Sources close to the investigation of the Democratic National Committee hack and related intrusions into the US political party's networks say the FBI has "high confidence" that the Russian government is behind the incidents. The investigation has been going on for longer than the DNC's been aware it was hacked. Reuters reports that US intelligence officials told the Congressional "Gang of Eight" about the espionage last year. (They said back then it was a spearphishing attack.)
Forbes reports that the (allegedly) Russian cybergang who hit Oracle's MICROS point-of-sale system has also compromised five other cash register vendors: Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell.
Researchers at Ben-Gurion University continue their interest in air-gapped systems, demonstrating a proof-of-concept they call "DiskFiltration" that can extract and transmit data to nearby devices even when the victim machine isn't connected to the Internet.
Several developments in the criminal economy are worth noting. Bleeping Computer and Malwarbytes are tracking an evolution of the tech support scam that emulates a Windows activation screen, then persistently nags you to call and pay for your "activation key." Rebooting usually gets rid of them (so far). Heimdal Security reports on a crook-to-crook vendor going by "Others" who's selling the "Scylex" financial crime kit for $7500. "Others" say (says?) it will be bigger than Gamover Zeus. And Kaspersky describes a new version of Shade ransomware that comes bundled with a RAT—the RAT's there to help the criminals identify solvent businesses to extort. There's no margin in blackmailing bankrupts.
Today's issue includes events affecting Australia, Brazil, Canada, China, Colombia, Estonia, France, European Union, Germany, India, Ireland, Italy, Japan, Kenya, Republic of Korea, Mexico, Netherlands, New Zealand, Nigeria, Norway, Pakistan, Philippines, Romania, Russia, Saudi Arabia, Singapore, South Africa, Turkey, United Arab Emirates, United Kingdom, United States, Vietnam, and Zambia.
A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast our partner John Leiseboer from Quintessence Labs will talk about redundancy and replication. We'll also have as our guest Robert M. Lee, CEO of Dragos Security, who will offer his thoughts on the security of ICS and SCADA systems. (If you enjoy the podcast, please consider giving it an iTunes review.)
Cyber Security Summit in Chicago(Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, CenturyLink, and more.
Inside The Islamic State's Movement To Spread Terror 'All Over The World'(NPR) New York Times reporter Rukmini Callimachi is known for her in-depth reporting on terrorism and the Islamic State. Her recent jailhouse interview with Harry Sarfo, a German citizen who joined ISIS and trained in Syria before disavowing the group, revealed the organization's particular interest in recruits from Europe
This is how the Islamic State was founded(VICE News) Republican presidential nominee Donald Trump repeated on Thursday his claim that President Barack Obama founded ISIS, and that Hillary Clinton co-founded the radical Islamist group best known for keeping sex slaves and cutting off its prisoners' heads
FBI Said to Have High Confidence Russia Hacked Democrats(Bloomberg Politics) The FBI has high confidence the Russian government hacked U.S. Democratic Party groups and the personal e-mails of political operatives, according to a person familiar with the findings, a development sure to heighten tensions between Moscow and Washington
Brazil Superhackers Stalk Olympic Tourists(NBC News) As athletes from around the globe arrived in Rio last week to compete for Olympic gold, Brazil's notorious hacker underground was lurking just out of sight, competing to rip off as many of the hundreds of thousands of sports fans as possible during the games
Oracle MICROS Hackers Breach Five More Cash Register Companies(Forbes) Hackers have breached at least five cash-register providers that supply hundreds of thousands of businesses in the United States, FORBES has been told. After investigative reporter Brian Krebs reported a compromise of Oracle's ORCL -0.35% MICROS unit earlier this week, it now appears the same allegedly Russian cybercrime gang has hit five others in the last month: Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell. Together, they supply as many as, if not more than, 1 million point-of-sale systems globally
Surprise! Scans Suggest Hackers Put IMSI-Catchers All Over Defcon(Motherboard) As well as a great opportunity to spy on some of the most talented security researchers, hacking conferences are naturally a hotbed for those looking to get up to a bit of mischief. Newly published data suggests a load of fake cell phone towers, or IMSI-catchers, popped up around the Las Vegas strip during the Defcon conference earlier this month, likely set up by attendees
Banking Trojan Evolves Into Dangerous Account Hijacker(Credit Union Times) Banking Trojans with account commandeering capabilities are dangerous enough on their own, but two major changes made to one Trojan’s code makeup have increased its persistence and risk to potential victims
