skip navigation

More signal. Less noise.

Daily briefing.

Anti-Assad hacktivists show up on a site belonging to Turkey's embassy in Bishkek, plaintively and almost apologetically, to remind the world that massacres continue in Syria.

Recorded Future reports finding new malicious networks associated with the DarkHotel cyber espionage campaign. The campaign, endemic to East Asia, is found using malware that's circulated since 2009.

The APT group controlling MiniDuke is tied to a malicious Tor exit node.

University researchers find that about 1% of advertising is malvertising — small in relation to the total volume of online advertising, significant in absolute terms and effect. Trend Micro independently publishes details of the Flashpack exploit kit operating in recent malicious ad campaigns.

Fasthosts sustained an outage yesterday attributed to a denial-of-service attack and exploitation of a Windows 2003 vulnerability.

KrebsOnSecurity discerns a link between the Staples and Michaels data breaches — some common malware and communication with the same command-and-control servers. Other observers sift through a year's worth of retail cyber attacks for such lessons as may be found. The PCI Council in particular is looking for solutions.

SChannel exploits appear as Microsoft grapples with collateral issues (not exactly damage, perhaps?) last Tuesday's patch raised.

Apple releases security fixes for iOS, OS X Yosemite, and Apple TV.

Journalists investigate Russian government cyber operations and connections between US intelligence services and US companies.

The Wall Street Journal (echoing the redoubtable Weiss) thinks the nuclear power industry is trying to define away its cyber problems.

China's Great Firewall strikes observers as an economic own-goal.

Notes.

Today's issue includes events affecting Australia, China, Japan, Republic of Korea, Kyrgyzstan, Russia, Syria, Taiwan, Turkey, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Turkish Embassy's Education Consultancy in Kyrgyzstan Hacked by Anti-Assad Hacker (HackRead) The anti-Bashar Al Assad hacker going with the handle of Dr.SHA6H has hacked and defaced the official website of Turkish embassy Education Consultancy in Bishkek, Kyrgyzstan against ongoing Syrian conflict

New Malicious Networks Discovered in Dark Hotel Malware Campaign (Recorded Future) Recorded Future discovered technical indicators that suggest malware used in the Dark Hotel campaign has been in the wild since 2009. The Dark Hotel malware campaign has links to long-standing malicious networks. According to Recorded Future analysis, this includes the Bodis LLC network. Threat analysis and samples matching Dark Hotel hashes regularly occurred in 2012 and 2013. Business travelers to the APAC region should continue to take precautions for data security and be alert to targeted attacks like spear phishing

Malicious Tor exit node is run by MiniDuke APT actors (Help Net Security) The malicious Tor exit node located in Russia that added malicious code to the software downloaded by users has been tied to the APT actors wielding the MiniDuke backdoor

Flashpack Exploit Kit Used in Free Ads, Leads to Malware Delivery Mechanism (TrendLabs Security Intelligence Blog) In the entry FlashPack Exploit Leads to New Family of Malware, we tackled the Flashpack exploit kit and how it uses three URLs

Research Finds 1 Percent of Online Ads Malicious (SecurityWeek) One percent does not sound like a lot, but multiple it by the right number, and it can be

Holy cow! Fasthosts outage blamed on DDoS hack attack AND Windows 2003 vuln (Register) Monday, bloody Monday

Link Found in Staples, Michaels Breaches (KrebsOn Security) The breach at office supply chain Staples impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores, according to sources close to the investigation

Anonymous e-hijacks KKK in wake of threats against Ferguson protesters (Naked Security) Anonymous masks courtesy of Shutterstock / Rob KintsLast Tuesday, the white supremacist group Ku Klux Klan (KKK) dumped trash bags full of flyers that promised to use "lethal force" against protesters in Ferguson, Missouri

WinShock PoC clocked: But DON'T PANIC… It's no Heartbleed (Register) SChannel exploit opens an easily closed door

Stop Comparing Every Critical Bug to Heartbleed, Shellshock (PC Magazine) Not every critical vulnerability has to be compared to Heartbleed to be taken seriously. In fact, there is no need to bring up Heartbleed or Shellshock when there is a new software flaw which requires immediate attention

New Research, Same Old Problems with BadUSB (Threatpost) BadUSB hasn't gone from bad to worse necessarily, but it sure has reached a new state of confusion for security experts and consumers in the crosshairs

Deep Dive into the HikaShop Vulnerability (Sucuri Blog) It's been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website

Localized Tools and Services, Prominent in the Brazilian Underground (TrendLabs Security Intelligence Blog) In our monitoring of the global threat landscape, we tend to notice that countries sometimes are affiliated with a particular cybercriminal activity. One classic example is Brazil, which is known for its association with banking malware. As we noted in a previous blog entry, "[0]nline banking theft is especially rampant in the country, whose history of hyperinflation has once led to an early adoption of online financial systems and a large online banking community." However, we felt like something was missing. What would explain the growth of these activities in Brazil?

