A claim by blackhat showboat CyberZeist to have compromised a US FBI website and dumped credentials on Pastebin looks bogus. The Register reports that the security team at Plone, which produces the FBI's content management system, says that it's a hoax: the email addresses seem to be derived from old publicly available dumps, and the password hashes don't add up, either.
Canadian authorities are investigating "a possible cyber threat" against Ontario's Hydro One electrical utility. There may be nothing more to it than there was to the Burlington Electric incident, but the Royal Canadian Mounted Police are on the case.
Several exploits in the wild draw security researchers' attention. Forcepoint reports the return of the MM Core backdoor spyware in two new variants, "BigBoss" and "SillyGoose." The GDI Foundation warns of a campaign actively targeting MongoDB. Fujutsu and its partners Forcepoint and Recorded Future are tracking the RIG exploit kit, which is now serving TrickBot and Madness/QuantLoader.
Ransomware retains its prominence in the threat landscape. It's increasingly seen equipped with DDoS and doxing functionality (Dunbar calls the latter "doxware"). GoldenEye ransomware is appearing in campaigns targeting HR departments, especially vulnerable because the nature of their business tends to make them willing to open email attachments. Some good news: Emsisoft has a decryptor for version 3 of Globe ransomware.
US investigators think about how to make the hacking case against Russia without tipping their hand, too much. One tip: don't illustrate that case with screenshots from Fallout 4 (apologies to CNN).
Today's issue includes events affecting Canada, Bahrain, Egypt, Ethiopia, European Union, Honduras, India, Indonesia, Iran, Mexico, Morocco, Nigeria, Russia, Saudi Arabia, Sudan, United Kingdom, United States.
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
What Hack? Burlington Electric Speaks Out(Threatpost) Two days before the start of the New Year’s holiday weekend, the Department of Homeland Security shared technical details and indicators of compromise related to tools used by Russian intelligence services in attacks allegedly attempting to influence the U.S. presidential election
The U.S. Government thinks thousands of Russian hackers may be reading my blog. They aren't.(Intercept) After the U.S. Government published a report on Russia’s cyber attacks against the U.S. election system, and included a list of computers that were allegedly used by Russian hackers, I became curious if any of these hackers had visited my personal blog. The U.S. report, which boasted of including “technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services,” came with a list of 876 suspicious IP addresses used by the hackers, and these addresses were the clues I needed to, in the end, understand a gaping weakness in the report
MM Core In-Memory Backdoor Returns as "BigBoss" and "SillyGoose"(Forcepoint) In October 2016 Forcepoint Security Labs™ discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as “BaneChant”, MM Core is a file-less APT which is executed in memory by a downloader component. It was first reported in 2013 under the version number “2.0-LNK” where it used the tag “BaneChant” in its command-and-control (C2) network request. A second version “2.1-LNK” with the network tag “StrangeLove” was discovered shortly after
RIG EK Dropping TrickBot Trojan & Madness/Quant Loader DoS Bot(Infosecurity Magazine) As the exploit market begins to diversify, it has seen the introduction of new threats, the most recent being the inclusion of a relative new comer in TrickLoader and an older threat known as TrickBot. Arbor Networks identified the bot in 2014, with the insights identifying the types of attacks it was capable of
Schools warned about cold-calling ransomware attacks(Hot for Security) Schools and colleges are being warned to be on the lookout for ransomware attacks, after a wave of incidents where fraudsters attempted to trick educational establishments into opening dangerous email attachments
