skip navigation

More signal. Less noise.

Daily briefing.

Al Qaeda, competing hard against the Islamic State for jihadist mindshare, announces reorganization: Qaedat al-Jihad al-Electroniyya will henceforth be responsible for (as the name suggests) "electronic jihad." Yahya al-Nemr commands the unit; Mahmud al-Adnani serves as his deputy. (Hat tip to SenseCy for keeping an eye on cyberterrorism's inside baseball.)

Trend Micro finds and discloses a new Flash zero-day vulnerability — this one, like its immediate predecessors, is being exploited in the wild through malvertising. Internet Explorer and Firefox users are reported particularly at risk, and some security experts again advise doing without Flash wherever possible. Adobe is working on a patch that it expects to have out this week.

A Ponemon report says browsers have become the weak link in security, with browser-based exploits now the leading source of enterprise infections.

File-encrypting malware Critroni is being distributed as spoofed Chrome updates that "aggressively redirect" victims to multiple compromised sites.

"SaveMe," a bogus backup service that's actually a variant of SocialPath Android malware, has infested Google Play.

D-Link routers are found vulnerable to DNS hijacking.

Canadian mining firm Nautilus Minerals suffers a disturbing cyber crime: a $10M payment to a shipbuilding firm was in fact made to a spoofed site.

Another US parking service, Book2Park, is compromised, apparently by the same gang responsible for the Target hack. Stolen customer paycard data has shown up on the Rescator criminal market.

Shortages of cyber labor continue to impede efforts to improve enterprise security.

The US Presidential budget asks $1B more for cyber.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, Iraq, Netherlands, Syria, Turkey, United Kingdom, United Nations, United States.

Cyber Attacks, Threats, and Vulnerabilities

Al-Qaeda's Electronic Jihad (SenseCy Blog) Al-Qaeda (AQ) announced on its official video that they have established a new branch, Qaedat al-Jihad al-Electroniyya that will be responsible for performing electronic jihad under the command of AQ member Yahya al-Nemr. According to our research, his deputy is another AQ member, Mahmud al-Adnani

Trend Micro Researchers Discover New Adobe Zero Day Attacks (Trend Micro: Simplly Security) Over the weekend, our Trend Micro researchers have discovered a new, unpatched vulnerability affecting Adobe Flash. This new vulnerability puts all users of the current version of Adobe Flash at risk

New Adobe Flash 0-Day Used In Malvertising Campaign (Dark Reading) The latest in a series of recent Flash vulnerabilities and malvertising exploits that are hard for users to avoid

Adobe Flash zero day vulnerability exploited by hackers to infect IE and Firefox users (Graham Cluley) Adobe has warned that online criminals are attacking Internet Explorer and Firefox users via an as-yet-unpatched zero day vulnerability in Adobe Flash

Browsers Are The Window To Enterprise Infection (Dark Reading) Ponemon report says infections dominated by browser-based exploits

Browser-borne Malware Costs Top $3.2Mn (Infosecurity Magazine) Enterprise IT failure to defend against web-borne malware is a rapidly growing enterprise data security threat, new research has revealed, with more than 75% of enterprises having been infiltrated via inherently insecure browsers

File-Encrypting Malware Poses as Google Chrome Update (Softpedia) Crooks have set up a dynamic redirection mechanism

Mobile Threat Monday: SaveMe Malware Infiltrates Google Play (PC Magazine) Despite technological advancements, most of our online experience is built on trust. We trust that app stores like Google Play will weed out the baddies, and we trust security companies to keep us safe

WebRTC Found Leaking Local IP Addresses (Threatpost) A recently publicized hole in WebRTC, a protocol for web communication, is revealing the local IP addresses of users, even those who go to extra lengths to hide theirs by using a virtual private network

DNS Hijack in D-Link Routers, No Authentication Required (Threatpost) D-Link's popular DSL2740R wireless router is vulnerable to domain name system (DNS) hijacking exploits that requiring no authentication to access its administrative interface

$10m shipbuilding deposit misdirected after cyber attack (Mineweb) An investigation has been launched, Nautilus Minerals says

Raptr hacked, user info and passwords compromised (Help Net Security) Gaming social networking site Raptr is the latest victim of hackers. Dennis Fong, the company's founder and CEO, announced that they have had a break in and that user data may have been compromised

Target Hackers Hit Third Parking Service (KrebsOnSecurity) Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Book2park.com is the third online parking service since December 2014 to fall victim to this cybercriminal group

Web Robots A Growing Concern For Digital Advertisers (Investor's Business Daily) Online fraudsters use them to infiltrate computers that are forced to unleash floods of fake information requests on an unsuspecting website, eventually drowning the system and making the attacked website crash

"Exploit This": Evaluating the exploit skills of malware groups (Naked Security) Regular readers will recognise the name Gabor Szappanos, a SophosLabs expert whose expertise and research features regularly at conferences and on this site

