Notes on Chinese intelligence surveillance of US "senior trade and security officials'" personal email accounts. The campaign is being called "Dancing Panda," and has been in progress since 2010 (and known to US security agencies for some time).
Android security sustains another unpleasant wave of vulnerability discoveries, beyond Stagefright. IBM describes a serialization vulnerability that gives unprivileged applications "super" privileges, and also exposes several third-party software development kits designed to give attackers control over apps. G Data reports that Android malware instances observed in the wild have soared to record levels.
Researchers demonstrate a mobile point-of-sale exploit: Square is said to be vulnerable.
The Darkhotel cyber espionage group is said to have sharpened its game with the help of leaked Hacking Team exploits.
Seculert reports botnet-for-hire DGA.Changer, used mainly in clickfraud scams, has deployed a way of escaping sandboxes by, essentially, depositing a dummy version of itself, then quietly departing.
Recorded Future, while a conceptual fan of blacklisting malicious sites, looks at traditional blacklists and finds them wanting: hidden link analysis suggests that some 92% of suspect sites actually escape most blacklisting.
More automotive hacks are demonstrated, included a wireless hack of keyless entry and a way of tampering with a Corvette's brakes.
Scarcity of cyber talent remains the sector's principal concern: artificial intelligence offers at best a partial amelioration.
Symantec sells Veritas to Carlyle for $8 billion.
US Cyber Command prepares a $460 million IDIQ RFP.
MobileIron faces a shareholder class action suit alleging failure to disclose a breach.
Today's issue includes events affecting Australia, Bangladesh, Cameroon, China, Germany, India, Israel, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Mexico, Mozambique, Russia, Saudi Arabia, Thailand, Turkey, United Kingdom, United States.
One Class to Rule Them All: New Android Serialization Vulnerability Gives Underprivileged Apps Super Status(IBM Security Intelligence) Over 55 percent of Android phones are at risk of a high-severity serialization vulnerability that IBM's X-Force Application Security Research Team found in the Android platform. In a nutshell, advanced attackers could exploit this arbitrary code execution vulnerability to give a malicious app with no privileges the ability to become a "super app" and help the cybercriminals own the device. In addition to this Android serialization vulnerability, the team also found several vulnerable third-party Android software development kits (SDKs), which can help attackers own apps
Over 55% of all Androids at risk of high severity vulnerability( Graham Cluley) We've only just got over the news of the Stagefright vulnerability, that allows attackers to infect Android devices with just a maliciously-crafted MMS message and the shocking (and welcome) news that Google and other leading manufacturers will be releasing regular security updates for millions of smartphones from now on
HTC phone stores fingerprints in easily accessible plaintext(Help Net Security) Pressing a finger on your mobile phone's fingerprint scanner has to be the easiest, most seamless way to unlock the device, and this is why more and more manufacturers equip their mobile products with it. In fact, it is predicted that by 2019, 50% of all shipped smartphone will have a fingerprint sensor
Researchers Unveil Square Reader Mobile POS Hacks(Threatpost) It wasn't long ago when hacking a point-of-sale system meant deploying a RAM scraper at a retailer, sitting back and watching the credit card numbers roll in. Now that POS has gone mobile with vendors such as Square, Intuit, Revel and others using hardware fobs connected to smartphones and tablets to process credit card transactions, hackers are sure to follow the money trail there
"Darkhotel" Cyberespionage Group Boosts Attacks with Exploit Leaked from Hacking Team(PRNewswire) Following the public leak of files belonging to Hacking Team — the company known for selling "legal spyware" to some governments and law enforcement agencies — a number of cyberespionage groups have started using, for their own malicious purposes, the tools Hacking Team provided to its customers to carry out attacks. This includes several exploits targeting Adobe Flash Player and Windows OS. At least one of these has been recruited recently by the powerful cyberespionage actor, "Darkhotel"
Darkhotel's attacks in 2015(SecureList) Darkhotel APT attacks dated 2014 and earlier are characterized by the misuse of stolen certificates, the deployment of .hta files with multiple techniques, and the use of unusual methods like the infiltration of hotel Wi-Fi to place backdoors in targets' systems. In 2015, many of these techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team
