The G20 summit seems to have been largely undisturbed by hacktivism, but there are reports of widespread Chinese government intrusion into Australian media networks, and of unattributed RAT-enabled surveillance of pro-Tibetan protestors in Brisbane.
The other dog that didn't bark over the weekend was the threatened Anonymous action protesting Israeli policy concerning the al Aksa mosque.
In the US, NOAA confirms that its weather data were interrupted by a probable Chinese cyber attack (and the agency receives criticism for its delay in notifying Congress). The State Department shut down its unclassified email system for security upgrades; reports suggest the Department noticed "anomalies" around the time the White House unclassified networks were hacked, and that these prompted the security enhancements.
Attacks on NATO and European governments conducted through Tor networks appear, says F-Secure, to be the work of a state. F-Secure primly leaves that state unnamed, but it's widely held to be Russia.
Other research into Tor finds that its users can be de-anonymized through traffic analysis.
A new ransomware variant treats victims as if they were prospective customers, offering them one free decryption.
A new Bashlite variant attacks routers and other devices running on BusyBox.
US-CERT warns against Masque; Apple says Masque is a minor issue.
Microsoft users experience problems with last week's Schannel patch.
In industry news, companies increase cyber security spending, and hire cyber firms for wider consultation. KPMG buys German cyber firm P3. Businesses increasingly see cyber insurance coverage as a necessity.
Chinese authorities arrest WireLurker suspects.
Today's issue includes events affecting Australia, China, France, Germany, India, Iraq, Israel, Jordan, Malaysia, NATO, New Zealand, Palestinian Territories, Russia, Spain, Syria, Ukraine, United Kingdom, United States, Vanuatu, and Vietnam.
Those interested in US Federal law enforcement will find the CyberWire's exclusive interview with FBI Special Agent Keith Mularski interesting, particularly his observations on the role indictment and trial play in attribution of cyber attacks.
Hacker group Anonymous threatens to target Israeli websites(Israel Hayom) Intended cyber attack on banking and defense sites is touted as Anonymous' answer to "the ongoing Israeli attacks on the Al-Aqsa mosque." Security expert: These types of threats are frequently made and in most cases the damage is minor
Anonymous targets Ku Klux Klan during latest operation(CSO) After the Ku Klux Klan (KKK) promised to use lethal force against protestors in Ferguson, Mo., supporters of Anonymous launched OpKKK. On Sunday, the faceless, loosely associative collective hijacked two KKK Twitter accounts, and used DDoS to disable several KKK-related websites
Fake Viber Spam Changes Routines Based on Platform(TrendLabs Security Intelligence Blog) Earlier this week, we noticed that there was a spike in the volume of spammed messages that pretend to come from the messaging service Viber. This app, which also has a desktop version, allows users for free calls and messages. The email informs the recipient that they have one voice message for their account
Trojan Rovnix Infects More Than 130K UK PCs, Finds BitDefender(Spamfighter News) BitDefender has cautioned that more than 130K PCs inside United Kingdom are tainted because of Trojan Rovnix, the info-grabbing malware, within one botnet operation particularly victimizing high-profile entities across the country
A fresh C93 phishing Scam targeting Microsoft's Windows Outlook Users(Security Affairs) Scammers have unleashed a C93 virus scare, targeted at Microsoft's Windows outlook users in a wide phishing campaign aimed at stealing users' login credentials. The scam is similar to earlier phishing campaign targeted at Hotmail users raising suspicions that the same fraudsters could be involved
US Govt. warns Apple iOS Users over "Masque Attack"(The Next Digit) The US Computer Emergency Readiness Team has warned the Apple users about the Masque attack, which is a new bug that enables the hackers to steal important info from iPhones and iPads. If you are very curious about the "Masque Attack," watch the video posted at the end of this post
This is Apple's response to the 'Masque Attack' malware vulnerability(HITC Tech) Apple has issued a response to recent reports that iOS 8 is susceptible to malware attacks. After multiple reports this week discovered malicious software attacks could steal important data from the devices of iOS 8 users, Apple has issued a reply claiming they are unaware of any customers currently affected by the attack
Let the right one in: Apple uses two doors to manage malware(MacWorld) Two recent security incidents, WireLurker and Masque Attack, highlight both the ease and difficulty of slipping malware onto iOS. But they also show the way in which Apple may have infantilized its audience into not knowing the right choice to make when presented with a genuine security flaw
Exploitation of Philips Smart TV(fred's notes) My Philips Smart TV is a Linux box standing there in my living room : that's a sufficient reason to try to get root
