Both FireEye and Eugene Kaspersky downplay cyber war between Ukraine and Russia. FireEye thinks the level of cyber activity in the region is at the background-noise level. Kaspersky sees conflict, but regards it as hacktivism rather than state-directed activity—thus, a cyber riot, not a cyber war. We're not seeing the widespread, disruptive cyber attacks that characterized earlier Russian operations against Estonia and Georgia (FireEye suggests this shows the Russian organs' increased PR savvy). The early stages of the conflict did, however, see cyber tools used for battlespace isolation. The Snake cyber espionage framework also appears active against Ukrainian targets. (There's no credible attribution of Snake, yet, to anyone other than the Russian government.)
DoubleThink reports finding a WhatsApp for Android vulnerability that exposes chat conversations.
Sucuri traces a very large denial-of-service attack to exploitation of WordPress's Pingback feature. The application layer exploit hijacked some 162,000 legitimate WordPress sites into a DDoS-capable botnet.
Observers see Target's lack of a CSO as contributing to the retailer's data breach. US consumers and payment providers continue to hash out preventive measures; Europe, perhaps lulled by widespread chip-and-pin technology, remains blasé.
The Internet turns 25, and Tim Berners-Lee calls for a Web user bill of rights.
In the US, Senator Feinstein (D-California, and lead intelligence watchdog) accuses the CIA of illegal intrusion into Senate networks. It's simplistic to dismiss her concerns as the "Merkel Effect": such (alleged) intrusion undermines oversight of the Intelligence Community, which Feinstein has cited as an adequate safeguard against surveillance overreach.
Today's issue includes events affecting Estonia, European Union, Georgia, India, Ireland, Japan, New Zealand, Russia, Ukraine, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Crimea — The Russian Cyber Strategy to Hit Ukraine(Infosec Institute) The year 2014 started with a diplomatic crisis in Crimes and Ukraine. The tension rose just after the 2014 Ukrainian revolution, in which the government of President Viktor Yanukovych was ousted after a popular revolt in Kiev. In the region there are groups contrary to the protest that desire the integration of Crimea with Russia, and these groups are opposed to others consisting of Crimean Tatars and ethnic Ukrainians which supported the revolution. The deposed president Yanukovych during the days of revolution covertly requested the intervention of the Russian military to stabilize the internal situation of Ukraine
Intel Analysts Dissect the Headlines: Russia, hackers, cyberwar! Not so fast.(FireEye) Claims of a cyber attacks, website defacements, sophisticated Russian malware, and even "cyberwar" have hit front pages since the conflict in Crimea heated up. With all the noise, it's hard to know what has actually occurred, and even tougher to interpret the consequences of the potential activity. Here's our take on the major cyber activities that have been reported throughout the Russia-Ukraine crisis
Masked Russians seized our gear: Norway journos(The Local (Norwegian Edition)) Masked guards seized computers and storage devices from three Norwegian journalists on Tuesday and labelled them as spies as they attempted to leave the Crimean peninsula for mainland Ukraine
WordPress pingback abuse blamed for massive DDoS attack (CSO Salted Hash) On Monday, Daniel Cid, the CTO of Sucuri, said in a blog post that his company recently mitigated a DDoS attack that leveraged more than 162,000 legitimate WordPress installations. The attack was possible because of the pingback function in the XML-RPC implementation used by WordPress
Grand Theft Auto V Release Stirs Spam(Trend Micro Threat Encyclopedia) Game enthusiasts and fans of Grand Theft Auto need to be wary of the latest spam run we spotted, which capitalized on the said game
Target's Data Breach Raised Few Alarms in Europe(Collections & Credit Risk) Three months after coming to light, the massive exposure of 40 million card accounts at Target Corp. still has the payments industry and consumers talking about what should be done to prevent this happening again. In the United States, that is
Don't be the next Target(FierceITSecurity) We can only wonder why Target, which handles millions of credit and debit card transactions every day, did not have a chief information security officer before its massive data breach that resulted in lost customers and profits
On the trail of Advanced Persistent Threats…(Naked Security) SophosLabs expert Gabor Szappanos has written a highly-recommended report entitled "Advanced Persistent Threats - the new normal?" Szappi explains how exploits once seen only in APTs are appearing ever more widely in money-making malware, and why that puts us all at ever greater risk
