Russia continues to fine-tune cyber support for its invasion of Crimea. Domestic networks haven't been neglected: VKontakte websites are being blocked for "encouraging terrorist activity." Cyber operations in Ukraine itself continue to be restrained, but some cables appear blocked. (Restrained, that is, in comparison with the Georgian or Estonian experience.)
The US Senate Intelligence Committee wonders why US intelligence agencies didn't give earlier warning of the incursion. Analysts point darkly to an erosion of Cold War vigilance, but this is historically ill-informed: after all, when that vigilance reigned, the Soviets achieved surprise in their 1968 invasion of Czechoslovakia.
Marble Security claims Android tablets and smartphones manufactured by Samsung, Motorola, Asus and LG have been sold to consumers with pre-installed malware that harvests credentials and sends them to a server in Russia. The manufacturers don't appear implicated; it appears to be a supply chain compromise.
Kaspersky contrasts the GnuTLS and Apple goto bugs. GnuTLS releases security updates to address its problem.
US beauty products retailer Sally Beauty suffers a credit card breach.
University researchers demonstrate a novel side-channel attack. Another research team shows how much traffic analysis of HTTPS communications can reveal (it's quite a bit).
A fourth Bitcoin exchange, Bitstamp, is hacked. The Bitcoin community increasingly migrates to Tor, which itself is increasingly infested with cyber criminals.
AnonGhost's pathetic, motiveless, sad sacks deface the wrong British target.
Target's CIO resigns over the retailer's data breach.
In the US, the White House dialogue on privacy focus on commercial, not government, issues.
Today's issue includes events affecting Australia, Canada, Cyprus, Georgia, India, Italy, Russia, Ukraine, United Arab Emirates, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Russia Blocks Ukrainian Activists Websites For Encouraging "Terrorist Activity"(TechCrunch) As Russia continues its military intervention into the revolution-rocked Ukraine, authorities are now blocking 13 activist websites on the Russian social media network, VKontakte. The Russian Prosecutor's General Office ordered the agency's overseeing media, Roskomnadzor, to block off dissident websites, accusing them of encouraging "terrorist activity"
Ukraine: Why didn't the U.S. know sooner?(Politico) Despite Russian President Vladimir Putin's history as a tough-as-nails leader bent on restoring Russia's sphere of influence, the U.S. intelligence community failed to read the signs when it came to Ukraine
New Android devices sold with pre-installed malware(Help Net Security) A wide range of smartphones and tablets manufactured by Samsung, Motorola, Asus and LG Electronics have apparently been compromised with malicious apps before being sold to unsuspecting clients
Goto Aside, GnuTLS and Apple Bugs are not the Same(Threatpost) The similarities between the GnuTLS bug and Apple's goto fail bug begin and end at their respective failure to verify TLS and SSL certificates. Otherwise, they're neither siblings, nor distant cousins
Sally Beauty Hit By Credit Card Breach(Krebs on Security) Nationwide beauty products chain Sally Beauty appears to be the latest victim of a breach targeting their payment systems in stores, according to both sources in the banking industry and new raw data from underground cybercrime shops that traffic in stolen credit and debit cards
Sally Beauty Holdings Statement(MarketWatch) In response to rumors throughout the retail industry regarding security intrusions at various retailers, Sally Beauty Holdings, Inc. issued the following statement on March 5, 2014
"Ooh Aah… Just a Little Bit": A small amount of side channel can go a long way(International Association for Cryptologic Research) We apply the FLUSH+RELOAD side-channel attack based on cache hits/misses to extract a small amount of data from OpenSSL ECDSA signature requests. We then apply a "standard" lattice technique to extract the private key, but unlike previous attacks we are able to make use of the side-channel information from almost all of the observed executions. This means we obtain private key recovery by observing a relatively small number of executions, and by expending a relatively small amount of post-processing via lattice reduction. We demonstrate our analysis via experiments using the curve secp256k1 used in the Bitcoin protocol. In particular we show that with as little as 200 signatures we are able to achieve a reasonable level of success in recovering the secret key for a 256-bit curve. This is signiﬁcantly better than prior methods of applying lattice reduction techniques to similar side channel information
