Anonymous goes after three new targets: North Korea (to protest the DPRK's presumably easily militarized satellite launch), Saudi Arabia (to protest various human rights issues, and to demand the country's exclusion from the Olympics), and South Africa (where a job portal is attacked to protest child labor practices).
In other hacktivist news, White Hat "vigilantes" struggle with LizardSquad, contesting control over a network of compromised home routers. (In fairness to LizardSquad, characterizing the loose group as "hacktivist" is probably at this point misleading, given its steadily increasing participation in criminal black markets.)
Investigation into doxing at the US Departments of Justice and Homeland Security continues. It seems likely the attackers' point of entry was a compromised staffer account used to socially engineer an agency help desk. Those responsible (now known as "the DotGovs") posted their take on CryptoBin, which according to Tripwire has since become less accessible to searches.
The US Internal Revenue Service warns that somewhat more than 100,000 taxpayers' e-file credentials may have been compromised. The incident, the IRS says, was an automated attack on its Electronic Filing PIN application. The attack's been contained (without, authorities say, loss of personal data). The IRS is notifying taxpayers whose e-file accounts were prospected.
Palo Alto Networks warns that tax-themed phishing is spreading the NanoCore RAT.
SAP has patched a problem in its Manufacturing Integration and Intelligence (xMII) ICS product. Cisco closes a buffer overflow vulnerability in its ASA Software. (That vulnerability is being actively probed in the wild.) Patch now.
Today's issue includes events affecting European Union, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, United Kingdom, United States.
IRS Statement on E-filing PIN(IRS) The IRS recently identified and halted an automated attack upon its Electronic Filing PIN application on IRS[dot]gov
NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails(Palo Alto Networks) It seems every mainstream news event or holiday has an accompanying phishing campaign. Opportunistic actors hoping to capitalize on the public's attention are often seen sending phishing e-mails with themes related to the news or the season
Fake Security App for AliPay customers — Android SMS Stealer(ZScaler) During an ongoing analysis to protect our customers from the latest mobile threats, we came across an Android malware that disguised itself as a security feature for a famous Chinese online payment app, AliPay. Upon analysis, we discovered that the fake app is a malicious SMS stealer Trojan
Cisco ASA firewall has a wormable problem(CSO) It has been a rough couple of weeks for security vendors. Juniper with their remote access issue and and then Fortinet with their hardcoded password. Now, Cisco has found itself in the media
How Bad is Avast SafeZone Flaw(Information Security Buzz) Chris Underhill Head of IT and Security at UK-based cyber security firm, Cyber Security Partners have the following comments on the Avast SafeZone flaw
Vigilante Hackers Fight Lizard Squad For Control Of 150,000 Home Routers(Forbes) Home routers with little to no security are far too common. They're dangerous from a number of perspectives: as peeping holes for spying on people's daily web use, for filtering stolen files and for launching distributed denial of service (DDoS) attacks, where the power of combined compromised machines is used to flood target websites with traffic, thereby knocking them offline
DNSChanger Outbreak Linked to Adware Install Base(Cisco Blogs) Late last autumn, the detector described in one of our previous posts, Cognitive Research: Learning Detectors of Malicious Network Traffic, started to pick up a handful of infected hosts exhibiting a new kind of malware behavior. Initially, the number of infections were quite low, and nothing had drawn particular attention to the findings
Skimmers Hijack ATM Network Cables(KrebsOnSecurity) If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data
Flaw in Sparkle Updater for Mac opens users of popular apps to system compromise(Help Net Security) A security engineer has recently discovered a serious vulnerability in Sparkle, the widely used open source software update framework for Mac applications, that could be exploited by attackers to mount a man-in-the-middle attack and ultimately take control of the computer if they are located on the same network
CSO Online's 2016 data breach blotter(CSO) There were 736 million records exposed in 2015 due to a record setting 3,930 data breaches. 2016 has only just started, and as the blotter shows, there are a number of incidents being reported in the public, proving that data protection is still one of the hardest tasks to master in InfoSec
Execute My Packet(Exodus Intelligence) Cisco has issued a fix to address CVE-2016-1287. The Cisco ASA Adaptive Security Appliance is an IP router that acts as an application-aware firewall, network antivirus, intrusion prevention system, and virtual private network (VPN) server. It is advertised as "the industry's most deployed stateful firewall." When deployed as a VPN, the device is accessible from the Internet and provides access to a company's internal networks
Gmail to warn when email comms are not encrypted(Help Net Security) From now on, Gmail users will be able to see whether their communications with other email account holders — whether Gmail or any other email service — is secured. If it's not, there will be a red broken lock icon in the upper right corner of the message
IoT Next Surveillance Frontier, Says US Spy Chief(InformationWeek) US Director of National Intelligence James Clapper delivers chilling remarks regarding the Internet of Things, noting there may come a day when spy agencies may tap into IoT for surveillance, network access, and more
Former spymaster to help fight City cyber crime(Financial Times) The former head of GCHQ has been drafted in to help boost the City of London's defences against cyber attacks. Sir Iain Lobban, who was director of GCHQ between 2008 and 2014, is helping insurance broker Marsh to draft a report on cyber resilience for TheCityUK lobby group
What's the real cost of a security breach?(Help Net Security) The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million, according to NTT Com Security
Can FireEye Stop Its Losing Streak?(The Street) Shares of enterprise security company FireEye continue to get hammered, plummeting 40% already in 2016 and 65% in the past 12 months. And if you've held FireEye stock over the past three years, you're likely in the hole about 67%
No, VTech cannot simply absolve itself of security responsibility(Troy Hunt) A few months ago, the Hong Kong based toy maker VTech allowed itself to be hacked and millions of accounts exposed including hundreds of thousands of kids complete with names, ages, genders, photos and their relationships to their parents replete with where they (and assumedly their children) could be located
Tomcat IR with XOR.DDoS(Internet Storm Center) Apache Tomcat is a java based web service that is used for different applications. While you may have it running in your environment, you may not be familiar with its workings to provide adequate incident response when the time come. This article will walk through an incident where Tomcat is used and what critical artifacts you should collect
Cambridge2Cambridge hackathon fulfils Obama's dream(BusinessWeekly) Student teams from the two Cambridges — in the UK and Massachusetts — are set to fulfil the vision of President Obama and David Cameron to get the best young transatlantic brains tackling cyber security problems
Legislation, Policy, and Regulation
New EU Cyber-Security Law Moves Closer(Wynyard Group) New EU obligations on cyber-security have moved a step closer to becoming law now that the text of the proposed Network and Information Security (NIS) Directive has been agreed
DOD's $6.7B cyber budget focused on emerging threats(Defense Systems) The Defense Department's 2017 budget request is looking to amp up spending on cyber operations to $6.7 billion, which would represent about a 16 percent increase from the spending enacted for fiscal 2016
Good Defense is Good Offense: NSA Myths and the Merger(Lawfare) Over at Just Security, Ross Schulman opines that "When NSA Merges Its Offense and Defense, Encryption Loses." Schulman argues that under NSA's newly announced reorganization, the Information Assurance Directorate (IAD) "will be subsumed by the intelligence-gathering program" and "effectively cease to exist"
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Pwn2Own 2016(Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...
Black Hat Asia 2016(Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...
ISC West 2016(Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products.
Black Hat USA 2016(Las Vegas, Nevada, USA, August 3 - 4, 2016) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners...
SecureWorld Charlotte(Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Suits and Spooks(Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.