Investigation into what many consider a Russian campaign against Western (especially US) utilities continues. Reports suggest that the US Department of Homeland Security is quietly consulting with the energy sector concerning the campaign — whatever else may be happening, US-CERT did issue clear and direct warnings concerning BlackEnergy malware. Some observers see (slightly implausibly) wheels within wheels and speculate that the recent compromise of White House networks may have been misdirection for the energy sector campaign. Others content themselves with noting, again, how difficult attribution of cyber attacks can be.
The Dyre/Dyreza banking Trojan's successes are giving it a strong tailwind in the criminal economy. Swiss bank accounts are being targeted, and reports from Pittsburgh suggest that US infestations are cropping up in Western Pennsylvania.
Fortinet reports a new version — stealthier and more resistant to analysis — of the Backoff point-of-sale malware (its internal name is "ROM;" no researcher-assigned label yet).
Krebs warns that rewards programs are increasingly under attack, and illustrates the trend with an account of fraud against Hilton Honors loyalty accounts.
A researcher with Truesec claims he's discovered a serious privilege-escalation vulnerability in OS X Yosemite.
Sony PlayStation user data may be at risk of compromise through an SQL injection flaw.
Dr. Web says it's found an Android dialer that's both insidious and resistant to removal.
Researchers at Ben Gurion University demonstrate "AirHopper," an exploit that compromises air-gapped systems.
Retrospectives look at Stuxnet and the vulnerabilities that lent themselves to its dissemination.
Swatting is back, apparently for the lulz.
Today's issue includes events affecting Australia, Brazil, Canada, China, Germany, Israel, Mexico, Portugal, Russia, Singapore, Sweden, Switzerland, Taiwan, United Arab Emirates, United Kingdom, United States.
The CyberWire will cover the National Initiative for Cybersecurity Education Conference and Expo, with special issues on November 5, 6, and 7.
Russian BlackEnergy Malware Story Hidden by White House Breach(IT Business Edge) It was announced yesterday that White House computers were hacked, most likely by Russian hackers. White House officials have stated that it was non-classified computers that were attacked and there is no cause for alarm. As Government Technology pointed out, staffers were given the typical "change your password" advice, and little else
The White House got hacked; are you next?(TechTarget) Russian-backed hackers could be at it again, this time targeting the White House. Experts advise businesses take a page from the hackers and get organized
Dyre malware targeting Swiss bank customers(Help Net Security) The Dyre/Dyreza banking Trojan has lately become very popular with cyber criminals — so much so that the US-CERT has issued an alert warning about the danger
ROM — A New Version of the Backoff PoS Malware(Fortinet Blog) A few months have passed since the release of the "Backoff" point-of-sale (PoS) malware advisory, but Backoff and other PoS malware continue to be an active threat as businesses keep reporting data breaches and the compromise of their customers' financial information
Thieves Cash Out Rewards, Points Accounts(KrebsOnSecurity) A number of readers have complained recently about having their Hilton Honors loyalty accounts emptied by cybercrooks. This type of fraud often catches consumers off-guard, but the truth is that the recent spike in fraud against Hilton Honors members is part of a larger trend that's been worsening for years as more companies offer rewards programs
Android dialer hides, resists attempts to remove it(Help Net Security) A malicious dialler disguised as an application for adults could become a big problem for Android users, as the malware systematically removes traces of itself from the phone and makes deinstallation impossible through normal means, Dr. Web researchers warn
Why malvertising could be your business number one problem(IT Pro Portal) Internet advertising spend now outpaces all other forms of media. In the UK only, digital will make up almost 50 per cent of the total ad spend and it will be worth £13.9bn this year according to GroupM, WPP's media buying arm. With numbers like that, it's no surprise that cyber attackers are also turning their heads towards internet advertising
GroupMe Vulnerability: Full Account Takeover(Breaking Bits) GroupMe is a popular cross platform group messaging client for Android and iOS. A critical vulnerability related to mobile phone SMS verification in the iOS application (version <= 4.4.4) allowed for account takeover provided you knew your target's phone number (that is, the phone number connected to their GroupMe account). Knowing just the phone number, you could take over their account entirely while simultaneously resetting their password and email address
