South Korean prosecutors investigate another apparent data breach at Korea Hydro & Nuclear Power Corporation.
Reports of increased cyber activity targeting (separately) both Israel and Iran circulate.
The New York Stock Exchange releases results of its investigation of last week's outage: it was a configuration issue tied to a new timestamp rollout. The incident prompts reflection on the inherent vulnerability complex software poses to the enterprises that develop and use it — Popular Science likens network outages to "new natural disasters." (For those interested in thrashing through a priori possibilities to significant but specious judgments of causation, see the PBS NewsHour piece on the outage. The comments are worth a look.)
In the US, OPM Director Archuleta's resignation Friday hasn't stopped growing concern over the scope of the breach her agency sustained. Crowdstrike (in which Google, by the way, is rumored to be making a large investment) outlines grounds for the near-universal, albeit unofficial, conclusion that Chinese intelligence services were responsible for the hack. Others point out the very large costs — personal, national, etc. — the breach will exact. (Few have noted yet what will be increasingly disturbing over the next few weeks: SF-86s contain personally identifiable information not just on people considered for clearances, but on family members and associates as well.)
Flash and Chrome zero-days associated with the Hacking Team breach are being patched. Many wonder if venerable (useful, but venerable) Flash is ultimately worth patching.
Cyber standards of care continue to evolve in insurance markets and the plaintiff's bar.
Today's issue includes events affecting Australia, Azerbaijan, Belgium, Canada, Chile, China, Colombia, Cyprus, Czech Republic, Ecuador, Egypt, Ethiopia, European Union, France, Germany, Honduras, Hungary, Iran, Iraq, Ireland, Israel, Kazakhstan, Republic of Korea, Luxembourg, Malaysia, Mexico, Mongolia, Morocco, NATO, New Zealand, Nigeria, Oman, Panama, Poland, Russia, Saudi Arabia, Singapore, Spain, Sudan, Switzerland, Syria, Thailand, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States, and Uzbekistan.
Cyber Attacks, Threats, and Vulnerabilities
Korea Hydro & Nuclear Power Corporation Attacked Online Again(Business Korea) Korea Hydro & Nuclear Power Corporation's internal data was circulated online again on July 8, with a self-proclaimed hacker threatening to expose the corruption of the corporation. The Public Prosecutors' Office has launched an investigation
Creepy cyber coincidence? Probably not(PBS NewsHour) On Thursday, United Airlines, the Wall Street Journal, the popular financial blog site ZeroHedge and the New York Stock Exchange all had to shut down their services for "technical reasons." Although the Department of Homeland Security released a statement saying that there was "no sign of malicious activity" at the New York Stock Exchange, intellectual speculators quickly joined their financial peers to suggest these events were not coincidental and the result of a coordinated cyberattack
United Airlines and NYSE troubles are homegrown(Mashable) This week's New York Stock Exchange and United Airlines tech meltdowns highlighted our infrastructure vulnerabilities and prompted fresh fears of cyber-terrorism. Yet further examination reveals that it's not dark external forces we have to fear, but the enemy within
Security Firm: China Is Behind the OPM Hack(Daily Beast) The U.S. government has been reluctant to pin blame for the massive espionage campaign. A leading cybersecurity company — relying on federal data — isn't being so shy
The Human Cost of the Hack on OPM and Its National Security Impact(Lawfare) By now, everyone knows about the OPM hack and the fact that the private and sensitive information compromised may make employees of the U.S. government — especially those with security clearances — more subject to blackmail, bribery, or extortion and more vulnerable to more realistic phishing attacks. But there's one more aspect that needs airing
What's Worse Than Losing Your Data? Losing Your Trust In It(Overt Action) The news about the Office of Personnel Management's data breach gets worse every day. As of this writing, Chinese hackers stole over 22 million personnel files from OPM, forcing Director Katherine Archuleta to resign late last week. This data breach's potential national security damage to U.S. interests is only rivaled by Edward Snowden's efforts. But the news could, in fact, be worse. There is a far more disturbing angle to the story that has not been adequately covered, namely: What if, in addition to stealing OPM's personnel records, hackers corrupted them as well?
