skip navigation

More signal. Less noise.

Daily briefing.

Social media prove well adapted for command and control of increasingly decentralized (yet coordinated) terrorist groups like IS, which the chief of the Dutch intelligence service likens to a "swarm." (Twitter in particular is rapidly gaining users among IS recruiting pools.) The Arab League votes to take "urgent measures" against "extremists." The declaration is short on specifics, but one would expect such measures to include information operations.

Informed observers speculate that the Spark-enabled denial-of-service campaign that peaked over the weekend was reprisal for Eastern European countries' and international banks' participation in sanctions against Russia. Its bots were gathered by phishing New Zealanders with promises of leaked celebrity pictures.

Home Depot acknowledges, finally and after investigation, that it was breached. Observers' consensus is that BlackPOS malware was used. A wave of debit card fraud may have originated in the breach — banks are noticing fraudulent attempts to reset PINs, and the crooks appear to have card expiration dates, as well as card owners' dates of birth and the last four digits of their social security numbers. Stores in the US and Canada were affected, but online purchasing and stores in Mexico appear to have escaped.

Salesforce warns its users to beware the Dyreza banking Trojan's attentions.

The "Kyle and Stan" malvertising network is enjoying unwelcome success.

Ransomware watchers report a surge in Kovter screenlocker infections.

NATO's Wales Summit concluded with some frank talk for Russia.

Observers think the FBI was more active against Silk Road (and TOR?) than the Bureau's account suggests.

Notes.

Today's issue includes events affecting Australia, Canada, Czech Republic, European Union, Mexico, Netherlands, New Zealand, Russia, Slovakia, United Kingdom, United States.

The CyberWire will be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events.  We also plan to cover the 5th Annual Billington Cybersecurity Summit in Washington, DC, on September 16, which promises an interesting set of speakers and sessions.

Cyber Attacks, Threats, and Vulnerabilities

Dutch spy chief: Social media fueling terror "swarm" (CBS News) Terrorists have changed their management style, and it's making them harder to fight, a top European intelligence official told CBS News. Decisions once left to a top-down hierarchy are now made by the collective "swarm," a shift he said has been fueled by social media

Social Media's Very Arab Future (Defense One) The future of Twitter, YouTube and a variety of other social networks is going to look and sound a lot more Arabic in the years ahead, at least according to data on Twitter usage across the Arabic-speaking world. And if current trends continue, the emerging Arabic social media landscape will also be a lot more anti-American

Kiwis caught out by cyber attacks (3News) Kiwi customers of communications giant Spark have been unwittingly caught up in a cyber attack on Eastern European websites — possibly by clicking on a link promising pictures of naked celebrities

Russian cyber war linked to Spark crash (Stuff) Spark's big internet crash at the weekend was not about naked celebrities but linked to Russia's cyberwar on Ukraine and Western powers' sanctions on Moscow, security sources say

Home Depot Confirms Payment Card Data Breach (SecurityWeek) After days of speculation, Home Depot has confirmed it was victimized in data breach that compromised credit and debit cards at stores throughout the United States and Canada

Home Depot says, "Er, yes, we did have a breach actually" (Naked Security) Last week, we wrote about a possible data breach at Home Depot, the world's largest DIY chain

What you need to know about the Home Depot data breach (CSO) Home Depot has confirmed reports of a data breach impacting stores in the U.S. and Canada

These are the websites where hackers flip stolen credit card data after an attack (Quartz) The Home Depot data breach uncovered last week may be one of the largest cases of mass credit-card compromise ever. Data from every card used in a transaction at any US Home Depot store since late April or early May could be in the hands of hackers, who infiltrated company systems using malware similar to what was used in a 40 million-card theft from Target in December. The number of cards stolen from Home Depot is not known, but might exceed the Target total

In Wake of Confirmed Breach at Home Depot, Banks See Spike in PIN Debit Card Fraud (Krebs on Security) Nearly a week after this blog first reported signs that Home Depot was battling a major security incident, the company has acknowledged that it suffered a credit and debit card breach involving its U.S. and Canadian stores dating back to April 2014. Home Depot was quick to assure customers and banks that no debit card PIN data was compromised in the break-in. Nevertheless, multiple financial institutions contacted by this publication are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts

