FireEye, which knows a thing or two about PLA cyber operations, backs the US indictment of Chinese cyber operators: among other indicators, the attackers' operational routine is entirely consistent with the rhythms of the Shanghai office workers exposed in APT 1. Vice News offers an interesting rundown of the episode's implications (read past the headline: "MIDLIFE" is a mechanically punning acronym). The US shows no inclination to back down from this confrontation with China as the two countries swap (so far relatively mild) trade and diplomatic jabs.
The eBay data breach has widespread effect, with some 145 million records exposed, and appears likely to join the Target breach in security folklore. Observers criticize the company's handling of customer notification, the ease or lack thereof of password resets, and the phishing capers the notification seems to have spawned. Questions about encryption are also raised, and eBay hastens to reassure customers that their passwords were also protected by "proprietary hashing and salting technology."
Long-known Internet Explorer 8 vulnerabilities remain open. Microsoft says it's working on a patch (but no release date is given). Do patch where fixes are available: a closed Word vulnerability is still being exploited in the wild.
Apple patches Safari with version 7.0.4. PayPal fixes a merchant account-hijacking bug. SourceForge undertakes a preventive, proactive password reset.
In industry news, Thales may be eying acquisition of Alcatel-Lucent's cyber business.
Legislation restricting bulk collection passes the US House to cold reviews.
A redacted report on Snowden's ("staggering," "grave") leaks is declassified.
Today's issue includes events affecting Australia, Canada, China, European Union, France, Jordan, Oman, Pakistan, Palestinian Territories, Russia, Syria, Taiwain, Thailand, United Arab Emirates, United Kingdom, United States..
we'll be taking the day off Monday in observance of Memorial Day. The CyberWire will resume normal publication on Tuesday, May 27.
Dateline Georgetown University Cybersecurity Law Institute
Mueller: Cyber experts need offline investigative skills(FCW) Robert Mueller said cybercrime investigators must be able to take the fight beyond cyberspace. Former FBI director Robert Mueller put in a good word for his old agency's improving cybercrime and cybersecurity workforce development, even as the federal government is ramping up efforts to recruit and train qualified personnel
DHS official: Heartbleed has had 'minimal' impact on federal government(FierceGovernmentIT) Due to hard work and improved coordination throughout the federal government, the impact of the Heartbleed bug on the dot-gov domain has been minimal, said Larry Zelvin, director of the National Cybersecurity and Communications Integration Center within the Homeland Security Department's National Protection and Programs Directorate
Chinese Cyber Attacks Trigger US MIDLIFE Crisis(Vice News) On Monday, the US Department of Justice (DoJ) indicted five members of the Chinese military for "cyber espionage against US corporations and a labor organization for commercial advantage," setting off a flurry of chatter, indictments, recriminations, and polemics covering just about everything under the sun. The most interesting part about all this is that it's a phenomenal example of a MIDLIFE crisis
Syrian SRS hackers Hacks King Abdullah of Jordan website in support of Syrian Refugees(HackRead) A group of Syrian hackers going with the handle of Syrian Revolution Soldiers (SRS) has hacked and defaced six high profile government websites of Kingdom of Jordan for not paying proper attention to the Syrian refugees. The targeted websites belong to King Hussein 1, Ministry of Planning and International Cooperation, Land Transport Regulatory Commission, Jordan Deposit Insurance
Reactions to the eBay breach(Help Net Security) A database containing eBay customers' name, encrypted password, email address, physical address, phone number and date of birth was compromised. Here are some of the comments we received
Beware #BringBackOurGirls email scammers(Graham Cluley) Last month, more than 200 innocent schoolgirls were seized in the north-eastern Nigerian state of Borno. To this day, many of them are believed to still be being held captive by members of the Boko Haram group
