Recent intrusions into the Joint Staff's networks, US officials think, were the work of Russian actors.
In other news of Russian espionage operations, few will be surprised to learn that (alleged) cyber mob boss "Slavik" Bogachev (allegedly) made his services available to the Russian organs. Bogachev, (alleged) kingpin of GameoverZEUS capers, is thought to have facilitated collection against Georgia, Turkey, and Ukraine.
Researchers disclose several new vulnerabilities. Check Point discovers an exploitable "Certifi-Gate" bug in Android devices manufactured by LG, Samsung, HTC and ZTE. Context Information Security shows how malicious insiders can exploit Windows Server Update Services. Battelle shows how design flaws in x86 processor architecture render devices vulnerable to firmware rootkits. Ben-Gurion University describes GSMem malware's threat to some air-gapped devices.
FireEye reiterates warnings that even non-jailbroken iOS devices are vulnerable to exploits that escaped into the wild after the Hacking Team breach. Other FireEye researchers show how Android users could have their fingerprints (the prints, of course, not the actual whorls on their actual fingers) stolen without noticing.
Symantec looks at the Internet-of-things and glumly sees it as the next big field for ransomware. (TrendLabs finds ransoms rising and deadlines closely enforced.)
OPM get the Pwnie at Black Hat amid growing realization that effects of its breach are probably worse than suspected.
Tesla Motors gets good reviews for swift patching.
Sounding like Jack Daniel (the whiskey manufacturer, not the security guru) circa 1919, many Black Hat symposiasts see (now pulled) Wassenaar implementation as a harbinger of cyber prohibition.
Today's issue includes events affecting Australia, China, Georgia, Germany, Russia, Turkey, Ukraine, United States.
Cyber Attacks, Threats, and Vulnerabilities
U.S. suspects Russia in hack of Pentagon computer network(Washington Post) U.S. military officials said Thursday that they suspect Russian hackers infiltrated an unclassified Pentagon e-mail system used by employees of the Joint Chiefs of Staff, the latest in a series of state-sponsored attacks on sensitive U.S. government computer networks
Crypto-Ransomware Attacks: The New Form of Kidnapping(Trend Micro: Simply Security) The evolution of crime continues to push itself into the cyber world. Physical criminal operations are now learning to walk again as our generation continues to get its feet wet in the digital age. The low risk, high reward incentive involved with cybercrime opens the flood gates for criminal pioneers to evolve their financially motivated heists. In this blog I will discuss the evolution of ransomware, which is essentially just kidnapping information and extorting money from the vulnerable, technology-dependent citizens of society
Price Hikes and Deadlines: Updates in the World of Ransomware(TrendLabs Security Intelligence Blog) During the first quarter of 2015, we saw how ransomware variants have evolved to do more than just encrypt valuable system files. CryptoFortress targeted files in shared network drives while TeslaCrypt targeted gamers and mod users. Now we are seeing another feature rapidly gaining ground in the world of ransomware: the ability to increase the ransom price on a deadline
Why Cyber-Physical Hackers Have It Harder Than You(Dark Reading) Before you pout about having to learn a new infosec application, remember you don't need to also know physics, chemistry, engineering and how to make a pipeline explosion look like an accident
US Government OPM Cyber Breach Much Worse Than Reported(CloudTweaks) The much publicized breach at the US government Office of Personnel Management (OPM) in May this year was much more serious than initially reported, in terms of the number of people affected, the quality of information breached, as well as the probable cost to American taxpayers
OPM Wins Pwnie for Most Epic Fail at Black Hat Awards Show(eWeek) The annual Pwnie Awards at the Black Hat USA conference here celebrate the best security vulnerabilities found by researchers and also ridicule the worst security responses. The Pwnies are a somewhat satirical event that doesn't take itself all that seriously, but it does represent a snapshot of the year that was in security
Are These Airline Hacks Related?(IBM Security Intelligence) Organizations are beginning to change the way they handle the revelation that their IT systems have been attacked. In a rare public admission, LOT, the Polish national airline, readily admitted on June 21, 2015, that 20 flight cancellations and delays were the direct result of an IT attack. Initially, the airline released a statement that the flight problems were caused by an IT systems failure. However, shortly thereafter, it issued a second press release that stated that the cancellations and delays were the direct result of hacks of the ground operations system. The hack prevented the creation of flight plans for planes scheduled to depart Warsaw Chopin Airport. The airline has not shared information on the full nature of the attack
Security Patches, Mitigations, and Software Updates
Tesla Patches Faster than Chrysler … and than Android (Emptywheel) Wired's hack-of-the-day story reports that researchers hacked a Tesla (unlike the Chrysler hack, it required access to the vehicle once, though the Tesla also has a browser vulnerability that might not require direct access)
Shadow IT: It's Much Worse Than You Think(InformationWeek) The number of unauthorized cloud apps being used in the enterprise is 15 to 20 times higher than CIOs predicted, according to a Cisco report. What's a CIO to do?
