US and Canadian authorities open investigations into the on-going wave of Caliphate-themed low-grade cyber vandalism hitting North American websites.
The US State Department continues to grapple with its compromised email system. The long-standing intrusions are allegedly the work of Russian intelligence organs.
The Internet Storm Center describes the current state-of-play in malware stealth and evasion. Analysts report the evolution of VBA malicious documents to incorporate sandbox and virtualization detection.
The MongoDB tool, phpMoAdmin, is reported vulnerable to remote code execution.
Analysts recap the history of the FREAK vulnerability, "from discovery to mitigation."
Malwarebytes warns Facebook users of a worm (a member of the "Kilim" family) that enrolls infected machines into a botnet. (The bait is "scandalous photos of teenagers" — don't take it.)
Trend Micro reports an unpleasant evolutionary development in ransomware: "VIRLOCK" not only locks the victim device, but infects its files as well, which Trend Labs claims is a ransomware first.
Another USB threat is demonstrated as a proof-of-concept: this one destroys ("fries") hardware.
SecurityWeek mulls the problem of reputational damage caused by cyber attack.
Several bits of product news appear. Blackberry's partnership with IBM and Samsung yields a new, security-optimized, tablet. Google watchers believe they've spotted a VPN service in Android 5.1. Yahoo moves forward with plans to offer end-to-end encrypted email by year's end.
The US National Association of Insurance Commissioners issues "Principles for Effective Cybersecurity Regulatory Guidance.
Industry analysts offer perspective on the operational use of threat intelligence.
German police collar a major darkweb drug ring.
Today's issue includes events affecting Canada, China, Germany, India, Iraq, Japan, Russia, Syria, Turkey, United Kingdom, United States.
SINET's ITSEF conference opens tomorrow, and the CyberWire will be there to cover it. We'll be live-tweeting from the event, and on Wednesday our editor will moderate a panel on emerging trends in cyber attack.
State Dept. Shuts Down Email After Cyber Attack(ABC News) The State Department shut down large parts of its unclassified email system today in a final attempt to rid it of malware believed to have been inserted by Russian hackers in what has become one of the most serious cyber intrusions in the department's history, U.S. officials told ABC News
Maldoc VBA Sandbox/Virtualization Detection(Internet Storm Center) As could be expected, we witness an arms race when observing the evolution of VBA malicious documents. First the VBA code was trivially simple (download and execute), then obfuscation was added (strings and code), and now we see more attempts to evade detection
The FREAK Vulnerability: From Discovery to Mitigation(Infosec Institute) A few weeks ago, security experts discovered a new major security SSL/TLS vulnerability, dubbed FREAK, that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of legitimate and secure websites
VIRLOCK Combines File Infection and Ransomware(TrendLabs Security Intelligence Blog) Ransomware has become one of the biggest problems for end users are as of late. In the past months alone, we have reported on several variants of both ransomware and crypto-ransomware, each with their own "unique" routines. We recently came across one malware family, detected as PE_VIRLOCK, as that not only locks the computer screen but also infects files — a first for ransomware
Malicious Android App Fakes Shutdown and Allows Bad Guys to Take Control(Trend Micro: Simply Security) The more our lives become dependent on mobile devices like Android smartphones, the more important it is to have mobile security to protect them and our digital lives. This is not just a concern for the future, but affects many users today in ways they could never have anticipated
Pssst: Wanna Buy a Used Spy Website?(Wired) The names suggest a parade of a C-list websites. There was NewJunk4U.com and Monster-Ads.net, CoffeeHausBlog.com and SuddenPlot.com. But, these sad-sounding domains actually were artful creations of the National Security Agency: They were fronts for distributing and controlling government malware around the world
Security Patches, Mitigations, and Software Updates
Apple iOS 8.2 Has Two Nasty Surprises(Forbes) iOS 8.2 gets a lot right. Don't let the Apple AAPL -0.72% Watch compatibility fool you, the update is mostly about optimisations and bug fixes and in this regard it is the company's most diligent release to date. Yet 24 hours on what has become clear is that there are two nasty surprises awaiting users
Bypassing ASLR with CVE-2015-0071: An Out-of-Bounds Read Vulnerability(TrendLabs Threat Intelligence Blog) Almost every Patch Tuesday cycle contains one bulletin that (for convenience) rolls up multiple Internet Explorer vulnerabilities into a single bulletin. February?s Patch Tuesday cumulative IE bulletin (MS15-009) included a fix for a particularly interesting vulnerability that could be used to bypass one of the key anti-exploit technologies in use today, address space layout randomization (ASLR)
Online trust is at the breaking point(Help Net Security) IT security professionals around the globe believe the system of trust established by cryptographic keys and digital certificates, as well as the security of trillions of dollars of the world's economy, is at the breaking point
Survey: 54% of Patients Would Switch Providers After Data Breach(HIT Consultant) 54 percent of patients say they would be "very" or "moderately likely" to change providers after a security data breach impacting their personal health information, according to a recent survey conducted by Software Advice. In light of recent high-profile security breaches at medical organizations such as Anthem, Software Advice surveyed patients on their fears of a breach, and explored how software solutions can minimize data security risks
Chief Data Officers — The Case for the Defence(WillisWire) A large number of financial institutions (FIs) have appointed chief data officers (CDOs) over the past couple of years. I know a few of them and while they come from a wide variety of backgrounds — some technical, some business, some 'data geek' — they share a common belief that an organization's data is one of its most important assets. They would like to be shaping their data agenda to help drive business growth, even business transformation. However, most of them find themselves fighting a rearguard action, focusing on the basics, laying fundamental foundations without which the 'clever stuff' is no more than a pipe dream
