French authorities urge media vigilance as the investigation into the TV5Monde hack continues. This is more a francophone story than a narrowly French one: TV5Monde serves French-speaking Europe and Canada, too. The scare-quotes Deutsche Welle puts around "IS" suggest the difficulty of attributing hacktivism: sympathizers often act without direction, and the Islamic State's claim to statehood is in itself shaky. Ars Technica observes a password-bearing sticky note in the background during a TV5Monde interview, which suggests a low-tech entry into the network's network was possible.
Recorded Future is seeing an uptick in anti-ISIS cyber vigilantism. It's clustered around #OpAntiISIS.
Krebs warns against China's "Great Cannon" — a program that diverts unencrypted web traffic for diversion into denial-of-service campaigns like the one that clogged GitHub a week ago.
Banking Trojans circulate around the Dyre Wolf gang.
Cyphort finds online fora compromised to serve up the Fiesta exploit kit.
White Lodging warns of a point-of-sale infection at Sheraton and Marriott hotels. Cylance offers more bad news for travellers: hotel Wi-Fi is even worse than you probably suspected.
Level 3 Communication and Cisco cooperate to slow down SSHPsychos (a.k.a. Group 93) responsible for SSH brute-force attacks.
Securities market regulators in both India and New York State tell financial institutions to up their cyber security game or face regulatory help. The New Yorkers are particularly concerned about third-party risks.
An international operation led by Dutch police with the cooperation of Europol and the FBI sinkhole the Beebone polymorphic botnet (the AAEH of US-CERT's recent warning).
Today's issue includes events affecting Australia, Canada, China, Czech Republic, European Union, France, India, Iraq, Netherlands, Nigeria, Russia, Saudi Arabia, Syria, United Arab Emirates, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
France urges vigilance after 'IS' hack TV5 Monde(Deutsche Welle) Paris has warned media outlets to be vigilant after a cyber attack took TV5 Monde off air. Hackers claiming allegiance to the "Islamic State" (IS) blacked out channels on the French global television network
French Broadcaster TV5 Monde Recovers After Hacking(New York Times) The French television broadcaster TV5 Monde was back on the air on Thursday, a day after hackers claiming to support the Islamic State militant group carried out a wide-ranging cyberattack on the network
Investigating Cyber Vigilantes in #OpAntiISIS(Recorded Future) Cyber vigilantism against pro-ISIS social media accounts and terrorist forums are gaining momentum, moving beyond standard DDoS tactics to bounties and release of alleged personal information
Don't Be Fodder for China's 'Great Cannon'(KrebsOnSecurity) China has been actively diverting unencrypted Web traffic destined for its top online search service — Baidu.com — so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week
The Banking Trojan Emotet: Detailed Analysis(Secure List) In the summer of 2014, the company Trend Micro announced the detection of a new threat - the banking Trojan Emotet. The description indicated that the malware could steal bank account details by intercepting traffic. We call this modification version 1
Adventures in PoSeidon genealogy: Tracking a malware family tree(HP Blogs) In late March, Cisco blogged about an interesting case of Point-of-Sale (PoS) malware. Reading through their description, I couldn't help but notice that the core exfiltration malware module named by Cisco, FindStr, is in its sixth and possibly even seventh incarnation. Could it be that there are other versions of that PoS malware which didn't make it to be famous?
