Security companies watching the criminal ecosystem (and it is one — with both predators and prey) and see the marked resilience and persistence of crimeware. Zeus, to take one example, has received an upgraded control panel and impressive new evasion capabilities. The ZeroAccess click-fraud botnet returns after six months' absence, diminished but looking much as it did of old.
Prototypical CryptoLocker ransomware has been copied into a number of new versions as this particular form of cybercrime continues to grow in popularity. (Topface, the Russian dating site that recently lost some 20M email addresses to a hack, has "bought them back," paying what it insists isn't ransom, but rather a bug-finder's fee. This isn't really a ransomware case, but it surely looks a lot like extortion. How, by the way, do you "buy back" stolen data?)
The criminal underground may be enduring and dangerous, but it's a mistake to too readily credit cybercriminals with Moriarity-like genius. Forbes runs a derisive account of Hacker's List, excoriating it for "amateurism." And the Anonymous squabble with Lizard Squad is similarly unedifying. Many cybercriminals show no more genius than the average street punk — one of our stringers is reminded of the cage-full of goons the Baltimore PD can be seen rounding up daily around York and Woodbourne.
A very large malvertising campaign is found in a popular "adult" site.
Researchers demonstrate how "correlation attacks" can de-anonymize data, showing how much groundwork remains in preparing for effective information sharing.
France launches an anti-jihad information operations campaign.
Today's issue includes events affecting China, France, Germany, Iraq, Israel, Netherlands, Russia, South Africa, Spain, Switzerland, Syria, United Kingdom, United States, and Vietnam.
The Ransom Imitation Game(Cyactive) Encrypting Ransomware, though in existence since 1989, has made a return to prominence with Cryptolocker in 2013. Since then, Ransomware grew into an entire family of malware attacking various targets and creating all kinds of havoc. A number of copycats followed Cryptolocker, central among them was Cryptowall. Between March and August 24, 2014, nearly 625,000 systems were infected with CryptoWall with attackers making $25,000 per day. This malware, which was created by copying techniques from similarly purposed malware serves as an excellent example of the manner in which hackers manage to create large numbers of malware in a relatively short time
Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks(Forbes) There has been some breathless reporting around a "hire a hacker" site this month called Hacker's List. It has been billed by the likes of the New York Times, Slate and now Ars Technica as a genuine service for those who want to crack online accounts they don't have the skills to hack into. But even a cursory review of the site would tell anyone Hacker's List is an amateur effort. It's so bad it leaves one wondering whether it's some kind of practical joke or a bizarre social experiment
Hacker War: Anonymous vs. the Lizard Squad(Breitbart) The UK Mirror reports a hacking crossfire between Anonymous Protection — a branch of famed hacker collective Anonymous — and the Lizard Squad, which has lately been renting itself out as a band of cyber-attack mercenaries, while threatening to release nude photos of singer Taylor Swift in its spare time
Et tu, Hue?(ATXSEC) The term "Big Data" has been flinging around quite a lot lately. It is in the news all the time. We hear about how much it has pushed us into the future and into the internet of things. These things all will produce useful data that will need to be analyzed and stored. One technology that we hear more and more about is Hadoop
Blindly confirming XXE(Internet Storm Center) Almost exactly a year ago I posted a diary called "Is XXE the new SQLi?." In last year, the things have not changed a lot regarding XXE vulnerabilities. They still seem to be popping up here and there, depending on how XML documents are consumed by server side applications
Matric results 'missing'(Times Live) The Department of Basic Education is in turmoil after its database suffered an alleged "catastrophic" hack attack and important information was lost
Security of Home Surveillance Cameras(TrendLabs Threat Intelligence Blog) Home surveillance/security cameras have been available for quite some time, and can be used to keep track of one's home, children, pets, or business. These devices are, in some ways, the first exposure of people to the Internet of Things
Security Patches, Mitigations, and Software Updates
Emerging Cyber Risks of 2015(WillisWire) Cyber, as we know, is an emerging issue provoking much discussion. It is probably true to say that the discussion is not well informed, driven as it is by a product-centric view of the cyber world, where those products really only satisfy a small element of the real exposure associated with cyber. I encourage us to reflect on cyber through two lenses
Channel must plug security perception gap(MicroScope) At this time of year quite a few of the security vendors issue reports covering the state of the market and their predictions for the year ahead with the aim of making sure the issue remains in the spotlight
Could your business survive a cyber attack?(Kansas City Business Journal) When people think about cyber attack, they often think about large retailers, banks or health care companies, but some of the most recent attacks show the liability spreads down to vendors of those companies as well
Antivirus and Compromised Device Report: January 2015(OPSWAT Market Share Reports) OPSWAT periodically releases market share reports for several sectors of the security industry. This report includes market share for antivirus applications, as well as compromised device data. The data used in this report was collected on January 2, 2015, using OPSWAT GEARS, a free device security and management tool
Hope Frank named CMO at Nexusguard(IT Business Net) Nexusguard, a pioneering Internet security solutionsprovider, today announced the appointment of Hope Frank to the post of Global Chief Marketing Officer. Ms. Frank was named a global top 50 CMO by both Forbes and CEO World in 2014. She will bring the same marketing leadership to Nexusguard that she exhibited in her time at Codenomicon, the security firm she made famous for discovering and branding the Heartbleed bug and its resolution