Cyber space: The new frontier(PropertyCasualty360) It's one of the fastest growing product lines in the commercial insurance sector — and it's frustrating as hell
Tech firms seek to beat the hackers with 'bug bounties'(Irish Examiner) Microsoft's announcement that it is doubling its reward for reporting potentially exploitable vulnerabilities in its software to $100,000 (€92,000) makes it the latest of a number of the world's top companies to offer "bug bounties"
Cyberwarrior Demand Outpaces Supply(TechNewsWorld) There aren't enough cybersoldiers to fight the good fight. Cybersecurity jobs have grown three times faster than IT jobs generally in the last five years and that growth doesn't seem to be letting up, noted Burning Glass CEO Matt Sigelman. "This is not a flash-in-the-pan phenomenon, and the level of skill required to get cyberjobs makes this a tough problem to solve"
Products, Services, and Solutions
Windows 10, Privacy 0? ESET deep dives into the privacy of Microsoft’s new OS(We Live Security) The title of this article is "Windows 10, Privacy 0: ESET deeps dives into the privacy of Microsoft's new OS" and in it I will be providing analysis of Microsoft's privacy plans for Windows 10, some of the reasoning behind those changes, and also theorize about who else besides Microsoft might be interested. But as my first blog post on We Live Security since Windows 10 was released, there are two topics I would first like to address before we dive in. The first of these is a short discussion of what Windows 10 needs to accomplish, both for Microsoft and for its customers
WhiteHat partners with Prevoty to enable self-protection for apps using RASP(FierceITSecurity) WhiteHat Security announced at the this week's BlackHat security conference that it has formed a partnership with Prevoty, under which WhiteHat's Sentinel customers will be able to combat app bugs and defects using Prevoty's application monitoring and protection product using runtime application self-protection
The Value of Intelligence to Businesses — And Bad Actors(Forbes) Steve Hunt is an executive strategist with expertise in information security, physical security, confidential information protection, critical infrastructure protection, technology, risk management and regulatory compliance
Defining the Need for Threat Intelligence, Part 1(Cyveillance Blog) Creating a security budget can be challenging for even experienced security professionals. In many cases, the practitioners who see the day-to-day value of threat intelligence — cyber threat analysts, security analysts, and others — are not the stakeholders who control the budget. In fact, a recent PricewaterhouseCoopers survey found that 49 percent of boards view cybersecurity as only an IT risk, and not an overall corporate risk
Protecting trade secrets in the era of the data breach(Lexology) The prevalence of data breaches cannot be ignored. New data breaches continue to occur one after another. In the first half of 2015 alone there were reports of large scale data breaches involving multiple companies in the healthcare industry, the United States Office of Personnel Management (OPM), the IRS, a telecommunications provider, an online console gaming provider, and a transportation company
A secure employee departure checklist(CSO) What steps should a business take when an employee is leaving the company in order to minimize threats to your data? Here's a checklist to securely see departing employees out the door
Top five security threats to data centres — and how to counter them(ITWire) Every day, attackers conspire to take down applications and steal data, leaving data centre infrastructure in the crosshairs. Storing an organisation's most valuable and most visible assets — its web, DNS, database and email servers — data centres have become the number one target of cyber criminals, hacktivists and state-sponsored attackers
Proper Data Breach Incident Response(LIFARS) We read about data breaches almost on a daily basis (think recent Hacking Team, Ashley Madison breaches), but most of us do not quite know what happens before you read about the data breach in our favorite news source. How is a breach discovered and handled? Who responds to major data breaches?
