Two new Chinese APT units, "Moafree" (operating from Guandong) and "DragonOK" (based in Jiangsu), are looking for intellectual property, mostly in Japan and Taiwan. FireEye's discovery prompts observation that cyber attacks can now be "mass produced," and cyber campaigns "franchised." (Threatpost close reads the reports and concludes oil and gas exploitation in the South China Sea would be China's goal.)
The Gmail credential...well, leak? publication? still seems nothing that can't be dealt with by even a modicum of Internet hygiene, and Google's no-worries-here take on the episode appears confirmed.
Researchers from nuix and CBTS see enough significant differences between the malware used against Target and that found in the Home Depot hack to conclude that BlackPOS wasn't after all used in the more recent attack. (Their discussion of malware classification is interesting.)
Trend watchers think Apple Pay may disrupt — in a security-positive way — the pay card industry. Widespread consumer adoption will, they think, be key.
All industrial sectors seem broadly to agree that threat intelligence sharing is vital to security, but such cooperation is proving difficult to achieve, especially without supporting legislation. The usual concerns — litigation, reputational damage, etc. — inhibit collective defense. (Big data's glare-of-war challenges also remain to be overcome.)
Schneier points to studies of password managers: their security merits scrutiny.
The US lines up regional intelligence support against ISIS. The European Union and the US announce fresh sanctions against Russia over its Ukrainian incursions. Russia promises "asymmetric" retaliation: watch for cyber campaigns. The reconnaissance has already been done.
Today's issue includes events affecting Australia, China, European Union, Japan, Jordan, Iraq, Republic of Korea, New Zealand, Russia, South Africa, Syria, Taiwan, Ukraine, United States.
The CyberWire will be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events. We also plan to cover the 5th Annual Billington Cybersecurity Summit in Washington, DC, on September 16, which promises an interesting set of speakers and sessions.
The Path to Mass-Producing Cyber Attacks(FireEye Blog) Lines of people, lines of parts. The modern production line is composed of individuals contributing to a larger process. This common manufacturing approach is efficient, effective, and profitable
Franchising The Chinese APT(Dark Reading) At least two different cyber espionage gangs in China appear to be employing uniform tools and techniques, FireEye finds
Cycbot Backdoor(Infosec Institute) Cycbot is a malware that spreads using instant messaging and removable drives and contains backdoor functionality that allows unauthorized access to an affected computer
Your Ticket to Malware(Cyveillance) A recent spate of scam emails purporting to be e-tickets from a major airline has been spreading in the wild recently. The "ticket" is really a zipped malware executable. Here is what one of the scam emails looks like
Envisioning a Collaborative Approach to Cybersecurity(Corporate Counsel) Unless Congress acts on a major cybersecurity bill this session, the U.S. will face "a major catastrophic event" that takes down an American company or institution in the next 18 months, according to Rep. Michael Rogers, R-Mich., chairman of the U.S. House of Representatives Select Committee on Intelligence
Information Sharing on Threats Seen as a Key for Auto Makers(Threatpost) A small segment of the security research community has been spending a lot of time tearing apart the innards of various vehicles and looking at ways that the computers and local networks that reside in modern cars can be hacked. There has been some remarkable success on this front, and while auto makers haven't paid much attention so far, the acting head of the National Highway Traffic Safety Administration says that it's time they did
Why Turning Data Into Security Intelligence Is So Hard(Security Intelligence) I was hanging out in a local graveyard a few years ago doing math on the ages of the people buried there when it suddenly occurred to me why turning massive volumes of data into security intelligence is so hard
Most people still unconcerned about privacy threats(Help Net Security) While cyber thieves continue to breach major corporations such as JP Morgan and, just last week, the Salvation Army and Home Depot, Americans still seem to be unconcerned about the growing cyber crisis, according to idRADAR
Malicious Web access skyrockets(ITWeb) The threat of unknown malware is on the increase, says Doros Hadjizenonos, Check Point's sales manager for SA. Hackers have stepped up their game so as to infiltrate organisations, mainly for financial gain
What security experts think about Apple Pay(Help Net Security) Apple announced Apple Pay, a new category of service that works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID
Your configuration files are showing(CSO) One of my favorite activities is using search engines to hunt for things that, realistically, I should not be able to find. Recently, I was able to find thousands of sites with their databases exposed. This time I was able to unearth a treasure trove of configuration files on a wide range of devices. These configuration files showed routes, rules and even passwords
Security of Password Managers(Schneier on Security) At USENIX Security this year, there were two papers studying the security of password managers… It's interesting work, especially because it looks at security problems in something that is supposed to improve security
Password Managers: Attacks and Defenses(Stanford University) We study the security of popular password managers and their policies on automatically filling in Web passwords. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We observe significant differences in autofill policies among password managers. Several autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user's password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers
The Emperor's New Password Manager: Security Analysis of Web-based Password Managers(USENIX) We conduct a security analysis of five popular web-based password managers. Unlike "local" password managers, web-based password managers run in the browser. We identify four key security concerns for web-based password managers and, for each, identify representative vulnerabilities through our case studies. Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites. We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords. The root-causes of the vulnerabilities are also diverse: ranging from logic and authorization mistakes to misunderstandings about the web security model, in addition to the typical vulnerabilities like CSRF and XSS. Our study suggests that it remains to be a challenge for the password managers to be secure. To guide future development of password managers, we provide guidance for password managers. Given the diversity of vulnerabilities we identified, we advocate a defense-in-depth approach to ensure security of password managers
