Security incidents happen at the seams, between tools and teams. Unite your people, processes, and technologies behind an intelligence-driven defense. Attend this ThreatConnect webinar to learn how.
June 9, 2016.
By The CyberWire Staff
The hacker behind the handle “Tessa88” is offering Twitter credentials for sale in a dark web souk for ten Bitcoin (about $5800). Tessa88 is the same handle associated with the recent VK credential theft. Twitter has been tweeting that it’s confident it wasn’t breached, but evidently a lot of its users were. Many suspect a connection to the LinkedIn, MySpace, and Tumblr breaches.
Data from the LinkedIn breach are being exploited in an unusually specific spearphishing campaign in Europe.
Unconfirmed reports suggest a third-party data breach may have exposed seventy-seven-thousand State Farm accounts.
India continues to investigate the strongly suspected connection between the Danti espionage group and the Chinese government.
Rapid7’s Project Sonar finds more than fifteen million devices with exposed Telnet connections. Belgium is the leader in this vulnerability sweeps.
Researchers at Zscaler shed some light on how documents with malicious macros are incorporating new anti-VM and anti-sandboxing to evade defenses.
One of the older forms of ransomware, Zcrypt, is being upgraded for better evasiveness and more reliable delivery. Other researchers look at commodity ransomware SNSLocker (helped by careless malware coders). Ransomware remains cheap and low-risk cyber crime. The latest victim to pay up is the University of Calgary, which forked over $20,000 (Canadian, roughly $16,000 US) to regain its data.
NATO’s conference in Estonia considers ways of avoiding surprise and improving collaboration. Estonia points out that budget constraints can breed innovation.
The cyber sector welcomes its newest unicorn: Cylance’s Series D round puts its valuation above $1 billion.
Today's issue includes events affecting Albania, Australia, Bangladesh, Belgium, Bulgaria, Denmark, Canada, China, Croatia, Czech Republic, Estonia, France, Germany, Greece, Hungary, Iceland, India, Iraq, Italy, Latvia, Lithuania, Luxembourg, NATO, Norway, Poland, Portugal, Netherlands, Romania, Russia, Samoa, Slovakia, Slovenia, South Africa, Spain, Tajikistan, Turkey, Ukraine, United Kingdom, United States.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. This afternoon Joe Carrigan of the Johns Hopkins University discusses backup strategies (particularly timely given recent ransomware incidents). And we'll learn about disposable browsers and security while traveling abroad from our guest, Authentic8's Scott Petry. (We always welcome reviews of our podcasts: you can provide an iTunes review here.)
Cyber Attacks, Threats, and Vulnerabilities
Passwords for 32M Twitter accounts may have been hacked and leaked(TechCrunch) There is yet another hack for users of popular social media sites to worry about. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Twitter says that its systems have not been breached
32m Twitter login credentials stolen from users(Help Net Security) Leaked Source has added 32,888,300 records of Twitter users to its repository of leaked data. The source of the batch is a user who goes by the alias “Tessa88@exploit.im,” who’s been selling the data on a dark web marketplace for 10 bitcoins (around $5,800)
77K accounts of Financial Giant, State Farm, leaked due to DAC Group Hack(HackRead) DAC Group, a Toronto-based digital & content marketing agency has suffered a security breach on their server resulting in data theft of 93,000 customer accounts — In normal circumstances it would be just another security breach but what makes this breach exceptional is the 77,000 leaked accounts from Bloomington, Illinois-based State Farm, an American group of insurance and financial services companies in the United States
Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser(Talos) This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos. PDFium is the default PDF reader that is included in the Google Chrome web browser. Talos has identified an exploitable heap buffer overflow vulnerability in the Pdfium PDF reader. By simply viewing a PDF document that includes an embedded jpeg2000 image, the attacker can achieve arbitrary code execution on the victim’s system. The most effective attack vector is for the threat actor to place a malicious PDF file on a website and and then redirect victims to the website using either phishing emails or even malvertising
Vawtrak banking malware – know your enemy(Naked Security) In December 2014, SophosLabs published a paper entitled Vawtrak – International Crimeware-as-a-Service, explaining how cybercriminals have adopted the “Pay As You Go” model that has become so popular in the mainstream technology industry
Slicing Into a Point-of-Sale Botnet(KrebsOnSecurity) Last week, KrebsOnSecurity broke the news of an ongoing credit card breach involving CiCi’s Pizza, a restaurant chain in the United States with more than 500 locations. What follows is an exclusive look at a point-of-sale botnet that appears to have enslaved dozens of hacked payment terminals inside of CiCi’s locations that are being relieved of customer credit card data in real time
Ransomware Leaves Server Credentials in its Code(Tirate un Ping) While SNSLocker isn’t a stand-out crypto-ransomware in terms of routine or interface, its coarse and bland façade hid quite a surprise. After looking closer at its code, we discovered that thisransomware contains the credentials for the access of its own server
University pays $20,000 in ransomware attack(Help Net Security) The ransomware plague has hit the University of Calgary, and the academic institution did what many victims do: they paid the ransom to get the encrypted files back
IoT pushes IT security to the brink(CSO) The Internet of Things (IoT) offers many possible benefits for organizations and consumers—with unprecedented connectivity of countless products, appliances and assets that can share all sorts of information. IoT also presents a number of potential security threats that organizations need to address
The gaming industry can become the next big target of cybercrime(TechCrunch) Video-game-related crime is almost as old as the industry itself. But while illegal copies and pirated versions of games were the previous dominant form of illicit activities related to games, recent developments and trends in online gaming platforms have created new possibilities for cybercriminals to swindle huge amounts of money from an industry that is worth nearly $100 billion. And what’s worrisome is that publishers are not the only targets; the players themselves are becoming victims of this new form of crime
The journey of cyber defence(BizCommunity) Cybercrime has become a global epidemic from which Africa has not been spared, leaving companies counting losses which range from money to credibility. Corporates across the continent need to take urgent action to prevent these outcomes, but too few are yet making the management changes needed to ward off the threat
