The head of Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), joins warnings of a Russian cyber threat to next year's elections.
More accounts of how US intelligence targeted ISIS information operators, and a young Syrian continues to survive and tweet under the Assad regime's bombardment of Aleppo. ISIS has not yet claimed responsibility for the knife-rampage at Ohio State University yesterday, but the Caliphate's sympathizers have begun lionizing the late alleged attacker as a "brother."
Deutsche Telekom, recovering from Sunday's DDoS attack by an evolved version of the Mirai botnet, issues a router firmware upgrade to mitigate the exploited vulnerability. The router flaw, also implicated in last week's attack against Eircom, leaves Internet port 7547 open to external connections. That port is then used to send commands based on TR-069 and TR-064 protocols.
San Francisco's Municipal Transport Agency resumes normal service after a ransomware attack on payment and scheduling terminals. They did not pay the ransom, and so far have suffered none of the threatened consequences. KrebsOnSecurity reports a security researcher hacked the attacker's mailbox and found links suggesting connections to other ransomware attacks. Signs point toward a Southwest Asian hacker, but no firm attribution, yet.
Old news persists: WikiLeaks releases Carter Administration diplomatic cables from 1979, former Secretary of State Clinton faces continued civil litigation over emails, and prospective Secretary of State Petraeus remains under investigation for his own security breaches.
xHamster user accounts are appearing on the dark web. Don't say John McAfee didn't warn you years ago.
Today's issue includes events affecting Australia, China, European Union, France, Germany, India, Iraq, Japan, Republic of Korea, Russia, Syria, United Kingdom, United States.
ON THE PODCAST
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Level 3, as Dale Drew talks about protecting critical infrastructure. If you enjoy the podcast, we invite you to please consider giving it an iTunes review.
AlienVault USM Webcast(Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.
Spy Chief Adds to Warnings of Russian Cyber Attacks on Germany(New York Times) Germany's spy chief warned that Russian hackers may target next year's German election with campaigns of misinformation that could undermine the democratic process, echoing concerns voiced by the country's domestic intelligence director
‘ISIS’ Refers to Ohio Attacker Abdul Razak Ali Artan as ‘Brother’(Heavy) Islamic State terrorist channels have been begun to praise 18-year-old Abdul Razak Ali Artan, the Somali refugee behind the terrorist attack today at Ohio State University. However, while the Islamic State sympathizers praise Artan, there is no official claim of credit yet
Hackers suspected as 900,000 hit by internet outage(The Local (de)) Update: German Telekom is now looking into evidence of a hacker attack after 900,000 internet, phone and television clients were hit by a massive outage starting on Sunday and going into Monday
Information zu aktuellen Beeinträchtigungen(Telekom) Update: Weltweit findet nach unseren Erkenntnissen derzeit ein Angriff auf Fernwartungsschnittstellen statt. Das sieht auch das Bundesamt für Sicherheit in der Informationstechnologie so
San Francisco Subway Hackers Now Threaten to Publicly Dump Data(Motherboard) Over the weekend, riders of San Francisco's municipal transit system (Muni) were allowed to travel for free because hackers had infected subway computers with ransomware. According to CSO Online, the attackers have demanded some $73,000 worth of bitcoin
Hackers Make New Claim in San Francisco Transit Ransomware Attack(Threatpost) The San Francisco Municipal Transport Agency said by Sunday it had contained a ransomware attack that occurred Friday which impacted its internal computer and payment systems. The public transit system is facing new, unsubstantiated claims on Monday however that the group responsible for launching the attack is holding hostage 30GB of the agency’s data
San Francisco Rail System Hacker Hacked(KrebsOnSecurity) The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, “You Hacked. ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location
The Chrome extension that “Firesheeps” you by choice(Naked Security) A Naked Security reader just drew our attention to a recently released extension in the Chrome Web Store called AccessURL that is being talked about positively on mailing lists and online lifestyle websites
Pwning WordPress with Cross-Site Scripting(Securify) Last July we organized the Summer of Pwnage, which resulted in 118 security findings in WordPress Core and Plugins. By far the most found vulnerability is Cross-Site Scripting, 66% of the findings fall into this category. When targeting a WordPress Administrator, Cross-Site Scripting can result in a full compromise of the WordPress site. In this blog I'll describe one method to achieve this
CybersecurityStudy 2016:Outside Wi-Fi(University of Phoenix) US adults who use Wi-Fi outside the home or workplace (“rogue Wi-Fi” users) are more likely to place a greater level of trust in secured networks than unsecured
