All quiet on the cyber front (apparently) between Russia and Ukraine as Vladimir Putin digests Crimea, but some useful overviews of recent activity and the provenance of Turla/Snake appear.
Linux server campaigns prove difficult to eradicate.
Mozilla patches Firefox vulnerabilities exposed in Pwn2Own. Java 8 is out.
The hacking of Flight 370 is a matter of speculative, a priori possibility without positive evidence, but a consideration of cyber risks facing commercial aviation remains instructive. Israeli Defense offers a rundown of coverage that includes comparison with 2008's Spanair flight 5022 crash, an accident in which malware was implicated.
Less speculative, however, are analyses that point to the glare-of-war in which too much information blinds watchstanders. Tripwire notes that, whatever happened aboard Flight 370, glare hindering responders and security officers is one feature the disappearance shares with the Target breach. Many companies offer palliatives for glare, but any comprehensive solution would seem to require machine-learning and automated reverse engineering. (Which would also help keep pace with swiftly evolving malware: ZBOT, for example, has just acquired aggressive clickbot functionality.)
Many call for more effective risk-based security approaches (on the sensible grounds that they who defend everything probably defend nothing). Such approaches require, as lawyers and insurers note, a rigorous way of determining value-at-risk.
NSA Director Alexander calls for more threat information sharing. It's a tough problem: privacy, anonymity (especially), and regulation are all in tension with collaborative security, even among Federal agencies.
Surveillance surprises Google; NSA counsel says companies knew all about it.
Today's issue includes events affecting Brazil, China, France, Japan, Malaysia, Russia, Spain, Switzerland, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States..
Spyware Targets U.S. and Europe(Top Tech News) Malware known as Turla may be the work of the Russian government and could be linked to a massive breach on the U.S. military in 2008, security researchers say. The Turla spyware is used to establish a hidden foothold in infected networks from which they can search other computers, store stolen data, then transmit data back to their servers
Hacking a Boeing 777(GovInfoSecurity) Can a Cyber-Attack Bring Down an Airliner? Speculation surrounding the cause of the disappearance of Malaysia Airlines Flight 370 hasn't included the possibility of a cyber-attack, until now. A cybersecurity expert contends hacking an airliner is feasible
Was Malaysia Flight MH370 Cyber-Hijacked?(Israel Defense) The aviation industry faces major risks on all of its fronts. Could the answer to the missing plane be that this is "the world's first cyber hijack"
How the Target Breach and the Malaysian Flight Mh370 Mystery are Related(Tripwire: The State of Security) While there has been at least one article suggesting that hackers could have diverted the Malaysian jet which mysteriously disappeared over the South Pacific, what really unites the jet mystery with the Target breach is the topic of "alarm overload." Numerous public safety incidents have, over the years, been linked to alarm systems that failed to provide the necessary alert it was designed to produce
Tor warns of malicious Tor browser offered on the App Store(Help Net Security) A public plea made on Twitter by Runa A. Sandvik, a (former?) developer with The Tor Project has turned the spotlight on a still unresolved issue of an apparently fake Tor Browser app equipped with spyware being offered for download on Apple's App Store
EA hacked to steal your Apple ID(C/Net) Hackers have targeted EA, the people behind Titanfall, FIFA 14 and Battlefield 4, to try and steal your Apple ID and credit card details
ZBOT Adds Clickbot Routine To Arsenal(TrendLabs Security Intelligence Blog) The ZeuS/ZBOT malware family is probably one of the most well-known malware families today. It is normally known for stealing credentials associated with online banking accounts. However, ZBOT is no one-trick pony. Some ZBOT variants perform other routines like downloading or dropping other threats like ransomware
A history of Bitcoin hacks(The Guardian) The alternative currency has been plagued by hacks, ponzi schemes and increasingly professional thefts since 2011
Secunia Vulnerability Report Questioned by Experts(CSO) The team at the OSVDB (Open Sourced Vulnerability Database) project have taken issue with Secunia's latest vulnerability report, noting it uses flawed methodology and provides little benefit to organizations
Socks4/Socks5 enabled hosts as a service introduces affiliate network based revenue sharing scheme(Webroot Threat Blog) Thanks to the commercial and public availability of DIY (do-it-yourself) modular malware/botnet generating tools, the diverse market segment for Web malware exploitating kits, as well as traffic acquiring/distributing cybercrime-friendly traffic exchanges, cybercriminals continue populating the cybercrime ecosystem with newly launched services offering API-enabled access to Socks4/Socks5 compromised/hacked hosts
The Goldilocks Dilemma: Too Much Cybersecurity Or Too Little?(Forbes) Cybersecurity continues to be a hot topic these days, but it's unclear whether CIOs are doing too much or too little to tackle the problem. Sometimes it seems as though enterprises are developing the same attitude about breaches that Californians have about earthquakes — sure, we're vulnerable, but what are the chances of it shaking really, really bad right where I'm standing
