skip navigation

More signal. Less noise.

Daily briefing.

Those curious about how terrorist organizations establish persistent networks will find Perspectives on Terrorism's study interesting.

This week's outages at the New York Stock Exchange and United Airlines remain under investigation, but the emerging consensus is that they were unrelated and not the result of an attack. (Complex systems do fail, and their very complexity can constitute in effect a vulnerability, as discussions of ERP systems suggest.) The incidents have pumped up the valuations of some cyber security stocks.

The OPM affair in the US looks worse: over 21 million individuals' records are now acknowledged to have been compromised. Director Archuleta resigned this morning.

The consensus on the just-patched OpenSSL certificate verification bug is that it's serious, but not quite as serious as Heartbleed. Nevertheless, patch.

Hacking Team's data are still out there. Netragard, whose name appears amid those data, says it's pleased to be mentioned in dispatches, since the data make it look pretty good.

Those interested in the difference between bug hunting for fixes and bug hunting for exploitation may contrast accounts in (unrelated) stories by OpenDNS (the former) and Ars Technica (the latter).

VMware patches three products against a privilege-escalation vulnerability.

Singer and Cole make flesh creep with visions of what a World War III would look like (no spoiler: lots of cyber action).

Splunk buys Caspida, Avast Remotium, Fortinet Meru Networks.

The FBI still hasn't convinced encryption advocates that backdoors are either desirable or realistic (even after announcing it stopped terror attacks planned around Independence Day).

Notes.

Today's issue includes events affecting Estonia, Iraq, Israel, Italy, Japan, Palestine, Syria, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

How Jihadist Networks Maintain a Persistent Online Presence (Perspectives on Terrorism) Jihadist groups have used the opportunity created by the proliferation of social media platforms to create a persistent as well as ideologically cohesive presence for jihadist propaganda online which is intended to attract fighters and fundraisers to the cause. This article uses a range of big data techniques including network analysis, combined with examples of Jihadist communication strategy to identify the elements which have allowed groups to maintain a permanent presence for their content online, despite the efforts of western Governments working with social media platform providers

New York City Comptroller Office Website Hacked by Pro-Palestinian Hacker (HackRead) Hackers have a passion for hacking, but the way they choose their targets is something hard to understand. Just like this unpredictable hack we are about to report

Day of the bugs: Disruptions at NYSE, United Airlines and WSJ.com heighten cybersecurity concerns (Dallas Morning News) The cyber-outages came one after another: one of the nation's biggest airlines, its largest financial news publication and its main stock exchange

Akamai says it doesn't see any 'anomalies' after major Internet outages (Boston Business Journal) A spokesperson for Akamai Technologies, a Cambridge-based Internet content delivery firm, on Wednesday said the company hasn't seen any unusual activity in the midst of mysterious series of website outages that have impacted organizations including the New York Stock Exchange

United, NYSE and WSJ Glitches Were Not a Cyber Attack (Security Debrief) There's an old axiom in science and statistics: correlation does not imply causation. It's a caution against deducing too much from a seeming connection. Sometimes what walks and talks like a duck isn't actually a duck

OPM Announces More Than 21 Million Affected by Second Data Breach (National Journal) The federal personnel agency finally announced Thursday the scope of a massive hack of security-clearance information first revealed last month

Hackers Scored Personal Data on Over 21 Million Americans (Atlantic) The federal cyberbreach is now five times larger than initial estimates, and even the new figure captures only a fraction of those affected

OPM hack hit potentially millions of troops, vets (Military Times) Social Security numbers, family information, health records and even fingerprints of 21.5 million federal employees — including potentially millions of military personnel — were included a massive data theft last month from the Office of Personnel Management, officials acknowledged Thursday

OpenSSL bug serious — but no Heartbleed, say experts (ComputerWeekly) OpenSSL certificate verification flaw lets attackers impersonate cryptography-protected websites, email servers and virtual private networks (VPNs)

The OpenSSL "CVE-2015-1793" certificate verification bug — what you need to know (Naked Security) If you have anything to do with web security, like we do, you've probably been in "bated breath" mode this week

Hacking Team vendor calls breach a 'blessing in disguise' (CSO) In the aftermath of the Hacking Team incident, Netragard, a security firm in Acton, MA, called it a blessing in disguise after emails between the two companies were indexed and published by WikiLeaks