Security Patches, Mitigations, and Software Updates
Firmware zum Speedport W 921V(Deutsche Telekom) Derzeit kommt es zu Problemen an Telekom-Anschlüssen. Wir arbeiten an der Behebung der Ursache. Einen Zeitpunkt für die Behebung der Störung können wir derzeit noch nicht nennen. Internet, Telefonie und Fernsehen sind davon betroffen
Port 7547 SOAP Remote Code Execution Attack Against DSL Modems(SANS Internet Storm Center) German Telekom is now offering a firmware update for the affected routers... Affected user are advised to power off their router and power it on again after 30 seconds. During bootup the router should retrieve the new firmware from the Telekom servers
The future of conflict is in cyberspace(Raconteur) Suspected state-sponsored attacks have triggered an international cyber arms race aimed at repelling and even retaliating if secrets are stolen or online infrastructure targeted, threatening to paralyse critical systems
The Surprising Reason Why You Keep Getting Hacked(NBC News) Cyber Monday is upon us — and one in four shoppers will get hacked this holiday season. If it's already happened to you, the chances are that it will happen again. That's because many people still aren't motivated to protect their personal information, according to one new survey
What will the data breach landscape look like in 2017?(Help Net Security) While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals, according to Experian Data Breach Resolution
What parents don't get about cyberbullying(Christian Science Monitor Passcode) In his new book about kids and digital safety, Nathan Fisk argues that efforts to thwart cyberbullying shouldn't stop young people from participating in online communities where they can figure out the right ways – and wrong ways – to communicate
Samsung May Split in Two, Report(Computing) Samsung Electronics has said it is considering splitting in two, after political and governance scandals and the recall of Note 7 devices have led to renewed pressure from investors
L-3 Communications Acquires MacDonald Humfrey Automation(Nasdaq) Defense contractor L-3 Communications Holdings Inc. on Tuesday said it acquired MacDonald Humfrey Automation Ltd. for about £ 224 million ($280 million), beefing up its position in the global aviation-security market
Palo Alto Networks - It Is Time To Dip Your Toes Back In(Seeking Alpha) Data security is still a secular growth story. PANW has the broadest product platform in the industry. Some Point Solution and legacy providers are struggling to compete with PANW. PANW trades at a discount to peers based on FCF
IRS hires ‘white-hat’ hackers to help protect IT systems(Federal News Radio) The IRS is employing a “white hat” approach to improve its cybersecurity. The IRS awarded Synack Government a $2 million contract to provide penetration testing by ethical hackers or researchers with no knowledge of IRS systems
Balabit Boosts Leadership Team to Drive Global Growth(Yahoo!) Balabit, a leading provider of contextual security technologies, has announced two appointments to its Senior Executive team with the addition of Peter O' Neill as Senior Vice President of Worldwide Sales and Matthew Ravden in the position of VP and Chief Marketing Officer. The new appointments are part of Balabit's major plans for international expansion. In the last 18 months Balabit has opened offices in the UK (London) and the US (New York), and the US market is already the company's fastest growing region
Rapid7 Appoints Jeff Kalowski as Chief Financial Officer(Yahoo! Finance) Rapid7, Inc. (RPD), a leading provider of data analytics solutions for IT and security professionals, today announced the appointment of Jeff Kalowski as the Company’s chief financial officer (CFO), effective January 9, 2017
6 Free and Open Source Security Tools(PC Quest) There are thousands of open source security tools with both defensive and offensive security capabilities. The following are essential security tools that will help you to secure your systems and networks
Sophos scoops two awards for security excellence(Sophos) The inaugural 2016 Security Excellence Awards by UK magazine Computing saw Sophos collect two industry prizes last night: SafeGuard 8 took the Data Encryption Award and Sophos XG Firewall won the Firewall Solution and UTM Award
Gemalto broadens PKI portfolio(Security Document World) Gemalto has announced that its Public Key Infrastructure (PKI) portfolio now includes solutions for qualified electronic signatures that enable compliance with the new EU and EFTA-wide eIDAS (Electronic Identification and Services) regulation
CyberArk taps power of behavioral analytics to block threats(Security Asia) CyberArk has announced new behavioral analytics to block and contain advanced threats targeting credential theft at the endpoint. CyberArk Viewfinity, with enhanced threat protection features, is now available as CyberArk Endpoint Privilege Manager