I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis(ARXIV) Revelations of large scale electronic surveillance and data mining by governments and corporations have fueled increased adoption of HTTPS. We present a traffic analysis attack against over 6000 webpages spanning the HTTPS deployments of 10 widely used, industry-leading websites in areas such as healthcare, finance, legal services and streaming video. Our attack identifies individual pages in the same web-site with 89% accuracy, exposing personal details including medical conditions, financial and legal affairs and sexual orientation
Cross-platform JRAT Targets UK and UAE Individuals(InfoSecurity Magazine) A new spam campaign delivering a Java remote access trojan (RAT) known as JRAT has been uncovered, with the emails claiming to have attached a payment certificate to the message. The campaign has predominantly affected the UAE and the UK to date and appears to be after specific victims
Android RATs Branch out with Dendroid(Symantec Connect) Darwinism is partly based on the ability for change that increases an individual's ability to compete and survive. Malware authors are not much different and need to adapt to survive in changing technological landscapes and marketplaces. In a previous blog, we highlighted a free Android remote administration tool (RAT) known as AndroRAT (Android.Dandro) and what was believed to be the first ever malware APK binder. Since then, we have seen imitations and evolutions of such threats in the threat landscape. One such threat that is making waves in underground forums is called Dendroid (Android.Dendoroid), which is also a word meaning something is tree-like or has a branching structure
CyberLocker's success will fuel future copycats(CSO) Ransomware with unbreakable encryption will attract cyber bandits like flies to offal. Nothing spurs malware development like success and that's likely to be the case in the coming months with ransomware
The Problem With Corporate Webmail(Forbes) The first step in hacking the company of your choice may be as simple as Googling "Company X webmail." The search will in many cases lead you to the front door of a company's fortress of sensitive information and documents. (Try it with your own company.) If an attacker figures out the right knock to get in — which in many cases is just a username/password — that company may wind up with a huge and potentially expensive data breach on their hands
Withdrawal vulnerabilities enabled bitcoin theft from Flexcoin and Poloniex(PC World) Hackers found security weaknesses that allowed them to overdraw accounts with Flexcoin and Poloniex, two websites that facilitate bitcoin transactions, and exploited them to steal bitcoins from the two services. The attacks put Flexcoin out of business and cost Poloniex's users 12.3 percent of their bitcoins
Most Popular Bitcoin Apps Soon To Run On Tor Anonymity Network(Forbes) Bitcoin and Tor have become perhaps the two most widely used software tools for maintaining anonymity on the Web. Now they're about to be stitched together—a move that could make a large swathe of the Bitcoin network significantly stealthier
Tor Attracts More and More Cybercriminals, Experts Warn(Softpedia) Kaspersky security researchers have been monitoring the activities of cybercriminals on the Darknet, particularly Tor, and they've found that the number of operations relying on the anonymity network is increasing
OMG a Ransomcrypt Trojan with a Conscience!(Symantec Connect) Ransomcrypt authors are not known to have a conscience, and until now have always left their victims with no way out, other than paying the extortion demand to decrypt their files. This seems to have changed somewhat with the arrival of Trojan.Ransomcrypt.G. While the authors of this malware are still total scammers, they seem to have some principles and offer to decrypt the victim's files for free after a one month period, even if the ransom has not been paid. While this behavior does not exonerate the actions of the malware authors, it does leave some light at the end of the tunnel for any unfortunate victims of this scam
Payroll vendor breached, data on more than 43,000 employees at risk(SC Magazine) More than 43,000 former and current employees of Chicago-based Assisted Living Concepts (ALC) are being notified that their personal data — including Social Security numbers and pay information — may be at risk after an unauthorized third party breached ALC's payroll vendor and gained access to sensitive files
Cyberpoaching — hacking GPS to find endangered animals(Webroot) "The attempted hacking of a Bengal tiger's GPS collar in the Panna Tiger Reserve last July alerted the world to a new kind of threat to its wildlife: cyberpoaching. Since then, many proactive wildlife experts have been trying to figure out how to fight a poacher who sits half a world away from the animals they're targeting"
Ghosts of Banking Past(LightBlueTouchpaper) Bank names are so tricksy — they all have similar words in them… and so it's common to see phishing feeds with slightly the wrong brand identified as being impersonated
