Some of everyone's favorite hackers, hacktivists, agents, crooks, or sockpuppets (take your pick—for some reason it's still controversial) return to the cyberstage as the week comes to a close.
The ShadowBrokers, they of the Heckawi-accented, scriptwriter's broken English, take a bow and exit, not, we think, pursued by a bear (the bears have other pursuits, right Fancy?) but because they see much risk and few Bitcoins, sez they. In any case they release a bunch of alleged Equation Group weapons and say, in effect, do svidaniya, we're outta here. Wealthy Elite will miss them.
The other bow, this one an entrance, is from Guccifer 2.0, who says "I have totally no relation to the Russian government." So that settles that, eh?
Cellebrite, the mobile forensics firm that established a reputation as law enforcement's go-to shop for unlocking smartphones, confirms that it's suffered a data breach. Motherboard says the lost data include databases, customer information, and technical notes on the company's offerings.
WhatsApp suffers from a vulnerability widely but probably inaccurately characterized as a "backdoor."
More news and speculation about the Italian brother and sister accused of spying on Italian bigwigs for years with EyePyramid malware. Motives remain unclear, but may have involved insider speculation.
WordPress patches eight security issues. Google moves to key transparency and is widely applauded for it by crypto experts.
ENISA offers a report on best practices for securing connected cars.
The outgoing Obama Administration loosens restrictions on NSA's sharing of raw data with other agencies.
Today's issue includes events affecting Australia, Belgium, China, India, Democratic Peoples Republic of Korea, Luxembourg, Netherlands, Nigeria, Russia, Singapore, United Arab Emirates, United Kingdom, United States.
A note to our readers: This Monday, January 16th, is Martin Luther King Jr. Day in the US, and we'll be observing it by, among other things, taking a day off from publication. We'll be back as usual on Tuesday, January 17th.
Note that our podcast will also take Monday off in observance of Martin Luther King, Jr. Day.
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Cyber Security Lunch & Learn(Norfolk, VA, USA, February 2, 2017) Learn how to build a better security incident response program in 2017 from a SANS instructor and enterprise CISO! Earn CPE Credits.
Hacker Steals 900 GB of Cellebrite Data(Motherboard) The hackers have been hacked. Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products
Kraken Group Puts MongoDB Hijacking Script Up for Sale(Bleeping Computer) Almost nine days after attacks on MongoDB servers have ramped up, the number of ransacked databases has reached 32,380 hosts, and the number of groups involved in these attacks has grown to 21, after initially just one group had been involved
Brother and sister arrested for spying on Italian politicians for years(Help Net Security) Two Italian siblings have been arrested on Monday and stand accused of having spied on Italian politicians, state institutions and law enforcement agencies, businesses and businesspeople, law firms, leaders of Italian masonic lodges, and Vatican officials for years
Operation EyePyramid: Two Siblings Spied on Italy's Elite(Bleeping Computer) Italian authorities have arrested and charged two siblings for carrying out a cyber-espionage campaign against Italy's elite, with targets that varied from famous businessmen to high-ranking politicians, including Matteo Renzi, former Italian prime minister
Post-Holiday Cybercrime Still a Threat(Credit Union Times) Cybercriminals have not finished collecting their holiday gifts. That warning from Kaspersky Lab follows a 23% increase jump over the previous year in malware encounters by users
Experts predict more 'bad surprises' from digital hostage-takers(EnergyWire) While Americans fret about Russian hackers exposing private information, seeking to sway elections or even switching off the lights on the electric grid, Marcelo Branquinho warns of a much simpler cyberthreat that may be worming into critical computer systems
The gift that keeps giving away your data(Help Net Security) If you unwrapped a shiny, new connected device this holiday season, it’s likely that you’re in the honeymoon stage, reaping many benefits from your new device. However, this story about a smart toy that is popping up on a variety of news sources makes you think twice about what happens after the initial “oohs” and “ahhs” subside
Security Patches, Mitigations, and Software Updates
Wordpress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities(Threatpost) WordPress developers are encouraging users of the content management system to apply a new update, pushed this week, to resolve eight security issues, including a handful of cross-site scripting (XSS) and cross-site request forgery (CSRF) bugs
FDA urges patients to implement patch to secure their cardiac implants(Help Net Security) Patients who have been implanted with pacemakers and defibrillators manufactured by US-based St. Jude Medical are urged to make sure that their Merlin@home Transmitter unit is plugged in and connected to the Merlin.net network, so that it can receive a critical security patch
Key Transparency(Google (on Github)) Key Transparency provides a lookup service for generic records and a public, tamper-proof audit log of all record changes. While being publicly auditable, individual records are only revealed in response to queries for specific IDs
