Russia's FSB claimed Friday that it had foiled a plot by "foreign special services" to disrupt Russia's financial sector with a mix of hacking and disinformation aimed at fueling speculative panic. D-day for the operation was supposed to have been today; the FSB says the operation was to have been launched through the Ukrainian ISP BlazingFast's servers in the Netherlands. BlazingFast says that although it's found nothing untoward in its systems, it's ready to cooperate with any legitimate authority (but doubts the FSB needs its help).
Also on Friday the Russian Central Bank says that cybercriminals got away with two-billion rubles (about $31 million) in attacks on corresponding accounts. The Bank thinks the crooks were after five billion rubles.
Russian authorities arrested malware author "Pornpoker" (no other name given) over the weekend. Mr. Poker was attempting to reenter Russia from his Thailand hideout; the police were waiting for him at Domodedovo airport.
British researchers demonstrate a "distributed guessing" method that could enable criminals to determine security details on Visa cards: expiration date and thee-digit security code. Observers speculate the technique might have been used in the Tesco Bank attacks.
Gooligan, the rapidly spreading Android malware strain, apparently uses a business model that generates revenue from ads and "garbage apps."
Tenable releases its annual Global Cybersecurity Assurance Report Card, which warns of the risk of emerging technologies and the "overwhelming threat environment."
The US Presidential Commission on Cybersecurity has reported. It offers six "imperatives" yielding sixteen recommendations and fifty-three action items.
Today's issue includes events affecting Australia, China, European Union, Germany, Iceland, India, Iran, Netherlands, Russia, Saudi Arabia, Ukraine, United Kingdom, United States, and Venezuela.
A quick word to our readers about sponsoring the CyberWire—there are a few sponsor slots available for 2017, but they're unlikely to stay available for long. Learn more here.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Markus Rauschecker discusses the liability issues that arise with IoT botnet attacks.
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
Russian Central Bank Loses $31 Million in Cyber Attack(Reuters via NBC News) Hackers stole more than 2 billion rubles ($31 million) from correspondent accounts at the Russian central bank, the bank said on Friday, the latest example of an escalation of cyber attacks on financial institutions around the globe
New cyberattacks on Saudi computers(National) Saudi authorities have detected fresh attempts by hackers to disrupt government computers after security firm Symantec warned of a revival of malware used in previous cyberattacks
Shamoon 2: Nothing Whets Disttrack’s Appetite Like Destroyed Data(Tripwire: the State of Security) Most families of malware operate on a common assumption: a user’s data is valuable. For instance, some malware samples transmit pieces of a victim’s data to their command-and-control (C&C) server as means of setting up an attack, while others fully embrace the spyware classification and collect as much information about a user as possible. At the same time, ransomware recognizes that users care about their data and that they’re willing to pay large sums of money if they can’t access it
New iOS lockscreen bypass renders Activation Lock useless(Naked Security) We recently reported on a flaw in iOS that would allow someone to bypass the iOS lockscreen by using Siri. Well, Siri’s off the hook this time. The new vulnerability, disclosed yesterday by Benjamin Kunz Mejri of Vulnerability Lab, involves breaking iOS’s Activation Lock feature, which you’d use if your iPhone or iPad were marked as lost via the “Find my iPhone” app
Important data lost due to a software fault(Weissman Report) A vulnerability detected within MacKeeper software resulted in a loss of user data. Kromtech found a weakness within the data storage system of the software which led to user data being compromised
TalkTalk And Post Office Routers Hit By Cyber-Attack(Information Security Buzz) BBC broke the news that thousands of TalkTalk and Post Office customers had their internet access cut by an attack on certain routers.IT security experts from NSFOCUS, Synopsys, Tenable Network Security, Varonis, NuData Security and Corero Network Security commented below
Did Tesco Bank attackers guess victims’ payment card details?(Help Net Security) A group of researchers from Newcastle University have discovered a practical and easy way for attackers to quickly guess individuals’ Visa payment card info needed to perform fraudulent card-not-present transactions (e.g. when online shopping)
Researchers hack Visa cards in six seconds(SC Magazine) A research team from Newcastle University in the U.K. discovered a method to hack credit cards, including dates and security codes, in as little as six seconds
Researchers Warn of Visa Payment Fraud Gaps(Infosecurity Magazine) Researchers have warned that deficiencies in Visa’s e-commerce payment network could allow attackers to brute force credit card details in as little as six seconds
Aurora is real and has caused damage(Control Global) I have written frequently about the Aurora vulnerability. In preparation for a new book, I was able to find information about an actual Aurora event. The event affected a non-utility facility (no generator involved) where it experienced multiple Aurora events over a multi-day span
Protecting Powershell Credentials (NOT)(SANS Internet Storm Center) If you're like me, you've worked through at least one Powershell tutorial, class or even a "how-to" blog. And you've likely been advised to use the PSCredential construct to store credentials. The discussion usually covers that this a secure way to collect credentials, then store them in a variable for later use. You can even store them in a file and read them back later. Awesome - this solves a real problem you thought - or does it?
