skip navigation

More signal. Less noise.

Daily briefing.

Investigation into what many consider a Russian campaign against Western (especially US) utilities continues. Reports suggest that the US Department of Homeland Security is quietly consulting with the energy sector concerning the campaign — whatever else may be happening, US-CERT did issue clear and direct warnings concerning BlackEnergy malware. Some observers see (slightly implausibly) wheels within wheels and speculate that the recent compromise of White House networks may have been misdirection for the energy sector campaign. Others content themselves with noting, again, how difficult attribution of cyber attacks can be.

The Dyre/Dyreza banking Trojan's successes are giving it a strong tailwind in the criminal economy. Swiss bank accounts are being targeted, and reports from Pittsburgh suggest that US infestations are cropping up in Western Pennsylvania.

Fortinet reports a new version — stealthier and more resistant to analysis — of the Backoff point-of-sale malware (its internal name is "ROM;" no researcher-assigned label yet).

Krebs warns that rewards programs are increasingly under attack, and illustrates the trend with an account of fraud against Hilton Honors loyalty accounts.

A researcher with Truesec claims he's discovered a serious privilege-escalation vulnerability in OS X Yosemite.

Sony PlayStation user data may be at risk of compromise through an SQL injection flaw.

Dr. Web says it's found an Android dialer that's both insidious and resistant to removal.

Researchers at Ben Gurion University demonstrate "AirHopper," an exploit that compromises air-gapped systems.

Retrospectives look at Stuxnet and the vulnerabilities that lent themselves to its dissemination.

Swatting is back, apparently for the lulz.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, Germany, Israel, Mexico, Portugal, Russia, Singapore, Sweden, Switzerland, Taiwan, United Arab Emirates, United Kingdom, United States.

The CyberWire will cover the National Initiative for Cybersecurity Education Conference and Expo, with special issues on November 5, 6, and 7.

Cyber Attacks, Threats, and Vulnerabilities

Moscow Suspected in Hack of U.S. Industrial Control Systems (Washington Free Beacon) BlackEnergy malware used by Russians found in water, energy control systems

Russian BlackEnergy Malware Story Hidden by White House Breach (IT Business Edge) It was announced yesterday that White House computers were hacked, most likely by Russian hackers. White House officials have stated that it was non-classified computers that were attacked and there is no cause for alarm. As Government Technology pointed out, staffers were given the typical "change your password" advice, and little else

Secret meetings tackle back-to-back energy-sector cyberthreats (EnergyWire) The Department of Homeland Security is hosting a series of secret briefings to address "ongoing" cyberthreats to energy control systems, according to security experts

The White House got hacked; are you next? (TechTarget) Russian-backed hackers could be at it again, this time targeting the White House. Experts advise businesses take a page from the hackers and get organized

It looks like Russia and smells like Russia … but is it Russia? (CNN Money) It's easy to say Russians are hacking the White House and major U.S. companies. It's harder to prove it

Former NSA Official Warns About Future Cyber Attacks Against U.S. Government (Design & Trend) Joel Brenner, the former Inspector General for the National Security Agency (NSA) warned that cyber attacks targeting networks and systems of government facilities will increase in the future

Rugby League team Keighley Cougars' website reads 'I love you Isis' after hacking (Threat Brief) The website of Rugby League team the Keighley Cougars has been hacked and replaced with a page featuring the message: "I love you Isis"

Dyre malware targeting Swiss bank customers (Help Net Security) The Dyre/Dyreza banking Trojan has lately become very popular with cyber criminals — so much so that the US-CERT has issued an alert warning about the danger

Hackers' new Dyre malware infects W.Pa. computers, vexes FBI cyber agents (Pittsburgh Tribune) Pittsburgh-based FBI cyber agents who brought down an international Russian hacking syndicate in May are now focusing on two new targets that have caused significant damage, the Tribune-Review has learned

ROM — A New Version of the Backoff PoS Malware (Fortinet Blog) A few months have passed since the release of the "Backoff" point-of-sale (PoS) malware advisory, but Backoff and other PoS malware continue to be an active threat as businesses keep reporting data breaches and the compromise of their customers' financial information

