Israel prepares for Anonymous action over al Aksa mosque this Friday. Their response may prove a test of Israel-Indian cyber defense cooperation.
The US Weather Service sustained and contained a significant cyber attack. The Washington Post reports that officials say (off the record) that the hackers were working for the Chinese government. (A false tornado watch in the US Mid-South is also attributed to a cyber attack, but whether this is a consequence of the alleged Chinese hack or a separate incident is unclear.) The US Postal Service data breach remains generally attributed to China, but (faint) doubts arise as security firms note that, as a matter of a priori possibility, a data broker could have caused the breach.
In any event, Sino-American tensions in cyberspace remain high. China's new J-31 fighter has made its airshow debut, and the Wall Street Journal says it looks a lot like the cyber-spied-upon US F-35.
The Kornplug remote-access-Trojan hits Russian, Afghan, and Tajik targets. The Sednit espionage group (a.k.a. Sofacy, APT28, or Fancy Bear) remains active against Eastern European targets, and it's attacking air-gapped networks.
K-Mart may be the latest retailer to suffer a breach — the Sears subsidiary is investigating.
Observers have had time to digest Patch Tuesday. Their consensus is that the vulnerabilities closed were large and dangerous.
Brokerages begin trading the first cyber-security ETF. Insurers in Europe and the US offer new cyber policies. Microsoft buys Aorato for $200M.
Policymakers mull the nature of cyber peace to better understand cyber war.
Today's issue includes events affecting Afghanistan, China, Estonia, Georgia, India, Ireland, Israel, Republic of Korea, Malaysia, NATO, Pakistan, Russia, Tajikistan, Turkey, United Kingdom, United States, and Vietnam.
Chinese hack U.S. Weather systems, satellite network(Washington Post) Hackers from China breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses, officials said
Korplug military targeted attacks: Afghanistan & Tajikistan(We Live Security) After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one, related to Afghanistan & Tajikistan. The other campaign, where the targets were a number of high-profile organizations in Russia, will be the subject of Anton Cherepanov's presentation at the ZeroNights security conference in Moscow this week
Communities @ Risk: Targeted Digital Threats Against Civil Society(Targeted Threats) Civil society organizations (CSOs) that work to protect human rights and civil liberties around the world are being bombarded with persistent and disruptive targeted digital attacks — the same sort of attacks reportedly hitting industry and government. Unlike industry and government, however, civil society organizations have far fewer resources to deal with the problem
Sednit Espionage Group Attacking Air-Gapped Networks(We Live Security) The Sednit espionage group, also known as the Sofacy group, APT28 or "Fancy Bear", has been targeting various institutions for many years. We recently discovered a component the group employed to reach physically isolated computer networks — "air-gapped" networks — and exfiltrate sensitive files from them through removable drives
The Rebirth of Dofoil(Fortinet Blog) Dofoil, also known as Smoke Loader, is a modularized botnet that has existed for a few years. Since 2013, we have not received any new variants of this bot and the command-and-control (C&C) servers of its previous variants are no longer accessible, making Dofoil seem like a dead botnet
Only Half of USB Devices Have an Unpatchable Flaw, But No One Knows Which Half(Wired) First, the good news: that unpatchable security flaw in USB devices first brought to light over the summer affects only about half of the things you plug into your USB port. The bad news is it's nearly impossible to sort out the secure gadgets from the insecure ones without ripping open every last thumb drive
Following the Trail of South Korean Mobile Malware(TrendLabs Security Intelligence Blog) Recently, it has been reported that apps downloaded via third-party app stores in South Korea have resulted in more than 20,000 smartphones being infected with malicious apps. Note that none of these apps were found on the official Google Play store
Fake malware-laden Amazon emails target UK, US shoppers(Help Net Security) As the holiday season slowly approaches, and users increasingly turn to the Internet to do their holiday shopping before the seasonal madness begins, cyber crooks are trying to take advantage of the fact
Smartphone disposal poses security risks, experts warn(USA TODAY) As manufacturers continue to roll out new smartphones, luring customers to ditch their old phones, data security experts warn that improperly disposed phones can be mined for personal data by hackers in the U.S. and abroad