Proofpoint Finds Social Media Phishing Scam Steals Credentials And Credit Cards(Information Security Buzz) In a new blog post researchers from Proofpoint have tracked a phishing campaign leveraging the concept of “Twitter Brand Verification”. Because the actors in this case are relying on paid, targeted ads on Twitter, users don’t need to do anything to see the phishing link. Attackers are increasing the sophistication of social engineering approaches and extending them across social channels. Users and brands need to be increasingly savvy to avoid getting snared by ads, accounts, and messages that initially look legitimate. While this attack was observed on Twitter, such a scam could be implemented on any social media platform that implements some form of account verification
Mixed Messages : Novel Phishing Attempts Trying to Steal Your E-mail Password Goes Wrong(SANS Internet Storm Center) A writer wrote in to send us an interesting phishing attempt they had received at their organization. An email from a school domain that purported to be VetMeds send an "encrypted" PDF that required a user-name and password to log in to. The subject of the email was "Assessment document". The PDF itself was created with Microsoft Word and included a link that suggested it was a locked document and you needed to click a link to unlock it which pointed to chai[.]myjino[.]ru and gave a screen with a purported PDF behind it and a login box that it happily accepts. Below are some screenshots, but some notes. Updated versions of Acrobat should ask before going off to bad websites. What I found interesting was the lure was a VetMeds assessment but the underlying document at the Russian website is for a SWIFT transaction, so some mixed messages there
Olympic Vision aka Codelux(Wapack Labs) Wapack Labs assesses, with moderate confidence, that Olympic Vision products will continue to be sought after as a one-stop-shop for cyber criminals
NHS Data Security Incidents Top List Again(Infosecurity Magazine) The UK’s healthcare sector once again accounted for the largest number of data security incidents in Q3 2016, although the charity, education and finance sectors revealed a bigger jump in incidents from the previous quarter, according to the ICO
Android Security Bulletin—January 2017(Android) The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer site. Security patch levels of January 05, 2017 or later address all of these issues. Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level
Smart, safe data sharing will power the new economy(Help Net Security) Companies need to accept tradeoffs to foster “digital trust” with employees if they want to gather the workplace data necessary to realize the full economic and competitive benefits of the Internet of Things (IoT) and the sharing economy, according to a new study by AIG
Cyber-Security Lessons We Learnt from 2016(Read IT Quick) The year 2016 proved to be a bane with respect to cyber-security, with many private and public entities falling victim to major cyber incidents. Even the US Presidential elections were not spared, thus raising the question—Who is safe in an increasingly virtual world? As technology evolves and becomes more connected, it will be easier for hackers to tap into the vulnerabilities. Unfortunately, we learnt it the hard way. Here are some very real lessons in security management from the cyber incidents of 2016
A visual map of emerging cybersecurity trends(Tech Republic) A study by TechRepublic and data firm Affinio reveals the social media communities and influencers talking about IoT, ransomware, bots, and other cybersecurity threats
Cyber Insurance Adoption Soared 50% in 2016(Infosecurity Magazine) Adoption of cybersecurity-related insurance grew 50% in the UK between 2015 and 2016, driven by fears of an online attack and the introduction of upcoming European data laws, a leading underwriter has revealed
Cyberwar for Sale(New York Times) After a maker of surveillance software was hacked, its leaked documents shed light on a shadowy global industry that has turned email theft into a terrifying — and lucrative — political weapon
Better Buy: FireEye Inc vs. Fortinet Inc(Fox Business) With the shift to the cloud in full swing, along with the impact of the Internet of Things (IoT) and the reams of information its "gadgets" collect, the need for security solutions seems obvious. So, why did FireEye Inc(NASDAQ: FEYE) have such a dismal 2016 and Fortinet (NASDAQ: FTNT) merely a so-so year?
