The CyberWire Daily Briefing for 11.7.2012
A new piece of backdoor distributed-denial-of-service malware is found accompanying Gh0stRAT into infected machines. The US Postal Service, Vodaphone, and Panda Security are spoofed in phishing attacks. SearchSecurity offers an update on malware that evades detection by hiding behind innocent OS routines, like mouse actions. A new Trojan appears to be trolling for embarrassing photos, but may actually be a state-espionage tool.
Email, we are reminded, remains a security and privacy problem. Stuxnet is now seen as a turning point in SCADA security, as users of industrial-control systems aggressively seek out and fix exploitable software flaws. The cyber war (as most observers call it) between Iran and the US quietly escalates.
Google patches Chrome and adds malware detection to Jellybean. Adobe issues critical patches for Flash.
The Motley Fool thinks SourceFire is a small-cap darling because of its strong third quarter and pervasive news of cyber insecurity. Symantec honors twelve cyber security stars.
Narrowing user privileges remains a good idea, as the recently disclosed attack on Coca Cola suggests. This attack's delayed disclosure prompts analysts to wonder whether Coca Cola has exposed itself to a shareholder lawsuit, and observers question the adequacy of disclosure practices in industry generally. The Messaging, Malware and Mobile Anti-Abuse Working Group recommends sidestepping DKIM vulnerabilities by moving to verification keys with 1024-bit or higher encryption.
Barclays Bank wants to become the Apple of financial services, and establishes an IT skunk works to help it do so. Sandia Labs concludes CRADAs with GE and Northrop Grumman.
Notes.
Today's issue includes events affecting European Union, Germany, India, Iran, Israel, Spain, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
New Backdoor DDoS Malware Co-Existing on Gh0stRAT-Infected Machines (Threatpost) Gh0st RAT has a new roommate. A new backdoor called ADDNEW has been discovered on machines infected with the Gh0st remote access Trojan, adding new distributed denial of service attack capabilities, as well as a feature that targets passwords and credentials stored on the Firefox browser.
'USPS delivery problem' spam leads to malware (Help Net Security) If you are a regular user of the United States Postal Service, beware of fake emails seemingly coming from the company, telling you that they have failed to deliver one of your packages on time
Vodafone customers targeted with malware disguised as MMS (Help Net Security) If you are a Vodafone customer, be wary of emails seemingly sent by the service notifying you of a picture message you have allegedly received
New version of Panda Cloud Antivirus…Oh wait! (Melodika.net) PandaLabs, Panda Security's antimalware laboratory, has reported on A new Trojan has been discovered –DarkAngle– that steals users' confirmation information
Remote access Trojan evades detection using mouse functions (SearchSecurity) Malware developers are continuing to deploy clever agents that are designed to avoid automated detection by hiding behind operating system routines, but the same mechanisms these types of malware employ to stay stealthy could have been used to flag the code as malicious all along. Researchers at Symantec recently identified a remote access Trojan (RAT) that is capable of evading detection by hiding behind routines that are used to communicate with external devices such as a mouse, evading detection because the code remains inactive when the mouse is not in use
Trojan horse designed to steal your photos (Naked Security) A new Trojan is on the scene designed to steal your images and memory dumps. Are the thieves digging for dirt or stealing state secrets
Email: the forgotten security problem (Naked Security) When you read a message in your inbox, should you trust that the information hasn't been tampered with or that it even comes from who it claims
The spy in your inbox (Ars Technica) One PR company--and its tracking program--creep out an Ars writer. Everything on the Internet is monitored in some way. Companies track what you do at work through deep packet inspection to make sure you don't wander into territory forbidden by company policy, or dump corporate data to a remote server just before you give notice. The Web pages you visit and the HTML-based mass e-mails you open are logged and tracked by advertisers and marketers. And your boss can tell if you've ever opened that urgent message or not
SCADA Security In A Post-Stuxnet World (Dark Reading) New data points illustrate just what a turning point Stuxnet truly was in SCADA security: Twenty times more software flaws have been discovered in industrial-control systems (ICS)/SCADA systems since the 2010 discovery of Stuxnet, and the vendor whose PLC system was its ultimate target has patched 92 percent of reported vulnerabilities in its products over the past seven years
Android device owners face rapid growth in virus attacks (ComputerActive) People with devices using the Gingerbread and Ice Cream Sandwich versions of Google's Android operating systems are popular targets for cyber criminals according to Kaspersky
