Looking back at election hacking, it's worth noting that for all the crying of havoc (and legitimate concerns) about interference with US voting, other places probably had it worse. Consider Montenegro's experience, as described by Wapack Labs.
Since July ATM hackers (probably affiliated with the Buhtrap mob) have been at work, mostly in Taiwan and Thailand, stealing cash by inducing installation of a bogus firmware update that directed the machines to empty themselves. Taipei police realized something was amiss when they started receiving reports of cash lying around ATMs. This isn't conventional carding, but a direct manipulation of the ATMs themselves. Buhtrap has spawned at least one associated gang, "Cobalt," which has been active in Europe, and the FBI warns US banks that they could be at risk as well.
Cerber has now begun to target high-value database files for encryption and extortion. There is some good news on another ransomware strain, however: ESET has released a free decryption tool for Crysis ransomware.
Anubis Networks finds another Android backdoor, this one associated with software from Ragentek Group. The backdoor enables potential exploitation of over-the-air updating.
A patch fixes exploitable issues with Siemens-branded security cameras.
Check Point scans the malware landscape and finds that Conficker remains number one.
In industry news, Oracle announces it will acquire Dyn, recently famous as the victim of Mirai-DDoS. Telstra is buying security analytics shop Cognevo, part of the dissolving New Zealand security firm Wynyard.
The US Defense Department's Hack-the-Pentagon program gets more wide-open than ever.
Today's issue includes events affecting Australia, Israel, Montenegro, New Zealand, Norway, Russia, Singapore, Taiwan, Thailand, United States.
A note to our readers: We won't publish this Thursday, as we'll be observing the Thanksgiving holiday. We'll be back as usual with the CyberWire Daily News Briefing on Friday (although the CyberWire Daily Podcast will take a longer hiatus, and pick up again on Monday).
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Palo Alto Networks, as Rick Howard discusses the gap that continues to persist between boards and technical teams. We'll also have Derek Northrope of Fujitsu Biometrics as our guest; he'll describe recent developments in biometrics and their application to security. As always, if you enjoy the podcast, please consider giving it an iTunes review.
AlienVault USM Webcast(Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.
DDoS Attacks And Coup Attempt During October 2016 Montenegro Elections(Wapack Labs) During the October 16, 2016 elections in Montenegro, the website of the pro-NATO ruling party and several other media and political NGO websites were subject to Distributed Denial of Service (DDoS) attacks. In tandem, misinformation campaigns were conducted across various platforms including social media. Analysis of the event indicate that certain Russian media outlets were involved, and investigations showed that an international group that included Montenegrin, Russian and Serbian nationals were planning a coup that included the assassination of the Montenegrin Prime Minister. It is possible that the Russian government was involved in these activities, which show the possible vectors for a foreign power to influence an election
FBI: US ATMs Could Be Hacked to Spew Cash(Infosecurity Magazine) The FBI is warning that potential ATM attacks, similar to those in Taiwan and Thailand that caused ATMs to dispense millions, could happen in the US
Backdoor Found in Firmware of Some Android Devices(Threatpost) Nearly three million Android devices are vulnerable to an attack that could allow a hacker to compromise over-the-air (OTA) updates to the devices and allow adversaries to remotely execute commands with root privileges
Office 365 Vulnerability Identified Bogus Microsoft.com Email as Valid(Threatpost) Details have been released on a simple Office 365 hack that incorrectly identifies spoofed emails pretending to be from the Microsoft.com domain as valid. The vulnerability being targeted was privately disclosed by Turkish security researcher Utku Sen, and was patched by Microsoft this month
