Business email compromise claims the Pomeroy Investment Corporation, which reported last month that a bogus email induced an employee to wire $495,000 to an offshore account. Investigation is in progress.
As Android becomes a harder target since withdrawing third-party-app access to getRunningTasks(), its accessibility services appear poised to become attackers’ preferred route. Exploitation would require user interaction, probably with adware-like attacks.
IBM warns that footprinting is back. Such pre-attack reconnaissance includes several techniques, including “network topology mapping, host discovery, account footprinting, TCP/UDP port scan and TCP/UDP service sweep.”
Recorded Future looks at proof-of-concept exploits and finds a surge in their production by black hats. They also note that Twitter seems to be replacing Pastebin as a favorite venue for sharing exploits.
FireEye and CyberArk both reported earnings late yesterday. FireEye posted a better than expected loss of $0.47 per share on $168.0 million in revenue. CyberArk reported $0.23 in earnings per share on $46.9 million in revenue. FireEye also saw an increase in security subscription services, which it sees as playing a greater role in its business. FireEye’s CEO DeWalt will fleet up to Executive Chairman, with Kevin Mandia moving in as the new CEO.
The Los Angeles Police Department succeeded in gaining access to a murder victim’s locked iPhone 5s, hitherto thought more resistant to cracking than the iPhone 5c used by the San Bernardino jihadist. Observers expect this to inform the crypto wars.
Craig Wright seems to have given up, albeit ambiguously, his claim to be Satoshi Nakamoto.
Today's issue includes events affecting Australia, China, Iraq, Japan, Republic of Korea, Pakistan, Qatar, Russia, Syria, Taiwan, Turkey, United States.
World Password Day may be yesterday's holiday, but passwords remain an enduring source of fascination and vulnerability. Catch our short educational video here: Episode 1: The Stickynote Menace.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from Level 3's Dale Drew, who'll discuss a DDoS tactic. We also have an exclusive interview with Recorded Future's Nicholas Espinoza on his company's just released report on proof-of-concept exploits. And, finally, we'll hear about cyber security policy and cyber innovation strategies in Australia from Data61's Adrian Turner.
Cyber Experts: Change Passwords After Massive Hack(NBC News) Cybersecurity professionals warn that anyone with a personal email account might want to change their passwords following revelations of a massive cache of stolen user names and passwords being offered for sale on the Internet
Jaku: Analysis of a Botnet Campaign(Forcepoint) JAKU is the name given to the investigation, surveillance and analysis, by the Forcepoint Special Investigations team, of an on-going botnet campaign
Crooks Go Deep With ‘Deep Insert’ Skimmers(KrebsOnSecurity) ATM maker NCR Corp. says it is seeing a rapid rise in reports of what it calls “deep insert skimmers,” wafer-thin fraud devices made to be hidden inside of the card acceptance slot on a cash machine
Android banking malware may start using adware tricks(Help Net Security) Android banking and credential-stealing malware with screen overlay capabilities is on the rise, but for it to be effective, it must detect when banking, email, social media apps are opened, identify them, and show the appropriate pop up intended to harvest sensitive data
Footprinting and Brute-Force Attacks Remain Prevalent(IBM Security Intelligence) Sophisticated cyberattacks grab the headlines these days. But with attention focused on advanced persistent threats and mutating malware, it’s easy to overlook older attacks that are still successful. To keep awareness up, the IBM X-Force threat research team has a new report on old favorites: “Beware of Older Cyber Attacks"
How did AVG Web TuneUp expose user data?(TechTarget) The AVG Web TuneUp browser extension, advertised as a way to control user privacy, exposed Chrome users' personal data. Expert Michael Cobb explains how this happened
Charles Schwab data breach exposed client investment data(SC Magazine) Charles Schwab informed some of its customers on May 4 that the company had noticed unusual login activity on their account, possibly due to an unauthorized person having obtained their account username and password
Hacking for ISIS: The Emergent Cyber Threat Landscape(Flashpoint) As the Islamic State (ISIS) has grown over the past two years, so too has its media machine, global support, and online channels. This unprecedented expansion has now come to include capabilities to inflict damage over the Internet, which came to light when its supporters began coordinating and organizing cyber attacks on Western targets. Highlighting this newfound desire to cause virtual harm was the brief 2014 takeover of Twitter accounts run by US CENTCOM and Newsweek
What's Next For Network Security(Dark Reading) A 'vanishing' physical network perimeter in the age of mobile, cloud services, and the Internet of Things, is changing network security as well
The encryption challenge(GCN) IT managers know the movies get it wrong. A teenager with a laptop cannot crack multiple layers of encryption -- unless that laptop is connected to a supercomputer somewhere and the teenager can afford to wait a few billion years