Adobe Shockwave Lugging Around Hobbled, Vulnerable Version of Flash(Threatpost) It's bad enough that the Flash runtime bundled with Adobe's Shockwave player is deficient in security patches going back to January 2013, but what's worse is that the increased attack surface provided by Shockwave might make it easier to exploit. And, in the bargain, Adobe has known about the issue since October 2010
Bulletproof servers foil botnet/malware takedowns(SC Magazine) Check Point security innovations manager Tomer Teller says that the last two botnet/malware hosting operations his team worked with — in cooperation with the FBI and other parties — failed due to the use of bullet-proof hosting facilities by the cyber-criminal gangs concerned
XML Schema, DTD, and Entity Attacks(Virtual Security Research via Packetstorm) The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well
SNMP DDoS Attacks Spike(Dark Reading) Akamai issues threat advisory on attack campaign that uses Team Poison-developed DDoS toolkit
A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services(Webroot Threat Blog) Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious 'know-how', further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we've been emphasizing on the over-supply of compromised/stolen accounting data
Internet of Things (IOT): Seven enterprise risks to consider(TechTarget) The day when virtually every electronic device — from phones and cars to refrigerators and light switches — will be connected to the Internet is not far away. The number of Internet-connected devices is growing rapidly and is expected to reach 50 billion by 2020
New Terrorism and New Media(Wilson Center) On the evening of March 1, 2011, Arid Uka, an Albanian Muslim living in Germany, was online looking at YouTube videos. Like many before him, he watched a jihadist video that presented the gruesome rape of a Muslim woman by US soldiers—a clip edited and posted on YouTube for jihadi propaganda purposes. Within hours of watching the video, Arid Uka boarded a bus at Frankfurt Airport, where he killed two US servicemen and wounded two others with a handgun
Security Patches, Mitigations, and Software Updates
PayPal fixes merchant account hijacking bug(Help Net Security) Well-known and prolific bug hunter Mark Litchfield has unearthed a pretty big flaw in PayPal Manager, which would allow attackers to hijack a merchants' account by changing their password, and consequently have access to their and their customers' personal information as well as being able to place orders from it
Microsoft Working on Patch for IE 8 Zero Day(Threatpost) Microsoft officials say they're well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there's no stated timeline for releasing that patch
Cybersecurity Goes Collaborative(PYMNTS) The aftermath of the recent major retailer breaches has led to a collaborative initiative that involves both private- and public-sector organizations working to create best practices and to share information to help improve retail-systems security
Vendors getting mixed messages on cybersecurity(FCW) Initiatives to help industry and government codify compatible cybersecurity requirements and capabilities are yielding some results, but acquisition experts say those plans have clouded federal cybersecurity acquisition efforts
ForeScout CounterACT Wins Gold in 2014 Govies Government Security Awards(MarketWatch) ForeScout Technologies , Inc., a leading provider of pervasive network security solutions for Fortune 2000 enterprises and government organizations, today announced its CounterACT™ platform has received gold status in the Network Security category of the 2014 Govies Government Security Awards competition
Free App Lets the Next Snowden Send Big Files Securely and Anonymously(Wired) When Glenn Greenwald discovered last year that some of the NSA documents he'd received from Edward Snowden had been corrupted, he needed to retrieve copies from fellow journalist Laura Poitras in Berlin. They decided the safest way to transfer the sizable cache was to use a USB drive carried by hand to Greenwald's home in Brazil. As a result, Greenwald's partner David Miranda was detained at Heathrow, searched, and questioned for nine hours
Malware detection in the user profile directory(TechTarget) While looking through RSA's Blueprint report, I noticed that it advises security teams to look through user profile directories for what they call "atypical location" installs. What do they mean by atypical locations, and why are malware authors presumably taking advantage of user profile directories for their malicious activities?