The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 4 of 6)(Privacy Compliance & Data Security) This blog post is the fourth entry of a six-part series discussing the best practices relating to cyber security. The previous post discussed the initial steps that a business should take once a cyberattack has been identified. This post will discuss further steps that a business should take after an attack
Cyberguard15 — Train, advise, assist(DVIDS) Members from the 218th Intelligence Surveillance and Reconnaissance Group (ISRG) participated in Cyber Guard 15, a three week exercise in Suffolk, Virginia. The joint exercise, co-led by U.S. Cyber Command, DHS, and the FBI, included participation from the private sector, DoD, international allies, and U.S. federal and state government entities to include National Guard elements from multiple states. Participants exercised a whole-of-nation approach to identify, defend, and protect our domestic critical infrastructure
ISU's cybersecurity education center receives national Academic Excellence award(Illinois State University) Doug Twitchell, associate professor in the School of Information Technology and director of the Center for Information Assurance and Security Education (CIASE), and Mary Elaine Califf, director of the School of Information Technology, accepted the Center of Academic Excellence award at the Colloquium for Information Systems Security Education 2015 conference. The award extends the CIASE's designation as a National Center of Academic Excellence in Cyber Defense Education through 2020
'Prohibition Era' of Security Research May Be Ahead(Threatpost) Export controls have become a dirty phrase in the security community, especially among researchers, pen testers, and others who rely on vulnerability information and exploits to do their jobs. And if the Wassenaar Arrangement rules proposed by the United States aren't modified significantly before they're implemented, dark days may lie ahead for the research community, experts say
Here's What the Chinese Media Is Saying About A U.S. Response to the OPM Hack(Council on Foreign Relations) Last Saturday, the New York Times reported that the Obama administration has decided to retaliate for the theft of millions of personnel records from the databases of the Office of Personnel Management. While administration officials are still debating what measures can be taken without risking escalation, one response reportedly being considered is breaching the Great Firewall
Senate bill seeks to boost cyber oversight(The Hill) A bipartisan pair of senators wants to boost cybersecurity oversight at federal agencies after a series of mammoth digital thefts that have rattled the government
Senate Leaders Vow September Vote on Cybersecurity Bill(Insurance Journal) The U.S. Senate will not vote on a cyber security bill until September, after lawmakers return from a four-week recess and consider the nuclear agreement with Iran, the chamber's leaders said on Wednesday
Should Software Companies Be Legally Liable For Security Breaches?(TechCrunch) It's a truism that all software has bugs and security holes. It's another that license agreements invariably make software vendors immune to liability for damage or losses caused by such flaws. But, to my surprise, Black Hat's founder and keynote speaker are arguing that software product liability, presumably mandated by governments, is inevitable. If they're right, a seismic change is on the horizon
First a Jeep gets hacked, now the class-action suit(Graham Cluley) One of the hottest security stories of the year was the (frankly terrifying) demonstration by Charlie Miller and Chris Valasek, where they remotely hijacked a Jeep being driven by a journalist at 70mph down a busy highway
Law enforcement is learning to navigate the Dark Web(Naked Security) Law enforcement agents in recent years have been crawling all over the Dark Web to track down its seediest denizens: terrorists, paedophiles, gun-runners, drug dealers, sex traffickers and other serious criminals
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Defcon 23(Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
3rd Annual Psyber Behavioral Analysis Symposium(Fort Meade, Maryland, USA, August 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium...
USENIX Security(Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...
5th Annual Cyber Security Training & Technology Forum (CSTTF)(Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...
Decepticon 2015(Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...
AFCEA OKC Technology & Cyber Security Day(Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...
Power Grid Cyber Security Exchange 2015(San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...
2015 HTCIA International Conference & Training Expo(Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015(Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.