The US would, in the name of better information operations, like news organizations to refrain from running ISIS-supplied b-roll. Observers think ISIS is "disrupting" (in the business-school sense of the word) the Internet as a terrorist tool, essentially replacing tight command-and-control with inspiration and general communication of intent. (Scharnhorst would have recognized this as a version of Auftragstaktik.)
root9B makes a large claim: early detection and exposure induced a Russian cyber-mob to call off a major attack on Western banks.
Other security companies turn their attention to Chinese cyber operations, said to be showing fresh zeal in targeting nations around its coveted South China Sea. (Nepal figures on some target lists, which suggests "vicinity" is understood expansively, as if one called Slovakia a Baltic nation.) Onapsis thinks SAP exploitation figured in last year's hack of security-investigation contractor USIS. Cylance reports the reappearance of Chinese threat-actor SPEAR (and offers some glum Darwinian reflections on selection pressures driving threat adaptation).
The VM-escape-enabling bug VENOM received due scrutiny. While anything that permits what VENOM allows is a serious vulnerability and must be addressed, consensus holds that panic is unwarranted. No exploitation has been observed in the wild, and a VENOM attack would require either compromised administrator accounts or a rogue administrator. (Both compromised admin accounts and rogue insiders happen, of course, so take prudent steps as outlined in discussions linked below.)
The former chair of the US House Intelligence Committee seeks to make everyone's flesh creep by warning of a Sino-Russian "alternative Internet."
Today's issue includes events affecting Cambodia, China, Indonesia, Iran, Iraq, Laos, Malaysia, Myanmar, Nepal, Philippines, Russia, Singapore, Syria, Thailand, Ukraine, United Arab Emirates, United States, and Vietnam.
Targeted Cyber-Attacks to Infiltrate Nations around the South China Sea(Foreign Affairs) From setting up spying infrastructure within a country's borders for real-time connections and data mining, to spying tools with 48 commands, a new report by Kaspersky Lab shows how the threat actor Naikon has spent the last five years successfully infiltrating national organisations around the South China Sea
SPEAR: A Threat Actor Resurfaces(Cylance Blog) Attackers typically shut down campaigns or halt activity after they are exposed by security researchers, thereby creating the impression they have dropped off the map. This often leads to a false sense of security within the community and perpetuates the idea that public exposure makes us all safer. While the exposed activity is no longer observed, attackers simply continue in the background — evolving or altering their tactics to seamlessly continue operations with increasingly advanced malware. So while potentially making us safer in the short-term, exposure often forces a Darwinian evolution in malware
Aggressive Malware Pushers: Prolific Cyber Surfers Beware(Cyphort Labs Blog) On April 19, Cyphort hardware sandbox trolled over a site www.49lou.com that served up 83 pieces of Windows executable files (EXE and DLL binaries) with zero user interaction. By now, most of the malware researchers are used to seeing drive-by infections that serve up a handful of malware, from droppers to payloads. However, getting 83 pieces in one shot is way too "generous" by any account and it surely peaked the interest of our researchers. For the security minded: How did this happen? What are those binary pieces? What does this tell us and what can we do for better protection? In this article, we share all our findings along these lines
Some brief technical notes on Venom(Errata Security) Like you, I was displeased by the lack of details on the "Venom" vulnerability, so I thought I'd write up what little I found
VENOM Vulnerability Threatens Virtual Machines(Tenable Blog) Today the VENOM (Virtualized Environment Neglected Operations Manipulation) vulnerability, CVE 2015-3456, was announced. VENOM originates in a legacy virtual floppy disk controller from QEMU. If an attacker sends specially crafted code to the controller, it can crash the hypervisor and allow the attacker to break out of the VM to access other machines. VENOM impacts several popular virtualization platforms that include the QEMU controller, including Xen, KVM, and Oracle's VirtualBox. Patches for QEMU and Xen are already available. To date, no exploit has been observed in the wild. Other virtual machine platforms such as VMware, Microsoft Hyper-V, and Bochs hypervisors are not affected
[VENOM] Vulnerability Summary: What is the Impact to FireEye Products and Services?(FireEye) FireEye's hypervisor is among many technologies that leverage the open source component that was publicly disclosed today as having a critical vulnerability (CVE-2015-3456). FireEye employs many measures in its products to limit the impact of these types of issues through
secure development practices and operational processes that ensure we respond quickly to security issues. Because of this, we can — and have — responded to VENOM by ensuring immediate availability of patches to customers for all of our major products
Important Notice — QEMU "VENOM" Vulnerability(Rackspace Support Network) Earlier this week, we were notified of a potential hypervisor vulnerability (Xen Security Advisory 133: … and ) that affects a portion of our First and Next Generation Cloud Servers fleet, as well as Cloud Big Data. Please note that OnMetal Cloud Servers are not affected
VENOM (CVE-2015-3456) Vulnerability and Linode(Linode Blog) A new security advisory, CVE-2015-3456 called VENOM (Virtualized Environment Neglected Operations Manipulation), was released today. Our Security Team has thoroughly reviewed this vulnerability and we wanted to take a moment to reassure Linode customers that this vulnerability does not affect any part of the Linode infrastructure and no action is required on your part
XSA Security Advisory CVE-2015-3456(Amazon Web Services) We are aware of the QEMU security issue assigned CVE-2015-3456, also known as "VENOM," which impacts various virtualized platforms. There is no risk to AWS customer data or instances
'Hound of Hounslow' highlights need for surveillance says Nasdaq(Banking Technology) As greater convergence between asset classes and the unification of trading desks and trading strategies across multiple asset classes becomes more common, the opportunities for sophisticated market abuse may be on the rise. That may mean that the need for surveillance is greater than ever, according to Tony Sio, head of SmartsTrade Surveillance, exchange and regulators at Nasdaq
The scariest cyber threat of all? How hackers are hijacking planes(Information Age) he aviation industry is a growing target for hackers who can gain control of critical ICT systems. Cyber attacks on the aviation industry are becoming a sensitive issue. Considering that cyberspace provides a low-cost haven for carrying out a broad range of disruptive activities, it is reasonable to conclude that hackers will consider the aviation sector as one of their targets
