The US General Services Administration publishes an IG report detailing what it calls a mistake, not a breach. A Slack misconfiguration could potentially have exposed personally identifiable information and contractor proprietary information, but GSA says such data appear not to have been compromised.
ISIS shifts its online recruiting strategy in Central Asia, and continues to draw information ops fodder from Sykes-Picot.
FireEye warns that maliciously crafted Microsoft Office files are serving as vectors for the recently patched Flash zero-day.
A Google Project Zero bug hunter reports a memory exploitation vulnerability in Symantec’s core Antivirus Engine.
Clickjacking, says Skycure, afflicts most older Android devices. Privilege escalation is among the risks the vulnerability poses.
A click-fraud botnet, Btidefender reports, is using the Redirector.Paco Trojan to afflict “AdSense-like programs.” The principal victims of clickfraud are, of course, advertising budgets and the companies who burn through them on the strength of bogus interactions.
enSilo analyzes “Furtim,” “stealthy,” “paranoid” malware now circulating in the wild. The exploit was recognized by a researcher known by the handle “@hFireFox.” Furtim is noteworthy for the large number of checks it makes for AV measures. Its servers also send the malicious code only once. (The payload has three elements: a power configuration file, Pony infostealer, and a third, as yet unknown bit of malware.)
Observers continue to look at the SWIFT funds transfer system. Some conclude its security procedures need an overhaul.
Barron’s suggests Cisco’s forthcoming guidance may disappoint. Avanan and illusive both announce new rounds of venture funding.
Today's issue includes events affecting Afghanistan, Algeria, Australia, Brazil, Germany, Greece, India, Iraq, Italy, Kyrgyzstan, Kazakhstan, Malaysia, New Zealand, Nigeria, Pakistan, Russia, South Africa, Syria, Tajikistan, Turkmenistan, United Kingdom, United States, and Uzbekistan.
ON THE PODCAST
Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our research partners at Level 3, whose Dale Drew talks about what can be seen from a backbone provider's vantage point. And we'll also speak with Yong-Gon Chon, CEO of Cyber Risk Management, who describes the ways in which many companies tend to overreact to a security incident. (Remember, if you like what the Podcast, please consider giving it an iTunes review.)
GSA says cyber ‘mistake’ was ‘no breach'; others investigate(Washington Post) A Government Services Administration office known as 18F functions as a computer consultancy for federal agencies and says it was “built in the spirit of America’s top tech startups.” But this government tech start-up had a technical slip-up of its own
How 18F handles information security and third party applications(18F GSA) Today the General Services Administration’s Office of Inspector General (an independent part of our agency, entrusted with carefully inspecting agency operations) published a report on a mistake made in the configuration of Slack, an online chat tool we use
Management Alert Report: GSA Data Breach(GSA OIG Office of Inspections and Forensic Auditing) During the course of an ongoing evaluation, the OIG Office of Inspections and Forensic Auditing identified an issue that warrants immediate attention. Due to authorizations enabled by GSA 18F staff, over 100 GSA Google Drives were reportedly accessible by users both inside and outside of GSA during a five month period, potentially exposing sensitive content such as personally identifiable information and contractor proprietary information
Why Islamic State Militants Care So Much About Sykes-Picot(Radio Free Europe/Radio Liberty) One hundred years ago, on May 16, 1916, representatives from the United Kingdom and France (with the agreement of Russia) met in secret and signed what has come to be known as the Sykes–Picot Agreement. The pact, signed amid World War I, divided the Ottoman Empire into spheres of imperial control, and is often held responsible for establishing the current borders of the Middle East
95.4% of All Android Devices Are Susceptible to Accessibility Clickjacking Exploits(Skycure) This is a follow up to our blog post during RSA (https://www[dot]skycure[dot]com/blog/accessibility-clickjacking/), where we explained how a hacker, by combining two features of Android, Accessibility Services and the ability to draw over other apps, may gain control of the mobile device, including acquiring elevated privileges and exposing the content of all apps on the device
Inside The Million-Machine Clickfraud Botnet(Bitdefender Labs) Online advertising is a multi-billion dollar business mostly ran by Google, Yahoo or Bing via AdSense-like programs. The current generation of clickbots such as the Redirector.Paco Trojan have taken abuse to a whole new level, burning through companies’ advertising budget at an unprecedented pace
Furtim: The Ultra-Cautious Malware(enSilo) Furtim is the latest stealthy malware, found in the wild, and its discovery is credited to @hFireF0X. Clearly, Furtim’s developers were more interested in keeping their malware hidden from security’s prying eyes than hitting more targets. With stealth a key component, we code-named this downloader Furtim, the Latin translation for “stealthy”