Hack an Isolated Computer — No Internet Connection Required(Ethical Hacking) A proof-of-concept idea, which allows a person to send and receive data from a machine that has been kept completely isolated from the internet has been developed by researchers at the Ben Gurion University in Israel. This technique sends information from the machine to a mobile device, specially set up for this activity and later transfers that data to the outside world using normal modes of communications like internet/sms etc
How Attackers Can Use Radio Signals and Mobile Phones to Steal Protected Data(Wired) Computers housing the world's most sensitive data are usually "air-gapped" or isolated from the internet. They're also not connected to other systems that are internet-connected, and their Bluetooth feature is disabled, too. Sometimes, workers are not even allowed to bring mobile phones within range of the computers. All of this is done to keep important data out of the hands of remote hackers
An Unprecedented Look at Stuxnet, the World's First Digital Weapon(Wired) In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery — apparently as much to the Iranian technicians replacing the centrifuges as to the inspectors observing them
CVE-2014-4115 Analysis: Malicious USB Disks Allow For Possible Whole System Control(TrendLabs Security Intelligence Blog) One of the bulletins that was part of the October 2014 Patch Tuesday cycle was MS14-063 which fixed a vulnerability in the FAT32 disk partition driver that could allow for an attacker to gain administrator rights on affected systems, with only a USB disk with a specially modified file system. This vulnerability as also designated as CVE-2014-4115
Bulletin (SB14-307) Vulnerability Summary for the Week of October 27, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Most Users Don't Use Windows Update Properly: Report(Infopackets) A new report suggests that many users who use the Windows Update feature to automatically download and install the latest security patches from Microsoft do not have an up-to-date operating system
Hacking Up History(PC Magazine) "History repeats itself" is a phrase you'd never think of in the tech world, but it holds quite a bit of truth in the industry
Limiting automation in a cyber-insecure world(C4ISR & Networks) With each new headline announcing another cyber breach, to include national governments, retail stores, cloud companies (Apple's iCloud), and leading banks, I am compelled to reflect on an obscure set of war games conducted in 2012-2013 that may prove prescient
Telecom giant Huawei doubles down on Ontario(Ottawa Citizen) Chinese telecommunications giant Huawei announced Friday night that it plans to almost double its investment in its Ontario facilities, creating 325 new jobs in Ottawa and elsewhere
Security Analytics Startup Looks To MSPs, Cloud Partners For Growth(CRN) The head of an early-stage security analytics company has a well-thought-out strategy for partnerships moving ahead amid what he called accelerating demand for smarter approaches to security. Austin, Texas-based SparkCognition is just about a year old and has established partnerships with IBM Watson, SoftLayer and Power, and while most of its sales currently are direct, Founder, President and CEO Amir Husain is already in the beginning stages of building out the company's channel
What is the Cyber Threat Alliance?(Fortinet Blog) Emerging threats have created some strange bedfellows in the Cyber Threat Alliance but the group's work is critical to advancing security in an increasingly connected world
justniffer a Packet Analysis Tool(Internet Storm Center) Are you looking for another packet sniffer? justniffer is a packet sniffer with some interesting features. According to the author, this packet sniffer can rebuild and save HTTP file content sent over the network. "It uses portions of Linux kernel source code for handling all TCP/IP stuff. Precisely, it uses a slightly modified version of the libnids libraries that already include a modified version of Linux code in a more reusable way." The tarball can be downloaded here and a package is already available for Ubuntu
Technologies, Techniques, and Standards
Are Your Contracts Ready for a Cybersecurity Breach?(Corporate Counsel) Cyberattacks are becoming more frequent, more sophisticated and more widespread, as evidenced by recent hacks involving financial institutions like JPMorgan Chase & Co., home improvement retailer The Home Depot, e-commerce giant eBay Inc. and Target Corp.'s massive cyberattack that hit at the height of the holiday season last year
Use caution storing data in the "cloud"(Lake News Online) Businesses used to fret about sensitive documents, often keeping them stored under lock and key in safes, desks or file cabinets. Today, so much data is exchanged electronically that hardcopies are usually produced only when necessary
