Lenovo continues bandaging its Superfish self-inflicted wound, but customer fears of vulnerability to man-in-the-middle attacks grow. (Komodia, whose SSL Digester is a key component of the much-reviled Superfish adware, coincidentally or not reports suffering a denial-of-service attack.) Facebook researchers find "more than a dozen" apps that use the questionable Komodia library.
Superfish is unfortunately not the only SSL-breaking piece of adware out there. PrivDog's standalone version (as opposed to the extension bundled with Comodo Internet Security) is also reported to expose users to man-in-the-middle attacks. Threatpost calls PrivDog "arguably worse than Superfish."
Reported SIM card hacks affecting Gemalto remain troubling (although Gemalto tells customers its investigation shows the cards remain safe to use). Other alleged intelligence service hacks prompt reconsideration of firmware vulnerabilities — Wired has a rundown.
Lizard Squad is back, still flacking its DDoS-for-hire service, this time through a DNS-poisoning attack on Google's Vietnam service. The attack is apparently a marketing stunt for Lizard Stresser, but one doubts it will draw many customers from the white-hat world Lizard Squad says it aspires to reach. This crew, which few analysts think contains many (any) Professor Moriaritys or Lex Luthors, continues poking at Sony and Microsoft, which causes some to wonder why large, well-resourced organizations continue to be troubled by Lizard Squad.
Industry inspects US Presidential cyber security initiatives with a hopeful but skeptical eye.
NSA Director Rogers describes his agency's views on privacy, security, deterrence, and international cyber norms (and engages in a free and frank exchange with Yahoo's CISO).
Today's issue includes events affecting Afghanistan, European Union, France, Iraq, Iran, Ireland, Netherlands, South Africa, Turkey, United Arab Emirates, United Kingdom, United Nations, United States, and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
Security Researcher: Superfish Could Be Catastrophic(Top Tech News) Apparently, Superfish stinks worse than security Relevant Products/Services industry watchers first thought. There was an uproar when the world discovered Lenovo, the world's largest PC maker, has been shipping laptops pre-installed with a virus-like software Relevant Products/Services that puts customers in the line of hacker fire. But uproar may soon be an understatement
Komodia Website Under DDoS Attack(Threatpost) Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack
Superfish-like Vulnerability Found in Over 12 More Apps(Hacker News) 'SuperFish' advertising software recently found pre-installed on Lenovo laptops is more widespread than what we all thought. Facebook has discovered at least 12 more titles using the same HTTPS-breaking technology that gave the Superfish malware capability to evade rogue certificate
PrivDog Adware Poses Bigger Risk than Superfish(Threatpost) Move over Superfish. Another piece of shady adware has been thrust into the spotlight, one that also breaks HTTPS connections, but is arguably worse than Superfish, which was pre-installed on new Lenovo laptops manufactured at the tail end of 2014
Gemalto Hack May Have Far-Reaching Effects(Threatpost) Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it's safe to say that the operation has caused reverberations throughout the industry and governments in several countries
Lizard Squad Strikes Again: Why Can't Sony And Microsoft Protect Themselves?(International Business Times) The cybervandals known as Lizard Squad last week claimed responsibility for taking down Xbox Live — again. It's the same group that knocked out Microsoft's gaming network, as well as Sony's PlayStation Network, this past Christmas. So, how is the group so easily able to infiltrate gaming networks operated by two of the world's most sophisticated tech giants?
