The Ukrainian rolling blackout, now by general consensus regarded as the work of Russian security organs, prompts electrical utilities worldwide (and especially in the United States) to take stock of their cyber defenses. Such taking stock results in an evergreen discovery: much of the information attackers would need to stage their attacks is freely available in open sources.
And while squirrels doubtless have a much larger track record in power disruption (as Tenable points out in a Passcode op-ed) observers look for an increase in cyber attacks on infrastructure in 2016.
A report surfaces, attributed to US Coast Guard sources, that a cyber attack on a US port was attempted and thwarted late in 2015.
Cyber-rioting resumes in the Subcontinent, as Indian hacktivists deface Pakistani sites as a memorial tribute to a slain border control officer.
Criminals are using compromised certificates to help spread malware infections. Trend Micro warns that Let's Encrypt certificates are being used to facilitate distribution of Angler. Zscaler reports some interesting findings on the information-stealing Trojan Spymel, whose .net executable is "signed with a legitimate DigiCert-issued certificate."
If you've wondered about how criminals monetize identity theft, here's one trending approach discussed by Brian Krebs: they use stolen identities in warranty fraud.
Time Warner Cable is notifying some 320,000 customers that their accounts may have been compromised.
WordPress issues an update that fixes some security holes. SilentCircle patches an issue in its designed-for-privacy Blackphone.
In industry news, speaker manufacturer Harmon International buys automotive cyber security company TowerSec.
Today's issue includes events affecting India, Iraq, Netherlands, Pakistan, Russia, Syria, Ukraine, United Arab Emirates, United Kingdom, United States.
US port cyber-attack thwarted(Port Strategy) The United States Coast Guard Cyber Command's (CGCYBER) latest maritime cyber bulletin has revealed that there was an attempted cyber-attack against an unknown port facility
Yet Another Signed Malware — Spymel(Zscaler ThreatLab) ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate
Second Database Exposing Voter Records Found Online(SecurityWeek) A Christian conservative organization is believed to be responsible for exposing the details of millions of U.S. citizens by failing to ensure that its databases could not be accessed by unauthorized individuals
Android-based Smart TVs Hit By Backdoor Spread Via Malicious App(TrendLabs Security Intelligence Blog) With the year-end shopping season over, many consumers now have new various smart gadgets in their homes. One particularly popular usage of this so-called Internet of Things (IoT) are smart TVs. These TVs are more than just passive display devices; many of them can even run Android apps as well. Some may find these features useful, but these capabilities bring their own risks
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation(Threatpost) If you're hanging on to the theory that collision attacks against SHA-1 and MD5 aren't yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have demonstrated new attacks that raise the urgency to move away from these broken cryptographic algorithms
Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH(MITIS) In response to high-profile attacks that exploit hash function collisions, software vendors have started to phase out the use of MD5 and SHA-1 in third-party digital signature applications such as X.509 certificates. However, weak hash constructions continue to be used in various cryptographic constructions within mainstream protocols such as TLS, IKE, and SSH, because practitioners argue that their use in these protocols relies only on second preimage resistance, and hence is unaffected by collisions. This paper systematically investigates and debunks this argument
A recent example of wire transfer fraud(Internet Storm Center) Do you know about any attempts of wire transfer fraud in your organization? They often start with phishing emails. These emails are used to trick an employee into wiring money to bank accounts established by the criminal. It's an old scam, but 2015 apparently saw a resurgence in wire transfer
Facebook "Page Disabled" Phish Wants your Card Details(Malwarebytes Unpacked) Fake Facebook Security pages are quite a common sight, and there's a "Your page will be disabled unless…" scam in circulation at the moment on random Facebook comment sections which you should steer clear of
Scammers target citizens filing tax returns online(Help Net Security) As ten million people prepare to complete their tax returns online in January, British citizens are being bombarded with scams. Forty per cent have received phishing emails which appeared to be from HMRC, and identity fraud is rife — with many people still unaware of the potential risks involved, according to Miracl
Don't be Deceived by a Pretty Face and a Sad Story(Team Cymru) As Christmas 2015 fades into memory, and January begins its annual onslaught of gym adverts and crash diets, we hope that Santa Claus (or Saint Nicolas, Befana, et el) brought you everything you were hoping for
Drupal — Insecure Update Process(IOActive Blog) Security updates are a common occurrence once you have installed Drupal. In October 2014, there was a massive defacement attack that effected Drupal users who did not upgrade in the first seven hours after a security update was released. This means that Drupal updates must be checked as frequently as possible (even though by default, Drupal checks once a day)
The rise of algorithms for your algorithms(FierceBigData) According to a new Frost & Sullivan report, this is the year when machine learning algorithms will be used to evaluate the effectiveness of other algorithms. A handful of big-data-savvy companies already started that process last year, leading the way, but the research firm says that fledgling trend will fully emerge this year
Visual hacking is not hacking(CIO) There's hacking and then there's copying off of your neighbor's work like we had to worry about in grade school. Remember. That's not really hacking, is it?
