Arbor Networks reports that denial-of-service attacks have risen in France, post-Charlie Hebdo. Pro-ISIS hackers haven't confined themselves to French targets, however, but continue their curious affinity for cybervandalism of US local governments.
China denounces GreatFire's allegations of responsibility for recent disruption of Microsoft Outlook as "slander." But fresh restriction of VPNs is China's avowed policy: "upgraded cyberspace sovereignty."
CryptoLocker's new variant finds its way into the United Arab Emirates.
Flash zero-days are actively exploited in the wild. Adobe issues one emergency patch, but holes remain, and a second patch is planned next week. Meanwhile, beware Flash exploitation.
Google's ProjectZero continues to crowd vendors — last week Microsoft, now Apple, as three OSX zero-days are disclosed. Faster patching seems in order: ninety days, Ars Technica observes, is an eternity in cyberspace.
Repurposed attack code and unpatched zero-days remain important reasons why attackers remain inside defenders' decision cycles, but the expense of maintaining human watchstanders (three FTEs per big enterprise, says a FireEye-commissioned study) on networks is another.
Such stories make symposiasts' flesh creep at Davos. IDF unit 8200 alumnus Nadav Zafrir warns them that "breakers are ahead of makers," and governments aren't exactly poised to ride to companies' rescue. He also urges executives to learn (from ISIS) the value of OSINT and loosely coupled networks. (US NGA Director Cardillo makes similar points at INSA, in a more positive way.)
IoT security remains a concern, both long-term and near-term (see stories of gas pump vulnerabilities).
Several court cases of cyber interest play out.
Today's issue includes events affecting China, European Union, France, Israel, Russia, United Arab Emirates, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
French DDoS attacks spike after terror protest(SC Magazine) Arbor Networks says that the number and size of DDoS attacks against French websites spiked considerably after 3.7 million people took to the streets to protest against terrorism
China denies involvement in Outlook.com attack(CSO) The Chinese government has denied any involvement in a recent cyber attack against Microsoft's Outlook.com, and it even went as far to accuse a watchdog group of slander for suggesting that the country could be behind it
New RATs Emerge from Leaked Njw0rm Source Code (TrendLabs Security Intelligence Blog) In the middle of my research on the remote access Trojan (RAT) known as "njrat" or "Njw0rm", I stumbled upon dev-point.com, a site that disguises itself as a site for "IT enthusiasts" but actually hosts various downloaders, different types of spyware, and RATs. I explored the site and found that they host malware under the "Protection Devices" section in their website. Under this section was a forum written in Arabic, which may suggest that an Arabic-speaking country is behind it
Click-fraud malware brings thousands of dollars to YouTube scammers(Help Net Security) A malware delivery campaign aimed at making victims' computers surreptitiously view YouTube videos and, consequently, artificially inflate their popularity so that scammers might earn money from the ads embedded in them, has been targeting users around the world for months now
The Snake and the RAT are Cooperating Against You(Cyactive) Every week our posts highlight cases of newly exposed malware and explain how they are in fact recycled, reusing components of earlier malware. A recent eye-opening and very thorough post by G-Data reveals just how basic the practice of reuse is to malware development
HealthCare.gov sends out users' personal info to ad companies(Help Net Security) HealthCare.gov, the health insurance exchange website operated by the US government, is sending out personal health information about its users to at least 14 (and likely more) third-party websites belonging to private advertising companies
The Internet of Gas Station Tank Gauges(Rapid7 Security Street) Automated tank gauges (ATGs) are used to monitor fuel tank inventory levels, track deliveries, raise alarms that indicate problems with the tank or gauge (such as a fuel spill), and to perform leak tests in accordance with environmental regulatory compliance. ATGs are used by nearly every fueling station in the United States and tens of thousands of systems internationally
Security Patches, Mitigations, and Software Updates
Adobe Patches One Zero Day in Flash, Will Patch a Second Flaw Next Week(Threatpost) Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit
An Israeli Cyber Warrior Puts a Scare Into CEOs at Davos(BusinessWeek) How scared are chief executives about cyber attacks after the incursion into Sony's network? Scared enough that dozens of top brass, including Citigroup CEO Michael Corbat, showed up for a Davos breakfast with an Israeli cybersecurity expert who talked about defending against attackers armed with what he called the digital equivalent of an F-16 fighter jet
Why insider threat is thriving(Help Net Security) In the past few years, rapid growth in the volume of sensitive information combined with new technologies has chipped away at the effectiveness of traditional endpoint protections and network perimeter security. In tandem come warranted concerns about the number and types of employees who have access to sensitive data
