ESET reports that utilities in Ukraine have come under fresh attack. This time there's no immediate connection with BlackEnergy malware, but rather spearphishing with an email vector for malicious xls files. This seems, researchers suggest, more consistent with a criminal group than a state security service.
Ukrainian authorities also continue to investigate this week's earlier hacking incident at Kiev's Borispil International Airport.
The Republic of Korea's President Park warns her country to prepare for a surge of cyber aggression from north of the 38th parallel. Israeli officials think Iran and others will become increasingly active as long as cyber attacks are perceived as cost-free. American and Australian authorities work toward even closer cooperation in cyberspace.
The US Air Force announces full operational capability for the Air Force Intranet Control Weapon System, whose mission is "intelligence gathering, cyberspace surveillance and reconnaissance, interdiction and security."
Patriotic cyber rioting flares again from Turkey, as the THT group hits both Russian and Iranian websites to display THT's support for Turkey's Erdoğan government.
Symantec observes a new criminal campaign affecting India, the UK, and the US. Businesses are being phished to install two commodity RATs: Backdoor.Breut and Trojan.Nancrat.
Dr. Web describes a new Linux Trojan for system reconnaissance, "Linux.Ecoms.1."
Cisco closes vulnerabilities in three products. Intel addresses a man-in-the-middle flaw in the Intel Driver Update Utility.
In industry news, FireEye buys iSIGHT for a reported $200 million in cash, followed by $75 million in cash and equity. Malwarebytes and ForeScout each receive more venture funding.
Today's issue includes events affecting Antigua and Barbuda, Australia, Germany, India, Iran, Ireland, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Syria, Turkey, Ukraine, United Kingdom, United States.
Cyber Attacks, Threats, and Vulnerabilities
New wave of cyberattacks against Ukrainian power industry(We Live Security) Yesterday (January 19th) we discovered a new wave of these attacks, where a number of electricity distribution companies in Ukraine were targeted again following the power outages in December. What's particularly interesting is that the malware that was used this time is not BlackEnergy, which poses further questions about the perpetrators behind the ongoing operation. The malware is based on a freely-available open-source backdoor — something no one would expect from an alleged state-sponsored malware operator
Updated Blackmoon banking Trojan stays focused on South Korean banking customers(Proofpoint) First analyzed in early 2014, the Blackmoon banking Trojan targets a user's online banking credentials using a type of pharming that involves modifying or replacing the local Hosts file with one that redirects online banking domain lookups to an IP address controlled by the attacker. Blackmoon has been observed targeting primarily customers of South Korean online banking sites and services, and is usually distributed via drive-by download
MSN Home Page Drops More Malware Via Malvertising(Malwarebytes Unpacked) Malvertisers are once again abusing ad technology platform AdSpirit and exposing visitors of the MSN homepage to malware. These attacks appeared to have been primarily focused on Germans users via an ad for Lidl, one of the Germany's leading supermarkets
New Linux Trojan performs system reconnaissance(Help Net Security) A new Linux threat has been identified by Dr. Web researchers. Dubbed Linux.Ekocms.1, this Trojan's apparent function is to discover details about the system it has infected and what the user does on it
Linux.Ekoms.1(Dr. Web) Malware for Linux designed to take screenshots every 30 seconds. It can upload the /tmp folder to the server and download various files upon cybercriminals' command
Music-themed Malvertising Lead to Angler(Zscaler) Malvertising, or "malicious advertising," is not a new threat, and just a few weeks into 2016 ThreatLabZ has observed a malvertising campaign injecting iframes into banner advertisements that lead to Angler Exploit Kit. Surprisingly, the Angler operators took some vacation for the New Year, as noted by F-Secure, and have only recently resumed operations, so we were surprised to see a malvertising campaign so soon after their break
Intel Driver Update Utility MiTM(Core Security) The Intel Driver Update Utility [is a tool that analyzes the system drivers on your computer. The utility reports if any new drivers are available, and provides the download files for the driver updates so you can install them quickly and easily. Intel Driver Update Utility is prone to a Man in The Middle attack which could result in integrity corruption of the transferred data, information leak and consequently code execution
