Security-camera-driven DDoS attacks have intermittently hit major Russian banks since November 8. The attacks appear criminal as opposed to state-sponsored; the botnet was assembled from devices in at least thirty countries, mostly the US, India, and Israel.
Security analysts continue to mull Fancy Bear's post-election, post-Microsoft-patch phishing romp through US think tanks and other policy wonk targets. Some see it as a victory lap, but most see opportunistic targeting of weaknesses before they're closed. ESET has a study of Fancy Bear's operations—ESET calls them Sednit, one of the at least seven names this (GRU) threat actor has acquired.
Researchers describe BlackNurse, a low-and-slow yet effective DDoS technique that exploits firewall vulnerabilities.
Many worries emerge over mobile devices and applications—WiFi hijacking, WiFi password discovery, OAuth 2.0 exploitation, Svpeng Android vulnerabilities, and QRLjacking.
The number of customers affected by the Tesco Bank fraud has been revised downward from 20,000 to 9,000, but the incident continues to trouble bankers in the UK, Ireland and (to a lesser but still significant extent) elsewhere. Investigation suggests weak security controls were at the heart of the problem.
Not that you'd be directly affected, but there are credible reports of a breach at adult friend site
In the US, NIST releases maritime and small-business addenda to its cybersecurity framework.
Kaspersky files antitrust claims against Microsoft in a Moscow court, alleging anti-competitive biases in Windows 10's security bundle. (Did Senator Sherman have a seat in the Duma?)
LabMD scores an appellate court win versus the FTC.
Today's issue includes events affecting Algeria, Argentina, Bangladesh, China, Colombia, European Union, India, Iraq, Ireland, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Kyrgyzstan, Lebanon, Netherlands, Nigeria, Russia, Taiwan, Turkey, Ukraine, United Kingdom and the United States.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Level 3, as Dale Drew talks Internet-of-things security. If you enjoy the podcast, please consider giving it an iTunes review.)
AlienVault USM Webcast(Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.
Cyber Attacks, Threats, and Vulnerabilities
Russian ‘Dukes’ of Hackers Pounce on Trump Win(KrebsOnSecurity) Less than six hours after Donald Trump became the presumptive president-elect of the United States, a Russian hacker gang perhaps best known for breaking into computer networks at the Democratic National Committee launched a volley of targeted phishing campaigns against American political think-tanks and non-government organizations (NGOs)
Sednit: A very digested read(We Live Security) Sedit is one of the most notorious groups of cyberattackers operating in the world today. Active from at least 2004 – possibly earlier – it has unfortunately stepped up activity over the past two years, keen to hit its targets as hard as possible
Traveling on business? Beware of targeted spying on mobile(Help Net Security) Corporate spying is a real threat in the world of cyber war. Employees traveling on behalf of their company could create opportunities for sophisticated adversaries to take sensitive corporate data. This is especially true if they are not careful with their mobile devices
QRLJacking – A new Social Engineering Attack Vector(Hackin9) The SQRL, or Secure Quick Response Login, a QR-code-based authentication, is an amazing system that makes our lives easier, as it allows us to quickly sign into a website without having to memorize or type in any username or password
Black Duck Lays 2017 Open Source Security Predictions(Forbes) First the Earth cooled, the dinosaurs came and went… and then proprietary software grew to dominate the technology industry. After that last period in our timeline, the IT industry grew to understand how the open source model of community contribution might make enterprise software even better. Code could be augmented, enhanced, finessed and sometimes even forked and skewed when different users felt the need to bring new features to a software product or platform
Are you ready for the EU GDPR?(Help Net Security) Current application test data management practices are not adequate to meet the compliance requirements of the EU General Data Protection Regulation (GDPR), according to CA Technologies
If Trump Bump Holds, Will Palo Alto, Cybersecurity Stocks Rise?(Investor's Business Daily) After falling below key support lines in recent weeks, cybersecurity stocks like Symantec (SYMC), CyberArk Software (CYBR) and Proofpoint (PFPT) are showing signs of a rebound. Meanwhile, fellow security software provider and 2015 IPO Mimecast (MIME) climbed around 17% for the week
Acquisition of US cyber security consultancy(London South East) NCC Group plc (LSE: NCC or "the Group"), the independent global cyber security and risk mitigation expert, has acquired Virtual Security Research, LLC ("VSR") for a maximum consideration of $6m in cash