United Airlines Bug Bounty — Find Vulnerabilities, Win Airmiles!(Tripwire: the State of Security) It seems more and more companies are beginning to understand the benefits of running a bug bounty program, encouraging vulnerability researchers to report security flaws responsibly (for a reward) rather than publishing details on the web or selling a flaw to potentially malicious parties
The Overhyping of Iran's Cyberarmy(Daily Beast) They said an Iran deal would supercharge Tehran's hacking brigade. But when they showed their data to U.S. intelligence analysts, they were told to get lost
Data breaches lead to surge of spoofing attacks(Help Net Security) The number of attacks on businesses is trending up as crimeware tools gain traction providing tools to fraudsters to automate cybercrime attacks leveraging the customer data made available from breaches
How to Become an Internet Supervillain in Three Easy Steps(Arbor Networks IT Security Blog) One of the truisms of comic books and graphic novels is that nothing is immutable — both heroes and villains are rebooted, retconned, featured as radically (or subtly) different versions in alternate timelines, etc. The Marvel Cinematic Universe, which so far includes the Captain America, Thor, Hulk, Iron Man, and Avengers films, is a good example. DC are doing the same with The Flash and Green Arrow, and the latest cinematic incarnations of Batman and Superman are set to do battle with one another in a projected summer blockbuster movie next year
Internet of Things cannot remain a security blind spot(Beta News) The network is more exposed than ever before with the expanded attack surface IoT brings, leading to increasing support for securing interconnected devices. As the Industrialization of Hacking evolves, so does the number of vulnerable end points on the network including physical systems, mobile devices and wearable technologies
Do ethics get in the way of security professionals?(Help Net Security) While it's convenient to think that the information security industry is made up of highly ethical individuals who make the right decision every time, a stressful situation can turn things around faster than you can say black hat
Security Service Providers Misaligned with Customer Needs(Infosecurity Magazine) Asked where managed security offerings should improve, IT departments are most keen to see better email security; better web protection; and better antivirus. Managed security providers on the other hand are planning on prioritizing security consultancy and offering more proactive system updates and patching — indicative of the misalignment in the relationship
Intel executive on why management of privacy is ripe for innovation(Chicago Tribune) You probably wouldn't share your house keys, private conversations or spending habits with just anyone. Yet if you use digital devices, credit cards, Wi-Fi and mobile apps, you're giving away more personal information than you think to strangers, companies and even the government. But you can regain some control, says Michelle Finneran Dennedy, vice president and chief privacy officer for California-based Intel Security Group
Encrypting Your Email: What Is PGP? Why Is It Important? And How Do I Use It?(Re/code) In the summer of 2013, the U.S. woke up one morning to learn that NSA subcontractor Edward Snowden had dumped some of the federal government's biggest secrets on the front pages of newspapers worldwide. As we would later learn, Snowden's revelations became headlines because he was able to reach out to journalists using encrypted communications under the now-infamous nom de guerre "Citizenfour"
Why I make my kids read privacy policies(Christian Science Monitor Passcode) It's like teaching them to look both ways before crossing the street. Reading privacy policies for apps is about learning basic safety tips in the Internet Age and gives parents an opportunity to teach kids about responsibility and self awareness on the Web
The slow death of static security detections: Beginning of SIEM deployments(Help Net Security) Machines both mechanical and electric have always been good at counting things. Ask anyone from an earlier generation who still uses a Victor Champion adding machine from the early 1950s, even though replacement paper rolls and ink ribbon are required. One may wonder someone wouldn't just use a battery operated calculator, but we all know that letting go of the old familiar paradigms is hard
Can you correctly identify phishing emails?(Help Net Security) An Intel Security quiz presented ten emails and asked respondents to identify which of the emails were phishing attempts designed to steal personal information and which were legitimate. Of the approximately 19,000 survey respondents from 144 countries, only 3% were able to correctly identify every example correctly and 80% of all respondents misidentified at least one of the phishing emails, which is all it takes to fall victim to an attack
America's supply of IP addresses is about to run out(The Week) Back in 1981, when volunteer engineers designed the internet, they created 4.3 billion Internet Protocol (IP) addresses, assuming the gigantic number would more than suffice. About 20 years later, Europe and Asia exhausted their supply, and America's remaining allotment — about 3.4 million — will likely dry up this summer
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
QuBit 2015 Cybersecurity Conference(Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...
THOTCON 0x6(Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...
International Conference on Cyber Security (ICCS) 2015(Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.
FS-ISAC & BITS Annual Summit(Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...
2015 Cyber Risk Insights Conference — Chicago(Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...
2015 Honeynet Project Workshop(Stavanger, Norway, May 18 - 20, 2015) Each year the Honeynet Project annual workshop brings together top information security experts from around the globe to present their latest research efforts and discuss insights and strategies to combat...
IEEE Symposium on Security and Privacy(San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...
Fraud Summit Chicago(Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...
3rd Annual Georgetown Cybersecurity Law Institute(Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...
AFCEA Spring Intelligence Symposium 2015(Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence...
SOURCE Conference(Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...
7th International Conference on Cyber Conflict(Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...
HITBSecConf2015 Amsterdam(De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...
1st Annual Billington Corporate Cybersecurity Summit(New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...
Atlanta Secure World(Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Techno Security & Forensics Investigations Conference(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...
Mobile Forensics World(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.