A Single DDoS Attack Can Cost Businesses over $440,000 (LIFARS) Denial-of-Service (DoS) and Distributed-Denial-of Service (DDoS) attacks present major concerns to IT managers — mainly because of the high potential levels of damage and the simplicity of execution. DDoS attacks require very little technical knowledge, thus making them a relatively common occurrence

Cyber Security: A Real Risk for Meetings (MeetingsNet) You may not know it, but hacks and cyber attacks on meetings and events should be on the list of things that keep you up at night. Here's why

Global cyber war III? (C4ISR & Networks) In case it slipped by you, on January 31 Global Cyber War II was initiated

Security Patches, Mitigations, and Software Updates

Adobe confirms patch for newest zero-day vulnerability (CSO) Adobe says to expect a fix this week

Cyber Trends

Security outlook: Technologies and key trends (Help Net Security) Anonymous threats and lone wolf attacks, increasing fears on cyber security and concerns over immigration will generate significant debate over foreign policy and how to mitigate the security risk posed by terrorist organizations

It's going to take savvier preparation (SC Magazine) Putting aside the continuous debate on attribution of the Sony breach and, now, the discourse on possible regulatory and legislative outcomes quickly glomming onto the massive media attention this incident garnered, I think it's important to look at a few other practical takeaways from this headline-grabbing attack

Cybercrime — UNICRI study analyzed risks for the economy and enterprises (Security Affairs) UNICRI published a study on the impact of the cybercrime on the economy in the Europen region with a specific focus on the effect suffered by enterprises

Cyber crime is a threat to global economy, says researcher (ComputerWeekly) Halting cyber crime could have a positive impact on the global economy, according to Intel Security Europe security researcher and CTO Raj Samani

'Many major states lack the expertise to prevent cyber-terror' — security chief (Russia Today) Terrorists will soon be able to carry out advanced cyber-attacks on vital state infrastructure, warns Eugene Kaspersky, CEO of security firm Kaspersky Lab. Governments still lack the capacity to deflect sophisticated hacks, he says

Hack attacks hit home: 'The kind of thing that CEOs get fired for' (Financial Post) The growing prevalence of cyber risk in the corporate world has breached the walls of Canada's boardrooms, with directors as likely to see their company's data as a ticking time bomb as much as an asset

Shadow IT in Brazil surpasses world average (ZDNet) Technology initiatives led by non-IT departments are also a concern for most CIOs in the country, according to research

Marketplace

Experts in demand as companies look to block the hackers (The Australian) The appointment of tech security chiefs is no longer limited to the banking sector as other industries look to tackle growing threats to technology security, hiring experts say

Accuvant and FishNet Security Complete Merger (Herald Online) Companies joining together to create the nation's premier cyber security solutions provider

PFP Cybersecurity Recognized as a "Vendor to Watch" by Enterprise Management Associates (PRNewswire) PFP Cybersecurity, a unique provider of anomaly-based cyber security threat detection technology, today announced it has been named a "Vendor to Watch" by Enterprise Management Associates (EMA), a leading industry analyst firm. EMA Vendors to Watch are companies that offer unique customer value by providing unique solutions in their markets or solving problems that have previously gone unaddressed

Fortinet Named One of British Columbia's Top Employers in 2015 (MarketWatch) Fortinet selected as an industry leader and an exceptional place to work

Lockheed to Help UK Cyber Firms Pursue Investments; Stephen Ball Comments (ExecutiveBiz) Lockheed Martin has invested an additional $376,000 in a virtual technology cluster that comprises industry, academia and investors in an effort to help UK-based cybersecurity firms obtain funds for new technologies

WhiteHat Security expands global footprint; continues strong European momentum (PRNewswire) WhiteHat Security, the web security company, is continuing solid business growth across the EMEA region. The growth was driven by demand for WhiteHat Security's award-winning application security solution by organisations of all sizes across all vertical markets

Company news: New additions at ThreatStream, Arbor Networks and more (SC Magazine) Rick Wescott has joined Redwood City, Calif.-based ThreatStream, a SaaS-based cybersecurity threat intelligence platform, as vice president of worldwide sales

EHR Vendor Cerner Seals Siemens Acquisition Deal (EHR Intelligence) The EHR vendor community just got a little more consolidated with the announcement that Cerner Corporation has officially completed the Siemens Health Services acquisition process. The $1.3 billion deal, made public in August of 2014, is intended to advance EHR interoperability and spur health IT research and development as the two major vendors unite to serve an industry demanding greater usability and more help to meet the challenges of the current regulatory environment

Products, Services, and Solutions

Prevalent Enters Cloud Security Services Arena with Cloud-Based Vendor Discovery (Fort Mill Times) Prevalent Cloud ID™ Captures Data on Third-Party Vendors Through Analysis of Internet Activity Logs, Providing Organizations with Comprehensive Vendor Risk Assessment Capabilities

