US Joint Staff email service, taken offline when a network intrusion was detected, was restored last week. Russian intelligence services remain the principal suspects.
American Airlines and reservation-software shop Sabre disclosed a hack at the end of last week. Investigation over the weekend suggests a Chinese intelligence operation.
Among the Hacking Team breach's leaks are documents suggesting Ecuadoran government surveillance of political opposition. ZeroFOX shares with CSO the lessons it believes one should draw from the entire Hacking Team affair, principally the centrality of social engineering to successful campaigns.
UK mobile retailer Carphone Warehouse is breached, with some 2.4 million customers affected.
Three known vulnerabilities are exploited in the wild: Firefox's pdf viewer's susceptibility to Same-Origin-Policy bypass (enabling credential theft and data exploitation — spread by malvertising), the iOS Masque bug (afflicting even non-jailbroken iOS devices — an emailed link is the typical vector), and the much-reported Android Stagefright vulnerabilities. All users are urged to patch quickly. IBM's Security Intelligence blog wonders whether issues like Thunderstrike 2 and Yosemite's possible rootkits represent the leading edge of a coming storm of Mac exploits.
Satellite television, widely used in Europe and Africa, strikes observers as fertile botnet ground.
TechCrunch is in a cyberpunk mood, offering a rundown of state cyber security services ("the thin black line") and pointing out the growing importance of hacktivism as a motive for cyber crime.
The EU polishes up final versions of network protection and infosec directives.
Lawfare suggests crypto wars are as much philosophical as they are technical.
Today's issue includes events affecting Brazil, China, Ecuador, European Union, Germany, India, Russia, Saudi Arabia, Singapore, South Africa, Turkey, Ukraine, United Kingdom, United States.
Reuters: Russia prime suspect in cyber attack against US military(Reuters via Kyiv Post) Russia is the leading suspect in a sophisticated cyber attack on the unclassified email network of the U.S. military's Joint Staff that prompted the Pentagon last month to restrict access to portions of that network, U.S. officials said on Aug. 6
American Airlines, Sabre Said to Be Hit in China-Tied Hacks(Bloomberg) A group of China-linked hackers that has mowed through the databanks of major American health insurers and stolen personnel records of U.S. military and intelligence agencies has struck at the heart of the nation's air-travel system, say people familiar with investigations of the attacks
Apple iOS Masque bug under active exploit(IT News) Hackers have discovered a way of attacking non-jailbroken iOS devices through the previously disclosed Masque attack, allowing the installation of malware using compromised versions of popular apps
New Mac Security Threats: The Perfect Storm?(IBM Security Intelligence) It's common wisdom: Mac security is inherently superior to that of Windows and other PC operating systems. Many users credited Apple's tightly controlled application and development environment for this improved protection, but in recent years security researchers have suggested a storm of malicious attacks may be on the horizon. Now, a pair of Mac security threats — Thunderstrike 2 and a new zero-day privilege exploit — have darkened user skies. Is this the end of Apple's vaunted security superiority?