Analyzing Furtim: Malware that Avoids Mass-Infection(Breaking Malware) Recently we came across a new malware strain, first discovered by @hFireF0X, and at point of discovery, it was not detected by any of the 56 anti-virus programs tested by VirusTotal service
Five Necessary Improvements to the SWIFT (not Taylor Swift) Security Model(Skyport Systems) @securiTay – Taylor has better security than some banks transferring millions using SWIFT. Recently there has been what is likely the beginning of a wave of break-ins and financial exfiltrations via the SWIFT Alliance. Reports vary a bit, but between vendor/operator mistakes, weak security controls, lack of integrated forensics, and some not-so-best practices we have ended up witnessing the theft of over $80 million dollars. (It could have been over $950 million dollars but for the successful identification of typos by some astute bank operators)
Runkeeper: A fitness app or a tracking app?(Help Net Security) Popular fitness app Runkeeper tracks users even when not in use, does not delete personal data when users stop using it, and shares users’ personal data with an advertising company in the US, the Norwegian Consumer Council (NCC) says in a complaint lodged with the Norwegian Data Protection Authority
Gboard enhances your keyboard, but what about your privacy?(Help Net Security) Gboard is a Google app for your iPhone that lets you search and send information, GIFs, emojis and more, right from your keyboard. You can search and send anything from Google, including news, articles, videos, images, etc
Top 20 risk factors for retailers(Help Net Security) According to BDO’s analysis of risk factors listed in the most recent 10-K filings of the 100 largest US retailers, risk associated with a possible security breach was cited unanimously by retailers, claiming the top spot, up from the 18th spot in 2007
Security spending rises in areas ineffective against multi-stage attacks(Help Net Security) Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR). This edition extends earlier findings of the global report, focusing on responses from IT security leaders in financial services, which details IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances
Tech Trends: Cyber Vulnerabilities Galore(Security Info Watch) In March I attended for the first time in five years the RSA Conference, the world’s largest cyber security conference, with nearly 40,000 people attending. Sadly, representation from our industry was noticeably lacking and many security people I have spoken to have never even heard of this important event
Taking no compromises when it comes to security(IT Pro Portal) Security stories are everywhere at the moment, so we spoke to Mark Valentine, head of information at car dealership Lookers, to discuss the current security landscape and issues around data protection
It's about time Australian businesses invested in cyber security(Security Brief) Cyber crime costs Australia upwards of a billion dollars every year, and many large companies have been the target of malicious attacks, including Kmart, David Jones, the Australian Bureau of Meteorology, The Royal Melbourne Hospital and Australian Government Parliamentary Services
Avanan Raises $14.9 Million Series A Financing Round(BusinessWire) Avanan, a cloud security innovator, today announced that it has raised $14.9 million in Series A financing. Greenfield Cities Holdings, L.P. (GFC), a TPG Growth portfolio company, led the round, with participation from both of Avanan’s existing investors, Magma VC and StageOne Ventures. The round brings the company’s total capital raised to $16.4 million and will allow Avanan to support its rapidly growing customer base and the fast pace of market adoption
illusive networks Announces Series B Funding Extension(Broadway World) illusive networks, a cybersecurity company at the forefront of deception technology, today announced extending the Series B funding to $25M by investors New Enterprise Associates (NEA), Bessemer Venture Partners, Cisco Investments, Marker LLC, Citi Ventures, and Eric Schmidt's Innovation Endeavors
Kroll Appoints Four New Directors in Growing Cyber Practice(BusinessWire) Kroll (“the Company”), a global leader in risk mitigation, compliance, security, and incident response solutions, today announced the appointment of four new Directors in its Cyber Security and Investigations practice – Devon Ackerman, Mari DeGrazia, Ron Dormido, and Ray Manna
Trusona Announces World's First Insured Authentication(Marketwired) Trusona, the category-defining identity and authentication platform for the world's most critical and sensitive Web and mobile transactions, today announced that its unique authentication platform and federated identity solution for the enterprise is now insured by an A+ Rated insurance carrier. The insurance approval of Trusona's technology follows rigorous and broad security testing conducted by one of the world's premier cybersecurity and forensics firms, Stroz Friedberg. Insurance for Trusona's solution is available for up to $1,000,000 coverage per transaction
EventTracker Adds Unlimited Acquisition Model for Log Manager(Virtual Strategy Magazine) EventTracker, a leading provider of comprehensive and co-managed SIEM solutions, today announced a new unlimited acquisition model for its EventTracker Log Manager offering. Available immediately, customers can now purchase EventTracker Log Manager for an unlimited number of log sources per year
