The US White House continues to remediate the recent intrusion into an Executive Office of the President unclassified network — "suppressing abnormal behavior," is how reports describe the remediation. Network outages, the White House says, were the result of remediation, not hacking. Officials remain coy about attribution, but with much rumbling about "state-sponsorship." (Observers use the event as an opportunity to note that breach detection is at least as important as perimeter defense.)
South Sudan's official accusations that Huawei was engaged in malicious activity on some of their networks continue to receive attention. Other reports suggest that Sony Xperia phones are collecting user data and reporting them to servers located in China. India's concerns about the security of Xiaomi phones are compounded by a Taiwanese researcher's claims that Xiaomi servers are vulnerable to a recently discovered zero-day.
The US Department of Homeland Security amplifies warnings of malware targeting industrial control systems: apparently GE and Siemens systems (unsurprisingly, given their market share) are in the attackers' crosshairs.
As feared, Brazilian criminals have begun to hit US banks with bogus chip-and-PIN transactions.
Criminal carders are using a new, automated platform — "Voxis" — to monetize their haul by sending stolen charges to gateway processors.
CSO has a useful Drupal roundup. Dark Reading says patching seems unable to keep up with Shellshock exploits.
As banks push law firms to improve their cyber security, retailers increase cyber attack information sharing (and woof at credit unions over data breaches).
NIST releases SP800-150 (Cyber Threat Information Sharing) for comment.
Today's issue includes events affecting Australia, Brazil, Canada, China, Colombia, Denmark, Estonia, European Union, NATO, Russia, Taiwan, United Kingdom, United States.
Next week the CyberWire will be covering the National Initiative for Cybersecurity Education Conference and Expo, running November 5 and 6.
Xiaomi servers allegedly prone to zero-day attack that steals confidential data(Tech 2) Following reports of the security loophole in Xiaomi phones that causes them to send user data, including the user's IMEI, phone number, and phonebook contacts to remote servers, now a Taiwanese security expert has raised another security alarm against Xiaomi devices. According to the expert, Xiaomi devices are vulnerable to zero-day attacks which can compromise attacked systems or steal confidential data
Cyber crime tool automates monetization of stolen payment cards(Help Net Security) Cyber criminals who have acquired stolen payment card information and wish to make the most of them can now simply buy professional-looking software that will automate the sending of stolen card charges to multiple gateway processors
Beware of the malware walking dead(SC Magazine) It's Halloween — goblins, ghouls and ghosts gather in haunted houses and corporate offices alike. In security, while we've spent a good portion of 2014 focused on trick-or-treaters of the "advanced persistent threat" and "cybercrime" varieties, this Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly. By zombies, I mean recycled tools and techniques from years gone by that have come back from the dead and are increasingly used in modern attacks
Smart meter hacking risk(Electronics Weekly) Auditing firm KPMG warned of smart meter security risks at the Westminster Energy, Environment and Transport Forum
Bulletin (SB14-300) Vulnerability Summary for the Week of October 20, 2014(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Android 5.0 Lollipop Upgrades Encryption, Application Control(Threatpost) Google, like most technology companies in this climate, is fighting for the security and privacy of its users' data on several fronts. With a mobile application ecosystem that invites trouble and government demands for user content and information continuing to rise
Digital Life in 2025: Cyber Attacks Likely to Increase(Pew Research Center) Experts believe nations, rogue groups, and malicious individuals will step up their assaults on communications networks, targeting institutions, financial services agencies, utilities, and consumers over the next decade. Although most expect there will be more attacks, many predict effective counter moves will generally contain the damage. Some say there is now and will continue to be a 'Cold War' dynamic that limits severe harm due to the threat of mutually assured disruption. Some say the threat is 'exaggerated'
Major cyberattack coming, experts warn(The Hill) Cybercrime costs the global economy an estimated $400 billion a year, and as it grows in scale and sophistication, law enforcement is having to do the same
How Y2K Changed the Field of Cybersecurity Technology(Security Magazine) When looking at the cyber technology market over the past 15 years, it is evident that the catalyst for cyber evolution was Y2K. Prior to the Y2K frenzy, "cybersecurity" was masked in the systems engineering function, and external threats consisted of hackers looking to leverage free computing capabilities with very little focus on information/data access or network destruction
The security threat of unsanctioned file sharing(Help Net Security) Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies and place company data in jeopardy, say the results of the "Breaking Bad: The Risk of Unsecure File Sharing" report by Intralinks Holdings and Ponemon Institute
Why Big Banks Are Cracking Down on Law Firm Security Gaps(Cyveillance Blog) Even before this summer's spate of breach announcements by some of the country's biggest institutions, financial industry regulators had begun urging banks — and their vendors — to step up their cyber security programs. Various regulatory bodies, including the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority, are now seeing increasing urgency in examining the preparedness of brokerages, banks, and credit unions for dealing with cyber threats, according to an article last week in the New York Times
The Bill for Cybersecurity: $57,600 a Year(Bloomberg BusinessWeek) Hackers have made the Internet a scary place to do business, as recent headlines attest. Big companies have been hacked. Small companies have been hacked. As the Pew Research Internet Project reported earlier this week, cyberattacks are likely to get worse
Lockheed plans new health IT acquisition(Washington Technology) Lockheed Martin is acquiring Systems Made Simple, a health IT company that just cracked the Washington Technology Top 100 for the first time this year
Endgame Reports Record Growth for 2014; Adds Two New Executives(PRNewswire) Endgame, Inc., a leading provider of security intelligence and analytics solutions that give enterprises real-time visibility and actionable insight across their digital domains, today announced record growth for 2014. In the first three quarters of 2014
Top 10 Municipal Government Selects HawkEye G for Advanced Threat Protection(Nasdaq) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced that HawkEye G has been selected by a top 10 U.S. municipal government for advanced threat detection and automated malware removal. This municipal government will also deploy HawkEye AP to collect, store, and analyze mass quantities of event data
