Researchers describe why they think China's behind the attack on Australia's BoM, and why Chinese criminals appear to be targeting journalists.
More on the drive-by ransomware infections Heimdal reported early this week — Ars Technica notes that the campaign first installs "Pony," then a "cocktail" of malware that harvests credentials before encrypting files.
"Chimera" is another entry into the ransomware field. Observers see it as a disturbing bellwether of the growing market for ransomware-as-a-service.
Ransomware's not the only badness on offer in the black market. InfoArmor reports finding some new point-of-sale malware, "Pro POS," actively being hawked to criminals.
We've seen Conficker return. Fox-IT reports the reemergence of another old standby, the Ponmocup botnet.
Trend Micro warns that many high-profile mobile apps remain susceptible to vulnerabilities actually fixed as far back as 2012.
Researchers associated with SCADA Strange Love find vulnerabilities in widely used 3G and 4G cellular USB modems and routers.
In some good news, another old-timer is sinkholed. CERT-Polska, with big assists from ESET and Microsoft, takes down the Dorkbot botnet. (US and Canadian law enforcement also provided support.)
Toymaker Vtech hires Mandiant to sort out its security issues. Mattel deals with its own problem: Bluebox Security describes IoT security tangles in "Hello Barbie."
OpenSSL and Blackberry issue patches.
ZeroFOX attracts venture capital.
CyberPoint earns a patent for "Similarity Search and Malware Prioritization."
The insurance sector prepares for a bigger role in setting cyber standards of care.
Investigation of San Bernardino shootings suggests online, jihadist, inspiration of the shooters.
Today's issue includes events affecting Australia, Belgium, Canada, China, Iraq, Poland, Syria, United Arab Emirates, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
How we trace the hackers behind a cyber attack(Conversation) The fingerprints might indicate China, but that's not so easy to prove. The Chinese military has been imputed for the recent cyber attack on the Australian Bureau of Meteorology (BOM)
Ponmocup Botnet Still Actively Used for Financial Gain(SecurityWeek) Fox-IT, the security firm recently acquired by NCC Group for $142 million, has published a report on Ponmocup, a sophisticated botnet that has been used over the past years by cybercriminals for financial gain
Hello Barbie Fails Another Security Test(Security Ledger) In-brief: The security firm Bluebox says the mobile applications used with Hello Barbie contain security flaws that could lead to the theft of passwords and other information
UK pubs group JD Wetherspoon hit by cyber attack(Reuters) British pub chain JD Wetherspoon has been hit by a cyber attack which leaked the names, email addresses and birthdates of 650,000 customers as well as some of the credit and debit card details for 100 buyers of its gift vouchers, it said on Friday
Security Patches, Mitigations, and Software Updates
OpenSSL Security Advisory(OpenSSL (h/t US-CERT)) We anticipate that 1.0.0t and 0.9.8zh will be the last releases for the 0.9.8 and 1.0.0 versions and that no more security fixes will be provided (as per previous announcements). Users are advised to upgrade to later versions
Verint adjusts strategy as shares tumble on revenue shortfall(Reuters) Shares in Israeli-American analytics firm Verint Systems Inc tumbled 13 percent on Thursday after the company posted third-quarter earnings that fell short of expectations, blaming delays in customer orders and a downturn in emerging markets
BLACKOPS Partners Corporation Releases SPECTRE®(PRWeb) BLACKOPS Partners Corporation releases SPECTRE®, the breakthrough transformational system for organizations to win against information and industrial warfare in direct response to today's hyper-threat marketplace
The Moral Dimension of Cryptography(Schneier on Security) Phil Rogaway has written an excellent paper titled "The Moral Character of Cryptography Work." In it, he exhorts cryptographers to consider the morality of their research, and to build systems that enhance privacy rather than diminish it
Research and Development
Patent Issued for Similarity Search and Malware Prioritization (USPTO 9197665)(Equities.com) News editors obtained the following quote from the background information supplied by the inventors: "Malware, or malicious software, may refer to software that is used to disrupt computer systems and networks. Malware may be analyzed to study and detect threats of malware. However, existing malware analysis services suffer from several deficiencies. For instance, malware analysis services may not be able to keep pace with the rapidly evolving nature of malicious software. Therefore a faster and more efficient method is needed to process files to detect malware. In addition, because numerous malware are generated on a daily basis, a method to prioritize malware samples for analysis is also needed"
Final cyber bill language could be ready around the new year(The Hill) Lawmakers seeking to reach a compromise between the House and Senate on a major cybersecurity bill are edging closer to a deal — but may not be able to complete it until next year, according to several people with knowledge of the negotiations
Encryption backdoors will make us all more vulnerable(Network World via CSO) In the aftermath of the Paris attacks, one of the memes being perpetuated by "security professionals" is that the terrorists used encrypted communications, enabling them to plan and coordinate their activities without raising suspicion among the intelligence community
DHS Expanding Enhanced Cybersecurity Services Program(Homeland Security Today) The Department of Homeland Security's (DHS) Enhanced Cybersecurity Services (ECS) — a voluntary program that shares indicators of malicious cyber activity between and participating Commercial Service Providers (CSPs) and Operational Implementers (OIs) — has concluded a Privacy Impact Assessment (PIA) Update to reflect ECS' support by Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the expansion of service beyond Critical Infrastructure sectors to all US-based public and private entities, and to introduce the new Netflow Analysis service
Air Force reorganizing to integrate cyber(C4ISR & Networks) The Air Force is making some big changes to its internal mission and personnel structures in order to better protect assets and interests from cyber threats, according to top Air Force officials
Persistent Hacking — Is GCHQ going too far?(Check & Secure) The NSA-Snowden scandal in 2013 really blew the world of cyber espionage apart, with people first starting to throw doubt onto the role of their government and ponder just what was right and what was wrong in the world of online surveillance. Meanwhile, slightly less conspicuously, a more British variant of cyber spying was gathering speed. Four letters: GCHQ
F.B.I. Treats San Bernardino Attack as Possible Terrorism Case(New York Times) The couple who the police say killed 14 people and left 21 wounded here had stockpiled thousands of rounds of ammunition and a dozen homemade pipe bombs in their home, officials said Thursday, a sign that they might have been planning further attacks
ISIS in America: From Retweets to Raqqa(The George Washington University Program on Extremism) While not as large as in many other Western countries, ISIS-related mobilization in the United States has been unprecedented
Alert (TA15-337A) Dorkbot(US-CERT) Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims' computers
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
SANS 2016(Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21
SANS Atlanta 2016(Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...
SANS Security West 2016(San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect
SANS ICS Security Summit & Training — Houston 2016(Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...
Program on Cyber Security Studies (PCSS)(Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...
2015 Cyber Security Exchange(Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns,...
Disrupt London 2015(London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt?...
Passwords 2015(University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.
ACSAC (Annual Computer Security Applications Conference)(Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security...
Cyber Risk Wednesday: 2016 Threat Landscape(Washington, DC, USA, December 9, 2015) To discuss how 2016 will likely challenge today's security thinking and what we can learn from the past year's developments and these trends, please join the Atlantic Council's Cyber Statecraft Initiative...
NSA RCTCON(Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
cyberSecure(New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.