Australia's Bureau of Statistics remains convinced its online census platform was taken down by distributed denial-of-service attacks. No attribution, and the motive is thought to be the obvious one: disrupting the census.
Vietnam continues to sustain a wave of spyware infestations originating, apparently, with China. Other Chinese actors (deniable patriotic hacktivists) defaced Vietnamese airport sites in July; there are similarities between their code and that used by the spyware actors.
In the US, the FBI is expanding its investigation into the hack of the Democratic Party. It's now believed more than a hundred groups and party officials were compromised. Investigators speaking on background to the media no longer bother to be coy about attribution—they call the actors "the Russians."
Microsoft has inadvertently leaked its Secure Boot "golden key," effectively a backdoor that bypasses protections and enables the possessor to unlock any device protected by Secure Boot. Observers see this as a cautionary tale for policymakers.
A Linux TCP flaw, apparently in place since 2012, exposes Internet users to off-path exploitation. Researchers from the University of California at Riverside and the US Army Research Laboratory demonstrated a proof-of-concept exploit yesterday at USENIX.
Another car hack demo shows how criminals can gain access to several Volkswagen models.
Samsung acknowledges there's a token skimming issue in Samsung Pay, but says exploitation is too far-fetched to worry about.
Tripwire reports on R980 ransomware—a lot of familiar functionality, but which abuses Mailinator the better to coerce its victims.
Today's issue includes events affecting Australia, Brazil, Bulgaria, Canada, China, France, Germany, Iran, Iraq, Russia, Syria, Thailand, Turkey, Ukraine, United Kingdom, United States, and Vietnam.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Ben Yelin (from our partners at the University of Maryland's Center for Health and Homeland Security) will discuss the FBI’s efforts to expand the reach of National Security Letters. We'll also hear from our guest Rick Lipsey, Deputy Director of the ISAO Standards Organization, who'll talk about emerging cyber security standards. (And of course, if you like the podcast, please consider giving it an iTunes review.)
Cyber Security Summit in Chicago(Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, CenturyLink, and more.
Dateline Black Hat
Black Hat USA 2016(The CyberWire) The retrospectives on Black Hat and its associated conferences agree on one thing—there’s reason for great concern about the security of the Internet and those who use it. Now, at a security industry conference, this is hardly what the lawyers would call “an admission against interest.” It’s in the nature of the sector to be unusually aware of and sensitive to threats, and a high level of fear-uncertainty-and-dread has long provided the community with its background noise as well as much of its signal. Bear this in mind as you consider reports from Las Vegas
Keynote: The Hidden Architecture of Our Time(The CyberWire) The opening keynote speaker was Dan Kaminsky, co-founder and Chief Scientist of White Ops, also famous as one of the seven “key shareholders” of the Internet’s Domain Name System, charged with responsibility for restoring it in the event of disruption. His keynote had the informative subtitle “Why this Internet Worked, How We Could Lose it, and the Role Hackers Play”
A role for threat intelligence(The CyberWire) How does a cyber intelligence company see the threat landscape changing? In keeping with Black Hat’s announced theme of “speed,” A.J. Shipley, vice president of product management at LookingGlass Cyber Solutions, told us that they’re seeing a striking increase in the rate at which the adversary changes tactics. They’ve also seen a marked increase in the sheer number and size of the breach packages they’re finding
Cyber security as an exercise in risk management(The CyberWIre) It’s worth beginning with some perspective we received from Ntrepid's Chief Scientist Lance Cottrell, especially given the attention paid at the conference to flashy demonstrations of vulnerabilities, like car hacking
Venture capital and early stage security start-ups(The CyberWIre) Jeff Moss, Black Hat’s founder, characterized this year's conference as being about speed (last year's was about complexity). Speed plays into the sector in many ways: speed to market, speed to produce products, and speed to counter threats. Speed, Moss noted, matters to boards and C-suites, and speed should matter to companies as they try to sell into the current market
What industry sees in industry trends(The CyberWIre) Ntrepid’s Lance Cottrell thought, “A lot of the problems are taking place in the basic blocking and tackling. Companies bring us in to help with the browser, but we also see them having a lot of problems with keeping track of other systems, where's the perimeter, having that perimeter dissolve on them"
Transitioning technology from the laboratory to the market(The CyberWIre) Start-ups often begin in an effort to transition a technology or a service into the market by way of a new business. We talked with Champion Technology, who’s had the experience of taking their Darklight product from its development inside a US Department of Energy National Laboratory and moving it to market
Securing the architecture as the perimeter vanishes(The CyberWIre) It’s become a commonplace in the industry that the perimeter is vanishing (if indeed it hasn’t already done so, with the possible exception of a few tightly controlled and secured enclaves). Bring-your-own-device (BYOD), pervasive mobile computing on increasingly powerful devices, and the swift movement of data and services to the cloud have all contributed to this trend. How does an enterprise approach security in this new world?
