Kurdish hackers take the Turkish government to task for its alleged support of ISIS.
Government services — notably in China, Russia, North Korea, and Iran, but elsewhere as well, as such activity establishes new international norms — are expected to continue to expand espionage and sabotage in cyberspace.
KrebsOnSecurity looks at the Anthem breach and suggests it may have started as early as April of 2014, far earlier than Anthem's announced December attack date. Anthem says the compromise may be traceable to successful phishing of a few employees. Investigators continue to speculate about possible Chinese government responsibility for the breach, but remember the notorious difficulty of attribution. (Read Tenable's blog for a refresher course in healthy skepticism. Attribution's difficulty seems to motivate the US White House's formation of its new Cyber Threat Intelligence Integration Center.)
State insurance commissioners are calling for a multi-state investigation of Anthem's security. Other regulators (like the Federal Financial Institutions Examination Council and New York's Department of Financial Services) clarify guidance for the sectors they oversee.
Ransomware remains of concern, with Critroni affecting French businesses and CryptoWall appearing in a new, stripped-down variant.
Dr. Web reports on a multi-purpose Linux backdoor Trojan. PlugX retains its popularity as a tool for targeted attacks.
Today is Patch Tuesday: non-premium customers should know shortly what Microsoft intends to fix.
The public and private sectors seem in a surly, reactive mood, as op-eds variously call for cyber-law-west-of-the-Pecos or Citizens' Vigilance Committees (or at least a more active corporate approach to cyber crime).
Today's issue includes events affecting Australia, Bangladesh, China, European Union, France, Germany, Iran, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Philippines, Russia, Singapore, Somalia, Sweden, Turkey, United Kingdom, United States, and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
"Stop Supporting ISIS": Anonymous Kurdistan Hacks Turkish Govt. Websites(HackRead) On Thu, 02 Jan 2014, a Kurdish hacker going with the handle of Anonymous Kurdustan & Muhmad Emad hacked two Turkish government websites belonging to the Afyonkarahisar Provincial Disaster and Emergency Management (Afyonkarahisar is a city in western Turkey, the capital of Afyon Province), asking the Turkish government to stop supporting the ISIS terrorist group
Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm(Dark Reading) New report shows 2014 as the year of China's renewed resiliency in cyber espionage — with Hurricane Panda storming its targets — while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain
Anthem Breach May Have Started in April 2014(KrebsOnSecurity) Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion
New multi-purpose backdoor targets Linux servers(Help Net Security) A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers, who believe that the Chinese hacker group ChinaZ might be behind it
Is Anonymous Attacking Internet Exposed Gas Pump Monitoring Systems in the US?(TrendLabs Threat Intelligence Blog) Even as attacks on SCADA devices has become more public, devices are constantly being reported as Internet-facing and thus, vulnerable to attacks. Very little security is implemented on these devices, making them perfect targets of opportunity. Recently, Internet-facing gas station pumps have gained some attention, when several articles exposing the availability of these devices were published online
Senate Report Slams Automakers for Leaving Cars Vulnerable to Hackers(Wired) Since hackers first began demonstrating that they could take over cars' digital systems to slam on brakes or hijack steering, most automakers have done everything they can to avoid publicly discussing whether their vehicles are vulnerable. Massachusetts Senator Edward Markey, however, has demanded answers on that car-hacking question. Now he's released his findings: the answers are messy at best, and dangerous at worst
Be careful when talking in front of a Samsung SmartTV(Help Net Security) Owners of Samsung SmartTVs that use its Voice Recognition feature to control the device should be aware that everything they say in front of their smart television set may end up in the hands of third parties
From Zero to Your Credit Card(Cyactive) A recent blog post by Nick Hoffman highlights the efficiency of reusing malware techniques and just how easy it is to develop a credit card data stealing malware. The malware that he notes consists in fact of the basic processes that every PoS malware uses. This malware doesn't have a name, and probably served as a Proof-Of-Concept. It is tiny (4k) and as of April 2014 was undetected by most Antivirus. Yet, bottom line, it can steal your credit card data
Security Patches, Mitigations, and Software Updates
Creaking Patch Tuesday's Viability Rests with Quality, Speed(Threatpost) Today is Patch Tuesday, the 11-year-old procession of security bulletins from Microsoft streamed out automatically to consumers of Windows Update, and pulled en masse by enterprise admins worldwide needing to test each for compatibility