Thieves Cash Out Rewards, Points Accounts (KrebsOnSecurity) A number of readers have complained recently about having their Hilton Honors loyalty accounts emptied by cybercrooks. This type of fraud often catches consumers off-guard, but the truth is that the recent spike in fraud against Hilton Honors members is part of a larger trend that's been worsening for years as more companies offer rewards programs

Swedish hacker finds 'serious' vulnerability in OS X Yosemite (Macworld) A white-hat hacker from Sweden says he's found a serious security hole in Apple's Yosemite OS X that could allow an attacker to take control of your computer

New SQL Injection Flaw Puts Sony PlayStation User Data at Risk (Softpedia) Details of Sony Playstation Network users could be at risk due to a blind SQL injection bug in the website, a penetration tester claims

Android dialer hides, resists attempts to remove it (Help Net Security) A malicious dialler disguised as an application for adults could become a big problem for Android users, as the malware systematically removes traces of itself from the phone and makes deinstallation impossible through normal means, Dr. Web researchers warn

Luck Played Role in Discovery of Data Breach at JPMorgan Affecting Millions (New York Times) When it comes to defending a large company against an online attack, sometimes luck and timing can mean as much as spending hundreds of millions of dollars a year on computer security

Why malvertising could be your business number one problem (IT Pro Portal) Internet advertising spend now outpaces all other forms of media. In the UK only, digital will make up almost 50 per cent of the total ad spend and it will be worth £13.9bn this year according to GroupM, WPP's media buying arm. With numbers like that, it's no surprise that cyber attackers are also turning their heads towards internet advertising

Research shows enterprises leaking shadow data to the cloud (TechTarget) A new study by cloud security startup Elastica shows that enterprise employees are unknowingly leaking sensitive data through cloud apps and services

Live data used to highlight cloud-based risks (CSO) The cloud is still a jungle when it comes to risk and security

GroupMe Vulnerability: Full Account Takeover (Breaking Bits) GroupMe is a popular cross platform group messaging client for Android and iOS. A critical vulnerability related to mobile phone SMS verification in the iOS application (version <= 4.4.4) allowed for account takeover provided you knew your target's phone number (that is, the phone number connected to their GroupMe account). Knowing just the phone number, you could take over their account entirely while simultaneously resetting their password and email address

Hack an Isolated Computer — No Internet Connection Required (Ethical Hacking) A proof-of-concept idea, which allows a person to send and receive data from a machine that has been kept completely isolated from the internet has been developed by researchers at the Ben Gurion University in Israel. This technique sends information from the machine to a mobile device, specially set up for this activity and later transfers that data to the outside world using normal modes of communications like internet/sms etc

How Attackers Can Use Radio Signals and Mobile Phones to Steal Protected Data (Wired) Computers housing the world's most sensitive data are usually "air-gapped" or isolated from the internet. They're also not connected to other systems that are internet-connected, and their Bluetooth feature is disabled, too. Sometimes, workers are not even allowed to bring mobile phones within range of the computers. All of this is done to keep important data out of the hands of remote hackers

An Unprecedented Look at Stuxnet, the World's First Digital Weapon (Wired) In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery — apparently as much to the Iranian technicians replacing the centrifuges as to the inspectors observing them

CVE-2014-4115 Analysis: Malicious USB Disks Allow For Possible Whole System Control (TrendLabs Security Intelligence Blog) One of the bulletins that was part of the October 2014 Patch Tuesday cycle was MS14-063 which fixed a vulnerability in the FAT32 disk partition driver that could allow for an attacker to gain administrator rights on affected systems, with only a USB disk with a specially modified file system. This vulnerability as also designated as CVE-2014-4115

Baldwin [Pennsylvania] Family Falls Victim To Scary Cyber Invasion Attack (CBS Pittsburgh) It all started with a phone call in the middle of the night

Bulletin (SB14-307) Vulnerability Summary for the Week of October 27, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

HTML5 goes officially live — now you really CAN say goodbye to Java in your browser! (Naked Security) Do you remember what happened on the night before Christmas in the last year of the last millennium?

