The New York Times has an account of how cooperation between law enforcement agencies (notably the FBI) and US and UK military forces have enabled the arrest—or, in many cases, the battlefield killing—of ISIS social media operators. In a separate action, French security services have rolled up an alleged ISIS terror ring.
There's no word yet on how last week's denial-of-service attack on the European Commission was accomplished. Radio Free Europe/Radio Liberty notes that the attack coincided with a meeting in Brussels between Ukraine's president and EU officials.
Two hoods using the noms-de-hack "Popopret" and "BestBuy" (the latter unconnected with the electronics retailer) are leasing a Mirai botnet said to contain 400,000 devices. They offer a variety of rental levels, of which this come-on provides a representative sample: "price for 50,000 bots with attack duration of 3600 secs (1 hour) and 5-10 minute cooldown time is approx 3-4k per 2 weeks." Popopret and BestBuy are thought to have been responsible for the GovRAT Trojan which InfoArmor identified in November 2015.
In other DDoS news, router vulnerabilities have been exploited to disrupt service to some 400,000 Eir webmail users in Ireland.
KrebsOnSecurity offers another glimpse into the criminal underground with sales videos for ATM inset card skimmers.
Over the weekend San Francisco's Muni public transportation system was hit with HDDCryptor ransomware. The ask is a relatively low 100 Bitcoin, but until the attack on scheduling and payment systems is remediated, the Muni decided to let people ride for free.
Today's issue includes events affecting European Union, France, Ghana, Iraq, Ireland, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Norway, Russia, Syria, Ukraine, United Kingdom, United States.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Terbium Labs, whose Emily Wilson describes how the Dark Web community celebrates the holidays. We'll also hear from a guest, Brad Medairy from Booz Allen Hamilton, who'll take us through their report on what actually happened to the power grid in Western Ukraine last December. If you enjoy the podcast, we invite you to please consider giving it an iTunes review.
AlienVault USM Webcast(Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.
Mirai DDoS botnet for rent(My Broadband) A massive Mirai botnet, which promises over 400,000 bots which can carry out DDoS attacks, is for rent on the Internet
ATM Insert Skimmers: A Closer Look(KrebsOnSecurity) KrebsOnSecurity has featured multiple stories about the threat from ATM fraud devices known as “insert skimmers,” wafer-thin data theft tools made to be completely hidden inside of a cash’s machine’s card acceptance slot. For a closer look at how stealthy insert skimmers can be, it helps to see videos of these things being installed and removed. Here’s a look at promotional sales videos produced by two different ATM insert skimmer peddlers
Security Patches, Mitigations, and Software Updates
cURL security audit learns the lessons of Heartbleed(Naked Security) You may not have heard of cURL but you’ve probably made use of it. It’s one of those pieces of software that does something everybody needs, that everybody uses but almost nobody pays any attention to
Adobe Flash Player Latest Update Download Available with More Patches(Neurogadget) A few weeks ago, Adobe has rushed out an emergency patch for a zero day vulnerability. Well, it seems that the company has just released a new security update for the mentioned software. The new release has patched 9 vulnerabilities, all of them which could allow remote code execution
Silencing the Messenger: Communication Apps Under Pressure(Freedom House) Internet freedom around the world declined in 2016 for the sixth consecutive year. Two-thirds of all internet users – 67 percent – live in countries where criticism of the government, military, or ruling family are subject to censorship. Social media users face unprecedented penalties, as authorities in 38 countries made arrests based on social media posts over the past year. Globally, 27 percent of all internet users live in countries where people have been arrested for publishing, sharing, or merely “liking” content on Facebook. Governments are increasingly going after messaging apps like WhatsApp and Telegram, which can spread information quickly and securely
Study: Industry slow to implement information security measures(Automotive IT) Industrial companies are aware that information security and risk management are crucial in today’s data-driven and connected world. But, according to a new study, they also are relatively slow in implementing policies to fend off threats
We’re all screwed, but let’s not be nihilists(TechCrunch) We are so doomed it’s almost funny, and always have been. Don’t worry, I’m not being political! …well, not exactly. I’m talking about the State of Internet Security, which is, as always, disastrous-verging-on-cataclysmic. Are you worried about Russian hackers? Hah! You should be so lucky as to be hacked. We should all be so lucky as to have a functional Internet they can use to hack us
Diversification Is Drowning Barracuda(Seeking Alpha) Barracuda is rebounding after several quarters of trading at a low premium. Valuation still factors in the slow growth rate. Is diversification helping CUDA?
