ISIS information operations remain successful, but also provide grist for OSINT.
Indian hacktivists engage Pakistan in the Subcontinent's ongoing cyber riot.
Defense and security intellectuals offer thoughts on the future of warfare — cyber operations enable and shape new modes of conflict, with Russia's encroachment into the Near Abroad and ISIS's establishment in the Levant serving as early prototypes.
The Tyupkin (a.k.a. "PadPin") ATM malware originated in Russia, and Interpol warns infections may be spreading. F-Secure looks at some samples found in Malaysia — it's early for either attribution or assessment of them as Tyupkin variants, but there are at least similarities.
Proofpoint walks DarkReading through another Russian criminal campaign (the one directing the Qbot botnet) with special attention to evasion techniques.
The Sednit cyber espionage group is now using a custom exploit kit.
The Selfmite SMS Android worm resurfaces in more aggressive form, but it's still pursuing an affiliate marketing scheme.
Bad as the BadUSB vulnerability may be, many security analysts rate the likelihood low of any given user falling victim to it. Other observers rate various mitigation techniques.
Shellshock continues to be widely exploited. Yahoo reassures users their data are safe as it repeats its earlier retraction of Shellshock vulnerability. Future South Technology, who's been investigating the bug (amid public woofing at Yahoo), gets a visit from the FBI, which wants to know more about Future South's research techniques.
CSO and the Internet Storm Center independently discuss recent waves of false positives.
South Korea announces intent to preempt cyber attacks.
Today's issue includes events affecting Canada, China, Ethiopia, India, Iraq, Malaysia, Morocco, Pakistan, Qatar, Romania, Russia, Saudi Arabia, Syria, Turkey, Ukraine, United States.
The CyberWire take a break Monday in observance of Columbus Day. We'll resume normal publication on Tuesday.
Cyber Attacks, Threats, and Vulnerabilities
The Isis propaganda war: a hi-tech media jihad(Guardian) Isis is using techniques plundered from movies, video games and news channels to spread its message. Who is masterminding the operation — and what is the best way to counter it?
Maritime hacker is likely small-time(Boston Herald) The Moroccan jihadi group that shut down Massachusetts Maritime Academy's website is at best a small-time cyber-Islamism organization — and possibly just one not very skilled hacker — hunting for weaknesses on websites in order to hijack them and spread hate, one Internet expert said
Ukraine and the Art of Limited War(War on the Rocks) In a piece published in War on the Rocks last March, and in an extended version by the journal Survival in May, I considered Ukraine and the art of crisis management
NCR ATM API Documentation Available on Baidu(F-Secure Labs) A recent ATM breach in Malaysia has caused havoc for several local banks. According to reports, approximately 3 million Malaysian Ringgit (almost 1 million USD) was stolen from 18 ATMs
Sednit espionage group now using custom exploit kit(We Live Security) For at least five years the Sednit group has been relentlessly attacking various institutions, most notably in Eastern Europe. The group used several advanced pieces of malware for these targeted attacks, in particular the one we named Win32/Sednit, also known as Sofacy
Bash Bug Saga Continues: Shellshock Exploit Via DHCP(TrendLabs Security Intelligence Blog) The Bash vulnerability known as Shellshock can be exploited via several attack surfaces including web applications, DHCP, SIP, and SMTP. With multiple proofs of concept (including Metasploit code) available in the public domain, this vulnerability is being heavily exploited
FBI Pays Visit to Researcher Who Revealed Yahoo Hack(Wired) Jonathan Hall was trying to help the internet. Earlier this week, the 29-year-old hacker and security consultant revealed that someone had broken into machines running inside several widely used internet services, including Yahoo, WinZip, and Lycos. But he may have gone too far.
