The Estonian Foreign Ministry has come under cyber attack: no official attribution, yet. Intelligence analysts speculate on Russia's next moves after Crimea, and unsurprisingly cyber campaigns (cheap, deniable, low-risk) figure prominently among the likely options they present.
Another Syrian Electronic Army phishing expedition against Microsoft is disclosed.
GovInfoSecurity continues its informative series on the sad disappearance of Malaysian Flight 370. The publication points out issues the inquiry shares with cyber investigations: insider threats, deletion of key data, difficulty of sharing potentially crucial information, and possible supply chain corruption. Obviously these don't explain (yet) the aircraft's disappearance, but they do raise challenges familiar to cyber security practitioners.
The BlackOS malware management kit is for sale on the black market, fetching $3800 for an annual subscription.
Al Qaeda's magazine "Inspire" throws upstate New York into high dudgeon as helpful jihadists point out that Buffalo is an attractive cyber (and kinetic) target. To the northwest, Manitoba fears cyber attacks on hydropower. Power grids would be high-payoff cyber targets on both sides of the US-Canadian border.
Observers doubt banks are fully prepared for Windows XP's afterlife.
Ponemon finds cyber risks to the health care system. Cyber testing of the US Indian Health System affords corroboration.
Following disappointing financials, Symantec's CEO is out.
Hacker code-sharing site Full-Disclosure is gone, a casualty of data-overload and litigation threat.
France's DGSE may have been spying on Canada. (And not only did they probe les cousins, but they hid behind Babar to do so.)
Turkey clamps down on Twitter.
Today's issue includes events affecting Bulgaria, Canada, Estonia, France, Ireland, New Zealand, Russia, Syria, Turkey, United Kingdom, United States..
Flight 370 Investigation: Cyber Ties(GovInfoSecurity) The investigation of the disappearance of Malaysian Flight 370 is raising issues that are very similar to those considered in cybersecurity cases: the insider threat, deleting potentially key data from a computer, failure to share critical information and even corruption of the supply chain
Operation Windigo botnet has infected 25,000 servers in the last two years(Tech Spot) Security researchers from antivirus provider ESET on Tuesday announced a massive cyber attack that has managed to take control of at least 25,000 Linux/Unix servers over the last two years. The infected servers are used to steal credentials, send spam, and redirect web traffic to malicious web pages
Sneaky "pileup" malware can exploit Android upgrades, researchers say(CITE World) If you've read a lot recently about the dangers of granting excessive permissions to mobile apps, you know that apps asking unnecessarily for personal information and control over device functions are best avoided — or at least managed with tools you can download
Android Custom Permissions Leak User Data(TrendLabs Security Intelligence Blog) A key part of Anrdoid's access control policies are permissions. To access certain resources on an Android device, applications need to request and be granted specific permissions. However, beyond those permissions specified by the operations system, an app can define its own customized permissions. Generally, this is done to protect an app's own functions or data
Hackers turning to Tor network to hide evolved malware, warns Kaspersky Lab(V3) Criminals plan to release a fresh wave of advanced cyber attack campaigns using the anonymising Tor network, according to Kaspersky Lab. Kaspersky Lab senior security researcher Sergey Lozhkin issued the warning during a webinar attended by V3, citing the recently discovered ChewBacca and evolved Zeus Tor malware as proof of their claim
Al-Qaida magazine cites weakness of Buffalo Niagara region(The Buffalo News) First the New York Times took notice of Buffalo's great architecture. Then Forbes magazine ranked the city as the nation's most affordable. And now Buffalo Niagara has garnered some worldwide media attention — in Inspire, the magazine of al-Qaida in the Arabian Peninsula. Inspire, which is not nearly as elegantly written as the New York Times or Forbes, tells us in its most recent issue that America's anti-terror strategy is "failing and fruitless" — and then goes on to say, in essence, that the Buffalo Niagara region isn't prepared for an attack
End of XP Support: Are Banks Really Ready?(BankInfoSecurity) Banking institutions should be taking specific steps to prepare for Microsoft's dropping of support next month for the Windows XP operating system, banking regulators have warned. But industry experts disagree on whether the zero-day vulnerabilities and other risks related to XP's demise should be a major concern