Attackers could take over Android devices by exploiting built-in remote support apps(Tulane Hullaballoo) We're all impatiently waiting to know what the Nexus duo this year will be all about. Thankfully hot devices are prone to gossip, in the form of alleged specs, to keep our anticipation at bay. Today, GizmoChina may have given us a clearer picture of both the LG and Huawei Nexus, depending on how much salt you like to take with your rumors
Millions of Satellite Receivers are Low-Hanging Fruit for Botnets(Hackaday) Satellite television is prevalent in Europe and Northern Africa. This is delivered through a Set Top Box (STB) which uses a card reader to decode the scrambled satellite signals. You need to buy a card if you want to watch. But you know how people like to get something for nothing. This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets
Google profits from YouTube RAT infestation, says consumer group(Naked Security) YouTube has thousands of videos that offer tutorials on how to use remote access Trojans (RATs) and how to spread them to other devices, as well as examples of RATs that have been used to take over "slave" webcams that display victims' faces and IP addresses, an online consumer protection group says
The Latest Trends in the Russian Underground — H1 2015 Summary(SenseCy) It is summer in Russia, and the time of the year when people head to the seaside on vacation for a couple of weeks' break. The decline in activity can be clearly seen on the Russian-speaking forums and marketplaces dealing with cybercrime. Apparently, cybercriminals also take a rest from their online activities, just as they would from a regular full-time job. For us, it is the best time to perform a deep analysis of the main trends in the Russian underground boards during the first half of 2015. When preparing the insights from this analysis, our goal was to identify the main scope of interest on closed, Russian-speaking forums these days, as well as to pinpoint the shifts that have occurred in the last six months
Security Patches, Mitigations, and Software Updates
Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025(US-CERT) US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025 (link is external). Systems may still be vulnerable to exploitation if administrators have not cleared all previously stored passwords from their environment. An attacker may decrypt these passwords and use them to gain escalated privileges. US-CERT strongly recommends that administrators employ the PowerShell script provided in Microsoft Knowledge Base Article 2962486 (link is external) and follow the included instructions for clearing all "CPassword" preferences from their environment
Stagefright: Will mobile makers now release monthly security updates?(IT Pro Portal) Stagefright took the Android world rather by surprise. As well as catching the industry with it pants down, it highlights a problem of mobile security: it's just not taken seriously enough. In response to the Stagefright vulnerability, both Samsung and Google announced new monthly security update cycles
Hacking For Cause: Today's Growing Cyber Security Trend(TechCrunch) What do the following data-breach headlines from the past year have in common? The Sony Pictures hack: Everything we know so far; Anonymous hackers release emails ordering bear cubs be killed; Hackers threaten to release names from adultery website; How Latest Snowden Leak Is Headache for White House; How DID hackers steal celebrities' private iCloud photos? Connecting the dots yet? If not, here are a two more headlines to tip you off: Hackers Remotely Kill a Jeep on the Highway — With Me in It and Hacktivists taking aim at Dallas-Fort Worth police departments
The Thin Black-Clad Line(TechCrunch) We live in a cyberpunk novel. Every major nation-state clandestinely develops (and/or purchases) carefully targeted malware, and constantly probes — or penetrates — other nations' defenses while desperately evaluating their offensive capabilities. Criminal undergrounds ransom ordinary users' computers for bitcoin. Fortune 500 companies are breached almost monthly
The Pwnie Awards — 2015 Edition(Lumension Blog) On August 5th Black Hat participants gathered at the Mandalay Bay for the 2015 annual presentation of The Pwnie Awards. The Pwnie Awards began in 2007 and have honored the most magnificent achievements and failures of the information security industry ever since. The winners aren't [yet] posted on the official pwnies website. There has been some media coverage of a few of them, but I haven't yet seen a single comprehensive list of winners — so here it is. Get patching!
Vulnerabilities in 2015: 0-days, Android vs iOS, OpenSSL(Help Net Security) Secunia has taken an early peek at the trend in vulnerabilities for 2015, and has presented the results at Black Hat USA 2015. Seven months into the year, the number of detected zero-day vulnerabilities has risen substantially compared to 2014, while the total number of vulnerabilities is largely the same as this time last year
Disrupting trust models: An evolution in the financial services sector(Help Net Security) The way we interact with service providers — whether travel organisations, music suppliers or retailers — has changed to be almost unrecognisable from five years' ago. From Uber to Spotify to Airbnb, digital disruptors have shaken up the status quo, breaking traditional business models to respond to a consumer that is online, globally connected, and mobile. The heavily regulated financial services sector, under intense scrutiny following the 2008 crisis remained immune to this disruption for longer than other industries. However, new entrants are now driving innovation in this sector, forcing banks to keep pace with an extraordinary pace of change
