More reports from France point to the relatively long preparation involved in the relatively low-tech hack of TV5Monde.
Trustwave shares its discovery of "Punkey," a new point-of-sale malware variant. (Some details are appropriately redacted, given that the discovery occurred in the course of Trustwave's support of a US Secret Service investigation.)
Norse and Cylance independently warn of increased Iranian cyber operations.
Observers digest this week's US Government Accountability Office (GAO) report on commercial air vulnerability to hacking. Some concerns surround the Federal Aviation Administration's upgraded air traffic control system; others are prompted by increased flight deck connectivity. Hijacking flights by Wi-Fi is (for now) a bit of a stretch, but there's clearly a significantly expanded attack surface in airliners now entering service.
This and other threats prompt renewed discussion of cyber threat (and response) sharing. Several platforms are compared; the market continues to worry the intersection of IP, regulation, litigation, and technology. Recorded Future likens threat intelligence to a "judo move" in responsive defense. Fast Company reports an interesting design for anonymized cyber information sharing from start-up Trustar. The government can subpoena them all day long, but since Trustar doesn't hold their customers' encryption keys, they couldn't surrender customers' data even if they wanted to.
International meetings on privacy continue in the Hague. The US Congress continues to mull legislation affecting not only surveillance, but also privacy and incentives for businesses to report and share cyber threat intelligence.
Oracle stops patching Java 7. Issues surface with some April Microsoft patches.
Today's issue includes events affecting Australia, Brazil, China, Egypt, European Union, France, Germany, Iran, Iraq, Russia, Syria, United Kingdom, United States.
The CyberWire will be covering RSA 2015 in San Francisco next week. Look for special issues devoted to the event beginning with a preview tomorrow.
Punkey POS Malware Sets Sights on More Retailers(Infosecurity Magazine) Researchers involved in a US Secret Service investigation have found a potentially prolific piece of advanced POS malware which could come from the same code base as the previously discovered NewPosThings family
New POS Malware Emerges — Punkey(Trustwave: SpiderLabs® Blog) During a recent United States Secret Service investigation, Trustwave encountered a new family of POS malware, that we named Punkey. It appears to have evolved from the NewPOSthings family of malware first discovered by Dennis Schwarz and Dave Loftus at Arbor Networks. While this malware shares some commonalities with that family, it departs from the standard operating procedure of the previous versions rather dramatically. In a blog post, TrendMicro also detailed recently compiled versions of the NewPOSthings family that bear a closer resemblance to NewPOSthings than Punkey. This suggests that multiple actors may be using similar source code, or the malware is being customized as a service for targeted campaigns. Because of the active investigation, I cannot reveal C&C domains used in the samples
Alert (TA15-105A) Simda Botnet(US-CERT) The Simda botnet — a network of computers infected with self-propagating malware — has compromised more than 770,000 computers worldwide. The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations
FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen(Government Accountability Office) As the agency transitions to the Next Generation Air Transportation System (NextGen), the Federal Aviation Administration (FAA) faces cybersecurity challenges in at least three areas: (1) protecting air-traffic control (ATC) information systems, (2) protecting aircraft avionics used to operate and guide aircraft, and (3) clarifying cybersecurity roles and responsibilities among multiple FAA offices
Hackers Could Commandeer New Planes Through Passenger Wi-Fi(Wired) Seven years after the Federal Aviation Administration first warned Boeing that its new Dreamliner aircraft had a Wi-Fi design that made it vulnerable to hacking, a new government report suggests the passenger jets might still be vulnerable
Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787(TrendLabs Security Intelligence Blog) On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited, and how Trend Micro can protect against future possible attacks
Targeted Attack Trends 2014 Annual Report(Trend Micro) Targeted attacks, aka advanced persistent threats (APTs), refer to a category of threats that aim to exfiltrate data. These comprise six components — intelligence gathering, point of entry, command and control (C&C), lateral movement, asset/data discovery, and data exfiltration, which includes a maintenance phase that allows threat actors to maintain their foothold within networks. Attackers initially gather target victims' profile information, which is then used as a delivery mechanism to gain entry into their networks. Once communication between compromised systems and C&C servers under attacker control is established, threat actors can then laterally move throughout the network and identify sensitive files to exfiltrate. In data exfiltration, an organization's "crown jewels" are transferred to a location predefined by the attackers
Enterprise Security Trends that Will Rule 2015(TechZone360) From 3D printers that can replicate the intricate details of the human heart to wearable technology that tracks everything from blood pressure to incoming emails, 2015 shows great promise in becoming "Year One" of the new digital world order. But before we get too distracted, it's worth paying attention to — and learning from — the past, which has consistently revealed where even the most established industry giants stumble: enterprise security
Key trends for risk-prone behavior in the workforce(Help Net Security) Businesses are ill prepared for the high-risk, high-growth mindset of the GenMobile workforce, creating alarming disparity around security practices in the corporate world. The chasm that is exposed between age, gender, income level, industry and geographic location has a direct effect on the security of corporate data
Compromised credentials haunt cloud app usage(Help Net Security) Netskope found that more than seven out of ten uploads from users with compromised accounts are to apps with a "poor" rating in the Netskope Cloud Confidence Index. Additionally, 21.6 percent of logins to the Salesforce app come from compromised accounts. Cloud app usage continues to grow across enterprise organizations, more than 25 percent of organizations use more than 1,000 apps
