Bulgarian police arrest a Syrian student in connection with Islamist hacktivism. Social media and other IT companies wrestle with the tension between supporting free speech (and, unmentioned, but surely operative here, free commerce) and enabling ISIS information operations. (The discussion will sharpen as investigation into yesterday's sad murder of four US Marines in Tennessee proceeds.)
Researchers show ways of obfuscating malicious code in HTML5 for drive-by attacks.
A bogus error message purporting to be a "crash report" is turning up on iOS devices. It is, of course, phishbait for hooking users into calling an equally bogus "tech support" number.
Palo Alto describes "MiniDionis," apparently a new campaign by the CozyDuke/CozyCar threat actors.
We know, we know, anyone who warns of problems in Wikileaks is probably stooging for the Man, but we'll pass on a warning anyway: those Stratfor documents stolen a few years ago are reported to harbor a dangerous amount of malware. Caveat lector.
iSight Partners says CVE-2015-2424, patched this week by Microsoft, is being exploited in the wild by the Russian espionage group "Tsar Team."
The Andromeda botmasters, having corralled enough bots, launch an aggressive point-of-sale crime spree with "GamaPOS" malware.
Siemens energy automation devices are found susceptible to authentication bypass.
Flash and Java were both patched, but both face increasing dissatisfaction and pessimism over their security.
The Hacking Team incident raises concerns about third-party security.
The US Department of the Interior tells Congress it dodged a cyber bullet. (Fusillade is more like it.)
Wassenaar approaches; concerns mount.
Today's issue includes events affecting Australia, Azerbaijan, Bulgaria, Czech Republic, Egypt, Holy See, Iraq, Italy, Kazakhstan, Russia, Sudan, Syria, United Kingdom, United States, and Uzbekistan.
Cyber Attacks, Threats, and Vulnerabilities
'Cyber Army' hacker arrested, says Bulgaria(Deutsche Welle) Bulgaria says it has arrested a hacker suspected of belonging to an Islamist network that targeted more than 3,500 websites worldwide. Bulgarian public radio says the suspect is a resident student originally from Syria
Researchers prove HTML5 can be used to hide malware(Help Net Security) A group of Italian researchers have come up with new obfuscation techniques that can be used to dupe malware detection systems and allow malicious actors to execute successful drive-by download attacks
Fake News App in Hacking Team Dump Designed to Bypass Google Play(TrendLabs Security Intelligence Blog) We analyzed the recent Hacking Team dump and found a sample of a fake news app that appears to be designed to circumvent filtering in Google Play. This is following news that iOS devices are at risk of spyware related to the Hacking Team. The fake news app was downloaded up to 50 times before it was removed from Google Play on July 7
Microsoft Office Zero-Day CVE-2015-2424 Leveraged By Tsar Team(iSIGHT Partners) Yesterday, Microsoft patched CVE-2015-2424, a vulnerability in Microsoft Office discovered by iSIGHT Partners while monitoring the Russian cyber espionage team we call Tsar Team. When we found the exploit it appeared to be under development and evidence suggests it was deployed in Georgia. Following discovery, we alerted our customers and began working with Microsoft through the responsible disclosure process
New GamaPoS malware targets US companies(Help Net Security) After dedicating their efforts to swelling the number of computers roped into their malicious net, the masters of the Andromeda botnet are putting it to use by delivering a new family of PoS malware to as many PoS systems as they can
New GamaPoS Malware Piggybacks on Andromeda Botnet; Spreads in 13 US States(TrendLabs Security Intelligence Blog) We discovered GamaPoS, a new breed of point-of-sale (PoS) threat currently spreading across the United States and Canada through the Andromeda botnet. GamaPoS is the latest in a long list of threats that scrape off credit card data from PoS systems. Compared to its predecessors, GamaPoS uses malware coded using the .NET framework — a first in PoS threats
Researchers Intercepted a New Backdoor Called 'Matsnu'(Spamfighter) Blog[dot]checkpoint[dot]com reported on 2nd July, 2015 stating that researcher at security firm Check Point, Stanislav Skuratovich recently discovered a new malware known as "Matsnu" which is an infector which acts like a backdoor after it infiltrates a computer system
