Arbor Networks describes a "multi-pronged" malware campaign targeting sites — most of them belonging to non-governmental organizations — in Southeast Asia. There's no formal attribution of the malware cluster ("Trochilus"), but observers see China as a suspect.
Post mortems on the BlackEnergy/SandWorm cyber attack on Western Ukraine's power grid continue. Observers see the incident as a bellwether, not an outlier, and warn utilities to expect more attacks in 2016.
Increasing sectarian and political tensions between Saudi Arabia and Iran inflame a guttering regional cyber riot in which many expect to see the governments themselves join (if they haven't already).
Proclamations of fealty to ISIS emerge from the Philippines. European governments continue to work toward closer cooperation against extremism and its resultant terror. The US Departments of State and Defense show signs of looking beyond technical approaches to fighting ISIS and toward aggressive counter-messaging. But some think the new style of information operations — even if it gets its messaging right — will soon be entangled with legal and organizational obstacles.
Akamai warns that a malicious search-engine-optimization scheme is using SQL injection to goose search hits.
European data center services provider Interxion discloses a breach in its CRM system that may have exposed sensitive customer information.
The Russian hacker "w0rm" claims to have broken into Citrix.
Trend Micro patches a remote-execution bug. Microsoft ends support for Windows 8 and older versions of IE.
The US House holds hearings this afternoon on the Wassenaar cyber export control regime. Industry fears Wassenaar will criminalize legitimate security research.
Today's issue includes events affecting Australia, Belgium, China, European Union, France, India, Iraq, Myanmar, Netherlands, Palestine, Philippines, Romania, Russia, Syria, Ukraine, United Kingdom, United States, and Yemen.
BlackEnergy .XLS Dropper(Internet Storm Center) The malware used in the recent Ukranian cyber attack was (allegedly) delivered via a malicious spreadsheet. I analyzed this maldoc (97b7577d13cf5e3bf39cbe6d3f0a7732) and it's very simple: the macro runs automatically, writes an exe to disk (embedded as an array of bytes) and executes it. There's no obfuscation of the VBA code or encoding of the PE file
BlackEnergy and the Ukrainian power outage: What we really know(We Live Security) A lot of speculation, and some misinterpretation, has arisen surrounding the recent discovery of malware in Ukrainian energy distribution companies. ESET researchers have published a detailed analysis of the malware and its dangerous functionalities, which probably relate to the recent, massive power outage experienced by hundreds of thousands Ukrainian citizens
Scammers target Dell customers after apparent data breach(CIO via CSO) A number of Dell customers claim to have been contacted by scammers who had access to specific customer information that should have only been available to Dell. The company says it hasn't been hacked but won't offer an explanation for the seemingly stolen data
How Nvidia breaks Chrome Incognito(charliehorse55) When I launched Diablo III, I didn't expect the pornography I had been looking at hours previously to be splashed on the screen
Microsoft To End Windows 8 Security Updates January 12(Übergizmo) As you might have heard, in January of last year, Microsoft ended mainstream support for Windows 7. Now if you have long upgraded to Windows 8, the bad news is that your time has come. Just to remind you guys, Windows 8's security updates will be coming to an end on the 12th of January, 2016
The Sorry Legacy of Internet Explorer(Wired) Internet Explorer soon will be a thing of the past. Starting today, Microsoft will stop supporting Internet Explorer versions 7, 8, 9 and 10 on most operating systems, its biggest step yet toward phasing out one of the most contentious pieces of software ever written
Drupal moves to fix flaws in update process(Help Net Security) After IOActive researcher Fernando Arnaboldi publicly revealed three crucial vulnerabilities in Drupal's update process last Thursday, the Drupal Security Team published a response on the Drupal Groups page
Most IT pros oppose government backdoor access(Help Net Security) Close to two-thirds of global IT professionals oppose giving governments backdoor access to encrypted information systems, and 59% feel that privacy is being compromised in an effort to implement stronger cybersecurity laws
Doing Your Civic Cyber Duty(Information Security Buzz) How often do you think about your own cybersecurity? Unless you work in the IT department of a major enterprise or government agency, there's a good chance you're not thinking about it as often as you should be
Wi-Fi and security are better together for SMBs(Help Net Security) Wireless adoption is growing fast globally, with Wi-Fi access becoming ubiquitous in businesses, stores, corporate environments and public spaces; literally everywhere we go
Tech IPO Candidates to Watch in 2016(Bloomberg) Corporate software isn't sexy, but it's expected to make a strong showing on the public markets this year. Here's a cheat sheet with 14 companies to keep an eye on
DHS awards $1.7M contract to detect, mitigate DDoS attacks(Federal Times) One of the easiest ways to take down an organization's IT system is through a distributed denial of service (DDoS), in which attackers flood the network with requests causing it to crash. The Department of Homeland Security is trying out new ways to prevent and mitigate such attacks and just awarded a $1.7 million contract to Galois to build a collaboration platform to help the agency do just that