Update: The Hacking Team Flash Zero-Day Trifecta(Trend Micro Simply Security) Trend Micro?s researchers have reported a third zero-day vulnerability (CVE-2015-5123) in Adobe Flash, a result from last week's Hacking Team attack to the Adobe Security Team
APT Group UPS Targets US Government with Hacking Team Flash Exploit(Palo Alto Networks) On July 8, 2015, Unit 42 used the AutoFocus Threat Intelligence service to locate and investigate activity consistent with a spear-phishing attack targeting the US Government. The attack exploited an Adobe Flash vulnerability that stems from the zero-day vulnerabilities exposed from this month?s Hacking Team data breach
SSD Advisory — Adobe Reader Combobox Code Execution(Bot24) More powerful than other PDF software, Adobe Acrobat Reader DC is the free, trusted standard for viewing, printing, and annotating PDFs. And now, it's connected to Adobe Document Cloud — so it's easier than ever to work with PDFs on computers and mobile devices
Hacking Team Used Spammer Tricks to Resurrect Spy Network(KrebsOnSecurity) Last week, hacktivists posted online 400 GB worth of internal emails, documents and other data stolen from Hacking Team, an Italian security firm that has earned the ire of privacy and civil liberties groups for selling spy software to governments worldwide. New analysis of the leaked Hacking Team emails suggests that in 2013 the company used techniques perfected by spammers to hijack Internet address space from a spammer-friendly Internet service provider in a bid to regain control over a spy network it apparently had set up for the Italian National Military Police
Hacking Team Shows the World How Not to Stockpile Exploits(Wired) Bank robber Willie Sutton's famous line about why he robs banks — "because that?s where the money is" — was particularly apt this week after the Italian firm Hacking Team was hacked and at least two zero-day exploits the firm possessed were spilled to the public, along with about 400 gigabytes of company emails and other data
How spyware peddler Hacking Team was publicly dismantled(Engadget) Early Monday morning, around 400GB of stolen internal company files belonging to Italian surveillance and intrusion software firm Hacking Team were distributed online through its freshly hacked Twitter account (changed to "Hacked Team")
How the Wild Neutron Hacker Group Avoids Detection(eWeek) The hacker group known as Wild Neutron is still actively attacking companies around the world, a number of years after the group was first discovered in 2011. Both Kaspersky Lab and Symantec have reported renewed activity from Wild Neutron (Symantec now refers to the group as "Butterfly") this year
Three UAE firms targeted by 'sophisticated' cyber-bandits(Arabian Business) A sophisticated cyber group that concentrates on stealing intellectual property from large enterprises has compromised "a string of major corporations" in recent years, including three organisations "located or headquartered" in the UAE, cyber-security company Symantec has claimed
Internetbetrüger attackieren gezielt Smartphones(Stuttgarter Nachrichten) Jeder dritte Deutsche kauft mobil über das Internet ein. Das macht Smartphones zum lohnenden Angriffsziel von Online-Kriminellen. Urlaubsreisende sind besonders gefährdet
Cloudminr.io Hacked, User Database Put Up For Sale(Crytpocoin News) Users of the "cloud mining" service Cloudminr.io were greeted with an unwelcome surprise when they showed up at the site in the last several hours: a CSV (comma separated values) file containing a sample of the entire user database for the website. The whole site is apparently for sale, and the hackers appear to have full control of the server at this point
A New, Innovative Ransomware Attack Spreads Using Google Drive(KnowBe4) An Eastern European cybercrime gang has started a new TorrentLocker ransomware campaign where whole websites of energy companies, government organizations and large enterprises are being scraped and rebuilt from scratch to spread ransomware using Google Drive and Yandex Disk
Security Patches, Mitigations, and Software Updates
New PHP Releases Fix Backronym MySQL Flaw(Threapost) Several new versions of PHP have been released, all of which contain a number of bug fixes, most notably a patch for the so-called BACKRONYM vulnerability in MySQL
Adobe To Fix Another Hacking Team Zero-Day(KrebsOnSecurity) For the second time in a week, Adobe Systems Inc. says it plans fix a zero-day vulnerability in its Flash Player software that came to light after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that's long been accused of helping repressive regimes spy on dissident groups
The Vague Software 'Magic' of the Internet of Things(Re/code) One of the big promises of the Internet of Things is supposed to be insight. The idea is that, by collecting all kinds of data from a myriad of connected sensors, both businesses and consumers will be able to learn more about the systems, devices and environments around them
Will Cyber Security Companies shift their Headquarters out of US?(eHacking News) The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution
BalaBit Releases Blindspotter, Real-time User Behavior Analytics Tool(Digital Journal) BalaBit, an IT security innovator specializing in advanced user monitoring technologies, today announced that its next-generation IT security tool, Blindspotter is now generally available. Blindspotter is a real-time, user behavior analytics (UBA) tool that analyzes user activities and identifies suspicious events occurring throughout IT systems. It is designed to help organizations mitigate the impact of advanced persistent threats (APTs) or identify malicious internal activity and to speed up the investigation process of any suspicious activityead more: http://www.digitaljournal.com/pr/2608614#ixzz3fmHspxzG
Does Avast slow down my computer?(Avast Blog) When your computer slows to a crawl, it is very frustrating. One of the worst things that people do when trying to restore the performance of their PC is to remove the security software. Getting rid of your protective barrier just opens you up to threats that could make things even worse
