skip navigation

More signal. Less noise.

Daily briefing.

Two new Chinese APT units, "Moafree" (operating from Guandong) and "DragonOK" (based in Jiangsu), are looking for intellectual property, mostly in Japan and Taiwan. FireEye's discovery prompts observation that cyber attacks can now be "mass produced," and cyber campaigns "franchised." (Threatpost close reads the reports and concludes oil and gas exploitation in the South China Sea would be China's goal.)

The Gmail credential...well, leak? publication? still seems nothing that can't be dealt with by even a modicum of Internet hygiene, and Google's no-worries-here take on the episode appears confirmed.

Researchers from nuix and CBTS see enough significant differences between the malware used against Target and that found in the Home Depot hack to conclude that BlackPOS wasn't after all used in the more recent attack. (Their discussion of malware classification is interesting.)

Trend watchers think Apple Pay may disrupt — in a security-positive way — the pay card industry. Widespread consumer adoption will, they think, be key.

All industrial sectors seem broadly to agree that threat intelligence sharing is vital to security, but such cooperation is proving difficult to achieve, especially without supporting legislation. The usual concerns — litigation, reputational damage, etc. — inhibit collective defense. (Big data's glare-of-war challenges also remain to be overcome.)

Schneier points to studies of password managers: their security merits scrutiny.

The US lines up regional intelligence support against ISIS. The European Union and the US announce fresh sanctions against Russia over its Ukrainian incursions. Russia promises "asymmetric" retaliation: watch for cyber campaigns. The reconnaissance has already been done.


Today's issue includes events affecting Australia, China, European Union, Japan, Jordan, Iraq, Republic of Korea, New Zealand, Russia, South Africa, Syria, Taiwan, Ukraine, United States.

The CyberWire will be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events. We also plan to cover the 5th Annual Billington Cybersecurity Summit in Washington, DC, on September 16, which promises an interesting set of speakers and sessions.

Cyber Attacks, Threats, and Vulnerabilities

Chinese Hacking Groups Team Up Against Government, Military Systems (Threatpost) Two Chinese cyber espionage campaigns are working in tandem in hopes of sniffing out trade secrets from surrounding nations

The Path to Mass-Producing Cyber Attacks (FireEye Blog) Lines of people, lines of parts. The modern production line is composed of individuals contributing to a larger process. This common manufacturing approach is efficient, effective, and profitable

Franchising The Chinese APT (Dark Reading) At least two different cyber espionage gangs in China appear to be employing uniform tools and techniques, FireEye finds

Massive Gmail credential leak is not result of a breach (Help Net Security) By now, you might have heard that there has been a leak of a nearly 5 million username and password combinations associated with Google accounts

Google Locks Down Stolen Credentials (BankInfoSecurity) Search giant says its systems were not breached

What you need to know about the Gmail password compromise (Computerworld via CSO) There's no need to panic about the nearly five million compromised Gmail passwords that appeared in a Russian Bitcoin security forum this week, according to Google

Home Depot Breach May Not Be Related To BlackPOS, Target (Dark Reading) New analysis of the malware earlier identified as a BlackPOS variant leads some researchers to believe that they are two different malware families entirely

Vulnerability in popular Joomla e-commerce extension puts online shops at risk (IDG via CSO) A critical vulnerability in a popular e-commerce extension for the Joomla content management system allows malicious users to gain super-admin privileges to sites that run the software

Incapsula — Semalt Botnet Spreading Strongly Across the Web (Spamfighter News) Security researchers of security firm Incapsula warn that the "Semalt" botnet is spreading quickly over the Internet

TorrentLocker unlocked! Buggy ransmoware allows easy recovery for victims. (Tripwire: The State of Security) Far from being the geniuses that the media like to portray, malicious hackers can make mistakes just as well as the next person… and that's certainly true of whoever was behind the TorrentLocker ransomware

Cycbot Backdoor (Infosec Institute) Cycbot is a malware that spreads using instant messaging and removable drives and contains backdoor functionality that allows unauthorized access to an affected computer

Your Ticket to Malware (Cyveillance) A recent spate of scam emails purporting to be e-tickets from a major airline has been spreading in the wild recently. The "ticket" is really a zipped malware executable. Here is what one of the scam emails looks like

MH17 plane crash victims exploited by cold-hearted scammers (We Live Security) When Malaysia Airlines Flight 17 (MH17) was shot down in Ukrainian airspace in July of this year, the world was understandably shocked