Key NSA contract for CSRA could face 'additional delays'(Washington Business Journal) CSRA Inc. (NYSE: CSRA) is keeping a watchful eye on one of its major National Security Agency contracts slated to be broken up and re-competed in the coming year, but it will have to wait a while longer
New infosec products of the week: November 11, 2016(Help Net Security) Norton Mobile Security for Android boosts security and privacy protections... Ixia enhances Application and Threat Intelligence Processor... Guardian Analytics Sentinel protects treasury management organizations from fraud... Aon introduces new risk management solution... Arch Insurance Group releases Arch Netsafe 2.0
OWASP ModSecurity Core Rule Set (CRS)(Modsecurity) The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts
Radware Receives Multi Million Application Delivery Orders From a Leading European Bank(GlobeNewswire) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions ensuring optimal service levels for applications in virtual, cloud, and software-defined data centers today announced that it signed multiple contracts totaling $7M to provide on-site application delivery solutions to a leading European bank
Maritime Bulk Liquids Transfer Cybersecurity Framework Profile (US Coast Guard) White House Executive Order (EO) 13636 tasked the Director of the National Institute of Standards and
Technology (NIST) to “lead the development of a framework to reduce cybersecurity risks to critical infrastructure (the ‘‘Cybersecurity Framework’’).” The “Cybersecurity Framework” was published in February 2014, and the important work of integrating the framework into organizational operations is well underway in many industries. One of the primary ways industries are integrating the Cybersecurity Framework is by creating industry‐focused Framework Profiles (“Profiles”) as described in the Cybersecurity Framework
New NIST Guide Helps Small Businesses Improve Cybersecurity(NIST) Small-business owners may think that they are too small to be victims of cyber hackers, but Pat Toth knows otherwise. Toth leads outreach efforts to small businesses on cybersecurity at the National Institute of Standards and Technology (NIST) and understands the challenges these businesses face in protecting their data and systems
Small Business Information Security: The Fundamentals(NIST) Small businesses are an important part of our nation’s economic and cyber infrastructure. According to the Small Business Administration, there are approximately 28.2 million small businesses in the United States
OMB tries again to define a major cyber incident(Federal News Radio) What is a major cyber incident? Seems like a simple enough question to answer. But the Office of Management and Budget has been refining the definition for the better part of a decade
Why Unidirectional Security Gateways can replace firewalls in industrial network environments(Help Net Security) n this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about Unidirectional Security Gateways. They can replace firewalls in industrial network environments, providing absolute protection to control systems and operations networks from attacks originating on external networks
6 Tips For Stronger SOCs(Dark Reading) New guide offers ways for companies to more effectively organize, manage, and staff their security operations centers
Security Metrics Checklist(Dark Reading) Which metrics are the best indicators of a strong cybersecurity team? Experts say security pros should be recording and reporting these data points to demonstrate their success
The Danger of Ignoring the 'Espionage' in Cyber Espionage(STRATFOR Security Week) This week, I had the honor of delivering a keynote speech for the Global Cyber Security Leaders Conference in Berlin. The city, which decades ago was a hub of Cold War-era espionage, provided the perfect backdrop for my attempt to put its modern cousin — cyber espionage — into context
Ransomware doesn’t mean game over(Malwarebytes Labs) Let’s face it. We live in a completely different security world from a decade ago and the kinds of threats we face have taken a new form. This time it’s ransomware. Over the course of just a few years, this threat has evolved from an annoying pop-up to a screen freezer that utilizes disturbing imagery to a sophisticated malicious program that encrypts important files
How to prepare your company for cybersecurity threats(Help Net Security) When the FBI announced the arrest of a Russian hacker in October, it was notable – but maybe not for the reason you’d expect. Yevgeniy N., who was picked up in Prague, is implicated in the 2012 megabreach at LinkedIn
Facebook is buying up stolen passwords on the black market(Naked Security) Facebook shops for passwords sold on the online black market, buying up credentials from crooks to sniff out which ones its users are reusing, Chief Security Officer Alex Stamos said at the Web Summit in Lisbon on Wednesday
Defeating Malware With Its Own DNA(Info Tech Garage) It’s widely known that human DNA evidence has had a major impact in the criminal justice system. Now another kind of DNA may have a similar impact in the fight to eradicate malicious software