Dyre times ahead: Zeus-style trojan slurps your banking login creds (Register) List of countries targeted in cash theft scam oddly doesn't include Greece

Are Secure Communications Really Secure? Government Sites Affected by Weak DHE (TrendLabs Security Intelligence Blog) How secure is online public communication? Last May, a paper was published that discusses about the Diffie-Helman (DH) crypto-strength deployment, which gives strong evidence that the current DH usage is weak and suggests that 1024-bit size parameters can be broken with a nation state's computing power resources

Down the Darknet Rabbit Hole Again (Dark Matters) I've been back down the rabbit hole, into the Darknet again and it's been a hell of a hostile and discordant excursion this time. For those of us who are merely researching the cybercriminal ecosystem, it can become an extremely precarious place to visit sometimes

DDoS ransom notes: why paying up will get you nowhere (DDoSInfo) DDoS attacks are getting more frequent and more harmful, but the key is not to be blackmailed If a large man stopped you on a street corner and told you that if you hand him five dollars, he won't punch you in the face, what would you do?

"Internet Capacity Warning" Phishing Scam Aims to Steal Your Login Details (HackRead) Internet users are receiving an email that claims to be sent from the "Information technology Services' Support Department." It informs users that their internet capacity has reached 70% and, therefore, they need to contact support department to avoid problems

Detroit Zoo, eight others across the county experience POS breach (SC Magazine) The Detroit Zoo along with eight other zoos across the country announced that Service Systems Associates (SSA), a third party vendor that handles retail and concession payments, experienced a point-of-sale (POS) breach that affected customers between March 23 and June 25 of this year

Credit Card Breach at a Zoo Near You (KrebsOnSecurity) Service Systems Associates, a company that serves gift shops and eateries at zoos and cultural centers across the United States, has acknowledged a breach of its credit and debit card processing systems

Anonymous is Relatively Much Bigger Than You Anticipated (HackRead) The global Anonymous network is relatively much bigger than your actual anticipation, a recent visual analysis by a University of Copenhagen graduate suggests

Security Patches, Mitigations, and Software Updates

Alternative chains certificate forgery (CVE-2015-1793) (OpenSSL Security Advisory) During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate

OpenSSL CVE-2015-1793: Man-in-the-Middle Attack (Mattias Geniar) As announced at the beginning of this week, OpenSSL has released the fix for CVE-2015-1793

VMSA-2015-0005 (VMware Security Advisories) VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability

Apple drops Recovery Key in new two-factor authentication for El Capitan and iOS 9 (Macworld) Apple said at WWDC it would build a more integrated and comprehensive two-factor security system into its next OS releases, and today explains what that means

Cyber Trends

The Reality of Cyberwar (Politico) World War III would be unlike any other conflict

The Rise of Endpoint Threat Detection and Response (ETDR) — How Vulnerable is your IT Infrastructure? (Information Security Buzz) As security breaches are becoming almost commonplace in the finance, retail, healthcare, and entertainment industries, many CISOs are asking the question: How vulnerable is my IT infrastructure?

Intrusion Protection Spending Stays Steady, Monitoring Lags (Infosecurity Magazine) A look at the intrusion detection and prevention (IDS/IPS) sector shows that security spending is remaining strong, with 37% of enterprise security managers expecting to increase their budget in the next 90 days

9 emerging trends to watch in access control (Security InfoWatch) As new and evolving access control technologies continue to deliver improvements in performance, efficiency and cost-effectiveness, the potential applications for these systems are expanding far beyond their traditional deployments. In particular, networked and software-based solutions have had significant impacts on the growing role of access control systems in security, as well as other areas

Risk management programs lack maturity, new strategies needed (Help Net Security) With cyber attacks and data security threats looming at insecure access points, the increased scrutiny of regulators and the focused attention of boards of directors, the outsourcing of critical services to third parties requires a robust vendor risk management program and stringent oversight — now more than ever. Yet the results of a new study suggest that many companies may be underperforming in these areas

5 reasons why newer hires are the company's biggest data security risk (CSO) Millennials are now in the majority in the workforce, which means a bigger headache for security IT folks

Stolen financial info worse than leaked nude pics: Survey (CNBC) Just how concerned are consumers with protecting their financial information?