CFOs See Cyber and Malicious Attacks as Major Threats, Lack Preparedness(Wall Street Journal) Concerns about cyberattacks and other malicious attacks, including terrorism and tampering, are broad-based among CFOs, according to Deloitte's second-quarter 2015 CFO Signals™ survey, with about 25% of CFOs claiming they are insufficiently prepared for each. The survey tracks the thinking and actions of CFOs representing many of North America's largest and most influential companies
The evolution of cybercrime: From Julius Caesar and Prince Philip to state-sponsored malware(International Business Times) If you hold valuable information, there will always be criminals looking to steal it to exploit it for financial gain or competitive advantage. And Cybercrime itself is often misunderstood, with many believing it to mean the theft or fraudulent activity of financial data. However, cybercrime encompasses any information of value to an individual that a criminal can exploit for their own financial gain. Therefore, this can be customer data, intellectual property or personally identifiable information as well as financial data
What Every Company's Board Must Know About Cybersecurity(JDSupra) In recent years, data breaches at some of the world's largest corporations have made news. But smaller companies are just as vulnerable, and must take steps to protect their data. In addition, businesses that serve as vendors to other businesses face increased scrutiny of their cyber preparations. The board of directors plays a critical role in this effort, as Jo Cicchetti, Chair of the Carlton Fields Jorden Burt Data Privacy and Cybersecurity Task Force, explained during a recent conversation
Smoke and Mirrors: Cyber Security Insurance(SecurityWeek) Data breaches have become a daily occurrence. However, their cost to organizations goes far beyond reputational damage in the media. Boards and businesses are subject to regulatory mandates that carry fines and capital holds, and increasingly face litigation from class-action suits. Cyber security insurance has emerged as a stop-gap to protect stakeholders from the shortcomings of siloed risk management processes. However, insurance policies are not a replacement for improving a company's cyber security posture. So what do you need to know when it comes to the effectiveness of cyber security insurance?
Want To Secure Long-Term Profits? Buy CyberArk Ahead Of Earnings(Seeking Alpha) CyberArk's proprietary solutions — which are in high demand — have tons of money-making potential. There are no signs of slowing down, given how quickly the average analysts fiscal year 2015 revenue estimate has climbed. CYBR stock should be owned, especially given how hot security stocks have become
Fortinet hits security market milestone(Channellife) Fortinet has shipped more security appliances each year than any other vendor since 2013, and has the largest market share of combined appliance shipments since 2012
Products, Services, and Solutions
NSS Labs Announces Results From Breach Detection Systems Test(NSS Labs) NSS Labs, Inc., the world's leading security research, testing, and advisory company, today released the results from its Breach Detection Systems (BDS) group test which evaluated eight of the leading BDS vendors — Blue Coat, Check Point, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro — for security effectiveness, performance, and total cost of ownership
Worried about Stagefright? Here's what you can do for now(Android Authority) Android vulnerabilities have been surfacing regularly over the past couple of years. They stir up talk — usually some rather alarmist posts by security companies and a flurry of comments on various tech blogs. But then something interesting happens — the scares just fade away, replaced by other alerts, to the point that worrying about (in)security has become the norm in the Android ecosystem
Riskware: What's the Risk?(BreachAlarm Blog) Malware comes in many different flavours — none of which you're going to want on your machine
To Thwart Attackers, Measure What Matters(SecurityWeek) For years the security industry has been focused on measuring the percentage of blocked attacks as a means to demonstrate security effectiveness. And that still holds true. The more threats we block, the fewer we have to deal with inside the network. We must continue to innovate and work diligently to get that number as close to 100 percent as possible. But that's the catch
Getting BYOD right(Help Net Security) According to a survey conducted by Kaspersky Lab in conjunction with B2B International, around half of the consumers surveyed also use their devices for work. However, only one in 10 is seriously concerned about keeping work information safe should cybercriminals gain access to their device
Security: The Best in Practice(Dark Matters) If we are charged with designing, architecting, implementing, deploying, integrating, training and supporting security technology, processes and policies within our organization, we might discover that this work is really an art more than a science
Theat Intelligence: Collecting, Analyzing, Evaluating(MWR Infosecurity) Threat intelligence is rapidly becoming an ever-higher business priority. There is a general awareness of the need to 'do' threat intelligence, and vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products
Here's how Tesla will win the coming hacking wars in the auto industry(Business Insider) Hacking has suddenly become a big concern in the car business. Hackers showed a Wired reporter how they could remotely take control of a Jeep, and now another hacker has revealed how to gain access to a Tesla Model S. Hackers have revealed a vulnerability in General Motors' OnStar system. Where will it end?