NAIC's New 12-Step Cybersecurity Program(Bradley Arant Bolt Cummings) The Cybersecurity Task Force of the National Association of Insurance Commissioners (NAIC) has released formal guidance outlining the data security safeguards that the insurance industry and state insurance regulators should implement to ensure that sensitive information and the industry's data infrastructure are protected from cybersecurity intrusions
3 ways to stop insider threats in your organization(Help Net Security) No one wants their organization to be the next poster child for a major informational breach. No one wants their company to make headlines for having their data compromised or stolen. No one wants their governmental agency to become the example of what not to do in security IT
Tackling the Seven Deadly Sins of Mobile Security(Information Security Buzz) A secure and productive mobility strategy is a game changer for any business in today's connected world. It's becoming more imperative for users to gain access to corporate data on their mobile devices both inside and outside of the corporate network
For Social Engineering Scams, The Best Security Patch Is Education(Forbes) I lost my driver's license while out of town last month, which I assumed would put a big damper on my trip. I rarely have to brandish a photo ID when I'm at home, since I frequent the same businesses that know me by sight. I assumed that wouldn't be the case on vacation, so I braced for the worst. Imagine my surprise when I realized that losing my license had virtually no effect at all
Weeding Out Online Bullying Is Tough, So Let Machines Do It(Wired) Online abuse: there's just so, so much of it. Social networks teem with harassment and trolling, so much so that companies have outsourced the work of content moderation to an army of laborers, typically overseas, often at an enormous mental and emotional toll to the workers themselves
How (not) to build a secure mobile messaging platform(Mikkolehtisalo) Lately there has been noticeable efforts for secure mobile messaging platforms. There are simply too many already to event start listing them. Most of the nation states seem to be working to obtain one, with or without commercial partners. Products come and go. So far I have not seen one that touches the fundamental problem that there is a difference between mass surveillance and being actually targeted by a state level aggressor. This is a post about a few things that you would have to take into account when the game was not only about mass surveillance
Germany adopts cyber attack precautions(Deutsche Welle) Minimum precautions to ward off cyber attacks have been imposed on 2,000 German institutions listed as "critical infrastructure." Parliament's upper chamber has also endorsed residency for 30,000 foreigners
The cyber defense crisis(Washington Post) Anyone who has ever filled out standard form 86 will attest that it is arduous. This 127-page "Questionnaire for National Security Positions" is part of the process of being cleared to handle the secrets of the U.S. government
The Lawfare Podcast: Admiral Bob Day on Cybersecurity and Accountability(Lawfare) Last month, I attended a briefing given by members of the Virginia Cyber Commission hosted by the Northern Virginia Technology Council. I was impressed by what I heard. So we invited the Commission's Executive Director, Rear Admiral Bob Day (USCG, Ret.) to come tell us more about the Commission's work and the upcoming release of its report later this month. But first, some background on the Commission
At The NSA, A Rising Star's Commitment To Faith — And Public Service(NPR) As Chief Risk Officer at the National Security Agency, Anne Neuberger has reason to think carefully about questions of how far the agency should go in collecting intelligence: Not far enough, and U.S. national security is at risk. Too far, and Americans' civil liberties are at risk
New Case Highlights Deep Hole in Cyber Insurance Policies(JDSupra) Insurance policies covering data breach liability began appearing roughly ten years ago. We noted then a troublesome provision in some forms that seemed to exclude coverage for the insured's failure to maintain data security
CIOs Will Have to Defend Cybersecurity Policies in Court(Wall Street Journal) Time to lawyer up, CIOs. As Donna Seymour, CIO of the U.S. Office of Personnel Management faces a lawsuit for her role in failing to protect millions of personal data files of employees, CIOs generally should expect to be sued in increasing numbers over cybersecurity issues, one attorney says
How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack(BGPMon) As part of the Hacking Team fall out and all the details published on Wikileaks, it became public knowledge that Hacking Team helped one of their customers Special Operations Group (ROS), regain access to Remote Access Tool (RAT) clients. ROS recommended using BGP hijacking and Hacking Team helped with the setup of new RAT CnC servers
Four men arrested by Cyber Crime Unit(KNOE) Attorney General James D. "Buddy" Caldwell announced Friday that four men have been arrested for crimes against children following joint law enforcement investigations involving the Attorney General's Cyber Crime Unit
How 153 robocalls cost one company $229,500(Naked Security) One of the biggest annoyances of the modern era has to be the amount of spam we receive. Coming in many forms, we have become quite adept at filtering it out, using tech to deal with the email variety and the bin for the paper-based form
The Pirate Bay Founders Free of Criminal Copyright Case(Hacker News) The four co-founders of The Pirate Bay, the world's most popular torrent website, have been cleared of charges alleging criminal copyright infringement and abuse of electronic communications in a Belgian court
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Securing Your Digital Assets(New York, New York, USA, July 14, 2015) Privacy and data security are a growing concern across all industries, and any breach of corporate or personal digital assets threatens financial and reputational harm. With all of the news and educational...
The APTs are coming(New York, New York, USA, July 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort,...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.