several attacks
Who's Behind Russia's "WikiLeaks"?(TechPresident) Representatives of a "mysterious Russian hacker collective" known as "Anonymous International" or "Shaltay Boltay" (Humpty-Dumpty) have denied being hackers. They have told the press that they do very little technical hacking. Mostly they leak things: government memos, email exchanges, and insider reports
PARCC Security Breaches Revealed; Microsoft, InBloom, News Corp. Implicated(Bayoo Buzz) When LouisianaVoice broke the story about the stealth agreement between the Louisiana Department of Education (DOE) and Rupert Murdoch's News Corp. whereby DOE would provide News Corp. with personal information on Louisiana's public school students for use by a company affiliated with the Bill and Melinda Gates Foundation, the resulting firestorm resulted in cancellation of the agreement
Top Five Phishing Myths Debunked(Cyveillance Blog) Phishing is a well-known word amongst information security professionals, and something they deal with on a daily basis. Simply put, phishing is defined as using tricks via digital communication methods to attempt to get unsuspecting people to provide personal information like passwords and account numbers that can be used to break into their online banking, social media, or other accounts
Bulletin (SB14-174) Vulnerability Summary for the Week of June 16, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
New Security Update Disables RC4 in Transport Layer Security(WindowsITPro) Reported first in May 2014, an update is now available for practically all versions of supported Windows versions that are running the Microsoft .NET Framework 3.5 through 4.5.x. The update disables RC4 (stream cipher for encryption and decryption) communications in the Transport Layer Security (TLS — the latest version of Secure Sockets Layer protocol) due to a vulnerability that could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions
Android 4.4.4 fixes OpenSSL connection hijacking flaw(IDG via CSO) Less than three weeks after pushing Android 4.4.3 to users of its Nexus devices, Google released a new version of the OS that incorporates a patch for a serious vulnerability identified in the OpenSSL cryptographic library
Cyber Professional Shortage Likely To Solve Itself, RAND Study Finds(HS Today) A new study released by the RAND Corporation suggested that while the shortage of skilled cybersecurity professionals poses a grave risk to national and homeland security, the difficulty of finding qualified cybersecurity candidates is a problem that will likely correct itself
Fresh responses emerging to banking security(Brazil Business Today) A couple of IT security companies, Tempest Security Intelligence of Brazil and Norwegian company Protectoria, who have ambitions to grow in this country got together at techUK's London HQ to focus on innovations targeting financial institutions
Ex-NSA Chief Pitches Banks High-Cost Advice on Cyber-Attacks(Bloomberg via the Washington Post) As the four-star general in charge of U.S. digital defenses, Keith Alexander warned repeatedly that the financial industry was among the likely targets of a major attack. Now he's selling the message directly to the banks
Twitter Reverses Decision to Censor Content in Pakistan(EFF) Last month, we harshly criticized Twitter for responding to questionable legal orders from Russia and Pakistan to take down content. We argued that the company that once called itself "the free speech wing of the free speech party" had caved in the midst of corporate expansion. We are therefore pleased to see that Twitter has reversed course on its approach to Pakistan
Ecrypt Technologies and Cyber Risk Pro Services Form Cyber Protection Partnership(Wall Street Journal) Ecrypt Technologies (OTCQB:ECRY) announced today that Cyber Risk Pro Services of Seattle, Washington and Ecrypt formalized their strategic marketing alliance through a formal, worldwide exclusive arrangement whereby Ecrypt will promote, sell and distribute all of Cyber Risk Pro Services and executive programs targeted to state, county and local Governments
Pinup: Netskope Provides Nice Blend Of Cloud Security And Performance(CloudTweaks) Our world has become fairly riddled with cloud services and technology. It seems like every time you turn around, a new tech or service is being rolled out, expanding our capabilities in the cloud to one degree or another. This trend is only expected to grow in the coming years, with cloud computing geared to be the primary means of doing business both on the internet and in the real world
Microsoft to Preview Interflow Information Sharing Platform(Threatpost) Much like the Year of PKI that has never come to be, information sharing has been one of security's more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a competitive edge or exposing further vulnerabilities
New tool: kippo-log2db.pl(Internet Storm Center) I've been running kippo for several years now on a couple of honeypots that I have around and when I started I was just logging to the text logs that kippo can create. Since then, kippo now supports logging directly to a MySQL database and some other folks
Watch the global hacking war in real time with a weirdly hypnotic map(Quartz) Well-organized hackers from China have been blamed for everything from crippling pro-democracy websites in Hong Kong to stealing corporate secrets from US companies in recent months. The US and China are locked in an escalating war about online spying that threatens to devastate business for companies in both countries