Selling Snowden-style access: Inside threat (SC Magazine) Often lost in the discussion of the National Security Agency (NSA) and Edward Snowden is the fact that the broad access and privileges he had is the same type of access and power that many employees in similar positions have at almost every business

Holiday Gifts that Put Your Privacy at Risk (IT Business Edge) With the holiday season upon us, consumers are already making their holiday shopping lists. Not surprisingly, tech gifts are the most popular for the 2014 holiday season. What might surprise you, however, is that many of these must-have gifts also put consumers at the highest risk

Scammers move from Ebola phishing to fundraising (CSO) No topic is too taboo for criminals

Security Patches, Mitigations, and Software Updates

Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV (US-CERT) Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands

Apple ships OS X 10.10.1 — does it fix those Wi-Fi problems? (Naked Security) Depending on whom you ask, Apple's latest OS X update, 10.10.1, may be the most anxiously-awaited ever

Microsoft's Schannel security patch affecting TLS connections (TechTarget) Microsoft admitted that MS14-066, released last week to patch a serious Schannel security vulnerability, is causing some users to drop TLS connections

Cyber Trends

A look back at 2014's data protection nightmare (CSO) There were nearly one billion records compromised in 2014, due in part to poor supply chain protection, malicious insider access, and lackluster access management policies. Today, Salted Hash looks back at the facts and figures of a nightmarish year in information security

Threat of computer hackers has reportedly superseded terrorism (KETV) Every day, America comes under attack by computer hackers. The U.S. is spending $10 billion a year to fight the attacks, but analysts said that's not enough

Organizations Hit by DDOS Attacks Lose $40,000 per Hour, Survey Says (Tripwire: the State of Security) According to a recent survey performed by Incapsula, the hefty price tag accompanied by distributed denial of service (DDoS) attacks is now estimated to cost organizations $40,000 per hour, with nearly half of attacks lasting between 6-24 hours. Thus, companies are shelling out close to half a million dollars, on average, to quickly restore their services

Incapsula Survey : What DDoS Attacks Really Cost Businesses (Incapsula) The impact of distributed denial of service (DDoS) attacks gets bigger and harder to ignore every year; 2014 is certainly no exception. But while such assaults are on the rise, many companies have been content to protect themselves with antiquated firewall-based solutions. Instead they should be investing in solutions providing true protection against unscheduled downtime and financial losses

Malware Grows as C&C Servers Drop; IoT Looms (Infosecurity Magazine) The United States hosts more than 43% of all malicious links and more C&C servers than any other country in the world. However, when analyzing infection rates/ratios based on the number of IP addresses in a country, the United States ranks only as the 28th most-affected location when it comes to malware

Internet Of Things 'Overhyped,' Say IT Execs (InformationWeek) IT executives expect the IoT to impact their businesses, although they're not sure how, finds CompTIA survey

Android and iOS apps still being cloned to spread malware (TechWorld) Finance, healthcare and retail are top targets

Russia Plays Big Role in Cyber Spying, Hacking (Voice of America) Even in these times of incessant cyber-attacks and Internet hacks, the news took many security analysts by surprise — and led to the doors of the Kremlin

An In-Depth Look At The U.S. Cyber War, The Military Alliance And Its Pitfalls (NPR via KWIT/KOJI) This is FRESH AIR. I'm Terry Gross. Cybersecurity, cyberwar and the rise of the military Internet complex is the subject of the new book "@War" by my guest, Shane Harris

Google's secret NSA alliance: The terrifying deals between Silicon Valley and the security state (Salon) Inside the high-level, complicated deals — and the rise of a virtually unchecked surveillance power

American Surveillance Now Threatens American Business (Atlantic) A new study finds that a vast majority of Americans trust neither the government nor tech companies with their personal data

CRA Uncovers a Very Real SMB Business Risk (Broadway World) CRA, a leading managed IT solutions firm based in NYC, has uncovered that SMBs are taking great risks with their IT environments. According to a Symantec study, 57% of SMBs don't have a disaster recovery plan. Additionally, the study stated one in four SMBs do not even view IT critical to their businesses

Insider Security Threat: A Growing Concern (Midsize Insider) The potential for cybercrime and data breaches will always loom large, but according to a recent survey, the insider security threat and a lack of security-related education and training for employees have both become challenges

Is Rogue IT Really A Problem? (Dark Reading) Rogue IT may be a misnomer for the subtleties of IT security's involvement in cloud procurement

