skip navigation

More signal. Less noise.

Daily briefing.

Hong Kong independent media sites remain the target of what Cloudflare and Forbes are calling the largest distributed denial-of-service campaign ever seen. The jamming paces the activists' operations. The Great Firewall is also rising to partially block at least one major content delivery network, EdgeCast, and watchdog GreatFire reports several major international outfits (the Atlantic, Sony Mobile, and Firefox among them) are affected.

US NSA Director Rogers tells the House Intelligence Committee that China and "one or two other" nations could shut down the North American power grid, and that what appears preparatory reconnaissance has long been detected. He also warns that it's unclear whether Cold-War-style deterrence would work in cyberspace (probably not, the tenor of his remarks suggests). He declined to name the one or two other threats, but said NSA was keeping a close eye on them.

Those one or two others almost certainly would include Russia, which has actively engaged in the kind of reconnaissance Rogers describes. Recorded Future has released a report on the three major cyber campaigns attributed to Russia, and sees in those campaigns evidence of close tactical coordination.

British officials continue to warn the financial sector of the risk of ISIS-conducted (or inspired) cyber attack.

Recently patched vulnerabilities are being exploited in the wild — nota bene, system administrators.

Researchers warn of medical device vulnerabilities, this time with more specificity than usual.

In industry news, CyberSquared gets Series-A funding and renames itself ThreatConnect, after its flagship product.

France leads Europol's sweep of RAT operators.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Colombia, European Union, France, Ireland, Netherlands, Organization of American States, Romania, Russia, Turkey, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

The Largest Cyber Attack In History Has Been Hitting Hong Kong Sites (Forbes) The intense skirmishes inside Hong Kong's Occupy Central protests haven't just taken place on the streets, but online too. The largest cyber attack in history has been carried out against independent media sites in Hong Kong over the past few months, according to the company protecting them, increasing in their intensity each time pro-democracy activists announced new activities or developments

NSA Director: Yes, China Can Shut Down Our Power Grids Read more: (Business Insider) China and "one or two" other countries are capable of mounting cyberattacks that would shut down the electric grid and other critical systems in parts of the United States, according to Adm. Michael Rogers, director of the National Security Agency and head of U.S. Cyber Command

Breaking the Code on Russian Malware (Recorded Future) Russia poses a serious cyber threat to industrial control systems (ICS), pharmaceutical, defense, aviation, and petroleum companies. Russian government cyber operations aim to use malware to steal information on files, persist on ICS equipment, and commit espionage. According to a 2014 GData Red Paper, Uroburos malware's "modular structure allows extending it with new features easily, which makes it not only highly sophisticated but also highly flexible and dangerous." Understanding these threats posed by the malware and Russia's objectives will go a long way to securing networks

Russian Cyber Espionage Under The Microscope (Dark Reading) New report shows level of coordination and strategy by three main groups of cyberspies out of Russia

Postal Service 'functioning normally' after cyber breach, official says in testimony for hearing (Washington Post) The U.S. Postal Service is "functioning normally" after a recent cyber breach that compromised customer and employee data, and the agency has yet to find evidence that hackers used the information for identity theft, according to the agency's head of digital security

Financial Sector Terrorism Threat Grows (BankInfoSecurity) Risk posed by ISIS continues to increase, experts warn

Windows Kerberos bug: How to detect signs of exploitation before the update? (Help Net Security) Microsoft has shared more details about the critical elevation of privilege bug found in Microsoft Windows Kerberos Key Distribution Center (CVE-2014-6324) which is being exploited in "limited, targeted attacks" in the wild, and has once again urged admins and users to apply the issued patch

Windows RCE Vulnerability Exploited in the Wild (SecurityWeek) Security companies have started detecting attacks that leverage a critical remote code execution (RCE) vulnerability in Windows, which Microsoft patched last week

The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps (TrendLabs Security Intelligence Blog) Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a threat to iOS devices: by accessing unencrypted data used by legitimate apps

Attackers Using Compromised Web Plug-Ins in Cryptophp Blackhat Seo Campaign (Threatpost) Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013

Akamai Warns of Yummba Webinject Tools and Banking Fraud (PRNewswire) Crime kit used on machines compromised by Zeus and other malware

XSS vulnerabilities open the door to drive-by downloads (Beta News) Cross-site scripting (XSS) vulnerabilities allow attackers to inject script into web pages in order to infect client computers

Security: DVMRP Ask Neighbors2: an IGMP-based DDoS/leak threat (Team Cymru) At Team Cymru, we have got into the habit of using BLUF, bottom line up front. Allow me to do so here as well. There exists a little known IP multicast tracing and troubleshooting capability referred to as DVMRP Ask Neighbors2 (the request) and DVMRP Neighbors2 (the response) that can leak router configuration detail and be abused in amplification and reflection attacks. Now, for a fuller accounting of the story

