An update to the apparent North Korean intrusion into RoK military networks—South Korean sources now say that some information was successfully exfiltrated during the attack. As the security industry looks toward 2017, most observers forecast an increase in state-sponsored cyber threats.
Recorded Future warns that the Flash zero-day Adobe patched in an October update has been incorporated into seven exploit kits.
The Petya-Mischa ransomware combination has been updated, researchers tell Bleeping Computer, into a "GoldenEye" version. The malware targets German-speaking enterprises, coming across as a "Bewerbung" ("application," as in a job application), so if you're working in HR or recruiting around Frankfurt or Hamburg, sei doch vorsichtig.
Another ransomware strain, VO_ransomware, seems less dangerous than some of its competitors. Still, it's a nuisance, and 2-Spyware offers suggestions on purging it from your systems.
Some organizations are still finding it easier to pay up than fight extortionists—the Alleghany County state prosecutor's office in Pennsylvania coughed up $1400 to get rid of Avalanche.
Steganographic threats return as ESET reports a campaign that uses malicious banner ads to install malware in Internet Explorer users' systems. They call the attack campaign, appropriately, "Stegano."
Some eighty models of Sony IP cameras are found vulnerable to exploitation through a backdoor, and Sony has closed that backdoor with a firmware update.
As the transitioning US Administration considers recent recommendations on cybersecurity, Russia announces “a new national system of managing the Russian segment of the Internet.”
Content filtering goes to court in Canada and the EU.
Today's issue includes events affecting Canada, European Union, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Russia, Saudi Arabia, Turkey, United Kingdom, United States.
A quick word to our readers about sponsoring the CyberWire—there are a few sponsor slots available for 2017, but they're going fast. Learn more here.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Virginia Tech’s Hume Center, as Charles Clancy discusses the challenges of developing security solutions that can function in both the federal and commercial realms. Our guest is is Ebba Blitz from Alertsec, who presents the results of a survey on what Americans fear most when it comes to cyber security. (Apparently the Americans worry about those Bears...)
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
Flash Exploit Found in Seven Exploit Kits(Threatpost) A nasty Adobe Flash zero-day vulnerability that was remediated in an emergency update in October 2015 was thereafter co-opted by seven exploit kits, according to an analysis published today by researchers at Recorded Future
Researchers Find Fresh Fodder for IoT Attack Cannons(KrebsOnSecurity) New research published this week could provide plenty of fresh fodder for Mirai, a malware strain that enslaves poorly-secured Internet of Things (IoT) devices for use in powerful online attacks. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp. Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai
Backdoor vulnerability(SEC Consult Vulnerability Lab Security Advisory) Attackers are able to completely takeover the Sony IPELA ENGINE IP Camera products over the network
Hackers Gamify DDoS Attacks With Collaborative Platform(Threatpost) A Turkish hacking crew is luring participants to join its DDoS platform to compete with peers to earn redeemable points that are exchangeable for hacking tools and click-fraud software. The goal, security researchers say, is to “gamify” DDoS attacks in order to attract a critical mass of hackers working toward a unified goal
The early IoT gets the worm(Help Net Security) Five days after the start of World War I, Sir Edward Grey, British Foreign Secretary, remarked to a close friend, “The lights are going out all over Europe, we shall not see them lit again in our lifetime"
Over 400,000 phishing sites have been observed each month during 2016(Help Net Security) 84 percent of phishing sites observed in 2016 existed for less than 24 hours, with an average life cycle of under 15 hours. The data collected by Webroot shows that today’s phishing attacks have become increasingly sophisticated and carefully crafted in order to obtain sensitive information from specific organizations and people
New Flavor of Dirty COW Attack Discovered, Patched(TrendLabs Security Intelligence Blog) Dirty COW (designated as CVE-2016-5195) is a Linux vulnerability that was first disclosed to the public in October 2016. It was a serious privilege escalation flaw that allowed an attacker to gain root access on the targeted system. It was described as an “ancient bug” by Linus Torvalds and was quickly patched once it was disclosed, with most Linux distributions pushing the patch to their users as soon as possible
A new era of cybercrime – Symantec’s predictions for 2017 and beyond(IT Wire) Rogue nations will be financed by cybercrime, the used of undetectable file-less malware (firmware) will grow, IoT devices are fair and easy game, HTTPS/SSL will be abused – these are a few of Symantec’s emerging trends and predictions for paddling in cyberspace
Corporate data left unprotected in the wild(Help Net Security) A new survey conducted by YouGov has highlighted the risks to corporate data from poor encryption, and employee use of unauthorised and inadequately protected devices. The survey of British office workers found that 42% use devices not provided by their employer to work with corporate e-mails and files. Half (52%) also use personal online accounts, such as Enterprise File Sharing Services (EFSS) to store or access work files – with only 34% saying they have never done so
Cyber-insurance: What will you be able to claim for and is it worth it?(SC Magazine) The sharp rise in cyber-crime has caused big business to look seriously at how the insurance industry can help mitigate business risks associated with a data breach. But lack of actuarial data, and the inability to put a price on a risk with so many moving parts leads SC's Roi Perez to ask, is cyber-insurance worth it?
