skip navigation

More signal. Less noise.

Daily briefing.

The Director of the US NSA describes recent intrusions into unclassified Pentagon networks as "sophisticated" and "persistent," but also as successfully contained. Russian intelligence services are the usual suspects; observers fret that the incident represents a mild opening gambit in a soon-to-become more serious cyber conflict.

Speaking of Russia, Turla is back, and found exploiting satellite Internet connections for an affordable command-and-control network.

South Korean media outlets are afflicted with variants of the Shadow Force backdoor.

The financial sector receives the unwelcome ministrations of cyber criminal groups with quite different approaches. "DD4BC" continues its Bitcoin extortion of financial institutions, threatening denial-of-service against those who fail to pay up. The familiar Anunak/Carbanak threat group revisits banks and casinos with an evolved set of tools.

Android ransomware, resident within a malicious "adult" app, takes a user's picture and displays it in the ransom demand. The Android.Trojan.MKero.A makes a comeback, subscribing victims to unwanted premium SMS services. Bitdefender notes that the malware puts human criminals into the loop, thereby bypassing security features like CAPTCHA designed to weed out bots.

WhatsApp quickly patches vulnerabilities outside researchers found in WhatsApp Web.

Yesterday, of course, was also Microsoft's Patch Tuesday, with five "critical" and seven "important" vulnerabilities addressed.

Not-for-profits recognize fundraisers' vulnerability to cyber attack.

FireEye looks increasingly to the US Federal market as a font of profitability.

As sanctions remain under consideration, the US Justice Department is rumored to be preparing indictments of Chinese cyber operators.

John McAfee announces his candidacy for the US Presidency.

Notes.

Today's issue includes events affecting China, France, Germany, Iran, Israel, Republic of Korea, Russia, United States.

Tomorrow we'll be covering two events: the second annual Senior Executive Cyber Security Conference at the Johns Hopkins University in Baltimore, and GovConnect's Cyber 6.0 in Howard County, Maryland. Watch for live tweets tomorrow and full conference reports soon thereafter.

Cyber Attacks, Threats, and Vulnerabilities

NSA Chief Says Cyberattack at Pentagon Was Sophisticated, Persistent (Wall Street Journal) Breach of Joint Staff's unclassified network evolved from failed attack a week before

Russian Spy Gang Hijacks Satellite Links to Steal Data (Wired) If you're a state-sponsored hacker siphoning data from targeted computers, the last thing you want is for someone to locate your command-and-control server and shut it down, halting your ability to communicate with infected machines and steal data

Turla APT Group Abusing Satellite Internet Links (Threatpost) Poorly secured satellite-based Internet links are being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, researchers at Kaspersky Lab said today

Shadow Force Uses DLL Hijacking, Targets South Korean Company (TrendLabs Security Intelligence Blog) What sort of interest would a businessman have in a news agency?

Cyber-Extortionists Targeting the Financial Sector Are Demanding Bitcoin Ransoms (BloombergBusiness) 'DD4BC' is is carrying out a string of attacks. Should companies cough up?

Vulnerability Spotlight: Microsoft Windows CDD Font Parsing Kernel Memory Corruption (Cisco Blogs) Talos, in conjunction with Microsoft's security advisory issued on September 8th, is disclosing the discovery of a memory corruption vulnerability within the Microsoft Windows CDD Font Parsing Kernel Driver

Vulnerabilities in WhatsApp Web affect 200 million users globally (Help Net Security) Significant vulnerabilities can exploit WhatsApp Web, the web-based extension of the popular WhatsApp application for phones

Carbanak APT still targeting high-value financial institutions and casinos (Help Net Security) The Anunak / Carbanak hacking group continues to target banks, but has also now hitting Forex-trading companies, casinos, and other institutions from which it can steal large amounts of money or (mis)usable payment card information

Carbanak returns (CSIS) Just recently, CSIS carried out a forensic analysis involving a Microsoft Windows client that was compromised in an attempt to conduct fraudulent online banking transactions