Cyber Readiness Means First Building the Work Force(SIGNAL) The world needs at least 1.5 million cybersecurity professionals who do not exist—a labor shortage created by the increase in frequency and severity of cyber attacks and employers all fishing from the same pond, said Michael Cameron, vice president for business development, cyber and cybersecurity at Leidos, at the NITEC 2016 cyber conference
The State of the Bug Bounty: Bugcrowd’s second annual report on the current state of the bug bounty economy(Bugcrowd) What we’re witnessing right now is the maturation of a model that will fundamentally change the way we approach the security, trust and safety of the Internet. Bug bounty programs are moving from the realm of novelty towards becoming best practice. They provide an opportunity to level the cybersecurity playing field, strengthening the security of products as well as cultivating a mutually rewarding relationship with the security researcher
community. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few
Cyber-security start-up Cylance raises $100m(Financial Times) Cylance, a cyber-security start-up trying to upend the old world of antivirus software, has raised $100m from investors including private equity firm Blackstone and Insight Venture Partners
Cylance, fighting malicious hackers with AI, hits $1B valuation after raising $100M(TechCrunch) “If you can’t beat them, join them” may not sound like the most encouraging pitch for a cybersecurity company, but a startup called Cylance has created an artificial intelligence-powered brain that essentially does just that, and it has taken off — raising $100 million in a Series D round of funding and catapulting itself into the so-called ‘unicorn’ club of companies with $1 billion valuations
Another AI-Based Security Startup Gains Funding(Datanami) Advanced data analytics and AI techniques such as cognitive intelligence and deep machine learning are finding new applications in the drive to understand and respond to a growing range of cyber security threats as they unfold
How the Great Recession helped these Chicago founders find success(Built in Chicago) Most people are familiar with the basic best practices for cybersecurity: use strong passwords with upper- and lowercase letters, symbols, and numbers and don’t use the same password for more than one site. But plenty of us settle for less-than-secure passwords, and how many people do you actually know who never, ever reuse them?
Finjan blasts off after settling with Proofpoint(Seeking Alpha) Finjan (FNJN +13.9%) has settled its infringement suit against security software firm Proofpoint (PFPT +1.6%). As part of the deal, Finjan will receive $10.9M in cash via three payments: A $4.3M up-front payment, a $3.3M payment due on or before Jan. 4, 2017, and a $3.3M payment due on or before Jan. 3, 2018. Other deal terms are confidential
USAF looks to secure aircraft systems from cyber attack(IHS Jane's 360) The US Air Force (USAF) is moving to enhance the security of aircraft systems in the cyber domain, issuing a broad agency announcement under its Avionics Vulnerability Assessment Mitigation and Protection (AVAMP) programme
Maslow’s pyramid of cyber deception needs(Help Net Security) In 1943, psychologist Abraham Maslow published his theory of human motivation, which turned into a consensual method to analyze a person’s needs
What is a VPN and do you need one(VPNMentor) Discover how, with the help of VPN, you can watch movies that are blocked in your country, crack into websites that you don’t have access to, hide from the FBI when you download torrents and more
Looking for trouble: How predictive analytics is transforming cybersecurity(Help Net Security) Leading organizations recognize that stringent cybersecurity processes and strong infrastructure, while essential, are not enough to eliminate today’s disparate and ubiquitous threats. So they aim to use predictive analytics to identify and stop potential threats before they can wreak havoc
Hacker Lexicon: What Is the Digital Millennium Copyright Act?(Wired) The call for copyright reform in America has grown so loud that Congress has finally heard it. Lawmakers have ordered a slate of studies to look into how to fix what has become a broken system, and activists are cautiously optimistic that this could be the first step toward reform. The source of the fracture? The Digital Millennium Copyright Act
Experts: Clinton emails could have compromised CIA names(AP) The names of CIA personnel could have been compromised not only by the hackers who may have penetrated Hillary Clinton's private computer server or the State Department system, but also by the release itself of tens of thousands of her emails, security experts say
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ISS World Europe(Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...
New York State Cyber Security Conference(Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...
LegalSEC Summit 2016(Baltimore, Maryland, USA, June 9 - 10, 2016) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The...
SecureWorld Portland(Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Cybersecurity and Financial Services: Understanding the Risks(San Diego, California, USA, June 9, 2016) Join San Diego's KCD PR for a conversation on a hot topic for every business operating in the Fintech and Financial Services space: Cybersecurity. The nature of cybersecurity breaches is continuously changing...
SIFMA Cyber Law Seminar(New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...
Cleared Job Fair(Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...
SANSFIRE 2016(Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...
Show Me Con(St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...
CISO DC(Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...
Cyber Security Opportunities in Turkey Webinar(Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk.
Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks. ...
The Security Culture Conference 2016(Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...
TECHEXPO Top Secret Hiring Event(Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence,...
2016 CyberWeek(Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...
Cyber Security for Critical Assets LATAM(Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...
Cyber 7.0(Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...
Security of Things World(Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...
SANS Salt Lake City 2016(Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...
DC / Metro Cyber Security Summit(Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
TECHEXPO Cyber Security Hiring Event(Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.