Mobile security (where FUD may not be as fake as we’d like to believe)(The CyberWIre) With more enterprises buying fully into mobile computing, security for mobile devices bulks increasingly large in the concerns CISOs face. (And don’t even get them started on the Pokémon GO issues.) We spoke with OptioLabs’ Chief Technology Officer Brian Glancy and Hamilton Turner, Senior Director of Research and Engineering, about their approach to securing mobile devices
A role for testing(The CyberWIre) NSS Labs started in Europe, and then came to US as a security research and testing company. “Our mission is to provide transparency to the buyers so they know what they're getting,” Chief Executive Officer Vikram Phatak told us. “Think of it as Consumer Reports for enterprise cyber security"
Booz Allen Hamilton’s Kaizen (and their hacker’s Dojo)(The CyberWIre) This year's Kaizen, a capture-the-flag event sponsored by Booz Allen Hamilton, has a winner: congratulations to Aaron Lint, Vice President of Research, Arxan, who placed first. He told us he learns something new every time he plays
Special Edition: Black Hat — Cyber Security Trends and Investment(The CyberWIre) The 2016 Black Hat conference is underway in Las Vegas this week, and in this special report from the show floor we'll hear from industry leaders about industry trends, and from venture capital funders about what they need to see before saying yes, and why it's harder to get startup funding than it used to be
Spyware Deluge Hits Vietnam Sites Amid South China Sea Spat(Bloomberg Markets) The spyware used in cyber attacks on Vietnam’s major airports and national carrier last month is now suspected of having bombarded many more official sites, amid tensions with China over territory in the disputed South China Sea
How Researchers Exposed Iranian Cyberattacks Against Hundreds of Activists(Motherboard) Late last year, a group of hackers likely linked to the Iranian government reorganized the infrastructure supporting their cyberattacks. The hackers built it so their malware, which was infecting Iranian human rights activists and dissidents at home and abroad, would contact different servers under their control
Senior former Taliban leader reconciles with jihadist group(Threat Matrix) The Taliban continues to attempt to mend the rifts with a faction that broke away after the controversy surrounding the death of Mullah Omar and the naming of his successor. On Aug. 8, the Taliban announced that Mullah Baz Mohammad, who served as a deputy to Mullah Mohammad Rasul, and his followers have rejoined the Taliban
Mental Illness and Terrorism(Small Wars Journal) The recent attack at an Orlando night club has provoked both intrigue and confusion. Given the lack of an obvious operational connection to the Islamic State and the shooter’s rather rudimentary religious knowledge and history of mental instability, some voices have rightfully questioned the appropriateness of the label ‘terrorism’ to something that rather resembles mass school shootings
Microsoft Mistakenly Leaks Secure Boot Key(Threatpost) Opponents of the government’s constant talk about intentional backdoors and exceptional access finally may have their case study as to why it’s such a bad idea
A New Wireless Hack Can Unlock 100 Million Volkswagens(Wired) In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995
Road Warriors: Beware of ‘Video Jacking’(KrebsOnSecurity) A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping
Security Patches, Mitigations, and Software Updates
Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability(Threatpost) Juniper Networks announced the availability of hotfixes for a serious vulnerability in the handling of IPv6 packets that is says could leave its Junos OS and JUNOSe routers open to a denial of service (DoS) attack. The hotfixes come more than two months after the vulnerabilities were publicly disclosed
6 shocking gaps in your data security strategy(CSO) Despite billions of dollars invested in cybersecurity, businesses lose critical data daily. We’ve secured our organizations like fortresses, building layers of walls around networks, applications, storage containers, identity, and devices. But when an unhappy employee moves high-value designs onto a USB drive or sends important email attachment outside the “secure” network, those walls crumble the moment we need them the most
Security startup confessions: How to tackle outsourcing(Help Net Security) My name is Kai Roer and I am a co-founder of a European security startup, and these are my confessions. I hope you will learn from my struggles, and appreciate the choices startups make when security matters. I will share experiences from my own startups (my first was in 1994), and things I have learned by watching and advising numerous other startups around the world
Products, Services, and Solutions
Just What the Doctor Ordered: Trend Micro Takes the Hassle Out of Security for New CyberAid Program(Trend Micro: Simply Security) When it comes to healthcare security, media attention is usually focused on the mega breaches – think Anthem, Premera and, most recently, Banner Health. But there is a long tail of smaller organizations who also need help. That’s where the Health Information Trust Alliance (HITRUST) has expanded its focus. Its latest initiative, CyberAid, is designed specifically to help smaller healthcare organizations protect themselves from ransomware, data breaches and other major threats
