Anonymous seems to have scored against some Islamic State social media accounts as it launches its "OpISIS."
Intuit's popular TurboTax software suspended filing state income tax returns in the US late last week after users attempting to file in Minnesota found that some unknown party had already submitted returns under their identities. Intuit suspended e-filing of state returns after receiving Minnesota's notification of the apparent fraud. Federal tax filings were unaffected, and TurboTax resumed state filing services late Friday evening. Intuit (which has retained Palantir to help deal with the incident) says its own systems had not been breached, but that users were victims of fraud traceable to other large company's data breaches. (Coincidentally or not, Intuit also announced last week that it had acquired cloud security shop Porticor.)
December's Anthem breach, disclosed last week, is a big data breach of the kind that could enable identity fraud. Company and FBI investigations are proceeding, and sources claiming knowledge of the incident say signs point to Chinese government involvement (which the Chinese government naturally denies). Lessons being drawn from the Anthem hack suggest that encryption wouldn't have prevented an attack based on targeted theft of privileged credentials, and that the C-suite seems to have taken a more active role in incident response.
The first lawsuits related to the Anthem breach have been filed, and more companies are looking to cyber insurance.
Apple pushes out an OS X update to close Flash vulnerabilities.
German, UK, and US authorities update their cyber policies.
Today's issue includes events affecting Belgium, China, France, Germany, Iraq, Japan, Democratic Peoples Republic of Korea, Luxembourg, South Africa, Syria, United Arab Emirates, United Kingdom, United States.
TurboTax resumes state tax return filing after fraud-related suspension(Baltimore Sun) TurboTax had temporarily suspended state tax return filing after fraud concerns. The company behind TurboTax, the best-selling tax preparation software in the country, temporarily stopped processing e-filed state tax returns this week after an uptick in fraudulent filings
Intuit Working With State Governments to Solve Emerging Tax Fraud Problem(Intuit) Intuit Inc. (Nasdaq: INTU) today announced it is working with state agencies to address growing concerns over state tax fraud. During this tax season, Intuit and some states have seen an increase in suspicious filings and attempts by criminals to use stolen identity information to file fraudulent state tax returns and claim tax refunds
TurboTax halts state filings amid fraud outbreak(USA TODAY) TurboTax turned off the ability of its software to e-file state tax returns across the USA on Thursday after the company found "an increase in suspicious filings," the company said Friday
Cyberattacks keep TurboTax users from filing returns(PBS News Hour) After seeing an increase of stolen information used to file fraudulent state tax returns, TurboTax announced that the processing of all state filing has been halted and the option to file state taxes online no longer exists
China To Blame in Anthem Hack?(KrebsOnSecurity) Bloomberg reports that U.S. federal investigators probing the theft of 80 million Social Security records and other sensitive data from insurance giant Anthem Inc. are pointing the finger at state-sponsored hackers from China. Although unconfirmed, that suspicion would explain a confidential alert the FBI circulated last week warning that Chinese hackers were targeting personally identifiable information from U.S. commercial and government networks
Anthem hack raises fears about medical data(Los Angeles Times) Insurance giant Anthem Inc. suffered a massive data breach exposing the personal information of up to 80 million Americans — and it could have been even worse for consumers
Why hackers are targeting the medical sector(Washington Post) A hack at Anthem, the second-largest health insurer in the country, exposed personal information about millions of employees and customers. But the attack is just the latest evidence that cybercriminals are increasingly targeting the medical sector where they can collect health information that can be sold for a premium on the black market
Responding to the Anthem Cyber Attack(National Law Review) Anthem Inc. (Anthem), the nation's second-largest health insurer, revealed late on Wednesday, February 4 that it was the victim of a significant cyber attack
C-Suite — Changing Tack on the Sea of Data Breach?(National Law Review) The country awoke to what seems to be a common occurrence now: another corporation struck by a massive data breach. This time it was Anthem, the country's second largest health insurer, in a breach initially estimated to involve eighty million individuals. Both individuals' and employees' personal information is at issue, in a breach instigated by hackers
Community debates encryption's value in Anthem incident(SC Magazine) Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials. Anthem's breach has ignited a debate on the insurer's data security safeguards, with many experts arguing that, in this incident, encryption may not have minimized the attack damage like some suspect