If You Holiday Shop Online, Don't Ignore This Warning About Malware That Targets Holiday Shoppers(Forbes) About two weeks before Black Friday, internet security company Enigma Software released a report showing that malware infections rose precipitously during the month between Thanksgiving and Christmas in 2014 and 2015. The report said there was no reason to think the same thing wouldn't happen this year. The report was right. The increase in malware infections was bad last year - this year it's worse
Phone Text Message Lottery Scams(Hoax-Slayer) Phone text (SMS) messages claim that the recipient has won a substantial sum of money in an online lottery or promotion
Ransomware as a Service fuels explosive growth(CSO) The ease and minimal expense of launching a ransomware “career” means that just about anyone, including those with little or no IT experience, can become a successful cyber criminal
Global Cybersecurity 2017 Assurance Report Card(Tenable Network Security) In 2016, Tenable Network Security introduced its groundbreaking Global Cybersecurity Assurance Report Card to measure the attitudes and perception of 504 enterprise IT security practitioners across the globe. The report quantifies how security professionals rate their enterprise’s ability to both assess cybersecurity risks and mitigate threats. These scores were combined to produce a report card score on global cybersecurity status — whether or not the world’s cyber defenses are meeting expectations
Intentional or not, insider threats are real(Help Net Security) Despite the perception that hackers are a company’s biggest cybersecurity threat, insiders, including careless or naive employees, are now viewed as an equally important problem, according to a survey by Dimensional Research
Verizon: Unknown Assets a Hacker's Playground(Light Reading) Service Provider & Enterprise Security Strategies -- Merger and acquisition activity may be financially rewarding but it can actually create and contribute to enterprise security risks, Verizon Enterprise Solutions' Christopher Novak warned today
China’s Bid For Aixtron Sunk By U.S. Security Concerns(Barron's Asia) The Obama administration plans to block a Chinese company from buying Germany’s Aixtron (AIXA.Germany/AIXG) on national security grounds because Northrop Grumman (NOC), a major U.S. defense contractor, is among Aixtron’s customers
root9B Technologies Announces Reverse Stock Split, Corporate Name Change and Headquarters Relocation(PRNewswire) root9B Technologies, Inc. (OTCQB: RTNB) ("Company") today announced a one-for-fifteen (1:15) reverse split of its issued and outstanding common stock. The one-for-fifteen reverse stock split is expected to become effective prior to the beginning of trading on December 5, 2016, at which time the Company's common stock should begin trading on a split-adjusted basis. The Company's common stock will continue to trade on the OTCQB. The new symbol will be RTNBD. The "D" will be removed in 20 business days and the symbol will revert back to RTNB
Security brawn with the brain to prevent data breaches(Networks Asia) Highly interconnected businesses competing in the digital economy have to be ever more vigilant in protecting their core business assets. They have to spot vulnerabilities and address potential compromises or gaps in their infrastructure that criminals could exploit to cause service disruption or data breach. The emergence of increasingly sophisticated evasion techniques further puts the field of threat detection and forensic investigation to the test
New infosec products of the week: December 2, 2016(Help Net Security) Trend Micro offers Deep Security as a Service on AWS Marketplace...SwiftStack launches new capability to ease hybrid cloud adoption...Palo Alto Networks automates cloud security deployment on Amazon Web Services...Optiv Security updates its proven SaaS-based third-party risk management platform...Fidelis Cybersecurity shortens response and resolution times for security incident...Seamless, over-the-air IoT connectivity and secure Provisioning for AWS Cloud...Core Security releases Core Mobile Reset and Core Access Insight 9.2...Neurotechnology releases FingerCell 3.0 SDK for fingerprint biometrics...CA Technologies delivers privileged user governance
Best Antivirus for PC and Mac in 2016(Neurogadget) A lot of Microsoft Windows users have the idea that they do not need to use antivirus software. Meanwhile, Android and Mac users even think that they do not require protection at all. Although the higher profile of Windows makes it a bigger target, it doesn’t mean that Android and OS X/Mac OS are not that vulnerable
Visa Delays Chip Deadline for Pumps To 2020(KrebsOnSecurity) Visa this week delayed by three years a deadline for fuel station owners to install payment terminals at the pump that are capable of handling more secure chip-based cards. Experts say the new deadline — extended from 2017 — comes amid a huge spike in fuel pump skimming, and means fraudsters will have another three years to fleece banks and their customers by installing card-skimming devices at the pump
