Someone from the New World Hacktivists (going by the brassica-themed handle "Kapustiky") has stolen some 30,000 passport records from the Russian consulate in the Netherlands website. Mr. Kapustiky says his motive is to raise awareness about the dangers of a data breach.
Ukraine's Defense Ministry stated yesterday that its website was downed by disruptive cyber attacks that seemed designed to prevent the Ministry from providing updates on the Russian hybrid war being waged in eastern Ukraine.
Venezuela, undergoing its ongoing economic and financial crises, has pulled in a prominent bank president (Víctor Vargas, president of the Banco de Occidental Descuento) for questioning in connection with allegations of complicity in December 2 cyber incidents involving online banking systems. Venezuelan officials also suggest that their withdrawal of their highest denomination currency, the 100 Bolivar note, is connected with concerns about cyber security.
Dr. Web, original discoverer of the Loki Trojan, warns that a new version can infect native Android OS libraries. Dr. Web also reports that some Trojan downloaders are appearing pre-loaded in the firmware of discount Android phones.
BugSec and Cynet say they've discovered a vulnerability in Facebook Messenger (they're calling it "Originull") that could give attackers access to chats and photos. Facebook has fixed the flaw, but it could also affect websites using origin registration checks.
Netgear has pushed out firmware updates for vulnerable router models. Microsoft patches Skype, IE, Edge, and Windows, and Adobe issues a patch for a Flash zero-day.
Investigation of election hacking proceeds in the US.
Today's issue includes events affecting Australia, Canada, China, India, Italy, Libya, Mali, Malawi, Netherlands, Romania, Russia, Switzerland, South Africa, Ukraine, United Kingdom, United States, and Venezuela.
A note to our readers: The new Star Wars film, Rogue One, is out this week. It's billed as "the epic tale of a scrappy group of rebels and their daring mission to steal the plans for the Death Star." Given what's generally known about information security, however, one wonders if perhaps the plans might actually have been compromised in a different way.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, Dale Drew from our partners at Level 3 will discuss the very timely topic of nation state hacking. Our guest, Omri Iluz from PerimeterX, will weigh in on the equally timely topic of gift card fraud.
A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.
As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.
Gooligan: Malware is not the only problem(Cyber Parse) Many users of Android mobiles have been alarmed by a recent warning that the Gooligan malware has infected over a million devices around the world, although only about 9 per cent of the victims are located in Europe
The Most Dangerous Places To Play 'Pokemon Go'(Motherboard) Niantic Inc., the creative force behind Pokémon Go, announced on Monday that they will be adding second generation Pokemon to their virally popular mobile game. But players will not find these latest battle monsters in the wild. Instead, players must hatch them from eggs that are available at Pokéstops—refueling stations where players can stock up on Pokéballs and unhatched eggs
How Argentina’s Political Crisis Gave Rise to Hacker Culture(Motherboard) In December 2001, Argentina was thrown into chaos. The worst violence the South American nation had seen since the early 1980s raged across the country as president Fernando de la Rúa resigned: 39 people were killed, the economy tanked, and police became aggressive against civilian demonstrators
Security Patches, Mitigations, and Software Updates
New Critical Fixes for Flash, MS Windows(KrebsOnSecurity) Both Adobe and Microsoft on Tuesday issued patches to plug critical security holes in their products. Adobe’s Flash Player patch addresses 17 security flaws, including one “zero-day” bug that is already actively being exploited by attackers. Microsoft’s bundle of updates tackles at least 42 security weaknesses in Windows and associated software
Cyberthreat Analysis for 2017(Booz Allen Hamilton) Foresights is an annual spotlight of Cyber4Sight’s threat intelligence analysis, drawing on trends and forces from this and prior years in an effort to forecast what the future holds for network security and global policy
Cybersecurity concerns won’t slow in 2017(Bloomberg Government) As a new administration is established, cybersecurity remains a critical bipartisan issue that impacts all people, from government employees of all levels across the world to industry leaders to individual citizens. Moving into 2017, there’s no slowing down
Employee Reporting of Suspicious Emails Substantially Outweighs Susceptibility to Attacks(Yahoo!) PhishMe Inc., the leading provider of human phishing defense solutions, today released its 2016 Enterprise Phishing Susceptibility and Resiliency Report, which illustrates employee susceptibility to phishing emails and resilience improvements when engaged in security reporting. With phishing still the most common cyber-attack vector leading to data breach, the report analyzes the most successful triggers, themes and emotional motivators leading employees to fall for phishing emails, as well as how reporting can drive a decrease in time to attack detection from days to minutes
