ISIS sympathizers resurface with some cyber vandalism of a Georgian ministerial website devoted to EU and NATO integration.
Speaking of ISIS, the terror group draws a surprising comparison from the Daily Beast, which argues that the Caliphate's information operations template was established by Mexican drug cartels. One notes with interest that Mexico is the largest single Hacking Team customer revealed in this week's leaked documents.
The fallout from the Hacking Team breach continues, most seriously in the form of a Flash vulnerability the leaks expose. Cyber criminals, who've already integrated it into the well-known Angler, Neutrino, and Nuclear exploit kits, are now exploiting that vulnerability in the wild. A Flash patch from Adobe is expected hourly; in the meantime security analysts recommend disabling Flash.
Security companies Kaspersky and Symantec identify and describe an attack group variously known as "Morpho" and "Wild Neutron." Apparently a criminal as opposed to a state-sponsored operation (although it's early) Morpho is suspected of intrusion into corporate networks and of specifically targeting physical security systems.
CoreSecurity says it's found a vulnerability in AirLive security cameras.
Android devices are again in the crosshairs of malware developers: new adware and a malicious Nintendo game emulator are among the fresh exploit bait. Dark Reading previews some proofs-of-concept expected at BlackHat.
United Airlines suffered a system-wide issue with support software (flight safety was unaffected) that grounded many passengers this morning.
Australia may soften cyber export-control rules as its government thinks through their consequences. US debate on backdoors and encryption continues.
Today's issue includes events affecting Australia, Azerbaijan, Bangladesh, Bulgaria, China, Egypt, European Union, Finland, Georgia, India, Iraq, Italy, Democratic Peoples Republic of Korea, NATO, Netherlands, Russia, Sudan, Syria, United Kingdom, United States.
Amid a lot of social media panic, is news that the New York Stock Exchange has suspended trading for technical reasons. Early indications are that there's no sign of cyber attack, but of course this bears watching.
Hacking Team Adobe Flash Zero-Day Exploited By Money-Hungry Criminals(Forbes) In recent years, crypto luminary Bruce Schneier has noted that today's surveillance tools are tomorrow's cybercriminal playthings. Hacking Team has offered proof of that, as one of its zero-days — unpatched and previously-unknown software vulnerabilities — is being exploited by crooks
Hacking Team, the Surveillance Tech Firm, Gets Hacked(Wall Street Journal) A company that sells software allowing governments to hack into computers has itself been hacked, and files posted late Sunday indicate it sold surveillance technology to dozens of countries, including Sudan, Egypt, Russia and the U.S
Behind the curtain of the Hacking Team hack(CSO) The world watched on as Hacking Team was publicly stripped and flogged — virtually at least — over the last couple days. My colleague Steve Ragan covered the unfolding events in exquisite detail and today the dust continues to settle as we sift through the 400GB of leaked data and find the salacious, juicy tidbits
Flaw allows hijacking of professional surveillance AirLive cameras(Help Net Security) Nahuel Riva, a research engineer from Core Security, discovered vulnerabilities in AirLive's surveillance cameras designed for professional surveillance and security applications. He was able to invoke some CGIs without authentication, while backdoor accounts allowed him to execute arbitrary OS commands on the device
Gunpoder Android Malware Hides Malicious Behaviors in Adware(Threatpost) A stream of new Android malware infections is sounding a harsh tone on two fronts: hackers are making free and open source applications their own; and legacy security software needs to step up detection of adware behaving maliciously
6 Emerging Android Threats(Dark Reading) A peek at some of the Android vulnerabilities and malware that will be revealed at Black Hat USA next month
Profiling and Investigating Abnormally Malicious Chinese Autonomous Systems With WEBINT(Recorded Future) CHINANET AS 23650 in Jiiangsu province is part of a highly modern TIER 4 network owned by China Telecom, claimed to be the world's largest. We compare CHINANET AS 23650 to other autonomous systems part of CHINANET as well as additional independent autonomous systems. By comparison, AS 23650 is abnormally malicious over time, with some co-occurring activities in adjacent CHINANET infrastructure. We identify the likely location of the problematic activity. We find indications that third-party hosters with less than great reputation, such as MangoNet, are selling capacity on CHINANET, and hence potentially polluting the CHINANET infrastructure
Hacker attacks gambling websites, demands Bitcoin ransom(Phys.org) A hacker shut down four New Jersey Internet gambling sites for half an hour last week and threatened more cyberattacks over the holiday weekend unless a ransom was paid using the online currency Bitcoin, authorities said Tuesday
Another system-wide computer glitch grounded United Airlines this morning(Quartz) Travelers with tickets for United Airlines flights were stopped cold at US airports this morning, due to a system-wide computer glitch. Starting around 7:30 am ET, passengers were unable to check in for their flights and all United planes not currently in the air were grounded. The Federal Aviation Administration said the cause was "automation issues"
Security Patches, Mitigations, and Software Updates
Adobe to Patch Hacking Team's Flash Zero-Day(KrebsOnSecurity) Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks
Hacking Team Plans to Continue Operations(Threatpost) It has been absolutely brutal week for Hacking Team. All of the company's documents, internal communications, emails with customers, and invoices have been published, including its dealings with oppressive regimes and customers in sanctioned countries. But even with all that, company officials said they have no plans to cease operations, even as they're asking customers to stop using their surveillance products for the time being
Microsoft announces 7,800 layoffs and will write down $7.6 billion from Nokia(Quartz) Microsoft announced today it would cut up to 7,800 positions, primarily from its Nokia mobile phone business, and will write down $7.6 billion related to its purchase of Nokia. Microsoft's 2013 acquisition of Nokia — one of former CEO Steve Ballmer's last big plays — increasingly looks like a mistake
8 penetration testing tools that will do the job(CSO) If the probability of your assets being prodded by attackers foreign and domestic doesn't scare the bejesus out of you, don't read this article. If you're operating in the same realm of reality as the rest of us, here's your shot at redemption via some solid preventive pen testing advice from a genuine pro
Twitter's New AI Recognizes Porn So You Don't Have To(Wired) Clément Farabet deals in artificial intelligence. As a research scientist at New York University, he built brain-like computing systems that identified objects in photos and videos, and then he launched a startup where he did much the same thing. He and his co-founder called it Madbits, and 18 months later, Twitter snapped it up
FBI Director Comey's false dilemma: "ban encryption or accept terrorism"(Conversation) James Comey, Director of the FBI is the latest to add his voice to the call for a ban on the use strong encryption. In a blog post, Comey outlines the potential costs to public safety that come with security services not being able to intercept communications. In particular, he uses the threat of ISIL (ISIS) recruiting "troubled" US citizens and convincing them, over encrypted messaging apps, to "kill people"
Even Einstein Couldn't Fix Cybersecurity(GovTech) The Einstein and Continuous Diagnostics and Mitigation cybersecurity programs have been hailed as the cornerstone of repelling cyberthreats in real-time — but it turns out this is not actually the case
Archives clears up FOIA website confusion(FierceGovernment) With the launch of the openFOIA website last month, the National Archives and Records Administration has laid out what information requesters and Freedom of Information Act office workers can get from the three main FOIA-related federal websites
NSA actually snooped on criminals(FierceITSecurity) I know what you are thinking. Not another leak by Edward Snowden about how the National Security Agency is violating the privacy rights of individuals and world leaders. Well, guess what. The NSA actually used its all-pervasive surveillance technology to target criminals launching distributed denial-of-service attacks and exchanging data on criminal activities in hacker forums
Former attorney general calls Snowden deal possible(IDG via CSO) The "possibility exists" for the U.S. Department of Justice to cut a deal that would allow surveillance leaker Edward Snowden to return to the U.S., a former attorney general said in a media interview
14 days running a secret Dark Web pedophile honeypot (and why I now think Tor is the devil)(Geek Slop) Before discoursing the lengthy analysis of the Dark Web honeypots (there were three), let's answer the question that is surely on everyone's mind — did the honeypot allow me to reveal the true identity of the person visiting the Tor site? In many cases enough evidence was gathered to provide a pretty good guess or at least a good launching point for identification of the person that visited the site. Surprisingly, in some cases, the identity of the person was undeniably revealed and included the person's name, unique personal computer footprint, and true external IP address (see partial data example above). And to answer the second question, "no", this did not require the placement of malicious malware
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Hackito Ergo Sum(Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...
Securing Your Digital Assets(New York, New York, USA, July 14, 2015) Privacy and data security are a growing concern across all industries, and any breach of corporate or personal digital assets threatens financial and reputational harm. With all of the news and educational...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
SINET 16 Application Deadline(San Francisco, California, USA, July 17, 2015) Innovative solutions frequently come from new and small companies. Our goal is to provide entrepreneurs from all over the world an opportunity to increase their product awareness to a select audience of...
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
International Symposium on Forensic Science Error Management(Washington, DC, USA, July 20 - 24, 2015) The symposium will give forensic science practitioners and researchers from around the world the opportunity to discuss best practices for identifying and reducing errors in forensic science laboratories.
The APTs are coming(New York, New York, USA, July 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort,...
Cyber Risk Wednesday: Rethinking Commercial Espionage(Atlantic Council: Brent Scowcroft Center on International Security, July 29, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on July 29 from 4:00 p.m. to 5:30 p.m. for a discussion on new ideas on commercial cyber espionage and intellectual property theft
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
PragueCrunch IV: The Enpraguening(Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...
Black Hat USA(Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...
ISSA CISO Forum: Third Party Oversight(Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...
BSides Las Vegas(Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.