DLP is back, but not as you know it(CSO) The need to become PCI-DSS compliant has driven the internal security agenda in a number of commercial organisations over the last five years in an unforeseen way. It has pushed organisations to focus purely on compliance and consequently Data Loss Prevention (DLP) became a simple tick box must have for most organisations
Penn State takes first place at national cyber threat competition(Penn State News) Four students from Penn State’s College of Information Sciences and Technology (IST) recently took home first place at the third annual Deloitte Foundation Cyber Threat Competition. The competition, held Nov. 11 and 12 in Westlake, Texas, consisted of two rounds designed to help students develop the skills needed to tackle increasingly complicated cyber risks
Report on Securing and Growing the Digital Economy(Commission on Enhancing National Cybersecurity) Recognizing the extraordinary benefit interconnected technologies bring to our digital economy—and equally mindful of the accompanying challenges posed by threats to the security of the cyber landscape—President Obama established this Commission on Enhancing National Cybersecurity. He directed the Commission to assess the state of our nation’s cybersecurity, and he charged this group with developing actionable recommendations for securing the digital economy. The President asked that this enhanced cybersecurity be achieved while at the same time protecting privacy, ensuring public safety and economic and national security, and fostering the discovery and development of new technical solutions
The Internet Has Officially Become A Domain Of Warfare(Daily Caller) Congress plans on elevating the status of the U.S. Cyber Command, the cyberspace division of the armed forces, by making it its own fully unified department — a move signaling the U.S. military officially considers the internet a battle space, like air, land, space and sea
Key Provisions in the Intelligence Authorization Act (FY'17)(Lawfare) On November 30th, the House passed H.R. 6393, the Intelligence Authorization Act for FY'17. While it remains to be seen what if anything ultimately emerges at the end of the process, I'd like to highlight some items in the current bill that I found particularly interesting
Obscure legal change expands government hacking powers(Christian Science Monitor Passcode) A revision to the Federal Rules of Criminal Procedure allows law enforcement to hack suspects' computers regardless of jurisdiction. Civil liberties groups worry the change will harm individuals' privacy rights
Opinion: Like it or not, government hackers gonna hack(Christian Science Monitor Passcode) Congress just implicitly blessed FBI hacking on a massive scale without any consideration of the privacy rights of innocent people. And even worse, they did it through an obscure process that minimized public debate
Snoopers’ Charter: Extreme Surveillance Becomes UK Law(Lawfare) Earlier this month, after more than a year of debate and amendments, the British Parliament passed the Investigatory Powers Bill (IP Bill), a law that authorizes surveillance powers virtually unprecedented anywhere else in the Western world
Litigation, Investigation, and Law Enforcement
Enigma Software Group Files Suit Against Malwarebytes(SAT Press Releases) Enigma Software Group USA, LLC (ESG) filed a complaint in federal court in New York today against competing anti-malware provider Malwarebytes Inc. The complaint, available here, alleges false advertising, unfair competition, and tortious interference with contractual relations
EFF Blasts DEA in Ongoing Secret ‘Super Search Engine’ Lawsuit(Threatpost) The Electronic Frontier Foundation is accusing the Drug Enforcement Agency of improperly withholding documents in a court case that hopes to reveal details about the government’s controversial surveillance program known as Hemisphere. The EFF, which is suing the DEA as part of a Freedom of Information Act (FOIA) request, is demanding the agency turn over documents that have been withheld or have been highly redacted
Dorkbot: Life after disruption(We Live Security) A year ago on 2nd December 2015, a collaboration between major cybersecurity firms, law enforcement and software providers – including ESET and Microsoft – successfully managed to disrupt Dorkbot, a malware family that had been infiltrating systems worldwide for over four years
Check if you were hit by the massive 'Avalanche' cybercrime ring(USA Today) The U.S. government has posted links for free scanning programs so companies and individuals can check their computers to make sure they weren't victims of a massive, international cyber criminal operation that was taken down Thursday after a four-year investigation
Sysadmin Gets Two Years in Prison for Sabotaging ISP(Bleeping Computer) A judge in New York has sentenced Dariusz J. Prugar, 32, of Syracuse, New York, to two years in prison for hacking his former employee, Pa Online, an internet service provider (ISP) formerly located in Enola, Pennsylvania
Car Dealer Accused of Stealing Pastor’s Nude Pics(Infosecurity Magazine) A Texas pastor has filed a lawsuit against his car dealership alleging nude photos of his wife were sent to a swingers' site by the salesman whilst he was buying a Toyota last year
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Disrupt London(London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.