This Guy Found a Way to Block Robocalls When Phone Companies Wouldn't (Wired) Aaron Foss won a $25,000 cash prize from the Federal Trade Commission for figuring out how eliminate all those annoying robocalls that dial into your phone from a world of sleazy marketers

Google extends its all-seeing eye, invites third party apps to Google Now (Naked Security) Google's opened up its Google Now digital assistant to 40 third-party apps, including Pandora, Lyft, TripAdvisor, eBay and RunKeeper

Facebook's got a new privacy policy, and it plans to share your data with partners (Naked Security) Late last year you may recall receiving a message from Facebook saying that its privacy policy was set to change again

Technologies, Techniques, and Standards

Darknet technologies have legitimate security uses, says researcher (ComputerWeekly) The so-called "darknet" technologies that layer invisible, private networks on top of the internet have legitimate security applications for business, according to Greg Jones, director of Digital Assurance

Botnet Takedown Initiatives: A Taxonomy and Performance Model (Technology Innovation Management Review) Botnets have become one of the fastest-growing threats to the computer systems, assets, data, and capabilities relied upon by individuals and organizations worldwide. Botnet takedown initiatives are complex and as varied as the botnets themselves

The New Security Suite (PC Authority) The threat landscape has changed, with cybercriminals more dangerous than ever. Alex Kidman looks at the dangers, and how the professionals are protecting us

PhEmail — Automate Sending Phishing Emails (Kitploit) PhEmail is a python open source phishing email tool that automates the process of sending phishing emails as part of a social engineering test

Exploiting "BadIRET" vulnerability (CVE-2014-9322, Linux kernel privilege escalation) (Bromium Labs: Call of the Wild Blog) CVE-2014-9322 is described as follows

Don't get flashed by Flash (David Longenecker) Flash Player is a common browser plug-in for rich content, but is also a common method of "drive-by" infection. Here are some security tips. Adobe Flash Player is a common browser enhancement that enables so-called "rich web content" — animations, video, in-browser games, interactive advertisements, and more. It's also a top target for malicious hacks — a bogus Flash program that automatically launches when you open a web page can take over your computer. Over the last few weeks, there have been a series of malware outbreaks exploiting vulnerabilities in Flash to infect unsuspecting people's computers

The app economy demands a new security approach (Help Net Security) Protection is still the main driver for security, but a new CA study reveals that organizations understand the application economy demands a new view and approach to security

Antivirus Isn't Dead, It Just Can't Keep Up (KnowBe4 Security Awareness Training Blog) Mid 2014, a company called LastLine Labs published some explosive data about antivirus products. They studied hundreds of thousands of pieces of malware for a year, and tracked the antivirus detection rates of each "engine" using the Virustotal site

Cool in a crisis: Breach response (SC Magazine) How you communicate during an attack is as important as your response, says Ron Green, CISO, MasterCard

Online Trust Alliance offers tips for preventing data breaches (Silicon Valley Business Journal) The Online Trust Alliance research organization has analyzed more than 1,000 data breaches occurring last year and says more than 90 percent of those were preventable

What infosec can learn from the Greek elections (Help Net Security) Sometimes disruption just happens. It occurs when something creates a dramatic change of direction, and examples are all around us: the introduction of the GUI, the iPod and the iPhone, the Tesla Model S, the cloud. The Greek election may be one too, if the threats made are being put forward into action

3 Cyber Security Lessons From Super Bowl XLIX (InformationWeek) The Super Bowl just broadcast can give us a few lessons about risk, awareness, and preparedness

Design and Innovation

Authentication for the ridiculously rushed (CSO) "Code Blue! Code Blue!" A call goes out to the local nurse's station

Research and Development

Tapping the Subconscious Will Deliver Better Online Fraud Protection (Wired) The number of high-profile data breaches last year was nothing short of historic — and shocking. Big-name retailers in particular were caught with their cyber security pants down. While it is their job to protect sensitive customer data, no IT team can prepare for all the attacks that come their way, either in terms of volume or of new type. Malicious actors are endlessly clever; it seems, in devising new ways to steal data

Academia

Purdue University Calumet Earns Cybersecurity Excellence Center Recognition (Portage Life) The National Security Agency (NSA) and Department of Homeland Security (DHS) have designated Purdue University Calumet a Center for Academic Excellence for Information Assurance and Cyber Defense

Legislation, Policy, and Regulation

China demands backdoor into foreign software to "strengthen cybersecurity" (Graham Cluley) In short: if you don't play ball, China is likely to take a dim view about allowing you to sell your technology into its country

Government's digital reformer Maude to step down (MicroScope) Francis Maude, the controversial minister behind many of the government's digital reforms, has announced plans to step down as an MP after nearly 30 years in parliament