The rising use of personal identities in the workplace(Help Net Security) 90% of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security. However, with 68% saying they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto’s research suggests that personal applications (such as email) are the biggest worry to organisations
Ransomware Research: Cyber Insurance & Cyber Guarantees(Sentinel One) Almost half (48%) of those surveyed state that their organization has suffered a ransomware attack in the last 12 months (sheet 6). Those who have been affected have had to defend against six attacks on average (sheet 8), with the majority (94%) stating that there was an impact on their organization as a result of these ransomware attacks
Should security vendors offer product guarantees?(Help Net Security) A new Vanson Bourne survey of 500 businesses in the UK, US, France and Germany revealed that nine in ten companies want to see IT security vendors offer a guarantee on their products and services, and 85 per cent claim they would change providers if they could find an alternate IT security vendor who offers a guarantee
MACH37 Cyber Accelerator Opens Applications for Spring 2017 Session(PRWeb) The MACH37 Cyber Accelerator has officially announced it will begin accepting applications from information security product startups and security entrepreneurs for its Spring 2017 (S17) Cohort that begins on March 14th. The MACH37 program consists of an intense 90-day program in which the selected startups are coached in all aspects of creating a sustainable and successful business
Palo Alto: What To Expect In 2017(Seeking Alpha) Palo Alto's growth story is about to reach the last chapter. There are a lot more tales to be told in subscription growth, up-sells and cross-sells. What should we expect in 2017?
IBM launches cyber security centre for India(Times of India) IBM has launched what it says is a state-of-art cyber security command centre in Bengaluru to offer customized security solutions to its Indian clients.The company says it planned this long before the extra push for digital in India came from demonetization. But the current environment makes the move look particularly relevant. Concerns about security are becoming top-of-mind for many involved as the Modi government aggressively pushes digital payments
Ulevitch to Head Cisco's Security Operations(Light Reading) Cisco has named David Ulevitch head of its Security Business, succeeding David Goeckeler, who last June was promoted from managing the company's security operations to handle both security and Cisco's core networking hardware business as senior vice president and general manager of the Networking and Security Business
Products, Services, and Solutions
Recorded Future Adds Technical Threat Intelligence to Fuel All-Source Analysis Breakthrough(Yahoo! Finance) Recorded Future, the real-time threat intelligence leader, today announced new technical threat intelligence that enables security teams to rapidly find connections in threat data and drive security actions with confidence. The challenge defenders face is making sense of data from technical threat sources that are scattered across multiple sites and systems. Recorded Future is the first to deliver deep integration of technical and open source intelligence (OSINT) into a single product. The combination gives security teams powerful all-source analysis capabilities, reducing the risk to their business
Tremolo Security Announces Cloud Native Identity Management System(PRNewswire) Tremolo Security today announced the latest release of their cloud native identity management system Unison and their open source project OpenUnison. In a blog post on their website, CTO Marc Boorshtein, points out the power of cloud native solutions, "What makes the cloud native revolution so important is its ability to give you both the control of local infrastructure while having the speed of Software as a Service. This power shouldn't be slowed down by adding identity management, it should be accelerated"
Head Italia Partners with root9B to Provide Cybersecurity Solutions(PRNewswire) root9B, a root9B Holdings (OTCQB: RTNBD) company and leading provider of advanced cybersecurity products, services, and training announced today its partnership with Head Italia, specialized in the integration, sale, and technical support of advanced military systems. This partnership will provide Italian government and defense customers with cybersecurity solutions to protect their critical data and infrastructure
Rambus Renews License Agreement With Thales(Yahoo!) Rambus Inc. (RMBS) today announced it has renewed its DPA countermeasures license agreement with Thales e-Security. Under this new five-year agreement, the Thales line of hardware security modules (HSMs) will be protected against side-channel attacks in a variety of systems, including high-performance data center appliances. Specific terms of the agreement are confidential