Targeting security weaknesses in the phone channel(Help Net Security) Fraud over the phone channel is a significant problem for businesses, both small and large. Recently, phone hackers targeted a small architecture firm in Georgia, costing them more than $166,000. The firm had only seven employees, and a few VoIP connected phone devices. For larger businesses with call centers, the risk of phone fraud grows exponentially, as does the average fraud loss
Raising cryptography’s standards(R&D Magazine) Most modern cryptographic schemes rely on computational complexity for their security. In principle, they can be cracked, but that would take a prohibitively long time, even with enormous computational resources
Cyber security: Always a 'topic of concern'(U.S. Air Force Academy Public Affairs ) National Cyber Security Awareness Month will end Oct. 31, but one Academy official said she hopes Airmen here continue to treat computer security with the year-round attention she said it deserves
HP Helps Schools Fend Off Mounting Cyber Threats(CIO Today) As the number of "bring your own devices" keeps growing at colleges and other schools, academic IT departments are finding it increasingly difficult to stave off malware, bot attacks and a variety of other cyber Relevant Products/Services-threats. Several educational institutions across the U.S. have turned to Hewlett-Packard's TippingPoint network Relevant Products/Services security Relevant Products/Services solutions for help
Legislation, Policy, and Regulation
China Approves Security Law Emphasizing Counterespionage(New York Times) President Xi Jinping of China has signed a new Counterespionage Law, replacing the 1993 National Security Law with an updated set of rules that will more closely target foreign spies and Chinese individuals and organizations who collaborate with them
Global Times: US plays up latest Chinese cyberespionage report(Want China Times) A recently published report about a Chinese-sponsored hacker group being circulated by US media outlets is allegedly attempting to manipulate public opinion against China just before the coming Asia-Pacific Economic Cooperation (APEC) conference, where leaders of the two countries will meet in Beijing, reports state-media Global Times
The spies who kill innovation(Stanford Daily) Much has been made of China's rise and America's supposed decline, but these arguments are generally unsound. American declinists leech off the belief that faster growth today means more power tomorrow. They assert that China's economic rise means that the Middle Kingdom will necessarily supplant America's global hegemony with its own
Can DHS get it together?(FCW) Twelve years after its creation, the Department of Homeland Security is at a crossroads in how it handles its ever-evolving cybersecurity mission
Navy to Begin Preparations for Cyber Warfare(National Defense) U.S. warships that patrol treacherous waterways like the Strait of Hormuz are ready to respond to a wide array of threats, including underwater explosives, kamikaze boats and missile strikes. They are less prepared, though, to cope with a cyber onslaught on their computer systems
Misuse Confidential Information and Risk a Significant Payment(WillisWire) A recent decision of the English High Court found Barclays Bank liable to pay damages of €10 million to CF Partners for breaching an equitable duty of confidence. The Court held that the bank had misused confidential information, supplied by CF Partners for a bank loan to finance a takeover bid, in order to buy the target company itself
'Blackshades' User Pleads Guilty to Hacking(Wall Street Journal) A New Jersey man has pleaded guilty in Manhattan federal court to a charge of computer hacking by using the malicious Blackshades software that was the focus of a global crackdown earlier this year, the U.S. attorney's office said Friday
Man faces trial over 'cyber attack'(Oxford Mail) A 44-year-old man is due to face trial today accused of being responsible for a cyber-attack launched against the Home Office's website
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FS-ISAC EU Summit 2014(London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
POC2014(Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...
Bay Area SecureWorld(Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...
Open Source Digital Forensics Conference 2014(Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...
Managing BYOD & Enterprise Mobility USA 2014(San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...
NICE 2014 Conference and Expo(Columbia, Maryland, USA, November 5 - 6, 2014) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices,...
RiseCON 2014(Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014(Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.
i-Society 2014(London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.