Here We Go Again: From Target to Home Depot (Cyactive Blog) PoS malware keeps on compromising new retail targets. This time a BlackPoS variant stole troves of credit card information from the Home Depot retail chain stores

Salesforce users hit with malware-based targeted attack (Help Net Security) Late last Friday, global cloud-based CRM provider Salesforce has sent out a warning to its account administrators about its customers being targeted by the Dyreza malware

Why the HealthCare.gov breach matters (CSO) Core Security's Eric Cowperthwaite discusses the repercussions of a recent attack on a server used to test code for HealthCare.gov

'Kyle and Stan' Malvertising Network Targets Windows and Mac Users (Threatpost) A malvertising network that has been operating since at least May has been able to place malicious ads on a number of high-profile sites, including Amazon and YouTube and serves a unique piece of malware to each victim

No End In Sight For Ransomware (Dark Reading) The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users don't pay up

California State University Reports Data Breach (Hacksurfer) California State University is notifying 6,036 individuals, mostly faculty and staff, of a data breach that occurred on August 23rd and has possibly compromised personal information including Social Security numbers

Alarm sounded over Peter Pan panto malware (IT Pro Portal) Phishing scam dupes victims over panto ticket claims

Security Patches, Mitigations, and Software Updates

OpenSSL warns vendors against using vulnerability info for marketing (IDG via CSO) Vulnerability information will be closely held until patches are ready, the OpenSSL Project said

Google will start gradually sunsetting SHA-1 (Help Net Security) Google has announced that it will begin the process of gradually sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39, which is due to be released in November

Cyber Trends

Exploit Kits: Cybercrime's Growth Industry (ThreatTrack Security) Cybercriminals have turned their attention away from exploiting Windows operating systems to pursuing the popular third-party applications installed on nearly every PC around the world. That is why patch management has become a critical layer in your malware defense

Tunnel vision: Train security as critical as planes and automobiles (CSO) In recent weeks you've heard a lot of discussion around the cyber risks to aircraft and automobiles

Kaspersky: Most Financial Services Firms Exposed to Cyber Threats (MSP Mentor) A new Kaspersky Lab survey shows 93 percent of financial services organizations were recently exposed to cyber threats

Unencrypted Laptop Thefts Expose Personal, Medical, Financial Data (eSecurity Planet) 'The benefits of encryption have been known for some time, but companies just aren't doing it,' says SafeNet chief strategy officer Tsion Gonen

The Security Implications of Wearables, Part 3 (TrendLabs Security Intelligence Blog) In the second post of this series, we discussed the first two types of attacks involving wearables. We will now proceed to the third type of attack, which can be considered the most damaging of the three

Where the Legal and Compliance Functions Intersect (Corporate Counsel) If your company has an in-house compliance function, where does it live? In about 40 percent of companies polled for a recent survey, the legal department owned compliance, while in another 24 percent the in-house lawyers shared the compliance responsibility

Managed Security Services: an internal issue with external consequences (IT Pro Portal) Managed Security Services (MSS) first rose to fame at the beginning of the 21st century with the promise of a flexible and personalised infrastructure, delivered with unparalleled expertise and knowledge. However, it has only been in the last couple of years that MSS has gotten the traction and attention it deserves as a service

Top Six IT Trends Impacting Business Networks (CircleID) For decades, IT followed business. Even the development of the World Wide Web didn't move this development much beyond the four walls of corporate offices — outside connections were essential but never informed the growth of business-critical technology

SMEs face increased risk of cyber attack (Cheddar Valley Gazette) Small and medium sized businesses can face costs of up to £65,000 as the result of a severe information security breach, according to the most recent Information Security Breaches Survey by the Department for Business, Innovation and Skills

Marketplace

Analysis: More Gaps Found In US Contracts Website (Defense News) Scathing as it was, the Government Accountability Office's (GAO's) recent report on the gaps and deficiencies of USAspending.gov left out a few things — problems that may give defense companies pause about relying too much on the government transparency website for business intelligence