How Hackers Abused Tor To Rob Blockchain, Steal Bitcoin, Target Private Email And Get Away With It(Forbes) Across October and November of last year, some unlucky users of the world's most popular Bitcoin wallet, Blockchain.info, and one of the better-known exchanges, LocalBitcoins, had their usernames and passwords silently pilfered. They were robbed of significant sums, probably tens of thousands of dollars worth of the virtual currency, possibly more. Security-focused email services, Riseup and Safe-mail were also targeted by the same crew. And according to the man who witnessed the attacks go off last year, Digital Assurance director Greg Jones, it looks like buyers and sellers of dark markets were the targets
Flaw makes Cisco routing hardware vulnerable to DoS attacks(Help Net Security) A serious vulnerability affecting the software of some of Cisco's routing hardware systems for telecommunications and Internet service providers could be exploited to mount DoS attacks, the company has announced in a security advisory
CVE-2015-0240: Samba Daemon Vulnerability(RedHat CVE Database) An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user)
Security Patches, Mitigations, and Software Updates
Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability(Cisco) A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic…Cisco has released free software updates that address this vulnerability
Patching Haste Makes Waste(Lumension Blog) Sometimes it's better if software patches don't come out too quickly. Such was the case when Microsoft issued its regular round of Patch Tuesday updates earlier this month, leaving some unhappy
Driving cyberwar(Washington Examiner) A 14-year-old boy (who looked not a day older than 10, by all accounts) went to Radio Shack last July and purchased various electronic parts for about $14. He stayed up all night assembling a circuit board, and the following morning hacked into a new car, remotely gaining access to the vehicle
Mideast tops world in cyber security priority(Trade Arabia) More than half of business and government leaders in the Mena region identify cyber security as a strategic priority, compared to only 23 per cent in the US and 36 per cent in UK/Europe, a report said
Cyber insurance: Dare leave home without it(Washington Examiner) When a mid-February report revealed that more than 100 banks were hacked in what appears to have resulted in over $1 billion stolen from these financial institutions, it was just another reminder of how ubiquitous cyberattacks have become
UBS Has 3 Must-Own Cybersecurity Software Stocks(24/7 Wall Street) Probably the most alarming aspect of the continued rise in cybersecurity threats and attacks is the sophistication that current hackers and criminals have. From almost anywhere in the world they have targeted the highest security platforms with what sometimes seems like impunity. A new research report from UBS concurs and believes that cyber-criminals are only becoming more sophisticated. The analysts feel that combined with increasing attack surfaces, such a hostile threat landscape should sustain security software's elevated priority within corporate and government information technology budgets
Partnership between the State and Cisco: the American CEO who chose France(Gouvernement.fr) "The Government is far more attentive. I can feel it has reached something of a turning point just now", John Chambers, CEO of network equipment world leader Cisco, explained during an interview on French channel BFM TV. The company signed a partnership with the French Government on Monday 16 February. The Prime Minister was happy about the signing of the agreement, which represents a development opportunity and an avenue for growth, competitiveness and employment for France
DISA suspends $1.6B VMWare RFP deadline amid protests(C4ISR & Networks) The Defense Information Systems Agency on Feb. 19 suspended indefinitely a deadline for proposals for a joint enterprise licensing agreement with server-virtualization giant VMWare that would be worth roughly $1.6 billion
Spytector Employee Monitoring Made Easy (Review)(HackRead) It is somewhat a proven fact that Computer & Internet have brought a new era of productivity into the human life in a number of aspects. That being said, the same computers and internet connectivity options seem to become one of the notable reasons for distraction — especially when it comes to companies that provide computers to employees for accomplishing tech-assisted tasks. Obviously, as it does not make sense to be in front of every PC and check whether an employee is misusing his or her computer or internet connection, we are here with an impressive solution for you — Spytector keylogger. In this post, we shall have an in-detail review of Spytector, having a look at various aspects of the tool
Snapchat tells teens: Keep your clothes on!(Naked Security) Ahh, Valentine's Day: the day of romance, filled as it is with roses, chocolate, and college kids sneaking into football stadiums to have sex and chronicle it on Snapchat
Google will ban adult content on its blogging platform(Quartz) Google has updated its policies on Blogger, its blogging platform, to preclude new users from hosting adult content. Blogs that are created after March 23 and contain "images and video that are sexually explicit or show graphic nudity" may be summarily deleted. Existing blogs will be set to private; the only way to visit them will be for the blog owner to explicitly give permission to individual browsers
BYOD: Cost-Saver or Hidden Expenditure?(Cloud Wedge) According to analyst firm Gartner, half of employers will require employees supply their own devices for work by 2017. Although BYOD has been widely touted as a productivity driver and the IT department's support system, enterprises need to carefully evaluate whether BYOD is truly cost-effective or not
Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall(Internet Storm Center) This will walk you through the steps of subscribing to our top 20 block list on a Palo Alto Networks firewall. It will also show you how to make a rule using the external block list. You can create a rule to block both inbound and outbound, however in this instruction it will include only an outbound rule. Any traffic transiting outbound from an internal host to this list on the top 20 should be considered suspect, prevented, and then investigated
Trey Ford on Mapping the Internet with Project Sonar(Threatpost) Trey Ford from Project Sonar describes the group's initiative at Kaspersky's Security Analyst Summit. The Rapid7 service scans public networks for applications, software, and hardware, then analyzes that cache of information to learn trends and gain insight on common vulnerabilities
Military could be using high-tech speech software by 2017(USA Today) The Pentagon could be able to listen in on voice communications in difficult environments and then quickly translate and transcribe them for use by intelligence analysts and combat troops by 2017, according to the Defense Advanced Research Projects Agency
Constructing Cyberterrorism as a Security Threat: a Study of International News Media Coverage(Perspectives on Terrorism) This article examines the way in which the English language international news media has constructed the threat of cyberterrorism. Analysing 535 news items published by 31 different media outlets across 7 countries between 2008 and 2013, we show that this coverage is uneven in terms of its geographical and temporal distribution and that its tone is predominantly apprehensive. This article argues that, regardless of the 'reality' of the cyberterrorism threat, this coverage is important because it helps to constitute cyberterrorism as a security risk. Paying attention to this constitutive role of the news media, we suggest, opens up a fresh set of research questions in this context and a different theoretical approach to the study of cyberterrorism
The Impact of the Dark Web on Internet Governance and Cyber Security(CIGI and Chatham House) With the Internet Corporation for Assigned Names and Numbers' contract with the United States Department of Commerce due to expire in 2015, the international debate on Internet governance has been re-ignited. However, much of the debate has been over aspects of privacy and security on the visible Web and there has not been much consideration of the governance of the "deep Web" and the "dark Web"
NSA's Rogers makes the case for cyber norms(FCW) Adm. Michael S. Rogers said Iran "has demonstrated a clear ability to learn from the capabilities and actions of others." Clearer international norms and concepts of deterrence can help prevent cyber conflicts from spiraling out of control, National Security Agency Director Adm. Michael Rogers told a crowd of cybersecurity professionals Feb. 23
Yahoo Executive Confronts NSA Director Over 'Backdoors'(Wall Street Journal) In one of the most public confrontations of a top U.S. intelligence official by Silicon Valley in recent years, a senior Yahoo Inc.YHOO -1.33% official peppered the National Security Agency director, Adm. Mike Rogers, at a conference on Monday over digital spying
Transcript: NSA Director Mike Rogers vs. Yahoo! on Encryption Back Doors(Just Security) NSA Director Adm. Mike Rogers squared off against top security experts from the tech industry today in a series of exchanges that illustrated the chasm between some leading technology companies and the intelligence community about the value of giving government built-in access to the encrypted data of tech firms' customers
Cyber threat challenges military structure(FCW) Lieutenant General Edward C. Cardon suggested rotating private-sector experts into Army Cyber Command for two-year stints. The diffuse nature of computer networks challenges the U.S. military's traditional, top-down way of operating, said Lt. Gen. Edward Cardon, head of Army Cyber Command. That discrepancy, he added, means the military must be flexible in its organizational approach to cyberspace
As Homeland Security Steps Up Cybercrime Fight, Tech Industry Wary(NPR) The Department of Homeland Security has become the unlikely hero of the new White House campaign to stop cybercrime — this despite a history of mismanagement and the looming cutoff of its funding. To succeed, the big bureaucracy will have to inspire trust and compete against similar efforts by the tech industry
White House official pooh-poohs cyber information sharing for the sake of sharing(FierceGovernmentIT) The Obama administration is full bore on cyber threat information sharing, issuing an executive order, pushing the Hill to act and even standing up a new agency. But White House Cybersecurity Coordinator Michael Daniel warned against sharing just for the sake of sharing, adding it's important that it actually achieve something
Continuous Diagnostics and Mitigation capability requirements need re-prioritization(Help Net Security) There is a lot to like in the $6 billion Continuous Diagnostics and Mitigation (CDM) program being administered by the DHS across more than 100 federal civilian agencies. The DHS has done an excellent job creating 15 different capabilities broken up into four implementation phases that agencies need to have to strengthen their cybersecurity postures
Should we strike back against hackers?(IT World Canada) This week, IT security firm Kaspersky revealed that over 100 banks had been hacked across some 30 countries. The hackers, who had been at it for at least two years, made up to $1bn in ill-gotten gains, the firm said, adding that hackers were now attacking banks directly rather than stealing money from their customers. Some banks are reportedly so ticked off with the sustained hacking campaigns against them that they want to take matters into their own hands and strike back directly against hackers. But is this a good idea?