CyberX Reveals the First IoT Worm Aimed at CCTVs(PRNewswire) CyberX, the leading provider of cybersecurity solutions for the Industrial IoT (IIoT), announced it has revealed the first Internet of Things (IoT) worm which is aimed at Closed-Circuit Television devices. The malware marks a new level of IoT attacks, only days after another advanced attack on IoT devices was declared as "no longer a hypothetical attack" at DEF CON 2016. These discoveries come at a time when Internet-connected devices are growing at an exponential rate due to the proliferation of IoT platforms such as PTC's ThingWorx and General Electric's Predix, and the corresponding consequences of attacks are estimated to be hundreds of millions of dollars
Pentagon bans Pokemon Go over spying fears(Washington Times) A Pentagon source tells Inside the Ring that the Defense Department has banned the playing of the mobile video game Pokemon Go within Defense Department facilities, over concerns the popular application could facilitate foreign spying
Security Patches, Mitigations, and Software Updates
Financial malware attacks increase as malware creators join forces(Help Net Security) Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware
Symantec’s Fiscal 1Q17 Results Beat Analysts’ Expectations(Market Realist) Symantec failed to report growth. Symantec (SYMC) recently reported its fiscal 1Q17 earnings. Its reported revenues and non-GAAP1 EPS (earnings per share) of $884 million and $0.29, respectively, beat analysts’ expectations by ~$7.0 million and $0.04, respectively
ManTech Awarded $110M Cybersecurity Task Orders(Homeland Security Today) Over the past several years, the federal government has experienced an onslaught of significant cybersecurity threats. To combat these increasingly complex and damaging threats, the General Services Administration has awarded ManTech International Corporation a $110 million for two task orders to provide cloud and cybersecurity services to the Department of Homeland Security
How Palantir wired Washington(Politico) Our colleague Ellen Mitchell dives into the Silicon Valley start-up’s fight against the defense industry — and how the company learned to play the Washington game
Thycotic Leaps Past CyberArk and Other Competitors in Cybersecurity 500 Rankings(Yahoo! Finance) Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, today announced it was ranked No. 18, ahead of companies such as CyberArk [ranked No. 20, a privileged account management (PAM) provider] and ManageEngine [ranked No. 61, a privileged account management (PAM) provider] on Cybersecurity Ventures' Cybersecurity 500 list. This marks Thycotic's third consecutive time moving up in the rankings. Cybersecurity Ventures is a market intelligence and research firm covering the cybersecurity market, focusing on emerging and startup cybersecurity companies
Juniper Networks celebrates 20 years(ITWire) Juniper Networks has celebrated 20 years in the network industry. It has come a long way since its original intention to was to build the fastest router
Industry veteran Vishak Raman joins security services company FireEye(Voice and Data) Vishak Raman has joined FireEye as Senior Regional Director for India and SAARC. Vishak is a security industry veteran and he joins FireEye from Tata Communications where he was Vice President for Global Product Management for Managed Security Services and Content Delivery Networks
Terbium Labs Helps Organizations Reduce Data Theft and Fraud With Dark Web Intelligence Integrations(Marketwired) Terbium Labs, the company behind Matchlight, the world's first fully private, fully automated, data intelligence system, today announced that its dark web insights are available in the IBM i2 Intelligence Analysis portfolio. Designed to bring clarity to complex investigations, IBM i2 users will now be able to access Terbium Labs' Matchlight data intelligence system alerts of potential leaks of sensitive information to help mitigate data theft. These unique insights and analytics support IBM's Safer Planet initiative -- a global effort to help government and commercial business leaders detect, disrupt, and prevent physical and cyber threats through the use of analytics
ViaSat's New Network Encryptors to Boost Secure Networking(Zacks Equity Research) Global broadband services and technology company, ViaSat Inc. (VSAT - Analyst Report) pushed the limits of secure networking with two new secure network encryptors, ViaSat KG-250XS and IPS-250X, which are National Security Agency (“NSA”)-certified
Multi-layered phishing mitigation(Help Net Security) In this podcast recorded at Black Hat USA 2016, Eyal Benishti, CEO at IRONSCALES, talks about their multi-layered phishing mitigation solution, which brings together human intelligence and machine learning in a way that allows automated phishing incident response