Comodo Opens Office in Silicon Valley(Newswire Today) The Comodo organization, a global innovator and developer of cybersecurity solutions, today announced that it has opened its first office in the heart of Silicon Valley, in Santa Clara, California. The new location will house Comodo's expanded enterprise product management and product marketing team in the state-of-the-art TechMart building, which neighbors Levi's Stadium and the Santa Clara Convention Center
INSA Promotes Chuck Alsup to President(Washington Exec) It was announced on December 21st by Arlington, Va.-based INSA (The Intelligence and National Security Alliance) that it was promoted current Vice President of policy to President effective January 1st
The Incident Response "Fab Five"(Network World) CISOs should consider and coordinate incident detection and response in five areas: hosts, networks, threat intelligence, user behavior monitoring, and process automation
Amazon and Ford partner in IoT endeavor(FierceRetail) Amazon (NASDAQ:AMZN) is exploring a partnership with Ford that would allow its voice-activated technology to connect and control products between the car and home
Research and Development
root9B Signs Collaborative Research and Development Agreement with Department of Homeland Security(PRNewswire) root9B, a root9B Technologies Company (OTCQB: RTNB) and a leading provider of advanced cybersecurity services and training for commercial and government clients, announced today it has signed a Collaborative Research and Development Agreement (CRADA) with the Department of Homeland Security (DHS). Under this agreement, root9B will work with DHS to improve the nation's overall computer network defense posture
Who Protects the Rights of Russian Internet Users? Not These Guys.(Global Voices) We already knew the Russian government wasn't feeling too charitable toward Internet freedom, what with the far-reaching plans by Russian state censor Roscomnadzor and other state bodies to continue tightening their grip on the RuNet. But while everyone and their mom wants to regulate and restrict online communications in Russia, not many government officials or even quasi-independent Internet experts are rushing to take the side of the users
Wassenaar: Cybersecurity and Export Control(US House of Representatives Committee on Oversight and Government Reform) Subcommittee on Information Technology. Hearing date: January 12, 2016, 2:00 PM. Purpose: To review the interagency export control policy and process implementing the 2013 Wassenaar Arrangement cybersecurity technologies additions. To review the Department of Commerce's (Commerce) rule-making process for implementing the Wassenaar export controls. To highlight the impact on American businesses and the cybersecurity industry. To discuss how the Department of State (State) and their interagency partners should proceed on cybersecurity matters at Wassenaar moving forward
The U.S. Must No Longer Accept China's Denial of Government-Sponsored Hack Attacks(Huffington Post) China's bitter battle to rewrite the rules of the Internet persisted in December in the historic town of Wuzhen. There, China held its second World Internet Conference. The theme was identical to last year's — "an interconnected world shared and governed by all" — but the context surrounding this WIC was quite different
Exclusive: What DHS and the FBI learned from the OPM breach(FCW) A culture of poor cyber hygiene plagues the Office of Personnel Management and "likely aided the adversary" in the large-scale hack of the agency, according to a Department of Homeland Security and FBI report obtained by FCW. A lack of strong IT policies leaves OPM "at high risk for future intrusions," investigators concluded
The NSA Told Me It Needs 4 Years to Answer a FOIA About a Coloring Book(Motherboard) Journalists covering the National Security Agency know that getting documents from it using the Freedom of Information Act can be a long and arduous process. But I never expected the agency to tell me to wait four years to get some basic information … about a children's coloring book
Ex-Cardinals exec: Yes, I hacked rival Astros' database(Naked Security) Chris Correa, former scouting director for the professional US baseball team St. Louis Cardinals, pleaded guilty on Friday to five counts of computer hacking and admitted he repeatedly accessed a proprietary database belonging to a rival team — the Houston Astros — without authorization
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CISO Dallas(Dallas, Texas, USA, April 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...
CISO San Francisco(San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions...
CISO Houston(Houston, Texas, USA, April 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
CISO United States(Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda...
FloCon 2016(Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...
Cyber Security Breakdown: Chicago(Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Insider Threat Program Development Training Course — Georgia(Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
FTC PrivacyCon(Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...
National Insider Threat Special Interest Group Meeting(Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.