45% of North American businesses targeted by rudimentary hack (San Francisco Chronicle) A rudimentary and increasingly popular form of hacking causes huge financial loss for businesses, despite the fact such attacks can be mitigated for comparatively small prices, according to a new study

Examining 1 billion transactions for fraud (Help Net Security) ThreatMetrix analyzed nearly one billion transactions and is able to provide a representative summary of activity including account creation, payment and login fraud across industries

Governments act against webcam-snooping websites (PC World) Government officials in the U.S. and the UK are warning people to secure their webcams after websites that broadcast the contents of those cameras have sprung up online

Cybersecurity Experts Warn of Medical Device Vulnerabilities (iHealthBeat) Medical devices contain common vulnerabilities that could enable hackers in search of lucrative patient medical records to gain access to the devices, according to some cybersecurity experts

Pacemakers Get Hacked On TV, But Could It Happen In Real Life? (Daily Signal) Jay Radcliffe breaks into medical devices for a living, testing for vulnerabilities as a security researcher

$670 Billion Served: An Interview with Redhack Hacktivist Collective (Cryptosphere) Is it just me, or is Turkey one of the most interesting countries on the planet right now?

Hackers blamed for unusual tweets from Jeremy Clarkson, Colombian FARC rebels (Naked Security) TV presenter Jeremy Clarkson and Colombian militia group FARC may not have much in common, but this week they were linked by headlines blaming hackers for potentially embarrassing Twitter messages

Internet scammer adopts face of Army officer from Pasco (Tampa Tribune) Norma Jean Culpeper of Mullins, South Carolina, says the man who scammed her out of $1,200 by claiming to be an Army officer stationed in Afghanistan was able to do so, in part, because of the picture he emailed her

Security Patches, Mitigations, and Software Updates

WordPress 4.0.1 Security Release (WordPress) WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately

PayPal takes 18 months to patch critical remote code execution hole (Register) Dusty patch paid out

Cyber Trends

8 cybercrime trends that will shape IT (Help Net Security) Cybersecurity created headlines and headaches in 2014, with large-scale data breaches at retail chains, attacks on data stored in the cloud and massive vulnerabilities revealed in decades-old code

Retail Security Not Getting Any Better, BitSight Study Finds (eWeek) External indicators of network security compromises continue to rise among the majority of retailers, according to data collected by BitSight

Warning! When Big Data Turns Bad (Smart Data Collective) Big data is proving its usefulness in fields as diverse as improving healthcare and cutting crime. However, as with all game-changing technologies, it has the potential to be used for evil, as well as good

How the threat landscape is shaping the network security business (Help Net Security) Pat Calhoun is the Senior Vice President & General Manager, Network Security, at McAfee. In this interview he talks about constructing the strategic direction for McAfee's Network Security business, he defines the Next Generation Firewall of the future, and much more

Using company devices for personal activities leads to data loss (Help Net Security) GFI Software released the findings of an independent study into how workers use company provided computers and laptops for personal activities, and the direct impact that personal use can have on the organization

State tabs top investor threats (Reedsburg Times-Press) The Wisconsin Department of Financial Institutions recently named emerging threats facing investors in 2015. They include schemes involving marijuana-related businesses, digital currencies, stream-of-income investments and binary options

Marketplace

Cyber Security: Protect Yourself And Profit (Seeking Alpha) Cyber-security is a very important industry to address a very real, powerful, and relentless threat. To prevent the devastating effects of cyber-attacks on individuals, businesses, and the government, many companies are taking on this challenge to keep us secure

How the threat landscape is shaping the network security business (Help Net Security) Pat Calhoun is the Senior Vice President & General Manager, Network Security, at McAfee. In this interview he talks about constructing the strategic direction for McAfee's Network Security business, he defines the Next Generation Firewall of the future, and much more

Uber, facing public backlash, will rethink privacy (IDG via CSO) Silicon Valley-based ride-sharing company Uber is looking eastward to inject some wisdom into how it handles user data

Grotech Ventures, others lead $4 mln Series A funding in Cyber Squared (Reuters PE Hub) Grotech Ventures and other strategic partners have led a $4 million Series A funding in Cyber Squared Inc., a cyber security company. The company will begin operations as ThreatConnect, Inc. Grotech General Partner Steve Fredrick will join ThreatConnect's board of directors

Cyber Squared gets $4M in funding, changes name (Washington Business Journal) Arlington-based cybersecurity company Cyber Squared Inc. has closed on $4 million in financing from a group of investors led by Grotech Ventures

