Italian lawful-intercept shop the Hacking Team was breached yesterday. Some of the apparently leaked documents suggest the firm's willingness to take on repressive or authoritarian regimes as customers. At least thirty-six countries are named in accounts of the company's customer list; they represent a mixed political bag. The Hacking Team claims much of the data were falsified, and says it's working with Italian police to track down the attackers, but many observers are skeptical.
Various sites in India come under attack, some by Pakistani hacktivists, others by "AnonOpsIndia."
Wikileaks pushes out more documents alleged US surveillance of German and Brazilian targets. Germany's Foreign Ministry wants "clarification" from the US.
The Japan Pension Service is undergoing its own version of the OPM data breach (observers fix upon failure to encrypt databases). Meanwhile, late Independence Day evening, OPM itself releases an update on its own breach. The update mostly reiterates the agency's concern for individuals affected by the data theft.
In ransomware news, Plex is hit by a hacker's demand for Bitcoin payments, and Heimdal reports seeing CrytoWall delivered through Google Drive.
Twitter patches security issues in Periscope.
Many sectors are warned to expect increased attention from cyber criminals: airlines, mining, and healthcare receive particular mention.
In industry news, AVG acquires Privax. Analysts look at the coming Symantec and HP breakups, and see Cisco pushing further into the security market.
NIST's instructions on protecting Controlled Unclassified Information in nonfederal information systems appear.
The FBI puts out rewards for information on cyber criminals.
Today's issue includes events affecting Australia, Azerbaijan, Bahrain, Brazil, Canada, Chile, China, Colombia, Cyprus, Czech Republic, Ecuador, Egypt, Ethiopia, Germany, Honduras, Hungary, India, Italy, Kazakhstan, Republic of Korea, Luxembourg, Malaysia, Mexico, Mongolia, Morocco, Nigeria, Oman, Pakistan, Panama, Poland, Russia, Saudi Arabia, Singapore, Spain, Sudan, Switzerland, Thailand, United Arab Emirates, United Kingdom, United States, Uzbekistan, and Vietnam.
Hacking Team Breach Shows A Global Spying Firm Run Amok(Wired) Few news events can unleash more schadenfreude within the security community than watching a notorious firm of hackers-for-hire become a hack target themselves. In the case of the freshly disemboweled Italian surveillance firm Hacking Team, the company may also serve as a dark example of a global surveillance industry that often sells to any government willing to pay, with little regard for that regime's human rights record
Win32/Lethic Botnet Analysis(Infosec Institute) Lethic is a spam botnet consisting of an estimated 210 000 - 310 000 individual machines which are mainly involved in pharmaceutical and replica spam. At the peak of its existence, the botnet was responsible for 8-10% of all the spam sent worldwide
The top three banking malware families(Help Net Security) The primary motivator behind banking malware attacks is to capture credentials, financial data, and personal information from employees, and partner company employees, across industries. Then apply this stolen information in fraudulent wire transfers or fake automated clearing house (ACH) transactions to steal funds
Why Web browser security is a goldmine for attackers(Tech Target) Web browsers from all vendors are under constant attack and a large part of that has to do with the use of third-party software. Browsers using Java and Silverlight specifically are often targeted, but Robert "RSnake" Hansen, vice president of WhiteHat Labs at WhiteHat Security, says it's not always the fault of the browser, but the third-party software
A closer look into the piracy ecosystem(Help Net Security) Illegal reproduction and distribution of copyrighted material on the Web is booming as a result of security breaches in both mobile and desktop software applications
Architelos Latest State of Abuse Report Shows .Science Leads New G's When It Comes to Spam(paperblog) Architelos puts out a State of Abuse report that looks at which domain extensions are being used the most for things like spam and phishing. Their latest report shows data from May, Ten New gTLDs comprised 77% of the 143 new phishing reports in May 2015. This equates to 24 phishing reports per million new gTLD domains under management. The .xyz TLD had the highest number of phishing reports with 42 followed by .science with 22 and .club with 9
Do Privacy Concerns Really Change With The Internet Of Things?(Forbes) "I see purposeful obfuscation and lack of transparency on the part of companies. Understanding is easier when a company is interested in telling me what they are doing with my data first, then interested in making a profit second." This is one of the reactions in the report by the Altimeter Group, Consumer Perceptions of Privacy in the Internet of Things written by Jessica Groopman with Susan Etlinger. The sentiment rings a sharp note out through our cloud of concerns about privacy
Ignoring Mobile Security Doesn't Make It Go Away(Security Week) Recently I attended Gartner's Security and Risk Management Summit outside Washington, D.C. Early in the week, I had a discussion with a security professional who asked me, skeptically, if mobile threats were actually something he had to worry about