Technologies, Techniques, and Standards
TrueCrypt developer says forking the software is impossible(Help Net Security) Even though a number of people have expressed interest in continuing the development of TrueCrypt, the future of these projects is questionable as one of the TrueCrypt developers feels that "forking" the software would not be a good idea
NSA Names NYU School of Engineering to Exclusive List of Cyber Security Programs(Broadway World) The National Security Agency and the United States Cyber Command have named the NYU Polytechnic School of Engineering as a National Center of Academic Excellence in Cyber Operations, the first in New York earning the designation and one of only a handful in the country to earn all three Center of Excellence designations from NSA
Illinois college offering scholarships to League of Legends players(Joystiq) Robert Morris University in Chicago put out a call recruiting League of Legends players to its first varsity eSports team earlier this month. According to Riot Games, RMU will become the first university to offer a competitive team at the varsity level, and will offer scholarships to players "of up to 50 percent tuition and 50 percent room and board"
Why these local teens are learning to hack(San Diego Union-Tribune) Some kids make lanyards and take kayake lessons at summer camp. Chloe Crisostomo learned how to hack into a computer system and fight malware (malicious software)
Obama Extends Bulk Phone Data Collection Program To September(National Review) President Obama extended the National Security Agency program until September by convincing a judge to reauthorize the existing program as his administration promises to work with Congress to pass legislation that would circumscribe the bulk collection of American phone records
Reform, after all(Indian Express) US House of Representatives' surprise move to curtail NSA's powers is encouraging
Little reform since Snowden spilled the beans(Japan Times) A year has passed since the American former intelligence contractor Edward J. Snowden began revealing the massive scope of Internet surveillance by the U.S. National Security Agency
The Admiral Sets a Good Course(Huffington Post) Admiral Mike Rogers, the new leader of the National Security Agency and Cyber Command at the Defense Department, certainly has taken a different approach from his predecessor, General Keith Alexander. Right out of the gate, Admiral Rogers noted that the NSA had a public image issue and that it had lost some of its credibility with the American public
Litigation, Investigation, and Law Enforcement
US NSA granted extension to collect bulk phone data(PCWorld) The U.S. National Security Agency has been allowed to continue to collect phone records in bulk of people in the country, while lawmakers consider new legislation that would block the agency from collecting the data
Zeldes Haeggquist & Eck LLP Announces Investigation of FireEye, Inc.'s March 7, 2014 Secondary Offering(MarketWatch) Zeldes Haeggquist & Eck, LLP , a shareholder and consumer rights litigation firm has commenced an investigation on behalf of shareholders who purchased shares of FireEye, Inc. ("FireEye" or the "Company") FEYE -0.16% common stock directly pursuant to FireEye's March 7, 2014 Secondary Offering (the "Secondary Offering"). Specifically, Zeldes Haeggquist & Eck, LLP is investigating whether FireEye and its top executives and officers made false and misleading statements in the prospectus and registration statement that the Company provided to investors in connection with the Secondary Offering
Don't shoot the demonstrators(Light Blue Touchpaper) Jim Graves, Alessandro Acquisti and I are giving a paper today at WEIS on Experimental Measurement of Attitudes Regarding Cybercrime, which we hope might nudge courts towards more rational sentencing for cybercrime
FBI New York Announces Newly Formed Cyber Task Force with NYPD and MTA (FBI New York Press Office) George Venizelos, the Assistant Director in Charge of the FBI; William J. Bratton, Commissioner of the New York City Police Department (NYPD); and Thomas F. Prendergast, Chairman, Chief Executive Officer of the Metropolitan Transportation Authority, announce the establishment of the Financial Cyber Crimes Task Force. The task force will operate out of the FBI's field office in New York and will focus on cyber-related criminal activity in the region. A memorandum of understanding was signed between the three agencies this month
Card Wash: Card Breaches at Car Washes(Krebs on Security) An investigation into a string of credit card breaches at dozens of car wash locations across the United States illustrates the challenges facing local law enforcement as they seek to connect the dots between cybercrime and local gang activity that increasingly cross multiple domestic and international borders
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
BalCCon2k14 (Balkan Computer Congress)(Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking...
BruCON 2014(Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...
Black Hat Europe 2014(, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...
Deepsec 2014(Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.