Impostor claims to be Gen. Mattis on Twitter(Marine Corps Times) A fake Twitter account purportedly belonging to retired Marine Gen. James Mattis is spreading a rumor that the real Mattis will be nominated as the next defense secretary
Great. Now Even Your Headphones Can Spy on You(Wired) Cautious computer users put a piece of tape over their webcam. Truly paranoid ones worry about their devices’ microphones, some even crack open their computers and phones to disable or remove those audio components so they can’t be hijacked by hackers. Now one group of Israeli researchers has taken that game of spy-versus-spy paranoia a step further, with malware that converts your headphones into makeshift microphones that can slyly record your conversations
A Hacker Took Over Tel Aviv’s Public Wi-Fi Network to Prove That He Could(Motherboard) Israeli hacker Amihai Neiderman needed three days to hack into Tel Aviv’s free public Wi-Fi. He only worked during the evenings, after he came home from his full-time job as a security researcher. The 26-year-old said the difficulty level was “a solid 5” on a scale from 1 to 10
Anticipating Black Friday Threat Trends(Recorded Future) We studied attacks reported during the 2015 holiday period and identified new tools, techniques, and procedures (TTPs) that have emerged recently to help anticipate what to expect this year
This year’s most hackable holiday gifts(Help Net Security) Intel Security announced its second annual McAfee Most Hackable Holiday Gifts list to identify potential security risks associated with hot-ticket items this holiday season. The most hackable gift category includes laptops and PCs, followed by smartphones and tablets, media players and streaming sticks, smart home automation and devices, and finally, drones
Conficker Still on Top as Malware Jumps 5% in October(Infosecurity Magazine) Malware continued its inexorable rise in October with the number of attacks increasing 5% over the previous month, although UK and US users appeared to be insulated from the worst, according to new stats from Check Point
The odd, 8-year legacy of the Conficker worm(We Live Security) Eight years ago, on November 21st, 2008, Conficker reared its ugly head. And since then, the “worm that roared” – as ESET’s distinguished researcher Aryeh Goretsky puts it – has remained stubbornly active
Security Patches, Mitigations, and Software Updates
Microsoft to Bid Farewell to SHA-1 in February(Infosecurity Magazine) Microsoft has announced it will no longer support the insecure SHA-1 hash algorithm for HTTPS from 14 February next year, adding further urgency for webmasters to transition to SHA-2
Was your data breach an inside job?(Help Net Security) Kaspersky Lab revealed the current state of security threats among businesses and how their perception of threats compares to the reality of cybersecurity incidents experienced over the past year, both in North America and worldwide. A top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees
How security collaboration will prove vital in 2017(Help Net Security) The escalation of high-profile hacking and data dumps recently has underscored the increasing boldness of digital threat actors, culminating in July’s Democratic National Committee email leak and its ripple effect through American politics. The group behind the hack and its attack patterns were known, and yet the attack was not thwarted, leaving many questions as to the overall state of the Internet’s security
Fortinet Predicts Tipping Point For Cybersecurity as Threats Become More Intelligent, Autonomous, and Difficult to Detect Than Ever Before in 2017(Yahoo!) Derek Manky, global security strategist, Fortinet: "The expanding attack surface enabled by technology innovations such as cloud computing and IoT devices, a global shortage of cybersecurity talent, and regulatory pressures continue to be significant drivers of cyber threats. The pace of these changes is unprecedented, resulting in a critical tipping point as the impact of cyber attacks are felt well beyond their intended victims in personal, political, and business consequences. Going forward, the need for accountability at multiple levels is urgent and real affecting vendors, governments, and consumers alike. Without swift action, there is a real risk of disrupting the progress of the global digital economy."