Security Patches, Mitigations, and Software Updates
Microsoft's silent, secret security updates(ZDNet) Does Microsoft find and fix security problems in their own products? You might assume so, but the company gives no reason to believe it. I assume they do, but silently
Number 3 on my top 10 list for security executives: Focus(CSO) With all the changes in security over the years it is essential for successful security leaders to constantly evaluate where they place focus and ensure that their approach is not too myopic for the modern threat landscape
Security-Officer-as-a-service — what does it mean and who is it for?(Computing) The obsession with acronyms has been long-standing in the IT industry, and now, to accompany it, is the fixation on the term "as-a-service". Software-as-a-service (SaaS), Platform-as-a-service (PaaS) and Infrastructure-as-a-Service (IaaS) are the three staples of this new craze, and they've been followed by the likes of Communications-As-a-Service (CaaS) and monitoring-as-a-service (MaaS)
73% of organizations say BYOD increases security risks(Help Net Security) Findings from a Kensington survey on the security risks created by BYOD policies in the enterprise show that 73 percent believe that BYOD represents greater security risks for their organization, and yet 59 percent still approve the use of personal devices for business usage
Only 47% of IT pros are confident in their hardware configurations(Help Net Security) Respondents of a new Tripwire survey were asked about the level of confidence they have in their application of foundational security controls, including hardware and software inventory, vulnerability management, patch management and system hardening
Microsoft Buys Israeli Hybrid Cloud Security Startup Aorato In $200M Deal(TechCrunch) Microsoft today confirmed that it has acquired Aorato, an Israel-based maker of security solutions co-founded by veterans of the Israeli defense forces, which only exited from stealth earlier this year. Aorato's focus is on enterprise services in the cloud and in hybrid on-premise and cloud environments, using machine learning to detect suspicious patterns
Trend Micro on the hunt for valuable partners(MicroScope) One of the current themes of the market has to be around the topic of partner programmes and more general discussions about relationships between vendors and their distributors and resellers
Nonprofit Effort Provides Training Programs for Veterans(SIGNAL) Last year, Kade Wolfley held a federal job as an electrician that gave him such little satisfaction he opted to quit and test his luck on an intriguing training program that took him away from his family for 11 weeks and offered no guarantee of employment
Security Readers' Choice Awards 2014: Threat intelligence tools(TechTarget) One of this year's new categories, threat intelligence products, can generally be thought of in two ways: as an intelligence feed that is consumed by various other products, or as a product that utilizes intelligence to block malware and sophisticated attacks
Nuvotera Teams Up With Soonr Workplace for SMB(Vertical Systems Reseller) Nuvotera, cloud security distributor for Managed Service Providers, announced today a partnership with Soonr, provider of secure file sharing and collaboration services for business
[New Tool] Nogotofail v0.4 Beta — TLS/SSL Testing Released(Toolswatch) Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It is licensed under Apache License 2.0
Technologies, Techniques, and Standards
Cyber war games held(Washington Times) National Security Agency director Mike Rogers said the exercise "Cyber Flag" was "force-on-force" training, "fusing attack and defense across the full spectrum of military operations in a closed network environment"
Major cyber security mistakes and how to avoid them(SC Magazine) Over the past couple of years, organisations have responded to the rising number of cyber-attacks by massively increasing their cyber-security budget, yet throwing money at the problem is not working
Decrypting ZBOT Configuration Files Automatically(TrendLabs Security Intelligence Blog) Since its emergence in 2007, ZBOT (also known as ZeuS) has become one of the most prevalent botnets and widely distributed banking Trojans. This malware family is widely known as a notorious credential stealing toolkit. It uses form-grabbing through web injection to steal user credentials from legitimate websites. It also has the capability to send out screenshots to bypass on-board keyboard authentications
The problem of buggy software components(Quocirca Insights) What do Heartbleed, Shellshock and Poodle all have in common? Well apart from being software vulnerabilities discovered in 2014, they were all found in pre-built software components, used by developers to speed-up the development of their own bespoke programs
Design and Innovation