Top cyber words for 2015(Augusta Chronicle) When I spoke at the International Conference on Cyber Security in New York in January, officials including Director of National Intelligence Jim Clapper and FBI Director James Comey spoke eloquently about "changing the calculus" of cyber attacks. Lisa Monaco, assistant to the president for homeland security and counterterrorism, was passionate about how serious the White House takes critical infrastructure protection
The Investors Behind The Next Billion Dollar Startups(Forbes) While the aim of this latest Forbes list is to honor the founders of the next billion dollar tech startups and their teams, credit is also due to the investors backing them. Of the five firms listed below, nearly all have been venture capital stalwarts for decades, with just one exception (the six-year-old Andreessen Horowitz). But in every case, the value of brand and judgment, tested by market cycles and challenged economies, is apparent. And the firms' investments in not one but several of these high-growth companies demonstrate their consistent success
Hot IPOs: CyberArk Sets Up In Cup-With-Handle Base(Investor's Business Daily) Several promising new issues have set up in bases and might be poised for a significant advance. One is CyberArk Software (NASDAQ:CYBR), an Israeli maker of security software. The company is in a hot industry group that includes leaders such as Palo Alto Networks (NYSE:PANW) and Qualys (NASDAQ:QLYS). The group ranked No. 9 out of 197 groups in Wednesday's IBD
Dropbox Launches Bounty Program on HackerOne(Threatpost) Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program
Ionic Emerges From Stealth With Data Protection Platform(eWeek) Ionic Security's platform is designed to protect data with encryption that is easy to deploy and maintain. Officially exiting from stealth mode, Ionic Security is now publicly discussing its data protection platform — which has been in various stages of development for nearly four years. Ionic has raised $78.1 million in funding, with its most recent Series C round bringing in $40.1 million in January 2015
DBN-6300 Immediately Identifies Advanced Persistent Threats(Top Tech News) Machine learning and behavioral analysis Enables DBN-6300 to immediately identify Advanced Persistent Threats — DBN-6300 "shines a light" on the database infrastructure to reveal Advanced Persistent Threats that typically operate in stealth mode over a protracted period of time
Iran Is Raising Sophistication and Frequency of Cyberattacks, Study Says(New York Times) In February, a year after the Las Vegas Sands was hit by a devastating cyberattack that ruined many of the computers running its casino and hotel operations, the director of national intelligence, James R. Clapper Jr., publicly told Congress what seemed obvious: Iranian hackers were behind the attack
Why you have the right to obscurity(Christian Science Monitor Passcode) Federal Trade Commissioner Julie Brill says that obscurity means that personal information isn't readily available to just anyone. In our age of aggressive data collection, she says safeguarding obscurity should be a key component of consumer protections
Businesses argue against data breach bill change(The Hill) A coalition of business groups is urging House lawmakers not to drop an amendment to their data security bill that would require third-party vendors to inform affected consumers when they experience a breach
Pentagon to release cyber strategy next week(FCW) In his two months on the job, Defense Secretary Ashton Carter has made building out the Pentagon's capabilities in cyberspace a priority. That work will cross a threshold next week when the Pentagon releases a multi-year cyber strategy
Marine Corps building its first-ever cyber doctrine(Federal News Radio) The Marine Corps is drafting its first cyberspace doctrine, designed to help commanders build cyber operations into their battle plans, better defend their own networks and help integrate cyber with the more mature field of electronic warfare
Health Plan Lawsuits and Data Breach Claims: Recent Developments and Implications(JDSupra) Five class action lawsuits have been filed against Premera Blue Cross in federal court in Seattle, Washington following the recent report of a data breach that affected approximately 11 million individuals. The lawsuits make similar allegations that Premera failed to protect sensitive information from attack. One lawsuit alleged a violation of the Health Insurance Portability Accountability Act ("HIPAA")
Netizen Report: Will Tech Companies Cave to the Kremlin's Data Demands?(Slate) Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. This week's report begins in Russia, where state media outlet RBC reported last week that U.S. companies including eBay and Google had begun storing Russian user data on servers located in Russian territory
Attorney claims cops planted spying malware on drive containing evidence(Help Net Security) Police force using malware in investigation is not an unheard-of situation but, according to an affidavit filed in a whistle-blower case against the Fort Smith Police Department (Arkansas), the department tried to use backdoors and keyloggers to spy on a lawyer that represents three police officers that work or worked for the department
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
AFCEA Defensive Cyber Operations Symposium(Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...
International Symposium on Forensic Science Error Management(Washington, DC, USA, July 20 - 24, 2015) The symposium will give forensic science practitioners and researchers from around the world the opportunity to discuss best practices for identifying and reducing errors in forensic science laboratories.
NSPW (New Security Paradigms Workshop)(Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...
ASIS International(Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...
Ruxcon 2015(Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...
INTERPOL World 2015(Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...
INFILTRATE Security Conference(Miami Beach, Florida, USA, April 16 - 17, 2015) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...
IIT Cyber Forensics and Security Conference and Expo(Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...
RSA Conference 2015(San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Security Forum 2015(Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...
Australian Cyber Security Centre Conference(Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.