As French police close in on terror suspects, several French municipal Websites are defaced with the black flag of ISIS and a message praising the Charlie Hebdo massacre.
In the US, the FBI investigates media Website defacements by the self-described "CyberCaliphate."
Ukraine says the Russian government, not mere hacktivism, is to blame for attacks on German government Websites.
Attribution of the Sony hack remains as controversial as ever, at least in the judgment of the media covering the story, prompting some to conclude the attack may have been overdetermined. Researchers take a look at North Korea's Naenara browser (based on an obsolete version of Firefox and slaved to the DPRK's RedStar operating system). They find "more than a little weirdness." What's not weird, or at least not unexpected, is that Naenara seems built for censorship and decloaking.
Researchers find a Linux DDoS Trojan apparently designed to assemble a large denial-of-service botnet. Other researchers discover root command execution vulnerabilities in Asus routers.
Lookout reports that SocialPath, nominally a privacy tool, is actually a malicious data theft app.
Ars Technica publishes a look at Cryptowall 2.0's advanced evasion and obfuscation features.
Cyber criminals hunt Netflix credentials.
US officials, notably DNI Clapper and NSA Director Rogers, see the Sony hack as an inflection point. Clapper tells business to wake up to China's cyber threat; Rogers foresees a greater role for Government in defending private networks. In the UK, MI5's chief warns of terrorism and calls for more extensive Internet surveillance capabilities and authorization.
Today's issue includes events affecting China, European Union, France, Germany, Iran, Ireland, Japan, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Switzerland, Syria, Taiwan, Ukraine, United Kingdom, United States.
Inside North Korea's Naenara Browser(Threatpost) Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness
Persistent hijacked GoDaddy domains serve malware via Turkish IPs(Dynamoo's Blog) Last year I wrote about a small bunch of IPs belonging to Radore Veri Merkezi Hizmetleri A.S in Turkey that seemed to be aggressively pushing an exploit kit via hijacked GoDaddy domains. Today I was slightly surprised to see that this is still going on, and in some cases using the same domains as they were all those months ago
Linux DDoS Trojan Has Obfuscating RootKit(DarkMatters) Analysts have identified a Linux DDoS Trojan with a built-in rootkit that is suspected to be building an arsenal of zombie systems that could be leveraged for distributed denial of service attacks
Cracked Andromeda 2.06 Spreads Bitcoin Miner(Fortinet Security Research) Andromeda is a botnet that has had a long history. The latest version is now 2.09, which most active bots would have already received. Recently, however, our FortiGuard Labs Threat Intelligence system was able to capture the activities of a previous variant of Andromeda that is apparently still alive. During our analysis, we found that it is a cracked version of an old variant, and the author used it for spreading a Bitcoin miner
Netflix Credentials Targeted by Phishing Campaign(Softpedia) A new malicious email campaign has been observed by security researchers to target customers of Netflix by feeding them a message purporting to be an important notification from the media streaming service
Jan 8 New Year, Old Problems: Large-Scale Dating Site Spam Run Hits Users(TrendLabs Security Intelligence Blog) 2015 has just begun, but we're already seeing old problems crop up again — this time abusing a lot of legitimate web sites. Since the start of the year, we've been seeing a significant increase in the number of spammed messages with links that lead to various Russian dating sites
Malvertising Campaign Affects 1.8 Billion(Infosecurity Magazine) The Huffington Post, Yahoo News, AOL, TMZ and many others are being hit with malvertising, in all reaching a total of 1.5 billion web visitors
ICS CP/PE (Cyber-to-Physical or Process Effects) case study paper — German Steel Mill Cyber Attack(SANS ICS) In December, 2014 the German government's Bundesamt für Sicherheit in der Informationstechnik (BSI) (translated as Federal Office for Information Security) released their annual findings report. In one case they noted that a malicious actor had infiltrated a steel facility. The adversary used a spear phishing email to gain access to the corporate network and then moved into the plant network. According to thereport, the adversary showed knowledge in ICS and was able to cause multiple components of the system to fail. This specifically impacted critical process components to become unregulated, which resulted in massive physical damage
16-31 December Cyber Attacks Timeline(Hackmageddon) Despite still related to December 2014, here is the first timeline for 2015 covering the main events occurred between the 16th and 31st December 2014 (first part here)
Security Patches, Mitigations, and Software Updates
Evolving Microsoft's Advance Notification Service in 2015(Microsoft Security Response Center) Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context
Patch Tuesday January 2015 Preview(Qualys Blog) It is January 2015 and the week before the year's first Patch Tuesday. Microsoft should have posted their first Advance Notification (ANS) kicking off the patch cycle. But a new year brings many changes and the Advanced Notification is affected by one of them. Microsoft will stop providing the ANS information to the general public and parties interested will have to ask for the it through their account manager. Hmmh, I personally have always thought that our customers were interested in the information contained in ANS, but we will see how that works out
2015: Get Ready for More Attacks on Trust(Venafi) Over the past few years, the threatscape has changed more than some realize. Cyberattackers want trusted status and they are misusing the very technologies that create trust for their nefarious purposes