Most Users Don't Use Windows Update Properly: Report (Infopackets) A new report suggests that many users who use the Windows Update feature to automatically download and install the latest security patches from Microsoft do not have an up-to-date operating system

UK consumers particularly prone to piss-poor patching (Register) Java a hot spot — new report

Cyber Trends

Cyberspace Expands Threat Matrix (InformationWeek) National security experts warn there is no privacy or security any more

Hacking Up History (PC Magazine) "History repeats itself" is a phrase you'd never think of in the tech world, but it holds quite a bit of truth in the industry

Limiting automation in a cyber-insecure world (C4ISR & Networks) With each new headline announcing another cyber breach, to include national governments, retail stores, cloud companies (Apple's iCloud), and leading banks, I am compelled to reflect on an obscure set of war games conducted in 2012-2013 that may prove prescient

Privileged-account risk multiplies for Australia's cloud-hungry businesses: CyberArk (CSO) Australian companies may be among the most enthusiastic and progressive about cloud services in the world, but they're opening up new avenues for attack unless they complement cloud initiatives with efforts to identify control unmanaged privileged user accounts, a CyberArk executive has warned

Marketplace

What Engility's purchase of TASC could mean for D.C.-area services contractors (Washington Post) For government contractors, the holiday shopping season has already kicked off

Alcatel-Lucent sells cyber security biz to Thales (Telecom Lead) Telecom network vendor Alcatel-Lucent has sold its cyber security services & solutions and the communications security business to Thales

What to look for in FireEye's earnings (MarketWatch) FireEye sales expected to slow for the fourth straight quarter

Telecom giant Huawei doubles down on Ontario (Ottawa Citizen) Chinese telecommunications giant Huawei announced Friday night that it plans to almost double its investment in its Ontario facilities, creating 325 new jobs in Ottawa and elsewhere

Huawei Invests $1.5 Billion to Build New ICT Facilities in Mexico (China Topix) Chinese telecom equipment maker Huawei Technologies Co. Ltd. is investing $1.5 billion in Mexico to build new Information and Communication Technology (ICT) centers over the next five years

Xiaomi Is Facing Security Related Investigations In Singapore & Taiwan Too (Trak.in) Last week, Indian Air Force issued a circular wherein they had categorically warned against using Xiaomi smart phones, due to security related issues. This is the first instance when a defense establishment in India had to issue such a warning against usage of a smart phone

GlobalFoundries Purchase of IBM Essex Prompts Security Review (Vermont Public Radio) The sale of IBM's chip making division, including the company's Essex plant is being scrutinized by federal officials

Crime Pays for Radware as Cyber-Attacks Increase: Israel Markets (Bloomberg) The spate of cyber-attacks that rocked U.S. companies in 2014 came at just the right time for Tel Aviv-based Radware Ltd. (RDWR), which spent the last three years doubling its U.S. sales force

Security Analytics Startup Looks To MSPs, Cloud Partners For Growth (CRN) The head of an early-stage security analytics company has a well-thought-out strategy for partnerships moving ahead amid what he called accelerating demand for smarter approaches to security. Austin, Texas-based SparkCognition is just about a year old and has established partnerships with IBM Watson, SoftLayer and Power, and while most of its sales currently are direct, Founder, President and CEO Amir Husain is already in the beginning stages of building out the company's channel

Top municipal government Hexis Cyber solution for advanced threat protection (Financial News) KEYW Holding Corporation (KEYW) subsidiary Hexis Cyber Solutions said that HawkEye G has been selected by a top ten US municipal government for advanced threat detection and automated malware removal

Security Consultancy Threat Intelligence Appoints Australian Security Leader Andrew van der Stock as Principal Security Consultant (PRWire) Threat Intelligence, an Australian security consultancy specialising in the next era of intelligence-based threat management and penetration testing, today announced that it has appointed security veteran and acknowledged Australian leader of the application security field, Andrew van der Stock as Principal Security Consultant

Products, Services, and Solutions

Why Facebook Just Launched Its Own 'Dark Web' Site (Wired) Facebook has never had much of a reputation for letting users hide their identities online. But now the world's least anonymous website has just joined the Web's most anonymous network

What is the Cyber Threat Alliance? (Fortinet Blog) Emerging threats have created some strange bedfellows in the Cyber Threat Alliance but the group's work is critical to advancing security in an increasingly connected world

Check Point Mobile Security Platform Capsule Debuts (eWeek) Capsule secures business documents everywhere, and authorized users can access a protected document on any device