FlockFlock: File access enforcement for macOS(Help Net Security) The more serious you are about information security, the more you realize it’s difficult to be sure a system isn’t compromised. While malware authors don’t target the Mac platform as much as Windows, it doesn’t mean you should be complacent about its security
Got Ransomware? Negotiate(F-Secure) ICYMI: we recently published a customer service study of various crypto-ransomware families. Communication being a crucial element of ransomware schemes, we decided to put it to a comparative test
Facebook feed change that predicts what’s informative could reprioritize news(TechCrunch) News outlets may get back some of their mojo stolen by a June Facebook feed algorithm change that preferred friends over publishers. Today Facebook will start predicting stories that are informative and highlighting them to people if they’re “related to their interests, if they engage people in broader discussions, and if they contain news”
Is Ukraine Just About to Blow?(Daily Beast) Countless omens signal a new war on its way, from troop movements to Russia’s ‘August Curse.’ But this time they may be more smoke than fire
Pentagon Releases New Procedures for Intelligence Collection(Lawfare) Today, the Department of Defense released revised procedures—along with an accompanying fact sheet—governing the conduct of its intelligence activities. DoD Manual 5240.01, ensures that Defense Department policy complies with DoD Directive 5240.01 and Executive Order 12333, which authorize Defense components to collect, retain, and disseminate information concerning U.S. persons and conduct other activities “in accordance with the Constitution and laws of the United States”
How the Government Is Waging Crypto War 2.0(Motherboard) On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik entered the Inland Regional Center in San Bernardino, California and opened fire on the attendees of a holiday party underway inside. After four minutes of shooting, the married couple fled the scene and left 19 dead in their wake. At the time, it was the deadliest act of terrorism in the United States since 9/11
Army wants more remote capabilities for defensive cyber(C4ISRNET) When it comes to the Army’s defensive cyber operations, getting to a more global remote capability is important. Russell Fenton, an Army training and doctrine command capability manager in the defensive cyberspace operations branch, said at the TechNet Augusta conference that “to provide the quick reaction security enhancement reinforcement at the time of need, global cyberspace defenders must have the ability to maneuver remotely or on site"
Is COIN driving atrophy in Army network operations?(C4ISRNET) A key theme at TechNet Augusta, held Aug. 2-4 in Georgia, was that the Department of Defense Information Networks are an integral warfighting platform for all DoD operations. With that, adversaries have taken notice and tried to exploit vulnerabilities within the DoDIN to disrupt operations. But after 15 years of a counterinsurgency fight against technologically inferior actors, network defense and operational security now faces atrophy
An ICS cyber incident results in criminal convictions(Control: Unfettered) August 8, 2016, a federal jury found Pacific Gas and Electric (PG&E) guilty on five felony counts of failing to adequately inspect its gas pipelines before the blast that incinerated a neighborhood in San Bruno, CA. in September 2010. The utility was also found guilty of one count of misleading federal investigators about the standard it used to identify high-risk pipelines
Press Releases Finally Get a Devoted Readership: Hackers(Wired) No one ever wants to read press releases, not even journalists, and especially not when the documents are dense corporate financial updates trying to make things sound rosy to investors no matter what. You can imagine, though, that these perfunctory releases might take on a whole other significance and value to someone interested in, say, insider trading
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Insider Threat Program Development Training For NISPOM CC 2(Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...
TECHEXPO Top Secret Polygraph-Only Hiring Event(Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot...
International Conference on Cyber Security (ICCS) 2016(Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create...
2016 Information Assurance Symposium(Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the...
Insider Threat Program Development Training(Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.
SANS Alaska 2016(Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...
CISO New Jersey(Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...
Cyber Jobs Fair(San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton,...
CyberTexas(San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...
Chicago Cyber Security Summit(Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
Air Force Information Technology and Cyberpower Conference 2016(Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...
CISO Toronto(Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.