skip navigation

More signal. Less noise.

Daily briefing.

Cyber hotspots in the Russian near abroad and the Levant remain relatively quiet at week's end. In East Asia investigations into attacks on Vietnam's Ministry of Natural Resources and Environment and a denial-of-service campaign aimed at disrupting unofficial voting in Hong Kong: suspicions in both cases focus on the Chinese government.

IDG chalks up its ability to parry recent attacks by the Syrian Electronic Army to good security awareness. They expected an SEA attack (because of presentations they'd given that showed insufficient enthusiasm for Bashir Assad) and alerted users to the likelihood of phishing (this being the SEA's principal attack technique). A good case study in using actionable intelligence: how could the lessons be extended to other threats?

The proof-of-concept vulnerability Duo Security demonstrated in PayPal's Security Key mechanism doesn't (says PayPal) endanger customer accounts.

IBM researchers release details of an Android vulnerability — patched back in November, but still threatening users. If you're an Android user, look to your patches, especially if you're dependent on a carrier to push them to you.

Criminals or security services may be able to exploit the Pangu iOS jailbreaking tool.

Ransomware and scareware have proliferated this year. Krebs describes extortionists' increasingly brazen operations (almost as if they were legitimate businesses) and Kaspersky offers insights into the criminal economy that enables extortion to pay.

McAfee warns of "Advanced Evasion Techniques" (AET). Dell warns that Windows servers require continuous monitoring.

An APT campaign hit US airports last year. The oil and gas sector forms an ISAC.

Notes.

Today's issue includes events affecting China, European Union, Germany, Indonesia, Syria, United Kingdom, United States, and Vietnam..

Cyber Attacks, Threats, and Vulnerabilities

Vietnam ministry cyber-attack: confirmed (Thanh Nién News) The website of Vietnamese Ministry of Natural Resources and Environment (MONRE) was attacked recently, but its confidential information remains untouched, a senior official has said

MONRE claims malware damage minimal (VietNamNet Bridge) The Ministry of Natural Resources and the Environment (MONRE) has denied assertions that its database on the East Sea was stolen by hackers

Beijing Behind Cyber Attacks on Hong Kong Poll? (New Tang Dynasty) June 22, Hong Kong movement for democracy's referendum, faced the second largest cyber attack in history. While the public suspect the 'herder' behind the attack, Hong Kong Internet security experts analyzed, 40% of the attacks came from Chinese-funded institutions. Referendum organizers believe that the Communist regime was directing the attack

A Security Awareness Success Story (CIO) The recent Syrian Electronic Army attacks against IDG demonstrate that good security awareness works, say Ira Winkler and Samantha Manke

PayPal Responds to Report of Security Key Vulnerability (eCommerce Bytes) Researchers at a security firm discovered a vulnerability in PayPal's two-factor authentication (2FA) - what PayPal calls the Security Key mechanism. However, as the Guardian newspaper reported, attackers would need a PayPal user's username and password to compromise accounts, but said "the vulnerability in PayPal Security Key would have made life far easier for hackers looking to steal PayPal users' funds"

PayPal security 'shoddy,' Two-Factor Authentication bypassed (Tweaktown) PayPal two-factor authentication website problems give criminals the ability to access accounts, send money

Patched Code Execution Bug Affects Most Android Users (Threatpost) A serious code-execution vulnerability in Android 4.3 and earlier was patched in KitKat, the latest version of the operating system. Researchers at IBM this week disclosed the nature of the vulnerability, which was privately disclosed to the Android Security Team in September and patched last November

Pangu exploits enterprise certificate to jailbreak iOS devices (FierceITSecurity) The Pangu iOS jailbreaking tool uses an Apple enterprise certificate to jailbreak and possibly gain control of devices running iOS 7.1 or higher, warns Lacoon Mobile Security in a blog

New iOS jailbreak could become sinister (IDG via CSO Salted Hash) A new jailbreak for Apple's iOS software that uses confidential information intended only for security researchers could develop into a more sinister attack, according to security analysts

This Mobile Malware Earns Money by Asking You to Download Another App (CBR) Worm breakout in North America may be indication of emerging trend. A mobile worm that earns its authors money by encouraging users to download legitimate software has been discovered in North America by security firm AdaptiveMobile

'Havex' malware strikes industrial sector via watering hole attacks (SC Magazine) "Havex," malware previously targeting organizations in the energy sector, has recently been used to carry out industrial espionage against a number of companies in Europe, a security company revealed

