ISIS has gathered much attention for its information operations in Syria and Iraq (and the Levant generally) with its use of social media drawing particular admiration. Researchers at King's College London looked closely at last Friday's "ISIS Twitter Storm" and found more astroturf than grassroots: insight into how a small, focused group can punch far above its weight in social media.
Among ISIS's successful tactics was hijacking World Cup Twitter hashtags. In general, however, the World Cup seems to have weathered its cyber threats as well as could be reasonably expected (but the white-board-in-the-photo-background opsec issue surfaced in some widely circulated images of the Cup's security center).
Hacktivists continue cyber vandalism in Pakistan (protesting police brutality) and Arizona (pro-Palestinian Turkish hackers resuming their baffling selection of American targets).
Kaspersky Lab finds a cyberfraud campaign affecting a large European bank. They're calling it "Luuuk," and report that it stole half a million Euros in less than a week — remarkably swift theft that bodes ill for the legacy cyber defense cycle.
New York City taxicab logs afford researchers an opportunity to demonstrate how porous poorly executed anonymization can be.
Several malware infestations arise in Google Play and other trusted app stores. Beware in particular Flappy Birds — accept no knock-offs.
CryptoLocker evolves into a standalone version. Many security firms say, again, that the best defense against ransomware is sound, systematic backup. They also deprecate paying the ransom.
US Cyber Command gives AFCEA symposiasts its industry wish list: visualization, automation, and work-force development.
Today's issue includes events affecting Australia, Brazil, China, Iraq, Pakistan, Syria, Turkey, United Arab Emirates, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Analyzing the ISIS "Twitter Storm"(War on the Rocks) For the last eighteen months we've been closely monitoring the Syrian conflict. One of the ways we do this is through social media, using a range of tools to aid our work. For Twitter, we use Palantir's Torch platform — a data analysis and visualization program — and decided to use it to analyze Friday's ISIS #AllEyesOnISIS "twitter storm"
Jihadists in Iraq hijack World Cup hashtags(ComputerWeekly) The militant Islamic group ISIS, which is battling for control of several major cities in Iraq, is hijacking Twitter hashtags for the 2014 World Cup to spread its message
The Luuuk banking fraud campaign: half a million euros stolen in a single week (Kaspersky Lab) The experts at Kaspersky Lab's Global Research and Analysis Team have discovered evidence of a targeted attack against the clients of a large European bank. According to the logs found in the server used by the attackers, apparently in the space of just one week cybercriminals stole more than half a million Euros from accounts in the bank. The first signs of this campaign were discovered on 20 January this year when Kaspersky Lab's experts detected a C&C server on the net. The server's control panel indicated evidence of a Trojan program used to steal money from clients' bank accounts
Duo Security Researchers Uncover Bypass of PayPal's Two-Factor Authentication(Duo Blog) Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal's two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service — an API used by PayPal's official mobile applications, as well as numerous third-party merchants and apps — but also partially in the official mobile apps themselves
Improperly anonymized taxi logs reveal drivers' identity, movements(Help Net Security) Software developer Vijay Pandurangan has demonstrated that sometimes data anonymizing efforts made by governments and businesses are worryingly inadequate, as he managed to easily deanonymize data detailing 173 million individual trips made by New York City taxi drivers
Risks of Not Understanding a One-Way Function(Schneier on Security) New York City officials anonymized license plate data by hashing the individual plate numbers with MD5. (I know, they shouldn't have used MD5, but ignore that for a moment.) Because they didn't attach long random strings to the plate numbers — i.e., salt — it was trivially easy to hash all valid license plate numbers and deanonymize all the data
Beware Flappy Bird clones carrying malware(USATODAY) Scratching the Flappy Bird itch could be dangerous, a report by computer security company McAfee finds. "Of the Flappy Bird clones we sampled, almost 80% contained malware," said Brian Kenyon, chief technical strategist at the Santa Clara, Calif.-based company
Cross-Platform Mobile Threats: A Multi-Pronged Attack(TrendLabs Security Intelligence Blog) Cross-platform threats can be dangerous, both at home and in the office. These can 'jump' from one platform to another, or target all of them at the same time — potentially infecting a user's entire network, or even a company's network if left unchecked. The risk to critical data and system functionality, not to mention overall network security, can be catastrophic if not mitigated properly
KnowBe4 Alerts Users: CryptoLocker Threat Variant Goes Stand Alone(Insurance News Net) Even with the recent international law enforcement "Operation Tovar" shutting down Cryptolocker operations, it appears the number one ransomware Trojan is back in business. KnowBe4 reports a new strain of the infamous CryptoLocker has been found. The new Trojan does not rely on the 2048-bit RSA encryption and does not need any communication with a Command & Control server to work. It operates stand-alone, and the extensions of affected files are switched to .cryptolocker after encryption
JackPOS — Another Credit Card Stealer(Fortinet Blogs) In a previous blog post on Dexter, we briefly mentioned a new strain of point-of sale (PoS) malware that has compromised over 4,500 credit cards in the United States and Canada. This new strain of malware, dubbed JackPOS, was detected early this year and between then and the time of writing, has had just one version, but with multiple variants
