Malware and attack techniques undergo evolutionary changes, some driven by technology-push, others by demand-pull. The Citadel Trojan has branched from its roots in bank fraud attacks into theft of master passwords protecting password managers. ROVNIX is now being distributed by macro downloader (as is DRIDEX).
Attackers are looking for privileged access to networks more than they're attempting to install traditional malware, and CyberArk sees privilege abuse as a cross-industry trend in cyber attacks. The bottom seems to be falling out of the black market for paycard data and account credentials — supply has quickly outstripped demand — and Trend Micro thinks criminals are beginning to shift their attention to other targets, many of them in the Internet-of-things.
The NotCompatible Android Trojan gets "stealthier and more resilient," strengthening a two-year-old botnet (and in botnet terms that's venerable) threatening corporate networks.
This week's emergency Windows patch closes vulnerabilities being actively exploited in the wild. Google upgrades Android Lollipop against ASLR bypass. Drupal patches a denial-of-service vulnerability.
Trend season is upon us. Among those discerned are hardy evergreens "people aren't learning from security fails" and "expect data breaches during the holidays." Congressional deferral of US surveillance reform and the introduction or repurposing of privacy tools stoke the "encrypt-everything" and "watch-your-privacy" trends. Security professionals are sanguine about 2015 — CISO leadership and bigger budgets make them snort — but the medical sector is warned it's in hackers' crosshairs.
NATO and banking cyber exercises are expected to improve defensive readiness. UK police predict a cyber jihad against Western banks.
Today's issue includes events affecting China, India, Indonesia, Israel, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, United Kingdom, United States, Uzbekistan, and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
Citadel Variant Targets Password Managers(Threatpost) The Citadel Trojan has once again branched out beyond its roots as banking malware and is now targeting the master passwords guarding major password management products
ROVNIX Infects Systems with Password-Protected Macros(TrendLabs Security Intelligence Blog) We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX
Credit cards are passé; cyber criminals set their sights higher(The Hindu Business Line) Prices of people's stolen credentials in the cyber underground have drastically come down. According to a new report by cyber security solutions firm Trend Micro, the average price of credit card details has dropped to $1 from $3 in 2014. Facebook credentials are down to $100 from $200 and Gmail details have dropped from $217 to $100. This, experts say, is because of the tremendous increase in supply
VMware: "It's not a vulnerability, mmkkkayyy"(KoreLogic Blog) During a recent review of the VMWare Workstation application, I discovered a method that allows any member of the __vmware__ group to extract arbitrary sections of kernel memory. When you consider the fact that members of this group are not required to already have administrative privileges, this suddenly becomes a significant vulnerability in the sense that it implies that otherwise unprivileged users now have the means to extract and subsequently use/abuse sensitive data like process-level tokens, encryption keys, etc. Needless to say, this poses a significant security risk to any organization that allows unprivileged users to operate virtual machines by way of the __vmware__ group
Today's Top 5 Malware Threats(eSecurity Planet) To fight malware, security teams must understand it. Here are five especially nasty forms of malware
Nasty Securiy Bug Fixed in Android Lollipop 5.0(Threatpost) There is a vulnerability in Android versions below 5.0 that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances. The bug was fixed in Lollipop, the newest version of the mobile OS, released earlier this week
Yahoo Will Soon Become The Default Search Engine In Firefox(TechCrunch) Starting in December, Firefox will use Yahoo as its default search engine in the United States on mobile and desktop. As a part of this five-year deal, Yahoo will also launch a new search experience for Firefox users in the U.S., which should go live at the same time Firefox makes the switch away from Google
More Data Breaches Expected This Holiday Season(PYMNTS) Retailers are still trying to regain their footing from last year's massive data breaches. But as stores like Target and Neiman Marcus finally stabilize for the holidays, experts say 'tis the season for more — and more sophisticated — big hacks
Overwhelming optimism for information security in 2015(Help Net Security) Expectations for data security next year are surprisingly optimistic given the harsh reality of 2014, which has been the worst year on record for data breaches, according to a new survey by ThreatTrack Security
Legal Losing Its Grip Over Risk and Compliance(Wall Street Journal) A new survey from the Society of Corporate Compliance and Ethics and NYSE Governance Services offers more evidence that companies are increasingly making their compliance functions separate from legal
Does cyber insurance help the CISO get a seat in the boardroom?(Help Net Security) CISOs and cyber security leaders have long struggled to gain a voice in the boardroom. Shut out of leadership meetings and strategic decision-making, IT security has often been seen as little more than a compliance-driven, check-the-box initiative that requires minimal continuous effort to maintain. Some CISOs simply serve as scapegoats, accepting blame when breaches occur and ignored when the horizon is clear
How to Profit from Cyber Pain(Fox Business) One of my key investment themes has been Safety & Security, which touches on personal safety as well as security for companies, schools and other institutions, including the government. Given the confluence of several factors including the near-unquenchable thirst for mobile connectivity, social media and the Cloud along with the bring-your-own-device (BYOD) trend, one of the growing pain points that we all face is cyber attacks
New tool for spy victims to detect government surveillance(Amnesty) A new tool to enable journalists and human rights defenders to scan their computers for known surveillance spyware has been released today by Amnesty International and a coalition of human rights and technology organizations
How a Simple Note-Taking App Became the New Anti-Censorship Tool in China(Nextgov) Mainland Chinese readers may have found one way around China's tight grip over news and information about the pro-democracy protests that have swept Hong Kong for the last three weeks — a California-based app best known for its personal to-do lists, clipping web-pages, and sharing notes between coworkers
Google commits privacy seppuku at BT's request(A14) As I'm currently in temporary accommodation I have found myself without a permanent internet connection. 3G service in the area is pretty spotty, so I bit the bullet and ended up purchasing a single month BT Wifi pass, effectively piggy-backing a neighbours connection. I'm guessing they see very little of the £39 I paid