Hacking the Ayatollahs(Wall Street Journal) The Stuxnet virus opened and closed valves on Iranian centrifuges and adjusted their power supply as false readings were fed to operators
Security Patches, Mitigations, and Software Updates
Microsoft Updates MS14-066(Internet Storm Center) Microsoft updated MS14-066 to warn users about some problems caused by the additional ciphers added with the update. It appears that clients who may not support these ciphers may fail to connect at all. The "quick fix" is to remove the ciphers by editing the respective registry entry (see the KB article link below for more details)
Issues Arise With MS14-066 Schannel Patch(Threatpost) Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances
HP Ramps Up Mobile Payments Reach(TechWeek Europe) HP has announced a major expansion to its mobile payments capacity as it looks to improve the safety and security of transactions made using mobile devices
3 emerging threats to healthcare privacy and security(FierceHealthIT) New risks have upped the ante for HIPAA security and privacy officers and increased fines have many on edge. Particularly in the aftermath of the Community Health Systems (CHS) breach, which put 4.5 million patient records at risk across 29 states and 206 hospitals, last year's risk assessments look woefully inadequate for many healthcare systems and practices. What's worrying privacy and security officers this year?
Survey shows Android attack trends(IT Online) According to the results of the Mobile CyberThreat survey carried out by Kaspersky Lab and Interpol between August 2013 and July 2014, malicious programs targeting Android-based devices in order to steal their owners' money were used in 60% of attacks registered by Kaspersky Lab security products
Will cloud, security hires break the bank in 2015?(FierceCIO) Big data and data analytics have been grabbing much of the headlines this year for top IT job demand. But CIOs are being warned to brace for an extremely competitive market for IT security professionals and virtually any cloud-related jobs in 2015, both of which should push salaries up significantly
KPMG Acquires German Cyber Security Firm(TechWeek Europe) KPMG has completed the acquisition of P3, a privately-owned German cyber-security firm that provides risk management, security assessments, and mobile and fixed network protection to clients across the financial services sector
Canadian security firm expands as cloud demand grows(Computer Dealer News) A Toronto-based data protection company has opened a new office just outside the city as it expands operations to deal with the growing demand for cloud security solutions. Perspecsys Inc., said it new office in Mississauga, Ont. will house a growing team of engineers, sales, product and marketing personnel that will bring its AppProtex Cloud Data Protection Gateway to market
BlackBerry Unveils New Enterprise Security, Mobility Solutions(SecurityWeek) Smartphone maker BlackBerry announced several new offerings targeted to its enterprise customers this week, in order to help organizations securely connect employees and help them access the corporate information and systems required to get their jobs done
New RSA Solution Takes Customers from Hunted to Hunter(Providence Journal) When I meet with customers, I'm always intrigued by how they perceive their organization's cyber risk relative to their security program's maturity. These conversations are invaluable in guiding the development of our product strategy
Cybersecurity Startup Reviews 'App's DNA' to Help CIOs Identify Mobile Malware(CIO Journal) A rise in threats targeting mobile devices, coupled with the fact that people can pick up malware in coffee shops and other connected places, has made managing mobile security more complicated for CIOs. The danger was underscored with the recent discovery of two Apple Inc. iOS vulnerabilities triggered by mobile malware, "Masque Attack" and "Wire Lurker," aimed at iPhones and iPads. New cloud software from startup Lookout Inc. combines machine learning and contextual analytics to protect mobile devices from malicious applications
Pompem — Exploit Finder Script & Web Version(Kitploit) Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases
Is cyber insurance your last line of defense?(Beta News) The recent spate of payment card breaches that have plagued the retail industry this year has prompted many merchants to consider investing in cybersecurity liability insurance policies to offset the costs associated with a breach recovery. These companies often make this choice based on the belief that the money they've spent to comply with industry security standards has failed to prevent these breaches from occurring, and there seems to be no other alternative. At least one recently filed claim has led to a lawsuit that will put these cybersecurity insurance policies to the test
Cyber-Insurance Now a Necessity(Valley News) More than 3,000 American businesses were hacked last year, many of them small and midsize firms that are often less protected than their multinational counterparts, according to the Center for Strategic and International Studies
