Lebanon appears to be making its debut in offensive cyber operations. Check Point discovers an APT group it's calling "Volatile Cedar" whose targets appear to be mainly Israeli.
Israel receives other unwelcome attention, this from Anonymous, which promises an "electronic Holocaust" on April 7. The threat is virtual, not physical, but that doesn't moderate the threat's tasteless language. Perhaps one seeks message discipline from an anarchist collective in vain. Passcode describes the fragmentation of those wearing the Guy Fawkes mask: North Americans are increasingly out-of-step with other regions' Anonymous cells. (North Americans are also oddly sympathetic to Islamism.) And Sabu seems to have done lasting damage to the Americans' brand with the collective — others tend to suspect them of being snitches.
GitHub's still recovering from the denial-of-service attack it's sustained since last week, which looks ever more like a Chinese government operation against censorship-evasion tools. GreatFire sees the campaign as characteristic of efforts to sustain the Great Firewall, and Netresec publishes evidence of a man-on-the-side attack. Incapsula sees a DDoS trend: 20% of such attacks now come from anonymous proxies, up from 5% a year ago.
Attribution is notoriously difficult, and so is determining cyber value-at-risk. Many enterprises and users wildly underestimate their assets' value, and a growing pool of risk managers struggles to assess that value. The Wall Street Journal describes insurer Aetna's approach to the problem. Costs of protection are also tough to track: the US Defense Department (admittedly, they've got a lot to track) can't do it.
Today's issue includes events affecting Australia, China, Estonia, European Union, Georgia, Germany, India, Iran, Israel, Democratic Peoples Republic of Korea, Latvia, Lebanon, Lithuania, Moldova, Netherlands, Pakistan, Qatar, Russia, Saudi Arabia, Singapore, Taiwan, Turkey, Ukraine, United Kingdom, United States.
The great Anonymous divide(Christian Science Monitor: Passcode) While the Guy Fawkes masks associated with Anonymous are seen at youthful protests around the world, the hacktivist collective is far from being a unified global movement
Massive DDoS against GitHub continues(Help Net Security) Popular web-based Git repository hosting service GitHub has been battling a massive DDoS attack — the biggest they have ever experienced — for the last four days
China's Man-on-the-Side Attack on GitHub(Netresec) On March 27 The following message was posted on the official GitHub blog: "We are currently experiencing the largest DDoS (distributed denial of service) attack in github.com's history. The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content." We have looked closer at this attack, and can conclude that China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub
Threat Spotlight: Dyre/Dyreza: An Analysis to Discover the DGA(Cisco Blogs) Banking and sensitive financial information is a highly coveted target for attackers because of the high value and obvious financial implications. In the past year, a large amount of attention has been centered on Point of Sale (PoS) malware due to its major role in the compromise of several retailers. While PoS malware is a major concern, attackers have also realized that targeting individual end users is an effective method of harvesting other types of financial data. As a result, banking malware has become a prevalent category of malware that poses a major threat to users and organizations of all sizes. One of the more well known examples of banking malware is Zeus
Fake Judicial Spam Leads to Backdoor with Fake Certificate Authority(TrendLabs Security Intelligence Blog) Recently, we've come across an interesting spam campaign aimed at French users. The campaign itself uses a well-crafted lure that is likely to catch the attention of its would-be victims. In addition, the malware used — the GootKit backdoor — contains several unusual technical characteristics. Both of these highlight how this campaign was quite well thought-out on the part of the attackers
Puush urges users to change passwords after cyber attack(SC Magazine) The screen sharing platform Puush was hit by a cyber attack this weekend that injected malware into a server. Users were prompted to uninstall the app and change important passwords that were stored on PCs as well as those saved in major browsers, such as Chrome and Firefox, after other users began tweeting Puush about suspicious activity
Weekend of Internet Hack Attacks Underlines Vulnerability(Top Tech News) The recent spate of hack attacks on the IT systems of British Airways, GitHub, Slack and Rutgers University are all signs of the fast-changing nature of the Internet — and the growing number of people who are capable of launching attacks on it. And cybersecurity professionals worry that such incidents are only likely to become more common in years to come
Security Attacks via Malicious QR Codes(Infosec Institute) With the increasing use of smartphones, QR codes are becoming popular. Recently, WhatsApp launched its web version, which needs QR code scanning to access the web version of WhatsApp. So, many people now know what QR code is, but still more are unaware. It is very similar to a bar code we see in products, but it does not need a different reader