Flashpoint Releases Inaugural Bus Risk Intel (BRI) Decision Report(American Security Today) Cybercriminals, jihadists, nation-state cyber actors, hacktivists, and cyber attention-seekers received widespread global attention throughout 2016, laying the foundation for what is already shaping up to be an eventful and challenging 2017
Das Jahr der digitalen Erpressung(MaschinenMarkt) Schon im letzten Jahr beherrschten Cyberattacken die Schlagzeilen, darunter die sogenannte Ransomware oder auch die heiß diskutierten Hackerangriffe im US-Wahlkampf. Auch der Angriff auf Telekom-Router Ende des Jahres lässt für 2017 nichts Gutes erahnen – tatsächlich geben Experten für 2017 keine Entwarnung
TopSpin Security Reports Banner Year with Record Sales(Top Tech News) TopSpin Security Reports Banner Year with Record Sales, Large Customer Wins and Expanding High-Profile Ecosystem in 2016 -- Sales Increased by 400 Percent as More Organizations and Service Providers Select Intelligent Deception and Detection for Improving Information Security
Former U.S. Army General and Cyber Commander Joins Thycotic For Cybersecurity Counsel(Yahoo! Finance) Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, has appointed former United States Army Lieutenant General Rhett Hernandez as a strategic advisor for the public sector surrounding cybersecurity. Hernandez culminated a 39 year career as the first commander for the United States Army Cyber Command, which is the Army's U.S. Cyber Command service component
FreedomPay Expands Secure Commerce Platform with Microsoft Dynamics 365 Integration(Yahoo! Finance) FreedomPay today announced the integration of Microsoft Dynamics 365 with its PCI-validated commerce platform. The Dynamics 365 integration marks a significant milestone in a multi-year strategy to deploy an industry leading commerce platform that delivers world-class security, seamless connectivity to the point-of-sale and real-time data availability with the global scale and accessibility of the Azure cloud platform
Palo Alto Networks Releases Cybersecurity Guide(Investopedia) The cybersecurity company Palo Alto Networks Inc. (PANW) today announced the publication of a new guide for organizations in Singapore. It’s called “Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers"
F-Secure 2017(Tom's Guide) F-Secure's four paid antivirus products provide very good protection from the worst of the web, along with a small assortment of enhancements and extras. For the most part, the company's offerings also cost a bit less than competing products from other brands
Symantec Announces Xolphin as the First Encryption Everywhere Partner for Benelux and First Registration Authority in Europe(Yahoo! Finance) Symantec Corp., the world’s leading cyber security company, today announced that Xolphin, a Dutch market leader in reselling SSL Certificates, has signed on as a Symantec Encryption Everywhere partner in Europe, and is the first company to bring the program to the Benelux region. In March of 2016, Symantec announced its intent to help secure every legitimate website and web application. Symantec’s Encryption Everywhere program gives web hosting providers a single platform to deliver one of the most comprehensive security portfolios to their customers
New infosec products of the week: January 13, 2017(Help Net Security) Denim Group enhances ThreadFix platform... Trend Micro TippingPoint launches 100 Gb standalone NGIPS... DataGravity for Virtualization protects data in the virtualized environments of SMEs... Thales delivers on-premises and SaaS Bring Your Own Key (BYOK) offering for Salesforce... IRONSCALES updates its automatic phishing mitigation solution... AppSense DesktopNow update supports Windows Server 2016 with Citrix XenApp... BlackMesh unveils government cloud solution platform... AVG launches security and tune-up products
Technologies, Techniques, and Standards
Ransomware is getting worse. Here’s how to stop it(IT Brief Australia) Ransomware is today’s most visible and most-talked-about cybersecurity threat. Afflicting consumers and enterprises alike, ransomware has attacked laptops, desktops and servers by encrypting data and destroying backups. These attacks have cost millions of dollars is ransom – that is, untraceable payments to hackers in the hope that they will send a decryption key and allow data to be recovered. Sometimes victims pay the ransom and don’t receive the decryption key, or find that the key doesn’t work, or even find another demand for even more money
How to Explain the Meteoric Rise of Threat Intelligence(Recorded Future) In the past, cyber security has been a largely reactive discipline. Now, threat intelligence enables companies to get ahead of their attackers, and avoid costly breaches. According to the latest research, over two thirds of organization have either implemented or plan to implement a threat intelligence solution. There are three primary ways in which using threat intelligence can enhance your security profile: Increasing speed and reliability of threat detection and prevention, tightening security controls, and facilitating decision making. The future of threat intelligence is likely to involve two primary elements: intelligence sharing and machine learning (or other AI breakthroughs)
Who's Attacking Me?(SANS Internet Storm Center) I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. "IVRE"  ("DRUNK" in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. It's a network reconnaissance framework that includes
Marie Moe on Medical Device Security(Threatpost) Marie Moe, a research scientist at SINTEF of Norway, talks to Mike Mimoso about her personal and emotional connection to medical device security given that she has a pacemaker implanted in her that regulates her heart