Nonprofit Effort Provides Training Programs for Veterans(SIGNAL) Last year, Kade Wolfley held a federal job as an electrician that gave him such little satisfaction he opted to quit and test his luck on an intriguing training program that took him away from his family for 11 weeks and offered no guarantee of employment
Team heads to cyber war competition(Pekin Daily Times) Twelve members of the Limestone Community High School Air Force JROTC invaded Advanced Medical Transport's Peoria headquarters Friday for cyber war games
Changed guidelines lead to more firsts for cybersecurity(Pacific.Scoop) A Vanuatu student has contributed to the ever-increasing list of firsts being achieved by the University of Waikatos cyber security programme. Jeff Garae initially came to the University in 2013 as part of the Ministry of Foreign Affairs and Trade (MFAT)
Legislation, Policy, and Regulation
NATO helps Jordan fend off ISIL cyber threat(NATO/OTAN) Over recent years, cyber attacks have targeted key national security installations in countries around the world, from Estonia's banking system to South Korea's media network. To help counter this growing threat, NATO has been strengthening the cyber defence capabilities of both its member countries and its partners
Why cyber took a back seat in Beijing(FCW) In advance of President Barack Obama's Nov. 11 meeting with Chinese President Xi Jinping, Deputy National Security Adviser Ben Rhodes implied that Obama would be blunt with Xi on what the U.S. sees as China's transgressions in cyberspace, and also try to revive a bilateral working group on the issue. Obama may well have pushed for a breakthrough on cybersecurity in his five-hour meeting with Xi, but one was not forthcoming
Cyber bill's fate hinges on NSA reform(The Hill) The upcoming Senate vote on a bill to reform the National Security Agency (NSA) could make or break legislation on sharing cyber threat information in the lame duck
Cyber bills caught up in turf spat(The Hill) A House jurisdictional fight is holding up cyber legislation, said House Homeland Security Chairman Michael McCaul (R-Texas) in an interview
U.S. Gov Insists It Doesn't Stockpile Zero-Day Exploits to Hack Enemies(Wired) For years the government has refused to talk about or even acknowledge its secret use of zero-day software vulnerabilities to hack into the computers of adversaries and criminal suspects. This year, however, the Obama administration finally acknowledged in a roundabout way what everyone already knew — that the National Security Agency and law enforcement agencies sometimes keep information about software vulnerabilities secret so the government can exploit them for purposes of surveillance and sabotage
Industry-Government Partnerships Critical To Resiliency Of US Electric Power Grid(HS Today) With the nation's dependence on the electric power grid for support across a number of critical infrastructure sectors — including oil and natural gas, water, transportation, telecommunications and financial sectors — it is becoming increasingly important for government and industry to partner together to strengthen and enhance the resiliency of the US electric power grid
Suspects Tied to WireLurker Malware Arrested in China(Softpedia) The Beijing Municipal Public Security Bureau has arrested three individuals for involvement in the creation and distribution of WireLurker malware that compromises iOS devices and made hundreds of thousands of victims in China
Investigating Federal cyber crime (and why indictments matter)(The CyberWire) Back in December of 2012 at a cyber community event in Baltimore, Special Agent Mularski described his experience breaking up organized cyber criminal gangs. This interview gives us a chance to catch up with him about recent developments in cyber law enforcement
'Microsoft Partner' Claims Fuel Support Scams(KrebsOnSecurity) You can't make this stuff up: A tech support company based in the United States that outsources its work to India says its brand is being unfairly maligned by — wait for it… tech support scammers based in India. In an added twist, the U.S.-based tech support firm acknowledges that the trouble may be related to its admittedly false statements about being a Microsoft Certified Partner — the same false statements made by most telephone-based tech support scams
Deepsec 2014(Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...
BugCON(Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...
Navy Now Forum(Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...
Navy Now Forum: Admiral Rogers(Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...
International Cyber Warfare and Security Conference(Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...
EDSC 2014(Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...
Ethiopia Banking and ICT Summit(Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...
Cyber Security World Conference 2014(New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...
BSidesVienna(Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.