BAE Systems and Fujitsu Collaborate on Cyber Threat Intelligence Sharing(BusinessWire) BAE Systems and Fujitsu of Japan have implemented a new cyber threat intelligence sharing solution that will enable company analysts to easily review intelligence, modify their security settings to their respective networks, and adjust what types of intelligence they wish to share with their partners
NeverBounce.com Introduces a System to Avoid Information Hacking(Digital Journal) According to NeverBounce.com, protecting email and social networking accounts is an easy task. However, the large majority of email users opt to take it for granted. To aid with this, NeverBounce.com simplifies the methods that they find useful and divide it into two steps: to test email address and to use virtual private network (VPN)
PhishMe Helps SMBs Avoid Falling Victim to Ransomware(IT Business Edge) By now, most organizations are at least familiar with the concept of “ransomware”: cybercriminals using social engineering to fool unsuspecting end users into downloading malware that winds up encrypting all of their data and then demanding a ransom in return for the keys needed to de-encrypt that data
Security vendor offers free checkup(Business IT) If you've ever wondered whether your business's IT security practices are adequate, Check Point will set your mind at ease or indicate where improvements are needed
Giving Red-Teamers the Blues(Threatpost) Pen-testing engagements are generally a breeze for most red-teamers; roadblocks are few, despite the ones in place being expensive and often paid for by very large companies
What’s The Deal With Scanning Engines?(F-Secure) People (such as tech journalists and product reviewers) often ask us how our scanning engines work, and what the difference is between signature engines and other types of scan engines. In fact, we were asked such a question just last week. So, let’s explore the topic in-depth
Interconnectivity Put to Good Use(Security Info Watch) As security professionals continue to evolve systems and operations from being reactive to proactive, the concept of predictive analytics is quickly gaining traction
Slow, sluggish mobile money uptake(National) Some years back, the Central Bank of Nigeria (CBN) licensed some firms to offer mobile money services. The most successful model is the telco-led, but Nigeria has chosen the bank-led model which appears to be slowing down uptake
Partnership prepares undergraduates to tackle cybersecurity(Globe Newswire) In a time when million-dollar security breaches of major corporations regularly make headlines and complicate lives, computer science undergraduates at America's universities remain surprisingly underexposed to basic cybersecurity tactics
NYIT Designated as National Center of Academic Excellence in Cyber Defense Education(Newswise) The National Security Agency (NSA) and the Department of Homeland Security (DHS) have designated New York Institute of Technology (NYIT) as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) through academic year 2021. NYIT is the first university on Long Island to receive this designation, and one of only eight in New York State
Creating a digital career path for Native Americans(Federal Times) Native American contributions to U.S. national security hasn’t been widely appreciated. The Navajo Code Talkers of World War II played an amazing role in helping the U.S. and its allies achieve victory
Cyber Command Focused on ‘Speed, Agility and Precision’(Seapower) Commanders know they no longer should assume that they possess a cyber capability greater than their potential adversaries. Less clear is how they should adapt to this change. The Fleet Cyber Command has the answer
Litigation, Investigation, and Law Enforcement
How the Government Monitored Twitter During Baltimore's Freddie Gray Protests(Vice) After Freddie Gray died from injuries he sustained while in police custody, citizens of Baltimore took to the streets. The death of the 25-year-old African American man in April 2015 sparked many peaceful demonstrations throughout the city, but when riots broke out, the Department of Homeland Security (DHS) monitored Twitter and other social media platforms for "intelligence" about the protests and the protesters
CISO DC(Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...
2016 CyberWeek(Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...
DC / Metro Cyber Security Summit(Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
Chicago Cyber Security Summit(Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
New York Cyber Security Summit(New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
Los Angeles Cyber Security Summit(Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...
Telegraph Cyber Security(London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity
DCOI 2016(Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...
ISSA LA Eighth Annual Information Security Summit(Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...
HITBSecConf2016 Amsterdam(Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth...
Enfuse 2016(Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...
Cybersecurity Law Institute(Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.