Transformers Expose Limits in Securing Power Grid(Wall Street Journal) The U.S. electric grid could take months to recover from a physical attack due to the difficulty in replacing one of its most critical components. The glue that holds the grid together is a network of transformers, the hulking gray boxes of steel and copper that weigh up to 800,000 pounds and make it possible to move power long distances. Transformers were badly damaged in an attack on a California substation last year
Security Patches, Mitigations, and Software Updates
Cisco Patches Authentication Flaw in Wireless Routers(Threatpost) There's a serious security flaw in some of Cisco's wireless routers that could allow a remote attacker to take complete control of the router. The bug is in a number of the Cisco small business routers, as well as a wireless VPN firewall. Cisco has released patches to fix the vulnerability in its Wireless-N VPN
GnuTLS Releases Security Update(US-CERT) GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks
9 must-do's if you must stick with Windows XP(CSO) Without updates after April 8 Windows XP is expected to fall prey to any number of zero-day attacks for which Microsoft will provide no defense, but there are some things die-hard XP users can do to make their machines safer
Microsoft's quest to make users drop Windows XP continues(Help Net Security) As the date of the scheduled retirement of Windows XP — arguably one of Microsoft's most popular products ever — draws near, the company continues its quest to make as many users as possible migrate to a newer version of the OS, preferably to Windows 8.1
Reflections on RSA and the need for Retailer Information Sharing(Gartner) Just got back from the 2014 RSA Security conference where I had lots of stimulating conversations with colleagues in the security industry. What stood out the most to me was the dearth of information sharing in the retail payment card industry. You'd think that the PCI Security Council would promote information sharing on threats and POS malware to help retailers prevent breaches against their systems. But instead that task has fallen largely to well-known security blogger Brian Krebs who has to sleuth his way around the underworld and the opaque payments industry to uncover the truth about breaches against retailers
RSA 2014: Four luminaries discuss underestimated security threats(IT Knowledge Exchange) I spent a whirlwind trip to the RSA conference this week in San Francisco hanging out in the Information Systems Security Association (ISSA) booth, catching up with the group's members as they popped in. We talked about many things: cyber warfare, the need for collective security intelligence, how important being a member of a group such as ISSA is to a career, Edward Snowden, how much system access security vendors should give the government, how threats are becoming increasingly political in nature
Big Data Meets Threat Detection(InformationWeek) Security practitioners are getting a lot smarter about using security analytics and big data to identify threats in real-time. But there's a still a lot to learn
Cyber War, Cybered Conflict, and the Maritime Domain(US Naval War College) It has been well over a decade since the first "prophets" of information warfare proclaimed a new age of conflict fought not just on air, sea, and land but with electrons in what came to be known as "cyberspace." Since these early predictions, many incidents have confirmed that criminals, random hackers, and government-sanctioned specialists can wreak havoc on governments, military communications systems, and corporations
In dark days for privacy, protecting data gets more hands-on(TechTarget) Privacy is the new black. Or maybe it's the other way around. At Mobile World Congress 2014 this week in Barcelona, the world was introduced to Blackphone. Described as "the world's first smartphone which places privacy and control directly in the hands of its users," it's not to be confused it with Black. The latter is a smartphone created by Boeing, aimed at government and security workers, that will self-destruct if tampered with. Your mission, should you choose to accept it, is personally protecting data privacy
How cybersecurity pros feel about those on the other side(CNBC) The RSA Security Conference in San Francisco brought together top information security experts from around the globe. But the attention at the conference, which ran Feb. 24 to 28, was often on those not in attendance: malicious hackers and cybercriminals, often referred to as "adversaries"
Major gaps found in the governance of emerging technologies(Help Net Security) SailPoint published an infographic which outlines recent research results that indicate that while global enterprises are embracing — and in some instances mandating — the use of cloud and mobile technologies, they do not have IT controls in place to properly manage them
Cybersecurity concerns becoming a boardroom issue(Help Net Security) The increasing frequency, sophistication, and business impact of cyber-attacks have pushed cybersecurity planning and protection from an operational concern of IT departments to a key theme on the strategic agenda of boards and CEOs
