Reports of hacktivism, cyber-rioting, and state-sponsored attacks on NGOs surface across the Old World from Spain to Israel to China.
State-versus-state cyberspace tensions between the US and China rise even as a Sino-American summit reaches agreement on other issues. The recent hack of the US Postal Service is generally attributed to China, and as observers talk (a bit over-heatedly) of "cyber war," the US darkly promises a response (but that response is likelier lawfare than warfare).
And, not to forget Russo-American cyber tensions, US observers continue to digest reports of BlackEnergy.
DarkHotel (which Kaspersky very tentatively suggests may be a South Korean operation) raises, in a new way, old concerns about hotel Wi-Fi services. (Similar concerns surface in scrutiny of the proposed acquisition of the Waldorf by Chinese interests, likely to provide a useful case study of cyber regulation and due diligence in M&A activity.)
Researchers window-shop the black market's bargain basement, and note that the keyloggers and point-of-sale badness on offer therein poses a particular risk of targeted attack against small businesses.
Other researchers see a chance for you to become — legally, sez they — your own NSA, GCHQ, FBI, BND, etc. with easily used tools. (The CyberWire's local heritage of privateering and national heritage of frontier justice aside, such enthusiasm makes us uneasy.)
Yesterday's Patch Tuesday excites considerable interest, as some of the vulnerabilities addressed are old, dangerous, and readily exploitable.
Wall Street looks at cyber and (for now) likes what it sees.
Germany's BND discloses large cyber ambitions.
Today's issue includes events affecting Australia, Belgium, Canada, China, European Union, Germany, India, Iran, Israel, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, New Zealand, Palestinian Territories, Russia, South Africa, Spain, Ukraine, United Kingdom, United States.
Massive cyber-attacks on human rights website(News Weekly) One of the world's leading human rights groups, Human Rights Without Frontiers (HRWF), has reported that it has been subject to "repeated and sophisticated" cyber-attacks on its web site. The group has traced the attacks back to Russia and China, which have been the subject of repeated criticism over human rights violations
Report: China behind Postal Service hack(The Hill) Even as President Obama and Secretary of State John Kerry hold trade talks in Beijing with an emphasis on cybersecurity, the Chinese government is being accused in a Monday report of hacking the U.S. Postal Service (USPS)
BlackEnergy malware threat has some uneasy(Pittsburgh Post-Gazette) A malicious software dubbed BlackEnergy has intrigued and frightened cybersecurity experts, in part because of its intent and in part because of its origin
Masque Attack: All Your iOS Apps Belong to Us(FireEye Blog) In July 2014, FireEye mobile security researchers have discovered that an iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier
How bad is the SCHANNEL vulnerability (CVE-2014-6321) patched in MS14-066?(Internet Storm Center) We had a number of users suggesting that we should have labeled MS14-066 as "Patch Now" instead of just critical. This particular vulnerability probably has the largest potential impact among all of the vulnerabilities patched this Tuesday, and should be considered the first patch to apply, in particular on servers
G DATA: Fresh RAT 'COMpfun' Employs New Persistence Mechanism(Spamfighter) Security experts of security firm G DATA have recognized a fresh RAT (Remote Administration Tool) which uses a novel persistence mechanism which has never been used before. Security experts also analysed and found that it is known as COMpfun and named after (4char-random) value of the malware called "pfun"
BrowserStack hacked, but it's not shutting down(Help Net Security) BrowserStack, the popular cross browser testing service used by over 25,000 customers around the world, including Microsoft, eBay, Adobe, Wikipedia and many others, has suffered a breach but is not shutting down
POS (Point of Sale) Malware Revisited(Cyphort) In the past six months the retail industry has experienced a row of data breaches of shocking dimensions. Industry giants like Target, Home Depot and UPS have lost millions of financial card data records to committed cyber criminals. Now questions arise: how this many cards could have been compromised, what are the capabilities of the malicious tools used in the hacks and how retailers can create a secure environment around their most valuable data assets?