Univ. of Maryland victim of another cyber attack(WJLA TV ABC 7 News) Anne G. Wylie, UMD's interim vice-president and chair of the president's newly-formed task force on cybersecurity, sent a letter to faculty Thursday reporting that a "cyber intrusion into the university's network" was detected this past Saturday morning, March 15
Security Patches, Mitigations, and Software Updates
Cisco AsyncOS Patch(Internet Storm Center) Cisco released a patch for AsyncOS, the operating system used in its E-Mail Security Appliance (ESA) and Security Management Appliance (SMA)
Ponemon Institute: Healthcare Industry Vulnerable to Cyber Attacks(Money News) Most healthcare organizations let their employees use their smartphones and tablets to connect to medical networks without installing virus or malware protection amid a 100 percent increase in cyber attacks since 2010, a new Ponemon Institute Patient Privacy and Data Security study finds
A "Tale of Two Cities" — where are the insurance companies?(Control Global) According to an article in BBC, underwriters at Lloyds' of London say they have seen a "huge increase" in demand for cover from energy firms. But surveyor assessments of the cyber-defenses in place concluded the cyber defenses were inadequate. "In the last year or so we have seen a huge increase in demand from energy and utility companies," said Laila Khudari, an underwriter at the Kiln Syndicate, which offers cover via Lloyd's of London
Big Data Reaches Inflection Point(InformationWeek) Enterprises see the light on big data opportunities. It's only a matter of time before mainstream data-management environments evolve
Big data vs. crowdsourcing: What's the future?(ITProPortal) Big data analytics has been recently touted in the media as the revolutionary technology of the 21st Century. According to enraptured journalists and the vendors of big data solutions, a new age is awaiting us, an age where everything is known, analysed and acted upon, a world where big data knows us better than we know ourselves
Symantec fires CEO, shares plunge(CNN Money) Security giant Symantec fired its president and CEO Steve Bennett Thursday, sending shares plunging 7% in after-hours trading. Symantec's (SYMC, Fortune 500) board announced that company director Michael Brown will replace Bennett on an interim basis until a permanent replacement is hired
Unified Threat Management Was Main Driver of the EMEA Security Appliance Market in 2013(FierceITSecurity) According to the International Data Corporation (IDC) Europe, Middle East and Africa Quarterly Security Appliance Tracker, 4Q14 vendor revenue for the EMEA security appliance market reached $688.5 million, a 0.4% decrease over the same quarter a year ago. Shipments declined by 8.7% year on year with 185,019 units shipped. For 2013, the security appliance market vendor revenue totalled about $2.5 billion, representing a 2.4% increase over 2012
GSA Taps Metrica-Led Venture to Build Federal Cyber Dashboard(GovConWire) The General Services Administration has awarded a Metrica-led industry team with a $47.3 million contract to develop a government-wide dashboard for tracking and reporting cyber vulnerabilities, Federal News Radio reported Thursday
BT, IBM, Capgemini to offer cyber security apprenticeships(Computing) Cyber security apprenticeships will be offered by organisations including BT, IBM, Capgemini and Atos as part of a programme set up by skills body e-skills UK. Defence and security firms Cassidian and QinetiQ, and other small businesses specialising in cyber security, are also taking part in the initiative, which should see more than 100 apprentice positions filled by this summer
Missing Perspective on the Closure of the Full-Disclosure Mail List(OSVDB) This morning I woke to the news that the Full-Disclosure mail list was closing its doors. Assuming this is not a hoax (dangerously close to April 1st) and not spoofed mail that somehow got through, there seems to be perspective missing on the importance of this event. Via Facebook posts and Twitter I see casual disappointment, insults that the list was low signal to noise, and that many had stopped reading it a while back. I don't begrudge the last comment one bit
Product pitch: DigiCert Certificate Inspector(Help Net Security) SSL Certificates serve as the security backbone of the internet, securing billions of interactions annually. Yet, too often, system administrators fail to properly configure and install certificates, unknowingly leaving open vulnerabilities
Indian Health Service systems hacked in mock cyber attack(FierceHealthIT) The 28-hospital Indian Health Service—a U.S. Department of Health & Human Services agency that provides healthcare to Native American and Alaskan Natives—failed a mock cyber attack carried out by the HHS Office of Inspector General, according to a report
