Yesterday's New York Stock Exchange shutdown continues to look like the result of a glitch as opposed to an attack, but investigation continues. The same-day occurrence of problems at United Airlines (which also seem the result of a glitch) and the Wall Street Journal (briefly inaccessible because of a spike in traffic as people looked for news on the NYSE trading suspension) prompted widespread speculation about coordinated attacks on the US economy ("Diehard" references duly noted). But evidence of attacks is so far thin, based on either evergreens (Anonymous tweets threatening Wall Street) or a priori possibility (China's stock market crash giving a motive to halt trading everywhere, etc.).
Another story inducing lightly sourced heebie-jeebies claims hackers took control of a Bundeswehr air defense battery. Germany's Defense Ministry calls Quatsch on the reports. All of us are well-acquainted with cautions against premature attribution; it's equally good counsel to avoid premature detection: information isn't intelligence until it's understood, confirmed, and analyzed.
Pro-ISIS hacktivists are reported to have vandalized a Syrian human rights watch site and some US Department of Energy pages at Argonne National Laboratory. FBI Director Comey continues to testify on the ISIS threat and its use of strong encryption in command-and-control operations. Others offer counterpoint in favor of strong encryption — see both Passcode and Lawfare for the pro-encryption side.
Adobe patches the Flash zero-day revealed by stolen Hacking Team data. Trend Micro points out that criminals have exploited that vulnerability since July 1, before the Hacking Team document dump.
Today's issue includes events affecting Canada, China, Colombia, Germany, Iraq, Italy, Japan, Republic of Korea, Syria, Turkey, United Arab Emirates, United States.
Context On The NYSE, WSJ and United Airlines Issues(Threatbrief) The computer security industry has long had a philosophical debate on how to define a cyber threat. For many of us, the use of the term Threat is reserved for hostile actors: organizations and individuals that mean to cause harm. But cybersecurity professionals and enterprise CTO's, CIO's and business executives must lead in ways that keep the IT up and running and it is sometimes very helpful to have a broader definition of the threat. There are threats to IT that come from natural disasters, for example. There is also the threat of cascading failures due to complexity. And there is the threat of system failure due to overloading
NYSE, WSJ and United Down: Coincidence?(TechZone360) Coincidence is a strange thing these days. Today, three incidents occurred that may or may not be related but certainly introduce the question: Is this a coincidence? Coincidence or not, we live in a computerized, connected world and this just highlights how vulnerable society is when bad things happen to software
Steuerten Hacker Raketenstationen der Bundeswehr?(Die Welt) Hacker haben womöglich das Flugabwehrsystem Patriot geknackt: In der Türkei stationierte Raketenstationen der Bundeswehr hätten "unerklärliche" Befehle ausgeführt, berichtet eine Fachpublikation
Did hackers remotely execute 'unexplained' commands on German Patriot missile battery?(Computerworld) Oh good, just what we need, vulnerable weapon systems being breached. Hackers purportedly gained access to a German Patriot missile battery and issued 'unexplained commands.' Yikes! Whether the story is pure FUD or a truth that embarrassed German officials into playing word games, authorities scoffed at the missile battery hijack report, calling it 'extremely unlikely'
Islamic State supporters hack website of Syria rights watchdog(Reuters via Yahoo! News) Purported supporters of the hardline Islamic State group hacked the website of the Syrian Observatory for Human Rights watchdog on Wednesday and threatened its Syrian director who has documented abuses on all sides of Syria's war
Hacking Team Flash Zero-Day Tied To Attacks In Korea and Japan… on July 1(TrendLabs Security Intelligence Blog) Earlier this week several vulnerabilities were disclosed as part of the leak of information from the Italian company Hacking Team. We've noted that this exploit is now in use by various exploit kits. However, feedback provided by the Smart Protection Network also indicates that this exploit was also used in limited attacks in Korea and Japan. Most significantly, these took place before the Hacking Team leak took place; we first found this activity on July 1
The DEA Is Tracking All Internet Traffic in Colombia, Hacked Email Shows(Vice) All of Colombia's internet traffic is monitored by the US Drug Enforcement Administration, according to a hacked email circulated on Twitter on Monday night, signaling widespread American surveillance of electronic communications in the country considered the longtime central battlefield in the global war on drugs
Bug in Android ADB Backup System Can Allow Injection of Malicious Apps(Threatpost) There's a severe vulnerability in the way that all versions of Android handle the restoration of backups that can allow an attacker to inject a malicious APK file into the backup archive. The bug is the result of an issue with the ADB command-line tool for Android and the researchers who discovered it say there is no fix for it right now
Bitdefender uncovers global spam campaign(SecurityWatch) Bitdefender has discovered a global spam campaign spreading banking Trojan Dyre. The threat uses various approaches to maximise damage, according to Bitdefender malware analysts
Security Patches, Mitigations, and Software Updates
Security updates available for Adobe Flash Player(Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published
Apple fixes VoiceOver bugs in update to iWork suite for iOS(AppleInsider) Apple in a rare overnight update on Tuesday issued what appears to be critical fixes to accessibility features in all three iOS iWork apps, returning full VoiceOver navigation and editing functionality to Pages, Numbers and Keynote
Never underestimate the impact of a data breach(Help Net Security) The growth of cyber-crime and the impact of successful attacks on an organization's bottom-line should not be underestimated; it is anticipated that data breaches will cost businesses up to £1.3tn by 2019, with new threats emerging at the astonishing rate of 390,000 per day. As the threat landscape continues to grow, the responsibility for guarding against damaging cyber attacks and protecting corporate data will lie with all employees