Cyber attackers and defenders prepare for 2015(Federal Times) 2014 was known as the year of the cyber breach. Forty-three percent of companies experienced a breach last year, including highly visible and damaging hacks to Sony, Home Depot, Target, and JP Morgan Chase. Unfortunately, the cyber breaches of 2014 were not an aberration, but a likely trend. Both the public and private sectors received wakeup calls from these breaches and are beginning to respond accordingly by working together
The coming shift in security(Help Net Security) Vendors continue to trumpet new platforms as the best way to improve enterprise-level security. Flashy spinning visualizations, added scalability and the meaningless "next-gen SIEM" or "SIEM 2.0" monikers adorn vendor websites. Big data platforms and upgraded databases provide searchable storage to help security analysts find the root cause for security incidents, provided they know what these incidents are and where to find them
Analysis of global defense-in-depth architectures(Help Net Security) Attackers are bypassing conventional security deployments almost at will, breaching systems in a wide swath of industries and geographies. That's the stark conclusion of new data gathered by more than 1,600 FireEye network and email sensors deployed in real-world networks
State of the Internet: Attack traffic, DDoS, IPv4 and IPv6(Help Net Security) Akamai today released its latest State of the Internet report, which provides insight into key global statistics such as connection speeds and broadband adoption across fixed and mobile networks, overall attack traffic, global 4K readiness, and IPv4 exhaustion and IPv6 implementation
An Optimistic Lens on Cybersecurity(Wall Street Journal) Welcome to my first guest column of 2015, in which I will try to inspire some optimism. Fortunately, there are many signs that the world is getting better from an informational standpoint. Not only is there Big Data, but also much more interest in and availability of external data, more focus on information that provides context, and more desire for predictive analysis. Being broader in our information focus, trying to turn data into insight, and anticipating events rather than simply responding to them — all these orientations are making both companies and the world at large better places to work and live
Netskope Report Reveals High Frequency of Compromised Credentials in Enterprise Cloud Apps(PRNewswire) Netskope, the leader in safe cloud enablement, today released the January 2015 Netskope Cloud Report™ that monitors enterprise cloud app usage and trends. The report shows a continued increase in cloud app usage across enterprises, as well as the high volume at which files are being shared outside of a given organization. Most notably, the report finds that as many as 15 percent of business users have had their credentials compromised. Since up to half of users re-use passwords for multiple accounts, the likelihood of users logging into business-critical apps with these credentials is high, putting business-sensitive data at risk
US Navy Expands CANES Vendor Pool(Defense News) Two more companies have been added to the five already approved to take part in the US Navy's Consolidated Afloat Networks and Enterprise Services (CANES) program, a $2.5 billion, multi-year effort to upgrade ship-and-shore-based computer networks
US Cyber Command Draft RFP Seeks Wide Range of Services(Defense News) The Pentagon has issued a draft solicitation for an omnibus contract for a wide range of services to US Cyber Command, including support for offensive and defensive operations, and management of military networks
U.S. to lead next decade's C4ISR spending, report says(C4ISR & Networks) The emergence of asymmetric warfare and increased counterterrorism efforts will continue to fuel increased U.S. spending on interoperability and integrated solutions for the next decade, according to a recent forecast report by Strategic Defence Intelligence
Gemalto finalizes the acquisition of SafeNet(Gemalto) Gemalto (Euronext NL0000400653 - GTO), the world leader in digital security, today announces the final closing of the acquisition of SafeNet, the worldwide leader in data and software protection, after approval by the relevant regulatory and antitrust authorities
Former Mandiant VP of Finance Joins AnyPresence as CFO to Manage Rapid Growth(Virtual Strategy Magazine) AnyPresence, a leading cloud-based mobile platform provider, today announced Danielle Metzler has joined the company as Chief Financial Officer reporting to Anirban Chakrabarti, Co-Founder and CEO. Mrs. Metzler assumes strategic and tactical financial responsibilities for AnyPresence's growing enterprise mobility software business
White House CIO Returns to Small Business, e-Management(Businesswire) e-Management announces former White House Chief Information Officer (CIO) Karen Britton has joined the company's leadership team as senior vice president (SVP) & chief operating officer (COO). Ms. Britton is a seasoned executive with over 25 years of experience as a strategic consultant, delivering a diverse range of IT solutions to public and private sector clients. Ms. Britton's arrival follows the company's recent spin-off of its newly created commercial unit, CyberRx, LLC, launched in the 4th Quarter of 2014 to provide cybersecurity readiness and preparedness solutions for small and medium-sized businesses looking to strengthen their cybersecurity posture
Redspin Launches IT Security Consulting Practice(Virtual Strategy Magazine) New service addresses the need for expert guidance on information security program development, secure cloud migration strategies, HIPAA/PCI compliance, mobile security assessments and more