Android-Viren drohen aus Drittanbieter-Stores(Com!) Über 1,5 Millionen Schadprogramme für die Android-Plattform hat der deutsche Sicherheitsspezialist G Data im vergangenen Jahr entdeckt. Eine Vielzahl davon stammt aus alternativen Drittanbieter-Stores
Ad Networks Ripe for Abuse via Malvertising(Threatpost) Dark corners of the Internet harbor trouble. They're supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors
Bulletin (SB15-089) Vulnerability Summary for the Week of March 23, 2015(US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Barracuda adds Android support in MDM platform(CSO) Barracuda Networks recently updated its mobile device management (MDM) solution. The free, cloud-based mobile device and mobile app management service now includes support for Android mobile devices as well as iOS
DDoS losses potentially £100k an hour, survey shows(ComputerWeekly) Distributed denial-of-service (DDoS) attacks could expose 40% of businesses to losses of £100,000 or more an hour at peak times, a survey by communications and analysis firm Neustar has revealed
Negotiating with Cybercriminals: 30% of Security Professionals Say They Would Pay for the Return of Their Data(ThreatTrack Security) In weighing principle vs. negotiating with cybercriminals to recover stolen or encrypted data, 30% of U.S. security professionals have concluded that getting their data back is more important. Respondents at organizations already targeted by cyberextortionists are more than three times as likely to be willing to negotiate with cybercriminals and nearly twice as likely to recommend setting aside funds for that very purpose
Cybersecurity at Aetna Is a Matter of Business Risk(CIO Journal) Security breaches have become a daily fact of digital life, prompting some companies like insurance giant Aetna Inc.AET +1.09% to approach cybersecurity as just one more business risk that needs to be managed, much as they approach fluctuating currency prices or the threat of lawsuits
Cyberguards not keen to snitch on own countries(BDLive) The $71bn cybersecurity industry is fragmenting along geopolitical lines as firms chase after government contracts, share information with spy agencies, and market themselves as protectors against attacks by other nations
When Censorship Backfires: How Blue Coat Silenced A Security Researcher(Forbes) When security researchers are silenced by governments or private companies, it's often to the detriment of technology users of all ilks. Ignorance is certainly not bliss when it comes to digital vulnerabilities. It leaves systems open to attack and, consequently, people's data open to theft
IBM Launches Major Internet Of Things Offensive(TechCrunch) IBM is wasting little time when it comes to the Internet of Things. The company outlined a major Internet of Things strategy tonight with a series of announcements that included a $3B investment to establish an Internet of Things unit inside of Big Blue along with a partnership with The Weather Company
Huawei is transforming from alleged cyber threat to household brand name(Quartz) The numbers: Net profit at the Chinese telecom company rose 32% to 27.9 billion yuan ($4.5 billion). The company expects about 10% annual growth in sales revenue over the next three to five years. It plans to spend about $60 million (paywall) on 5g technology this year, after ramping up research and development spending by almost a third last year to $6.6 billion
Security Standout Qualys Scans For Ways To Grow More(Investor's Business Daily via Nasdaq) Online security vendor Qualys is enhancing products and cross-selling more of its services to broaden and deepen a global customer base continuously more cognizant of intensifying cybersecurity threats, the company's CEO tells IBD
These BTech students crack the right codes(Times of India) Hacking means breaking into something, and ethical hacking is authorized breaking. Of late, the term 'hacker' comes with several negative connotations, but Kevin Singh always saw hacking as a challenge. "I always wanted to do something unconventional, which people are not much aware about," says the 21-year-old ethical hacker
Distil Networks Helps Companies Battle Bad Bots(Forbes) "I was working at a cloud security company and customers were asking for a way to identify real people versus bots on their websites. The company that I was with didn't tackle that problem. And so I tried to find something that would for those customers. The more I looked around, the more I realized there was a gap in the market for that service. So that's where things started in 2011," says Rami Essaid, co-founder and CEO of Distil Networks on his company's genesis
Instabill Has Joined Comodo PCI Complaince Program(Host Review) The Comodo organization, a global innovator and developer of cybersecurity solutions, today announced that Instabill, one of the industry's leading high risk merchant account providers for e-commerce and retail businesses, has joined the Comodo Painless PCI program
WatchGuard named Network Computing Awards Company of the Year 2015(IT Web) WatchGuard Technologies, a global leader in multifunction security appliances, today announced it was named Company of the Year at the 2015 Network Computing Awards. The company also received Best Hardware Product of the Year award honours for its new multifunction firewall, the Firebox M440
