Two more Chinese espionage operations are reported. One, and exclusive in SC Magazine, involves the hacking of human rights lawyers, particularly those affiliated with Lawyers Without Borders. The second incident comes to light via a complaint by South Sudan's Ministry of Information and Broadcasting, which accuses Huawei of intruding into networks and corrupting data.
A clearer picture of Russian operations against Western targets also emerges, as analysts review the recently disclosed hack of a White House network (still officially unattributed, but Russia generally thought to be the "state-sponsored actor" responsible). Researchers release more descriptions of Sandworm, and security firms attribute attacks on US power and water utilities to Russian actors.
Popular Science's website has been exploited to deliver crimeware to visitors' systems.
Microsoft researchers warn that Crowti ransomware infections have spiked.
CurrentC, a merchant-favored alternative to Apple Pay, suffers a hack during its pre-release trial period.
Trend Micro reports detecting a new Shellshock-based campaign against SMTP servers.
Drupal reports a vulnerability to SQL injection in its content management system. Drupal advises users who failed to upgrade to version 7.32 within seven hours of that patch's release that they should consider themselves compromised.
A Red Hat Bugzilla report finds a new *nix bug. This one doesn't have a snappy name (yet) but it means that wget needs patching as soon as possible.
UK-CERT reports gratification with British progress in cyber information sharing. New Australian laws target leakers and require data retention. China's government orders removal and replacement of the Windows OS.
Today's issue includes events affecting Australia, China, Colombia, European Union, Germany, Morocco, NATO, Russia, South Sudan, Ukraine, United Arab Emirates, United Kingdom, United States.
Liberty and Security: the President's Review Group's Recommendations (and the issues they address)(The CyberWire) On the occasion of his induction into the National Cyber Security Hall of Fame, the CyberWire is pleased to present this interview with Richard Clarke, an internationally recognized expert on cyber security, homeland security, national security, and counterterrorism. He has served the last three Presidents as a senior White House Advisor, including appointments as Special Advisor to the President for Cyber Security and National Coordinator for Security and Counterterrorism. His most recent Government service was as a principal member of the President's Review Group on Intelligence and Communications Technologies, whose report was published last December. This interview offers his retrospective look at the Review Group's work
Five Questions For Cybersecurity Expert Bruce Schneier After the Latest White House Hacking(Bloomberg Politics) Democrats didn't need this: Another cyberattack on an unclassified White House computer network (and unconfirmed reports of Russian involvement) in the closing days of a midterm election in which voter frustration toward President Barack Obama, government dysfunction and national security fears already are hurting their chances of hanging onto control of the Senate
Behold the Russian Sandworm(Daily Signal) Earlier this month, it was discovered that a sophisticated cyber espionage campaign had been targeting Western government leaders and institutions — including the North Atlantic Treaty Organization, energy and telecommunication companies, the Ukrainian and European Union governments, and one academic inside the United States — for almost 5 years
Popular Science Website Infected, Serving Malware(Threatpost) The website of widely read Popular Science magazine is reportedly hosting a malicious script that is redirecting site visitors to a third-party domain containing an exploit kit, which is infecting users by uploading files containing malware to their machines
Microsoft Warns of Crowti Ransomware(Threatpost) Researchers with Microsoft have spotted a spike in Crowti, a ransomware similar to Cryptolocker that encrypts files on victims' machines and then asks for payment to unlock them
Shellshock-Related Attacks Continue, Targets SMTP Servers(TrendLabs Security Intelligence Blog) A new Shellshock attack targeting SMTP servers was discovered by Trend Micro. Attackers used email to deliver the exploit. If the exploit code is executed successfully on a vulnerable SMTP server, an IRC bot known as "JST Perl IrcBot" will be downloaded and executed. It will then delete itself after execution, most likely as a way to go under the radar and remain undetected
Did Drupal Drop The Ball? Users Who Didn't Update Within 7 Hours 'Should Assume They've Been Hacked'(Forbes) Hackers are remarkably quick off the mark. Drupal, the creator of the eponymous content management system that millions use the world over, now knows that all too well. In mid-October it patched a SQL injection flaw, which could be exploited by tricking a database into coughing up data from its tables and columns using the SQL language. But yesterday, it said that thanks to an automated attack that hit up as many Drupal sites containing the vulnerability as quickly as possible, anyone who didn't update to version 7.32 within seven hours of its release should assume they've been hacked
Fidelity National Employees Hacked After Targeted Phishing Attack(Tripwire: the State of Security) Your company's defences against hackers are only as good as the weakest link. That's a message which hopefully is being understood loud and clear right now at Fidelity National Financial, America's largest provider of commercial and residential mortgage services
Social Engineers work in teams to harness the power of information(CSO) Proving once again that information viewed as harmless can often enable an attacker, the contestants in this years Social Engineering Capture the Flag (SECTF) contest at DEF CON 22 worked in teams of two in order to collect vital information from some of the nation's largest companies
Security Patches, Mitigations, and Software Updates
Drupal Core — Highly Critical — Public Service announcement — PSA-2014-003(Drupal) This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal. Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement
IT is losing the battle on security in the cloud(Help Net Security) A majority of IT organizations are kept in the dark when it comes to protecting corporate data in the cloud, putting confidential and sensitive information at risk. This is just one of the findings of a recent Ponemon Institute study commissioned by SafeNet. The study, titled "The Challenges of Cloud Information Governance: A Global Data Security Study," surveyed more than 1800 IT and IT security professionals worldwide
2014 Cybersecurity Awards: Winners Succeed in a Growing Threat Landscape(Government Technology) The best in all fields lead by example. And winners of the 2014 Cybersecurity Leadership and Innovation Awards marked those in state and local government and education who have, in recent years, driven forward cybersecurity efforts in their own communities, and also led American government at large
The Risky Business of Cybersecurity(New York Law Journal) The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company's bottom line. It can drive up costs and impact revenue. It can harm an organization's ability to innovate and to gain and maintain customers