BrightLine Receives Accreditation From A2LA as a FedRAMP Third Party Assessment Organization (3PAO)(Marketwired) BrightLine CPAs & Associates, Inc. is pleased to announce that it has received accreditation to maintain its' Third Party Assessment Organizations (3PAOs) status from the American Association for Laboratory Accreditation (A2LA). A2LA is the independent accreditation body that now performs competency and independence assessments of to 3PAO's as part of the Federal Risk and Authorization Management Program (FedRAMP)
Deobfuscating Malicious Macros Using Python(Trustwave: SpiderLabs) Over the past few weeks, we've observed cybercriminals spamming users, particularly in the UK, using document files embedded with malicious macros masquerading as invoices. The attachment is either a Word or an Excel document file
10 Steps to Maximize your Home Wireless Network Security(Heimdall Security) We emphasized so many times we are living in an interconnected world and it is a fact we take for granted. This increasing level of connectivity between us and our devices implies not only a greater degree of physical mobility for us, but also the possibility to access the Internet in most places in the world
Design and Innovation
Internet of Things demands security by design(CIO via CSO) FTC Chairwoman Edith Ramirez takes the stage at CES to caution vendors in the hot IoT space to bake in security and privacy controls, and to give users options to limit data collection
Innovation must not come at the price of security(Help Net Security) One of the main themes to come out of CES has been the advancement of the Connected Human. Whilst we can't commute to work on a Hoverboard just yet, "Sent From My Fridge" emails are now a reality and we can expect to program our coffee machines to have an espresso waiting for us when we arrive home
DNA For Cryptography Chips(Semiengineering) DNA markers are making counterfeit chips a lot easier to identify, and DNA chips are on the drawing board
Google Calendar's Enforced Birthdays Show The Ugly Side Of Algorithms(TechCrunch) You may recall that Google's mission is to "organize the world's information". So if you've been seeing the Birthdays of people you hardly know appearing UFO-like in your Google Calendar lately, never fear — this is just Mountain View doing its thang organizing your stuff
US Ignores China, N. Korea Cyber Threats, Top Spy Says(Tom's Guide) American businesses need to take significant steps to prevent theft of trade secrets by Chinese spies, North Korea is "deadly serious" about harming the United States through online attacks, and federal budget cuts and the Snowden leaks have left the country less safe, Director of National Intelligence Gen. James R. Clapper said yesterday (Jan. 7)
Cyber Risk: New UK Guidance Makes Ostrich Defence for Directors Even More Untenable(Willis Wire) When I blogged recently about cyber threats and the insurance response particularly from the standpoint of D&O insurance, I said: "The steps directors take to inform themselves of the risks posed to their companies and to mitigate these risks form the main planks of both their individual and their collective defences when (rather than if) something bad happens. If they do nothing, they will have little or no defence or excuse"
CISPA Cybersecurity Bill Returns(National Journal) Rep. Dutch Ruppersberger is renewing his push for cyber information-sharing legislation. Rep. Adam Schiff, an NSA critic, has replaced Ruppersberger as the top Democrat on the House Intelligence Committee. Sen. Ron Wyden reintroduced his bill to end "backdoor" NSA searches. The FCC plans to vote on accuracy rules for cellular 911 calls, and Republicans are getting desperate to find a compromise on net neutrality
FBI: Sony Hacker IP Addresses Used 'Exclusively' By North Korea(Infosecurity Magazine) FBI director James Comey has confirmed the agency's conviction that a destructive cyber attack on Sony Pictures was carried out by North Korea, claiming that mistakes by the hackers led the trail back to IP addresses used "exclusively" by the hermit nation
Why You Still Shouldn't Totally Trust FBI Claims On North Korean Hacking Of Sony(Forbes) FBI director James Comey today tried to shed some light on his agency's claims that North Korea was behind the Guardians of Peace cyber attacks that tore apart Sony Pictures in November and forced the cancellation of The Interview, a comedy in which the two central characters are asked to assassinate the country's leader Kim Jong-Un. But, according to security experts, it's unlikely that his fresh assertions that the hackers were sloppy and leaked data that led back to North Korea will stand up to scrutiny
FBI's Sony Attribution: Doubts Continue(InfoRiskToday) FBI Director James Comey's Jan. 7 remarks defending the bureau's attribution of the hack attack against Sony Pictures Entertainment to "North Korea actors" haven't silenced many information security experts, who say they remain unconvinced there's enough evidence to attribute the attack to anyone
Why the Silk Road Trial Matters(Wired) Ross Ulbricht is finally getting his day in court, 15 months after plainclothes FBI agents grabbed him in the science fiction section of a San Francisco library and accused him of running the billion-dollar online drug bazaar known as the Silk Road. It's a day that anyone who cares about crime, punishment and privacy in the shadows of the internet will be watching
Stingray debate doesn't get its day in court(Tehcnical.ly Baltimore) There won't be any hearings in open court about Baltimore's use of the Stingray device to secretly track cell phone data, thanks to a pair of plea deals struck Wednesday
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CYBERWEST: the Southwest Cybersecurity Summit(Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...
REcon 2015(Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations...
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.