What is Cyber Insurance and Do You Really Need It?(CSO) Cyber insurance seems to be a popular new buzzword for many businesses. Roughly 70% of companies are now trying to transfer the risk to a third party insurance company. Out of these, roughly 25% were spending $500,000 or more on premiums. When asked in the RIMS cyber security survey why they made this decision, 82% of companies said they were concerned about how having a breach can cause harm to their reputation. 76% were concerned about business interruption and 75% were concerned about data loss
The Best Cybersecurity Stocks of 2016(Fox Business) Despite a stream of high-profile data hacks on enterprises, this hasn't been a great year for the cybersecurity industry. Spending growth slowed as large companies decided to delay purchase decisions, pinching profit results for the biggest players
5 Reasons Palo Alto Networks Inc Stock Could Fall(Fox Business) Next-gen firewall vendor Palo Alto Networks (NYSE: PANW) shed nearly 30% of its value over the past year due to ongoing concerns about its slowing sales growth, widening losses, and rising competition. But as Palo Alto hovers near its 52-week low, investors might be tempted to start a position in this high-growth stock. However, I believe that the stock could still fall further for five main reasons
WinPatrol to Match Donations for Charities, Schools and Religious Organizations(OpenPR) WinPatrol, the maker of WinPatrol WAR the only anti-ransom solution that also protects against malware and zero day attacks, today announced their WinPatrol Holiday Challenge. During this challenge, which lasts through the end of December 2016, WinPatrol will match license for license all donations of our software to charitable, religious and educational institutions
IBM’s Watson Now Fights Cybercrime in the Real World(Wired) You may know Watson as IBM’s Jeopardy-winning, cookbook-writing, dress-designing, weather-predicting supercomputer-of-all trades. Now it’s embarking on its biggest challenge yet: Preventing cybercrime in finance, healthcare, and other fields
Barracuda Networks and High-Tech Bridge Join Efforts to Improve Web Application Security(BusinessWire) Barracuda Networks Inc. (NYSE:CUDA) and High-Tech Bridge SA announced a technology alliance and integration of High-Tech Bridge’s ImmuniWeb® Web Security Testing Platform and Barracuda’s Web Application Firewall from version 9.0 and above. The integration will allow customers to deploy virtual patching of web application vulnerabilities in just a few clicks
Nintendo offers up to $20,000 for bug info(Help Net Security) Video game giant Nintendo has set up a bug bounty program through HackerOne’s platform, and is asking researchers to find and flag vulnerabilities in the Nintendo 3DS family of handheld game system
This App Wants to Be Your Encrypted, Self-Destructing Slack(Wired) If you use a workplace collaboration tool like Slack or Hipchat, it’s easy to fall into an assumption of privacy, throwing around gossip and even sensitive business as if it were normal cubicle chatter. It’s not. Anything you write in one of those collaborative chatrooms can be stored, and is potentially vulnerable to government surveillance, hacking, or a subpoena in a run-of-the-mill lawsuit
KnowBe4 Phishing Tool Looks To Take Down CEO Fraud(PYMNTS) KnowBe4, a security awareness training and simulated phishing platform provider, launched a new tool designed to help IT managers combat CEO fraud, or Business Email Compromise (BEC) as it is referred to by the FBI
Avast launches four new ransomware decryptors(Windows Report) The rise of ransomware has given a whole new world of meanings to cyber threat. It’s now one of the dangerous malware forms in that it locks users out of their computer and important files using robust encryption tools. Unless you pay the amount demanded by attackers, you’ll have to look for other ways to recover your data. Fortunately, some of the major security vendors got your back with free decryption tools
Top 6 breach response best practices for 2017(Help Net Security) Cybercrime costs are expected to rise to $2 trillion by 2018, according to Juniper Research, in large part because the increase in cyber threats is resulting in a surge in data breaches, exposing millions of individuals and their sensitive information