Target CIO Resigns as Part of Security Overhaul(Tripwire: the State of Security) Target's Chief Information Officer Beth Jacob has announced her resignation in the wake of the massive data breach that exposed account details of more than 100 million customers, and the company has implemented plans for a major security overhaul with the assistance of third-party consultants
Evidence that the D.C. area really is a hotbed for cybersecurity jobs(Washington Post) For evidence of the boom in cybersecurity jobs in the Washington region, one could simply take a drive up Interstate 95 toward Fort Meade: The crop of upscale apartments and restaurants make clear that white-collar professionals are moving into the area as it is being remade into the federal government's hub for cybersecurity work
Rampant FireEye Shares Makes Founder Ashar Aziz a Cybersecurity Billionaire(Forbes) On Monday, Forbes published its annual Billionaires list with a record number 1,645 members. You can now add one more individual to that list. Ashar Aziz, founder of cybersecurity firm FireEye, is the world's newest billionaire as shares in his company continue to skyrocket following a September initial public offering
The best password manager apps for Android(Android Authority) Getting your password hacked is not a pleasant event. Dealing with password recovery, convincing the website the account actually belongs you, and getting everything back in order is a real pain. If you make your password too weak and easy to remember, the chances of getting hacked goes up. If you do a really complicated password, chances are you'll either forget it or have to write it down somewhere to remember. If this sounds like a problem you're having then why not try out a password manager
AT&T lays out 'radical' network changes with SDN(IT World) AT&T is remaking its infrastructure as a "user-defined network cloud" in the pursuit of greater flexibility, lower costs and faster response to user needs, the carrier's infrastructure chief said
Technologies, Techniques, and Standards
New approach to SQL injection detection(Help Net Security) In this podcast recorded at RSA Conference 2014, Dave Rosenberg, CTO at DB Networks, talks about a new approach to SQL injection detection and explains how they solve this problem in their products
Why is 'bring your own encryption' (BYOE) important?(TechTarget) BYOE, or bring your own encryption, is a cloud computing security model that allows cloud services customers to use their own encryption software and manage their own encryption keys. It works by allowing customers to deploy a virtualized instance of their own encryption software alongside the business application they are hosting in the cloud. The business application is configured so that all its data is processed by the encryption application, which then writes the ciphertext version of the data to the cloud service provider's physical data store
Use cases for self-managed cloud data security in the enterprise(TechTarget) As most security practitioners know by now, securing enterprise cloud usage can be quite a challenge. Because it can spring up unexpectedly, security teams often learn about the adoption of cloud services after the fact. And despite pleas from security administrators, business pressures make the implementation of additional security controls challenging, since executives understandably loathe seeing anticipated cost savings eaten away
Continuous Security Monitoring: The Attack Use Case(Tripwire: the State of Security) In this fifth article in the CSM series, we will examine specific attack use cases, as the first installment of this series provided a general overview of continuous security monitoring, and in the second article explained how CSM can help your organization react better to threats. In the third article, we examined the challenges regarding full visibility into your environment, and the fourth article discussed classifying your network assets
Attack obfuscation: How attackers thwart forensics investigations(TechTarget) Could you provide a description of what is meant by the term "offensive forensics"? What forensics tools are used in such attacks, and what can enterprises do to stop them? Offensive forensics, simply put, is a method of attack obfuscation in which an attacker takes specific steps to make investigating an incident more difficult for a forensic examiner
RAM-scraping malware update: Enterprise defense against RAM scrapers(TechTarget) RAM-scraping or memory-scraping malware has advanced significantly since it first became widely known via the 2010 Verizon Data Breach Investigations Report. Following the 2013 attack on Target in which attackers used a RAM scraper to capture credit card numbers, there has been renewed interest in the topic. While the technical aspect of malware using RAM-scraping has changed little since 2010, the overall sophistication of the attacks has increased tremendously