Cybersecurity Insurance Explosion Poses Challenges(Bloomberg BNA) Cybersecurity insurers may see premiums gross income rise by 300 percent or more in the next five years, even as the product's pricing and composition continue to evolve, insurance specialists and others told Bloomberg BNA
Are Cisco, Symantec, HP Angling For Fortinet, Qualys?(Investor's Business Daily) Cybersecurity firms Qualys (NASDAQ:QLYS), Fortinet (NASDAQ:FTNT) and Proofpoint (NASDAQ:PFPT) could be on the auction block in 2016, likely pitting Cisco Systems (NASDAQ:CSCO), Microsoft (NASDAQ:MSFT), Hewlett Packard Enterprise (NYSE:HPE) and Oracle (NYSE:ORCL) in a "long overdue" M&A battle, FBR analyst Daniel Ives said Wednesday
PayPal Co-Founder Max Levchin's Bet on Cryptography(BloombergBusiness) Max Levchin, PayPal's co-founder and Affirm's chief executive officer, discusses cryptography and what's next for Yahoo with Bloomberg's Emily Chang on "Bloomberg West." Levchin is also a former Yahoo board member
Proofpoint lance une solution de sécurité pour Instagram(Global Security Mag) Proofpoint, Inc., annonce le lancement d'une solution qui identifie automatiquement les menaces de sécurité, violations de conformité et publications inappropriées sur Instagram. Proofpoint SocialPatrol™permet d'exécuter une analyse avancée des images et du texte, lui-même incorporé ou non dans une image. Les marques et les organisations soucieuses des questions de conformité peuvent ainsi surveiller et supprimer les publications et commentaires inappropriés
What's your cybersecurity whistleblower strategy?(CSO) Regulators and attorneys are growing more interested in cybersecurity accountability. One likely outcome of this interest is an increase in cybersecurity whistleblower cases. This means every organization needs to rethink how to handle internal and external security problem reporting
Docker and Security: How do they fit together?(Jaxenter) While Docker images are famously simple and practical, Docker security remains a tricky maze. Docker pros Dustin Huptas and Andreas Schmidt show us the essential security features you need to know for building a secure system with Docker
Pioneer In Internet Anonymity Hands FBI A Huge Gift In Building Dangerous Backdoored Encryption System(Techdirt) I first came across cryptography pioneer David Chaum about a decade ago, during the debates about online voting. Many in the technology world were insisting that such things were impossible to do safely, but Chaum insisted he had come up with a way to do online voting safely (he'd also tried to do electronic money, DigiCash… unsuccessfully). Many people disagreed with Chaum and it led to some fairly epic discussions. It appears that Chaum is again making moves that are making many of his colleagues angry: specifically creating a backdoored encryption system
Defending the smart city(Intelligent Utility) With all the hype around Smart Cities today, you'd think they are ubiquitous
Research and Development
Cryptographers honored with Levchin Prize at Real World Cryptography Conference(Stanford Daily) The inaugural Levchin Prize for Real World Cryptography was awarded Wednesday at the Real World Cryptography Conference (RWCC), held annually at Stanford. Phillip Rogaway, professor of computer science at UC Davis, as well as the international miTLS research team, each received $10,000 for their work on cryptography
Netherlands opposes backdoors, but encryption still under assault(Naked Security) The Dutch government has officially declared its opposition to any restrictions on the development or use of encryption products, even as Dutch lawmakers are weighing legislation that could mandate backdoor government access to encrypted communications
Mass-surveillance 'undermines security' and failed to stop 9/11 attacks, says ex-NSA officer(Graham Cluley) According to a former officer at the United States National Security Agency (NSA), bulk data collection has resulted in the loss of life before, and it will lead to more lives lost in the future. Draft billOn Wednesday, William Binney, former director of the NSA's Analytic Service Office, is scheduled to present evidence before the UK Parliament's Joint Committee on the Draft Investigatory Powers (IP) bill
State Department gave 'inaccurate' answer on Clinton email use, review says(Washington Post) Two years before the public learned of Hillary Clinton's private server, the State Department gave an "inaccurate and incomplete" response about her email use when it told an outside group that it had no documents about Clinton's email accounts beyond her government address, according to a report from the State Department's inspector general to be released Thursday
Clinton aides' cybersecurity emails go from 38,000 to one(Politico) The State Department has dramatically revised downward — from about 38,000 to one — its estimate of the number of pages of messages in Hillary Clinton aides' private email about training on cybersecurity threats and other computer-related issues
Islamic State video turns British attention to banned group(Reuters) If London-born convert Abu Rumaysah is confirmed as the front man in the latest Islamic State video, then he will be just the latest in a long line of militants to emerge from a banned group the authorities say breeds easy prey for jihadist recruiters
The FBI's 'Unprecedented' Hacking Campaign Targeted Over a Thousand Computers(Motherboard) In the summer of 2015, two men from New York were charged with online child pornography crimes. The site the men allegedly visited was a Tor hidden service, which supposedly would protect the identity of its users and server location. What made the case stand out was that the Federal Bureau of Investigation (FBI) had used a hacking tool to identify the IP addresses of the individuals
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.