Anti-Assad hacktivists show up on a site belonging to Turkey's embassy in Bishkek, plaintively and almost apologetically, to remind the world that massacres continue in Syria.
Recorded Future reports finding new malicious networks associated with the DarkHotel cyber espionage campaign. The campaign, endemic to East Asia, is found using malware that's circulated since 2009.
The APT group controlling MiniDuke is tied to a malicious Tor exit node.
University researchers find that about 1% of advertising is malvertising — small in relation to the total volume of online advertising, significant in absolute terms and effect. Trend Micro independently publishes details of the Flashpack exploit kit operating in recent malicious ad campaigns.
Fasthosts sustained an outage yesterday attributed to a denial-of-service attack and exploitation of a Windows 2003 vulnerability.
KrebsOnSecurity discerns a link between the Staples and Michaels data breaches — some common malware and communication with the same command-and-control servers. Other observers sift through a year's worth of retail cyber attacks for such lessons as may be found. The PCI Council in particular is looking for solutions.
SChannel exploits appear as Microsoft grapples with collateral issues (not exactly damage, perhaps?) last Tuesday's patch raised.
Apple releases security fixes for iOS, OS X Yosemite, and Apple TV.
Journalists investigate Russian government cyber operations and connections between US intelligence services and US companies.
The Wall Street Journal (echoing the redoubtable Weiss) thinks the nuclear power industry is trying to define away its cyber problems.
China's Great Firewall strikes observers as an economic own-goal.
Today's issue includes events affecting Australia, China, Japan, Republic of Korea, Kyrgyzstan, Russia, Syria, Taiwan, Turkey, United Kingdom, United States.
New Malicious Networks Discovered in Dark Hotel Malware Campaign(Recorded Future) Recorded Future discovered technical indicators that suggest malware used in the Dark Hotel campaign has been in the wild since 2009. The Dark Hotel malware campaign has links to long-standing malicious networks. According to Recorded Future analysis, this includes the Bodis LLC network. Threat analysis and samples matching Dark Hotel hashes regularly occurred in 2012 and 2013. Business travelers to the APAC region should continue to take precautions for data security and be alert to targeted attacks like spear phishing
Link Found in Staples, Michaels Breaches(KrebsOn Security) The breach at office supply chain Staples impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores, according to sources close to the investigation
Deep Dive into the HikaShop Vulnerability(Sucuri Blog) It's been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website
Localized Tools and Services, Prominent in the Brazilian Underground(TrendLabs Security Intelligence Blog) In our monitoring of the global threat landscape, we tend to notice that countries sometimes are affiliated with a particular cybercriminal activity. One classic example is Brazil, which is known for its association with banking malware. As we noted in a previous blog entry, "nline banking theft is especially rampant in the country, whose history of hyperinflation has once led to an early adoption of online financial systems and a large online banking community." However, we felt like something was missing. What would explain the growth of these activities in Brazil?
Selling Snowden-style access: Inside threat(SC Magazine) Often lost in the discussion of the National Security Agency (NSA) and Edward Snowden is the fact that the broad access and privileges he had is the same type of access and power that many employees in similar positions have at almost every business
Holiday Gifts that Put Your Privacy at Risk(IT Business Edge) With the holiday season upon us, consumers are already making their holiday shopping lists. Not surprisingly, tech gifts are the most popular for the 2014 holiday season. What might surprise you, however, is that many of these must-have gifts also put consumers at the highest risk
A look back at 2014's data protection nightmare(CSO) There were nearly one billion records compromised in 2014, due in part to poor supply chain protection, malicious insider access, and lackluster access management policies. Today, Salted Hash looks back at the facts and figures of a nightmarish year in information security
Organizations Hit by DDOS Attacks Lose $40,000 per Hour, Survey Says(Tripwire: the State of Security) According to a recent survey performed by Incapsula, the hefty price tag accompanied by distributed denial of service (DDoS) attacks is now estimated to cost organizations $40,000 per hour, with nearly half of attacks lasting between 6-24 hours. Thus, companies are shelling out close to half a million dollars, on average, to quickly restore their services
Incapsula Survey : What DDoS Attacks Really Cost Businesses(Incapsula) The impact of distributed denial of service (DDoS) attacks gets bigger and harder to ignore every year; 2014 is certainly no exception. But while such assaults are on the rise, many companies have been content to protect themselves with antiquated firewall-based solutions. Instead they should be investing in solutions providing true protection against unscheduled downtime and financial losses
Malware Grows as C&C Servers Drop; IoT Looms(Infosecurity Magazine) The United States hosts more than 43% of all malicious links and more C&C servers than any other country in the world. However, when analyzing infection rates/ratios based on the number of IP addresses in a country, the United States ranks only as the 28th most-affected location when it comes to malware
CRA Uncovers a Very Real SMB Business Risk(Broadway World) CRA, a leading managed IT solutions firm based in NYC, has uncovered that SMBs are taking great risks with their IT environments. According to a Symantec study, 57% of SMBs don't have a disaster recovery plan. Additionally, the study stated one in four SMBs do not even view IT critical to their businesses
Insider Security Threat: A Growing Concern(Midsize Insider) The potential for cybercrime and data breaches will always loom large, but according to a recent survey, the insider security threat and a lack of security-related education and training for employees have both become challenges
Cybersecurity ETF "HACK" Debuts on NYSE(Money Morning) A new cybersecurity ETF debuted last week that gives investors a fresh way to profit from the need to protect U.S. businesses from cyberattacks and data breaches