Jolla’s Sailfish OS now certified as Russian government’s first ‘Android alternative’(TechCrunch) The future for one of the few remaining alternative mobile OS platforms, Jolla’s Sailfish OS, looks to be taking clearer shape. Today the Finnish company which develops and maintains the core code, with the aim of licensing it to others, announced Sailfish has achieved domestic certification in Russia for government and corporate use
Your computer has been locked Screenlocker Removal Guide(Bleeping Computer) The Your computer has been locked screen locker is a Trojan that displays a fake security screen stating that the computer has been locked because viruses were detected. It then tells you to contact a Microsoft technician to get a an unlock code to unlock it. Once you enter the correct code, the screen will unlock and another screen will be displayed that contains instructions on how to remove the Trojan
Five step approach to address data breaches, increase online trust(Help Net Security) The Internet Society has released the findings from its 2016 Global Internet Report in which 59 percent of users admit they would likely not do business with a company which had suffered a data breach. Highlighting the extent of the data breach problem, the report makes key recommendations for building user trust in the online environment, stating that more needs to be done to protect online personal information
DHS helps you make your control systems more secure(CSO) After a zero-day exploit to the maritime transportation sector, DHS's National Cybersecurity and Communications Integration Center notified potentially affected U.S. ports about the threat. They described the apparent vulnerability and provided preliminary mitigation measures
Security body plans malware research centre in city(Times of India) Cyber security is now a national concern and the next world war would be fought in cyberspace without shedding a drop of blood, said IT minister K T Rama Rao, speaking at the second edition of the cyber security conclave that began on Tuesday
DOT seeks proposals for Automated Vehicle Technology “Proving Grounds”(US Department of Transportation) Posted by Secretary of Transportation Anthony Foxx: Today I am announcing the launch of a new Automation Proving Ground Pilot Program. Through this program, the Department will designate facilities as qualified proving grounds for the safe testing, demonstration and deployment of automated vehicle technology. We believe that by designating facilities as part of a Community of Practice, we can foster a safe environment for these entities to share best practices related to testing and developing this technology
Feds provide legal loophole to hacking IoT devices(CSO) Federal regulators have approved exemptions to existing copyright law that allow independent researchers to hack into the software of most Internet of Things devices. But there are strict limitations on it, and the exemptions only last for two years
Fight Over FBI Hacking Powers Comes Down to the Wire(NextGov) A top Justice Department official pushed back Monday against critics of an FBI hacking powers expansion set to take effect Thursday, saying the critics are confusing substantive issues with procedural ones
Washington Post Disgracefully Promotes a McCarthyite Blacklist From a New, Hidden, and Very Shady Group(Intercept) The Washington Post on Thursday night promoted the claims of a new, shadowy organization that smears dozens of U.S. news sites that are critical of U.S. foreign policy as being “routine peddlers of Russian propaganda.” The article by reporter Craig Timberg — headlined “Russian propaganda effort helped spread ‘fake news’ during election, experts say” — cites a report by an anonymous website calling itself PropOrNot, which claims that millions of Americans have been deceived this year in a massive Russian “misinformation campaign”
U.S. investigating leak related to Petraeus case(Military Times) The Defense Department is conducting a new leaks investigation related to the sex scandal that led to the resignation of former CIA Director David Petraeus, The Associated Press confirmed Monday, the same day Petraeus was meeting with President-elect Donald Trump in New York
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...
Insider Threat Program Development Training For NISPOM CC 2(Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...
Internet of Things (IoT)(Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...
CIFI Security Summit(Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...
AlienVault USM Webcast(Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...
Cyber Threats Master Class(Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...
Disrupt London(London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.
US Department of Commerce Cyber Security Trade Mission to Turkey( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...
Practical Privacy Series 2016(Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...
CISO Southern Cal(Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
SANS Cyber Defense Initiative 2016(Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...
Privacy, Security and Trust: 14th Annual Conference(Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.