Why FireEye Will Have A Strong 2017(Seeking Alpha) FireEye’s revenue growth in 2017 will lead to an upside in the stock price, while a strong market share and a growing end-market will ensure that the momentum continues. FireEye is the leader in the STAP market with a share of 38%, which is great news as the market size will expand to $3 billion in 2019. FireEye’s new cloud-based offerings will allow it to gain more customers as it can differentiate between public, hybrid, and private clouds, thereby serving customer preferences in a better manner. If FireEye keeps its market share intact, its revenue will rise to more than $1.1 billion in 2019, leading to upside of over 60% in the next three years. FireEye has been able to bring down its cost base in an impressive manner by bringing certain functions in-house and reducing the headcount, which has allowed it to reduce costs
Checkmarx Appoints Shmuel Arvatz as Chief Financial Officer(Yahoo! Finance) Checkmarx, a global leader in application security testing, today announced Shmuel Arvatz as the company’s new chief financial officer (CFO). In this role, Mr. Arvatz will report to Checkmarx CEO Emmanuel Benzaquen, and will have global responsibility for leading the company's financial operations, as well as legal and other various operational departments
NJVC Promotes 3 to Leadership Team(Washington Exec) Chantilly, Virginia-based information technology solutions provider NJVC announced Dec. 19 the promotion of three to its leadership team: Patrick O’Neil as senior vice president of operations; Dr. Susan Hall as chief technology officer; and Robert Jeffrey “Jeff” Bongianino as VP of business development
NSA’s top cyber-defender leaves after reorganization(CyberScoop) Curtis Dukes, the NSA official who headed up its cyber-defenders, the famed Information Assurance Directorate, has left the agency — a few months after IAD was merged with the offensive, eavesdropping side of the house, the Signals Intelligence Directorate
Bromium Wins 2016 Government Security News Homeland Security Awards(Yahoo! Finance) Bromium®, Inc., the pioneer and leader in virtualization-based enterprise security that stops advanced malware attacks, today announced it has received two Government Security News Homeland Security Awards. The awards were announced on December 19, and cover a myriad of security solutions from vendors around the world. Bromium competed in two categories where it has a solid track record of providing outstanding security for its many federal government customers
Products, Services, and Solutions
Oxygen Forensic® Detective extracts current and deleted SIM card data(Oxygen Forensics) Oxygen Forensics releases a major update to its flagship forensic software, Oxygen Forensic® Detective v.9.1.1. With this version you can extract actual and deleted contacts, calls, messages and other available data from SIM cards via card reader. The updated Oxygen Forensic®® Detective now displays the detailed Wi-Fi history of Google Mobile Services from Android devices\
Army upgrading command and control, fires support(C4ISRNET) The Army announced this week it has awarded Leidos a contract for the next iteration of its Advanced Field Artillery Tactical Data System (AFATDS), a command and control software system used to coordinate fires
It's a Big "Where" in "Everywhere"(SC Magazine) At Centrify we're big believers in multifactor authentication (MFA) and we're strong supporters of “MFA Everywhere.” Passwords don't protect us, our data or our businesses – and we need something better
Emsisoft releases a decryptor for version 3 of the Globe Ransomware(Bleeping Computer) Once again, Fabian Wosar of Emsisoft has come to the rescue and released a decrypter for version 3 of the Globe Ransomware. This decryptor will decrypt the Globe Ransomware variants that commonly append the .decrypt2017 and .hnumkhotep extensions to encrypted files. This ransomware will also display a ransom note similar to the one below
IoT Trust Framework: The foundation for future IoT certification programs(Help Net Security) The Online Trust Alliance (OTA) released its updated IoT Trust Framework. Serving as a product development and risk assessment guide for developers, purchasers and retailers of Internet of things (IoT) devices, the Framework is the foundation for future IoT certification programs
Wi-Fi risks: Delivering a secure hotspot(Help Net Security) The fact that Wi-Fi stands for Wireless Fidelity hints at how long Wi-Fi has been around, but it was only in 1999 that the Wi-Fi Alliance formed as a trade association to hold the Wi-Fi trademark, under which most products are sold. Today, Wi-Fi is on the top of the list of must-haves for businesses of all types and sizes. People will simply vote with their feet if good and, usually free, Wi-Fi is not available
Warning not to spend IT security cash on the wrong things(Naked Security) Organisations are spending just 5% of their IT budget on security, according to a survey from Gartner. And before readers consider benchmarking their spend against others in their field, that’s not going to work, the company says