The Uses and Abuses of Cryptography(CircleID) Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this one it's not going to help. If your OS is secure, you don't need the crypto; if it's not, the crypto won't protect your data
"Assume Breach" is Not a Defeatist Point of View(Norse Blog) As an industry, we have collectively been talking about the concept of assume breach for at least two years now. Frankly, it's probably been much longer than that, and I feel like the idea is starting to take hold
Security, Privacy Lapses Stem Largely from Lack of Enforcement, Study Finds(IT Business Edge) You'd think that organizations would have learned by now. But as last week's news of the Anthem breach shows, hackers still find it too easy to steal critical information from high-profile companies. A disturbing dimension of all of this is that too often, organizations have the proper security and privacy controls in place, but there's just one problem: They fail to properly enforce them
Are smart homes security smart?(Help Net Security) A new ENISA study aims to identify both the security risks and challenges as well as the countermeasures required for emerging technologies in smart homes, providing a specific and focused approach, with an overview of the current state of cyber security in this emerging domain
Four Reasons Why Millennials Should Care About Safer Internet Day(TechCrunch) Growing up, I was always close to technology. I explored the vast world of the Internet from a young age. I created my first email account when I was 10 years old, but had no concept of acting safe online and signed up for numerous websites that promised free TVs and other cool prizes. It wasn't long before I fell victim to phishing attacks and almost sent money to someone in Florida for a puppy
Company Shares of Proofpoint Inc Rally 6.22%(Wall Street Pulse) Shares of Proofpoint Inc (NASDAQ:PFPT) rose by 6.22% in the past week and 6.67% for the past 4 weeks. For the past week, the counter has outperformed the S&P 500 by 3.1% and the outperformance increases to 6.12% for the past 4 weeks
Company Shares of Nice-Systems Ltd (ADR) Rally 9.91%(Wall Street Pulse) Shares of Nice-Systems Ltd (ADR) (NASDAQ:NICE) rose by 9.91% in the past week and 7.47% for the past 4 weeks. For the past week, the counter has outperformed the S&P 500 by 6.67% and the outperformance increases to 6.91% for the past 4 weeks
Company Shares of Cyberark Software Ltd Rally 9.45%(Winston View) Shares of Cyberark Software Ltd (NASDAQ:CYBR) rose by 9.45% in the past week and 0.03% for the past 4 weeks. The shares have outperformed the S&P 500 by 6.23% in the past week but underperformed the index by 0.49% in the past 4 weeks
Company Shares of Radware Ltd. Rally 3.95%(Wall Street Pulse) Shares of Radware Ltd. (NASDAQ:RDWR) appreciated by 3.95% during the past week but lost 7.19% on a 4-week basis. The shares have outperformed the S&P 500 by 0.89% in the past week but underperformed the index by 7.67% in the past 4 weeks
HP Acquires Voltage Security(CSO) Today came news that the software giant HP has made a new acquisition. This time they have picked up the encryption vendor Voltage Security. Congrats to Sathivk Krishnamurthy and team
Which IBM Layoff Numbers Add Up?(IEEE Spectrum) Last month, tech journalist Robert X. Cringely reported that 26 percent of IBM's employees were about to be shown the door, potentially more than 100,000 people if you look at IBM's worldwide workforce of more than 400,000. IBM responded that it had already announced that it was writing off $580 million for "workforce restructuring," a number consistent with laying off several thousand people. That's a big gap
5 Top Firefox Addons For Anonymous Surfing(eHacking) Firefox is fast,reliable and secure browser that provides a lot of different features except browsing. So this article will talk about anonymous surfing via Firefox
Why Northern HSC Trust chose ForeScout CounterACT for agentless NAC(Cambridge Network) Implementing 802.1x authentication controls across thousands of owned network devices in a large organisation is both complex and time-consuming. Deploying authentication to devices you don't own, manage or (sometimes) know about introduces a new set of issues
FFIEC Issues Cyber-Resilience Guidance(GovInfoSecurity) New business continuity guidelines from the Federal Financial Institutions Examination Council paint a more detailed picture of the cybersecurity initiatives banks and credit unions will be asked about during upcoming examinations
How do we identify our attackers in cyberspace?(Tenable Blog) In 1995 I landed my first independent consulting project: an incident response for an important financial institution in New York City. That experience has informed my attitude about attribution ever since, because it was one of the rare incidents I've ever been involved in when we actually learned the identity and location of the attacker with a high degree of certainty
Detecting Mimikatz Use On Your Network(Internet Storm Center) I am an awesome hacker. Perhaps the worlds greatest hacker. Don't believe me? Check out this video where I prove I know the administrator password for some really important sites!