Android Malware Secretly Subscribes Victims to Premium SMS Services (Softpedia) The Android.Trojan.MKero.A malware is making a comeback in Androidland, and this time around, hackers found a method to bundle it with legitimate apps, capable of bypassing Google's Bouncer app scanning system

Android ransomware masquerades as Adult Player app, takes photo of victim (Help Net Security) A new mobile ransomware variant uses a clever new technique to push affected users to pay the asked-for ransom: it takes a photo of the user with the phone's front-facing camera, and inserts that photo in the ransom message

Attacking Diffie-Hellman protocol implementation in the Angler Exploit Kit (SecureList) Exploit kit creators have been inventing increasingly interesting methods of masking their exploits, shellcodes, and payloads so that it is harder for analysts to define the type of the exploit and know what actions they may perform

TLS Implementations Vulnerable to RSA Key Leaks (Threatpost) A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys

Researchers respond to developer's accusation that they used crypto wrong (Ars Technica) Microsoft research team points to CryptDB developers' own paper as proof

Facebook Phishing — How to recognise the Bait (Check & Secure) Phishing belongs among the biggest dangers on the internet

Could a Smartphone Camera Pierce Your Bank's Cybersecurity? (American Banker) Financial institutions today spend hundreds of millions of dollars and dedicate hundreds of employees to combatting cybercrime

Duo Security Research Reveals Half of Apple iPhones on Corporate Networks Run Out-of-Date Versions of iOS (Marketwired via Digital Journal) Duo Security, a cloud-based access security provider protecting the world's largest and fastest growing companies, today announced results from a Duo Labs research study focusing on mobile devices on corporate networks

Secunia Report: Vulnerability Update for May-July 2015 out now — comments from Research on Stagefright, Avant and yearly trends (PRNewswire) Secunia, a leading provider of IT security solutions that enable management and control of vulnerability threats, today published a Vulnerability Update with the Top 20 vulnerable products for May, June and July

Security Patches, Mitigations, and Software Updates

Microsoft Security Bulletin Summary for September 2015 (Microsoft SecurityTech Center) This bulletin summary lists security bulletins released for September 2015

Microsoft Pushes a Dozen Security Updates (KrebsOnSecurity) Microsoft today released a dozen security updates for computers running supported versions of its Windows operating system

Windows Media Center Hacking Team Bug Fixed in September 2015 Patch Tuesday (TrendLabs Security Intelligence Blog) This month's Patch Tuesday features 12 updates, with five rated as "critical" and seven as "important"

Security update available for Adobe Shockwave Player (Adobe Security Bulletin) Adobe has released a security update for Adobe Shockwave Player. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system

Kaspersky rushes emergency patch for critical security flaw in its antivirus software (FierceITSecurity) Anti-virus software provider Kaspersky Lab has been featured in the news lately over allegations that it planted fake malware reports to make its rivals look bad. Now comes word that Kaspersky's antivirus software had critical vulnerabilities, vulnerabilities for which it pushed an emergency patch on Sunday

WhatsApp fixes security vulnerability (ComputerWeekly) Security researchers have praised Facebook's WhatsApp cross-platform messenger service for its quick response to a vulnerability disclosure

Cyber Trends

Our insecure Internet of Things is becoming terrifying (ExtremeTech) Several recent stories in the news have focused on terrifying vulnerabilities in specific pieces of internet-connected technology

The Hacked Data Broker? Be Very Afraid (Wall Street Journal) Potential data breaches would make Ashley Madison break-in pale by comparison

Think your security strategy is up to par? Think again! (CSO) The writing on the wall suggests that our strategies are based upon an outdated understanding of how people, processes, and technology work together to protect our organizations

Marketplace

Cyberattacks Cost Businesses $400 Billion a Year (Inc.) A new report also finds that companies will spend $170 billion on cybersecurity measures in 2020

