The actual provenance of the Cyber Caliphate (known for attacks on small-market US media outlets and other poorly defended targets) has been a matter of some dispute. While doubtless "objectively" serving some ISIS interests, the group is being called out (by iSight Partners) as a Russian false flag operation.
Russian security services are also the usual (and plausible) suspects in hostile probes of Latvian government websites.
The US NSA Director expects more attacks like the one that compromised OPM. OPM's new director promises to do more to help the victims; she's offered legislative help to make good on her promise.
As the Hacking Team hack moves into litigation (former employees are in the company's legal crosshairs) Dark Reading outlines some of the incident's lasting effects, among which is Flash's probable final eclipse. The Internet Storm Center speculates about where hackers will turn post-Flash.
Researchers demonstrate vulnerability in the RC-4 encryption algorithm. Symantec finds a new tool, "SeaDuke," in the Duke APT group's kit. Kaspersky outlines TeslaCrypt 2.0's "curious behavior. Blue Coat continues descriptions of "shady" top-level domains.
Lloyds estimates insurance costs of a major cyber attack on the US power grid. Control Global thinks it's a nice, and important, try, but that Lloyds has their figures wrong: the exposure's probably worse than feared.
Pending cyber export controls in both the US and Australia attract opposition. The US deadline to comment on Wassenaar is next Wednesday.
The Darkode takedown brings seventy arrests. (One of the bigger collars is a Carnegie-Mellon sophomore.)
Today's issue includes events affecting Australia, Bosnia, Brazil, China, Denmark, Egypt, Ethiopia, Finland, Germany, Iraq, Israel, Republic of Korea, Latvia, Malta, Russia, Slovenia, Sudan, Syria, United Arab Emirates, United Kingdom, United Nations, United States, and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
These cyberhackers may not be backed by ISIS(CNBC) Early this year, a group calling itself the "Cyber Caliphate" claimed responsibility for hacks into the Twitter accounts of The Albuquerque Journal and Maryland's WBOC 16 TV station. On its Facebook page, the group's message seethed with ISIS-inspired rage: "You'll see no mercy infidels. We are already here, we are in your PCs, in each house, in each office," the group wrote
Government website comes under cyber-attack suspicion(Public Broadcasting of Latvia) A cyber attack, possibly of Russian origin, was directed yesterday against the main homepage of Latvia's government, the Cabinet of Ministers. The attack started on July 14 at 12 PM and lasted for 14 hours
Chinese Attack on USIS Exploiting SAP Vulnerability(ERPScan) On 11th of May, a security headline broke out in the news, it was about an attack on USIS (U.S. Investigations Services) conducted potentially by Chinese state-sponsored hackers via a vulnerability in SAP Software
TeslaCrypt 2.0 makes it impossible to decrypt affected files(Help Net Security) Kaspersky Lab has detected curious behavior in a new threat from the TeslaCrypt ransomware encryptor family. In version 2.0 of the Trojan notorious for infecting computer gamers, it displays an HTML page in the web browser which is an exact copy of CryptoWall 3.0, another ransomware program
Exploring .XYZ (Another Shady TLD Report)(Blue Coat) It's been a couple of months since the last post in our "Shady TLD" series, with plenty of interesting candidates for another expedition, but other R&D kept getting in the way. Then, last week, I saw a short post from Adnan in our internal blog, which included several ".XYZ" sites, and that tipped the balance in favor of choosing this top level domain for analysis. So here we go
After Flash, what will exploit kits focus on next?(Internet Storm Center) Adobe has received some bad publicity regarding zero-day Flash player exploits due to the recent Hacking Team compromise. This certainly isn't the first time Adobe has had such issues. With HTML5 video as an alternative to Flash player, one might wonder how long Flash player will be relevant. Google has announced the next stable version of Chrome will block auto-playing Flash elements, and Firefox started blacklisting Flash player plugins earlier this week. With people like Facebook's chief security officer calling for Adobe to announce an end-of-life date for Flash, I've been wondering about the future of Flash player
Epic Games forums hacked, user data stolen(Help Net Security) The forums of popular game development company Epic Games have been hacked, and the users' username, email address, password and date of birth have likely been compromised
Reacting to Potential Attacks(In Homeland Security) Last week several computer-related glitches hit United Airlines, the New York Stock Exchange, and the Wall Street Journal prompting many to speculate that these entities were the subject of a cyber attack. All three were able to resume normal operations later in the day and each went on to state that they faced several issues that weren't related to an attack. Officials from the Department of Homeland Security went on to publicly back these statements; however some, including members of congress, remain skeptical of the press releases
9 Spectacular Cloud Computing Fails(InformationWeek) For some of you, the cloud failures listed here may simply highlight areas where cloud service providers need to grow or adapt in order to better service their customers. For others, the examples may be more personal, as your data or applications may have been affected
Security Patches, Mitigations, and Software Updates
OpenSSL CVE-2015-1793: Separating Fact from Hype(TrendLabs Security Intelligence Blog) A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9