JIE: How DOD is building a bigger network that's also a smaller target(Defense Systems) Faced with growing and more sophisticated cyber threats to U.S. military networks, Defense Department officials openly acknowledge that in its current state DOD's legacy information architecture is not in a strongly defensible position. When it comes to defending DOD networks, they point to capability gaps in dealing with increasingly menacing cyber threats that have left their systems at risk from attack
Wall Street Banks and Law Firms Pairing up to Take on Cybercrime(PYMNTS) That banks are under constant threat of cyberattack is well known — just last week PYMNTS reported on an international bank hack that robbed 100 banks worldwide of an estimated $900 million. Now Wall Street banks and the big law firms that serve them want to do something about it — together
Is the Internet hiding a crime wave?(Help Net Security) The U.S. crime rate continues to fall, according to the latest FBI's release based on Uniform Crime Reporting from police departments, but researchers say those numbers, which have been on a downward slide since the 1990s, don't tell the whole story
Rejection of NSA whistleblower's retaliation claim draws criticism(McClatchy) Thomas Drake became a symbol of the dangers whistleblowers face when they help journalists and Congress investigate wrongdoing at intelligence agencies. He claims he was subjected to a decade of retaliation by the National Security Agency that culminated in his being charged with espionage
Edward Snowden's big regret(Graham Cluley) Hot on the heels of "Citizen Four", the documentary of Edward Snowden, winning a well-deserved Oscar, director Laura Poitras, journalist Glenn Greenwald and Snowden himself participated in an "ask me anything" chat on Reddit
Secrecy around police surveillance equipment proves a case's undoing(Washington Post) The case against Tadrae McKenzie looked like an easy win for prosecutors. He and two buddies robbed a small-time pot dealer of $130 worth of weed using BB guns. Under Florida law, that was robbery with a deadly weapon, with a sentence of at least four years in prison
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2015 Cyber Security Summit(McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...
Cyber Security Conference 2015(Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...
NG Security Summit(San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.
Portland Secure World(Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Detroit Secure World(Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Workforce Development Forum — CyberWorks Information Session(Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
The Future of Cybersecurity Innovation(Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight...
2015 Cyber Risk Insights Conference — San Francisco(San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers...
Cybergamut Technical Tuesday: Tor and the Deep Dark Web(Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
Boston SecureWorld(Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Mercury Proposers' Day Conference(IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of...
OISC: Ohio Information Security Conference(Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...
RiSK Conference 2015(Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.
B-Sides Vancouver(Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit(Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...
2015 North Dakota Cyber Security Conference(Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...
Philadelphia SecureWorld(Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
BSides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11(Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...
CyberTech Israel 2015(Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...
2nd Annual ISSA COS Cyber Focus Day(Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...
CYBERWEST: the Southwest Cybersecurity Summit(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
Women in Cyber Security(Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.