DHS Transition To Practice Program Aided By Sandia Cyber Testing(Homeland Security Today Staff) Cybersecurity technologies developed at Sandia National Laboratories and at other federal labs "now stand a better chance of finding their way into the real world" through the Department of Homeland Security's Transition to Practice (TTP) program
Oculus CEO Brendan Iribe Donates $31M To Build VR Lab At His Alma Mater University Of Maryland(TechCrunch) Brendan Iribe dropped out of University Of Maryland his freshman year to launch a startup before going on to form Oculus. But now inspired by Mark Zuckerberg's philanthropy and made rich by Zuck's company buying Oculus for $2 billion, Iribe is donating $31 million to build the Brendan Iribe Center for Computer Science and Innovation at University Of Maryland (UMD), plus set up a CS scholarship
Intro to computer science is now the most popular course at Harvard(Quartz) Harvard students know which way the wind is blowing. According to a report from the Harvard Crimson, the school's introductory computer science class (CS50) has a record 818 undergraduates this fall. Twelve percent of undergraduates are taking the course, making it the most popular Harvard course in at least a decade
The MOOC Revolution That Wasn't(TechCrunch) Three years ago this week, Sebastian Thrun recorded his Stanford class on Artificial Intelligence, released it online to a staggering 180,000 students, and started a "revolution in higher education." Soon after, Coursera, Udacity and others promised free access to valuable content, supposedly delivering a disruptive solution that would solve massive student debt and a struggling economy. Since then, over 8 million students have enrolled in their courses
Legislation, Policy, and Regulation
The Mouse That Roars(Foreign Policy) Tiny Jordan's spies have helped the United States hunt down some of its most dangerous enemies. Now Obama is hoping those spooks can beat the Islamic State
Treasury expands sanctions on Russia over Ukraine conflict(MarketWatch) The Treasury Department announced expanded sanctions against Russian businesses on Friday in response to "continued Russian efforts to destabilize eastern Ukraine." Russia's largest bank, Sberbank, will no longer have access to long-term debt financing from the U.S. In addition, the U.S. is blocking the assets of five state-owned defense-technology firms. U.S. companies will also be blocked from cooperating with five firms in the Russian energy sector, including Gazprom gazp Lukoil and Rosneft rosn
Gillibrand: On The 13th Anniversary Of 9/11, Let's Help Businesses Fight Cyber Terrorism(Forbes) Nearly every day now, news of a new cyber-attack possibility hits the front pages: Credit card theft, hacked hospitals, or even a "Fort Hood in cyberspace." To most of us whose lives don't typically intertwine with the tech industry, these digital crimes lack the immediacy of fear-inducing physical threats. But a well-planned cyber-attack could certainly cause the kind of damage we would expect from a natural disaster or a violent terror attack
Dropbox Calls For Support Of The Senate's NSA Reform Bill(TechCrunch) This morning, Dropbox released new information detailing government requests for its user data, and information about certain user accounts. The company also called for the passage of the Senate's version of the USA FREEDOM Act
Privacy advocates, tech companies nudge Congress to protect 'abandoned' e-mails(Washington Post) Ranging from Adobe to the ACLU, from Facebook to FreedomWorks, and from Twitter to the Taxpayers Protection, a coalition of more than 80 civil liberties groups and tech companies has sent a pair of letters to Congress meant to nudge the House and Senate into moving ahead with a vote on legislation that would require e-mails stored longer than six months to be accessed only by a warrant
Army Cyber Chief: Let's Get Closer To Industry(Defense News) To keep pace with rapid changes in the cyber domain, the military needs "a much tighter relationship between industry and government," the head of U.S. Army Cyber Command said Thursday
Statement by the Office of the Director of National Intelligence and the U.S. Department of Justice on the Declassification of Documents Related to the Protect America Act Litigation(IC on the Record) On January 15, 2009, the U.S. Foreign Intelligence Surveillance Court of Review (FISC-R) published an unclassified version of its opinion in In Re: Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act, 551 F.3d 1004 (Foreign Intel. Surv. Ct. Rev. 2008). The classified version of the opinion was issued on August 22, 2008, following a challenge by Yahoo! Inc. (Yahoo!) to directives issued under the Protect America Act of 2007 (PAA). Today, following a renewed declassification review, the Executive Branch is publicly releasing various documents from this litigation, including legal briefs and additional sections of the 2008 FISC-R opinion, with appropriate redactions to protect national security information. These documents are available at the website of the Office of the Director of National Intelligence (ODNI), and ODNI's public website dedicated to fostering greater public visibility into the intelligence activities of the U.S. Government
US Government Requests Access to Non-Existent Dropbox Accounts(Infosecurity Magazine) US government requests for access to Dropbox user content and account details rose in line with subscriber numbers over the first half of 2014, but several of the accounts requested didn't actually exist, according to the firm
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Suits and Spooks London(London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...
Build IT Break IT Fix IT: Fix IT(Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...
NOPcon Security Conference(Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...
5th Annual Billington Cybersecurity Summit(Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...
SINET Global Summit(London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...
Cyber Attack Against Payment Processes Exercise 2(Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...
Global Identity Summit(Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...
Fraud Summit Toronto(Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...
CSA Congress 2014 & IAPP Privacy Academy 2014(San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...
ICS-ISAC Fall Conference(Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...
The 2014 Cyber Security Summit (New York)(New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...
Ft. Meade Technology Expo(Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...
The 2014 Cyber Security Summit(New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...
NYIT Cyber Security Conference(New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.