Researchers see newly evolved strains of malware showing more sophisticated evasion capabilities. Trustwave reports that the Neutrino exploit kit now uses OS fingerprinting to screen out Linux devices security researchers commonly use. Palo Alto Networks describes how the T9000 custom backdoor identifies 24 security products, and then customizes its installation to evade analysis.
The ransomware campaign afflicting WordPress sites continues to serve up TeslaCrypt.
Someone (perhaps a white hat?) has coopted a Dridex botnet to deliver, not Trojans, but rather an Avira Antivirus installer. (Whoever did it, it wasn't Avira.)
In industry news, Symantec reported solid results last night. The fate of Norse remains murky even as its former CEO hits back at critics. Some analysts believe VCs are rethinking threat-intelligence plays, but the subsector still seems to have room to run.
Reports from US intelligence sources suggest a weakening of ISIS in its core territories, and there's some cautious optimism that ISIS realities may be undermining its narrative in ways its information ops will find it difficult to overcome.
Concerns about terrorism prompt governments to seek more comprehensive surveillance powers. Poland is the latest to enact a law enabling such surveillance. The EU's not happy about the new laws, but Poland is probably more bellwether than outlier in European surveillance policy.
The UK and the US discuss extending the UK ability to serve wiretap warrants in the US.
Privacy Shield's happy afterglow dims a bit with concerns over whether it will hold up in EU courts. Businesses, stay cautious.
Today's issue includes events affecting China, European Union, Iraq, Ireland, Democratic Peoples Republic of Korea, Poland, Russia, Syria, Thailand, Turkey, United Kingdom, United States.
T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques(Palo Alto Networks) Most custom backdoors used by advanced attackers have limited functionality. They evade detection by keeping their code simple and flying under the radar. But during a recent investigation we found a backdoor that takes a very different approach. We refer to this backdoor as T9000, which is a newer variant of the T5000 malware family, also known as Plat1
A New Era for ICS Security — Dragonfly Introduces Offense in Depth(Belden: the Right Signals) Last month, we updated our article on the Dragonfly malware to announce the research results by Joel Langill of RedHat Cyber, a leading independent ICS security expert. Joel's research showed that the Dragonfly campaign focused on pharmaceutical targets, rather than energy sector targets, as had been previously reported
A trip through the spam filters: more malspam with zip attachments containing .js files(Internet Storm Center) I was discussing malicious spam (malspam) with a fellow security professional earlier this week. He was examining malspam with zip attachments containing .js files. This is something I've covered previously in ISC diaries. However, the traffic patterns he saw was somewhat different than I've seen, so I figured it's time to revisit this type of malspam
Intrusion into UCF Network Involves Personal Data(University of Central Florida) Today I am sharing news that a recent outside intrusion into UCF's computer network compromised the personally identifiable information of some members of our university community
IRS e-filing down, outage could continue today(FierceGovernmentIT) The Internal Revenue Service has temporarily stopped accepting electronically filed tax returns because a hardware failure has caused major disruptions to a number of tax processing systems, said the agency in a statement posted late Wednesday
Cybercrime for sale(SC Magazine) When the United States Secret Service started to focus on cybercrimes nearly two decades ago, the market for this kind of electronic malfeasance was not nearly as large or as organized as it would quickly become, according to William Noonan, deputy special agent in charge for the Criminal Investigative Division of Cyber Operations at the U.S. Secret Service
Security Patches, Mitigations, and Software Updates
Flaws Expose Sauter SCADA Systems to Takeover(SecurityWeek) Researchers at vulnerability management company Outpost24 have identified a series of vulnerabilities that can be exploited by a remote attacker to take complete control of Sauter's moduWEB Vision SCADA product. The vendor has released a firmware update to address the issues
Surprise? Most organizations are not cyber resilient(Help Net Security) 71 percent of UK organisations would rate their cyber resilience as low today, underlining a lack of preparedness to handle cyberattacks by the majority of UK organisations, according to a new study by the Ponemon Institute
Hacker: the maddeningly imprecise term that is loaded with menace(Financial Times) "The word hacking is like feminism. It has got too much baggage attached." Of all the things Cal Leeming told me — and he told me a lot of hair-raising stuff about banks' security flaws — this was one of the things that stayed with me. He does not call himself a hacker, although he almost exactly embodies the stereotype of one
After Norse: VCs, pros eye cyber investments(SC Magazine) As the dust settles from the apparent demise of Norse Corp., IT security professionals are looking at lessons that can be learned from the collapse of a company that was until recently considered one of the fastest-growing threat intelligence companies