The technical limitations of the Lloyd's Cyber report on the insurance implications of cyber attack on the US Power Grid(Control) The Lloyd's report on cyber implications of the electric grid serves a very important need to understand the insurance implications of a cyber attack against the electric grid. There have already been more than 250 control system cyber incidents in the electric industry including 5 major cyber-related electric outages in the US. There have been numerous studies on the economic impact of various outage durations, but they have not addressed issues associated with malicious causes. Consequently, there is a need to address the missing "malicious" aspects of grid outages. Unfortunately, I believe the technical aspects of the hypothesized attack in the Lloyd's study are too flawed to be used
CrowdStrike Wins Patent, Raises $100M for Next-Gen Endpoint Security(The VAR Guy) CrowdStrike has been hard at work protecting endpoints from threats with its security software, and now the Irvine, California-based company has protected its own technology with a new patent. The company also has secured $100 million more in funding from notable investors — including Google Capital — for its endpoint security strategy and solutions
Rackspace makes investment in cybersecurity firm CrowdStrike(San Antonio Business Journal) Rackspace really believes that cybersecurity firm CrowdStrike has the best platform for protecting its operations in the cloud. So much so that the company has announced a "significant" investment in the Irvine, California-based company's $100 million Series C financing round
Computer Sciences (CSC) Files Form 10 For Expected Spin-Off(Street Insider) Computer Sciences Corporation (NYSE: CSC) announced a milestone in the planned spin-off of its U.S. public sector business into a separate, publicly traded company with the filing of an initial Form 10 Registration Statement (Form 10) with the U.S. Securities and Exchange Commission
McCain raises concerns about possible China bid for Micron Tech(Reuters) Republican U.S. Senator John McCain on Wednesday raised concerns about the potential national security implications of a proposed bid by China's Tsinghua Unigroup Ltd's [TSHUAA.UL] to acquire U.S. chip maker Micron Technology Inc (MU.O), and called for a thorough U.S. review
Kaine named CEO of Delta Risk(PE Hub) Delta Risk LLC said Monday that Scott Kaine was named CEO effective immediately. Most recently, Kaine served as president of Cyveillance. San Antonio, Texas-based Delta Risk provides cybersecurity and risk management services to government and private sector clients worldwide. Delta Risk, in April, received a growth capital investment from a group of private equity investors affiliated with The Chertoff Group
IKANOW Optimizes Enterprise Security with Updated Analytics Platform(Nasdaq) IKANOW, which helps Fortune 1000 organizations continuously optimize enterprise cyber security, today released key updates to its Enterprise Edition Information Security Analytics platform. This new release enhances several features critical to cybersecurity applications
Applying Threat Intelligence Research: Romancing the SIEM(Dark Matters) When my team released our threat intelligence program research at RSA Conference earlier this year, we were hit with a sudden rush of requests to apply the lessons we learned in building the program framework to various enterprise profiles
Flash. Must. Die.(Wired) Adobe Flash — that insecure, ubiquitous resource hog everyone hates to need — is under siege, again, and hopefully for the last time. The latest calls for its retirement come from some of the Internet's most powerful players, but if the combined clattering of Facebook, Firefox, and a legion of unsatisfied users isn't enough finally to put it in the ground, scroll down to see how to axe it from your devices yourself
IU researcher develops mathematical framework to analyze 'controlled chaos'(FierceBigData) A researcher at Indiana University has developed a new method for analyzing "controlled chaos," which they define as "how interactions among highly complex systems affect their operation and vulnerability." Filippo Radicchi and his new mathematical framework "untangles multiple complex systems by pulling apart each network, or graph, for individual analysis, and then reconstructing an overall picture
A 'cyber superpower' prepares for war(E&E) A group of Israeli soldiers gathers around a miniature city replete with houses, traffic lights and a nuclear plant. A toy train circles the town
Why Indian intelligence uses small companies like Sunworks Consultants for spying technology(Economic Times) There's nothing remotely James Bond-like about the drab corner in Gurgaon. But then, what better cover for a spot of cloak-and-dagger activity? Perhaps, for this is the home of Sunworks Consultants, which says it provides IT services to the healthcare and telecom space. But in a series of emails to Italian spyware firm Hacking Team, the company negotiated for high-end surveillance equipment that it said it was buying for the Research & Analysis Wing, India's intelligence agency
"International Cyber Stability" and the UN Group of Governmental Experts(Just Security) In recent months, the United States has been pushing a new policy of "international cyber stability." In a speech in Seoul in May, Secretary of State John Kerry explained that this goal requires "broad consensus on where to draw the line between responsible and irresponsible behavior." To define the line, the United States proposed several norms that states should observe in peacetime, and according to media reports, the UN Group of Governmental Experts (GGE) has adopted several of the norms, which will be included in a forthcoming consensus report
FNC can help find balance on social media and privacy(The National) The immediacy of social media, where in a matter of seconds a smartphone can post images or video on Facebook or Twitter, does not always sit well with the high value placed on privacy in our culture. This can lead to problems, as demonstrated this week by the deportation of an Australian woman in Abu Dhabi who made insulting comments while posting a photograph of a car taking up two disabled parking bays
