Somewhat breathless worries of an electrical-grid Pearl Harbor aside, ISIS continues to concentrate on information operations, both in social media (showing considerable agility in Twitter) and in propaganda of the deed (displaying heartbreaking savagery).
Minor cyber-rioting gutters on in Pakistan.
NATO continues to stiffen its interpretation of Article 5 (collective defense) as it applies to cyberspace. The alliance is also discussing measures against ISIS and Russian aggression (the latter far likelier to be cyber and economic than kinetic).
Home Depot advises its customers to look to their financial statements as it acknowledges a pay card breach. Beyond that the retailer continues its fairly tight-lipped investigation. Credit cards evidently stolen from Home Depot stores — some analysts think essentially every store was affected — have turned up in the Rescator carder black market. There's a veneer of Russian patriotism over Rescator nowadays, but this incident seems fairly straightforward criminality. (Still, it can be hard to tell. See studies of the burgeoning Chinese criminal underground and its overlap with state security.)
Ars Technica provides an account of the JPMorgan hackers' "long game."
iCloud may not have suffered a system-wide breach, but the celebrity photo leaks drop plenty of odium on Apple nonetheless. Much criticism centers on failure to protect customers against brute-forcing. Wired goes so far as to publish a call to litigation. The incident prompts handwringing over cloud security as a whole.
Cyberintel says it's discovered a long-running business cyber espionage campaign ("Harkonnen," in an homage to "Dune") active in Europe since 2002.
Today's issue includes events affecting Australia, Austria, Brazil, Canada, China, Ecuador, Germany, Indonesia, Iran, Iraq, Israel, Pakistan, Russia, Switzerland, Syria, Taiwan, Ukraine, United Kingdom, United States.
The CyberWire will be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events.
What Is ISIS Thinking?(Slate) As I noted in my last post, it?s a little hard to figure out ISIS?s strategy following its second videotaped execution of an American citizen in less than a month
New ISIS threat: America's electric grid; blackout could kill 9 of 10(Washington Examiner) Former top government officials who have been warning Washington about the vulnerability of the nation's largely unprotected electric grid are raising new fears that troops from the jihadist Islamic State are poised to attack the system, leading to a power crisis that could kill millions
United States Counterterrorism Chief Says Islamic State Is Not Planning an Attack on the U.S.(Foregin Policy) The United States' senior counterterrorism official said on Wednesday that there is "no credible information" that the militants of the Islamic State, who have reigned terror on Iraq and Syria, are planning to attack the U.S. homeland. Although the group could pose a threat to the United States if left unchecked, any plot it tried launching today would be "limited in scope" and "nothing like a 9/11-scale attack"
Data: Nearly All U.S. Home Depot Stores Hit(Krebs on Security) New data gathered from the cybercrime underground suggests that the apparent credit and debit card breach at Home Depot involves nearly all of the company's stores across the nation
Home Depot urges credit monitoring vigilance(Threatpost) Home Depot told its customers today to monitor their bank and credit card accounts for fraud as it continues to investigate the "unusual activity" on its networks that could turn out to be one of the biggest data breaches in U.S. history
Blame Apple(Slate) Five reasons why celebrities and civilians should never trust Apple with nude photos, or any data at all
Celeb Hack: Is Apple Telling All It Knows?(Dark Reading) Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You're darn tootin'!