A Simple Fix for the Cybersecurity Skills Shortage(Trustwave Blog) Data breaches are earning front-page headlines on a near-daily basis, yet many companies across industries are struggling to obtain the security skills they need to functionally combat the ever-increasing threat of attack
Chicago And Big Data(TechCrunch) As a civilization, we may not be getting smarter. However, the technologies we use certainly are
Cyber conflict and psychological IR perspectives(Open Democracy) As cyber attacks and cyber terrorism become more prevalent, overreaction and conflict escalation must be avoided, the problem being that these things are harder to prevent through computers
NATO Reaffirmed its Commitment to Cyber Security(Turkish Weekly) Cyber threats have resided at the top of NATO's agenda in recent years. This is especially true after 2007, when alleged Russian cyber attacks on Estonia and Georgia prompted the alliance to take serious steps to address threats emanating from cyber space
Five Cyber Security Takeaways From the Mid-Term elections(Huffington Post) While not a much-discussed topic during campaign season, federal policy on cyber-security will likely see some material changes as a result of a Republican-controlled Senate. Just how significant those changes will be have yet to be determined, but here are some thoughts on probably outcomes
Carper hopes USPS breach will breathe life into cyber bills(FierceGovernmentIT) The Postal Service breach announced Nov. 10 serves as yet another example of the vulnerabilities found in federal IT systems, said Sen. Tom Carper (D-Del.) in a statement emailed to members of the press. Carper is using the USPS breach as an opportunity to garner support for cyber legislation that has repeatedly become a back-burner issue on the Hill
Rep. Cummings Seeks Briefings on Cyber Attacks(WPRO) The Ranking Member of the House Committee on Oversight and Government Reform wants to hear from several U.S. companies and government agencies in the wake of an increasing number of cyber-attacks
To censor or not to censor, that is the question(FierceContentManagement) The Electronic Frontier Foundation, or EFF, issued a warning this week that Facebook's compliance with content restriction in places like Turkey and Pakistan amounted to the company being "complicit in political censorship." But in all fairness, Facebook can't operate in any country unless it follows that country's laws. So how should any company managing user content respond in this same scenario? To censor or not to censor, that is the legal and ethical question
Irish regulator stings bank over RBS IT failings(ComputerWeekly) Ulster Bank — owned by the Royal Bank of Scotland (RBS) — has been fined €3.5m by the Irish financial services regulator in relation to the IT problems experienced in the summer of 2012, following reports UK regulators will punish RBS with a fine of tens of millions of pounds for the same incident
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
BSides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
THOTCON 0x6(Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...
Seattle SecureWorld(Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
AVAR 2014(, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...
THREADS Conference 2014(Brooklyn, New York, USA, November 13, 2014) A 2-day conference exploring state-of-the-art advances in security automation. We will present new research and innovations on integrating security into modern software development and operations, focusing...
ZeroNights 2014(Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...
Cyber Security Awareness Week Conference(New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...
Ground Zero Summit, India(New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...
The Affect of Cybersecurity on Humans(Albuquerque, New Mexico, USA, November 14, 2014) Most people would agree that technology is fascinating and has changed our lives in countless ways. But but how is it affecting us as humans and what are the issues surrounding the rapid advance in technology,...
Deepsec 2014(Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...
BugCON(Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...
Navy Now Forum: Admiral Rogers(Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...
International Cyber Warfare and Security Conference(Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...
EDSC 2014(Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...
Cyber Security World Conference 2014(New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...
Ethiopia Banking and ICT Summit(Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...
BSidesVienna(Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto(Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5(Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.