Online Security A Major Issue For Fundraisers (NonProfit Times) Cyber security has become a leading cause for concern among managers at nonprofit organizations

Digital age comes with cyber risk (East African Business Week) In a world where computers are critical to many aspects of doing business, a new set of risks must be managed

Israel is number two in cybersecurity behind the U.S. (CSO) For such a tiny nation, Israel is big into cybersecurity

Cybersecurity Firm's Strategy Raises Eyebrows (Wall Street Journal) FireEye's plan to reverse losses includes getting close to federal agencies

Ex-Intel security chief says cyber firm ForeScout not ready for IPO just yet (Reuters) Fast-growing Israeli-U.S. cybersecurity firm ForeScout Technologies is set on listing on Wall Street, but may not be ready to launch an IPO in the next year, especially if financial markets remain volatile, its chief executive said

Hillstone Networks Recognized in the Gartner 2015 Magic Quadrant for Unified Threat Management (MarketWatch) Hillstone Networks, a leading provider of enterprise network firewall solutions, today announced that the company has maintained, for a second year, its position in the Magic Quadrant for Unified Threat Management by Gartner, Inc

FireEye names former Informatica finance chief its new CFO (Seeking Alpha) Michael Berry, formerly the CFO of data warehousing software firm Informatica, has been named FireEye's (NASDAQ:FEYE) new CFO

Sotera Names John Pitsenberger as Executive Vice President & Chief Financial Officer (PRNewswire) Sotera Defense Solutions (Sotera), a provider of mission-critical, technology-based systems, solutions and services for national security agencies and programs of the U.S. Government announced today that John C. Pitsenberger has been named Executive Vice President and Chief Financial Officer

Products, Services, and Solutions

HP, IBM, Veracode and WhiteHat Security are leading app-security testing vendors, says Gartner (FierceITSecurity) A number of recent high-profile data breaches have raised concerns among IT security professionals about vulnerabilities in the enterprise application layer

Fortinet Unveils Industry-Leading Security Framework and Partner Ecosystem Designed to Protect Cloud and SDN Data Center Environments (CNN Money) Partners Including HP, Ixia, PLUMgrid, Pluribus Networks, Extreme Networks and NTT Collaborate With Fortinet to Advance SDN Security

LogicNow partners Bitdefender on anti-virus service (Telecompaper) LogicNow announced a partnership with security software provider Bitdefender. Together they will develop a new managed anti-virus service for managed service providers

Technologies, Techniques, and Standards

Cloud Security Alliance touts data breach sharing scheme (Whatech) The US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks

How to be a successful CISO without a 'real' cybersecurity budget (CSO) Many new CISOs are stepping into the role for the first time in a company and no formal budget exists

Back To Basics: 10 Security Best Practices (Dark Reading) The most effective strategy for keeping organizations, users and customers safe is to focus on the fundamentals

A 4-Step Information Governance Program for Legal Hoarders (Legaltech News) It's time to shrink risk-laden e-discovery stockpiles

6 ways to become more resilient to cyber-security threats (CGMA Magazine) Large banks have fairly strong cyber-security controls in place, but cyber-criminals are changing their strategy and the financial sector remains difficult to secure against cyber-attacks, according to a special report by Thomson Reuters' risk management business

The Cost of Malware Containment (Information Security Buzz) The volume and severity of threats is increasing every year, which means that it's more important than ever to detect active infections swiftly

Design and Innovation

It's time to start thinking about securing the Internet of Things: Dell (IT Business) Dell sees great potential in the Internet of Things for the line of business worker but adds it's never too early to start thinking about how to keep all of those things secure

The shift to DevOps requires a new approach to security (Network World) DevOps has been a popular topic in IT circles over the past few years

ZTE's Axon Elite Smartphone Can Be Unlocked Using Your Eyes, Voice and Fingerprints (Huffington Post) The Axon Elite is the world's first smartphone that can be unlocked using just your eyes