Security Patches, Mitigations, and Software Updates

US-CERT Warns of Vulnerability in Cisco Baseboard Controller (Threatpost) US-CERT today released an advisory warning of a vulnerability in Cisco's Integrated Management Controller (IMC). Cisco released an update that patches the security hole

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability (Cisco) A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition

Microsoft patch fixed IE flaw used against U.S. military (CSO) Microsoft's batch of patches released this week for Internet Explorer included a fix for a vulnerability exploited in February by hackers hunting for U.S. military secrets

Cyber Trends

How Apple Pay could make the Target and Home Depot breaches a thing of the past (IDG via CSO) The launch of Apple's mobile payment system could prove a turning point in the battle to secure your debit and credit card information from hackers

Apple Pay: A Necessary Push To Transform Consumer Payments (Dark Reading) Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic

Envisioning a Collaborative Approach to Cybersecurity (Corporate Counsel) Unless Congress acts on a major cybersecurity bill this session, the U.S. will face "a major catastrophic event" that takes down an American company or institution in the next 18 months, according to Rep. Michael Rogers, R-Mich., chairman of the U.S. House of Representatives Select Committee on Intelligence

Information Sharing on Threats Seen as a Key for Auto Makers (Threatpost) A small segment of the security research community has been spending a lot of time tearing apart the innards of various vehicles and looking at ways that the computers and local networks that reside in modern cars can be hacked. There has been some remarkable success on this front, and while auto makers haven't paid much attention so far, the acting head of the National Highway Traffic Safety Administration says that it's time they did

Why Turning Data Into Security Intelligence Is So Hard (Security Intelligence) I was hanging out in a local graveyard a few years ago doing math on the ages of the people buried there when it suddenly occurred to me why turning massive volumes of data into security intelligence is so hard

The systems is REALLY broken — even the banks don't get ICS cyber security (Control) Several months ago I was approached by an executive at a large bank. The concern was cyber security of their building controls and the lack of a bridge between the IT security people and the building controls people

Privacy, Security & The Geography Of Data Protection (Dark Reading) Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?

Nearly Half of Businesses Surveyed by Pwnie Express Say They Don't Thoroughly Assess Security at Remote and Branch Locations (Digital Journal) Nearly half of businesses surveyed don't assess their wireless assets at remote and branch locations, leaving the entire organization exposed to cyber attack

Consumers worried about call centre security, new survey reveals (Graham Cluley) We're all becoming far too familiar with stories of large organisations being hacked and sensitive information being stolen

Most people still unconcerned about privacy threats (Help Net Security) While cyber thieves continue to breach major corporations such as JP Morgan and, just last week, the Salvation Army and Home Depot, Americans still seem to be unconcerned about the growing cyber crisis, according to idRADAR

29 data losses per day as ANZ companies struggle with security (IT Brief) A staggering 90 percent of Australian and New Zealand organisations experienced data loss events, according to Check Point Software Technologies' 2014 Security Report

Malicious Web access skyrockets (ITWeb) The threat of unknown malware is on the increase, says Doros Hadjizenonos, Check Point's sales manager for SA. Hackers have stepped up their game so as to infiltrate organisations, mainly for financial gain


Startup Uncovers Flaws In Mobile Apps, Launches New Security Service (Dark Reading) Wandera says only one of seven US employees is given any guidance on mobile security by the employer

Rook Security Takes Top Honors For Most Innovative Managed Security Service At Golden Bridge Awards (Herald Online) Latest accolade adds to growing list of industry recognition garnered by rapidly expanding Indiana security consulting and managed services firm

Frost & Sullivan Names Procera Networks' President and CEO James Brear a Silicon Valley Legend at GIL 2014 (IT Business Net) Procera Networks, Inc. (NASDAQ: PKT), the global Subscriber Experience company, today announced that president and CEO, James Brear, will be honored as a Legend of Silicon Valley

Products, Services, and Solutions

What security experts think about Apple Pay (Help Net Security) Apple announced Apple Pay, a new category of service that works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID

Cimcor Releases CimTrak with Web Based Security Dashboard and Policy Manager (IT Business Net) Cimcor, Inc. announced a major new version of their file integrity monitoring and compliance software suite, CimTrak Version