Army spearheading cyber persistent training environment(C4ISRNET) As the military continues to build its cyber forces and institutionalize a professional cyber corps, top officials are calling for a cyber persistent training environment. While Cyber Command conducts large-scale exercises every year such as Cyber Guard and Cyber Flag, more is needed
Hackers Do Not Discriminate: Why you should follow these Security Tips(HtML Goodies) Many small businesses bless the day when the Internet gained popularity because leveled the playing field for them. They could now compete in terms of promotion and marketing to the big players, and potentially sell their products and services just as effectively as a big company sells. For that to happen, however, they need a website, and the most popular platform for creating one is WordPress
Treasurer Scott Morrison blocks sale of Ausgrid to foreign bidders(Sydney Morning Herald) Federal Treasurer Scott Morrison has blocked the NSW government's planned sale of electricity distributor Ausgrid to foreign companies, citing national security issues, in a preliminary decision that could have broader implications for foreign investment in Australia
Here’s how the South China Sea ruling affects U.S. interests(Washington Post) On July 12, an International Tribunal for the Law of the Sea (ITLOS) ruling dismissed much of China’s claim to the South China Sea. Since then, there has been a great deal of discussion on the legal ramifications, China’s response and public opinion.
In limiting open source efforts, the government takes a costly gamble(Help Net Security) The vast majority of companies are now realizing the value of open sourcing their software and almost all have done so for at least certain projects. These days Google, Facebook, Microsoft, Apple and almost every major company is releasing code to the open source community at a constant rate
Release of 2015 Section 702 Minimization Procedures(IC on the Record) Today the ODNI, in consultation with the Department of Justice, is releasing in redacted form the current Section 702 Minimization Procedures, as updated in 2015, in keeping with the Principles of Intelligence Transparency for the Intelligence Community. These procedures are intended to protect the privacy and civil liberties of U.S. persons, as required by the Fourth Amendment and the Foreign Intelligence Surveillance Act, in connection with the foreign intelligence activities undertaken by the CIA, FBI, NSA and the National Counterterrorism Center
Report: State Dept. aide assisted Clinton Foundation in hiring(USA Today) One of Hillary Clinton’s top State Department aides participated in high-level recruiting for the Clinton Foundation while she worked for the government, according to CNN. The report raises further questions about interactions between people who worked for the two organizations while Clinton was secretary of State
House GOP Probe: Central Command Skewed ISIS-Fight Intel(Defense News) US military leaders altered intelligence reports to paint a rosier picture of the US fight against the Islamic State than intelligence analysts believed and facts warranted, a House Republican task force has concluded
GOP rep: Obama responsible for manipulated intel about ISIS(The Hill) President Obama and other senior administration officials created a political climate that led intelligence officials to create warped reports about the United States’s fight against Islamic extremists, a leader of a Republican task force studying the matter said on Thursday
Court Rules to Extradite Suspected Silk Road Admin From Ireland to the US(Motherboard) After several delays, a judge has finally ruled on the extradition of a suspected Silk Road staff member from Ireland. On Friday, Justice Paul McDermott ordered that Gary Davis, alleged to be behind the Silk Road moniker “Libertas,” is to surrender to the United States, the Irish Times reports
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
ISAO SO Public Forum(Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include
RFUN 2016: 5th Annual Threat Intelligence Conference(Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate...
TU-Automotive Cyber Security Europe(Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that...
International Conference on Cyber Security (ICCS) 2016(Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create...
2016 Information Assurance Symposium(Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the...
Insider Threat Program Development Training(Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.
SANS Alaska 2016(Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...
CISO New Jersey(Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...
Cyber Jobs Fair(San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton,...
CyberTexas(San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...
Chicago Cyber Security Summit(Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
Air Force Information Technology and Cyberpower Conference 2016(Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...
CISO Toronto(Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.