Group Behind SSH Brute Force Attacks Slowed Down(Threatpost) A criminal group whose actions have at times been responsible for one-third of the Internet's SSH traffic — most of it in the form of SSH brute force attacks — has been cut off from a portion of the Internet. While not a botnet takedown in the traditional sense, networking providers Level 3 Communication and Cisco have blocked traffic emanating from two address blocks used by the group, and the companies said they will continue to do so as the group migrates to new netblocks
Threat Spotlight: SSHPsychos(Cisco Blogs) Talos has been monitoring a persistent threat for quite some time, a group we refer to as SSHPsychos or Group 93. This group is well known for creating significant amounts of scanning traffic across the Internet. Although our research efforts help inform and protect Cisco customers globally, sometimes it is our relationships that can multiply this impact. Today Cisco and Level 3 Communications took action to help ensure a significantly larger portion of the Internet is also protected
Chilling cyber cut(Saudi Gazette) Computer users face hard choice: Pay ransom or lose files
The Kill Chain: Now With Pastebin(Internet Storm Center) I have yet another maldoc sample. They still keep coming, these malicious Word and Excel documents with VBA macros designed to download a trojan. Each day they are slightly different, and sometimes I see something worth sharing
Scammers deliver malware via fake Steam game pages(Help Net Security) Aside from being regularly targeted with phishing scams, fake giveaways leading to online surveys, and having malware pushed on them via Steam chat, gamers using the popular gaming platform are now also in danger of downloading malicious software masquerading as legitimate games from specially set-up Steam game pages
Hidden backdoor API to root privileges in Apple OS X(TrueSec) The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It's been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system
Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists(Threatpost) When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted store for both iOS and OSX
Security Patches, Mitigations, and Software Updates
MitM, DoS bugs in Network Time Protocol squashed(Help Net Security) Two vulnerabilities affecting Network Time Protocol (NTP), which is used for synchronizing clocks of computer systems, have been patched and made available in the latest version of the protocol daemon (ntpd-4.2.8p2)
WP Super Cache Cross-Site Scripting (XSS) Vulnerability(US-CERT) WP Super Cache, a WordPress plugin, contains a persistent XSS vulnerability in versions prior to 1.4.4. Exploitation of this vulnerability could allow a remote attacker to take control of the affected system. Users and administrators are encouraged to review the WP Super Cache Changelog for more information and update to version 1.4.4 if affected
Global tensions increase cyber threat(Financial Times) Geopolitical risks used to be something that only companies with a global presence had to worry about. But in cyberspace, any connected modern business is vulnerable
Security Sense: Hacking Ain't Hacking(WIndowsITPro) Did you see that 5 year old who hacked the Xbox One last year? No really, he totally hacked it, broke right through all the parental controls (incidentally, how proud is his dad that clip?!) and got unfettered access to the games he wanted to play
Cybercrime gets easier, attribution gets harder(Help Net Security) Threat actors are gaining capabilities through the adoption of cutting-edge tools instead of technical expertise, according to Websense. Redirect chains, code recycling and a host of other techniques are allowing these actors to remain anonymous, making attribution time consuming, difficult and ultimately unreliable
Engility: Formerly Unattractive Spin-Off Transformed With Recent Acquisition(Seeking Alpha) Government service contracting is generally a good business with high barriers to entry and attractive financial characteristics. Engility's acquisition of TASC will reduce its exposure to the defense end-market and increase its presence in the well-funded intelligence end-market. The target price implies 20% upside, based on assumptions of a 10.5 times forward EV/EBITDA and an estimated 2016 EBITDA of $250 million
Blue Coat Enhances Security for Dominant Cyber Espionage Attack Vector(Digital Journal) Blue Coat Systems, Inc., a leader in enterprise security, today announced the addition of Mail Threat Defense to its portfolio of Advanced Threat Defense (ATD) solutions. With the addition of mail threat defense, Blue Coat provides in-depth protection against the common trifecta of attack vectors — web, email and network — for unparalleled defense against advanced threats across the enterprise
Kaspersky begins to offer Kaspersky DDoS Protection to Middle East businesses(CPI Financial) To help businesses address the growing threat of Distributed-Denial-of-Service (DDoS) attacks, Kaspersky Lab starts providing in the Middle East its Kaspersky DDoS Protection — a new solution designed to protect online services against DDoS attacks. Kaspersky Lab's extensive expertise in cyber-threats and its experience in successfully combating them, as well as its bespoke intelligent technologies, enables the solution to handle DDoS attacks of any size and complexity
Using Accelerators to Close the Real-Time Intelligence Gap(CTO Vision) Today's data-intensive analytic platforms offer a dizzying amount of data, originating from sensors, markets, social media, the Internet of Things, and countless other sources. All this data can cause a significant delay in decision-making. Organizations must stop relying on historical and batch analysis for timely, informed, actionable decisions, and begin pushing analysis and alerting closer to the data collection point to gain useful insights
Barracuda Networks Unveils MSP Partner Program(MSPMentor) Barracuda Networks (CUDA) is extending its Barracuda NG Firewall and Barracuda Backup partner offerings to managed service providers (MSPs) by enabling them to transition customers from on-premise to cloud security and storage solutions
Technologies, Techniques, and Standards