Security Watch: FireEye appoints first ever Asia Pac president(CSO) FireEye has the appointment of Eric Hoh as their first President of Asia Pacific Japan region. He will oversee FireEye's business operations and sales across the Asia Pacific region. He is based at the company's regional headquarters in Singapore
Products, Services, and Solutions
Army wrestles with competing intel analysis software tools(World Magazine) The military acquisition system is supposed to provide the weapons, equipment, and tools service members need to defend the country. But when it wasn't agile enough to meet a critical and fast-changing intelligence analysis need during the height of the Iraq war, some Army Special Operations units turned to a popular and effective commercial data analysis tool, setting up a showdown in Congress over meeting the troops' needs and wants
Tufin Automates Policy Orchestration for Palo Alto Networks Next-Generation Firewalls(PRNewswire) Tufin®, the leader in Security Policy Orchestration, today announced an integration with the Palo Alto Networks Next-Generation Firewall to help enterprises automate orchestration of their network security policies. This integration supports agile and risk-free policy modifications that are essential for enterprises to remain compliant and secure as networks become increasingly heterogeneous and dynamic. Tufin enables greater automation across complex, heterogeneous network and application environments
Die Cyberangriffe gezielt abwehren(Elektroteknik) Sie ist die Norm für die IT-Sicherheit: die IEC 63443. Das Konzept dahinter: Defense-in-Depth als Grundlage für eine erfolgreiche Verteidigungsstrategie. Diese setzt auf einen ganzheitlichen Ansatz zum Schutz von Produktionsanlagen
Ooredoo partners with Fortinet to offer security service(Telecompaper) Ooredoo has announced that Fortinet will be its preferred security partner. Under the managed security service provider (MSSP) agreement, Fortinet technology will be offered with Ooredoo business services, so that customers can deploy anti-spam services, firewalls, VPNs and anti-virus solutions without compromising the performance of their network
Threat Intelligence: Collecting, Analysing, Evaluating(Centre for the Protection of National Infrastructure) A diverse array of products and services, classed as Threat Intelligence, are available. To assist organisations with planning their approach to Threat Intelligence, CPNI and CERT-UK have commissioned work on this growing field
Lessons from the trenches of a cybercrisis rapid response team(Christian Science Monitor: Passcode) Many major security vendors have teams of professionals ready to aid companies under cyberattack. At IBM, calls to the hotline for its emergency response team dubbed 'Cyber 911' have tripled over the past year. Here's some advice from its team for businesses to protect themselves
ETSI to focus on Quantum Safe Cryptography(Telecom TV) European telecoms standards group ETSI has launched a new Industry Specification Group (ISG) that will focus on Quantum Safe Cryptography (QSC), in order to better safeguard the next generation of quantum computers against threats. At its first meeting last week, Mark Pecen of Approach Infinity was elected as the chairman
Securing The IT Supply Chain(TrendLabs Security Intelligence Blog) The security of an enterprise is not only dependent on the organization itself, but also on the security of their IT supply chain and contractors. These represent potential weak points into the security of any organization
New Privacy Pilot Federal Funding Opportunity(NSTIC Blogs) The NSTIC NPO has just announced a new funding opportunity with a special focus on privacy enhancing technologies. NSTIC is soliciting applications from eligible applicants to pilot privacy-enhancing technologies that embrace and advance the NSTIC vision and contribute to the maturity of the Identity Ecosystem the NSTIC envisions: promote secure, privacy-enhancing, and user-friendly ways to give individuals and organizations convenience in their online interactions
ACM, Infosys Foundation honour Stanford's Dan Boneh(NetIndian) Dan Boneh, professor of Computer Science and Electrical Engineering at Stanford University, has been chosen for the 2014 ACM-Infosys Foundation Award in the Computing Sciences for his contributions to the ground-breaking development of pairing-based cryptography and its application in identity-based encryption
Australia Outlaws Warrant Canaries(Schneier on Security) In the US, certain types of warrants can come with gag orders preventing the recipient from disclosing the existence of warrant to anyone else. A warrant canary is basically a legal hack of that prohibition. Instead of saying "I just received a warrant with a gag order," the potential recipient keeps repeating "I have not received any warrants." If the recipient stops saying that, the rest of us are supposed to assume that he has been served one