Cyber Security Monitoring and Logging needs to be taken more seriously warns CREST(IT Security Guru) New research published by CREST, the not-for-profit accreditation body that represents the technical information security industry, warns that organisations need to focus more effort and resources on monitoring and logging to help detect potential cyber security attacks, respond to incidents and meet compliance requirements
The Internet of Things Will Give Rise To The Algorithm Economy(Gartner Blog Network) It's hard to avoid. Almost every CEO's conversation about how IT is driving innovation inevitably comes back to the potential of big data. But data is inherently dumb. It doesn't actually do anything unless you know how to use it. And big data is even harder to monetize due to the sheer complexity of it
Security experts warn airlines face threat of cyber attacks(Sydney Morning Herald) Airlines are increasingly at risk of cyber attacks that could pose significant safety issues and force carriers to ground their fleets to protect passenger welfare, causing major financial damage , security experts say
'A Playground for Hackers'(Inside Higher Education) The recently detected cyberattacks at Pennsylvania State University may spell bad news for other colleges and universities, according to IT security experts. Hackers such as those that targeted Penn State don't set their sights on individual institutions, but on entire industries
Securing the 'Net — at what price?(CSO) There is unanimous agreement that 100% security is not possible. But at least one expert says it could come close to that, for $4 billion. Others say it could cost less, but would require a lot more than money
AVG Technologies Acquires Privax, a Global Leader in HMA VPN Solutions(Free Press Release Center) HideMyAss is a VPN (Virtual Private Network) service that was created in 2005 by Privax Limited; a company that is based in the U.K, with its main office situated in London. AVG Technologies, the online security company for more than 200 million monthly active users, announced the acquisition of Privax, a leading global provider of desktop and mobile privacy services for consumers. With the acquisition, AVG will add Privax's HMA! Pro VPN to its existing portfolio of security software and services that will be immediately made available to AVG's global customer base
Symantec to split into two publicly traded companies(IT Wire) Symantec will this year launch two separate organisations each focusing on what they do best. Symantec/Norton products will be security focused and Veritas as an information management company. Revenue for Symantec in 2015 is estimated to be about US$4.2 billion and Veritas about $2.5 billion
Moor To The Story: Quicktake on Cisco's Acquisition of OpenDNS(Forbes) This week, Cisco Systems CSCO -0.07% announced its acquisition of OpenDNS for $635M. OpenDNS is a Software as a Service (SaaS) provider for deploying security solutions that enables companies to quickly deploy applications and end-point security solutions to protect themselves and their devices from malware and viruses. This acquisition will help Cisco Systems significantly grow its security profile, especially around the cloud and Internet of Things (IoT)
Strong protection for corporate networks with Windows 7(AV Test) Windows 7 is the most widely used operating system in companies. It is run on at least one out of two PCs. The newer Windows 8.1 was unable to have any effect on these numbers. AV-TEST examined 11 solutions for companies under Windows 7 in terms of their protection function, and can recommend most of them
Logfiller Inc. Announces Rollout of Its New "User Experience" Technology, Layer8(PRNewswire) A young Falls Church company, Logfiller Inc., is rolling out its new software, Layer8, a user experience measurement tool that reveals actionable new data. This innovation has "immediate and significant implications for efficiency, cyber security and compliance across the Windows environment," explained company president, Michael Colopy, "providing far more insight than standard technology"
ProxyHam: A 2.5-Mile Leap for Web Anonymity(Tripwire: the State of Security) At DEF CON 23 this summer, an information security consultant plans to unveil ProxyHam, a hardware device that bears much promise for the future of web anonymity
The OPM breach screams for action(Security Info Watch) InZero Systems, a tech company out of Herndon, Virginia has come up with a unique solution it calls WorkPlay Technology. It helps solve this dilemma by creating multiple, hardware-separated operating systems whereby each OS has its own resources — kernel, flash memory, RAMS and drivers. Only one OS is active at a time
Technologies, Techniques, and Standards
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations(NIST) The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations. This publication provides federal agencies with recommended requirements for protecting the confidentiality of CUI