Technologies, Techniques, and Standards

Your configuration files are showing (CSO) One of my favorite activities is using search engines to hunt for things that, realistically, I should not be able to find. Recently, I was able to find thousands of sites with their databases exposed. This time I was able to unearth a treasure trove of configuration files on a wide range of devices. These configuration files showed routes, rules and even passwords

Security of Password Managers (Schneier on Security) At USENIX Security this year, there were two papers studying the security of password managers… It's interesting work, especially because it looks at security problems in something that is supposed to improve security

Password Managers: Attacks and Defenses (Stanford University) We study the security of popular password managers and their policies on automatically filling in Web passwords. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We observe significant differences in autofill policies among password managers. Several autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user's password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers

The Emperor's New Password Manager: Security Analysis of Web-based Password Managers (USENIX) We conduct a security analysis of five popular web-based password managers. Unlike "local" password managers, web-based password managers run in the browser. We identify four key security concerns for web-based password managers and, for each, identify representative vulnerabilities through our case studies. Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites. We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords. The root-causes of the vulnerabilities are also diverse: ranging from logic and authorization mistakes to misunderstandings about the web security model, in addition to the typical vulnerabilities like CSRF and XSS. Our study suggests that it remains to be a challenge for the password managers to be secure. To guide future development of password managers, we provide guidance for password managers. Given the diversity of vulnerabilities we identified, we advocate a defense-in-depth approach to ensure security of password managers

Are free file storage solutions a safe bet for businesses? (Help Net Security) The benefits of cloud computing are becoming increasingly recognized, and with this heightened understanding comes growing numbers of UK businesses that are embracing the use of the cloud for the storage of data

Hacker publishes tech support phone scammer slammer (Register) Now who's got a 'security problem on your computer'?

Design and Innovation

Facebook tests Snapchat-like vanishing act for posts (Naked Security) Good morning, Facebook citizens. Your mission, if you choose to accept it, is to have your Facebook postings self-destruct in 5 seconds

Research and Development

DHS Transition To Practice Program Aided By Sandia Cyber Testing (Homeland Security Today Staff) Cybersecurity technologies developed at Sandia National Laboratories and at other federal labs "now stand a better chance of finding their way into the real world" through the Department of Homeland Security's Transition to Practice (TTP) program

Head of DHS's R&D arm says new strategic plan will better meet user needs (FierceHomelandSecurity) The head of the Homeland Security Department's research and development arm told lawmakers Sept. 9 that the long-term strategy that his organization is currently developing will better meet what Border Patrol agents and other end users need to do their jobs


Oculus CEO Brendan Iribe Donates $31M To Build VR Lab At His Alma Mater University Of Maryland (TechCrunch) Brendan Iribe dropped out of University Of Maryland his freshman year to launch a startup before going on to form Oculus. But now inspired by Mark Zuckerberg's philanthropy and made rich by Zuck's company buying Oculus for $2 billion, Iribe is donating $31 million to build the Brendan Iribe Center for Computer Science and Innovation at University Of Maryland (UMD), plus set up a CS scholarship

Intro to computer science is now the most popular course at Harvard (Quartz) Harvard students know which way the wind is blowing. According to a report from the Harvard Crimson, the school's introductory computer science class (CS50) has a record 818 undergraduates this fall. Twelve percent of undergraduates are taking the course, making it the most popular Harvard course in at least a decade

The MOOC Revolution That Wasn't (TechCrunch) Three years ago this week, Sebastian Thrun recorded his Stanford class on Artificial Intelligence, released it online to a staggering 180,000 students, and started a "revolution in higher education." Soon after, Coursera, Udacity and others promised free access to valuable content, supposedly delivering a disruptive solution that would solve massive student debt and a struggling economy. Since then, over 8 million students have enrolled in their courses

Legislation, Policy, and Regulation

The Mouse That Roars (Foreign Policy) Tiny Jordan's spies have helped the United States hunt down some of its most dangerous enemies. Now Obama is hoping those spooks can beat the Islamic State

E.U. tightens sanctions against Russian banks, defense companies and individuals (Washington Post) The European Union's new economic sanctions against Russia will go into effect Friday, for the country's involvement in the Ukraine crisis. The U.S. is scheduled to outline to outline a new series of sanctions Friday