Researchers set to work on malware-detecting CPUs(Help Net Security) Adding hardware protections to software ones in order to block the ever increasing onslaught of computer malware seems like a solid idea, and a group of researchers have just been given a $275,000 grant from the National Science Foundation to help them work on a possible solution: malware-detecting CPUs
Five million register for NSA’s ‘Day of Cyber’(FedScoop) Students and other users get to virtually explore simulated real-life cyber scenarios and discover the skills and tools used by the NSA hackers, analysts and cyber-defenders
Infoblox and University of Washington Tacoma Join Forces in Cybersecurity Battle(South Sound Talk) Infoblox Inc., the network control company that provides Actionable Network Intelligence, announced a partnership with the University of Washington Tacoma for research into the use of cutting-edge machine learning methodologies to help mitigate domain name system (DNS) cybersecurity issues that affect our government, economy and daily lives. The goals of the partnership include publishing research that will benefit the cybersecurity community, developing products to help organizations prevent and remediate cybersecurity issues, and providing real-world experience to students who will enter this growing field
Carnegie Mellon University Wins National Cyber Analyst Challenge(HS Today) A team from Carnegie Mellon University was awarded $25,000 as the winner of the second National Cyber Analyst Challenge (NCAC), a cyber competition powered by Leidos and administered by Temple University's Institute for Business and Information Technology (IBIT) to fill the ever-growing need for cyber analysts
China’s vast Internet prison(Washington Post) China's Internet is a universe of contradictions. It has brought hundreds of millions of people online and has become a vast marketplace for digital commerce, yet it is also heavily policed by censors to snuff out any challenge to the ruling Communist Party. Under President Xi Jinping, the censors are working overtime to keep 721 million Internet users under control
UK Spy Agencies on the Hunt for Recruits(Infosecurity Magazine) The UK government is on the lookout for budding coders to take up apprentice positions at GCHQ, MI5 and MI6 with Monday the closing date for applications
Trump win alarms cyber pros(SC Magazine) Security pros are bracing for changes the industry may face after the unexpected election of real-estate entrepreneur and reality television personality Donald J. Trump in a historic presidential race
Army honing in on cyber defense(C4ISRNET) Army officials have seen the growth in cyber defense coming down the pike. This is in part to its Defensive Cyberspace Operation infrastructure program. For its part, the Program Executive Office for Enterprise Information Systems is tasked with providing DCO the non-tactical, enterprise network
Who are the CIOs that soon will need new jobs?(Federal News Radio) Ten federal chief information officers are working on their resignation letters. Sometime over the next 70 days, CIOs from the departments of Veterans Affairs to Commerce to Homeland Security to the federal CIO will notify the incoming Trump administration of their plans to leave their posts
In the Matter of the Search of Computers that Access "Websites 1-23" (United States District Court for the District of Maryland) I have been employed as a Special Agent ("SA") with the Federal Bureau of Investigation since [redacted] and I am currently assigned to the FBI's Violent Crimes Against Children Section, Major Case Coordination Unit ("MCCU")
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
AlienVault USM Webcast(Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...
Israel HLS and Cyber 2016(Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...
SANS Healthcare CyberSecurity Summit & Training 2016(Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...
Infosec 2016(Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face...
Commercial Cyber Forum: Insider Threat(Odenton, Maryland, USA, November 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.
Kaspersky Academy Talent Lab(Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists...
CISO Charlotte(Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions
Pharma Blockchain Bootcamp(Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it...
CyberCon 2016(Washington, DC, USA, November 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the...
Versus 16(San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...
Data Breach & Fraud Prevention Summit Asia(Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the
SCSC Cyber Security Conclave 2.0 Conference and Exhibition(Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...
4th Ethiopia Banking & ICT Summit(Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...
Internet of Things (IoT)(Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...
CIFI Security Summit(Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.