As Stuxnet Anniversary Approaches, New SCADA Attack Is Discovered (Dark Reading) F-Secure has unearthed a new attack against industrial control systems that goes after European targets, using rare infection vectors

Hackers found controlling malware and botnets from the cloud (NetworkWorld) Along with all that cloud traffic coming into your business may be some malware

Banks, payment services and social networks most targeted by phishing kits (SC Magazine) Financial institutions, ePayment and money transfer services, and social networks are the top three targets of phishing kits, respectively, according to PhishLabs

Asia Beware: Ransomware is Traveling East (ComputerWorld) In late May this year, Microsoft came out with a security report that made a bold declaration: deception is now the favourite tactic of cybercriminals

The Year Extortion Went Mainstream (Krebs on Security) The year 2014 may well go down in the history books as the year that extortion attacks went mainstream. Fueled largely by the emergence of the anonymous online currency Bitcoin, these modern-day shakedowns are blurring the lines between online and offline fraud, and giving novice computer users a crash course in modern-day cybercrime

How Much Money Do Cybercriminals Earn? (Kaspersky Lab) When you read about hundreds of thousands of viruses that appear each day, you may wonder, who puts so much effort in development of this malware and why. The answer is simple — they are criminals and they do it because it is very, very profitable. Our researchers have discovered an Internet server being used for controlling the attack targeted at users of a large European bank. Log files from this server show that in just one week criminals stole more than 500,000 Euros from a bank's clients and transferred these funds to accounts, controlled by thieves

What's next: Advanced Evasion Techniques (Help Net Security) Advanced evasion techniques, or AETs, are delivery mechanisms used to disguise advanced persistent threats (APTs) and permit them to slip through network security undetected

A security threat most companies don't know about (TechPageOne) Windows servers require constant monitoring or automated add-ons to secure networks

US airports compromised during major APT hacking campaign, says CIS (CSO) APT hackers successful compromised the networks of two US airport networks in the summer of 2013 as part of a major campaign targeting dozens of others, a report from public sector security non-profit the Center for Internet Security (CIS) has revealed

Microsoft computer scheme resurfaces (KUSA) Security experts say that thieves are ramping up criminal activity along the Font Range, and that we may be seeing a new scam in our area very soon

Revenge porn hits two high profile boyfriends where it hurts (Naked Security) On Monday morning, one of Twitter's political sides exploded with revelations that a troll had leaked screen captures of a text message exchange and email, all of which suggested an extramarital affair between former NSA analyst John Schindler and a conservative Twitter user named Lesley

Security Patches, Mitigations, and Software Updates

Twenty-year-old vulnerability in LZO finally patched (CSO) LZO is a compression algorithm that touches almost everything

Decades-Old Vulnerability Threatens 'Internet Of Things' (Dark Reading) A newly discovered bug in the pervasive LZO algorithm has generated a wave of patching of open-source tools such as the Linux kernel this week

Cyber Trends

Cooperation Key to Security in the Cyber Domain (Digital Journal) In cybersecurity, the motto is partner or perish, leaders at AFCEA International Cyber Symposium agree

Airport breach a sign for IT industry to think security, not money (CSO) Time for the nation's best technology minds to start building better security for critical infrastructure, expert says

Gartner Identifies the Top 10 Technologies for Information Security in 2014 (FierceITSecurity) Gartner, Inc. today highlighted the top 10 technologies for information security and their implications for security organizations in 2014. Analysts presented their findings during the Gartner Security & Risk Management Summit, being held here through June 26

The unlocked backdoor to healthcare data (Help Net Security) The majority of healthcare vendors lack minimum security, which is illuminated by the fact that more than 58% scoring in the "D" grade range for their culture of security

Cloud Security: Think Today's Reality, Not Yesterday's Policy (Dark Reading) SaaS, BYOD, and mobility are inseparable, yet time and time again companies attempt to compartmentalize the three when they make a move to the cloud. That's a big mistake

Study: Cybersecurity problems won't be solved with a permanent solution any time soon (FierceGovernmentIT) Don't expect a decisive and lasting solution to cybersecurity problems in the near future, according to one finding in a recently published report by the National Research Council

How old are today's networks? (Help Net Security) The percentage of aging and obsolete devices in today's corporate networks around the globe is at its highest in six years, signaling that the global financial crisis of recent years may still have a lingering effect today, according to Dimension Data

Why A Secured Network Is Like The Human Body (Dark Reading) It's time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health

IT Managers Are Overconfident About Insider Breaches (eSecurity Planet) While 63 percent think it's easy to govern access rights, 42 percent admit they aren't able to monitor or prevent insider breaches