Dell improves security portfolio(IT-Online) Dell recently announced product integrations and innovation within its security portfolio that provide organisations with exceptional protection, and turn security into a business enabler
Bitdefender Adware Removal Challenges Malwarebytes(tom's guide) Antivirus software maker Bitdefender has released a free adware-removal tool for Windows PCs. The Bitdefender Adware Removal Tool "eliminates annoying apps, adware, toolbars and other browser add-ons," claims a company press statement, but also "provides complete protection against malicious programs that can hijack computers"
WiFi Penetration Testing Tools(Ethical Hacking) WiFi or wireless penetration testing is an important aspect of any security audit project, organizations are facing serious threats from their insecure WiFi network. A compromised wifi puts the entire network at risks. Consider the recent darkhotel attack, where the top business executives were the target and the attacker were targeting them by hacking into the insecure hotel WiFI network. The moral of the story is that, "the organizations should include a WiFi penetration testing process in their regular security procedure"
When Your Organization is Under Attack, Minutes Count(McAfee Blog Central) In 2014, companies continued to be shaken out of their contented relationship with corporate security efforts. Retailers were hacked. Millions of emails were lifted. Thousands of Social Security numbers were stolen. Gone is the era of "set it and forget it" security, where enterprises use only default security settings. This epiphany, motivated by news headlines, has forced organizations into a mad dash for security solutions that meet their real-time needs
Four Steps To An Effective Targeted Attack Response(TrendLabs Security Intelligence Blog) For many organizations today, the question is no longer if they will fall victim to a targeted attack, but when. In such an event, how an organization responds will determine whether it becomes a serious event or if it stays a mere annoyance
How Splitting a Computer into Multiple Realities can Protect You from Hackers(Wired) Eight years ago, Polish hacker Joanna Rutkowska was experimenting with rootkits — tough-to-detect spyware that infects the deepest level of a computer's operating system — when she came up with a devious notion: What if, instead of putting spyware inside a victim's computer, you put the victim's computer inside the spyware?
The Benefits of Software-Defined Security(Information Security Buzz) At Gartner's Security & Risk Management Summit, analysts identified 2014's Top 10 Technologies for Information Security. They singled out software-defined security as a trend to watch, stating that because its "impact on security will be transformational"
China Terrorism Debate: Does the Internet Kill People?(Wall Street Journal) China's government says the dark side of the Internet was on full display in terror attacks over the past year — a train station knifing, a car that exploded near Beijing's Tiananmen Gate and other attacks on civilians — because it has evidence such activity is planned online
China ready to deepen int'l co-ops, uphold cyber security: Xi(Xinhua via China Development Gateway) China is ready to work with other countries to deepen international cooperation, respect sovereignty on the Internet and uphold cyber security, said President Xi Jinping in a message of congratulations on Wednesday
Top China official urges stronger Internet management(AFP via 7 News) A top Beijing official called for stronger management of the Internet Wednesday at a government-organised conference condemned by rights campaigners as a Chinese attempt to promote its online controls globally
Private Interests: Monitoring Central Asia(Privacy International) State surveillance has historically played a central and well-documented role in Central Asia. The region is characterised by authoritarian systems of governance wherein entrenched power elites exercise dominance over political and economic affairs. As technological means of conducting surveillance advance, Central Asian states are engaging in the wide-scale surveillance of the telecommunications, internet
activity, and electronic devices of the civilian population in order to consolidate political control, silence dissent, and undermine the enjoyment of individuals' human rights
AP Exclusive: Before Snowden, a debate inside NSA(AP via KLTV 7) Years before Edward Snowden sparked a public outcry with the disclosure that the National Security Agency had been secretly collecting American telephone records, some NSA executives voiced strong objections to the program, current and former intelligence officials say. The program exceeded the agency's mandate to focus on foreign spying and would do little to stop terror plots, the executives argued
Tech Reacts To The Demise Of Partial NSA Reform In The Senate(TechCrunch) The failure of the Senate to advance NSA reform in the current Congress isn't too popular with the technology community. The demise of the USA FREEDOM Act — a half-measure at best — in the Senate is another loss for the technology industry, which saw many of its leading companies repeatedly call for the bill's passage
Senator Al Franken Asks Uber's CEO Tough Questions On User Privacy(TechCrunch) Senator Al Franken, Chairman of the Subcommittee On Privacy, Technology, and the Law, has posted a public letter to Uber CEO Travis Kalanick in which he addresses many of the claims made over the past few days that the company has consistently compromised user privacy as a matter of course
Cybersecurity remains top-five challenge for Justice Department, IG says(FierceGovernmentIT) As cyber threats, attacks and espionage escalate against the United States, the Justice Department needs to make sure it's properly addressing these issues in a coordinated manner and sharing critical information with industry, among other measures, the inspector general said
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security Summit: DC Metro Area(Tysons Corner, Virginia, USA, June 3, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...
Cyber Security Summit: New York(New York, New York, USA, September 17, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...
Cyber Security Summit: Boston(Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...
Deepsec 2014(Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...
EDSC 2014(Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...
Cyber Security World Conference 2014(New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...
Ethiopia Banking and ICT Summit(Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...
BSidesVienna(Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
BSidesToronto(Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
DefCamp5(Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...
Healthcare Cyber Security Summit 2014(San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit
SINET 16(Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...
SINET Showcase(, January 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and...
Tax Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...
(ISC)² Security Congress EMEA(London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
ICFPT 2014(Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.