CyberArk Tumbles after Pricing 4M Secondary Public Offering(Zacks) Shares of the global IT security software solution provider, CyberArk Software Ltd. (CYBR - Snapshot Report) declined approximately 7% yesterday after the company announced the pricing of the secondary public offering registered last month
Business Briefs: Pindrop Security Raises $35 Million(India West) Atlanta, Ga.-based Pindrop Security, a provider of phone fraud prevention and call center authentication, has raised $35 million in series "B" round funding led by Institutional Venture Partners, with participation by existing investors Andreessen Horowitz, Citi Ventures, Felicis Ventures, Redpoint Ventures and Webb Investment Network
Investigating and Detecting Command and Control Servers(TrendLabs Security Intelligence Blog) Information about the overall threat landscape can be gathered from many sources. One useful method is by looking at the overall activity of botnet command-and-control (C&C) servers, as used both in targeted attacks and in attacks against the broader Internet user base
Deconstructing Threat Models: 3 Tips(Dark Reading) There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when
Listen to your employees or deal with shadow IT(Help Net Security) Data leakage, compliance breaches, business inefficiency and hidden costs are just some of the risks organizations are leaving themselves open to by not meeting the IT demands of their workforce
Hey Twitter, Kiling Anonymity's a Dumb Way to Fight Trolls(Wired) Tor users started reporting last week that they are being prompted more frequently than ever for a phone number confirmation when creating a new Twitter account — or in some cases when using a long-standing account. This development is disastrous for the free speech the platform generally stands for, and will likely not curb the abuse for which it has come under fire. If this change was targeted at that harassment — addressing the leaked acknowledgment from CEO Dick Costolo that "We suck at dealing with abuse and trolls on the platform and we?ve sucked at it for years" — it's a dangerous example of the Politician's Syllogism: we must do something; this is something; therefore, we must do this
China put its crackdown on foreign tech companies on hold — for now(Quartz) China's proposed law that would require tech companies to help the government spy on their users has been put on hold, according to the White House's top cybersecurity official. The controversial law would have required foreign tech companies wishing to do business in China to make their encryption keys available to authorities, and build special "back doors" in their software to enable Chinese government surveillance
Wyden blasts cyber threat-sharing bill(The Hill) Sen. Ron Wyden (D-Ore.) lambasted a controversial cybersecurity threat-sharing measure after it passed the Senate Intelligence Committee on Thursday
Q&A With The Congresswoman Taking On Gamergate(TechCrunch) Earlier this week, Massachusetts Rep. Katherine Clark called other members of Congress to sign a letter with her that demands the FBI crack down on cyberstalking and online harassment
Cyber force grows, along with retention concerns(Military Times) The military's effort to build a 6,200-strong force of cyber warriors is well underway, but questions remain about long-term retention of the highly skilled troops who will have big opportunities in the private sector
The Crooked Path to Determining Liability in Data Breach Cases(Wired) From the high-stakes international intrigue and political espionage of Stuxnet, to the Sony hack of late 2014, which was first tentatively credited to pranksters, and later to conceded to North Korean hackers, the past few years have showcased pretty much every existing version, and underlying motive of cyber-attack — from outright warfare to hacktivist vandalism — all over the news headlines
Three Data Breach Trends to Watch for 2015(Legal Intelligencer) With 2014 dubbed the "year of the data breach," questions loom over corporations for 2015: When will it happen to us? Are our security measures adequate? Will we be prepared for the fallout? The law is hurrying to keep up with the rapid pace of these leaks and attacks, and it is difficult to predict how data breach scenarios will play out in the future. Here is a snapshot of what we might expect to see this year in this area of the law
Assuring Authority for Courts to Shut Down Botnets(US Department of Justice) In our first post, we noted the dramatic growth over the past several years in the incidence of cybercrime that victimizes Americans. One of the most striking examples of this trend is the threat from botnets — networks of victim computers surreptitiously infected with malicious software, or "malware." Once a computer is infected with the malware, it can be controlled remotely from another computer with a so-called "command and control" server
German Police Just Made a Gigantic Dark-Web Drug Bust(Wired) If anyone had forgotten the sheer scale of the dark-web drug trade, German police just offered a helpful reminder. They've seized more than a third of a ton of narcotics from a single online drug seller — a haul that, despite its size, represents an insignificant dent in the burgeoning digital narcotics market known as Evolution
Why the Clinton Email Case Matters(Pell Center Blog) As you may have heard in the news recently, former Secretary of State Hillary Clinton did not use an official US government email with a .gov address during her entire tenure as Secretary, and instead exclusively used a ClintonEmail.com personal address for all State Department-related correspondence
Letter Calls Plea Deal for David Petraeus a 'Profound Double Standard'(New York Times) The plea deal given to retired Gen. David H. Petraeus, which spares him prison time even though he gave military secrets to his mistress, reveals a "profound double standard" in the way the Obama administration treats people who leak classified information, a lawyer for an imprisoned government contractor wrote in a letter to prosecutors
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
B-Sides Vancouver(Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between
Insider Threat 2015 Summit(Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...
2015 North Dakota Cyber Security Conference(Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...
Philadelphia SecureWorld(Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
2015 Cyber Security Summit(McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...
BSides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
B-Sides Salt Lake City(Salt Lake City, Utah, USA, March 20 - 21, 2015) B-Sides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11(Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...
Cyber Security Conference 2015(Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.