Marketplace

CACI eyes the market for more acquisitions (Washington Business Journal) It's been about seven months since CACI International Inc. borrowed $800 million to fund its Six3 acquisition. Now it's counting how much is leftover for its next deal

IBM, Lenovo Tackle Security Worries on Server Deal (Wall Street Journal) International Business Machines Corp. and Lenovo Group Ltd. are grappling with ways to resolve U.S. security concerns over IBM's proposed $2.3 billion sale of its computer-servers business to the Chinese company. The deal, struck in January, remains in limbo as the U.S. government investigates security issues around IBM's x86 servers, which are used in the nation's communications networks and in data centers that support the

German government terminates Verizon contract over NSA snooping fears (ComputerWeekly) The German government is to end a contract for internet services with US-based telecoms firm Verizon over concerns of snooping by the US National Security Agency (NSA)

Palo Alto expands RI presence (Jakarta Post) California-based network security firm Palo Alto Networks is expanding its presence in Indonesia to profit from the growing demand for cyber security, not only among business entities but also government institutions

Defense intelligence officials struggle with mobile pilots (Defense Systems) The military services aren't the only organizations in the Defense Department trying to figure out how to use mobile systems and wireless connectivity — intelligence community members such as the Defense Intelligence Agency are also trying to find solutions

What is ex-NSA spyboss selling for $1m a month, asks US congressman (The Register) Former snoop Gen Alexander's security consultancy under the microscope

Dell Focuses On Security (InformationWeek) Dell made a flurry of security-minded announcements this week, highlighted by improvements to its Dropbox for Business integration

Products, Services, and Solutions

A look at Interflow, Microsoft's threat information exchange platform (Help Net Security) In the last few years, there has been one constant call from almost all participants in the information security community: the call for cooperation. But that is easier said then done — you need to make collaboration mutually beneficial and, above all, easy

Legal Hackers Tackle Revenge Porn and Parolee Reentry (Law Technology News) Projects include an app that helps parolees discretely access information about drug tests

VASCO Passes Record Milestone: Sells 200 Millionth Authenticator (Vasco News) DIGIPASS is the number one authentication solution used by banks worldwide to combat fraud and account takeover

Bugcrowd Announces New Flex Bounty Security Testing Program (IT Business Net) Company also issues first-ever report on the economics of bug bounties

M2Mi Announces Support for OASIS MQTT and the NIST Cybersecurity Framework (Digital Journal) Machine-to-Machine Intelligence (M2Mi) Corporation, provider of M2M Intelligence®, the essential platform for the M2M & Internet of Things economy, today announced support for the recently published OASIS MQTT and the NIST Cybersecurity framework

EE pre-loads Lookout software on Android devices (Telecompaper) EE has partnered with mobile security company Lookout to pre-load the Lookout Mobile Security app on EE Android smartphones and tablets

FireMon Named Best Security Solution in GTRA's GOVTek Awards Program (MarketWatch) FireMon, the industry leader in proactive security intelligence solutions, today announced that it was named Best Security Solution in the Government Technology Research Alliance's (GTRA) GOVTek Executive Government Technology Awards program

XL Group launches Brazil cyber liability coverage (BNAmericas) The product includes professional indemnity coverage for IT firms

Technologies, Techniques, and Standards

Oil & Natural Gas Industry Forms ISAC (Dark Reading) New ONG-ISAC joins existing Information Sharing and Analysis Centers for electricity, water, and other critical infrastructure sectors

When is it a Breach? (securitycurrent) One of the most difficult decisions a CISO has to make is the one that says the organization suffered a data breach

Not All Malware is Created Equally (BankInfoSecurity) Not all malware strains pose equal threats to an organization. So, how does one distinguish the most dangerous forms? Through layered security controls, says Julian Waits, CEO of ThreatTrack Security

Community Banks Gear Up Against Cyber Security Threats (PYMNTS) In a bid to protect banks from the ever-growing cyber security threats, the Federal Institutions Examination Council (FFIEC) has launched a new program to assess the security readiness of 500 community banks against cyber attacks

Research and Development

Cryptographic Proof Paves Way for Nuke-Free World (Sci-Tech Today) A mathematical trick designed by cryptographers could be a key tool in nuclear disarmament. The question was, can you authenticate something without revealing anything about it? After all, nobody wants a foreign inspector seeing how a warhead is made. Mathematicians tinkering with zero-knowledge proofs may have found the answer