FireEye vs. CyberArk: Who Won Earnings?(24/7 Wall Street) Both FireEye Inc. (NASDAQ: FEYE) and CyberArk Software Ltd. (NASDAQ: CYBR) reported first-quarter financial results after the markets closed on Thursday. 24/7 Wall Street took highlights from each of the earnings reports and put them side by side so we can see which cybersecurity firm had the better quarter
Tesserent Ltd to acquire cyber security specialist(Proactive Investors) Tesserent Ltd (ASX:TNT) will expand its position in the cyber security market, after signing an agreement to acquire the business of Blue Reef Pty Ltd, a provider of cyber security solutions for the education market
7 Password Experts on How to Lock Down Your Online Security(Wired) As far as made-up holidays go, “World Password Day” doesn’t quite have the same cachet as, say, Father’s Day, or even National Pancake Day (March 8th). Still, it’s as good an excuse as any to fix your bad passwords. Or better yet, to finally realize that the password you thought was good still needs some work
Forget about passwords: You need a passphrase!(We Live Security) 123456. password. 12345678. qwerty. 12345. All of the above, so easy to remember, so quick to type, so conveniently effortless to manage, represent five of the most common passwords used … today
How To Avoid Being A Cyber-Crime Victim(Convenience Store Decisions) “Most companies have some vulnerability and it doesn’t take a sophisticated attack to cause a security breach,” warns the CEO of SnoopWall
I’m Sorry(Dr. Craig Wright) I believed that I could do this. I believed that I could put the years of anonymity and hiding behind me. But, as the events of this week unfolded and I prepared to publish the proof of access to the earliest keys, I broke. I do not have the courage. I cannot
Cyber operations come out of the shadows(Defense Systems) Cyber operations, which have long been conducted in the background, have been gaining more prominence. With high-profile intrusions into U.S. systems – the Office of Personnel Management and the email system for the Joint Chiefs of Staff, to name a couple – cyber conflict, capability and awareness has been brought to the attention of the public
Top aide to Hillary Clinton questioned by FBI in email server investigation(Los Angeles Times) Huma Abedin, a close aide to Democratic presidential front-runner Hillary Clinton, was questioned last month by FBI agents investigating whether classified material was mishandled on the private email server used by the former secretary of State and her aides, according to a person familiar with the investigation
Officials: Scant evidence that Clinton had malicious intent in handling of emails(Washington Post) Prosecutors and FBI agents investigating Hillary Clinton’s use of a personal email server have so far found scant evidence that the leading Democratic presidential candidate intended to break classification rules, though they are still probing the case aggressively with an eye on interviewing Clinton herself, according to U.S. officials familiar with the matter
NSA Silent on Spies’ Child Porn Problem(Daily Beast) The government’s cyber spying outfit has an ‘unbelievable’ child porn problem. But the NSA can’t—or won’t—say how often it finds such criminal images on its workers’ computers
Navy: Accused Spy Edward Lin Gave Secret Information to FBI Informant(USNI) The evidence against a U.S. Navy officer accused of passing classified information to foreign agents was the result – in part — of a government sting involving a Mandarin speaking FBI informant, according to an audio recording of an April 8 Article 32 hearing played for reporters on Thursday
Sailor charged with espionage contests his confession(Virginian-Pilot) A Taiwanese-born sailor charged with espionage admitted to the crime after he was arrested at Honolulu’s airport and was interrogated by Naval Criminal Investigative Service agents, but his attorney says the statement shouldn’t be admissible at a trial, according to evidence presented at a preliminary hearing at Norfolk Naval Station last month
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Security West 2016(San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect
MCRCon 2016: Some Assembly Required(Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...
CISO UK(London, England, UK, May 10, 2016) We're in an historic transition — one marked by challenges, but filled with possibility. Preparing for the upturn and making the right decisions in times of change can better position your enterprise...
SecureWorld Houston(Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...
Guarding the Grid(Washington, DC, USA, May 12, 2016) Protecting the power grid from today's cyber threats has become one of the nation's top national security priorities. Nowhere was this more evident than in the aftermath of the cyberattack in Ukraine that...
Telegraph Cyber Security(London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity
DCOI 2016(Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...
ISSA LA Eighth Annual Information Security Summit(Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...
HITBSecConf2016 Amsterdam(Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth...
Enfuse 2016(Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...
Cybersecurity Law Institute(Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...
4th Annual Cybersecurity Law Institute(Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...
SecureWorld Atlanta(Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.