Security Patches, Mitigations, and Software Updates
Is Microsoft really risking its reputation by retiring Windows XP?(FierceCIO: TechWatch) As administrators and IT managers are no doubt aware, Microsoft will stop shipping security updates for Windows XP after April 8, 2014. As I wrote previously, this comes after an incredible run of more than 12 years, which is substantially longer than other desktop operating systems such as
Joomla Fixes Critical SQL Injection Vulnerability(Threatpost) The open-source content management framework Joomla pushed out version 3.2.3 of its product last week, fixing a SQL injection zero-day vulnerability that could have let attackers steal information from databases or insert code into sites running the CMS
Reestablishing trust in the Internet(Help Net Security) "The next phase of the internet will be data-centred and connectivity driven. Cloud computing, big data, the Internet of Things; tools which support manufacturing, education, energy, our cars and more. The internet is no longer about emails," said Neelie Kroes, European Commissioner responsible for the Digital Agenda, in her speech at CeBIT 2014 in Hanover on Monday
The NSA, Snowden, and the Internet's Offensive Future(Threatpost) Despite everything that has transpired in the last year, Edward Snowden sounded calm, reflective and in some ways wistful yesterday discussing the fallout and consequences of the multitude of NSA programs and methods he's revealed. Snowden bemoaned the fact that the NSA specifically and the intelligence community in general have shifted its focus to offensive operations, implying that defense should be focus. But now that those agencies have the tremendous offensive powers they've accumulated in the last decade, they're never giving them back
The Internet of Things Needs Anti-Virus Protection(Slate) As the Internet of Things grows and more devices than ever have network connectivity baked in, you might start to wonder what protects all of these smart home appliances and media streaming dongles against hacks. The answer: pretty much nothing. Companies can release security updates or patches when they learn about vulnerabilities in their devices, but who is going to do a software update on their refrigerator
Forget the Internet of things…this is the Internet of crap (CSO Salted Hash) Unless we begin to treat all of our devices, boxes, technologies, etc. as hostile by default, we will continue to find ourselves cleaning-up the havoc wrought by adversaries with poor intentions and friends with good ones
Guest Column: Protecting power grid must be priority(Montgomery Advertiser) Revelations about the cyber theft of customer data at Target and Neiman Marcus are just the most recent reminders about the threat to the United States of cyber attacks. But invasive and costly attacks on businesses and all of us as customers may not even be the most worrisome threats
SME cloud — blanket security or security blanket?(ComputerWeekly) Small and medium-sized enterprises (SMEs) are as vulnerable to security threats as their larger counterparts. Everyone uses the same internet, much of the same software and has the same vulnerabilities from employee mishap or attacks on valuable data. Yet the SMEs does not normally have the luxury of a full-time IT security specialist, let alone the budget for bullet-proof specialist security systems
Do organizations care about data protection?(Help Net Security) Most consumers just don't believe that the personal and financial data they submit to corporations is safe. That's the unmistakable takeaway from a new snap poll conducted by HyTrust
Mergers, Spinoffs, Cyber Security, Disaster Planning and Executive Pay among Top Issues at 2014 Shareholder Meetings According to BDO USA, LLP(Herald Online) As the 2014 annual meeting season begins, shareholders will be focused on both opportunities and threats. After slumping through January and early February, the stock market has bounced back and is within shouting distance of new highs, but mixed economic data on hiring, exports, housing and manufacturing, coupled with worries about emerging markets are cause for potential concern. This unsettled climate should make for an interesting annual meeting season this Spring. BDO USA, one of the nation's leading accounting and consulting firms, has compiled the following list of topics that corporate management and boards of directors should be prepared to address in connection with 2014 annual meetings
Jericho Systems to Research Data Privacy for U.S. Department of Homeland Security(Broadway World) Jericho Systems to Research Data Privacy for U.S. Department of Homeland SecurityJericho Systems Corporation, developers of EnterSpace Decisioning Service (ESDS) technology for externalized dynamic access control and content filtering, has executed a Broad Agency Announcement (BAA) contract with the U.S. Department of Homeland Security (DHS) Science and Technology Directorate to use fine-grained access control policies and data labels to secure sensitive and personally identifiable data at DHS fusion centers