Realizing the Potential of the Internet of Things: Recommendations to Policy Makers 2015(Telecommunications Industry Association) The future for telecommunications and the world economy lies with the Internet of Things (IoT). At its most basic, the "Internet of Things" is a label for an increasingly connected future in which regular, everyday items — from household appliances to cars to medical devices — are outfitted with sensors and connected to the Internet to share their data. Viewed more broadly, the Internet of Things will give rise to an entire ecosystem for interconnected devices, objects, systems, and data all working together. In this new world, most communications will be machine-to-machine (M2M), and there will be a continuous exchange of information between devices, sensors, computers, and networks
Feds Demand Reddit Identify Users of a Dark-Web Drug Forum(Wired) Over the last year, Reddit's "dark net markets" discussion forum has grown into one of the central fixtures of the online drug scene. At any given moment, hundreds of redditors are browsing [Reddit], many brazenly discussing anonymous online sales on the open internet
Human error lead to leak of world leaders' personal information(Help Net Security) Personal information, passport numbers and visa details of world leaders who attended the G20 summit in Brisbane, Australia, in November 2014, have been inadvertently leaked by an employee of the Australian Department of Immigration and Border Protection
EU countries should harmonize methods of investigation in fight against cybercrime(Baltic Course) On 25-27 March 2015, the European Police College (CEPOL) conference "Cybercrime — Strategic level" took place in Latvian Jurmala. The aim of the conference was to improve cooperation and harmonize the investigative methods among law enforcement authorities of the EU Member States, as well as to improve public and private partnership and cooperation with the Eastern Partnership countries and EU candidate countries for combat against cybercrime, reported BC th the Ministry of the Interior
High-Priority Information Technology Needs for Law Enforcement(RAND) This study reports on strategic planning activities supporting the National Institute of Justice (NIJ) in the area of information technology, collecting and analyzing data on law enforcement needs and offering potential solutions through technology assessment studies, extensive outreach and liaison activities, and subject matter expert panels. Strategic planning will help NIJ make the best investments to leverage its limited funds and help the range of technology developers supporting law enforcement better understand the law enforcement community's needs and priorities. By looking across the top-ranking needs, the authors identified 11 crosscutting themes in total. These themes are further grouped into three overarching keynotes — a broad need to improve the law enforcement community's knowledge of technology and practices, a broad need to improve the sharing and use of law enforcement-relevant information, and a broad need to conduct research, development, testing, and evaluation on a range of topics. The latter category includes research on both the "nonmateriel" side of technology, including policy and practices, and more traditional technical development
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2015 Synergy Forum(Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital...
DefCamp6(Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field,...
Disrupt London 2015(London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt?...
Automotive Cyber Security Summit(Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...
Insider Threat Symposium & Expo(Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...
Kansas City Secure World(Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Coast Guard Intelligence Industry Day(Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...
10th Annual Cyber and Information Security Research Conference(Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...
Cyber Risk Wednesday: The future of Iranian cyber threat(Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...
Cyber Threats Masterclass(Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...
InfoSec Southwest 2015(Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...
Cybergamut Tech Tuesday: Tor and the Deep Dark Web(Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...
NIST IT Security Day(Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...
Cyber Security Summit: Industrial Sector & Governments(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...
Cyber Security Summit: Financial Services(Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...
INTERPOL World 2015(Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...
Mid-Atlantic ISSA Security Conference 2015(Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...
IIT Cyber Forensics and Security Conference and Expo(Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...
RSA Conference 2015(San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference(Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.
Security Forum 2015(Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...
CyberTexas / CyberIOT(San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...
INTEROP Las Vegas(Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.