A Token's Tale(Google Project Zero) Much as I enjoy the process of vulnerability research sometimes there's a significant disparity between the difficulty of finding a vulnerability and exploiting it. The Project Zero blog contains numerous examples of complex exploits for seemingly trivial vulnerabilities. You might wonder why we'd go to this level of effort to prove exploitability, surely we don't need to do so? Hopefully by the end of this blog post you'll have a better understanding of why it's often the case we spend a significant effort to demonstrate a security issue by developing a working proof of concept
Legacy Approach to Password Management: Trade Security for Convenience?(RSA: Speaking of Security) I came across an article the other day highlighting the importance of password management. The article indicated that employees are willing to sell their passwords to bad actors, and that password management is the right solution to combat this issue. This made me scratch my head — how can password management help mitigate a stolen password or a password that has willingly been handed over?
Printer to Shredder — Threat intelligence's problem(Cytegic) You're an IT executive and your company receives regular cyber intelligence updates. They land in your inbox (or have been forwarded to you by your managers, flagged "urgent") every once in a while. When opening one you can find a brief summary of current events or alerts and an attachment, usually a PDF document. If it's over 10 pages long you will then print this and then… well, most likely keep it on your desk for several days. If you have some spare time you might even gaze into this document, and maybe even highlight a paragraph or two for future use. But most likely, you will either ask one of your subordinates to read and summarize it for you or never look at this again before finally shredding it
Will 2015 Be The Year of Information Security Disruption?(CRN) Mark Robinson, president of Findlay, Ohio-based CentraComm, is one of dozens of channel veterans who attends the RSA Conference every year and has watched the security industry's largest annual gathering grow substantially in recent years. Robinson and others recall having to sprint to meet colleagues from one side of the mammoth Moscone Convention Center in San Francisco to the other
NSA Announces 3rd Annual Best Scientific Cybersecurity Paper Competition(NSA) The National Security Agency is seeking nominations for the 3rd Annual Best Scientific Cybersecurity Paper Competition. The competition is for scientific papers that were published between January 1, 2014 and December 31, 2014 and that show an outstanding contribution to cybersecurity science. Deadline for nominations is March 31, 2015
Pentagon seeks new war games to combat cyber threats(USA TODAY) The Pentagon think tank that has funded studies into whether Russian President Vladimir Putin has Asperger's syndrome is expanding its research to futuristic war games and investigating the effects of embargoes and trade restrictions, newly released military documents show
DARPA project trains robots to watch YouTube(C4ISR & Networks) Do robots like videos of cute puppies or daring skateboard stunts? Researchers at the Defense Advanced Research Projects Agency might find out, but it will be as a byproduct of the Mathematics of Sensing, Exploitation and Execution (MSEE) program, which is teaching robots to respond to visual information by having them watch YouTube videos
U.S.-German Spy Spat Unresolved as Merkel Visits Obama(Bloomberg) The unresolved fallout between the U.S. and Germany over National Security Agency espionage and mass surveillance slid to the background of a visit by Chancellor Angela Merkel to Washington, supplanted by the need for intelligence sharing amid rising threats of terrorism
National Security Strategy(The White House) Today, the United States is stronger and better positioned to seize the opportunities of a still new century
and safeguard our interests against the risks of an insecure world
White House Releases National Security Strategy(Dark Matters) The White Has has released the latest National Security Strategy, which calls for improved network security defenses to protect critical systems and intellectual property from theft, specifically referring to economic espionage by China
New agency to sniff out threats in cyberspace(Washington Post) The Obama administration is establishing a new agency to combat the deepening threat from cyberattacks, and its mission will be to fuse intelligence from around the government when a crisis occurs
Government IT Makes GAO's High Risk List(Fiscal Times) At a time when cyber attacks pose an increasingly serious threat to national security, with hackers launching attacks at the Defense Department every day, watchdogs are flagging federal IT operations as one of the most serious weaknesses in the federal government
The country is vulnerable without CISPA(Baltimore Sun) While some worry about privacy in a proposed cyber intelligence law, they should be worried about attacks.