Securing the Connected Car(Infosecurity Magazine) Often dubbed a “data center on wheels,” the connected car is one of the fastest-growing markets in the ecosystem that makes up the Internet of Things (IoT). The convergence of IoT and in-vehicle technologies, like remote diagnostics, on-board GPS, collision avoidance systems and 4G LTE Wi-Fi Hotspots, has paved the road for new and exciting opportunities in this industry
E.O. 12333 Raw SIGINT Availability Procedures(IC on the Record) On January 3, 2017, the Director of National Intelligence, in coordination with the Secretary of Defense, issued the “Procedures for the Availability or Dissemination of Raw Signals Intelligence Information by the National Security Agency under Section 2.3 of Executive Order 12333” (the “Raw SIGINT Availability Procedures”). The procedures were approved by the Attorney General on January 3, 2017
A lot more people will now have access to the NSA’s raw surveillance data(Verge) The Obama administration has greatly expanded the NSA’s power to share raw intelligence within the US government, as reported by The New York Times. The new rules were signed by the attorney general on January 3rd, putting them into effect less than three weeks before President-elect Donald Trump’s inauguration
N.S.A. Gets More Latitude to Share Intercepted Communications(New York Times) In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections
Just in Time for Trump, the NSA Loosens Its Privacy Rules(Wired) As the privacy and civil liberty community braces for Donald Trump’s impending control of US intelligence agencies like the NSA, critics have called on the Obama administration to rein in those spying powers before a man with a reputation for vindictive grudges takes charge. Now, just in time for President-elect Trump to inherit the most powerful spying machine in the world, Obama’s Justice Department has signed off on new rules to let the NSA share more of its unfiltered intelligence with its fellow agencies—including those with a domestic law enforcement agenda
What Does Rudy Giuliani Actually Know About Cybersecurity?(Motherboard) Rudy Giuliani is going to head a new Cybersecurity Working group for the Donald Trump transition team, a move that has caused many to reflexively wonder: What does the former mayor of New York know about cybersecurity?
Neller: ‘We Need a Fifth-Generation Marine Corps’ (Sea Power) Fighting and winning against emerging peer competitors will require a “fifth-generation Marine Corps” capable of competing in technological domains, as well as the traditional air, sea and land kinetic arenas, the top Marine officer said Jan. 12
Marine Corps May Get a Cyber-Only MOS(Military[.]com) The top officer of the Marine Corps wanted to expand the service's cyber community, and he's looking at ways to make the job more appealing to qualified Marines
Russia ‘also hacked RNC’ – but not Trump’s campaign(Naked Security) As well as the Democratic National Committee (DNC) and emails, Russia also successfully hacked campaigns and emails from the Republican National Committee (RNC) during last year’s presidential election, according to FBI director James Comey, the heads of National Intelligence, the CIA and the NSA
It's the Russians! ...Or is it? Cold War Rhetoric in the Digital Age(Institute for Critical Infrastructure Technology) Malicious actors can easily position their breach to be attributed to Russia. It’s common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators of compromise lead back to Russia
Ex-Spy Who Reportedly Assembled Trump Dossier Appears To Be In Hiding(NPR) In the closing weeks of 2016, an explosive document was floating around in media and security circles. Reporters tried, and failed, to verify the claims it contained — that Donald Trump colluded with Russia, and the Kremlin held lurid blackmail material as leverage over Trump. Reporting on the document, which was first compiled as opposition research, was rare and carefully vague
Biden: Intel officials told us Trump allegations might leak(Military Times) Vice President Joe Biden said Thursday that top intelligence leaders told him and President Barack Obama they felt obligated to inform them about uncorroborated allegations about President-elect Donald Trump out of concern the information would become public and catch them off-guard
The CIA is not to be trusted(The Week) One of the more darkly amusing things to watch in modern politics is the rapid see-sawing of public opinion around questions of partisan advantage. Thus as Vladimir Putin was perceived to be a friend to American conservatives, his favorability rating among Republicans improved by some 56 points nearly overnight
Insurer hit with fine after unencrypted NAS stolen(Naked Security) Royal & Sun Alliance (RSA) has been handed a big fine by the Information Commissioner (ICO) for losing a networked hard drive full of unencrypted customer data in strange circumstances
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SANS Security East 2017(New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...
Cybersecurity of Critical Infrastructure Summit 2017(College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...
ShmooCon 2017(Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
SANS Las Vegas 2017(Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...
BlueHat IL(Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel.
Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017(Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...
Blockchain Protocol and Security Engineering(Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.