Marketplace

Worldwide cybersecurity market continues its upward trend (CSO) Cybersecurity market growth continues in North America, Latin America, EMEA, and Asia-Pac regions

The Insurance Industry's Unique Vantage Point On Cyber Security (Forbes) Scott Kannry is the Chief Executive Officer of Axio Global. Scott's entire career has been in the commercial insurance industry with a focus on cyber and previously spent 10 years in the Financial Services Group at Aon. He works with clients in all industries but specializes in those with evolving cyber risks, such as energy, utility, transportation and manufacturing

Managing Manufacturing Risk: Cyber Enters the Picture (Property Casualty 360) As cyber threats top the list of concerns for manufacturers, a continued uptick in business activity presents growth opportunities for brokers. But when crafting coverage, they must be vigilant to guard against both traditional risks and new exposures

Cybersecurity Stocks Surged on the Back of the Big NYSE Trading Halt (BloombergBusiness) Palo Alto Networks, AVG, and others moved up

Cybersecurity stocks rally day after NYSE/United/WSJ tech issues (Seeking Alpha) Security tech plays are outperforming amid a 0.4% gain for the Nasdaq. The rally comes a day after the NYSE suffered a lengthy outage, United Airlines grounded flights, and the WSJ's site briefly went down

Splunk Makes Smart Acquisition — Maintain Outperform (FBR Capital Markets) Last night, Splunk announced it had acquired Caspida, Inc., a leader in behavior analytics and machine learning, for $190 million. Caspida provides advanced threat detection and covers unknown threats that have already penetrated the enterprise. When coupled with Splunk's existing security solutions, the company should have the ability to detect advanced, hidden, and insider threats, improve threat detection with targeted incident response, and increase security operations center (SOC) efficiency. Caspida was launched in 2014 and is based in Palo Alto, California. Strategically, we believe this is a smart acquisition as it combines Splunk's existing response technologies with Caspida's advanced threat detection capabilities and broadens Splunk's product footprint and customer reach, key ingredients in the company's recipe for success on the security front, in our view

Fortinet Closes Acquisition of Meru Networks (MarketWatch) Fortinet FTNT, +0.51% the global leader in high-performance cyber security solutions, today announced it has closed the acquisition of Meru Networks MERU a leader in intelligent Wi-Fi networking

Avast acquires mobile virtualization firm Remotium (ZDNet) The deal allows Avast to extend itself further beyond the consumer market

Thoughts On Possible Symantec Corporation (SYMC) Veritas Leveraged Buyout — Merrill Lynch (Bidness Etc) Merrill Lynch reiterated its Sell rating and price objective of $20 on Symantec stock, following rumors that Veritas could be sold to private equity

Cloud-based Physical Security Startup Octopus Raises $2.5M From Singulariteam (TechCrunch) Octopus, a Tel Aviv startup that makes cloud-based physical security systems for large facilities, has raised $2.5 million from Singulariteam

LookingGlass Cyber Solutions Honored as Fastest Growing IT Company of the Year at 10th Annual 2015 IT World Awards (BusinessWire) LookingGlass wins two awards from Network Products Guide for Fastest Growing IT Company and bronze for Best IT Software Company

Products, Services, and Solutions

Google fine tunes spam catching tools (IDG via CSO) Google has reduced spam reaching inboxes to a fraction of a percent, but in the process sometimes misclassifies bulk-mailed messages like monthly statements and ticket receipts

Startup Tanium Adds Security Smarts to System Management Platform (The VAR Guy) Systems management startup Tanium has expanded into the security space with a new platform component that can help enterprises detect cyberattacks across numerous endpoints, replacing what's typically a time-consuming process with fast and accurate results, the company said

Solutionary Announces New Tools and Resources for Enterprise Security Monitoring (MarketWatch) First MSSP to integrate raw log search analytics for clients

Can Eyeprint 'selfies' replace hardware tokens? (SC Magazine) Eyeprints — of veins in the white, not the iris of an eye — captured via selfie are another biometric option for 2-factor security, but concerns about the implications of compromise remain

IOActive Announces Internet of Things Assurance Services (BusinessWire) Company also joins forces with Cloud Security Alliance to drive global awareness

Balabit releases Blindspotter real-time user monitoring tool (ComputerWeekly) Balabit's Blindspotter real-time user behaviour analytics monitoring tool for identifying malicious activity throughout IT systems has been released to market

Technologies, Techniques, and Standards

How IKEA Does PCI-DSS (eSecurity Planet) Attaining PCI-DSS compliance is no easy task, but IKEA's common sense approach makes it a bit less taxing