IBM Looks to Button Up Cloud Security (Enterprise Tech) The perception that the cloud may be inherently insecure is prompting next-generation platform developers to attempt to bake security and privacy features into their offerings as more devices are connected and more personal information ends up stored in the cloud
Bitdefender Named Best Antivirus Software of 2014(JBG News) Everyone has their own opinion on what the best of anything is, especially when it comes to the world of antivirus software, where there are a few major competitors vying for consumers' attention. Bitdefender, of course, is one of the most popular
BKAV to launch its own high-end smartphone(VietNamNet Bridge) The public has been stirred up by the news that "a Vietnam-made smartphone, comparable to the iPhone" will be launched on the market in several months
Parse Security in iOS(Infosec Institute) Parse is a wonderful BaaS which helps with setting up backend infrastructure for your mobile application as fast as possible. Maybe just because of this simplicity many developers forget about a number of new security issues and vulnerabilities
How big data helps in cybersecurity(C4ISR & Networks) Big data systems will become increasingly important in cybersecurity, as network monitoring, fraud detection and security analytics grow in demand in 2015, according the BAE Systems Applied Intelligence segment
Tips on Understanding Cyber Risk Losses(Claims Journal) Cyber risk can be technically hard to understand, according Marty Frappolli, senior director of Knowledge Resources for The Institutes. The damage to consumer data, complicated analysis on specific technologies involved in data breaches, and keeping up with court case rulings across the country are three areas that can cause confusion
Habits Are Formed By Repetition, Not Reminders(Tripwire: the State of Security) There are five words today that, when coming from any adult relative with minimal technical chops, are the most terrifying you'll ever hear: I clicked on this link
Top 3 reasons why the cloud boosts business security(ITProPortal) One of the most interesting aspects of the "Cloud Computing in 2015" infographic produced by QuoteColo is this: 94 per cent of business managers state that security has improved after adopting cloud applications
Norwich Becomes Member of Global Academic Program(Northfield News) Norwich University officials announced an agreement with (ISC)² ®, the largest not-for-profit membership body of certified information and software security professionals with nearly 100,000 members worldwide, to become a new member of the (ISC)² Global Academic Program (GAP)
Quelle Horreur! France Unveils Anti-Jihadist Propaganda Campaign(Foreign Policy) In the aftermath of the attacks in Paris on the offices of Charlie Hebdo and a kosher grocery store, French officials have launched a crackdown on the country's jihadists, and that campaign seems to alternate between self-parody and deadly seriousness. On Wednesday, French police questioned an 8-year-old over his alleged support for the Charlie Hebdo gunmen
Companies need to be custodians of customer data, not owners(Help Net Security) When U.S. President Barack Obama recently called upon education service providers to safeguard student privacy by following a set of commitments regarding the collection, maintenance, and use of personal information, more than 80 companies signed the White House-backed pledge
ISIS fundraising in US via bitcoin — report(Russia Today) An Israeli cyber intelligence analyst claims that ISIS is using the dark web and bitcoin for recruitment and fundraising. Unregulated system "gaps" could indeed be exploited by terrorists seeking refuge in the anonymous network, experts say
Reddit Publishes its First Transparency Report(Threatpost) Reddit on Thursday published its first transparency report, joining the litany of technology and online service providers who have already shed light on their privacy practices, and the extent to which governments makes requests for user information
FBI issues wire transfer scam alert(IT Governance) The FBI's Internet Crime Complaint Center (IC3) has issued a Public Service Announcement warning of "a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments"
Prosecutors Trace $13.4M in Bitcoins From the Silk Road to Ulbricht’s Laptop(Wired) If anyone still believes that bitcoin is magically anonymous internet money, the US government just offered what may be the clearest demonstration yet that it's not. A former federal agent has shown in a courtroom that he traced hundreds of thousands of bitcoins from the Silk Road anonymous marketplace for drugs directly to the personal computer of Ross Ulbricht, the 30-year-old accused of running that contraband bazaar
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
NEDForum > London "What we can learn from the Darknet" (London, England, UK, January 30, 2015) The 2nd NED Forum event comes to London on Friday 30th January 2015, the day of the White Hat Ball. The event will focus on the Darknet and where it provides a rich source of learning that can be applied...
Cyber Threat Intelligence Summit(Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities
ICSS 2015: International Cyber Security Strategy Congress(Leuven, Belgium, February 4 - 5, 2015) ICSS2015 will present the latest developments and thoughts in the field of cybercrime and cybersecurity and will be a unique gathering of cybercrime experts from all over the world. The objective of the...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Nullcon 2015(Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats
Salt Lake City Tech-Security Conference(Salt Lake City, Utah, USA, February 5, 2015) The Salt Lake City Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security,...
ICISSP 2015(Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...
2015 Cyber Risk Insights Conference — London(London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...
AFCEA West 2015(San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
DEFCON | OWASP International Information Security Meet(Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...
10th Annual ICS Security Summit(Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...
Cybersecurity: You Don't Know What You Don't Know(Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.