The Ongoing Frustration of Vulnerability Management(Tenable) Working at an unnamed large bank and as faculty at IANS, Alex Hutton (@alexhutton) admits his biggest challenge with vulnerability management is the removal of false positives, and getting the business to act on the vulnerabilities they're responsible for
Research and Development
Research Spotlight: Detecting Algorithmically Generated Domains(Cisco Blogs) Once a piece of malware has been successfully installed on a vulnerable system one of the first orders of business is for the malware to reach out to the remote command-and-control (C&C) servers in order to receive further instructions, updates and/or to exfiltrate valuable user data. If the rendezvous points with the C&C servers are hardcoded in the malware the communication can be effectively cut off by blacklisting, which limits the malware's further operation and the extent of their damage
Cyber Ed: How higher education is re-evaluating a growing threat(PRI) On college campuses across the country, a growing challenge is cyber security. That's because colleges and universities tend to have open networks containing lots of information, making them vulnerable targets. Despite repeated warnings, colleges aren't adapting quickly enough to today's threats
Time for a comprehensive cyber security strategy(Times of India) Issuing gun licences and training IT employees may not be enough to tackle cyber war; the need of the hour is preparing a comprehensive cyber strategy to encounter the new-age global war
Congress's Cybersecurity Plan Has Some Major Flaws(Think Progress) After being flooded with millions of faxes and phone calls, the U.S. Senate postponed voting on the controversial cybersecurity bill that privacy advocates warn could be a backdoor to more government surveillance
Consumers need a new legal right to control personal data(Los Angeles Times) Most American Internet users grasp this Silicon Valley truism: "If you're not paying, you're the product." We gain "free" services and conveniences by yielding our personal information, which in turn is sold or traded to all sorts of interested parties. Those parties exploit this information to determine what products to pitch us, on what terms. Consumers may find the results attractive, especially if they don't know what they're being denied based on their data. But for privacy advocates, trading free services for unconstrained and uncompensated use of personal information is a nightmare
OPM breach a shadow over Homeland Security's appeals to security pros(Christian Science Monitor Passcode) The Deputy Homeland Security Secretary urged attendees of the Black Hat conference not to let the massive government breach foil plans for improving information sharing about cybersecurity threats between the private sector and the government
Black Hat 2015: DHS deputy says 'just trust us'(ChannelWorld) The deputy head of the Department of Homeland Security implored a group of skeptical security pros at Black Hat 2015 to share information about security incidents and to trust the government to keep it safe
Tech Firm Ubiquitie Suffers $46M Cyberheist(KrebsOnSecurity) Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers
Hacker Kingpin Extradited to the United States, in Plea Talks with Authorities(Tripwire: the State of Security) Back in December of 2014, The State of Security first reported on the story of Ercan "Segate" Findikoglu, a 33-year-old Turkish man who is accused of having stolen over $60 million as part of a number of card heists in the United States. At the time of our reporting, Germany had denied Findikoglu's extradition to the United States based upon different laws governing jail time for hackers. The accused has since been extradited to the United States and is currently in plea talks with federal authorities for the crimes he committed
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
SINET Showcase 2015: "Highlighting and Advancing Innovation"(Washington, DC, USA, November 3 - 4, 2015) SINET Showcase provides a platform to identify and highlight "best-of-class" security companies that are addressing industry and government's most pressing needs and requirements. The chosen SINET 16 Innovators...
3rd Annual Psyber Behavioral Analysis Symposium(Fort Meade, Maryland, USA, August 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium...
USENIX Security(Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...
5th Annual Cyber Security Training & Technology Forum (CSTTF)(Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...
Decepticon 2015(Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...
AFCEA OKC Technology & Cyber Security Day(Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...
Power Grid Cyber Security Exchange 2015(San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...
2015 HTCIA International Conference & Training Expo(Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015(Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.