Microsoft Security Essentials Should Be Replaced On Your Computer (JBG News) Microsoft Security Essentials has been declining on AV-Tests for years and Microsoft is beginning to show neglect in keeping up with the competition

Best Free Antivirus — Analysis of the Top Paid and Free Antivirus Software (Fuse Joplin) There are many different free antivirus programs that you can download for your computer or device. They, however, vary in quality and features and offer different levels of protection

Gemalto cloud security platform now integrates with Microsoft Active Directory Federation Services (CSO) Gemalto, a world leader in digital security, announces its cloud authentication server is compliant with Microsoft's single-sign on access feature. Gemalto's Protiva IDConfirm platform integrates with Microsoft Active Directory Federation Services (AD FS), enabling strong authentication to web-based enterprise applications with a unique user digital identity

justniffer a Packet Analysis Tool (Internet Storm Center) Are you looking for another packet sniffer? justniffer is a packet sniffer with some interesting features. According to the author, this packet sniffer can rebuild and save HTTP file content sent over the network. "It uses portions of Linux kernel source code for handling all TCP/IP stuff. Precisely, it uses a slightly modified version of the libnids libraries that already include a modified version of Linux code in a more reusable way."[1] The tarball can be downloaded here and a package is already available for Ubuntu

Technologies, Techniques, and Standards

Are Your Contracts Ready for a Cybersecurity Breach? (Corporate Counsel) Cyberattacks are becoming more frequent, more sophisticated and more widespread, as evidenced by recent hacks involving financial institutions like JPMorgan Chase & Co., home improvement retailer The Home Depot, e-commerce giant eBay Inc. and Target Corp.'s massive cyberattack that hit at the height of the holiday season last year

Data Breaches: Don't Blame Security Teams, Blame Lack of Context (Forbes) Cyber security teams are now, more than ever, under great pressure due to an increased likelihood that their organization will be breached

In cybersecurity, the weakest link is … you (Conversation) A chain is only as strong as its weakest link. Computer security relies on a great number of links, hardware, software and something else altogether: you

Setting Traps, and Other Internet Security Tips (MIT Technology Review) In the wake of cyberattacks on JPMorgan and other sophisticated companies, a computer security expert offers advice to those of us with far fewer resources

Use caution storing data in the "cloud" (Lake News Online) Businesses used to fret about sensitive documents, often keeping them stored under lock and key in safes, desks or file cabinets. Today, so much data is exchanged electronically that hardcopies are usually produced only when necessary

Targeting security weaknesses in the phone channel (Help Net Security) Fraud over the phone channel is a significant problem for businesses, both small and large. Recently, phone hackers targeted a small architecture firm in Georgia, costing them more than $166,000. The firm had only seven employees, and a few VoIP connected phone devices. For larger businesses with call centers, the risk of phone fraud grows exponentially, as does the average fraud loss

Hacker Lexicon: What Is Homomorphic Encryption? (Wired) The problem with encrypting data is that sooner or later, you have to decrypt it

Research and Development

Google Working on Tool to Gather Stats While Preserving Privacy (Threatpost) Google is working on a new system that enables the company to collect randomized information about the way that users are affected by unwanted software on their machines, without gathering identifying data about the users

Raising cryptography’s standards (R&D Magazine) Most modern cryptographic schemes rely on computational complexity for their security. In principle, they can be cracked, but that would take a prohibitively long time, even with enormous computational resources

Academia

Cyber security: Always a 'topic of concern' (U.S. Air Force Academy Public Affairs ) National Cyber Security Awareness Month will end Oct. 31, but one Academy official said she hopes Airmen here continue to treat computer security with the year-round attention she said it deserves

HP Helps Schools Fend Off Mounting Cyber Threats (CIO Today) As the number of "bring your own devices" keeps growing at colleges and other schools, academic IT departments are finding it increasingly difficult to stave off malware, bot attacks and a variety of other cyber Relevant Products/Services-threats. Several educational institutions across the U.S. have turned to Hewlett-Packard's TippingPoint network Relevant Products/Services security Relevant Products/Services solutions for help

Legislation, Policy, and Regulation

China Approves Security Law Emphasizing Counterespionage (New York Times) President Xi Jinping of China has signed a new Counterespionage Law, replacing the 1993 National Security Law with an updated set of rules that will more closely target foreign spies and Chinese individuals and organizations who collaborate with them