Why is ERP security so difficult? (Help Net Security) ERP (Enterprise Resource Planning) security has been all over the news lately. From high profile breaches, like the recent U.S. Office of Personnel Management breach, to researchers presenting vulnerabilities in ERP systems at recent security conferences, the visibility of ERP in the security community has never been higher

Tips and Tricks on How to Safeguard Android Devices From Getting Hacked (International Business Times) Android mobile OS is the world's biggest smart device ecosystem. It has more than 80 percent share of the global OS market and expectedly attracts most number of attacks from hackers and cyber criminals

Hacker Search Engine Becomes the New Internet of Things Search Engine (SecurityWeek) At DEFCON 17 in 2009, John Matherly debuted a search engine named Shodan (after the villainous computer in the cult-classic video game, System Shock). Shodan was received with some alarm in the media, who named it "The world's scariest search engine"

How to prepare for and respond to a cyber attack (Network World) Cybercriminals are constantly looking for new ways to bypass security measures. In a survey conducted by the SANS Institute on the behalf of Guidance Software, 56% of respondents assumed they have been breached or will be soon, compared with 47% last year

5 security tips to defeat cybervillains at Comic-Con 2015 (We Live Security) We are just days away from the start of Comic-Con in San Diego, and if you are heading on an away mission into the crowd of fellow fans, you may be wondering how to keep your data and devices safe. Being in the midst of such a large group of people provides a lot of tempting targets for cybercriminals who aim to misbehave, and the opportunity for both direct attacks, like physical theft, and more subtle attacks like malware infection

Design and Innovation

Carmakers to tech partners: Keep your hands off our data (Reuters) Carmakers are limiting the data they share with technology partners Apple Inc and Google Inc through new systems that link smartphones to vehicle infotainment systems, defending access to information about what drivers do in their cars

For Fun and Profit: The Right Way to Run a Bug Bounty Program (OpenDNS) Here's to the crazy ones

How a Russian hacker made $45,000 selling a zero-day Flash exploit to Hacking Team (Ars Technica) "Volume discounts are possible if you take several bugs"

Research and Development

Bitglass Granted Patent on Unique Searchable, Full Strength Cloud Encryption Read more: http://www.digitaljournal.com/pr/2606165#ixzz3fVN2WVNz (Digital Journal) Bitglass, the Total Data Protection company, today announced that it has been granted a patent for its breakthrough searchable full-strength 256-bit AES encryption for cloud applications

Liverpool Hope University project could banish remembered passwords (Liverpool Echo) Liverpool Hope University is working on a smartphone project that could rid the world of remembered passwords

Single photons for quantum cryptography (Keio Research Highlights) Carbon nanotubes that emit single photons at telecommunication wavelengths and room temperature could be useful for quantum cryptography

Classifying Data Objects (United States Patent Application 20150178383) (Free Patents Online) Methods, systems, and apparatus, including computer programs encoded on computer storage media, for classifying data objects. One of the methods includes obtaining data that associates each term in a vocabulary of terms with a respective high-dimensional representation of the term; obtaining classification data for a data object, wherein the classification data includes a respective score for each of a plurality of categories, and wherein each of the categories is associated with a respective category label; computing an aggregate high-dimensional representation for the data object from high-dimensional representations for the category labels associated with the categories and the respective scores; identifying a first term in the vocabulary of terms having a high-dimensional representation that is closest to the aggregate high-dimensional representation; and selecting the first term as a category label for the data object

Academia

Firewalls replace bonfires at Monroe Tech's cyber security camp (Loudon Times-Mirror) "Time's up! Step away from the laptops." A camp counselor of sorts yelled as 60 students typed in their final keystrokes

Legislation, Policy, and Regulation

Sawab means the right path, ISIL the wrong one (National) For a year now, the terrorist group ISIL, or Daesh as it is known throughout the Middle East, has seized attention through its rapid growth and expansion. To fuel this growth, ISIL has maliciously twisted and corrupted the peaceful teachings of Islam, using sensationalist brutality to appeal to the most vulnerable members of our societies

Katherine Archuleta, Director of Office of Personnel Management, Resigns (New York Times) Katherine Archuleta, the director of the Office of Personnel Management, will resign effective Friday, according to a White House official, one day after it was revealed that sweeping cyberintrusions at the agency resulted in the theft of the personal information of more than 22 million people

John Boehner, John McCain join growing calls for OPM director's resignation (Politico) House Speaker John Boehner and Sen. John McCain are joining a growing chorus of lawmakers demanding the ouster of the federal government's top personnel manager, blaming her for a pair of damaging security breaches that compromised sensitive data of more than 22 million people

Prepare for more cyber attacks on US (Financial Times) Washington needs to answer the question that Kissinger once asked of Europe: 'Who do I call?'