New tool developed to detect and contain Android root exploit malware(Press Trust of India) Researchers have developed a new tool to detect and contain the type of malware that attempts root exploits in Android devices. The new security tool is called Practical Root Exploit Containment (PREC). Developed by North Carolina State University researchers, the tool is said to improve on previous techniques by targeting code written in the C programming language — which is often used to create root exploit malware, whereas the bulk of Android applications are written in Java
Legislation, Policy, and Regulation
EU officials link cybersecurity to Internet governance(Inside Cybersecurity) Lingering tensions between the European Union and the United States over surveillance activities by the National Security Agency have prompted a number of European initiatives to toughen privacy protections and broaden international control of the Internet
'Just because it is legal doesn't mean we should do it'(Irish Times) US intelligence figures say Europe is acting 'mock surprised' at leaks on NSA. European intelligence agencies were all aware of the type of covert surveillance undertaken by the US National Security Agency (NSA), a former state department official and current director of the Center for Strategic and International Studies (CSIS) has said
US holds hearing on data security(ComputerWeekly) The US House of Representatives subcommittee on Financial Institutions and Consumer Credit is to hold a hearing on data security
White House big data privacy review to focus on private sector, not government use(FierceBigData) In January, President Obama announced plans to reform government surveillance programs and charged White House counselor John Podesta with leading the review on big data and privacy. As part of that effort Podesta delivered a keynote speech at an MIT big data workshop on Monday. But he said his White House-ordered privacy group will focus on private sector data practices rather than those in government agencies. Here, as Paul Harvey would say, is "the rest of the story"
Surveillance by Algorithm(Schneier on Security) Increasingly, we are watched not by people but by algorithms. Amazon and Netflix track the books we buy and the movies we stream, and suggest other books and movies based on our habits. Google and Facebook watch what we do and what we say, and show us advertisements based on our behavior. Google even modifies our web search results based on our previous behavior. Smartphone navigation apps watch us as we drive, and update suggested route information based on traffic congestion. And the National Security Agency, of course, monitors our phone calls, emails and locations, then uses that information to try to identify terrorists
White House proposes multi-agency cybersecurity center(Inside Cybersecurity) To further its push for interagency coordination on cybersecurity, the White House has proposed building a campus to house security specialists from various agencies, including the departments of Justice and Homeland Security
Bruce Schneier hints at new Snowden documents, analysis techniques(TechTarget) Think the Edward Snowden-NSA storyline is played out? Think again. "I think this story is going to keep going for at least a year, probably longer," said Bruce Schneier, chief technology officer with Co3 Systems, who is working with The Intercept's Glenn Greenwald to analyze and report on the NSA documents allegedly stolen and leaked by former contractor Edward Snowden." There's an enormous pile of documents; they're very technical [and] hard to understand, and as you go through them, you find stories"
Daniel Ellsberg: Obama Should Say 'Thank You Edward Snowden'(Fusion) Some people think Edward Snowden should get the Nobel prize, others think he should be tried for treason. Fusion's Daniel Clark sits down with the legendary whistleblower who leaked the Pentagon papers to discuss why leaking top-secret information will continue to happen for years to come
Credit card breaches: Are consumers out of luck?(CBS News) Cyber security attacks that compromised the credit card information of hundreds of millions of customers at major retailers like Target over the holiday season drew vast national media attention. But "there's actually been a number of breaches over the years," Consumer Financial Protection Bureau Director Richard Cordray told CBS News; "your information is always at risk, every day"
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
Black Hat USA 2014(, January 1, 1970) Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, we bring together the brightest in the world for six days of learning,...
Black Hat Europe 2014(, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...
Nuclear Regulatory Commission ISSO Security Workshop(, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.