Why location-based social media data is critical for security(Help Net Security) Sports games at stadiums, hurricanes along the coast, protests on city streets, guest complaints at hotels, customer praise at restaurants, bullying at schools… Things happen at specific places. These human experiences impact all of us, everywhere, everyday
Universities are at risk of data breaches: is it possible to protect them?(ERPScan Blog) Last Wednesday Harvard University announced that on June 19 an intrusion on Faculty of Arts and Sciences and Central Administration information technology networks was discovered. According to the announcement on Harvard website, this breach affected eight different schools and thought to have exposed students' log-in credentials. University IT staff denied that any personal data or information from internal email system had been exposed
Does My Job Even Matter? A Dose of InfoSec Career Perspective(Tripwire: the State of Security) If you work in an enterprise defense role, chances are your day is comprised of coffee, email, meetings, crises, coffee, interruptions, coffee, and meetings (and, most likely, alcohol). The meetings seem useless and the interruptions unceasing. Your stress piles up while your family time dwindles, and you find yourself wondering at the end of the day (or during it) if your job is having any impact in terms of your organization's information security
SRA Files to Go Public, Sets $100M Fundraising Target(GovConWire) The holding company of Fairfax, Va.-based government services contractor SRA International has filed a registration statement with the Securities and Exchange Commission for an initial public offering, SRA said in its filing with the SEC posted Wednesday
Palo Alto Networks Traps Protects From Latest Flash Zero-Day Vulnerability CVE-2015-5119(Palo Alto Networks) Following this week's headline-grabbing breach, we all learned of an exploit utilizing CVE-2015-5119, a zero-day vulnerability in Adobe Flash. Successful exploitation of this vulnerability allows an attacker to take control of an affected endpoint, making it a critical threat. Various security researchers have since reported that the zero-day was indeed exploited in active attacks
They see me scannin'; they hatin'(Heisenbugs and other unobservables) One hour into your pentest and you're already getting calls from the Blue Team: "We see your Nmap scans. Do you want to just give up now, or…" Impossible, I used "SYN Stealth scan" and scanned really slowly! It's not impossible: Nmap out-of-the-box is really not that hard to spot if you know what you are looking for. Here are the most-common ways that Nmap scans get detected by IDS
Tunneling Data and Commands Over DNS to Bypass Firewalls(Lenny Zeltser) No matter how tightly you restrict outbound access from your network, you probably allow DNS queries to at least one server. Adversaries can abuse this "hole" in your firewall to exfiltrate data and establish stealthy Command and Control (C2) channels that are very difficult to block. To understand the use of DNS for C2 tunneling, let's take a look at Ron Bowes's tool dnscat2, which makes it relatively easy to experiment with such attack techniques
The Importance of Building an Information Security Strategic Plan(IBM Security Intelligence) Some say that strategic planning is no longer practical or necessary in today's rapidly changing technical environment, but strategy still remains an essential part of defining clear companywide goals and how to achieve them. Strategic planning is about setting long-term goals, establishing the directions and constraints that will guide the tactical achievement of these aims and identifying the assets and capabilities that the organization needs to execute the plan
IBM may have just extended the lifespan of Moore's Law(Quartz) Since 1965, we have held onto the belief that computing power will double every two years, as argued in a paper by Gordon Moore, the eventual founder of Intel. But in recent years, scientists have been straining to keep Moore's Law alive, as we start to approach the physical limit of how small we can make silicon chips
What I learned at Cyber Boot Camp (Instructor Edition)(We Live Security) One reason cybercrime is on the rise is a lack of "capable guardians", people with the appropriate skills and personal ethics to defend networks against attack. Recently I participated in a program that aims to change that situation: Cyber Boot Camp, a place where young people can develop the skills, mindset, and moral code required defend networks against criminal abuse. I have already written about some of the lessons learned by students who attended the camp, but like any good educational experience, the instructors also learned things, and I wanted to share the most worrying thing I learned: there's a big hole in computer education in America today. While Cyber Boot Camp takes place in California, I suspect that this problem exists in a lot of other states as well (I would be very happy to hear from anyone who can show me I'm wrong on this)
Keys Under Doormats: Mandating Insecurity(Lawfare) Two decades ago US law enforcement sought laws requiring communication providers to be able to decrypt communications when served with a court order. The proposed technology to accomplish this was escrowed encryption — keys stored by the government — and the methodology is the now infamous Clipper chip
Report: UL in talks with White House on IoT certification(FCW) The White House's interest in a security certification for Internet of Things (IOT) products appears to be gaining steam with standards firm Underwriters Laboratories in talks with the administration on how to develop such a program
Finnish Decision is Win for Internet Trolls(KrebsOnSecurity) In a win for Internet trolls and teenage cybercriminals everywhere, a Finnish court has decided not to incarcerate a 17-year-old found guilty of more than 50,000 cybercrimes, including data breaches, payment fraud, operating a huge botnet and calling in bomb threats, among other violations
U.S. one step closer to extraditing accused spy(Canadian Press via Metro News Vancouver) The United States has vaulted another hurdle in its bid to extradite a Chinese national living in British Columbia who is accused by the FBI of pilfering American military trade secrets
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.