French Defense Ministry Considering a Small Company Investment Fund(Defense News) Defense ministry officials are in talks with the finance ministry to set up a government investment fund of “several million euros” to invest in small high technology companies, which carry a national sovereignty interest, Defense Minister Jean-Yves Le Drian said on Thursday
Products, Services, and Solutions
AlgoSec Delivers Intelligent, Zero-Touch Automation to Support Business-Driven Security Policy Management (Yahoo! Finance) AlgoSec, the leading provider of business-driven security policy management solutions, today released the AlgoSec Security Management solution version 6.10. This latest version reinforces AlgoSec's commitment to supporting business driven security management by delivering the visibility, automation and management that organizations need to accelerate their business application deployments into production -- in the cloud or on-premise
Fingbox: Network security and Wi-Fi troubleshooting(Help Net Security) Fingbox allows you to secure and troubleshoot your home network. It plugs in to your existing router, alerting you when it senses anything out of the ordinary – from new devices on your network, changes in your Internet performance, or unidentified devices that could be an unwelcome intruder
Protecting smart hospitals: A few recommendations(Help Net Security) The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats
National Insider Threat Policy(NCSC) The National Insider Threat Policy aims to strengthen the protection and safeguarding of classified information by: establishing common expectations; institutionalizing executive branch best practices; and enabling flexible implementation across the executive branch
Hacker Lexicon: What Is Perfect Forward Secrecy?(Wired) Encryption keeps your secrets, until it doesn’t. When you use an encryption tool like the venerable software PGP, for instance, your most sensitive communications are only as secure as a single, secret piece of data known as a private key. If that key gets stolen, it’s not just all your future messages that have been compromised. An eavesdropper could crack all your past encrypted correspondence with that stolen key as well
How Carriers Can Help Solve IoT Insecurity(Wireless Week) Through our research and work with carriers, partners, and others, AdaptiveMobile has predicted up to 80 percent of devices connected on the IoT do not have appropriate security measures in place. To put it plainly, four in five of IoT devices on the market are vulnerable to malicious activity, inadvertent attacks, and data breaches
Buffer Overflow (BOF)(MS Black Hat) In computer security and programming, a buffer overflow, or buffer overrun, is an anomalous state where a process tries to save information beyond the boundaries of a fixed-length buffer. The result is that next memory locations are overwritten by the additional information. The overwritten data can sometimes include other buffers, variants and application flow info, and might lead to unpredictable program behavior, a memory access exception, application termination (a crash), wrong results or particularly if deliberately the result of a malicious user a potential violation of system security
It's not just cyber criminals who will comprise your valuable data(Security Brief) It may be a cliché but it can’t be said enough: where security breaches are concerned, it’s not if but when. Breaches are splashed across the front pages of the news on an almost daily basis, with some of the world’s biggest companies falling victim. But the story behind these latest breaches to hit the headlines is different
Secret Trade Proposal Would Give Facebook Free Reign to Censor by Algorithm(Motherboard) Facebook has long drawn ire over its tendency to censor users’ posts based on its opaque standards. But under leaked proposals from a controversial European trade deal, the social network and other online services could be granted legal immunity when censoring any content, as long as it’s deemed “harmful or objectionable”
Can a Number Be Illegal?(Motherboard) If information can be illegal, a number can be illegal. It's an obvious statement—numbers are information—but one that might lead to absurd conclusions, as a computer scientist named Phil Carmody attempted to demonstrate in 2001 with the discovery and publication of a stupidly long prime number representing a section of forbidden computer code implementing a DVD decoding algorithm known as DeCSS
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Insider Threat Program Development Training For NISPOM CC 2(Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...
Internet of Things (IoT)(Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...
CIFI Security Summit(Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...
AlienVault USM Webcast(Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...
Cyber Threats Master Class(Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...
Disrupt London(London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.