Startup Enlists AI to Predict Cyber Threats(Datanami) While major players are increasingly emphasizing human "intelligence-led" approaches to cyber security, artificial intelligence along with advanced analytics continue to make inroads in the "threat intelligence" market
Radware Announces a New $40 Million Share Repurchase Plan(Nasdaq) Radware® Ltd. (NASDAQ:RDWR) a leading provider of cyber security and application delivery solutions ensuring optimal service level for applications in virtual, cloud and software defined data centers, today announced that its board of directors has authorized a new one-year share repurchase plan allowing the Company to invest up to $40 million to repurchase its ordinary shares
Harnessing artificial intelligence to build an army of virtual analysts(Help Net Security) Enterprises of all types and sizes are continually probed and targeted by cyber attackers. It doesn't matter whether they are after the company's or their customers' information, or are trying to find ways in so that they can commit fraud, what matters is that many are succeeding
Keybase Introduces End-To-End Encrypted File Sharing Service(TechCrunch) There's promising news for individuals and organizations that deal in confidential data. Keybase, the service for sending encrypted messages, has begun to offer a file-sharing feature that is powered by end-to-end encryption, making it considerably more secure than Dropbox or other mainstream file-sharing options
Technologies, Techniques, and Standards
JIE has undergone no test or evaluation, says OT&E report(FierceGovernmentIT) Despite launching one and a half years ago, infrastructure and components of the Defense Department's Joint Information Environment have yet to undergo any operational testing, said the Office of the Director, Operational Test and Evaluation in an annual report submitted to Congress Feb. 1
New Kid On The Block: Cyber Threat Analyst(Dark Reading) Drawing from the financial service industry, this new role uses the "art of the intelligence cycle" to drive efficiency in the security operations center
Irishman solves GCHQ cryptography challenge(RTE News) An Irish code-breaker, along with two others, has proved he is almost a match for the UK's national intelligence and security agency by winning its Christmas card cryptography challenge
UNG launches Center for Cyber Operations Education(University of North Georgia) A cybersecurity education initiative through the University of North Georgia (UNG) aims to strengthen workforce opportunities in Georgia and fill critical staffing shortages in private industry, as well as in the Georgia Army National Guard, the U.S. Army and entities at all levels of government
Reactions to the EU-US Privacy Shield(Help Net Security) The European Commission and the United States have agreed on a new framework for transatlantic data flows: the EU-US Privacy Shield
New Safe Harbor Data "Deal" May Be More Politicking Than Surveillance Reform(Intercept) Lobbyists, government officials, and technology executives celebrated news from Strasbourg on Tuesday morning that the European Commission and the United States had reached an agreement to reinstate the free flow of massive amounts of data between companies in the United States and the European Union, safeguarding users' privacy at a new level
UK wants authority to serve warrants in U.S.(USA Today) British and U.S. officials have been negotiating a plan that could allow British authorities to directly serve wiretap orders on U.S. communications companies in criminal and national security inquiries, U.S. officials confirmed Thursday
Government Promises Comment Period on Next Wassenaar Draft(Threatpost) It's been months since the U.S. Commerce Department's Bureau of Industry and Security pulled the U.S. implementation of the Wassenaar Arrangement off the table for an unusual rewrite of the rules governing so-called intrusion software
Opinion: How NSA reorganization could squander remaining trust(Christian Science Monitor Passcode) Adm. Michael Rogers, director of the National Security Agency, wants to combine the agency's cyber defenders and its architects of espionage. While that may streamlines processes at the agency, it won't create more openness and trust when it's needed most
CIOs wary of sharing cyberthreat data(CIO) CIOs are still lukewarm to the idea of sharing the cybersecurity threat information the U.S. government is requesting in its Cybersecurity Information Sharing Act
Lawmaker wants briefing on OPM hack damage(Washington Examiner) The chairman of the Senate Homeland Security Committee on Tuesday called for a briefing with counterterrorism analysts to discuss ways that data stolen from the Office of Personnel Management may be used in the future
Clinton's Security Clearance Is Under Scrutiny(Bloonberg View) Now that several e-mails on Hillary Clinton's private server have been classified, there is a more immediate question than the outcome of the investigation: Should the former secretary of state retain her security clearance during the inquiry?
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
BSides Tampa 2016(MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium(Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...
Insider Threat Program Development Training — California(Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
OPSWAT Cyber Security Seminar(Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail(Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas(Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
SecureWorld Charlotte(Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.