Do You Want To Build A Snowman?(Duo Security) In case you haven't already heard the news, Google and Adobe just killed a popular information leak technique in the most recent version of Flash (v22.214.171.124). Mozilla went so far as to block Flash entirely. This was hot on the tails of two previously unknown, unpatched (0day) vulnerabilities in Flash, which were publicly disclosed as part of the enormous reams of information stolen from Hacking Team
.COM.COM Used For Malicious Typo Squatting(Internet Storm Center) Today, our reader Jeff noted how domains ending in ".com.com" are being redirected to what looks like malicious content. Back in 2013, A blog by Whitehat Security pointed out that the famous "com.com" domain name was sold by CNET to known typo squatter dsparking.com . Apparently, dsparking.com paid $1.5 million for this particular domain. Currently, the whois information uses privacy protect, and DNS for the domain is hosted by Amazon's cloud
Hidden Link Analysis Reveals 92% of Suspicious IPs Not Blacklisted(Recorded Future) Blacklists are a useful and common tool for enterprises actively looking to keep suspicious IP addresses and URLs off their network and away from their infrastructure. Traditional blacklists are populated with information from intelligence feeds, intrusion detection systems, honeypots, and log files. But we at Recorded Future posit that traditional blacklists can be bettered by incorporating threat intelligence from deep and dark Web sources
Health Data Breaches From Theft, Improper Disposal(HealthITSecurity) As often discussed on this site, health data breaches can stem from numerous areas. Covered entities and their business associates need to ensure they have a comprehensive data security plan, and are able to implement the necessary physical, administrative, and technical safeguards. However, accidents still happen, which is what two facilities are currently experiencing
Facebook users: Make sure your mobile phone number is private(Graham Cluley) If you've got a Facebook account, chances are that you have told them an awful lot of information about yourself: your name, your location, your email address, your network of friends, your photos, your likes and dislikes… the list goes on
No one is safe: This tiny $30 device can break into your car and home(BGR) Not everyone wants to accept this simple truth, but that doesn't make it any less real: hackers outpace security advancements. When it comes to both online security and real-world security, hackers have already devised 10 new tools by the time security researchers come up with an effective way to block one old tool. As a result, no one is ever truly safe — and a new device recently shown off by a well-known security researcher is yet another example of just how vulnerable we really are
Hackers Cut a Corvette's Brakes Via a Common Car Gadget(Wired) Car hacking demos like last month's over-the-internet hijacking of a Jeep have shown it's possible for digital attackers to cross the gap between a car's cellular-connected infotainment system and its steering and brakes. But a new piece of research suggests there may be an even easier way for hackers to wirelessly access those critical driving functions: Through an entire industry of potentially insecure, internet-enabled gadgets plugged directly into cars' most sensitive guts
Connected cars not hacking it on all security fronts(Business Day) The morning after Laura Capehorn parked her Saab 9-3 estate, all she could find of it was a car-shaped hole in the snow. The interior designer had left the vehicle outside a house in London one evening last January
Cyber-physical attacks: Hacking a chemical plant(Network World) Def Con 23 included a talk about 'hacking chemical plants for competition and extortion.' Researchers released their Damn Vulnerable Chemical Process framework; using it, you can hack a chemical plant (simulation model) like an attacker and learn to spot cyber-physical attacks like a defender
Security Patches, Mitigations, and Software Updates
Black Hat 2015 — 5 security vulnerabilities that have researchers worried(TechWorld) Abstruse, sometimes informative and occasionally sensational, the Black Hat show's security presentations don't always describe the attacks that are happening today so much as what might be coming down the pike. In that sense, it's a sort of early warning system — as long as you can separate the far-fetched theoretical hacks and attacks from the ones that might actually come to pass
Smart Machines Still Need Smart People(Wall Street Journal) Smart machines are now capable of replicating many human capabilities. In a Deloitte Twitter chat, experts weighed in on the enterprise implications
Don't Ignore Dark Web Dangers(eSecurity Planet) Many businesses do not think they need to worry about the Dark Web, says tech analyst Stephen George. But they are wrong
At Black Hat, Hottest Cyber Product Didn't Have a Booth(Council on Foreign Relations) Ah, Vegas in August. 100-degree heat, pool parties, and thousands upon thousands of hackers. Every summer the cybersecurity world takes over Sin City for a week. Black Hat, growing ever more corporate and responsible, is paid for on expense accounts. DEF CON? Well DEF CON is paid with cash at the door