How Banks Can Step Up to Bat on Cybersecurity(American Banker) The United States is losing the war on cyberhacking. If there was any doubt beforehand, the recent revelation that hackers broke into JPMorgan Chase's systems this summer, compromising the personal information of 76 million households and seven million businesses, should be proof
Intel Security CTO: Retail Breaches Can Be Eliminated(CRN) Intel Security CTO Mike Fey said his company may have the silver bullet that could greatly reduce the likelihood of more massive credit card breaches and be extended beyond retail to address other critical environments
Facebook gives away homebrewed OS monitoring tool(CSO) Facebook has released an open-source tool for monitoring operating system state changes across very large infrastructures, which could help engineers quickly diagnose performance and security issues
Verizon Joins Forces with FireEye to Offer Enterprises Unprecedented Insight into Threat Landscape(Verizon Enterprise News) Verizon Enterprise Solutions and FireEye, today, announced a collaboration to help protect enterprises from security threats. I recently sat down with FireEye CEO Dave DeWalt and Kathie Miley, executive director, global security solutions, Verizon to discuss the recently formed global agreement between the two companies and to learn more about combating cyberthreats
Solution Providers Get Stealthy On Shadow IT(CRN) Solution providers said they are having some success engaging clients with tools designed to probe the network and uncover the mix of cloud services being used that are against company policy, but they added that the cloud security market is primed for consolidation
How to figure out if a data breach is a hoax(CSO) The notoriety that comes with taking credit for a data breach is alluring. Declaring a successful data breach can suddenly bring a lot of attention, which is why posting bogus data is attractive
Shared Responsibility Examples: The Re:Boot(Trend Micro: Simply Security) In last week's post, we explored the shared responsibility model for security in the AWS cloud. Over the next couple of weeks, we're going to dive into specific examples that show how the model works for those of us working in this environment
AFA's CyberPatriot Receives $55,500 Education Grant for Participant Scholarships(PRNewswire) The Air Force Association's CyberPatriot program announced today the program received $55,500 from the National Security Agency (NSA) to be designated for participant scholarships. With this support, CyberPatriot will continue its growth nationally and provide students financial assistance towards college tuition
Legislation, Policy, and Regulation
Morocco vows to help UAE fight terrorism(Al Arabiya) Morocco will provide military and intelligence support to the United Arab Emirates in its fight against terrorism, UAE's state news agency WAM reported on Tuesday, citing a statement by the Moroccan Ministry of Foreign Affairs
New Australian Law Targets Leakers, Not Reporters(AP) A contentious new law that carries a prison term for anyone who reveals information about certain secret security operations was aimed at Edward Snowden-like leakers rather than investigative reporters, Australia's attorney-general said on Thursday
ONC: Karen DeSalvo to Retain Nat'l Health IT Coordinator Role(ExecutiveGov) Karen DeSalvo, who was appointed acting assistant health secretary Thursday, will continue to hold her current role as director of the Office of National Coordinator for Health Information Technology as she serves in her new role for the Department of Health and Human Services
Litigation, Investigation, and Law Enforcement
Colombian general to be dismissed over spying scandal(Fox News) A Colombian general who oversaw a database containing the personal e-mails of government representatives and foreign and domestic journalists will be dismissed later this year, Blu Radio reported here Wednesday
Entirely Coincidentally, NSA Signals Intelligence Director Moved To New Position After Conflicts Of Interest Were Exposed By Buzzfeed(TechDirt) The NSA's newly-developed concern for "optics" is being tested by employees both former and current. Keith Alexander, the NSA's longtime leading man, took his snooping show on the road, offering his expertise to banks for $1 million/month. But he couldn't leave it all behind, attempting to drag the current NSA CTO along with him by offering him an interesting — but conflicting — part-time position with IronNet Security. The NSA said, "That's fine." Then it said, "We're looking into it." Then it said nothing while Keith Alexander pulled the plug on the deal while simultaneously denying any sort of impropriety
FBI assists Texas city with cyber attacks(AP via KLTA 7) Cleburne's mayor says hackers have been attacking the city's computers, email network and emergency dispatch system since a video of a police officer shooting a dog circulated widely online
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
BSidesToronto(Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
Dallas SecureWorld(Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
CyberMaryland 2014(Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.
ekoparty Security Conference 10th edition(Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...
Cyber Risk Summit(Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.
Senior Executive Cyber Security Conference(Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...
FS-ISAC EU Summit 2014(London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
POC2014(Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...
Open Source Digital Forensics Conference 2014(Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...
Bay Area SecureWorld(Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...
Managing BYOD & Enterprise Mobility USA 2014(San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...
RiseCON 2014(Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional
Israel HLS 2014(Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.
i-Society 2014(London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...
Seattle SecureWorld(Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...
AVAR 2014(, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...
ZeroNights 2014(Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...
Cyber Security Awareness Week Conference(New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...
Ground Zero Summit, India(New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...
Deepsec 2014(Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...
BugCON(Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...
Navy Now Forum: Admiral Rogers(Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...
International Cyber Warfare and Security Conference(Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...
EDSC 2014(Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...
Cyber Security World Conference 2014(New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...
Ethiopia Banking and ICT Summit(Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...
BSidesVienna(Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned
DefCamp5(Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.