Legislation, Policy, and Regulation

German Official: U.S. Spying 'Biggest Strain' in Relations Since Iraq War (Wired) As U.S. and German officials meet this week to discuss privacy and security in the cyber realm, a German official is calling recent revelations of NSA spying on his country the "biggest strain in bilateral relations with the U.S." since the controversy surrounding the 2003 invasion of Iraq

Head of Britain's MI6 spy agency to step down (AP via KTVL CBS News 10) Wanted: Spymaster. Discretion an asset. Britain's MI6 intelligence agency announced Thursday that director John Sawers will leave in November at the end of his five-year term. MI6 says the recruitment process for Sawers' successor will begin soon

Information Security: Additional Oversight Needed to Improve Programs at Small Agencies (GAO) The six small agencies GAO reviewed have made mixed progress in implementing elements of information security and privacy programs as required by the Federal Information Security Management Act of 2002, the Privacy Act of 1974, the E-Government Act of 2002, and Office of Management and Budget (OMB) guidance

Senate panel passes procurement, cyber reform bills (Federal Times) The Senate Homeland Security and Governmental Affairs Committee passed several bills June 25 that would reform agency IT spending and IT project management — and save the government money, according to proponents

The Tech Trends Making Government Smarter (Forbes) The public sector is often the last to adopt big tech trends. Change tends to arrive slowly in government, especially in organizations without much dedicated IT staff. Unfortunately, that can mean missing out on the cost savings and civic engagement new technologies offer

Two new squadrons coming to Scott (AdvantageNEWS) U.S. Rep. Bill Enyart (D-Illinois) announced the addition of two new cyberprotection squadrons at Scott Air Force Base

South Texas base gets expanded cybersecurity role (AP via the Bryan-College Station Eagle) A South Texas military installation and affiliated agencies will add more than 1,100 personnel as part of increased cybersecurity duty

We don't need net neutrality; we need competition (Ars Technica) Op-ed: "Unbundled access" actually works

Litigation, Investigation, and Law Enforcement

SCOTUS Rules That Cellphone Searches Require Warrants (IEEE Spectrum) In a unanimous ruling yesterday the Supreme Court ruled that a police officer must obtain a warrant to search a cell phone. This will likely apply to computer and tablet searches as well, and acknowledges that a phone these days is far more like a file cabinet in a home, which historically cannot searched without a warrant, than a wallet, which can

Why the Supreme Court May Finally Protect Your Privacy in the Cloud (Wired) When the Supreme Court ruled yesterday in the case of Riley v. California, it definitively told the government to keep its warrantless fingers off your cell phone. But as the full impact of that opinion has rippled through the privacy community, some SCOTUS-watchers say it could also signal a shift in how the Court sees the privacy of data in general — not just when it's stored on your physical handset, but also when it's kept somewhere far more vulnerable: in the servers of faraway Internet and phone companies

Massachusetts Supreme Court Rules Defendant Must Decrypt Data (Threatpost) Encryption software has been enjoying a prolonged day in the sun for about the last year. Thanks to the revelations of Edward Snowden about the NSA's seemingly limitless capabilities, security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones and portable drives. But the Massachusetts Supreme Judicial Court put a dent in that armor on Wednesday, ruling that a criminal defendant could be compelled to decrypt the contents of his laptops

Facebook Search Warrant Disclosure Reveals Scope of Government Requests (TechCrunch) Facebook announced Thursday it's been pushing back against a bulk set of search warrants requesting private data from its user accounts since last summer

NSA Whistleblowers to Testify Before German Parliamentary Committee in July (Dissenter) National Security Agency whistleblowers Thomas Drake and William Binney will testify before a German parliamentary committee on July 3. They both will give testimony as part of an inquiry into details of NSA surveillance in Germany, which have been revealed through news stories based upon documents from NSA whistleblower Edward Snowden

Google is trolling the EU with passive-aggressive disclaimers on search results (Quartz) If you try to search Google for content that falls afoul of copyright laws, Google transparently and openly tells you that some results have been removed. Here's a notice from a search for "Games of Thrones download"

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information...

INSCOM Cyber Day (Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber)...

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, July 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics...

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT...

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...

Seminar: Cybersecurity Framework for Protecting our Nation's Critical Infrastructure (Marietta, Georgia, USA, July 22, 2014) The Automation Federation and Southern Polytechnic State University will co-sponsor the "Cybersecurity Framework for Protecting our Nation's Critical Infrastructure." a free seminar from 8 a.m. to noon...

SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...

STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, August 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT.

Passwords14 (Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...

BSidesLV 2014 (Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...

DEF CON 22 (Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.