Prepare for Breaches (The Hill) The data breach at the Office of Personnel Management that saw millions of sensitive personnel records stolen is a teaching moment for information assurance, but policymakers are cutting class

DHS Secretary: 'Federal cybersecurity is not where it needs to be' (Nextgov) Department of Homeland Security Secretary Jeh Johnson on Wednesday reaffirmed his goal to make the latest version of a cybersecurity intrusion detection and prevention platform — known as EINSTEIN 3A — available to all federal civilian agencies by the end of 2015

FBI director insists Silicon Valley can solve the encryption dilemma — if they try hard enough (Help Net Security) On Wednesday, the US Senate Judiciary Committee got to hear from FBI director James Comey and DOJ Deputy Attorney General Sally Quillian Yates on how end-to-end encryption employed by certain companies (but mostly Apple) is becoming a problem for law enforcement's investigations

This is the most outrageous government tirade against iOS 8 encryption (Ars Technica) "Criminal defendants across the nation are the principal beneficiaries of iOS 8"

WPI professor co-authors cybersecurity report (Worcester Telegram) Somewhere in cyberspace, ISIS operatives are busy planning something and the Federal Bureau of Investigation's concern is that thanks to today's stronger encryption technology, it's increasingly difficult to figure out what that something is

U.S. Government Wades into Vulnerability Disclosure (Threatpost) Security researchers and software vendors have spent decades trying to work out the process of vulnerability disclosure, with limited success. Now the federal government is joining the fray in hopes of getting the two sides to play nice

House Democrat pushes new data breach bill (The Hill) Rep. David Cicilline is trying to restart the stalled debate on legislation that would require companies to tell customers they have been hacked

Do Americans have the same right as Europeans to be "forgotten" by Google? (Naked Security) Europeans have the right to request the removal of links in search engine results — what is now commonly referred to as the "right to be forgotten," thanks to a May 2014 court ruling

After 25 years, the EFF is still defending your rights online (Ars Technica) Ars chats with EFF head Cindy Cohn about a quarter century of advocacy

Litigation, Investigation, and Law Enforcement

FBI says it thwarted Islamic State-inspired July 4 attacks (Reuters via MSN) U.S. authorities foiled attacks planned around the Fourth of July, arresting more than 10 people in the month before the holiday who were inspired by Islamic State online recruitment, FBI Director James Comey said on Thursday

DHS has 'leading suspect' in OPM hack but won't point fingers (FierceGovernmentIT) The federal government has a "leading suspect" in its investigation of two information technology system breaches at the Office of Personnel Management that compromised the sensitive data of millions of people

Two US telecom companies to pay $3.5 million for data breach (IDG via CSO) Two sister mobile and telecom service providers will pay a combined US$3.5 million after the U.S. Federal Communications Commission found that they were storing customers' personal data on unprotected servers accessible over the Internet

Esthost/Rove Digital Mastermind Pleads Guilty, Faces Six-Year Sentence (TrendLabs Security Intelligence Blog) In November 2011 the Federal Bureau of Investigation (FBI), with the help of the Trend Micro Forward-looking Threat Researchers, conducted what was, at the time, the largest takedown in the history of online crime

Federal cyberstalking case sent to Delaware jury (AP via KLTV) Jurors began deliberating Wednesday in the federal conspiracy and cyberstalking case against the widow and children of a man who killed his ex-daughter-in-law at a Delaware courthouse in 2013

Aspiring singer jailed for hacking Madonna and stealing unreleased tracks (WeLiveSecurity) Late last year, Madonna logged furiously into her Instagram account in order to complain that hackers had broken into her computer, and stolen photographs and music tracks

Man charged for naming sexual assault victim on police Facebook page (Naked Security) A UK man who named a victim of a sexual offence on a police Facebook page has been charged

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

Inside Data Science 2015 (Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and...

Upcoming Events

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, July 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered...

TakeDownCon Rocket City (Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, July 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.