Dashlane 4.6.5: Protect all your sensitive online data across desktop and mobile(Tech Central) These days, a third-party password manager is de rigueur for anyone venturing on to the internet with a clutch of online accounts. You won’t last long relying on weak, easily guessable passwords to protect your personal data when online, so password managers like LastPass that lock all your passwords away behind a single, master password, have much to recommend them
End the air gapping myth in critical infrastructure security(Help Net Security) In an environment where we’re seeing increasing demand for connectivity between operational technology (OT) and IT, security teams have to dispel the air gapping myth to acknowledge that IT influences can exploit OT connections
When it comes to IoT, more security is needed(SC Magazine) Sometimes it takes a monumental event for an industry to change. The Target hack during the holiday season of 2013 – in which some 40 million credit card numbers were stolen – changed people's attitudes about security forever. And the same holds true with the attack on DNS provider Dyn last October: Internet of Things (IoT) devices were compromised and turned into bots that slowed access and, in some cases, shut down frequently visited websites such as Amazon, Twitter and PayPal
How to Automate Governance, Risk and Compliance(Infosecurity Magazine) IT governance, risk management discipline, information security policy and legal compliance requirements all place a burden on companies to ensure their governance, risk and compliance (GRC) policies protect customers, staff and stakeholders
Opinion: Cybersecurity needs an offensive playbook(Christian Science Monitor Passcode) In order to beat malicious hackers, the cybersecurity community must develop innovative approaches for deploying – and automating – offensive strategies to find and fix software vulnerabilities
How might China’s cyber-spies adapt to Trump’s America?(CyberScoop) Chinese cyber-espionage efforts against American companies and government properties are predicted to increase during President-elect Donald Trump’s first year in office, according to a new analysis from global consulting firm Booz Allen Hamilton, but experts say it’s tough to forecast exactly how the U.S.-China cybersecurity relationship will change
How to Wage Hybrid War on the Kremlin(Foreign Policy) President Obama has been shamefully derelict in making Putin pay a price for his aggression. It’s time to give Vladimir a taste of his own medicine
No need to start over on cybersecurity(Lincoln Journal-Star) President-elect Donald Trump’s to-do list is one of colossal proportions, made longer by his vow to overturn most of what President Barack Obama did during his eight years in office
What Can We Expect Out of Trump’s Cyber Summit?(New York Magazine) President-elect Donald Trump is planning to meet with tech industry leaders on Wednesday, the latest in a series of meetings in which famous people are photographed entering the lobby of Trump Tower, 20 minutes pass, and then Trump is photographed giving the thumbs-up
Clinton Staffer Made a Typo and Now Trump Is President(New York Magazine) Now that the election’s over, more Clinton officials and staffers are speaking publicly about the lax operational security that led to multiple hacker intrusions and email leaks, which the intelligence community overwhelmingly asserts were carried out by hackers affiliated with the Russian government. One of those leaks, comprising John Podesta’s large cache of personal emails, had devastating implications for the Democratic campaign, and happened because of … a typo
Official: FBI told Illinois GOP of possible email hacking(AP) The FBI told the Illinois Republican Party months before the presidential election that its email accounts may have been hacked, and party officials later found some of its emails on a website reportedly tied to Russia's military intelligence agency, the state GOP's executive director said Sunday
Clapper Claims WikiLeaks Connection With Russian Cyber Attacks Not Strong(Washington Free Beacon) Director of National Intelligence James Clapper told lawmakers last month that the U.S. intelligence community does not have strong evidence showing a connection between WikiLeaks document releases and Russian cyber attacks against American political networks during the 2016 election
The Perfect Weapon: How Russian Cyberpower Invaded the U.S.(New York Times) When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk
‘Operation Tarpit’ Targets Customers of Online Attack-for-Hire Services(KrebsOnSecurity) Federal investigators in the United States and Europe last week arrested nearly three-dozen people suspected of patronizing so-called “booter” services that can be hired to knock targeted Web sites offline. The global crackdown is part of an effort by authorities to weaken demand for these services by impressing upon customers that hiring someone to launch cyberattacks on your behalf can land you in jail
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.