PlugX RAT With "Time Bomb" Abuses Dropbox for Command-and-Control Settings(TrendLabs Security Intelligence Blog) Monitoring network traffic is one of the means for IT administrators to determine if there is an ongoing targeted attack in the network. Remote access tools or RATs, commonly seen in targeted attack campaigns, are employed to establish command-and-control (C&C) communications. Although the network traffic of these RATs, such as Gh0st, PoisonIvy, Hupigon, and PlugX, among others, are well-known and can be detected, threat actors still effectively use these tools in targeted attacks
BBC News app hijacked? Bogus breaking news alerts posted(Graham Cluley) The popular BBC News smartphone app appears to have been hijacked, or at least its "Breaking News" feature, by mischief-makers who are popping up messages on users' devices…It's good to know that the app hasn't been compromised, and this is just the BBC goofing up in a fairly harmless way. Hopefully they will be more careful next time
Spam, talk about false advertising(Internet Storm Center) SPAM SPAM SPAM, It never fails to entertain. Like most of you I get my fair share of SPAM and like a number of you I will happily click links (not a recommendation) and follow the little yellow brick road to whatever malware or "sales" opportunity presents itself. This one was just a bit more random than others I've received lately
A peek inside the online romance scam.(Webroot Threat Blog) Online dating can be rough, and no matter how many safeguards are in place in the multiple legitimate dating websites out there, the scammers are getting around the blocks and still luring in potential victims. While the reports of these types of scams are out there (even with copy and paste examples of the e-mails used), people still fall for the scams every day. In this particular case, it was my profile on eHarmony that was targeted, and this is my recount of it
Who is ultimately responsible for data security in the cloud?(Help Net Security) A recent report following Infosecurity Europe 2014 suggested that 43 per cent of organisations had no enterprise visibility or control into whether employees were putting sensitive data into the cloud. Furthermore, a new survey has shown that almost half of firms say they already, or plan to, run their company from the cloud. Both of these findings clearly demonstrate just how integral the cloud is becoming to businesses
Is privacy undermining trade in digital services?(ComputerWeekly) Since Edward Snowden lifted the lid on the US National Security Agency's (NSA) surveillance secrets there has been a lot of fretting about spies. It is not a new issue, but more people are now talking about keeping data in places beyond the legal reach of any foreign government
Should We Trust Google With Our Smart Homes?(Wired) John Matherly operates what you might call the search engine for the Internet of Things. It's called Shodan, and it lets you probe the net for all sorts of online devices, from refrigerators and swimming-pool control panels to webcams — lots and lots of webcams
CyberArk Files Registration Statement for Proposed Initial Public Offering(MarketWatch) CyberArk, a global leader and pioneer of a new layer of IT security solutions, today announced that it has publicly filed a registration statement on Form F-1 with the U.S. Securities and Exchange Commission (SEC) relating to a proposed initial public offering of its ordinary shares. The number of shares to be offered and the price range for the proposed offering have not yet been determined. CyberArk has applied to list its ordinary shares on the Nasdaq Global Select Market under the ticker symbol "CYBR"
Symantec Cyber Connection (SC3) Program Overview(Digital Journal) Symantec today announced the launch of a first-of-its-kind program, the Symantec Cyber Career Connection (SC3), to address the global workforce gap in cybersecurity and provide new career opportunities for young adults who may not be college-bound
Darktrace Announces New, Self-Learning Cyber Intelligence Platform(Digital Journal) Enterprise immune system addresses insider and external threats. Darktrace, founded by world-class machine learning specialists and operational government intelligence experts, today announced the launch of its self-learning Darktrace Cyber Intelligence Platform version 2. Darktrace gives customers the ability to detect anomalies in real time that go undetected by existing security tools, thanks to its ground-breaking Enterprise Immune System technology that learns 'self' and what is normal and abnormal activity within an organization
OPSWAT Releases GEARS Application for Device Security and Advanced Threat Detection(Digital Journal) OPSWAT today announced the official release of the GEARS application. This free software helps users identify if their computer is at risk or compromised by providing greater visibility into the status of installed security applications and alerting them to potential advanced threats. The release of this new application extends the capabilities of the GEARS cloud-based network security management platform to individual users and computers
WatchGuard Brings Advanced Persistent Threat Protection (APT) to the Masses(Enterprise Working Planet) Seattle-based WatchGuard Technologies has deployed a new operating system for its family of security appliances and Next Generation Firewalls (NGFW). Fireware OS 11.9 incorporates advanced security technologies, such as an APT (Advanced Persistent Threat) protection service, as well as improved application security controls
Battling The Bot Nation(Dark Reading) Online fraudsters and cyber criminals — and even corporate competitors — rely heavily on bots, and an emerging startup aims to quickly spot bots in action
Technologies, Techniques, and Standards
FDA issues social media guidance(FierceMobileHealthCare) Two new draft federal guidance documents published by the U.S. Food and Drug Administration focus on regulation of medical products and electronic digital platforms and correcting information regarding such devices and prescription drugs via Internet communication platforms