Is crypto the enemy? (CSO) They say that if you live long enough you'll see history repeating itself. Certainly, that's true when it comes to fashion, music and even computer gaming with the trend towards retro games. And we're starting to see a a battle being fought again over encryption with British and US political leaders making overtures about banning or limiting the use of an important element of information security

Governments must realize limits of control on cloud data, encryption (ZDNet) U.S. and U.K governments need to realize the negative impact of their actions regarding cloud data sovereignty and encryption, says Singapore-based tech lawyer who also points to the rise of Asian tech companies and innovation in 2015

Cyber gets $1B boost in White House budget (The Hill) The White House's fiscal 2016 budget boosts cybersecurity funding by nearly $1 billion

White House Debuts Dot-Gov Cyber Enforcement Squad (Nextgov) The Obama administration will spend about $20 million on a new White House cyber unit to oversee dot-gov network security, including, for the first time, making sure agencies notify victims of breaches according to a specific timetable

Stopping the Next Cyber-Attack (BloombergView) Chances are, your company's computers will come under attack sometime soon. The perpetrators may want to steal personal information. They may want trade secrets or intellectual property. They may simply want to annoy you

Heath data security, privacy are top concerns for CMS, FDA (FierceGovernmentIT) The rapid growth of health data is helping federal agencies better chart the quality of care being provided and other nationwide trends, but it's also presenting some privacy and security challenges, said government officials

Navy Trains Cyberforces, Eyes Friendly Vulnerabilities (SIGNAL) Threats to areas outside of its control may pose the biggest challenge to the sea service

Security concerns cloud federal data center overhaul (CSO) Government CIOs are in the midst of an ambitious effort to modernize their data centers, but consolidation, virtualization and the cloud bring fresh security challenges

Edward Snowden urges caution over Ottawa's proposed security law (Globe and Mail) Edward Snowden, the fugitive American who leaked state secrets, wants Canadians to know that anti-terrorism laws are easy to pass but very hard to undo

Litigation, Investigation, and Law Enforcement

Justice Dept. Disputes Reporter's Hacking Claims (TopTechNews) A Justice Department inspector general report is disputing allegations by former CBS News correspondent Sharyl Attkisson that the federal government secretly monitored her personal computer

Silk Road prosecutors complete the bizarre DPR murder-for-hire story (Ars Technica) "It wouldn't be suspicious. He would just leave one day and not come home"

Ulbricht tells judge: I'm not going to testify (Ars Technica) According to friends, Ulbricht embraces "peacefulness and non-violence"

Read the Transcript of Silk Road's Boss Ordering 5 Assassinations (Wired) Many of the ideological supporters of the Silk Road have described its sprawling online black market for drugs as an experiment in victimless crime and a nonviolent alternative to the bloody turf wars of the streets. But prosecutors in the trial of Ross Ulbricht, the 30-year-old accused of running that anonymous bazaar, have pointed to one conversation they say shows the contrary: That the Silk Road's boss was willing to resort to the drug trade's most violent measures when it suited his needs

An Avatar That Busts Pedophiles Goes on Autopilot (BloombergBusiness) New software will automate thousands of online chats with predators

Court tosses warrant where FBI cut Internet, posed as hotel repairmen (Ars Technica) "A search warrant is never validated by what its execution recovers"

Murdoch's Fox, News Corp. Won't Be Charged Over Hacking (BloombergBusiness) Rupert Murdoch's 21st Century Fox Inc. and News Corp. said the U.S. Justice Department won't prosecute either company after an investigation into voice-mail hacking and payments to public officials in the U.K

Turkey: Dutch journalist faces up to 5 years in prison (Turkish Press) A chief prosecutor office in southeastern Turkey has requested Monday one to five years of imprisonment for a Dutch journalist accused of spreading propaganda for the outlawed Kurdistan Workers' Party, or PKK

What ever happened to NSA officials who looked up lovers' records? (The Hill) It's been a year since Sen. Chuck Grassley (R-Iowa) asked Attorney General Eric Holder how it handled National Security Agency officials who abused the agency's powers, and he still hasn't gotten an answer

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence...

WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas...

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology...

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon...

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...

Upcoming Events

Cyber Threat Intelligence Summit (Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

ICSS 2015: International Cyber Security Strategy Congress (Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the...

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

Nullcon 2015 (Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

Salt Lake City Tech-Security Conference (Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...

ICISSP 2015 (Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...

Tax benefit, Catalyst Fund and other financial Incentives for Small Businesses (Columbia, Maryland, USA, February 10, 2015) Rescheduled. Meet the experts! Tax incentives, credits and loans available for small businesses. Learn the details: How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits,...

2015 Cyber Risk Insights Conference — London (London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, February 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port...

DEFCON | OWASP International Information Security Meet (Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...

Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.