Marketplace

Cybersecurity ETF "HACK" Debuts on NYSE (Money Morning) A new cybersecurity ETF debuted last week that gives investors a fresh way to profit from the need to protect U.S. businesses from cyberattacks and data breaches

PCI Council looks for ways to stem data breaches after bad year (IDG via CSO) A consortium that develops guidelines for protecting payment card data is hoping that emerging security technologies will help prevent breaches that made this year one of the worst ever on the security front

Mitigating cyber risk begins in the boardroom (Business Spectator) Large-scale cyber attacks and data breaches are the new normal for businesses and governments alike. If there has been a recurring global news story over the last two years in the security sector it has been the constant drum beat of highly public data breaches affecting tens of millions of customers

Juniper CEO shuffle creates uncertainty, excitement (TechTarget) Leadership problems and troubled negotiations with an unnamed customer spurred the resignation of Juniper CEO Shaygan Kheradpir

Wynyard hires former Darktrace, GCHQ officer Andrew France (NBR) Wynyard Group [NZX: WYN], the security software company spun out of Jade Software last year, has hired Andrew France, former deputy director of cyber defence operations at British intelligence agency GCHQ, for the role of strategic adviser for intelligence

Products, Services, and Solutions

Cisco Launches Open-Source Security Analytics (Infosecurity Magazine) Cisco has launched its open-source security analytics tool

MasterCard promises (slow) death to online payment passwords (Naked Security) No passwords, MastercardCredit card giant MasterCard has shared plans to do away with passwords in online payments, with an all-new authentication standard to eventually replace 3D Secure

AT&T Stops Using 'Permacookies' to Track Customer Activity (eSecurity Planet) Verizon, however, is continuing to insert the tracking data into its customers' Web traffic

Do 'Non-Standard' OSes Like IBM i Pose Security Risks? (IT Jungle) As an IBM i professional, you're familiar with the platform and comfortable working around it. But you're also aware that the IBM i is different from other systems, and that it makes some people uncomfortable. According to new report from the SANS Institute, the mere existence of "non-standard" operating systems such as IBM i has the potential to introduce a security risk in the data center

Ribose first to achieve CSA STAR Certification with new CCM 3.0.1 cloud security standard (PRNewswire) Ribose has become the world's first cloud service provider (CSP) to achieve STAR Certification from the Cloud Security Alliance (CSA) compliant to the latest Cloud Controls Matrix (CCM) 3.0.1 cloud security standard. Ribose is also the first CSP to have achieved two consecutive STAR Gold Certifications, indicating the maturity level of its security controls

Technologies, Techniques, and Standards

The evolution of threat detection and Big Data (Help Net Security) Mark Gazit is the CEO of ThetaRay, a specialist in threat detection. In this interview he talks about leveraging Big Data to secure networks, the advantages of using math-based anomaly detection as well as the evolution of threat detection in the past decade

IAB Urges Designers to Make Encryption the Default (Threatpost) The Internet Architecture Board, the body in charge of overseeing the structure of many of the Internet's key standards, has recommended that encryption be the default traffic option for protocols. The recommendation comes after more than 18 months of revelations about the pervasive surveillance activities online by intelligence agencies

Android Hacking and Security, Part 13: Introduction to Drozer (Infosec Institute) We have seen various vulnerabilities in Android apps in the previous articles. Before moving ahead with other vulnerabilities in Android applications in this series of articles, I would like to introduce an awesome tool named Drozer

Using crypto-free zones to thwart advanced attacks (TechTarget) Looking at recent breach data, it is amazing how long an organization can be compromised without noticing it

Keep your retirement accounts safe from cyberattacks (MarketWatch) You may think your retirement assets are protected from cyberattack or identity thieves, but what about all the information you give your financial adviser? How well do they protect you and your money?

Tech Hygiene: 10 Bad Habits To Break (InformationWeek) When it comes to digital devices, a little cleanliness — both inside and out — goes a long way

Why Cyber Security Starts At Home (Dark Reading) Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all

Research and Development

EASE, the DHS concept of self-repairing networks (Security Affairs) The Department of Homeland Security is working with industry to the EASE concept, a self-repairing systems able to avoid the interruption of the operations

Keeping Secrets (Stanford Magazine) Four decades ago, university researchers figured out the key to computer privacy, sparking a battle with the National Security Agency that continues today

IBM Boosts Cloud Data Protection, Compliance (eSecurity Planet) IBM has patented an invention that will help global businesses navigate complex regulatory landscape for cloud data

Academia

Cyber-Sputnik Needed to Spur Cyber Skills Development (RigZone) The United States needs a 'cyber-Sputnik' incident to jumpstart the nation's development of the cybersecurity analyst workforce and regulations it needs, according to a former military and intelligence official

Federal agencies grant UALR academic distinction (AP via THV 11) Federal agencies have granted honors to programs at the University of Arkansas at Little Rock