Treasury expands sanctions on Russia over Ukraine conflict (MarketWatch) The Treasury Department announced expanded sanctions against Russian businesses on Friday in response to "continued Russian efforts to destabilize eastern Ukraine." Russia's largest bank, Sberbank, will no longer have access to long-term debt financing from the U.S. In addition, the U.S. is blocking the assets of five state-owned defense-technology firms. U.S. companies will also be blocked from cooperating with five firms in the Russian energy sector, including Gazprom gazp Lukoil and Rosneft rosn

Putin's new counter-sanctions are aimed at selling more Russian stuff, not punishing the West (Quartz) With draconian new western sanctions looming today, Russian president Vladimir Putin is planning what his aides call "asymmetric" retaliation. But rather than punishing the West directly, he seems to be pushing to make Russia more economically self-reliant — while also taking care not to rile Russians who are accustomed to a wide range of western goods

Official: US laws need to be updated to help DHS better tackle cyber threats and attacks (FierceHomelandSecurity) A top Homeland Security Department official told Senate lawmakers Sept. 10 that Congress needs to update laws to help the department better tackle the growing threat of cyber threats and attacks

Gillibrand: On The 13th Anniversary Of 9/11, Let's Help Businesses Fight Cyber Terrorism (Forbes) Nearly every day now, news of a new cyber-attack possibility hits the front pages: Credit card theft, hacked hospitals, or even a "Fort Hood in cyberspace." To most of us whose lives don't typically intertwine with the tech industry, these digital crimes lack the immediacy of fear-inducing physical threats. But a well-planned cyber-attack could certainly cause the kind of damage we would expect from a natural disaster or a violent terror attack

Dropbox Calls For Support Of The Senate's NSA Reform Bill (TechCrunch) This morning, Dropbox released new information detailing government requests for its user data, and information about certain user accounts. The company also called for the passage of the Senate's version of the USA FREEDOM Act

Privacy advocates, tech companies nudge Congress to protect 'abandoned' e-mails (Washington Post) Ranging from Adobe to the ACLU, from Facebook to FreedomWorks, and from Twitter to the Taxpayers Protection, a coalition of more than 80 civil liberties groups and tech companies has sent a pair of letters to Congress meant to nudge the House and Senate into moving ahead with a vote on legislation that would require e-mails stored longer than six months to be accessed only by a warrant

Settling Cyber Differences (SIGNAL) Military officials will attempt to reach agreement on critical cyber issues

Army Cyber Chief: Let's Get Closer To Industry (Defense News) To keep pace with rapid changes in the cyber domain, the military needs "a much tighter relationship between industry and government," the head of U.S. Army Cyber Command said Thursday

Did You Know You Had Diabetes? It's All Over the Internet (Bloomberg) Dan Abate doesn't have diabetes nor is he aware of any obvious link to the disease. Try telling that to data miners

Litigation, Investigation, and Law Enforcement

Statement by the Office of the Director of National Intelligence and the U.S. Department of Justice on the Declassification of Documents Related to the Protect America Act Litigation (IC on the Record) On January 15, 2009, the U.S. Foreign Intelligence Surveillance Court of Review (FISC-R) published an unclassified version of its opinion in In Re: Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act, 551 F.3d 1004 (Foreign Intel. Surv. Ct. Rev. 2008). The classified version of the opinion was issued on August 22, 2008, following a challenge by Yahoo! Inc. (Yahoo!) to directives issued under the Protect America Act of 2007 (PAA). Today, following a renewed declassification review, the Executive Branch is publicly releasing various documents from this litigation, including legal briefs and additional sections of the 2008 FISC-R opinion, with appropriate redactions to protect national security information. These documents are available at the website of the Office of the Director of National Intelligence (ODNI), and ODNI's public website dedicated to fostering greater public visibility into the intelligence activities of the U.S. Government

US threatened Yahoo with $250,000 daily fine over NSA data refusal (Guardian) Company releases 1,500 documents from failed suit against NSA over user data requests and cooperation with Prism compliance

US Government Requests Access to Non-Existent Dropbox Accounts (Infosecurity Magazine) US government requests for access to Dropbox user content and account details rose in line with subscriber numbers over the first half of 2014, but several of the accounts requested didn't actually exist, according to the firm

TV monitoring service is fair use, judge rules (Ars Technica) Fox News sued TVEyes, which records television 24/7/365 — but it's fair use

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...

The 2014 Cyber Security Summit (New York) (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.