Organized cyber crooks plunder SMBs with simple, cheap keyloggers(Help Net Security) The popularity and pervasiveness of Zeus/Zbot has made it almost a synonym for banking malware, but there are unfortunately many more types of malicious software that allow attackers to steal money from their victims. Some of these, in the "right" hands, can bring in an astounding amount of money
Abusing Samsung KNOX to remotely install a malicious application: story of a half patched vulnerability(Quarkslab's Blog) We explain a vulnerability found when the Samsung Galaxy S5 was released and patched recently by Samsung. It allows a remote attacker to install an arbitrary application by using an unsecure update mechanism implemented in the UniversalMDMClient application related to the Samsung KNOX security solution. The vulnerability has been patched on the Samsung Galaxy S5 but also Note 4 and Alpha. Yet the Samsung Galaxy S4, Note3 and Ace 4 (and possibly others) are still vulnerable
Assessing Risk for the November 2014 Security Updates(Microsoft Security Research and Defense Blog) Today we released fourteen security bulletins addressing 33 unique CVE's. Four bulletins have a maximum severity rating of Critical, eight have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. This table is designed to help you prioritize the deployment of updates appropriately for your environment
Microsoft updates EMET anti-hack tool(ZDNet) A new version of the Enhanced Mitigation Experience Toolkit mostly improves compatibility with applications software, and specifically with Java and Chrome
Firefox Now Has Increased Privacy Control With "Forget" Button and Anonymous Search(Slate) We've all been there: spending two hours reading up on on the life and times of Michael Jackson or watching YouTube clips of every talk show interview Benedict Cumberbatch has ever done. But if you want to pretend that your most recent excursion down the Internet rabbit hole never happened, then Firefox version 33.1 may be your new favorite browser
Security updates available for Adobe Flash Player(Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions
Stable Channel Update(Google Chrome Team) The stable channel has been updated to 38.0.2125.122 for Windows, Mac and Linux. This release contains an update for Adobe Flash as well as a number of other fixes. A full list of changes is available in the log
Rights groups, NGOs struggle against malware attacks(IDG via CSO) A multi-year study of cyberattacks against 10 activist and human rights groups shows they're hit with the same types of intrusions as large organizations but have far fewer resources to defend themselves
Cyber Ground Truth(Trend Micro: Simply Security) Ground Truth is a military term that describes the reality of a tactical situation — as opposed to intelligence reports and mission plans
Avoiding the Dark Security Future(Threatpost) Nick Percoco has been thinking a lot about the future of technology, and some of the things he's dreamed up aren't very pretty: farms of people renting out their spare brain cycles, autonomous cars that freak out and careen into oncoming traffic and hacking groups hijacking users' augmented reality gear and demanding ransoms to unlock them
Don't Have Social Media Regret — Keep Conversations Private(Trend Micro: Simply Security) Have you ever engaged in a conversation on social media you thought was private, only to find out everyone could see it? You're not the only one. According to a recent Trend Micro privacy poll of social media users — 1 in 5 people have posted something they later regretted
Many IT pros store compromising material on their mobile phones(Help Net Security) It appears that Jennifer Lawrence is not the only one with risquÉ photos on her mobile device. According to a new survey from ESET, 39 percent of the UK's leading IT professionals have also confessed that if they were to lose their phone, some of the photos and information they have stored on the device could compromise them
Cyber Security Assessment Netherlands 4(National Cyber Security Centre, Netherlands Ministry of Security and Justice) Cybercrime and digital espionage remain the biggest threat in the area of cyber security. The potential impact of cyber attacks and disruptions will only increase, due to rapid digitization. Another notable finding is the lack of so-called IT Durability
Cybercrime costs South Africa about R5.8 billion a year(htxt.africa) "Cybercrime is a global problem, and it is the country costing hundreds of millions of rand annually. What needs to happen, is that organisation urgently need to collaborate with private entities and the public on cyber threat initiatives," said Wolfpack Information Risk's Craig Rosewarne at the Cybercon Africa conference taking place in Johannesburg today
NIST Framework as Basis for Standard of Care for Cyber Security(JD Supra) When the National Institute of Standards and Technology ("NIST") released its Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (the "Framework"), (a priority program for the federal Department of Homeland Security), the National Protection and Programs Directorate ("NPPD") became the working session between the government and the private insurance industry to discuss the impact of the NIST Framework on the cyber-insurance marketplace
The false security of anti-virus software(Communities Digital News) Soon, most insurance companies will offer cyber breach coverage. When breaches occur, and the insurance company doesn't pay a claim (and we know insurers don't want to pay claims and they will fight to avoid doing so), the insurance company attorneys are going to have their hands full defending claims
Banks play down cyber attack levels(ComputerWeekly) Banks are under-reporting cyber fraud because they don't want to scare customers, a parliamentary committee has been told.A University of Cambridge researcher told a Treasury select committee that the amount of money being taken from people's accounts through cyber crime is twice as much as what is reported
Macquarie Bullish On Cybersecurity Firms(Benzinga) Macquarie initiated coverage on several security software companies Tuesday and expressed that the "relevancy of cyber security has never been greater"
Palo Alto Networks Inc: Best Stock in the Network Security Sector?(Motley Fool) Palo Alto Networks (NYSE: PANW) is one of the most interesting names in the tech sector, but the decision over buying or selling the stock isn't as easy as you might think. Investors often buy or sell stocks based on their relative valuation within their peer group, but with the network security sector it isn't quite so easy. Why is this so? Furthermore, is Palo Alto Networks a buy or sell?