How talking to recognition technologies will change us (Help Net Security) Ernest Hemmingway once said, "I have learned a great deal from listening carefully. Most people never listen"

Back to the Future: Adam Back Remembers the Cypherpunk Revolution and the Origins of Bitcoin (Bitcoin Magazine) Bitcoin Knowledge Podcast host Trace Mayer interviewed legendary cryptographer Adam Back on his role in the creation and deployment of some of the most potent privacy software to ever affect the world of Bitcoin

Research and Development

A Tricky Path to Quantum-Safe Encryption (Quanta Magazine) In the drive to safeguard data from future quantum computers, cryptographers have stumbled upon a thin red line between security and efficiency

Online security braces for quantum revolution (Nature) Encryption fix begins in preparation for arrival of futuristic computers

Legislation, Policy, and Regulation

Senate Intel chair: Cyber bill not likely until October (The Hill) The Senate's stalled cybersecurity bill will likely have to wait until at least October, Senate Intelligence Chairman Richard Burr (R-N.C.) told The Hill on Tuesday

Proposed federal cybersecurity legislation (Inside Counsel) Changes are on the horizon in the privacy and data security area

Protecting Critical Infrastructure: Should The US Emulate New German Regulations? (HS Today) In August 2014, France's Network & Information Security Agency (ANSSI) publically unveiled plans to "make its critical infrastructure more resilient to cyber attacks"

U.S. Cyber Command Chief Details Plans to Meet Cyberspace Threats (DoD News) The commander of U.S. Cyber Command has stressed the need for the command to integrate its capabilities into all aspects of the national security effort, and today Navy Adm. Michael S. Rogers released the Cybercom vision statement, describing how the command will do just that

U.S. Senator Says Nation Is 'On Point' with Cybersecurity (Government Technology) Although recent cyberattacks have affected U.S. agencies, one Congressman believes that the Army Cyber Command is completely prepared to take on any future hacks

Anti-Virus Software Maker John McAfee Is Running for President (Time) His candidacy will focus on privacy rights

California assembly passes digital privacy bill (CSO) The bill aims to prevent warrantless government access to private electronic communications

Terry McAuliffe Directs Virginia IT Agency to Expand Cyber Risk Mgmt Activities (ExecutiveGov) Virginia Gov. Terry McAuliffe has issued an executive directive to expand the state's cyber-related risk management activities in support of efforts to strengthen cybersecurity measures

Litigation, Investigation, and Law Enforcement

U.S. Poised to Indict China's Hackers for Cyber Blitz (Daily Beast) After months of passivity, the Obama administration is on the cusp of bringing criminal charges against Chinese cyberspies in retaliation for wreaking havoc on U.S. networks

Apple Refuses To Honor Court Order To Decrypt Text Messages (Think Progress) iPhone owners beware: The government is coming for your text messages

Ashley Madison victims sue Amazon Web Services, GoDaddy for hosting searchable databases (FierceITSecurity) Some customers affected by the massive data breach of the Ashley Madison website are filing lawsuits against Amazon Web Services, GoDaddy and a number of other websites that hosted searchable databases of customer information

Clinton Says She's 'Sorry' for Using Private Email Server (Time) "That was a mistake. I'm sorry about that. I take responsibility, and I'm trying to be as transparent as I possibly can"

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

MeriTalk: Cyber Security Brainstorm (Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section,...

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate,...

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...

2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber...

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who...

Upcoming Events

SIN ACM (the International Conference on Security of Information and Networks) (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks will feature contributions from all types of specialists in the cyber security field, from papers and special sessions to workshops...

SIN 2015 (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...

Global Cyberspace Cooperation Summit VI (New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...

Intelligence and National Security Summit (Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...

Cybersecurity Innovation Forum (Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...

[New Date] Cyber 6.0 (Laurel, Maryland, USA, September 10, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives

BSides Augusta 2015 (Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.