New NCCoE Building Blocks for Email Security and PIV Credentials(NIST) NIST's National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations improve the security of email, the other to enable mobile devices to provide security services based on personal identity verification (PIV) credentials. PIV cards (as they are known in the federal government) and other so-called smart card identity credentials contain computer chips that can receive, store, and transmit information securely. They are currently used in conjunction with a card reader to ensure authorized access to computer systems, certify emails, or provide an additional layer of security for physical access to facilities
AWS Best Practices for DDoS Resiliency(Amazon Web Services) This paper is intended for customers who want to improve resiliency of their applications running on Amazon Web Services (AWS) against Distributed Denial of Service attacks. The paper provides an overview of Distributed Denial of Service attacks, techniques that can help maintain availability, and reference architectures to provide architectural guidance with the goal of improving your resiliency
Creating a Cybersecurity Governance Framework: The Necessity of Time(IBM Security Intelligence) Today's organizations are going through a big change in the way they operate, the way they think and the way they function. This change is being pushed by major technological (cloud and mobile), intellectual (big data and analytics) and behavioral (social) transformations that are affecting the entire IT industry. Security also has been hit by this revolution. In fact, more than the change itself, the impact to security is due to the speed of the developments
How to run a security awareness programme(IT Security Guru) If anything is guaranteed to strike doom and gloom into the hearts of security people, it's the prospect of starting a new security awareness programme
US students might soon be able to use federal aid to attend coding bootcamps(Quartz) As college gets more expensive and wages for computer programmers skyrocket, more people are turning to intense coding bootcamps and online course providers to improve their job prospects without getting buried under debt. And they might get some unexpected funding help soon: The Department of Education is planning to experiment with letting students use Pell Grants to pay for these alternative programs
The summer of cyber attacks(Ottawa Sun) Two things can be said about Ottawa's summer, so far. One is that it has been wet; the other is that it's been raining cyber attacks on federal government websites
Germany says new reports of U.S. spying harm security ties(Reuters via Aol) Germany is taking seriously the latest reports about U.S. spying on senior government ministers and they are putting strains on vital security cooperation between the two countries, Chancellor Angela Merkel's spokesman said on Thursday
Germany wants quick clarification of new NSA spy allegations(AP via Military Times) Germany's foreign minister said Friday that new allegations of U.S. eavesdropping on senior German government officials' telephones need to be clarified "as quickly as possible" and that he hoped Washington would be forthcoming with information
OPM Director Sneaks Out An Update At 8pm on 4th of July(Threat Brief) At 8pm on the 4th of July OPM Director Archuleta posted an update on the breach into the lightly defended databases holding sensitive information on US Government employees. The update sticks with the theme OPM would like to push, which is that the Director is really doing a wonderful and visionary and proactive job at cybersecurity. She also makes her pitch on why she should not resign
Fix the federal hacking breach(Post and Courier) The fallout from the appalling security breach of federal employee records from the Office of Personnel Management continues to spread. And with agency director Katherine Archuleta expected this week to release the presumably final tally of people whose information was compromised, the full extent of this scandal should come into clearer — and even more alarming — focus
OPM Breach Reveals Shortcoming In US Efforts To Curb Advanced Cyber Intrusions(HSToday) On the heels of the recently reported data breach at the Office of Personnel Management (OPM) which affected millions of current and former federal employees, the House Committee on Homeland Security's Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies held a hearing to examine the Department of Homeland Security's (DHS) efforts to secure government networks in light of the recent data breach on the OPM
OPM, CISA, and the Cybersecurity Oxymoron(Just Security) In Congress, bad policy ideas are like vampires: They are very hard to kill because they're always somehow coming back from the dead. Such is the case with this year's iteration of the Senate's "cybersecurity information sharing" legislation, the Cybersecurity Information Sharing Act (CISA), offered by the chairman of the Senate Intelligence Committee, Sen. Richard Burr (R-NC)
You can earn millions by helping the FBI capture cybercriminals(TECHi) Few things in the modern world scream "cyberpunk" as much as multi-million dollar rewards for assisting in the capture of notorious cybercriminals. The FBI has had a cybercrime most wanted list for a while now, but just recently updated it with more then four million dollars in rewards
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.