Trend Micro on the hunt for valuable partners(MicroScope) One of the current themes of the market has to be around the topic of partner programmes and more general discussions about relationships between vendors and their distributors and resellers
Cyber-Security Salaries on the Up as Shortages Bite(Infosecurity Magazine) IT security salaries are on the rise thanks to a double whammy of increased cross-sector demand and continued skills shortages in key areas, according to recruitment consultancy Morgan McKinley
Alert Logic Introduces First Fully Managed Suite of Cloud Security Products(bobs guide) Alert Logic, the leading provider of Security-as-a-Service for the cloud, today announced availability of Alert Logic Cloud Defender, a new, fully managed cloud-based security and compliance suite that offers the functionality of a managed Security Information and Event Management (SIEM) solution without the cost and complexity of a traditional, on-premises, in-house SIEM
Windows Notepad With Added Encryption Keeps Your Thoughts Safe(Gizmo's Freeware) Secure Edit is a simple Windows notepad program with a difference. It encrypts your text files, using the well-known Blowfish algorithm, which means that someone without the password can't read them. This makes it useful for keeping private notes on your computer, and it's also handy for storing passwords
LockPath Introduces Keylight 4.1(Marketwired) LockPath, a leader in innovative governance, risk, compliance (GRC) and information security (InfoSec) solutions, today introduced Keylight™ 4.1, the newest version of its award-winning platform. Keylight 4.1 includes some of the industry's fastest, most sophisticated and innovative data integration and reporting solutions to date
IBM unveils intelligent cloud security(IT-Online) IBM has announced it has built the industry's first intelligent security portfolio for protecting people, data and applications in the cloud
Cybersecurity: Turning the Tide on Hackers with Dispersive Technologies(Forbes) With the recent cyberattacks at The Home Depot HD +0.52%, Target TGT +2.1%, JPMorgan Chase JPM +0.75%, and now Kmart (division of Sears), one has to wonder whether the hackers have the edge in this ongoing cyberwar. Newsflash: in many ways, they do. Every day that goes by makes it easier and less expensive for bad guys to mount attacks that only a few years ago were prohibitively expensive
virustotal += Detailed ELF information(VirusTotal) In computing, the Executable and Linkable Format (ELF, formerly called Extensible Linking Format) is a common standard file format for executables, object code, shared libraries, and core dumps. It was chosen as the standard binary file format for Unix and Unix-like systems [Wikipedia]
Sharing threat information before, during, and after a cyber-attack(Phys.org) Time is not your friend when your information systems are under cyber attack, but sharing threat information before, during, and after an attack with a trusted group of peers can help. Not only does it alert the other members of your community to a potential attack, it can provide critical actionable information to speed and bolster your own defenses. Participating in a formal information sharing group can greatly enhance an organization's cybersecurity capabilities
Vigilance and the Enterprise of Things(Help Net Security) Most enterprises allow BYOD in their environment, with varying levels of supervision. Typically, these are tablets and smartphones but the number of other Internet of Things devices being brought into the enterprise is on the rise. I like to refer to this as the Enterprise of Things
DJ Forensics: Analysis of Sound Mixer Artifacts(Ghetto Forensics) In many forensics examinations, including those of civil and criminal nature, there is an art to finding remnants of previously installed applications. Fearing detection, or assuming that an examination is forthcoming, many suspects attempt to remove unauthorized or suspicious applications from a system. Such attempts are usually unsuccessful and result only in additional hours of processing for forensics. But even with a clean uninstall there are traces left within the Windows registry that note such a program was installed
University of Houston preparing cybersecurity workers(MyFox Houston) With breaches in data on the rise, cybersecurity is a growing concern. The University of Houston (UH) has been awarded a $1.5 million CyberCorps grant from the National Science Foundation (NSF) to train students in this increasingly important area of national security