One of these defense projects could become bigger than the internet(Quartz) Forty years ago, a group of researchers with military money set out to test the wacky idea of making computers talk to one another in a new way, using digital information packets that could be traded among multiple machines rather than telephonic, point-to-point circuit relays. The project, called ARPANET, went on to fundamentally change life on Earth under its more common name, the Internet
Darpa Is Weaponizing Oculus Rift for Cyberwar(Wired) For the last two years, Darpa has been working to make waging cyberwar as easy as playing a video game. Now, like so many other games, it's about to get a lot more in-your-face
Discoveries By UNH Cyber Researchers Put Young Program In Tech Spotlight(The Courant) A group of "white hat" computer hackers at the University of New Haven uncovered security holes in two commonly used free texting apps this semester, briefly making them the toast of the worldwide tech media and providing welcome exposure for their nascent cyber forensics program
Q & A: Adam Segal on China, Cyberspies and the Moral High Ground(New York Times) This week, the United States took its most aggressive step yet in trying to curb what it calls Chinese state-sponsored hacking attacks aimed at stealing trade secrets from American corporations. The Justice Department on Monday announced an indictment against five members of the People's Liberation Army accused of corporate cyberespionage. United States officials say the five men belong to Unit 61398, which operates out of an office tower on the outskirts of Shanghai
Spy charges expose US cyber hegemonic mentality(Xinhua via the Pakistan Observer) The United States has indulged in its cyber hegemony mentality again as it filed ungrounded commercial cyber espionage charges against five Chinese military officers
NSA's John DeLong on Privacy Compliance(IC on the Record) The National Security Agency this week granted FedScoop an exclusive interview with John DeLong, the agency's director of compliance. I sat down with DeLong at the National Cryptologic Museum across from NSA headquarters, and he agreed to a wide-ranging discussion of what his office does at NSA and the lengths to which NSA goes to ensure it operates within the confines of the law
DHS: Lack of cyber law caused 'unnecessary delays' in Heartbleed response(Federal Times) The U.S government was forced to act quickly to fix the Heartbleed vulnerability that compromised hundreds of thousands of websites last month, but Homeland Security Department officials say that Congress' failure to pass cybersecurity legislation slowed their ability to respond to the weakness
Thailand's coup d'état has a social media blindspot(Quartz) When the Thai military declared a coup d'état yesterday, one of its first moves was to shut down the country's TV broadcasters. But Thais are among the world's most enthusiastic social media users, so many its citizens simply shrugged at the blackout, picked up their smartphones, and turned to Twitter, Facebook, and Instagram to discuss the latest military intervention—the second in eight years, and the 12th since the country ended its absolute monarchy in 1932
What does GCHQ know about our devices that we don't?(Privacy International) While the initial disclosures by Edward Snowden revealed how US authorities are conducting mass surveillance on the world's communications, further reporting by the Guardian newspaper uncovered that UK intelligence services were just as involved in this global spying apparatus. Faced with the prospect of further public scrutiny and accountability, the UK Government gave the Guardian newspaper an ultimatum: hand over the classified documents or destroy them
Litigation, Investigation, and Law Enforcement
FBI head: Cyber crime posing 'enormous challenge'(AP via Adirondack Daily Enterprise) Law enforcement faces an "enormous challenge" in preventing state-sponsored cyber crimes, FBI Director James Comey said Wednesday, days after the Justice Department announced charges against five Chinese military officials accused of hacking into American companies to steal trade secrets
SpyEye-using Cybercriminal Arrested in Britain(Trend Micro) We've recently seen multiple arrests and take downs of cybercriminals and their infrastructure. Here is another one to add up. Law Enforcement in England has arrested and prosecuted a cybercriminal called Jam3s in cooperation with Trend Micro. His real identity is James Bayliss. James ran some SpyEye command-and-control servers and also coded a SpyEye plugin named ccgrabber. More than four years after the investigation started, this cybercriminal has been successfully prosecuted
AFP arrests man over Melbourne IT hack(IT News) Police nab two alleged 'Anonymous' members. The Australian Federal Police has arrested two men over an alleged hacking campaign which targeted local corporate and government websites, one of whom the agency claims was involved in the 2012 attack on domain name registrar Melbourne IT
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
3 Day Startup(San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed...
How the SBIR/STTR Program Can Help Grow Your Business(Halethorp, Maryland, USA, May 27, 2014) The SBIR/STTR programs promote small business innovation and profitability while simultaneously meeting the government's research and development needs. Every year, small businesses receive millions of...
AFCEA DC Chapter 5th Annual Cybersecurity Symposium(Washington, DC, USA, May 28, 2014) 5th Annual Cybersecurity Symposium featuring Government Keynotes and "Latest and Greatest" Information on Cyber Trends, Initiatives, Threats & more. This event attracts upwards of 800 folks annually. Break-out...
Maryland Cybersecurity Roundtable(Hanover, Maryland, USA, May 29, 2014) U.S. Senator Barbara A. Mikulski and Governor Martin O'Malley will launch the Maryland Cybersecurity Roundtable on Thursday, May 29, at 1:30 p.m., at The Hotel at Arundel Preserve, Hanover, Md. They'll...
The Device Developers' Conference: Manchester(Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
Cyber Security Summit(Huntsville, Alabama, USA, June 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center.
The 2014 Cyber Security Summit (DC Metro)(Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible...
The Device Developers' Conference: Scotland(Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...
AFCEA Presents: Insider Threat to Small Business(Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their...
Cyber 5.0 Conference(Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.