Linux systems infiltrated and controlled in a DDoS botnet(Help Net Security) Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals
New file-encrypting ransomware called CryptoGraphic Locker(Bleeping Computer) A new file-encrypting ransomware was discovered today by BartBlaze called CryptoGraphic Locker. Just like other encrypting ransomware, this infection will scan your your data files and encrypt them so that they are unusable. The infection will then display a ransom note that requires you to purchase the decryption key in order to decrypt your files. The initial cost to purchase the key is .2 BTC, or approximately $100 USD, which makes this one of the cheaper ransoms that we have seen in a long time. Though the ransom starts out small, there is a 24 hour timer built into the application that will increase the ransom amount each time it hits 0
CERT/CC enumerates Android app SSL validation failures(Threatpost) A growing compilation of close to 350 Android applications that fail to perform SSL certificate validation over HTTPS has been put together by the CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University
Five San Diego Bartell Hotel locations fall victim to payment card theft(Hacksurfer) Bartell Hotels is notifying customers that its payment system at five San Diego locations was compromised, allowing the theft of credit card data. The affected locations are: Best Western Plus Island Palms Hotel & Marina, The Dana on Mission Bay, Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel, and the Days Hotel-SeaWorld. The breach took place from February 16 to May 13
Internet predators(SecureList) Anyone using the Internet is at risk, regardless of age and regardless of what they like to do online. Cybercriminals can deploy an impressive arsenal, targeting everyone from schoolchildren to pensioners and following them whether they are logged on to social networks, checking the latest headlines or watching their favorite videos. Internet scammers want access to our money, our personal data and the resources of our computer systems. In short, they want anything that they can profit from
Akamai's Francis Trentley — The World of Zombies, Cyborgs and Knights(CSO) Francis Trentley was the CIO of the White House during the George W. Bush administration and oversaw that office's biggest ever technical transformation. Today, he is the Senior Director at Akamai Technologies. At the recent Gartner Security and Risk Management Summit, he delved into the ever-evolving cyber-threat-landscape and examined how traditional defences need to evolve
The world powerhouses of hacking (Acumin) It seems that when it comes to the disruptive science of hacking, some places are more suitable than others as operational bases. According to the cloud service company Akamai's most recent State of the Internet Report, the top five countries generating the world's internet attack traffic are, in descending order: China (41 per cent), USA (11 per cent), Indonesia (6.8 per cent) Taiwan (4.2 per cent), and Brazil (3.2 per cent)
Huawei Has Made Canada Nervous for Years(Motherboard) Two years after US officials slammed the Chinese telecom giant Huawei for its connection to the Chinese People's Liberation Army, the company is looking to expand in the Canadian market, which is perceived as being friendlier than the US
Why FireEye (FEYE) Stock Is Up Today(TheStreet) Shares of FireEye (FEYE_) rose 8.09% to $33.66 in late afternoon trading on Tuesday after news broke that Home Depot (HD_) may have suffered a major credit card breach
DISA issues Encore III sources-sought(C4ISR & Networks) The Defense Information Systems Agency is gearing up for the next iteration of one of its biggest contract vehicles for IT goods and services, the follow-on to its current Encore II contract
Sources Sought Notice — Information Assurance, Operations & Compliance, Systems, and Technology Support(Insurance News Net) The Defense Microelectronics Activity (DMEA) is a DoD Center for microelectronics technology, acquisition, transformation, and support. DMEA is composed of highly specialized engineering facilities and microelectronic engineers that work in close partnership with the major defense contractors and the semiconductor industry to provide support for fielded systems across all U.S. military organizations
Lockheed receives cyber certification(Gazette.Net) The Information Systems & Global Solutions business of Lockheed Martin of Bethesda is one of seven U.S. companies to receive Cyber Incident Response Assistance accreditation from the National Security Agency Information Assurance Directorate
Company news: New hires at Accuvant, ZeroFox and ThreatStream(SC Magazine) Renee Guttmann…has joined enterprise information security firm Accuvant as vice president in the Office of the CISO…Shane Shook has joined social risk management firm ZeroFOX as chief strategy officer…Juniper Networks, a Sunnyvale, Calif.-based networking equipment provider, has announced that it will be divesting its Junos Pulse mobile security products to a private equity firm for $250 million…BlackBerry has acquired Germany-based voice and data encryption firm Secusmart…Hugh Njemanze (left) has joined Redwood City, Calif.-based threat intelligence firm ThreatStream as CEO…IOActive, a Seattle-based information security services firm, has made two new appointments. Bradford Hegrat joined the company as industrial services director, while Jason Larsen was named a principal security consultant
John Cohen Joins BlueLine Grid from DHS(Sys-Con Media) BlueLine Grid today announced that John Cohen, former Principal Deputy Undersecretary for Intelligence and Analysis at the U.S. Department of Homeland Security has joined the Company to help formulate and execute its Public Safety market strategy
Free security software identifies cloud vulnerabilities(Help Net Security) Whether responding to customer orders or requesting partner data, the biggest cloud security concern for the enterprise is the direct communication between applications. To help companies identify cloud security risks, Managed Methods has released Cloud Service Discovery Free