The Internet of Robotic Things: Secure, harmless helpers or vulnerable, vicious foes?(CSO) Experts say robots will be commonplace in 10 years. "Many respondents see advances in [artificial intelligence] and robotics pervading nearly every aspect of daily life by the year 2025 — from distant manufacturing processes to the most mundane household activities," says Aaron Smith, senior researcher, The Pew Research Center's Internet Project, speaking of the several experts quoted in his "Predictions for the State of AI and Robotics in 2025"
Financial Firms Must Adapt To Cyber Threat, Says BoE's Gracie(London South East) Financial institutions need to adapt to the challenge posed by the risk of cyber attack, according to a Bank of England executive director, with a need for board level engagement and regular testing of the people, processes and technology put in place to deal with the threat
FireEye Inc (FEYE): Beyond the Sony Hack, What's In It For Investors?(Small Cap Network) Mid cap cyber security stock FireEye Inc (NASDAQ: FEYE) has underperformed other security stocks like small cap Barracuda Networks Inc (CUDA), mid cap Fortinet Inc (FTNT) and large cap Palo Alto Networks Inc (PANW) with the latter ending the year higher and the former having a big surge in the early part of the year before ending the year lower
Huawei Founder Ren Zhengfei Dismisses Chinese Military Connections(International Business Times) In the telling of Ren Zhengfei, Huawei, the telecommunications company he founded more than three decades ago, traces its origins not to some savvy plan to conquer the world but to the simple imperative to earn sustenance in a Chinese economy still struggling to recover from the Cultural Revolution
DoD Seeks 10-year Extension of Small Business Mentoring Program(DoD News, Defense Media Activity) The Defense Department intends to request a 10-year extension of a program that improves the ability of socioeconomically disadvantaged small businesses to compete for defense contracts, the program's manager said yesterday
ICS-ISAC and ThreatStream Announce Strategic Partnership(PRNewswire) ThreatStream, a vendor who provides a threat intelligence platform that prioritizes threats and facilitates trusted threat sharing, announced today it has executed a partnership agreement with the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC) that would enable its members to use the ThreatStream platform
Former CIO of the FBI: Be prepared for insider security threats(VentureBeat) Most chief information security officers focus solely on battling malicious activity from the outside-in, completely ignoring the threat within their own walls. Insider hacking accounts for 35 percent of all cyber attacks and cost US companies $40 billion in 2013 alone, according to SpectorSoft. The Morgan Stanley, NSA, and Sony security incidents are examples of preventable breaches potentially orchestrated with the help of employees and/or contractors. The large majority of these attacks result simply from poor housekeeping with outdated tools
Privileged Account Management: Lessons from the Sony Hack(Infosec Institute) CNN recently reveled the methodology of the cyber attack that allowed anonymous cybercriminals Guardians of Peace direct access to their network, or the "keys to the entire building," as one Sony Pictures Entertainment official stated. According to investigators, the attack was carried out through a set of stolen system administrator credentials; a privileged account username and password providing a golden gateway of unfettered access to employee records, unreleased films, intellectual property, email conversations and other sensitive data. The breach has now escalated to a matter of national security, with FBI claiming North Korea as the nation state responsible for this attack based on a recent press release from the agency
Asset Identification Cybersecurity(Automation World) By identifying addressing information in protocols, as well as understanding the commands being sent and received on the network, asset and network identification cybersecurity adds new depth to industrial control system security
How Vulnerabilities Happen: Input Validation Problems(Internet Storm Center) We would like to thank Richard Ackroyd of RandomStorm for reporting a critical input validation error in our site to us. As we have done before, here is how it happened so hopefully you can learn from it as well
Norse Launches Cyber Attack Intelligence LifeJourney(Dark Matters) Norse Corporation announced a new, groundbreaking partnership with Science, Technology, Engineering & Math (STEM) education leader LifeJourney to launch a new "Cyber Attack Intelligence LifeJourney™"
5 tips for dealing with cyberbullying in education(Help Net Security) According to the latest figures by nobullying.com, 68 per cent of teens agree that cyber bullying has now become a serious problem in schools. This is exacerbated by the fact more than half of young people admit they never confide in their parents when cyber bulling happens to them
Why Russia Hacks(Dark Reading) Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions
Can the next EU regulation guarantee data protection for all?(Help Net Security) The European Parliament has agreed its text, the Commission is satisfied with the latest draft, so now we're are only waiting for the Council of member states to work out what they do and do not want in the new Data Protection Regulation
Grading the President's SOTU Cybersecurity Agenda(Network World) In the wake of the furor over the Sony Pictures attack, President Obama came out swinging in his State of the Union speech earlier this week. Not to be outdone, Senator Joni Ernst (R-Iowa) included a cybersecurity-centric sentence or two in the Republican's response
Senate to hold first cyber info-sharing hearing(The Hill) The cybersecurity information-sharing debate will kick off in earnest next Wednesday, as the Senate Homeland Security and Governmental Affairs Committee will hold Congress's first 2015 hearing on the issue
How Obama's new cyber laws will impact UK firms(IT Pro Portal) President Barack Obama made clear in his State of the Union address earlier this week that he intends to push through new legislation aimed at tightening corporate cyber security standards across the U.S
The Current DMCA Exemption Process is a Computer Security Vulnerability(Center for Democracy and Technology) In this day and age, it's undeniable that we need the best computer security research to keep our data and ourselves safe. However, security researchers today don't have the freedom they need to test systems for bugs and then fix them. It turns out a somewhat obscure regulatory process — the Digital Millennium Copyright Act's triennial circumvention review — could be a significant barrier to better security research
Director Cardillo: Democratization of Data Offers NGA Opportunity for Transparency, Public Service(Intelligence and National Security Alliance) Encouraging the geospatial intelligence community to look at its mission through "a new lens — a lens of consequence," National Geospatial-Intelligence Agency Director Robert Cardillo said Wednesday night the agency can become a leading example of transparency, private sector collaboration and public service by the U.S. Intelligence Community (IC)
Can You Have a Transparent Spy Agency?(Defense One) To the average American, the term intelligence agency refers to a group of secret military types, locked in a windowless room in Virginia, furtively collecting data on bad guys, good guys, citizens, everybody
Silk Road 2.0 deputy arrested after 6-month attack on Tor(Naked Security) With the trial of alleged Silk Road mastermind Ross Ulbricht under way for a second week, Department of Homeland Security (DHS) agents have also now arrested the alleged deputy of the illegal drug bazaar's reboot, Silk Road 2.0
Ulbricht Confessed to Running Silk Road, His College Friend Testifies(Wired) As the the trial of alleged Silk Road mastermind Ross Ulbricht unfolds, its transcript has read like a manual of things not to do when running a secret, billion-dollar online drug conspiracy. But on Thursday, the jury heard about the most human of all the human errors Ulbricht may have made: confessing his creation to an in-real-life friend
Madonna hacking suspect arrested by Israeli police(We Live Security) Israeli police, working in co-operation with the FBI, have arrested a 38-year-old man who allegedly hacked into computer systems and stole unfinished versions of songs from Madonna's upcoming "Rebel Heart" album, leaking the Material Girl's material online
Cyberdome to be Ready by March(New Indian Express) The hi-tech cyber security centre of the state police, Cyberdome, which received Government nod last August, would become a reality at Technopark by March 1
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
ICSS 2015: International Cyber Security Strategy Congress(Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the...
NullCon Conference 2015(Goa, India, February 6 - 7, 2015) Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto — "The...
Salt Lake City Tech-Security Conference(Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Cybergamut Technical Tuesday: Tor and the Deep Dark Web(Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
CSEAN Cyber Secure Nigeria 2015 Conference(Garki Abuja, Nigeria, January 29, 2015) The vast scope of cyber threats makes a compelling case for a multi-stakeholder collaboration in curbing domestic and International threat. "Cyber Secure Nigeria 2015" conference encapsulates various hot...
Data Connectors Los Angeles 2015(Los Angeles, California, USA, January 29, 2015) The Los Angeles Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
Transnational Organized Crime as a National Security Threat(Washington, DC, USA, January 29, 2015) United Kingdom's National Crime Agency Director General Keith Bristow will discuss transnational organized crime as a national security threat, focusing on economic and cyber crimes, and digging into the...
ISSA CISO Forum(Atlanta, Georgia, USA, January 29 - 30, 2015) Corporate Information Security and Legal programs must be closely aligned to be successful in today's world. Customer and vendor contracts require strong security language. Response to data breaches are...
NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.