Anthem Cyber Attack Clouds Insurer's Obamacare Bounty(Forbes) An investigation by state insurance regulators into the data breach of 80 million current and former customers of health insurance giant Anthem (ANTM) comes during a period of unprecedented growth for the company thanks to the Affordable Care Act
Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited(FireEye) This is the tale of an ongoing SSH brute forcing campaign, targeting servers and network devices, that distributes a new family of Linux rootkit malware named "XOR.DDoS." While typical DDoS bots are straightforward in operation and often programmed in a high-level script such as PHP or Perl, the XOR.DDoS family is programming in C/C++ and incorporates multiple persistence mechanisms including a rare Linux rootkit
WhatsSpy Public Tracks WhatsApp Activity(Softpedia) Certain information related to WhatsApp activity can be tracked by a third party with the help of a recently released tool, even if privacy options have been enabled
What You Need to Know About 'Drive-By' Cyber Attacks(Fox Business) Last year's epic Sony hack, which the FBI attributed to North Korea, was clearly a big wakeup call for businesses. But for most companies, unless you're a Fortune 1000 or greater, your biggest threat doesn't come from these highly sophisticated, targeted attacks. Instead, it's lower level actors that pose the greatest danger — cyber-criminals whose goal is to steal or extort money out of businesses, and cause a lot of damage in the process
Flash Player Zero-Day Vulnerabilities: Why So Many Lately?(Top Tech News) Even for the vulnerability-troubled Adobe Flash Player, the emergence of multiple Flash zero-days over just a few weeks is unusual, according to a cybersecurity expert. Adobe has reported and issued updates for three zero-day exploits since January
Investigating online dating fraud(Help Net Security) The one thing that online dating scammers have in common is that their preferred target demographic is vulnerable and trusting people with a limited social circle or support group
Computer malware demands ransom for encrypted files(Luxemburger Wort) The last few days, a new wave of malware attacks have struck companies and individuals in Luxembourg. The infection known as CTB-locker or Critoni crypto ransomware infects via with spam messages and email attachments
Bulletin (SB15-040) Vulnerability Summary for the Week of February 2, 2015(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
The trick to vanquishing 0 days that have become 100 days(CSO) We have now arrived in the theatre of the absurd. Collectively we use things like Adobe Flash, Acrobat and Java on our systems everyday. We use software that is flawed at its very core in our jobs, schools and home life. Then we're surprised when things go awry. "How did that attacker breach my system?" and so forth
Microsoft patching zero-day exploit on IE11(ITProPortal) Microsoft has confirmed a new zero-day exploit on Internet Explorer 11 for Windows 8.1 and Windows 7 allowing attackers to steal critical information through an XSS exploit
2015 Global Audit Committee Survey(KPMG) Short of a crisis, the issues on the audit committee's radar don't change dramatically from year to year (and they probably shouldn't); but sometimes small shifts tell a big story
FireEye Inc (FEYE) Stock Surges After Its Win At Anthem Inc (ANTM)(Bidness Etc.) JPMorgan calls FireEye's forensic division as the "Go-To" business after its high-profile wins with Sony and Anthem data breaches. Stocks of other health insurers, like Palo Alto Networks, also gain in the wake of the data breaches that have left investors on the watch regarding security stocks
CyberArk shares up 5 percent after Anthem data breach(Boston Business Journal) Shares of Newton-based CyberArk Software (Nasdaq: CYBR), a Newton-based firm that offers IT security, were up 5 percent Thursday — a day after revelations about a data breach affecting health insurer Anthem Inc
Porticor has been acquired by Intuit(Porticor) Data security news has been in the spotlight lately, and with good reason. From the public cloud to the private cloud and everything in between, customers trust us to keep their data secure. We are seriously enthusiastic about cloud security and we are extremely pleased to learn that Intuit shares that enthusiasm. So today we are delighted to tell you that Porticor has been acquired by Intuit
Harris Buying Exelis Signals Defense Consolidation(BloombergBusiness) Harris Corp.'s purchase of Exelis Inc. in a transaction valued at $4.75 billion could signal further consolidation among mid-size defense companies as they search for growth while government spending stagnates
Cyber security system aims to reach whole world(Daily Sabah) The domestic cyber security systems developed by Comodo, which gained fame for the online security solutions they built for U.S. President Barack Obama's election campaign websites, will be exported to the world, according to Comodo's founder Melih Abdulhayaoğlu
Kaspersky Total Security(PC Magazine) Typical security suite licensing plans let you install protection on up to three PCs. That was fine ten years ago, but the modern household tends to be more eclectic, device-wise. Kaspersky Total Security aims to protect all of your devices, not just PCs
Adware Medic Removes Macintosh Malware(Lifehacker) Although Macs don't often get malware, they aren't immune. If you don't have a good Mac antivirus program installed, or something slipped through, Adware Medic removes common nasties