Java Back In The Bullseye(Dark Reading) Adobe Flash may be all the attack rage lately, but Oracle's new pile of patches — including one for an 0day spotted in the wild — highlight how Java remains an attractive target
Just get rid of Java finally(CSO) Headlines about Adobe Flash zero-day exploits and calls for the execution of Adobe Flash dominated headlines over the past week or so in the wake of the Hacking Team hack. Meanwhile, Oracle pushed out a security update. The Oracle update fixed 193 security vulnerabilities — yes one, nine, three…just seven short of 200 — including 25 just for Java. While we're tossing Adobe Flash overboard let's send Java with it
Third-Party Insiders: Compliance as the First Step to Trust(IBM Security Intelligence) Many reports on security breaches treat malicious insiders and third-party threats like two separate risks. Nowadays, however, it can be difficult to determine who is actually an inside member of your organization and who is an outsider. The distinction between inside and outside is disappearing under the influence of new business models and connecting technologies
What's keeping security experts awake at night?(Naked Security) What's keeping you awake at night? Gartner polls top-level security expertsEnterprises will pour more than $71 billion into infosec this year but are still get clobbered by crippling data breaches such as Sony's or Anthem's. Why?
The CIO's real security headache(Tech Republic) Too many security technologies overlap or much worse leave gaps in between that could let hackers through. We need a more coordinated approach, and fast
Infosec Influencers: An Interview with Bruce Schneier(Tripwire: the State of Security) This week, as part of our new "Infosec Influencer" series, I had the pleasure of sitting down with Bruce Schneier, an internationally renowned security technologist and one of The State of Security's Top Influencers in Security You Should Be Following in 2015
The Cybersecurity Canon: Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats(Palo Alto Networks) Cybercrime and Espionage, published in 2011, is a book that was ahead of its time. The authors were pushing the envelope in terms of how the security community should think about advanced threats. However, almost five years later, there is not enough in here to make the book Cybersecurity Canon material. Gragido and Pirc present some stimulating ideas, but in the end, the security community has not adopted many of them
How to become cyber resilient quickly and remain in full control(Fox IT) Successful and effective cyber security is not only about tools, but (increasingly) about the processes and people to operate those tools effectively. While organizations used to buy security tools and believed this would be sufficient, they increasingly realize that running the actual Cyber Security Operations (CSO) with the right people is necessary to benefit from those tools
EdgeWave Receives Two Gold Medals at 10th Annual 2015 IT World Awards(Virtual Strategy Magazine) EdgeWave®, a San Diego-based leading cyber security firm, announced today that Network Products Guide, one of the industry's leading technology research and advisory guides, has named EdgeWave a double Gold winner in the 2015 IT World Awards for Hot Companies and Best Products. EdgeWave ePrism® Email Security™ was named Best Email Security Product and EdgeWave iPrism® Web Gateway™ was named Best Web Security Product
Technologies, Techniques, and Standards
Process Explorer and VirusTotal(Internet Storm Center) About a year ago, Rob had a diary entry about checking a file from Process Explorer with VirusTotal. Did you know you can have all EXEs of running processes scanned with VirusTotal?
Understanding PCI compliance fines: Who is in charge of enforcing PCI?(Help Net Security) If your business stores, processes, or transmits data from payment cards, then you are subject to the requirements of the PCI DSS. This set of security controls is designed to help merchants combat data theft, protecting both consumers and merchants' own reputations. When a business fails to satisfy those rules, they can be subject to significant financial penalties. But who exactly is in charge of enforcing PCI?