Global Times: US plays up latest Chinese cyberespionage report (Want China Times) A recently published report about a Chinese-sponsored hacker group being circulated by US media outlets is allegedly attempting to manipulate public opinion against China just before the coming Asia-Pacific Economic Cooperation (APEC) conference, where leaders of the two countries will meet in Beijing, reports state-media Global Times

The spies who kill innovation (Stanford Daily) Much has been made of China's rise and America's supposed decline, but these arguments are generally unsound. American declinists leech off the belief that faster growth today means more power tomorrow. They assert that China's economic rise means that the Middle Kingdom will necessarily supplant America's global hegemony with its own

Berlin Weighs Possible Hit to U.S. Tech Firms (Wall Street Journal) Draft web law could exclude some companies From Germany's digital economy

Brazil Building Internet Cable to Portugal to Avoid NSA Surveillance (Latin Post) The Brazilian government is breaking ties with American technology companies and is investing in building a cable to Portugal to escape the reach of the U.S. National Security Agency

Mixed results for key Government cyber-initiatives (SC Magazine) The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target

Can DHS get it together? (FCW) Twelve years after its creation, the Department of Homeland Security is at a crossroads in how it handles its ever-evolving cybersecurity mission

Navy to Begin Preparations for Cyber Warfare (National Defense) U.S. warships that patrol treacherous waterways like the Strait of Hormuz are ready to respond to a wide array of threats, including underwater explosives, kamikaze boats and missile strikes. They are less prepared, though, to cope with a cyber onslaught on their computer systems

Litigation, Investigation, and Law Enforcement

Right, Left Combo to Spar with NSA in Court (WND) Klayman welcomes ACLU in battle against government spying

Misuse Confidential Information and Risk a Significant Payment (WillisWire) A recent decision of the English High Court found Barclays Bank liable to pay damages of €10 million to CF Partners for breaching an equitable duty of confidence. The Court held that the bank had misused confidential information, supplied by CF Partners for a bank loan to finance a takeover bid, in order to buy the target company itself

Francis Maude: 'The internet is too large for any organisation to fight cyber crime alone' (Computing) Cyber security is "an important part of the UK's economic plans", which is why it's essential that the issue isn't just confined to the IT department, but to every individual within all organisations

Police can demand fingerprints but not passcodes to unlock phones, rules judge (Naked Security) Cops can force you to unlock your phone with your fingerprint, but not with your passcode, according to a judge in the US state of Virginia

Huntsville schools paid $157,000 to former FBI agent, social media monitoring led to 14 expulsions (Al.com) Huntsville City Schools paid a former FBI agent $157,000 last year to oversee security improvements, including the investigation of social media activity of public school students

Israeli living in Mexico arrested on suspicion of blackmailing companies (Haaretz) Police cyber-unit inquiry showed he hacked firms, threatened to disclose data if they didn't pay ransom totaling $530,000

'Blackshades' User Pleads Guilty to Hacking (Wall Street Journal) A New Jersey man has pleaded guilty in Manhattan federal court to a charge of computer hacking by using the malicious Blackshades software that was the focus of a global crackdown earlier this year, the U.S. attorney's office said Friday

Man faces trial over 'cyber attack' (Oxford Mail) A 44-year-old man is due to face trial today accused of being responsible for a cyber-attack launched against the Home Office's website

South Shields 'hacker' held over cyber attack on Durham police (Hartlepool Mail) A suspected internet hacker has been arrested over a cyber attack on Durham Constabulary's website after a raid on a house in South Shields

Teacher's ex accused of hacking email, sending nude pics to students (Naked Security) The ex-lover of a Pasadena teacher has been arrested and bailed in Los Angeles county, accused of breaking into the teacher's school email account and using it to send out "sexually explicit" photos of said teacher to students and fellow staff

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...

NICE 2014 Conference and Expo (Columbia, Maryland, USA, November 5 - 6, 2014) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices,...

National Initiative for Cybersecurity Education Conference and Expo (Columbia, Maryland, USA, November 5 - 6, 2014) The NICE 2014 Conference and Expo features thought leaders from education, government, industry and non-profits to address the future cybersecurity education needs of the nation

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the...

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.