Mitigating cyber risk begins in the boardroom(Business Spectator) Large-scale cyber attacks and data breaches are the new normal for businesses and governments alike. If there has been a recurring global news story over the last two years in the security sector it has been the constant drum beat of highly public data breaches affecting tens of millions of customers
Wynyard hires former Darktrace, GCHQ officer Andrew France(NBR) Wynyard Group [NZX: WYN], the security software company spun out of Jade Software last year, has hired Andrew France, former deputy director of cyber defence operations at British intelligence agency GCHQ, for the role of strategic adviser for intelligence
Do 'Non-Standard' OSes Like IBM i Pose Security Risks?(IT Jungle) As an IBM i professional, you're familiar with the platform and comfortable working around it. But you're also aware that the IBM i is different from other systems, and that it makes some people uncomfortable. According to new report from the SANS Institute, the mere existence of "non-standard" operating systems such as IBM i has the potential to introduce a security risk in the data center
Ribose first to achieve CSA STAR Certification with new CCM 3.0.1 cloud security standard(PRNewswire) Ribose has become the world's first cloud service provider (CSP) to achieve STAR Certification from the Cloud Security Alliance (CSA) compliant to the latest Cloud Controls Matrix (CCM) 3.0.1 cloud security standard. Ribose is also the first CSP to have achieved two consecutive STAR Gold Certifications, indicating the maturity level of its security controls
Technologies, Techniques, and Standards
The evolution of threat detection and Big Data(Help Net Security) Mark Gazit is the CEO of ThetaRay, a specialist in threat detection. In this interview he talks about leveraging Big Data to secure networks, the advantages of using math-based anomaly detection as well as the evolution of threat detection in the past decade
IAB Urges Designers to Make Encryption the Default(Threatpost) The Internet Architecture Board, the body in charge of overseeing the structure of many of the Internet's key standards, has recommended that encryption be the default traffic option for protocols. The recommendation comes after more than 18 months of revelations about the pervasive surveillance activities online by intelligence agencies
Android Hacking and Security, Part 13: Introduction to Drozer(Infosec Institute) We have seen various vulnerabilities in Android apps in the previous articles. Before moving ahead with other vulnerabilities in Android applications in this series of articles, I would like to introduce an awesome tool named Drozer
Keep your retirement accounts safe from cyberattacks(MarketWatch) You may think your retirement assets are protected from cyberattack or identity thieves, but what about all the information you give your financial adviser? How well do they protect you and your money?
Why Cyber Security Starts At Home(Dark Reading) Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all
Cyber-Sputnik Needed to Spur Cyber Skills Development(RigZone) The United States needs a 'cyber-Sputnik' incident to jumpstart the nation's development of the cybersecurity analyst workforce and regulations it needs, according to a former military and intelligence official
What if China held a world internet conference and the world didn't show up?(Quartz) When China hosts the country's very first "World Internet Conference" this week in the city of Wuzhen, speakers will include top executives from China's internet giants like Alibaba, Tencent, and Baidu, along with executives from "Qualcomm, Microsoft and Samsung," Xinhua reports. The conference is expecting "1,000 participants," China Daily reports, and "almost 700 journalists from the world." But the guest list from beyond China's borders is pretty thin
Cyber Insurance for Critical Infrastructure(Norse Corporation) You can't turn a television on today without seeing one of the nations' most beloved insurance icons "Flo" from Progressive insurance. We enjoy her whimsical plays on how to get the best price for an insurance policy, but I wonder at what point will these commercials hype "cyber"?
The arrogance of the US nuclear power industry — we don't want to look at everything(Control) The Nuclear Energy Institute (NEI) in support of the US nuclear utilities has filed a request for rulemaking with the Nuclear Regulatory Commission (NRC) to modify the nuclear plant cyber security rule (www.nrc.gov, Docket ID NRC-2014-0165). The gist of the draft rulemaking is NEI and the nuclear utilities feel the NRC is making the industry spend too much money by looking at too many of the systems and components in a nuclear power plant
VA Needs to Address Identified Vulnerabilities(GAO) While the Department of Veterans Affairs (VA) has taken actions to mitigate previously identified vulnerabilities, it has not fully addressed these weaknesses. For example, VA took actions to contain and eradicate a significant incident detected in 2012 involving a network intrusion, but these actions were not fully effective
Head of AmCham France is target of blackmail(The Local (France)) Clara Gaymard, president and CEO of General Electric France and president of the American Chamber of Commerce in France has filed a complaint after being the target of blackmail
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Deepsec 2014(Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...
BugCON(Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...
Navy Now Forum: Admiral Rogers(Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...
International Cyber Warfare and Security Conference(Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...
EDSC 2014(Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...
Cyber Security World Conference 2014(New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...
Ethiopia Banking and ICT Summit(Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...
BSidesVienna(Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto(Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5(Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...
Healthcare Cyber Security Summit 2014(San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
SINET 16(Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...
SINET Showcase(, January 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and...
Tax Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.