DHS: Social engineering is a persistent threat for agencies(FierceGovernmentIT) Social engineering continues to play a major role in successful intrusions of information technology systems, especially as a more widely used and diverse Internet provides more avenues for entry, said a recent Homeland Security Department notice
Social Engineering is Bigger Than Hacking — But Countermeasures Work(WillisWire) All the major information security firms credit humans and social engineering, in the form of phishing and spear-phishing emails, as the root cause of most cyber-attacks. By using social engineering techniques, attackers can efficiently and cost effectively deliver malicious software, or "malware," to disrupt or damage computer systems
10 Most Notorious Hacking Groups(Hack Read) Hacking has grown massively in the past few years. What merely started out as internet pranks on personal computers has now grown into a nexus of activities like holding large corporations to ransom over their critical data or shutting down the entire government and non-government organizations' services for long periods. Hacking is no more a skilled coder's hobby, for it has become a full-fledged profession
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Updates(US-CERT) Cisco has released security updates to address vulnerabilities in Modular Encoding Platform D9036 software, Unified Computing System (UCS) Manager software, and Firepower 9000 Series devices. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected device
Intel patches MiTM flaw in its Driver Update Utility(Help Net Security) Intel has fixed a remotely exploitable vulnerability (CVE-2016-1493) in the Intel Driver Update Utility which could be used by a man-in-the-middle attacker to corrupt transferred data, which could lead to information leak and ultimately even code execution
Oracle fixes 248 vulnerabilities in January patch update(Help Net Security) Oracle has published their Critical Patch Update (CPU) for January 2016. The Oracle CPU is quarterly and addresses the flaws in large Oracle's product line, including their core product the relational database, but also in a large number of acquisitions like Solaris, MySQL, Java and many of the end-user products, such as JDEdwards ERP, Peoplesoft and CRM
Intel's Chris Young on why the US needs a Cyber National Guard(Christian Science Monitor Passcode) Chris Young of Intel Security and Chris Wysopal of Veracode join The Cybersecurity Podcast to talk about hacker culture, threats from the Internet of Things, and the suspected cyberattack on the Ukrainian power grid
Cyber security remains a top priority in difficult times(Oilweek) With about 40 per cent of all cyber-attacks targeting energy infrastructure, there is increasing evidence oil and gas companies are taking the threat as seriously as they do health and safety. And in many cases, they are using similar tactics in their defense against cyber crime and sabotage
IBM Reports $2 Billion In Annual Security Revenues(Forbes) International Business Machines Corp. announced its 2015 earnings yesterday. The financial figures around IBM's next generation technologies suggest that Ginni Rometty's bet on cloud computing, mobility, analytics, and security is working
More on FireEye: Company buys threat intelligence firm iSIGHT for $200M-$275M(Seeking Alpha) FireEye (NASDAQ:FEYE) has acquired iSIGHT Partners, a provider of subscription-based threat intelligence services, for $200M in cash up-front + up to $75M in "cash and equity upon the achievement of a threat intelligence bookings target on or before the end of FireEye's second quarter of 2018"
Overlooked Facts In FireEye(Seeking Alpha) CFO seems to be very bullish. Contract length factors into billings miss, has no bearing on revenue. Stock has fallen 34% in just ten trading days. Two CIO surveys contradict each other. Also, the number of Fortune 500 CIOs responding in surveys is unknown. Article explains why revenue and growth rate are much more relevant than operating losses
Security Startup Malwarebytes Raises Another $50M From Fidelity(TechCrunch) Malwarebytes, a security company that started when its cofounder was still a teenager fixing his parents' infected computer, has come a long way from its bootstrapped roots. Today the startup's software is used by millions of consumers and some 70,000 businesses to protect from and clean up computer viruses, worms, trojan horses and more. And now, to grow further, it is announcing that it has raised $50 million from Fidelity Management and Research Company
Rising Area Cybersecurity Giants Expand Offices Ahead of Hiring Surge(DCInno) Columbia, Md.-based Tenable Network Security, who raised an astonishing $250 million Series B investment late last year, announced on Tuesday that it would expanding its office space for it's quickly growing arsenal of cybersecurity analysts, strategists and developers