Use Security as a Deal Maker(The VAR Guy) Every solution provider now needs to be able to address security issues just to land the deal — a change from IT security being the realm of a few specialists. In effect, every solution provider now needs to be an IT security solution provider
Mapping Israel's Cyber-Security Startups(TechCrunch) As Orson Welles put it in The Third Man, "In Italy, they had warfare, terror, murder, and bloodshed, but they produced Michelangelo, Leonardo da Vinci, and the Renaissance"
Symantec Corporation (SYMC — $22.91*) The Veritas Nightmare Finally Over-Sells for $8 Billion to Carlyle(FBR Capital) This morning, August 11, Symantec, in conjunction with reporting June results, officially announced the sale of its information management segment Veritas to Carlyle Group for $8 billion and roughly $6.3 billion in cash proceeds. While this potential transaction has been discussed in recent media reports, today's news should come as a relief to investors as Symantec finally unloads this "decade of agita" since the Veritas acquisition was done and now can laser-focus efforts on beefing up its legacy security platform through aggressive M&A with cash from this transaction
The KEYW Holding Corporation (KEYW — $7.11*) Company Update(FBR Capital) Last night, August 10, KEYW delivered generally in-line June results that showed a decent rebound from a soft 1Q. While we were pleased to see stabilization at the government segment, the Street will be disappointed as KEYW's all-important commercial cyber solutions revenue came in at $2.5M, below the Street's $4.2M estimate as the company continues to struggle with converting pipeline into deal
flow on this front
A New Company Called Alphabet Now Owns Google(Wired) Google has reorganized itself into multiple companies, separating its core Internet business from several of its most ambitious projects while continuing to run all of these operations under a new umbrella company called Alphabet
Tesla Looking to Recruit Hackers to Strengthen its Cars Against Cyber-Attacks(iDigital Times) During the annual Def Con event this past Saturday in Las Vegas, carmaker Tesla recruited hackers in the event in an effort to protect its vehicles from possible cyber-attacks. This news comes after the exposure of how vulnerable to hacking automobiles from Fiat Chrysler and GM are, and its lack of cybersecurity knowhow
Cybersecurity in Hospitals: Protecting Electronic Patient Devices from the Risk of Hacking(MD News) Almost every day there are reports of hackers breaching security protocols in banks, major chain stores and government offices to steal private, personal information. While these stories generally focus on the risk to one's credit score and the prevalence of identity theft, little attention has been paid to the threats to electronic medical devices with wireless capabilities
Pinpointing Your Security Risks(IT Security) Vulnerability scanning got its start as a tool for the bad guys; now it's helping companies find exposed network ports and at-risk applications
Quantum Computing — Tiny Particles, Big Problems(Team Cymru) Quantum computing — sounds like something ripped straight out of a Star Trek episode doesn't it? One can just hear Scotty on the Enterprise, "Cap't, the Quantum Computer has gone offline, I canna' make the calculations!"
DHS cyber center gets new leadership(Federal Times) The National Cybersecurity and Communications Integration Center — Homeland Security's main processing center for threat information sharing and response — got new leadership Monday
Litigation, Investigation, and Law Enforcement
OPM officials hindering scrutiny of hacked computer systems, watchdog says(Washington Post) The Office of Personnel Management's inspector general has accused the agency's information technology office of trying to thwart scrutiny of how well OPM protected the security clearance and federal employee personnel files that were hacked and how well it responded to those breaches
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
ACFCS 2015 Cyber Financial Crime Summit(Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the...
3rd Annual Psyber Behavioral Analysis Symposium(Fort Meade, Maryland, USA, August 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium...
USENIX Security(Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...
5th Annual Cyber Security Training & Technology Forum (CSTTF)(Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...
Decepticon 2015(Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...
AFCEA OKC Technology & Cyber Security Day(Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...
Power Grid Cyber Security Exchange 2015(San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...
2015 HTCIA International Conference & Training Expo(Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015(Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.