JPMorgan hackers attack Fidelity, no customer data stolen(CNN Money) Fidelity Investments was among 13 financial institutions attacked by hackers who are believed to have been responsible for a breach at JPMorgan Chase, but there is no indication that Fidelity customer data were stolen, the Financial Times reported today - See more at: http://www.themalaymailonline.com/money/article/jpmorgan-hackers-attack-fidelity-no-customer-data-stolen#sthash.1qmVm91W.dpuf
The Hulk(Virus Bulletin) Raul Alvarez takes a close look at cavity file infector W32/Huhk, which — thanks to its infection criteria — only infects a handful of executable files, thus unintentionally creating a stealth technique
Pricing Policies in the Cyber Criminal Underground(Infosec Institute) Underground markets are places on the Internet where criminal gangs offer a wide range of illegal products and services. Black markets are crowded places where single individuals or criminal organizations could acquire or rent products and services at very competitive prices. Like any other market, in black markets the relationship between supply and demand determines the price of the products. A growing number of highly specialized sellers are offering their wares, and the huge offer is causing the drop in prices
Google Fixes 159 Flaws in Chrome(Threatpost) Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities
Cyber attacks: Qatar third most targeted(The Peninsula) Qatar is the third country after Saudi Arabia and Turkey in the Middle East and Africa (Mena) region targeted most in the cyber attacks. Qatar faced close to 2,000 cyber attacks in the first half of 2014, according to FireEye, a major player in the area of cyber security
R.I.P. HP(Slate) What Silicon Valley can learn from the rise and fall of its original tech startup
Activist Elliott Pushes EMC to Dump VMware(Re/Code) The activist investment firm Elliott Management pounced on storage and technology giant EMC today in a lengthy letter urging it to divest its controlling stake in the cloud software firm VMware
National Security Entrepreneurs Create Cyber Insurance(Huffington Post) At the Government Accountability Project (GAP), we began working with whistleblowers in the wake of Washington's Watergate scandal, an episode that showed what our public officials were capable of when left to their own devices. In the years since then, as the U.S. adopted sweeping privatization and deregulation policies, GAP has come to provide legal help to whistleblowers from both public agencies and private firms
Former DOD and Coast Guard CIOs to advise Chertoff Group(Inside Cybersecurity) The Chertoff Group this week added two former chief information officers from the Pentagon and the Coast Guard to its advisory team. Former Defense Department CIO Teri Takai, who stepped down earlier this year, and retired Rear Adm. Robert Day, who until recently was the Coast Guard's CIO and head of Coast Guard Cyber Command, are among six new senior advisers to the consulting firm, the company announced Tuesday
SAIC Selects Bromium to Enhance CyberSecurity Edge™(Bromium) Bromium®, Inc., the pioneer of a new model of endpoint security using micro-virtualization, and Science Applications International Corp. (NYSE: SAIC), a leading technology integrator for government and select commercial customers, today announced the addition of Bromium vSentry® and Live Attack Visualization Analysis (LAVA)® to SAIC's CyberSecurity Edge™ solution. Now, SAIC's CyberSecurity Edge customers can deploy Bromium to improve end-user security and reduce operational costs
Netskope Does Cloud Navel-Gazing, Introduces Active Introspection(Forbes) Active Introspection could either be a hot new approach towards psychoanalysis or a great new IT buzzword. For Netskope at least, it is the later. Netskope is one of a growing number of companies that are wrapping cloud services with a layer of discovery and visibility. All these companies deliver a twofold promise. First they allow organizations to have some visibility over the solutions at use within their organizations. Secondly they allow for some policy to be wrapped around cloud application use such that organizations can have a granular approach towards what is used, by whom, and where
Rapid7 releases Nexpose Ultimate(Help Net Security) Rapid7 released Nexpose Ultimate, a vulnerability management solution that combines assessment of vulnerabilities and controls, vulnerability validation, and prioritized remediation planning in a single solution
FDA Promises Security Fixes for Older Devices, 'Built-in' Protections(AIS Health) The Food & Drug Administration (FDA) has heard the complaints from hospitals and other covered entities (CEs) that makers of medical equipment don't provide adequate protections from security breaches in their new devices, and often refuse to issue patches for existing devices or upgrade older models
Can We Talk: Creating a Common Language for Cybersecurity(Government Technology) Experts are hopeful that a new framework released by the National Institute of Standards and Technology will give agencies a method to evaluate the security of their computing environments against their peers
Identity Protection and Beyond: What You Don't Hear in the Media(RSA: Speaking of Security) Welcome Cyber Security Awareness Month! It's the time of year where we celebrate and teach all about safety on the Internet. But unlike every other security expert out there who will be writing about tips on how to protect your digital identity from cyber thieves, I want to share the many ways in which organizations are proactively protecting your identity — without you even knowing it