Penetration Test of the Indian Health Service's Computer Network(Office of the Inspector General, US Department of Health and Human Services) This report provides an overview of the results of our penetration test of the Indian Health Service's (IHS) computer network. It does not include specific details of the vulnerabilities that we identified due to the sensitive nature of the information. We have provided more detailed information and recommendations to IHS so that it can address the issues we identified
Understanding Security Through Probability(Cisco Blogs) Security is all about probability. There is a certain probability that something bad will happen to your networks or your systems over the next 24 hours. Hoping that nothing bad will happen is unlikely to change that probability. Investing in security solutions will probably reduce the chance of something bad happening, but by how much? And where should resources be most profitably directed
Target Breach: Missed Alarms … and Missed Perspectives(ThreatGeek) On March 14th, Bloomberg BusinessWeek published a lengthy article entitled, "Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It". The article highlighted the fact that Target had purchased $1.6M in FireEye advanced threat defense gear that had indeed detected two related pieces of malware on the Target network, but that Target had failed to respond to the alerts issued by the MSSP in Bangalore that was monitoring the equipment
Risks and opportunities of personal data, privacy, and trust(Help Net Security) The increased number of stories on data breaches in the news today has many implications, for consumers it's an increased risk of financial loss, identity theft and personal privacy erosion. For business its loss of customer trust and a drop in revenue
Apple users: Try these five tips for better Mac security(Naked Security) Security for Macs is often a hotly-debated topic, perhaps because Apple has a reputation for security that is based more on a brand promise than reality. Don't panic. Here are five simple tips to help you get serious about security on OS X
Legislation, Policy, and Regulation
Orange Gives All Of Its Data To France's NSA(TechCrunch) Orange and France's main intelligence agency (the DGSE) have been cooperating illegally for years. According to a newly found report by Edward Snowden and Le Monde's investigation, the DGSE has had access to all of Orange's data (not just metadata) for years
La France suspectée de cyberespionnage(Le Monde) La posture de victime affichée par la France depuis les révélations sur les activités de la NSA à son encontre risque d'être de moins en moins crédible
Twitter Goes Dark In Turkey Hours After The Country's PM Threatened To "Wipe Out" The Service(TechCrunch) After the Turkish Prime Minister Tayyip Erdoğan promised that he would "wipe out" Twitter after it apparently ignored court orders asking the site to remove certain corruption allegations, the service has gone dark in the country. The situation is developing: a site that lets the public track decisions made by the courts over Internet communications indicates that today the
Why Is Turkey Blocking Twitter?(Electronic Frontier Foundation) "Twitter and so on, we will root them out. The international community can say this or that — I don't care. They will see the power of the Turkish Republic"
'US not waging industrial espionage'(AAP via SBS) The US says the goal of gathering data on companies or economic intelligence is "to support national security interests" and "not to try to help Boeing"
Snowden Disclosures and Norms of Cyber-Attacks(Lawfare) Secrecy—of the sort that typically shrouds cyber-defense and cyber-attack capabilities and doctrine—complicates the development of international norms. Secrecy makes it difficult to engage in sustained diplomacy about rules. Officials can talk about them at high levels of generality, but can't get very specific, and it's therefore hard to reach agreement. Secrecy makes it difficult to verify commitments or demonstrate compliance. Perceived distance between mere words and true actions may be large amid high degrees of secrecy
Counsel: Senate intel panel 'close' on cybersecurity information-sharing bill(Inside Cybersecurity) The leaders of the Senate Select Committee on Intelligence are "close" to reaching agreement on a cybersecurity information-sharing bill with liability protection for industry that is designed to win the support of 60 or more senators, according to Jack Livingston, the panel's minority counsel
Bipartisan Policy Committee Report on Cyber Security of the Electric Grid — What's Missing(Control Global) I reviewed the Bipartisan Policy report and then had a chance to meet with one of the project leads to discuss some of my concerns. I will address the big picture policy issues as they continue to recur in almost all industries and industrial organizations (there is a reason I am giving a lecture on control system cyber security at West Point next month)