Top 5 Success Factors for Cybersecurity Management Programs(Cisco Security Blog) Several years ago, an employee at an organization I worked for was terminated from his job, effective immediately. While being escorted from the facility this user picked up "his" backup media and started to leave the building
Cyber Security for SMEs(SME) Cyber risk is the risk of an incident resulting from the use of computers and the internet: the loss or theft of personal data, the theft of trade secrets and commercially sensitive information, business interruption, intellectual property infringement, physical damage, personal injury, defamation and extortion. Nick Gibbons, partner at BLM writes for SME
Stepping Up Security Risk Management Practices(SecurityWeek) Targeted and highly sophisticated cyber-attacks are compelling security practitioners to change the way they deal with evolving threats. The damages associated with breaches are motivating companies to transition from a check-box mentality to a pro-active, risk-based approach to security. This means that security risk management needs to advance beyond traditional yearly assessments
IoT is the password killer we've been waiting for(IT World) IoT, with its tiny screens & headless devices, will drive an authentication revolution. It's a short leap from the kind of two-factor authentication used on the Apple Watch to proximity-based authentication that does away with any user interaction. Passwords are just the canary in the coalmine
Can Cybercompetitions Help Grow Local Security Talent?(Government Technology) Hiring cybersecurity staff is difficult, but federal, state and local governments are working with nonprofits to encourage the development of cybersecurity skills through individual and team competitions
Security of the U.S. Department of the Interior's Publicly Accessible Information Technology Systems(Office of the Inspector General, US Department of the Interior) Defense in Depth is a widely recognized best practice for protecting critical information technology (IT) assets from loss or disruption by implementing overlapping security controls. The concept of Defense in Depth is that if one control fails then another is in place to either prevent or limit the adverse effect of an inevitable cyber attack. We found that three U.S. Department of the Interior (Department) Bureaus had not implemented effective Defense in Depth measures to protect key IT assets from Internet-based cyber attacks
DoD CIO Discusses Pentagon Wireless, Mobility Programs(DoD News) Part of Defense Department Chief Information Officer Terry Halvorsen's work these days involves launching the Pentagon's first wireless network and managing the rollout of "secure enough" mobile devices, he told an audience here recently
Cybersecurity task force looks to next administration(Federal Times) A group of former feds and industry experts are getting together to ensure major cybersecurity initiatives don't fall through the cracks as more candidates pile into the 2016 race and Washington prepares for a transition in leadership
Can big data combat a Pentagon insider threat?(C4ISR & Networks) Keeping tabs on workers in contact with the federal government is high priority in an era that is not only post-Edward Snowden, but post-Fort Hood, post-Navy Yard and generally post-general-sense-of-security. The government's struggles to maintain thorough backgrounds of its workers are well-documented, but now officials hope the use of big data will fix many of the problems
Two Charts Show How the Drug War Drives US Domestic Spying(Wired) There's a reason the television show The Wire wasn't just called "The Cops vs. Drug Dealers Show." Law enforcement's surveillance in America — and particularly its ever-increasing use of wiretaps — have been primarily driven for the last 25 years by drug cases. And as the chart above shows, that's now truer than ever before
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
PragueCrunch IV: The Enpraguening(Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...
BSides Raleigh(Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional...
Passwords 2015(University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.
SINET 16 Application Deadline(San Francisco, California, USA, July 17, 2015) Innovative solutions frequently come from new and small companies. Our goal is to provide entrepreneurs from all over the world an opportunity to increase their product awareness to a select audience of...
TakeDownCon Rocket City(Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...
The APTs are coming(New York, New York, USA, July 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort,...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
CyberMontgomery 2015(Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...
Black Hat USA(Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...
ISSA CISO Forum: Third Party Oversight(Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...
BSides Las Vegas(Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...
Defcon 23(Las Vegas, Nevada, USA, August 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security(Washington, D.C., USA, August 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer...
5th Annual Cyber Security Training & Technology Forum (CSTTF)(Colorado Springs, Colorado, USA, August 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring...
Decepticon 2015(Cambridge, England, UK, August 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines,...
AFCEA OKC Technology & Cyber Security Day(Oklahoma City, Oklahoma, USA, August 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker...
Power Grid Cyber Security Exchange 2015(San Diego, California, USA, August 30 - September 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology...
2015 HTCIA International Conference & Training Expo(Orlando, Florida, USA, August 30 - September 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015(Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.