Legislation, Policy, and Regulation
Aufrüsten für den Cyberkampf(Süddeutsche Zeitung) Der Bundesnachrichtendienst will auch geschützte Internet-Verbindungen besser überwachen - und dafür insgesamt 300 Millionen Euro ausgeben. Auch soziale Netzwerke will der Geheimdienst intensiver ausspähen. Angeblich aber nicht in Deutschland
Israel's Building An Electronic 'Iron Dome' For Stopping Cyber Attacks(Times of Israel via Business Insider) When Hamas rained rockets on Israel in 2012 and again in 2014, the country was able to prevent widespread casualties and damage by activating the Iron Dome system, which intercepted and destroyed rockets fired at Israeli population centers and industrial areas
Demonizing Strong Encryption: Welcome To The Crypto Wars 2.0(TechDirt) From the paedophiles,-murderers-and-terrorists dept: Recently Techdirt wrote about the extraordinary tirade by the new GCHQ boss, Robert Hannigan, which boiled down to: "however much we spy and censor online today, it's still not enough." It was so full of wrong-headed and dangerous ideas that it was hard to capture it all in one post. Here's one thing we didn't have room for last time
Lame ducks face the cyber threat(C4ISR & Networks) All the political strategists, lobbyists and media are extremely busy now that the mid-term election is behind us. One of their many efforts is to figure out just what the so-called lame-duck president's focus and agenda will be for the remainder of his term; however, that needs to be put into context with the agenda of the Republican Congress. There are several indications are that one area that will intensify is the passage of cyber security/information-sharing measures in the time that remains in lame-duck session
Retail Trade Groups Want Fair Data Breach Reporting Rules(Threatpost) The National Retail Federation and dozens of other related groups cosigned a letter [PDF] to top congressional leaders last week pleading that they consider the passage of a federal law imposing uniform data breach notification rules that are equally applicable to every organization that handles sensitive user information
HealthCare.gov Gets Cybersecurity Upgrades(AP via WKRG News 5) Officials say HealthCare.gov has gotten cybersecurity upgrades ahead of a Nov. 15 start for the second open enrollment season under President Barack Obama's health care law
Are fingerprints PINs or physical artifacts?(Computerworld via CSO) A judge's ruling that a person can be forced to open his phone with his fingerprint ignores the fact that the fingerprint scan is just a substitute PIN, which can't be required by law enforcement
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
The affect of cybersecurity on humans(Albuquerque, New Mexico, USA, November 14, 2014) Most people would agree that technology is fascinating and has changed our lives in countless ways. But but how is it affecting us as humans and what are the issues surrounding the rapid advance in technology,...
Israel HLS 2014(Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.
i-Society 2014(London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...
Seattle SecureWorld(Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
AVAR 2014(, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...
THREADS Conference 2014(Brooklyn, New York, USA, November 13, 2014) A 2-day conference exploring state-of-the-art advances in security automation. We will present new research and innovations on integrating security into modern software development and operations, focusing...
ZeroNights 2014(Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...
Cyber Security Awareness Week Conference(New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...
Ground Zero Summit, India(New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...
Deepsec 2014(Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...
BugCON(Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...
Navy Now Forum: Admiral Rogers(Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...
International Cyber Warfare and Security Conference(Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...
EDSC 2014(Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...
Cyber Security World Conference 2014(New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...
Ethiopia Banking and ICT Summit(Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...
BSidesVienna(Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto(Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5(Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.