CBTS Advanced Cyber Security Earns the NSA's Prestigious Cyber Incident Response Accreditation(BusinessWire) CBTS, a leading technology solutions provider, today announced that its Advanced Cyber Security division has earned the National Security Agency's (NSA) Cyber Incident Response Assistance (CIRA) certification. The NSA uses this new accreditation to show that they have vetted the people, policies, and procedures of an organization and declared them to be the state-of-the-art capabilities needed for rapid cyber security support to high-level government agencies
Policy Patrol 10 Boosts Email Security And Threat Prevention For Exchange(Business Solutions) Red Earth Software, developers of email management solutions, recently released Policy Patrol version 10, the latest version of their email security software for Microsoft Exchange Server. Policy Patrol 10 offers increased protection from email security risks with improved anti-phishing and integrated multi anti-malware scanning, along with an improved user interface and new dashboard
Biggest ever cyber security exercise in Europe is underway(Help Net Security) More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA)
Chip & PIN vs. Chip & Signature(KrebsOnSecurity) The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent "chip-and-signature" standard, an approach that has been overwhelmingly adopted by a majority of U.S. banks that are currently issuing chip-based cards. This post seeks to explore some of the possible reasons for the disparity
Next-generation malware: Think like the enemy and avoid the car alarm problem(SC Magazine) When it comes to enterprise security, one rule remains constant — attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses. Next-generation malware attacks are VM evasive, can come via social engineering or physical delivery (a USB drive), and be targeted to a specific folder, or application, that a business is known to use regularly. Some attacks have the ability to hide in plain sight, lulling sandboxing technologies into thinking that they are benign until a pre-programmed date. Multi-state and multi-vector attacks, coming from different places, are an increasingly common tactic of next-gen malware
Anything You Post Can and Will Be Used Against You(Tripwire: The State of Security) Undoubtedly, we've all found ourselves surfing the web for answers when we stumble upon someone we know, posting something that piques our curiosity on social media. After all, isn't that one of its purposes?
CSAM Month of False Postives — False Positives from Management(Internet Storm Center) Often the start of a problem and its solution is receiving a call from a manger, project manager or other non-technical decision maker. You'll know going in that the problem is absolutely real, but the information going in might be a total red herring
3 ways to make your Gmail account safer(Naked Security) Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes, for users of Google's Gmail
Design and Innovation
Changing the Way We Fight Malware(Security Watch) Microsoft is sitting on an absolute gold mine of information. The Malicious Software Removal Tool (MSRT) running on billions of computers worldwide and every Windows Update process sends a ton of non-personal telemetry back to Microsoft Central. This data could help antivirus companies and academic researchers develop better ways to fight malware. In a keynote speech for the 9th IEEE International Conference on Malicious and Unwanted Software (Malware 2014 for short), Microsoft's Dennis Batchelder explained just what the software giant plans to do with all that data and it's not what you might expect
Cars, toasters, medical devices add to DHS's cyber headaches(Federal News Radio) Cars, medical devices and even toasters are among the facets of life that are quickly becoming Internet based. This is why the Homeland Security Department already is working on cybersecurity technologies for these and many other everyday devices
Experts warn that using big data to predict terrorist threats won't work(FierceHomelandSecurity) Canada is considering beefing up surveillance laws to collect more information about its citizens, who travel abroad, and share it with international partners as a way to spot and prevent home-grown terrorism. But experts say there's no evidence that such methods can actually work
Students Attend CSI CyberSeed Challenge(Syracuse University iSchool Newsroom) Last week, four students from the School of Information Studies (iSchool) ) traveled to the University of Connecticut to compete in the CSI CyberSeed Capture the Flag Challenge
Rogers downplays NSA moonlighting controversy(Fedscoop) One of the first things Adm. Mike Rogers did when he took the helm as the 17th director of the National Security Agency was ask his staff to find ways to, in his words, "create a more permeable membrane" between the private sector and the agency so stronger partnerships could be developed. Now, just six months later, it seems that membrane may have some holes that allowed a couple of senior agency officials to keep one foot in the NSA and its secrets, and the other foot in private enterprise with all of its monetary temptations
'Whistleblowers do incredible damage to US intelligence'(Russia Today) When it comes to dealing with terrorism US intelligence community feels like it operates with one hand tied behind their back because of whistleblowers like Snowden and Manning, intelligence analyst Glenmore Trenear-Harvey told RT
AOL Releases Transparency Report, Lobbies for USA Freedom Act(Threatpost) Noting that Saturday was the 13th anniversary of the passage of the USA PATRIOT Act, the Web giant AOL this week released its latest transparency report, detailing estimations of how many Foreign Intelligence Surveillance Act (FISA) orders and National Security Letters (NSLs) it's received in the last six months
Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide(Intercept) When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn't be able to unlock evidence on criminals' digital devices. What they didn't say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept
BSidesToronto(Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"
Tax Incentives for Cybersecurity Businesses(Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...
Cyber 6.0(Laurel, Maryland, USA, June 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...
ekoparty Security Conference 10th edition(Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...
Senior Executive Cyber Security Conference(Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...
FS-ISAC EU Summit 2014(London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
POC2014(Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...
Bay Area SecureWorld(Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...
Open Source Digital Forensics Conference 2014(Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...
Managing BYOD & Enterprise Mobility USA 2014(San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...
NICE 2014 Conference and Expo(Columbia, Maryland, USA, November 5 - 6, 2014) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices,...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.