5 things that top CSO candidates need on a resume(CSO) If all the recent IT hiring surveys are to be believed, chief security officers can expect a pretty sweet year in 2016. Job demand is up. Salaries are way up. And neither trend is expected to slow anytime soon
Twitter's Silence Deafening on State-Sponsored Attacks(Threatpost) Twitter's decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter's silence in terms of specifics about the attacks — whether by choice or gagged by a National Security Letter — has foisted some anxiety upon those who were notified
Iris ID Provides Biometrics Tech for CBP Pilot(ExecutiveBiz) Iris ID has deployed the company?s iris biometric technology for a Customs and Border Protection pilot intended to help identify non-U.S. citizens who pass through the U.S.-Mexico border, Planet Biometrics reported Wednesday
Data Integrity (NCCoE) Current Status: Seeking Public Comments. We have released a white paper describing this project, including example scenarios and relevant standards. We want to know if the white paper accurately reflects your challenges and concerns around data integrity. Please submit your comments online. The deadline for comments is January 22, 2016
Identity-Based Encryption from the Weil Pairing(SIAM Journal of Computing) We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming a variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems
Why You Should Start Using Two-Factor Authentication Now(Heimdal) Imagine waking up on a splendid spring day, opening your laptop and realising that you can't access your online accounts anymore. Your email has been breached, your website, your most precious work, is now gone, and your credit card was used for shady transactions
When The Boss Is Your Biggest Security Risk(Dark Reading) No one possesses more sensitive information in an organization than upper management. So why do companies screen executives on the way in but not on the way out?
Investing On Your Own? Step One: Protect Your Info Online(Forbes) These days savvy investors don't have to rove too far to be able to put their money into the market — in fact, they don't even have to get up from the couch. While this allots for more freedom, there are still risks — some that go beyond a bad trading day. Now, more than ever before, consumers run the risk of being hacked into and having their information pinched by a peeper (think: hackers and malware)
UW Could Become Cyber Security Hub(University of Wyoming) To battle one of the most dangerous issues facing the nation today, Wyoming Gov. Matt Mead has requested state funding to develop a program at the University of Wyoming to become a center of excellence in cyber defense
U.S. discloses zero-day exploitation practices(FCW) The federal government has confirmed that it uses undisclosed software bugs not only in espionage and intelligence gathering, but also in the course of law enforcement activities
The Lowdown on Freezing Your Kid's Credit(KrebsOnSecurity) A story in a national news source earlier this month about freezing your child's credit file to preempt ID thieves prompted many readers to erroneously conclude that all states allow this as of 2016
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
POPL 2016(St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...
Automotive Cyber Security Summit — Shanghai(Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
CyberTech 2016(Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...
Global Cybersecurity Innovation Summit(London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...
Fort Meade IT & Cyber Day(Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...
ESA 2016 Leadership Summit(Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...
SANS Cyber Threat Intelligence Summit & Training 2016(Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...
BSides Tampa 2016(MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium(Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...
Insider Threat Program Development Training — California(Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
Secure Rail(Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas(Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...
Department of the Navy (DON) IT Conference, West Coast 2016(San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...
ICISSP 2016(Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...
Interconnect2016(Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...
CISO Canada Summit(Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...
Insider Threat Program Development Training Course — Maryland(Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...
CISO New York Summit(New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
BSides San Francisco(San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...
CISO Summit Europe(London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.