Protecting data against unwanted surveillance(Help Net Security) Network security has been in the spotlight more than ever the past few months, and for good reason. We've seen many scary headlines that have put the pressure on security professionals — and also raised the stakes
Google Glass offers additional security to ATM users(Help Net Security) Taking photos with a wink, checking one's calendar with a glance of the right eye, reading text messages — the multinational cooperation Google wants to make it possible with Google Glass. But what IT experts celebrate as a new milestone makes privacy groups skeptical. So far, few people have access to the prototype to test how it can be used in daily life
Technologies, Techniques, and Standards
White House's Cybersecurity Framework Highlights Need for Preparedness(National Law Review) The White House recently announced the official launch of the Cybersecurity Framework, which provides voluntary guidelines for both public and private organizations operating as part of the "critical infrastructure" to create or improve upon their defenses and response protocols for cyber-attacks. The framework was drafted as a result of the President's February 12, 2013 Executive Order 13636 called for the development of a "prioritized, flexible, repeatable, performance-based, and cost-effective approach" for assisting organizations responsible for "critical infrastructure services" to manage cybersecurity risk. In October, the U.S. Department of Commerce's National Institute of Standards and Technology released a Preliminary Framework. The release of the Preliminary Framework was followed by a 45-day public comment period
Breaking Kryptonite's Obfuscation: A Static Analysis Approach Relying on Symbolic Execution(Diary of a Reverse Engineer) Kryptonite was a proof-of-concept I built to obfuscate codes at the LLVM intermediate representation level. The idea was to use semantic-preserving transformations in order to not break the original program. One of the main idea was for example to build a home-made 32 bits adder to replace the add LLVM instruction. Instead of having a single asm instruction generated at the end of the pipeline, you will end up with a ton of assembly codes doing only an addition
Is it the ISP's Fault if Your Home Broadband Router Gets Hacked?(ISP Review) As consumers we have a right to be huffy at our ISPs when something goes wrong. But is the Internet provider still to blame if, as in the recent cases of AAISP and now PlusNet, your home broadband router ends up being hijacked by a DNS redirection exploit
Unbalanced Security is Increasing Your Attack Surface(TripWire: The State of Security) In the first article in the series, we talked about how when you don't understand your attack surface, too much security can actually make you more vulnerable and undermine the efficiency of your organization's operations. Now we will look at problems caused by unbalanced security, which will lead us to the third and final installment on security solutions that fight for the same resources
Can we test protection against targeted attacks?(Naked Security) In my day job as a tester of anti-malware solutions, I often get asked the same question: how do I plan to test against Advanced Persistent Threats, aka APTs? These threats are very different from your everyday malware, and testing protection against them turns out to be a very different kind of
How to Eat Your Entropy and Have it Too — Optimal Recovery Strategies for Compromised RNGs(International Association for Cryptologic Research) Random number generators (RNGs) play a crucial role in many cryptographic schemes and protocols, but their security proof usually assumes that their internal state is initialized with truly random seeds and remains secret at all times. However, in many practical situations these are unrealistic assumptions: The seed is often gathered after a reset/reboot from low entropy external events such as the timing of manual key presses, and the state can be compromised at unknown points in time via side channels or penetration attacks. The usual remedy (used by all the major operating systems, including Windows, Linux, FreeBSD, MacOS, iOS, etc.) is to periodically replenish the internal state through an auxiliary input with additional randomness harvested from the environment. However, recovering from such attacks in a provably correct and computationally optimal way had remained an unsolved challenge so far. In this paper we formalize the problem of designing an efficient recovery mechanism from state compromise, by considering it as an online optimization problem