The uninterrupted operation of our nation's infrastructure is vital to our physical and economic security and our lives. It monitors generators producing power; controls valves that allow gas or oil to flow from well to refinery to pump; manages air, rail, and road traffic; and enables banks to process credit card transactions and business activities nationally and internationally
Intelligence Legalism and the National Security Agency's Civil Liberties Gap(Harvard National Security Journal) Since June 2013, we have seen unprecedented security breaches and disclosures relating to American electronic surveillance. The nearly daily drip, and occasional gush, of once-secret policy and operational information makes it possible to analyze and understand National Security Agency activities, including the organizations and processes inside and outside the NSA that are supposed to safeguard Americans' civil liberties as the agency goes about its intelligence gathering business. Some have suggested that what we have learned is that the NSA is running wild, lawlessly flouting legal constraints on its behavior. This assessment is unfair
Navy Submariner Takes Pentagon Cyber Post(Breaking Defense) The Pentagon named a Navy cryptologist to a top cyber policy position today. Rear Adm. Sean Filipowski, who'll get his second star with the new job, is a protégé of former NSA director Gen. Keith Alexander
Ross Ulbricht Didn't Create Silk Road's Dread Pirate Roberts. This Guy Did(Wired) More than 14 months after his arrest, Ross Ulbricht has been convicted of being the Dread Pirate Roberts, the masked figure who ran the Silk Road's unprecedented online supermarket for drugs. But the man who first created that mask — and in many ways served as Silk Road's mastermind just as much as Ulbricht — remains a mysterious figure, and one who by all appearances walked away unscathed from his involvement in the Silk Road's billion-dollar drug operation
Researcher Releases 10 Million Usernames And Passwords In Fight Against Obama's War On Hackers(Forbes) With the sentencing of Barrett Brown, a journalist who was convicted of numerous crimes and whose jail time was increased because he posted a link to stolen data, and some worrying cyber security proposals from the Obama administration that would appear to outlaw the everyday activities of researchers, both hacks and hackers have been anxious about the chilling effects on their work. Quinn Norton, a long-time security writer, said she would no longer report on leaked information for fear of arrest. Errata Security's Robert Graham said there was a war being waged on professional hackers who have only been trying to make the internet safer
Today I Am Releasing Ten Million Passwords(Passwords) Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain
KickAss Torrent Download Website Seized(HackerNews) So far, the torrent users didn't forget the incident of The Pirate Bay seizer, that another most popular Torrent website, KickAss Torrents, has been kicked off by the Somalian registry
INTERPOL and the fast-paced digital threat landscape(Help Net Security) Dr. Madan Oberoi is the Director of Cyber Innovation and Outreach Directorate at the INTERPOL Global Complex for Innovation in Singapore. In this interview he talks about the key developments that allow law enforcement to stay on top the fast-paced digital threat landscape, offers insight on the challenges involved in managing international cyber innovation and research within INTERPOL
Cybercrime: the importance of being alert(Malaysian Insider) The recently published Safe Cities Index 2015 by The Economist magazine placed Singapore as the second-safest major city in the world, after Tokyo. The index does not measure simply crime, but also a wide-ranging set of factors, including digital security
Famed God nabbed by the cops(CSO) There is a nonsensical bad habit that some script kiddies have been getting up for the last couple years. This is the practice of swatting. One person who allegedly fancied himself as a "hacker" was Brandon Wilson aka "Famed God". Despite his lofty moniker he was a 19 year old teen from Nevada
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cybersecurity for a New America: Big Ideas and New Voices(Washington, DC, USA, February 23, 2015) In addition to featuring keynote remarks by Admiral Mike Rogers, Director of the National Security Agency, this event will convene experts and practitioners from the public and private sector, military,...
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Workforce Development Forum — CyberWorks Information Session(Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.