The FTC’s Internet of Things (IoT) Challenge(KrebsOnSecurity) One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC)
Cyber Beyond Third Offset: A Call for Warfighter-led Innovation(War on the Rocks) As the Obama administration comes to an end, so does the innovation-focused tenure of Ashton Carter as secretary of defense. Under his leadership and the guiding precepts of the third offset, the Department of Defense initiated a series of Silicon Valley-inspired innovations. From chief innovation officers to the Strategic Capabilities Office and Defense Innovation Unit-Experimental, Carter’s Pentagon has focused on institutionalizing innovation. Unfortunately and as many other commentators have noted, this focus on top-down innovation may have unwittingly created innovation architectures that bypass the warfighter. As a result, critics question whether warfighter-led innovation can thrive in the third offset
Ford’s going to put Alexa in cars starting later this year(TechCrunch) A lot of car makers are building Alexa skills for their vehicles, but these tend to be about making it possible for car owners to do things like turn on their cars from inside their homes via their Echo devices. Ford and Amazon are building an Alexa integration that goes the other way, providing car-to-home voice control with Alexa embedded in Ford’s SYNC 3 infotainment system
Designer launches fabric to bamboozle facial recognition(Naked Security) Adam Harvey, the facial-recognition thwarting artist/technologist who brought us neon-blue hair hanging in our eyes and graphic black smears of makeup, admits that it can be, shall we say, aesthetically challenging to conceal a face
Cyber-Attacks May Threaten Global Democracy(Jakarta Globe) Russia's alleged cyber-attack on the United States Democratic National Committee has shocked the world. US intelligence services believe Russia launched the attack to influence the outcome of the recent presidential election. In fact, both the Central Intelligence Agency and the Federal Bureau of Investigation have explicitly accused the former Cold War foe of having helped Donald Trump win the election
Opinion: The hackers are winning(Christian Science Monitor Passcode) Unless Washington stops politicizing the response to the US election hack and focuses on improving the nation's digital security, the country remains vulnerable to devastating cyberattacks
Who hacked? Trump challenges intel agencies he'll oversee(AP via Military Times) President-elect Donald Trump escalated his blunt public challenge to the U.S. intelligence agencies he will soon oversee on Wednesday, appearing to embrace WikiLeaks founder Julian Assange's contention that Russia did not provide his group with the hacked Democratic emails that roiled the 2016 election
Trump’s criticism of intelligence on Russia is dividing Hill GOP(Washington Post) President-elect Donald Trump’s broadside against the intelligence community is dividing Capitol Hill Republicans, with some ready to pounce on Trump’s skepticism that Russia interfered with the U.S. elections and others urging a more cautious approach
Army stands up defensive cyber ops program office(C4ISRNET) The Army is continuing to signal its seriousness about integrating cyberspace from an organizational and operational construct. The latest iteration includes a recently stood up program office focused on managing acquisition of defensive cyber operations (DCO)
Report: FBI had private company examine DNC's hacked servers(Washington Examiner) The FBI did not look over the Democratic National Committee's servers before issuing a report that Russia had hacked the organization, according to a report published Wednesday evening. Other than the FBI, no federal agency has conducted an investigation into the DNC's email server since the incident was uncovered six months ago
A Timeline of Trump’s Strange, Contradictory Statements on Russian Hacking(Wired) Since the cybersecurity community last summer pointed to the Russian government as the culprit behind the hack of the Democratic National Committee, reasonable people have disagreed with that finding. Even after US intelligence agencies came to the same conclusion with “high confidence,” skeptics have called on those agencies to reveal more of the evidence that linked that political attack to the Kremlin
Nigerians Declare War on Cryptocurrency Scam(CoinTelegraph) Cryptography Development Initiative in Nigeria (CDIN) has created a platform called the “Nigeria Blockchain Alliance” (NBA) which brings together law enforcement agents, legal practitioners, forensic investigators and government agencies among others to collaborate in the fight against cryptocurrency related crimes within the country
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
NYS Cyber Security Conference(Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's...
CES® CyberSecurity Forum(Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
S4X17 ICS Security Conference(Miami Beach, Florida, USA, January 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification,...
Suits and Spooks DC 2017(Arlington, Virginia, USA, January 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.