Porticor and nScaled Team for Cloud Disaster Recovery(Newsfactor Business Report) Porticor® and nScaled today announced the industry's first joint solution integrating software-defined homomorphic encryption key management to protect customers: cloud information and applications replicated for IT Business Continuity and Disaster Recovery (BCDR)
750 Stakeholders Prepare for Mock Attack on Networks(Health Data Management) HITRUST, a coalition of industry stakeholders working to improve cybersecurity, has dramatically increased participation in the next round of its cyber attack simulation exercise, called CyberRX
Do's and Dont's: Security Management in a Growing Company(Security Intelligence) Security management can be a tedious job. Whether you are the chief information officer (CIO), chief technology officer (CTO) or even the chief executive officer (CEO), it can be hard to deal with possible risks and apply appropriate controls
IMSI-Catch Me If You Can: IMSI-Catcher-Catchers(ACSAC) IMSI Catchers are used in mobile networks to identify and eavesdrop on phones. When, the number of vendors increased and prices dropped, the device became available to much larger audiences. Self-made devices based on open source software are available for about US$ 1,500. In this paper, we identify and describe multiple methods of detecting artifacts in the mobile network produced by such devices
Identifying Firewalls from the Outside-In. Or, "There's Gold in them thar UDP ports!"(Internet Storm Center) In a penetration test, often the key to bypassing a security control is as simple as knowing identifying the platform it's implemented on. In other words, it's a lot easier to get past something if you know what it is. For instance, quite often you'll be probing a set of perimeter addresses, and if there are no vulnerable hosts NAT-ed out for you, you might start feeling like you're at a dead end. Knowing what those hosts are would be really helpful right about now. So, what to do next?
Hack Your API First — learn how to identify vulnerabilities in today's internet connected devices with Pluralsight(Troy Hunt) A few years ago I was taking a look at the inner workings of some mobile apps on my phone. I wanted to see what sort of data they were sending around and as it turned out, some of it was just not the sort of data that should ever be traversing the interwebs in the way it was. In particular, the Westfield iPhone app to find your car caught my eye. A matter of minutes later I had thousands of numberplates for the vehicles in the shopping centre simply by watching how this app talked over the internet
IP Reputation and Spam Prevention: Working with Email Providers(TrendLabs Security Intelligence Blog) Today, spam may not be regarded as the most high-profile concern, but it's still a serious day-to-day threat. Every month, our users alone have to deal with billions of spam messages. These are also frequently used to deliver malware using attachments or links to malicious sites
zAnti — Android Penetration Testing Toolkit (Free!)(Kitploit) zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety
Big Data is big noise(Help Net Security) Big Data was supposed to be the solution to all our security problems, but this spotlight on intruders turned out to be a mess of white noise. Hiding comfortably in that noise, however, are legitimate indicators that point to valid network threats, such as suspicious user behavior
Nato summit on 'high alert' for cyber attack(Financial Times) As world leaders gather in Wales for the Nato summit, British police say they are engaged in a security effort greater than that for the 2012 Olympics. But in contrast to the sporting event, security officials fear the most likely target will be online: Nato and the UK intelligence services have been put on "high alert" for a cyber attack
NATO Set to Ratify Cyber as Key Military Threat(Infosecurity Magazine) NATO is set this week to ratify a new policy on cyber-defense which will confirm that international law applies in cyberspace and that an online attack against one member country could be considered an attack on all 28
NATO to unveil cyber-defence strategy fit for changing times(The Conversation) Late one Saturday evening in March, NATO's Headquarters experienced a large-scale cyber-attack at the hands of a group calling itself Anonymous Bierkut from Ukraine. Non-classified networks were targeted, putting internal email services and public websites out of action for several hours. The attack was more of a nuisance than a serious threat but it served as a salutary reminder that even the best protected and cyber-aware organisations can still come up against disruption
Introducing the world's first national digital currency(Quartz) Ecuador is on track to become the world's first nation to create its own digital currency. The country's central bank announced last week (link in Spanish) that it would begin distributing the yet-to-be-named currency in December
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
ACSAC 30: Annual Computer Security Applications Conference(New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...
SEACRYPT 2013(Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...
Build IT Break IT Fix IT: Break IT(Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
Security B-Sides Cape Breton(Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...
BalCCon2k14 (Balkan Computer Congress)(Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking...
BalCCon2k14: Balkan Computer Congress(Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...
Detroit SecureWorld(Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...
Ground Zero Summit, Sri Lanka(Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.
Cyber Attack Against Payment Processes Exercise 1(Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...
Suits and Spooks London(London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...
Build IT Break IT Fix IT: Fix IT(Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
NOPcon Security Conference(Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...
5th Annual Billington Cybersecurity Summit(Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...
SINET Global Summit(London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.