Extending Debuggers(Infosec Institute) Sometimes we come across situations when we are in need of doing something inside our debuggers or to extend the functionality of them. For such things, debuggers usually provide an API interface to extend or provide extra functionality for the debugger
Six Steps Small Businesses Can Take to Assure Bank Account Security(Kaspersky Lab) If cybercriminals were lions, small business would be a herd of antelope. Rarely are they individually targeted; the lioness simply takes down the weakest one. So, it's all about survival of the fittest: follow a few safety rules that the rest of the herd doesn't know, and your business could remain breach-free for another year
Former NSA director advocates for thin client cloud security model(TechTarget) More than a year after Edward Snowden leaked confidential information about the breadth of the National Security Agency's domestic intelligence-gathering, the former head of the NSA staunchly defended the agency's actions while advocating for enterprises to adopt the computing paradigm that helps keep the NSA's systems secure
Stronger Keys and Faster Security with ECC(SYS-CON Media) Anyone who has been involved with security knows there is a balance to providing both security and privacy and performance at the same time. Security is often blamed for performance woes, particularly when cryptography is involved
To Pay or Not to Pay — That's the Ransomware Question(TechNewsWorld) "The key is to remove power from the extortionists, and you do that by backing up your system regularly," said Kenneth Bechtel, a malware research analyst with Tenable Network Security. "This basic best practice is cheap and easy, thanks to removable hard drives. With backups, there's no need to pay the ransom to get your data back or interact with extortionists in any way"
Russian Bureaucracy's Race to Police the Web(Global Voices) Russia's lawmakers and police are in a race to take control over the Internet. For more than two years, the parliament has spewed out legislation that imposes new restrictions on Internet use. Now, engorged by these new laws, Russia's authorities can legally shut down, lock up, or block off just about anything happening online. The Kremlin has been careful to avoid targeting Russia's e-business sector, but political expression on the Web has become increasingly unsafe
May calls for data access changes(Belfast Telegraph) At least 20 cases have been dropped by the National Crime Agency (NCA) in six months as a result of missing communications data — including 13 threat-to-life scenarios involving children, the Home Secretary has revealed
Summary of Homeland Security bill approved by approps subcommittee this morning(Insurance News Net) The U.S. Senate Appropriations Subcommittee on Department of Homeland Security today approved fiscal year 2015 funding legislation that totals $47.2 billion, $643 million above the fiscal year 2014 enacted level. Of this total, $45.65 billion is for discretionary programs, including $213 million for Coast Guard overseas contingency operations and $6.4 billion for the Federal Emergency Management Agency (FEMA) Disaster Relief Fund. After excluding these two adjustments, the net discretionary appropriation for the Department of Homeland Security (DHS) is $39 billion. Even with this modest increase, discretionary appropriations for DHS have declined by 8.3 percent since fiscal year 2010
NSA's Rogers: JIE crucial to cyber defense(FCW) The Defense Department's move to a Joint Information Environment cannot come soon enough for National Security Agency Director Adm. Michael Rogers, who said June 24 that the department-wide IT platform will provide DOD the network visibility it needs to repel cyberattacks
Why Americans, like Europeans, should be able to scrub their online search results(Quartz) Based on the uproar from American internet and legal experts, I had assumed a privacy ruling by the European Union Court of Justice in May was an assault on free speech and our right to information. I also assumed it would mostly be sex offenders or hucksters who would ask to have a search term delinked from something they don't like on the web
The 'Fly' Has Been Swatted(Krebs on Security) A Ukrainian man who claimed responsibility for organizing a campaign to send heroin to my home last summer has been arrested in Italy on suspicion of trafficking in stolen credit card accounts, among other things
$800,000 Penalty for Paper Records Breach(Healthcare InfoSecurity) An $800,000 HIPAA settlement between the Department of Health and Human Services and an Indiana community health system for an incident involving paper records dumping is the latest reminder that patient information needs to be safeguarded regardless of whether it's electronic or paper-based
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
4th Annual Cyber Security Training Forum(Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...
DEF CON 22(Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.
Interop New York(New York, New York, USA, September 29 - October 3, 2014) Interop is the leading independent technology conference and expo series designed to inform and inspire the world's IT community. Through in-depth educational programs, real-world demos, Interop showcases...
ekoparty Security Conference 10th edition(Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...
Israel HLS 2014(Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.
SANSFIRE(Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.
26th Annual FIRST Conference(Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...
Gartner Security & Risk Management Summit 2014(National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...
AFCEA International Cyber Symposium(Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.
2nd Annual Oil & Gas Cyber Security Conference(Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...
SINET Innovation Summit(New York, New York, USA, August 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration...
Security Startup Speed Lunch DC(Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.