General Dynamics to consolidate business units (C4ISR & Networks) General Dynamics is combining two units into one effective at the beginning of 2015, according to a company announcement today

Trustwave Opens a New Lab for 'Ethical Hacking' (TopTechNews) While the unethical hackers of the world look for security Relevant Products/Services vulnerabilities in everything from routers to PIN-pads, the ethical hackers at Trustwave try to beat them to the punch. The cyber-security firm officially opened its ethical hacking lab this summer at its Chicago headquarters

Is FireEye A Good Investment? (Seeking Alpha) The expansion strategy of the company will allow it to diversify its revenue base and grow its margins over the next few years

Google Hires Quantum Computing Expert John Martinis to Build New Hardware (IEEE Spectrum) Google recently unveiled its intention to build new quantum computing hardware

Products, Services, and Solutions

ISACA launches COBIT 5 online (Help Net Security) ISACA launched the online version of COBIT 5, a resource center to improve governance and management of enterprise IT. The new online platform helps increase the utility of the COBIT 5 framework, a business framework that helps manage information and technology risk, and the COBIT family of products

IBM And Intel Combine To Deliver Chip-Level Security (Forbes) There's a strange thing happening with Intel INTC +0.81% and its partners

WatchGuard Technologies' New Policy Map Provides 'X-Ray' Vision Into Firewall Configurations and Network Traffic (MarketWatch) WatchGuard® Technologies, a leader in integrated security platforms, today announced the industry's first interactive, integrated policy mapping capability for Unified Threat Management (UTM) and Next-Generation Firewall (NGFW) appliances

Nine out of the Top Ten Mobile Operator Groups Now Securing Their Networks with AdaptiveMobile (MarketWatch) AdaptiveMobile today announced that it is now present in nine out of the top ten mobile operator groups globally, protecting over 1 billion subscribers from mobile security threats

FireHost Fuses Security and Compliance in Unique Compliance-as-a-Service Offering (BusinessWire) To help businesses protect their data and exceed PCI, HIPAA, and other regulatory requirements, secure cloud leader FireHost has announced the most complete compliance-as-a-service (CaaS) offering, making the fast-growing company the only cloud provider in the industry to deliver such a service

Vocus enlists Black Lotus to boost security in A/NZ (ARN) Vocus is seeing a phenomenal increase in DDoS attacks

Riverbed SteelApp Traffic Manager 9.7 Expands Security and Adds Microsoft Azure Capabilities to Optimize Application and Data Performance Across the Hybrid Enterprise (BusinessWire) Riverbed adds new web application firewall capabilities to Riverbed SteelApp for fast integration in data centers and the cloud

Powerful, free Microsoft security tool protects before other tools can (Kim Kommando) Computer security is like a constant tug of war between software developers and hackers. Microsoft, for example, works hard to make Windows as secure as possible and hackers work hard to find problems the Microsoft hasn't fixed yet

Technologies, Techniques, and Standards

Threat filtering: Strategizing serious threat detection (ZDNet) Standardized procedure on threat filtering isn't working out so well; to avoid being a 'target' today's organization needs an updated threat strategy

Why Breach Detection Is Your New Must-Have, Cyber Security Tool (TechCrunch) Cyber attacks are all over the news, and it seems like no one is immune — Home Depot, Target, Adobe and eBay included. So why are CIOs still fighting cyber criminals with one hand tied behind their backs?

"Google Dorking" — Waking Up Web Admins Everywhere (TrendLabs Security Intelligence Blog) Last July, the US Department of Homeland Security warned of a new kind of criminal attack: "Google dorking". This refers to asking Google for things they have found via special search operators. Let's look closely and see what this is

Simulators Solving Cyber Training Challenges (Defense News) Soldiers on the battlefield, with bombs exploding nearby and rifle fire coming from somewhere in the middle distance, are in no position to learn how to use the computing and communications systems that their lives might depend on. The time for training — thoroughly — is long before their boots hit the dirt

Cyber attack simulation key to get top management buy-in (ComputerWeekly) Investment by top management is cyber security is vital, and plunging them into the middle of a cyber attack is the best way to get their attention, says Marco Gercke, director for the Cybercrime Research Institute