FireEye Threat Intelligence(SC Magazine) FireEye Threat Intelligence is part of the overall FireEye suite of security products. It is, in fact, the primary intelligence component and is used to help drive other FireEye products providing active blocking at networks, endpoints and mobile devices
4 open-source monitoring tools that deserve a look(Network World) Network monitoring is a key component in making sure your network is running smoothly. However, it is important to distinguish between network monitoring and network management. For the most part, network monitoring tools report issues and findings, but as a rule provide no way to take action to solve reported issues
Technologies, Techniques, and Standards
Make sure your company isn't the next Anthem(CSO) Customers and employees trust businesses to protect their data, and businesses trust CSOs and CISOs to make sure the data is secure. Those in charge of protecting the network and defending sensitive information know that security cannot be guaranteed. It is simply a game of risk management
Threat Intelligence, Know Your Enemy and Yourself: Ken Westin Interview(Hacksurfer) This week we saw 2015's first mega breach. Anthem Inc., one of the countries biggest health insurers, was breached and up to 80 million clients' and employees' data was compromised in what will likely be the largest data breach ever disclosed by a healthcare company. Anthem detected the breach and reported it to the media, law enforcement, and past and present clients. At this time the company is still not sure how hackers were able to compromise their systems
How Can Threat Intelligence Play a Role in PCI 3.0 Compliance?(Cyveillance Blog) Many of the organizations we work with must comply with the Payment Card Industry Data Security Standards (PCI DSS) in some way, shape, or form to help safeguard cardholder information. Since the PCI Security Standards Council recently released a new version, PCI 3.0, which took effect January 1, we thought it was a good time to examine how threat intelligence can factor into your PCI compliance program
Guarding your Data against Cyber Attacks(Database Journal via Webopedia) There was a time not so long ago when the word "hacking" conjured up the image of fifteen-year-old writing viruses that presented a message like "You've been hacked by badboy45"
Thug-Vagrant(iTeam Developers) Thug-Vagrant provides a Vagrant configuration file (Vagrantfile) and shell script to automate the setup of a Thug honeyclient in a virtual machine. The need for this project comes from the lengthy and somewhat difficult installation procedure of Thug which can be discouraging
Bindead — a static analysis tool for binaries.(Atlassian Bitbucket) Bindead is an analyzer for executable machine code. It features a disassembler that translates machine code bits into an assembler like language (RREIL) that in turn is then analyzed by the static analysis component using abstract interpretation. As Bindead operates on the machine code level, it can be used without having the source code of the program to be analyzed. In fact, the purpose of Bindead is to help with the reverse engineering of executable code or binaries. The analyzer enables one to reason about all the possible runtime behavior of a program and find potential bugs. To this end we perform a collection of (numeric and symbolic) analyses on the program and are able to infer memory access bounds and various other numeric properties statically, i.e. without running the program
How the NSA is improving security for everyone(Network World) The NSA's core function is gather and analyze data. But the NSA is also expected to secure and protect sensitive information, and as part of that role NSA security experts have launched a program to integrate more commercial off-the-shelf products
It's Safe to Say: IT Students Make Impression at Security Convention(Pennsylania College Today) A sizable Penn College contingent attended ShmooCon, the East Coast "hacker" convention, held Jan. 16-18 at the Washington (D.C.) Hilton. Three faculty members in the School of Industrial, Computing & Engineering Technologies — along with 11 graduates, 18 current students and a former student — were among those attending
Japan must improve intel so firms can prosper: NSA official-turned-CEO(Japan Times) With discussion on new security legislation being undertaken after two Japanese hostages were killed by the Islamic State group, a former official of the U.S. National Security Agency said Japan needs to build up intelligence, not just to respond to terrorism but to protect Japan Inc
Leaks Make a Mockery of Intelligence Community Secrecy(Overt Action) "CIA, Mossad killed senior Hezbollah figure in bombing" announced The Washington Post headline on 31 January 2015 — nearly seven years after the death of Imad Mughniyeh. Few in America should be particularly heartbroken with the particulars of his demise; after all, Mughniyeh has been the shadowy figure who masterminded attacks in Beirut that killed more than 300 Americans, trained fighters in Iraq to attack US forces, and led the kidnapping, torture, and murder of CIA's Beirut Station Chief
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security for Defense(Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Workforce Development Forum — CyberWorks Information Session(Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.