Oracle buys cyber attack target Dyn(Phys.org) Oracle on Monday announced it is buying Dyn, a Web traffic management firm recently hit with a cyber attack that closed off the internet to millions of users
Oracle Just Bought Dyn, the Company That Brought Down the Internet(Wired) Last month, the entire internet went down for a few hours. At least that’s what one of the biggest denial-of-service attacks in recent memory felt like to a lot of people. Sites from Netflix, Spotify, and Reddit to The New York Times and, yes, even WIRED went dark
Top Stocks to Buy in Cybersecurity(Fox Business) Over 5.3 billion records were lost or stolen during data breaches over the past three years, according to the Breach Level Index. A mere 4% of those hacks were considered "secure breaches" in which the stolen data was encrypted and rendered useless for hackers
Pentagon expands white-hat hacker challenge to all comers(Federal News Radio) The Defense Department undertook a significant expansion of its new crowdsourced approach to cybersecurity Monday, opening its “Hack the Pentagon” challenge to literally anyone and providing them a legal route to report any security holes they find
TrapX releases deception-based security solution(Compliance Week) TrapX, a deception-based cyber-security defense provider, recently released the world’s first deception-based security solution specifically designed to protect the Society for Worldwide Interbank Financial Telecommunication (SWIFT) financial networks
Pentagon seeks better computer encryption(Defense Systems) The Pentagon is exploring technologies designed to decrease hardware requirements and improve computer encryption to better secure networks without compromising speed and performance
Israeli startup CyBellum wants to end zero-day attacks(Geektime) CyBellum’s solution provides end-to-end protection, from the internal network to the organization’s cloud. They can detect breaches and block the attack in its initial stage, all before the attacker penetrates the system
Security Threat Looms over Holiday Shopping Season(ReadItQuik) The coming weekend, starting from Black Friday (November 25) to Cyber Monday (November 28), is that time of the year when people do most of their shopping. It is also the time when most of the discounts and deals are offered by the retailers, both instore as well as on their websites and apps
To Operationalize Cyber, Humanize the Design(Small Wars Journal) Cyberspace…the military riddle of the modern age. Despite well-intentioned talk across the U.S. Army to ‘operationalize cyber,’ the indispensable means for doing so, is to ‘humanize’ the design
Legislation, Policy, and Regulation
Trump will direct Pentagon to develop new national cybersecurity plan(CyberScoop) On his first day in office, President-elect Donald Trump will direct the Department of Defense and the Chairman of the Joint Chiefs of Staff to develop “a comprehensive plan to protect America’s vital infrastructure from cyberattacks, and all other form of attacks”
Influencers: Trump won’t improve cybersecurity(Christian Science Monitor Passcode) President-elect Donald Trump has promised that protecting the country from cyberattacks will be a “major priority” for his administration, but three-quarters of Passcode’s pool of digital security and privacy experts say they do not believe cybersecurity will improve with the Republican in the Oval Office
DFS Cyber Regulation: Changing the Rules – An Interview with Bay Dynamics’ Steven Grossman(JDSupra) As part of Patterson Belknap’s continuing focus on the New York Department of Financial Services (DFS) proposed cybersecurity regulation, we sat down with Steven Grossman, VP Strategy & Enablement at Bay Dynamics, a cyber risk analytics company, to talk about cybersecurity in a highly regulated environment. In the first installment of our 2-part interview with Steven, he discusses implementation of the new regulation and the fact that organizations shouldn’t confuse regulatory compliance with effective cybersecurity planning and strategy
FBI's Dark Web Child Porn Investigation Stretched to Norway(Motherboard) Nearly two years after its inception, more details about the largest known law enforcement hacking campaign are still coming to light. According to local media reports, the US Federal Bureau of Investigation provided information to Norwegian authorities from its large-scale investigation into child pornography site Playpen
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Norwich University Cyber Security Summit(Northfield, Vermont, USA, June 19 - 21, 2017) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the first annual Cyber Security Summit in June 2017. The summit, presented in a continuing education format,...
Data Breach & Fraud Prevention Summit Asia(Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the
SCSC Cyber Security Conclave 2.0 Conference and Exhibition(Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...
4th Ethiopia Banking & ICT Summit(Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...
Insider Threat Program Development Training For NISPOM CC 2(Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...
Internet of Things (IoT)(Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...
CIFI Security Summit(Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...
AlienVault USM Webcast(Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...
Cyber Threats Master Class(Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...
Disrupt London(London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.