91% of video surveillance deployments involve IT departments(Help Net Security) ESG research found that among organizations currently using video surveillance technology, 91% indicate that IT manages or supports these deployments. Of the final survey pool of IT professionals involved with video surveillance at mid- to enterprise-sized organizations, 47% claim their department is the group most responsible for setting surveillance strategy and making final infrastructure purchasing decisions
Security, M&A among hospital CIO frustrations for 2014(FierceHealthIT) As 2014 kicks into full gear, what topics elicit fear and frustration among health CIOs? Bonnie Siegel, a healthcare IT recruiter for Witt/Kieffer, shared some of her takeaways from discussions with CIOs at the College of Healthcare Information Management Executives' CIO Forum in Orlando
Hacks of Ages(Juniper Networks) From the click-clack of the Enigma machine that stumped so many for so long to the Anonymous "Million Mask March" on the White House to protest against corporate and government corruption, we've assembled an illustrative timeline of the cyber world
Spying Is Bad for Business(MIT Technology Review) Can we trust an Internet that's become a weapon of governments? Following a one-day summit in Brasilia this February, negotiators from Brazil and Europe reached a deal to lay a $185 million fiber-optic cable spanning the 3,476 miles between Fortaleza and Lisbon. The cable will be built by a consortium of Spanish and Brazilian companies. According to Brazil's president, Dilma Rousseff, it will "protect freedom." No longer will South America's Internet traffic get routed through Miami, where American spies might see it
Security Startups: Interview with Covertix CEO Yoran Sirkis(SecurityWeek) SecurityWeek: How did you start out in the computer field and in particular, security? Yoran: I started my journey in the cyber- and information- security fields while at the Israeli Air Force, where I served as a captain. After the military service I joined Comsec, an international information security professional services firm
Products, Services, and Solutions
Full Disclosure mailing list closure elicits mixed reactions(Help Net Security) The Full Disclosure mailing list has long been the perfect place for security researchers to disclose and discuss newly found vulnerabilities. But John Cartwright, one of its creators, has pulled the plug on the list today
Facebook Blocks NSA Spies — for Now(CIO) In the wake of revelations exposed in classified National Security Agency documents leaked to reporters by Edward Snowden, Facebook must show its users that their data is safe from the prying eyes of government spies
What is Kaspersky Gadget(Kaspersky Lab Daily) "Gadget" has recently become an extremely popular word. We now use a wide range of gadgets, read the latest news from this sphere in various blogs and websites, and eagerly discuss it. You can even use a gadget for your antivirus, like Kaspersky Internet Security, which has its own Kaspersky Gadget now
Juniper Networks Partners VeriSign(Nasdaq Analyst Blog) Networking solutions provider, Juniper Networks ( JNPR ) has announced a partnership with VeriSign, Inc. ( VRSN ) to provide hybrid cloud-based security services. The combined solution can manage and protect against Distributed Denial of Service (DDoS) attacks and at the same time connect public and private clouds securely. Read more:
Arbor Unveils a Network Security 'DVR'(Light Reading) Network attacks may be increasingly inevitable, but 83% of enterprises say they are unprepared for them, according to new research from Arbor Networks
Check Point Sandboxing Technology Tops Zero-Day Malware Block Rates(Consumer Electronics Net) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the worldwide leader in securing the Internet, today announced that Check Point Threat Emulation Service, which protects organizations against new, unknown and targeted attacks before they infect a network, has the highest catch rate of malicious files. In recent benchmark testing, 600 malicious files were scanned through Check Point Threat Emulation and other competitive products. The results found that Check Point outperformed all of the others in this test, with a malicious file catch rate of 99.83%. The other competitive products detected an average of 53% of the files as malicious, with the highest competitor's catch rate at 75%
Review: KnowBe4 Compliance Manager(eSecurity Planet) While KnowBe4 Compliance Manager does not makes tasks associated with regulatory compliance enjoyable, reviewer Matt Sarrel finds the software does make them less onerous
Damballa and ForeScout Partner on Threat Protection(SecurityWeek) Damballa, a provider of threat protection and containment solutions, and ForeScout Technologies, a provider of network security solutions, have teamed up in an effort to enhance visibility and automate remediation of advanced threats within enterprise networks
The Pentagon Spent $2.7 Billion on an Intelligence System That Doesn't Work(The Wire) Here's another item for the (long) list of spectacular waste in the Pentagon's budget: a $2.7-billion intelligence program that's supposed to help Army troops on the ground collect and use intelligence on enemy fighters. It sounds like a good idea, but the thing is, the Army's Distributed Common Ground System doesn't actually do that, according to report from Foreign Policy. The article cites an internal assessment of the DCGS's effectiveness, long requested by Congress but kept under wraps by the Pentagon for eight months. Probably because they didn't feel like talking about such a spectacular failure
Technologies, Techniques, and Standards
Stop Targeted Attackers(Dark Reading) All cyber-attackers aren't equal. Focus more attention on exploits made just for you