The need for end-user visibility in a Bring Your Own Anything environment(Help Net Security) Mobiles, tablets, PCs, applications, cloud services — employees are increasingly bringing non-company devices into their organizations and connecting them to everything they need to do their jobs. As this phenomenon clearly goes way beyond devices alone, I'd suggest that the oft-used acronym BYOD is no longer sufficient, and should perhaps be replaced with BYO* — bring your own anything and everything
Securing high-risk, third-party relationships(Help Net Security) High-profile attacks reveal that malicious hackers target third-party vendors and supply chain partners as a backdoor into their primary target, according to CyberArk Software
Developing a mobile security strategy in banking and financial services(Networks Asia) The rise of enterprise mobility and mobile finance malware means organizations, especially those in the banking and financial services sector, have to adapt and redefine security for the mobile economy of today, which is moving into an era of mobile banking and mobile transactions
IBM peers into Numenta machine intelligence approach(Phys.org) Are we nowhere near the limits to which machines can make sense out of raw data? Some scientists would say that today's programmed computers cannot match a computer approach using biological learning principles for next steps in achieving machine intelligence. Enter Numenta. The premise of Numenta is that the brain is the best example of an intelligent system and provides a roadmap for building intelligent machines. The "machine intelligence" company is in the business of promoting its computational framework based on principles of the brain along with a software suite
The battle to beat password security threats(Financial Times) Setting up an online account is easy: your user name is usually your email address, you then choose a password, deal with a few security questions, perhaps respond to a verification email, and your account is ready to use
President Obama steps up the fight against cyber threats(Financial Times) When President Obama stepped up to the podium to give his annual State of the Union speech in January, he gave cyber security experts a glimmer of hope that their fears of massive harm were finally being considered as a great threat to the nation
Lobbyists for Spies Appointed To Oversee Spying(Intercept) Who's keeping watch of the National Security Agency? In Congress, the answer in more and more cases is that the job is going to former lobbyists for NSA contractors and other intelligence community insiders
NYDFS Report Shows Need to Tighten Cyber Security at Banks' Third-Party Vendors(New York State Department of Financial Services) Benjamin M. Lawsky, Superintendent of the New York State Department of Financial Services (NYDFS), released a report warning banks that insufficient security at third-party vendors could provide a backdoor for hackers to gain access to critical systems and pilfer sensitive financial information
Sebi to step up cyber security in markets(DNA India) The Securities and Exchange Board of India (Sebi), which is mandated to regulate the entire gamut of capital markets in the country, has expanded the ambit of its Technical Advisory Committee (TAC) to include cyber security of the markets
Pentagon Says It Is Moving to Protect Its Cyber Flanks(Foreign Policy) Officials in charge of buying guns and butter for the Department of Defense have decided — only seven years after Chinese hackers infiltrated the F-35 program — that it's about time to make cybersecurity a core requirement for all weapons systems
Does cyber corps merit its own service branch?(Navy Times) Defense Secretary Ash Carter raised eyebrows during his recent visit to the U.S. Cyber Command headquarters in Maryland when he suggested that the cyber corps may ultimately become its own service branch
International operation mounted to counter Beebone Botnet(eHacking News) A multinational task-force comprising of European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), the FBI and led by Dutch National High Tech Crime Unit was recently set up to target the Beebone (AAEH) botnet, a downloader virus that cripples a computers defenses by downloading various malwares on a PC
Want to See Domestic Spying's Future? Follow the Drug War(Wired) The NSA isn't the only three-letter agency that's been quietly collecting Americans' data on a mind-boggling scale. The country learned this week that the Drug Enforcement Agency spied on all of us first, and with even fewer privacy protections by some measures. But if anyone is surprised that the DEA's mass surveillance programs have been just as aggressive as the NSA's, they shouldn't be. The early targets that signal shifts in America's domestic surveillance techniques aren't activists and political dissidents, as some privacy advocates argue — or terrorists, as national security hawks would claim. They're drug dealers
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cloud Identity Summit 2015(La Jolla, California, USA, June 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the...
TRUSTe Internet of Things Privacy Summit 2015(Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations...
Cyber Threats Masterclass(Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...
InfoSec Southwest 2015(Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
Cybergamut Tech Tuesday: Tor and the Deep Dark Web(Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
Cyber Security Summit: Industrial Sector & Governments(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...
Cyber Security Summit: Fnancial Services(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...
INTERPOL World 2015(Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...
Mid-Atlantic ISSA Security Conference 2015(Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...
IIT Cyber Forensics and Security Conference and Expo(Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...
RSA Conference 2015(San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference(Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.
Security Forum 2015(Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...
CyberTexas / CyberIOT(San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...
INTEROP Las Vegas(Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...
2015 Synergy Forum(Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.