How to fend off data breaches(CSO) It's no secret that data breaches are on the rise, just look for the headlines that mention Target, eBay, JP Morgan Chase, Home Depot, etc. The 2014 Verizon PCI DSS report states that only 11% of companies were fully compliant. The JP Morgan breach was said to have been caused by an employee working from home, the VPN connection was then used to extract the data. We all know that for Target it was the HVAC vendor and a phishing email that started the extraction of millions of credit cards
Guessing passwords with Apple's full-device encryption(Freedom to Tinker) With the recently-introduced iOS 8, Apple has switched to a encrypting a much larger amount of user data by default. Matt Green has provided an excellent initial look at a technical level and big-picture level and Apple has recently released a slightly more detailed specification document and an admirable promise never to include backdoors. This move, and Google's prompt promise to follow suit with Android, are big news. They've even garnered criticism from the director of the FBI and re-kindled debate about mandatory key escrow, which, as has been pointed out, is a debate the tech community seriously discussed for the last time while listening to Vanilla Ice on a cassette player in the early 90s
Alexa Scores Can Be Used to Predict Whether a URL is Part of a Phishing Attack(Cyveillance Blog) Cyveillance is an enthusiastic Premium sponsor and Steering Committee member of Anti-Phishing Working Group (APWG). Last month, the APWG held its eCrime Research Symposium 2014 in Birmingham, Alabama. The event coincided with the APWG's release of its semi-annual report on global phishing trends. Among other findings, the report found that Apple was the most-phished brand in the first half of 2014
UCCS gets grant to help fight cyber crimes(Colorado Springs Gazette) The cyber protection research that will come from a $70,000 grant Northrop Grumman Corp. gave the University of Colorado at Colorado Springs on Wednesday will look like the work of James Bond 007, only it won't be fake
Legislation, Policy, and Regulation
Russia Seeks Sanctions Tit for Tat(New York Times) The Russian Parliament on Wednesday took the first major step to authorize the Kremlin to seize foreign assets and use them to compensate individuals and businesses being hurt by Western sanctions over the Ukraine crisis
Cyber-Security Wars Pause With iPhone 6 Nod(Forbes) So much has been written already about the sudden approval of the iPhone 6 in China, after several weeks of unexplained delays, that I thought I would focus on the broader implications of this surprise move in the ongoing war of words between the US and China over cyber security
S. Korea to get proactive in cyber warfare(Yonhap via Global Post) South Korea has decided to drop its long-held defensive tactics in cyber warfare and instead initiate proactive operations to better guard against enemies' online infiltrations, sources said Wednesday
Berners-Lee calls for more data sharing(MicroScope) The inventor of the world wide web Sir Tim Berners-Lee has called for the web to remain an open and neutral platform and for more of a data sharing culture to emerge in the future
Chase Bank Hack Persuades Obama To Make Cyberwarfare A Top National Security Issue(International Business Times) President Obama will now receive regular updates on foreign cyberattacks after the largest data breach ever compromised more than 75 million JP Morgan Chase bank accounts. That summer attack now ranks alongside Islamic State group news as a national security concern, according to reports, in part because of worries that the Russian government might have supported the attack
Legislation is needed immediately(The Hill) Since taking the helm as chairman of the House Permanent Select Committee on Intelligence nearly four years ago, I made it a priority to bring light to a little noticed issue that was actually one of the greatest threats America faces today: the unrelenting cyberattacks on our networks and personal data
Tech groups warn over US online snooping(Financial Times) Leaders at two top tech security firms have warned that American businesses are being hurt by concerns about US online surveillance in Europe and the growing "Balkanisation" of the internet in the wake of Edward Snowden's disclosures
InfoSec 2014(Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu,...
"Women in Government Contracting" Networking Reception(Columbia, Maryland, USA, October 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA...
Hacktivity 2014(Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes...
Hack-in-the-Box Malaysia(Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia...
FS-ISAC Fall Summit 2014(Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
Denver SecureWorld(Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...
TechCrunch Disrupt Europe Hackathon(London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London
U.S. Army ITA Security Forum(Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The...
CSEC 2014 Cyber Security Summit(Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...
Secure 2014(Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.