How do you know if an RNG is working?(A Few Thoughts on Crytographic Engineering) No matter how much cryptographers accomplish, we're always building on a questionable foundation. Last week, Edward Snowden spoke to a packed crowd at SXSW about the many problems (and limited solutions) facing those of us who want to keep our communications private. Snowden said a number of things — including a shout out to Moxie's company Whisper Systems, who certainly deserve it
Where will XP stalwarts go after the end of Windows XP support?(TechTarget) The end of official Windows XP support is not all bad news. Microsoft plans to provide signature updates for its anti-malware application for another year or so. But support for the operating system itself is going away, and enterprise desktops running it could be at significant risk. Yet budgets, timelines and legacy programs leave some organizations with little choice but to continue to support XP. If that's the case for your environment, you can take a number of steps to help mitigate at least some of the looming threats
XORSearch: Finding Embedded Executables(Didier Stevens) Someone mentioned on a forum that he found a picture with an embedded, XORed executable. You can easily identify such embedded executables by xorsearching for the string "This program must be run under Win32". But if the author or compiler modifies this DOS-stub string, you will not find it
Design and Innovation
War is a Video Game, and We're Losing(War on the Rocks) It is often said that the rise of military robotics and cyber warfare is turning war into a "videogame." But this thesis—which blames technology for a supposed loss of moral seriousness about war—gets the causation wrong. It isn't bloodless technology that really makes war videogame-like. Rather, videogames are simple and deterministic in that they mirror the ways a cross-section of national security experts think about war. It seems that as hard as we try to be treat war as "tragic, inefficient, and uncertain," we end up getting our military analysis from the same mental place that's engaged by a shopping trip to GameSpot. We might as well use this to our advantage by diversifying our unconscious war(games) rather than playing the same titles over and over again
UAE ponders how to have big data, without big problems(The National) With one of the highest adoption rates of smartphones on the planet, the UAE is at the forefront of the global push to become a "smart nation" in which online technology is integrated into everyday life. But as the Emirates Centre for Strategic Studies and Research's annual conference heard this week, the dawning era of big data warrants care and supervision to ensure the intended benefits do not come at the price of sacrificing reasonable expectations of privacy
Espionnage : comment Orange et les services secrets coopèrent(Le Monde) On apprend souvent davantage de choses sur soi par des gens qui n'appartiennent pas à votre famille. Les Britanniques, un peu malgré eux, viennent de nous éclairer sur les liens hautement confidentiels qui existent entre les services secrets français, la Direction générale de la sécurité extérieure (DGSE) et l'opérateur historique de télécommunication France Télécom, qui a pris le nom d'Orange en février 2012
Google CEO Calls NSA Spying 'Disappointing'(Bloomberg) Google Inc. (GOOG) Chief Executive Officer Larry Page criticized the National Security Agency's surveillance activities, calling for limits on what the U.S. government can do. "It's tremendously disappointing that our government did this and didn't tell us," Page said during a presentation at a TED technology and design conference in Vancouver. "We need to know what the parameters of this are"
NRF: 4 lies about data security(FierceRetailIT) What if a government agency held hearings on fraud protection and data security, prompted by recent data breaches at national retailers, and failed to invite a single retailer
Class Action Suit Filed in L.A. Breach(HealthCareInfoSecurity) A class action lawsuit has been filed against Los Angeles County and a vendor that handles patient billing and payment collections for the county's departments of health services and public health in the wake of a breach last month affecting 168,500 individuals
Suits and Spooks Singapore(, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate...
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Cyber Security for Energy & Utilities(, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the...
Fourth Annual China Defense and Security Conference(Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...
Veritas 2014(, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the...
Black Hat Asia(, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
Cyber Security Management for Oil and Gas(, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
Cyber Saturdays(Laurel, Maryland, USA, March 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
Interop Conference(, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
NSA Hawaii(, January 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by...
InfoSec World Conference & Expo 2014(, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
IT Security Entrepreneurs Forum (ITSEF) 2014(, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community...
Women in Cybersecurity Conference(Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
Suits and Spooks San Francisco(, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...
East Africa Banking and ICT Summit(Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...
InfoSecIndy(Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
Infosecurity Europe 2014(, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.