Cyber Defense: Four Lessons from the Field (Endgame) In cyberspace, as in more traditional domains, it’s essential to both understand your enemy as well as understand yourself

Design and Innovation

Crowdsourceing Competitions Encourage Malicious Behavior, Study Finds (Nextgov) Crowdsourcing competitions have fundamentally changed the way idea-sharing takes place online. Famous contests such as the 2012 Coca-Cola crowdsourced campaign for a new logo and Chicago History Museum's crowdsourced project for a new exhibit last year have created buzz around the practice

How not to do mobile strategy: Killing the skunk (CITEworld) Skunk works projects only work if you let them

Academia

Cyber Innovation Center receives $5M Department of Homeland Security grant (KTBS) Expands nation-wide roll-out of its education model to address national need for cyber work force

4 Good Digital Habits for a New School Year (Trend Micro Internet Safety for Kids and Families) As you make the transition from the leisurely pace of summer to the stressful balancing act of earlier bedtimes, new homework routines, and after-school activities, try to factor in how your kids' use of technology will change with it

Legislation, Policy, and Regulation

Wales Summit Declaration (NATO/OTAN) Issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in Wales

Brushing Off Threats, E.U. Votes to Toughen Its Sanctions on Russia (New York Times) Unswayed by threats of retaliation from Moscow, including a possible ban on airlines from Europe flying over Russia, European leaders on Monday endorsed an expansion of economic sanctions against Russia, but backed off putting the new measures into effect immediately

Russian PM warns west against further sanctions (Guardian) Medvedev says Russia would respond 'asymmetrically' to new measures over Ukraine, possibly stopping flights in its airspace

Arab League issues proclamation on ISIS (CBS News) The Arab League agreed Monday to take urgent measures to combat extremists like the Islamic State of Iraq and Syria as one of its suicide bombers killed 16 people at a meeting of Sunni tribal fighters and security troops in Iraq

NSA reform bill is on hold. Should it include retroactive immunity for Snowden? (Washington Business Journal) A bill that would curtail the government's broad surveillance authority is unlikely to get a vote in Congress before November's elections, and even a vote in the lame-duck session is in doubt

Canada Wants to Regulate the Sale of Cyberweapons, But Hasn't Decided How (Motherboard) How can Canada prevent potential cyberweapons from being sold to malicious actors? Should the goal be to prevent the use of such tools against Canadians, to prevent human rights abuses abroad, or both?

Litigation, Investigation, and Law Enforcement

US Appeals Court hears arguments for shutting down NSA database and domestic surveillance (FierceBigData) Last week, a panel of three judges on the U.S. Court of Appeals for the 2nd Circuit heard arguments on the ACLU v. Clapper lawsuit against the U.S. government's domestic mass surveillance activities. This is the second of two such lawsuits filed against the government. The ACLU argues the surveillance violates the 4th Amendment while the federal government argued that the Patriot Act renders such activities lawful

FBI's account of locating Silk Road's server disputed by researchers (Help Net Security) The US government's explanation of how it managed to discover the location of the servers hosting Silk Road, the infamous online black market, is being disputed by a number of security researchers

FBI's Story of Finding Silk Road’s Server Sounds a Lot Like Hacking (Wired) To hear the FBI tell it, tracking down the secret server behind the billion-dollar drug market known as the Silk Road was as easy as knocking on a door

Home Depot Already Faces Breach Lawsuit (BankInfoSecurity) Although incident not yet confirmed, suit seeks damages

Security Clearance Contractor USIS Rebuffs Edward Snowden Attack (and More) (Roll Call) USIS, the biggest federal contractor for background checks for security clearances, had to be happy to get a U.S. Citizenship and Immigration Services contract worth $190 million recently, because the company had been on a bad news streak. All the contract seemed to do, though, was give ammunition to its critics — including a chorus of them from Capitol Hill — prompting USIS to issue a "myth vs. fact" declaration Monday

Data breach letters offer free credit monitoring (KOMO News) If you get a letter talking about "credit monitoring," don't throw it away. It's an effort to fight back against a cyber attack aimed at health care facilities. The letters are just hitting the mail, and because of they way they're written, some people are suspicious

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.