Delta Partners to invest USD 10 mln in CipherCloud startup (Telecompaper) Delta Partners Capital has announced that it will be investing USD 10 million in cloud security platform startup CipherCloud

ManTech's head of acquisitions retiring (Washington Business Journal) The man promoted by ManTech International Corp. to lead an effort to rev up acquisitions is moving on

Products, Services, and Solutions

Free Automated Malware Analysis Services (Lenny Zeltser) In the course I teach at SANS, I explain how to reverse-engineer malicious software. It is an interesting, but time-consuming process if you don't have the right skills and tools at hand. There are several free automated malware analysis services that can examine malicious artifacts to save us time and provide a sense about the specimen's capabilities, so that analysts can decide where to focus their more manual analysis efforts

Made in IBM Labs: Protecting Personal Data in the Cloud (MarketWatch) IBM (NYSE: IBM) today announced it has patented the design for a data privacy engine that can more efficiently and affordably help businesses protect personal data as it is transferred between countries, including across private clouds

Microsoft Identity Manager to Support Hybrid Cloud User Access (eWeek) A new preview of Microsoft Identity Manager, formerly Forefront Identity Manager, will support hybrid cloud user access and control scenarios

Promisec Launches Integrity Health Check to Detect Endpoint Risk (PRNewswire) Promisec, a pioneer in endpoint detection and remediation, announced a critical update to its Promisec Integrity service designed to help small-to-medium enterprise organizations with endpoint risk detection through its new Endpoint Health Check

OPSWAT Releases Next Generation of OESIS SDK for Endpoint Posture Assessment and Remediation (Virtual Strategy Magazine) Single streamlined development interface enables technology vendors to develop solutions to easily manage and remediate thousands of installed security applications

AVG Protection PRO (PC Magazine) Windows PCs are a prime target for malware writers, simply because they're so numerous. However, Android devices are just as ubiquitous, and Mac OS devices aren't risk-free. A single cross-platform security suite to protect all three is a great idea for the modern multi-device household. Your subscription to AVG Protection PRO ($59.99 per year) lets you install AVG's security suite on all your PCs, and antivirus protection on all your Macs and Android devices

Google's New Service Kills Ads on Your Favorite Sites for a Monthly Fee (Wired) The web is funded by ads. But so many people hate seeing them, and they often resent all the data tracking that props them up. It's a clash that has become a major pain point for news websites and other publishers. The rise of ad blockers, which let people surf the web without these annoying ads, is also blocking their revenue

New Synology NAS optimized for encryption and intensive tasks (Help Net Security) Synology introduced its newest Plus series DiskStations, the DS1515+ and DS1815+. Both multi-bay NAS servers are designed to facilitate intensive data exchange, collaboration, and backups for SMBs

Technologies, Techniques, and Standards

Good App/Bad App: Is Investigating Mobile Apps Necessary? (TrendLabs Security Intelligence Blog) These days, when you see someone staring intently or tapping at their mobile phones, chances are that they're busy with an app. This comes as no surprise as 80% of consumers' time on mobile devices apps is spent in apps for gaming, news, productivity, utility, social networking, and more

Microsoft advises organizations to take holistic approach to fighting cybercrime (WinBeta) In a mobile-first, cloud-first world, cyber crime is rampant and malicious attackers have taken the opportunity to steal high-value data from a large number of digital resource pools. Unfortunately, it can be so easy for cyber criminals to get their hands on sensitive information, that the methods they use to obtain it doesn't involve any form of hacking at all

How to delete your old, embarrassing, now-much-easier-to-find tweets (Naked Security) Twitter on Tuesday announced that every single public tweet made since the dawn of Twitter — that would be AD 2006 — is now being indexed

Raising awareness quickly: Holiday tips and tricks (CSO) Here's a quick list of security-related tips and tricks that can be emailed to the staff

Avoiding the Bait: Helpful Tips to Protect Yourself Against Phishing Scams (Tripwire: the State of Security) Phishing scams come in all shapes and sizes. But one thing is for certain: they are all around us

Design and Innovation

Cities Find Rewards in Cheap Technologies (MIT Technology Review) Mobile apps, sensors, and other technologies help cities handle growing challenges

Finally, a New Clue to Solve the CIA's Mysterious Kryptos Sculpture (Wired) In 1989, the year the Berlin Wall began to fall, American artist Jim Sanborn was busy working on his Kryptos sculpture, a cryptographic puzzle wrapped in a riddle that he created for the CIA's headquarters and that has been driving amateur and professional cryptographers mad ever since

Research and Development

Machine Learning Will Make Its Mark On The Sciences (Dataversity) In a data-deluged world, novel science depends on putting Machine Learning into practice

Legislation, Policy, and Regulation

China firewalls the cloud (Channel Eye) China has expanded its Great Firewall of China to include a major hosting and cloud services company