Legislation, Policy, and Regulation

The Great Firewall's latest victims demonstrate its stubborn flaw (Quartz) When internet users in China fire up TheAtlantic.com, check out product specifications on Sony Mobile, or add a Firefox plugin, well, too bad

What if China held a world internet conference and the world didn't show up? (Quartz) When China hosts the country's very first "World Internet Conference" this week in the city of Wuzhen, speakers will include top executives from China's internet giants like Alibaba, Tencent, and Baidu, along with executives from "Qualcomm, Microsoft and Samsung," Xinhua reports. The conference is expecting "1,000 participants," China Daily reports, and "almost 700 journalists from the world." But the guest list from beyond China's borders is pretty thin

Fix your security, don't cover up breaches: Privacy commissioner (ZDNet) Read the new Privacy Regulatory Action Policy, says Australia's Privacy Commissioner Timothy Pilgrim. Follow its advice, or get into trouble

Obama Administration 'Strongly Supports' NSA Reform Bill (National Journal) With a key vote on the measure looming, the White House is backing a bill to curb a phone-spying program

Cyber Insurance for Critical Infrastructure (Norse Corporation) You can't turn a television on today without seeing one of the nations' most beloved insurance icons "Flo" from Progressive insurance. We enjoy her whimsical plays on how to get the best price for an insurance policy, but I wonder at what point will these commercials hype "cyber"?

Security Experts Express Concern over Nuclear Cybersecurity Proposal (Wall Street Journal) Cybersecurity experts say that a regulatory request by the nuclear industry's main trade group to revise cybersecurity requirements will leave systems in nuclear power plants more vulnerable

The arrogance of the US nuclear power industry — we don't want to look at everything (Control) The Nuclear Energy Institute (NEI) in support of the US nuclear utilities has filed a request for rulemaking with the Nuclear Regulatory Commission (NRC) to modify the nuclear plant cyber security rule (www.nrc.gov, Docket ID NRC-2014-0165). The gist of the draft rulemaking is NEI and the nuclear utilities feel the NRC is making the industry spend too much money by looking at too many of the systems and components in a nuclear power plant

Litigation, Investigation, and Law Enforcement

Many Tor-anonymized domains seized by police belonged to imposter sites (Ars Technica) Results of darkweb crawl may come as good news to Tor supporters

Democrats seek answers in State Dept. cyber-attack (AP via the New Zealand Herald) A U.S. House oversight committee demanded answers Monday about a suspected cyber-attack that has shut down the State Department's unclassified email system

VA Needs to Address Identified Vulnerabilities (GAO) While the Department of Veterans Affairs (VA) has taken actions to mitigate previously identified vulnerabilities, it has not fully addressed these weaknesses. For example, VA took actions to contain and eradicate a significant incident detected in 2012 involving a network intrusion, but these actions were not fully effective

Court agrees that Google's search results qualify as free speech (Ars Technica) Website CoastNews had its complaint tossed; must pay attorney's fees to Google

AT&T demands clarity: Are warrants needed for customer cell-site data? (Ars Technica) Legal uncertainty surrounds a law compelling disclosure of location information

Duggan: Hackers went after Detroit database, official (Detroit Free Press) Detroit Emergency Mayor Kevyn Orr spokesman Bill Nowling said it was an attempted identity theft in spring 2013 but he declined to identify the target because the investigation is ongoing

TRUSTe Not So Trustworthy (InformationWeek) Privacy certification company has agreed to pay $200,000 to settle FTC charges that it deceived consumers

Silk Road 2.0 suspect's Twitter account hijacked, lawyer says (Ars Technica) Blake Benthall "remains in custody and thus, of course, is not tweeting"

Jailed Twitter troll: 'It was disgusting what I did' (Naked Security) A woman who was sentenced to 12 weeks in jail for sending abusive tweets to journalist Caroline Criado-Perez has spoken of her regret over the abuse she dished out on Twitter

Head of AmCham France is target of blackmail (The Local (France)) Clara Gaymard, president and CEO of General Electric France and president of the American Chamber of Commerce in France has filed a complaint after being the target of blackmail

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, November 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...

Navy Now Forum: Admiral Rogers (Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...

Maintaining Robust Grid Cybersecurity in Expanding Smart Grid Markets (Washington, DC, USA, November 20, 2014) This roundtable will explore how cybersecurity has become an integral component, not just an afterthought, of the critical infrastructure and the energy industry

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

BSidesToronto (Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Cybergamut Tech Tuesday: Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection (Columbia, Maryland, USA, December 2, 2014) Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood...

5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, December 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed...

Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit

SINET 16 (Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...

SINET Showcase (, January 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and...

Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...

International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, December 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology...

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...

ICFPT 2014 (Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.