DoD still hesitant about mobile devices(C4ISR & Networks) The Defense Information Systems Agency's work with other Defense Department components to develop an enterprise-wide mobile device network could help address longstanding concerns about mobile devices, according to Daniel Risacher, associate director of enterprise services and integration at DoD
U.S. Mulling Big Data Policy(GovInfoSecurity) The Obama administration is in the midst of a four-week effort to get the public to chime in on policies the federal government could develop regarding the privacy and security of big data
US Drug Enforcement Administration helps Bulgaria build cyber security system (Standart) The US Drug Enforcement Administration (DEA) will support us in the development of a full-scale cyber security system, it emerged after Deputy PM Tsvetlin Iovchev met with Alejandro Mayorkas, Deputy Secretary of the United States Department of Homeland Security, and Secret Service director Julia Pearson, the MI reported
Emergency Hearing on NSA Data Destruction(Courthouse News Service) At an emergency hearing Wednesday, opponents of the National Security Agency's telephone surveillance program will demand preservation of collected telephone metadata for discovery
NSA Official: Keeping Americans' Phone Records Could Jeopardize National Security(Foreign Policy) A federal judge has ordered the National Security Agency to indefinitely hold onto the phone records of hundreds of millions of Americans in a massive database that civil liberties groups have long wanted to destroy and that's been at the center of a legal controversy for months. But in a bizarre twist, the NSA itself now says keeping the phone records will impose a heavy toll on the agency and will ultimately distract the NSA from its national security mission
Microsoft Will Now Deploy Two Legal Teams, Outside Former Federal Judge To Approve User-Data Searches(TechCrunch) Following a court document revealing that Microsoft read the email of a third-party blogger to uncover an internal leak, the company this evening announced a policy change, effective immediately, regarding how it searches user data that is part of its own network of services. Noting that it couldn't, in its view, get a court order to search itself as none is needed, it will instead add layers of
Google's Widespread Wiretapping Could Have Snowden-esque Repercussions(Precursor Blog) A shocking new legal fact set recently came together in public as a result of a Gmail wiretapping case, Fread v. Google. Revelations of Google's secret widespread wiretapping of hundreds of millions of people over the last three years, using a NSA-PRISM-like device called "Content One Box" could have Snowden-esque repercussions
Using Contract Provisions to Mitigate Potential Damage from Cyber Attacks(Cyveillance) Law Seminars International hosted a thought-provoking teleconference event last week on "Contractual Protections for Cyber Attacks." While most information security presentations emphasize technology solutions, this one focused on the legal aspects of cyber attacks for attorneys, risk management professionals, contract professionals, and lawyers, and specifically, on the importance of updating contracts to protect your business
Weev Needs To Walk(TechCrunch) Andrew "Weev" Auernheimer is a troll, but he's not a criminal. This is clear. In his recent appearance in federal appellate court in Philadelphia, the ignorance surrounding his actions and the lack of proof that they are a felony, even according to the wide-open standards of the Computer Fraud and Abuse Act, makes it clear that the defendant should walk
Report: California top target of cyber-gangs(AP via the Detroit News) International criminal enterprises follow the money, and a report being released Thursday says they are increasingly focusing on California because of its wealth and innovation
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
MCT-Congress: Going Mobile with Clinical Trials(Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...
Fourth Annual China Defense and Security Conference(Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...
SEC Cybersecurity Roundtable(Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...
ISSA Colorado Springs — Cyber Focus Day(Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax...
CyberBiz Summit(Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday,...
Cyber Saturdays(Laurel, Maryland, USA, March 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming...
SyScan 2014(Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.