US Cyber Command Nominee Adopts Open Approach at Confirmation Hearing(Defense News) When US Army Gen. Keith Alexander submitted written answers to questions for his confirmation hearing to head the newly created US Cyber Command in 2010, he avoided publicly answering all or part of 29 questions, instead providing his responses to Congress in a classified document
NSA nominee backs protection for companies in any cyber law(Reuters via the Chicago Tribune) President Barack Obama's nominee to head the National Security Agency and U.S. Cyber Command said on Tuesday liability protection for corporations that share information with intelligence agencies is crucial in any new U.S. cybersecurity legislation
NSA nominee promotes cyberwar units to Senate(New York Times via the Columbus Dispatch) All of the major combat commands in the U.S. military soon will have dedicated forces to conduct cyberattacks alongside their air, naval and ground capabilities, Vice Adm. Michael S. Rogers, President Barack Obama's nominee to run the National Security Agency, told the Senate yesterday
Encryption makes you an NSA target expert warns(SlashGear) Following Edward Snowden's call for internet users to encrypt everything as a matter of course is likely to make you an even bigger target for the NSA, activist journalist Glenn Greenwald has warned, arguing that the stance inside the spying agency is that those protecting their data are inherently suspicious. "If you want to hide what you're saying from them" Greenwald said during a video appearance at SXSW this week, "it must mean that what you're saying is a bad thing," the former Guardian writer said the National Security Agency's assumptions
Who Wants To Unplug The NSA? Not Arizona's State Agencies(Forbes) Revelations last spring that the National Security Agency secretly gathered information on the communications of millions of Americans have led to a groundswell of legislation aimed at reining in government surveillance. But the response of state agencies in Arizona, one of the states where a popular anti-spying bill is furthest along, indicates unauthorized collection of personal information is deeply entrenched at both the state and federal levels
US, UK and Indian bodies named among worst online spies(Economic Times) US National Security Agency, India's Centre for Development of Telematics, and the UK's GCHQ have been named among the worst online spies by a non-profit group for implementing censorship and surveillance
GCSB dismisses whistleblower claims(Radio New Zealand News) The Government's external spying agency is denying it had help from the United States National Security Agency in rewriting the law governing the way it operates
FCC task force will better intersect technology, health(FierceMobileHealthCare) Federal Communications Commission Chairman Tom Wheeler announced March 5 the launch of a new Connect2Health Task Force, which aims to use the agency's expertise to better intersect broadband connectivity, advanced technology and health
Feinstein: CIA searched Intelligence Committee computers(Washington Post) The head of the Senate Intelligence Committee on Tuesday publicly accused the CIA of secretly removing documents from computers used by her panel to investigate the agency's controversial interrogation program and said that an internal agency investigation of the action has been referred to the Justice Department for possible criminal prosecution
Guest Post: The Elephant in the Room: The FBI(Just Security) Commissions, oversight boards, and review groups are all the rage these days. Recent weeks have seen hundreds of pages of reports evaluating American intelligence agencies, and there's a promise of more to come. These reports have recommended dozens of modifications affecting all three branches of government. But there's an integral part of the surveillance state that has thus far largely escaped the current scrutiny: the FBI. And while failure to "connect the dots" is an oft-cited flaw within the intelligence community, not insisting on examining more closely the FBI's surveillance activities represents a similar flaw by those outside the intelligence community
Snowden Isn't Exactly a "Traitor," Says the Top Nominee for NSA Director(Motherboard) In stark contrast to Edward Snowden's appearance yesterday in front of an SXSW crowd, Vice Admiral Michael Rogers, the man likely to take over the helm of the National Security Agency, today testified in front of the Senate armed services committee to talk about his vision for the future of US cyber defense
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Security West(, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information...
CanSecWest(, January 1, 1970) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social...
Nuclear Regulatory Commission ISSO Security Workshop(, January 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce...
ICS Summit 2014(Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.