When the Boundary Isn’t Enough: Accelerating Discovery, Investigation and Response(Infosecurity Magazine) Depending on which study you are citing, anywhere between 50% and 95% of companies have already been breached. If you consider the money that has been invested in preventive security, that’s a major fail. Once the cybercriminals are inside, finding and stopping them must be a priority – and the faster that happens, the fewer the losses, both economically and in terms of reputation
The Hidden Cost of ‘Pay-to-Play’ AV Testing(Cylance) It must be said: some of the top players in the third-party antivirus (AV) testing industry have recently revealed themselves to be nothing more than pay-to-play capitulators who seek to line their pockets by perpetuating outmoded technologies while keeping more effective and innovative solutions out of the hands of the users who need them
What is the Blockchain?(Nasdaq) These days it is impossible to read the financial press without often stumbling upon intriguing hints that something called "the blockchain" is going to disruptively revolutionize banking and financial services. So, in this first of a series of introductory articles, we try to explain clearly and simply what blockchain technology is, and why it is considered highly relevant to the future of finance and banking
How the human factor can actually increase your cyber security(IT Business Net) Cyber security is the number one problem for most organizations nowadays. According to new statistics the cost of cybercrime increased to $400 billion worldwide in 2014, and about one million attacks occurred every day in 2015. National Cyber Security Alliance estimates that around 60% of businesses close in the six months after a cyber-attack. Whats more, human error is estimated to cause 37% of all those security incidents
Are you human or a bot? Google’s invisible reCAPTCHA will decide(Naked Security) A few years ago, Google simplified its prove-you’re-a-human reCAPTCHA test. To prove we’re not automated bots, it gave us a single, hopefully quivery “I’m not a robot” click to replace the previous deciphering of blobby melted characters and mathematical problems that made our brains hurt
How Carriers Can Help Solve IoT Insecurity(Wireless Week) Through our research and work with carriers, partners, and others, AdaptiveMobile has predicted up to 80 percent of devices connected on the IoT do not have appropriate security measures in place. To put it plainly, four in five of IoT devices on the market are vulnerable to malicious activity, inadvertent attacks, and data breaches
Putin moves to step up Russia’s cyberdefenses(Naked Security) Stung by a recent wave of attacks against the sites of his country’s biggest banks, Russian President Vladimir Putin has endorsed a new infosec doctrine to raise online defenses, according to media reports. Among other things, it calls for Russia to develop “a national system of managing the Russian segment of the internet”
Inside the Bizarre Movement to Make John McAfee Cyber Czar(Motherboard) On Monday afternoon, as Donald Trump continued finalizing his cabinet from his transition base atop Trump Tower, a group of thirty demonstrators gathered below to make a very specific recommendation: “That Donald Trump put America first and name John McAfee, the most qualified expert, to be our nation’s Cybersecurity Czar”
Server Location, Jurisdiction, and Server Location Requirements(Technology and Marketing Law Blog) At the recent “Law, Borders, and Speech” conference at Stanford, several participants debated the relevance of server location in determining jurisdiction. Some Silicon Valley attorneys at the conference argued that the location of a server should not be just one of the factors in a jurisdictional inquiry, but that it should be the determinative factor for jurisdiction
Marine major who warned of danger before insider attack wins court case(Marine Corps Times) A federal judge has overturned a Marine Corps decision to discharge Marine Maj. Jason Brezler, who was accused of mishandling classified information after he warned Marines in Afghanistan about an Afghan police chief days before a deadly insider attack in August 2012
Former Expedia IT support worker spied on company executives(Help Net Security) A computer support technician formerly employed at Expedia offices in San Francisco pleaded guilty to securities fraud. Jonathan Ly, 28, admitted he used his position in tech support at Expedia to access emails of Expedia executives so that he could trade in Expedia stock and illegally profit from non-public information
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.