Defense experts talk cybersecurity at NVTC panel (Loudon Times) To deal with cybercrime, government agencies and the private sector need consistent and cooperative collaboration, the intelligence community needs more staffing and the U.S. must play both "offense and defense" to combat threats and attacks, said homeland security experts at a Northern Virginia Technology Council event in Tyson's Corner Tuesday

Anti-hacking advocate lands key House panel (The Hill) An advocate of laws to protect consumers from corporate and government data breaches will soon lead a House subcommittee vital to getting those laws passed

Litigation, Investigation, and Law Enforcement

Users of Remote Access Trojans Arrested in EU Cybercrime Operation (Europol) This week, Europol and several law enforcement and judicial authorities carried out an action against EU citizens, mainly teenagers and young adults, who are suspected of using remote access trojans (RATs) to commit cybercrimes. The action and house searches resulted in the arrest of 15 individuals in several European countries

Multiple UK arrests in international operation to combat computer hijackers (National Crime Agency) Five people have been arrested in the UK as part of an international operation targeting users of software designed to remotely take over, control and steal information from computers

FTC cracks down on massive 'PC cleaner' security scam (BGR) The Federal Trade Commission and the State of Florida on Wednesday announced plans on fighting a type of online scam that cons unsuspecting PC users into paying up to hundreds of dollars for alleged security protection for their computers, which turns out to be fake software supposed to fix inexistent malware threats. Such businesses have fooled many individuals and companies into paying over $120 million for Internet security

Privacy and security concerns at stake in iPhone debate (Boston Globe) "We need to construct a balance between police requests for information and legitimate privacy concerns and the need for American companies to innovate," Ed Markey says

Feds proposed the secret phone database used by local Virginia cops (Ars Technica) New docs: Prosecutors offered one-stop shop for seized phone data in Virginia

Australian Government Data Breach Linked to Poor Security Training (eSecurity Planet) Data from an Excel spreadsheet containing 9,250 asylum seekers' personal information was mistakenly embedded in a Word document published online

OpenDNS Partners with Irish Reporting and Information Security Service to Fight Internet Threats (Herald Online) OpenDNS's Andrew Hay to present new research on threats facing Irish Internet users

Trend Micro Collaborates with Latin American Leaders on Cybercrime (Trend Micro: Simply Security) The region's cybercriminal underground is flourishing and is now at the forefront of the international arena with Russia and China

USPS delayed breach notification so as not to tip off hackers (FierceGovernmentIT) The Postal Service didn't notify some 800,000 USPS employees immediately when it was believed their personally identifiable information was compromised because it did not want to jeopardize the investigation and alert the perpetrators, said a USPS official Nov. 19 before a House Oversight and Government Reform subcommittee. In fact, the investigation is still very much underway, said Randy Miskanic, vice president of secure digital solutions at USPS

Examining Data Security at the United States Postal Service (House Committee on Oversight and Government Reform) [Archived hearing webcast and prepared testimony.]

Will Veterans' Data Ever Truly be Secure? (Nextgov) For two hours yesterday, members of the House Veterans' Affairs Committee poked and prodded a slew of Department of Veterans Affairs officials over glaring information security weaknesses that potentially put millions of veterans' personal information at risk of exposure

Poland Opens Probe Into Electoral Hacking (AP via ABC News) Prosecutors are investigating a hacking attack on the website of Poland's voting commission, while a top official has resigned over irregularities that are delaying the vote count in recent local elections

FBI offers $1 million reward for anybody who can help catch online car scam fugitive (Naked Security) The alleged kingpin behind a multimillion-dollar online car selling scam, Romanian fugitive Nicolae Popescu, just made it onto the FBI's 10 Most-Wanted Cyber Fugitives list

Herts Constabulary sets up new unit to combat cyber criminals (Herts and Essex Observer) The growing threat of online crime has prompted Herts police to set up a new specialist Cyber and Financial Investigation Unit (CFIU)

12-year-old’s online life brings an abductor to her doorstep (Ars Technica) On November 10, a 12-year-old girl left her home in the Baltimore suburb of Nottingham at 7:30am, heading to her middle school. She never returned home. When her mother called the school later, she discovered that her daughter had not even arrived. Suddenly, Baltimore County Police were calling in the FBI to assist in their search for a missing person

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

BSidesToronto (Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Cybergamut Tech Tuesday: Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection (Columbia, Maryland, USA, December 2, 2014) Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood...

5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, December 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed...

Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit

SINET 16 (Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...

SINET Showcase (, January 1, 1970) "Highlighting and Advancing Innovation." Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and...

Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...

International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, December 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology...

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...

ICFPT 2014 (Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.