Proactive Disclosure Pilot Launches(US Department of Justice) This past Fourth of July marked the 49th anniversary of the signing of the Freedom of Information Act (FOIA), which as President Obama declared, "is the most prominent expression of a profound national commitment to ensuring an open Government." In celebration of this milestone in the history of this important law, today, the Department of Justice is pleased to announce the launch of a new pilot program at seven agencies designed to test the feasibility of posting online FOIA responses so that they are available not just to the individual requester, but to the general public as well
New OPM Director Promises to Improve Response to Data Breach(Government Executive) On her third full day as acting director of the Office of Personnel Management, Beth Cobert told labor leaders and agency supervisors that she herself was a victim of the recent data breach, and promised to "do everything we can do restore trust and confidence" in the government's personnel and data security capabilities
McDew: Companies' cyber weaknesses threaten TRANSCOM(Air Force Times) Air Force Gen. Darren McDew, the nominee to be the next commander of U.S. Transportation Command, highlighted Tuesday the risk of cyberattacks from hostile countries as one of his top concerns in his potential new role
Why and How Congress Should Outlaw Revenge Porn(Information Technology and Innovation Foundation) The distribution of sexually explicit images without the subject?s consent, commonly referred to as "revenge porn," currently exists in a legal gray area throughout much of the United States, where victims have few options for recourse and perpetrators go unpunished
Senior Executive Service Announcements(US Department of Defense) Aaron Hughes has been appointed as the deputy assistant secretary of defense for cyber policy, Washington, District of Columbia. Hughes previously served as vice president, intelligence community support, In-Q-Tel, Arlington, Virginia
The Darkode Cybercrime Forum, Up Close(KrebsOnSecurity) By now, many of you loyal KrebsOnSecurity readers have seen stories in the mainstream press about the coordinated global law enforcement takedown of Darkode[dot]me, an English-language cybercrime forum that served as a breeding ground for botnets, malware and just about every other form of virtual badness. This post is an attempt to distill several years' worth of lurking on this forum into a narrative that hopefully sheds light on the individuals apprehended in this sting and the cybercrime forum scene in general
Meet The Hacking Team Alumni Fighting Their Old Overlord And Its Spyware(Forbes) Hacking Team, the Italian government spyware provider that has been publicly dismantled this month after suffering a devastating attack, is staying positive, painting itself as a good guy under attack from evil forces. Eric Rabe, the mouthpiece for the firm, wants the world to know all is well at Hacking Team, saying its employees are pulling together to ensure its customers, whether that's the FBI or Ethiopia or Russia's secret police, can continue to track down terrorists and drug dealers using its "lawful intercept" software
DDOS — UK Teenager Sentenced Over 'Biggest' Web Attack(Team Cymru) British teenager Seth Nolan Mcdonagh, aka "Narko", has been sentenced for his part in what was dubbed at the time the "biggest cyber attack in history". The distributed denial of service attack (DDoS) on Spamhaus in 2013 peaked at 300Gbps, choking the London Internet Exchange (LINX), and causing the anti-spam service to take cover behind Cloudflare’s DDoS mitigation infrastructure
Google slip reveals why people exercise their "right to be forgotten"(Naked Security) When the European Court of Justice (ECJ) ordered Google to remove links to two web pages last year, in a ruling that kicked off the "right to be forgotten," I'm sure I was not alone in thinking that the main beneficiaries would be criminals, politicians and other high-profile figures
City of Sacramento slapped with restraining order to protect public records(FierceContentManagement) The City of Sacramento is the latest in a string of governmental offices being told to rein in their indiscriminate email deletion policies. A Sacramento Superior Court judge agreed to a temporary restraining order to prevent the City from removing emails from its server pending a review of the situation
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
SINET 16 Application Deadline(San Francisco, California, USA, July 17, 2015) Innovative solutions frequently come from new and small companies. Our goal is to provide entrepreneurs from all over the world an opportunity to increase their product awareness to a select audience of...
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
The APTs are coming(New York, New York, USA, July 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort,...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
Black Hat USA(Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...
ISSA CISO Forum: Third Party Oversight(Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...
BSides Las Vegas(Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...
Defcon 23(Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security(Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...
5th Annual Cyber Security Training & Technology Forum (CSTTF)(Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...
Decepticon 2015(Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...
AFCEA OKC Technology & Cyber Security Day(Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...
Power Grid Cyber Security Exchange 2015(San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...
2015 HTCIA International Conference & Training Expo(Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015(Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.