Cyber criminals ready to pry open Windows 8 (Hindu Business Line) Amit Nath, Country Manager - India and SAARC of Trend Micro, has said it is typical for cyber criminals to piggyback on the highly-anticipated release of any latest technology to take their malware, spam and malicious apps to new heights
Hackers Hit Symantec, ImageShack, But Not PayPal (InformationWeek) Despite threats, Anonymous did not take down Facebook or Zynga on Monday. But other hackers detailed their own exploits, releasing employee credentials and source code
Cyber Terrorism Is Iran's Real Threat to US (MoneyNews) While politicians debate the Iranian nuclear threat, the larger issue posed by the outcast nation isn't nuclear, but cyber. Numerous published reports claim Iran was behind a string of cyber attacks against U.S. bank websites and other companies
From Sudan to cyber, secret war with Iran heats up (Reuters) From a suspected Israeli airstrike in Sudan to cyber warfare in the Gulf and a drone shot down over Israel, the largely hidden war between Iran and its foes seems heating up and spreading. Despite months of speculation, most experts and governments believe the risk of a direct Israeli strike on Tehran's nuclear program stirring regional conflict has eased, at least for now. But all sides, it seems, are finding other ways to fight
Security Patches, Mitigations, and Software Updates
Google Patches 14 Flaws in Chrome 23 (Threatpost) Google has released Chrome 23, the latest version of its browser, which includes fixes for 12 vulnerabilities in the Windows version and two other flaws that are specific only to Mac OS X. The company also handed out $9,000 in rewards to security researchers who reported the vulnerabilities
Google Adds Malware Scanner to Jelly Bean 4.2 (Threatpost) Google has been taking some steps to address the problem of malware on the Android platform in recent months, introducing the Bouncer antimalware system and some better anti-exploit technologies in Jelly Bean, the most recent version of the operating system. Now, the company is implementing some additional security features designed to protect users from malicious apps and malware that tries to send premium-rate SMS messages
Adobe Patches Critical Memory Vulnerabilities in Flash Player, AIR (Threatpost) Adobe has repaired a number of critical vulnerabilities in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software
Cyber Trends
Resistance is futile: CISOs talk about embracing change (CSO) The younger IT workforce is bringing major change to organizations -- whether those organizations like it or not
IT security workers must support business needs, says Ernst and Young (Computer Weekly) IT security professionals need to transform the profession if they are to persuade business they are doing a good job, according to Mark Brown, director of information security at Ernst & Young. Most organisations think information security professionals are not fulfilling the needs of business, Mark Brown told attendees of the Govnet Cyber Security Summit 2012 in London. The shortcomings of IT security professionals in supporting business needs was revealed in Ernst & Young's latest Global Information Security Survey 2012
IDC: Asia prepping for big data acceleration (Fierce Big Data) Over the next two to three years, vendors will jockey for position and try to define the big data landscape. At the end, the big data market in the Asia-Pacific region will begin to accelerate
Marketplace
Magal Expands its Activity Into Cyber Security (Sacramento Bee) Magal Security Systems Ltd. (NASDAQ GMS: MAGS) today announced that it has expanded its business proposition and will start delivering cyber protection solutions to its existing and new customers
Why Sourcefire Shares Surged (Motley Fool) What: Shares of cyber security software specialist Sourcefire (Nasdaq: FIRE ) popped 12% today, after its quarterly results and guidance topped Wall Street
Symantec Honors 2012 Cyber Award Winners (4-Traders) Symantec Corp. (Nasdaq: SYMC) today announced the 2012 Cyber Award winners, which recognize leaders who exemplify government cyber security excellence through their contributions to programs that protect national and global data and systems. The awards also recognize thought leaders who have developed and operationalized innovative strategies or programs to address government cybersecurity challenges
Q&A with Cloudera's Kirk Dunn and Charles Zedlewski (Fierce Big Data) Cloudera had a big presence at the recent Strata Conference/Hadoop World in New York the week before Hurricane Sandy hit. The company made a big splash with its CDH4 release and the addition of a real-time query engine for Hadoop. Executives Kirk Dunn, COO, and Charles Zedlewski, vice president of products, sat down with FierceBigData editor Tim McElligott at the show to talk more generally about the big data space and the role of Hadoop
Products, Services, and Solutions
Radware introduces new attack mitigation solution (Help Net Security) Radware introduced DefensePro x420, the next-generation hardware platform in the DefensePro application security suite. With the ability to handle 25 million packets per second of attack
Mac OS X and iOS Internals (Help Net Security) Powering Macs, iPhones, iPads and more, OS X and iOS are becoming ubiquitous. When it comes to documentation, however, much of them are shrouded in mystery. Cocoa and Carbon, the application
ASUS unveils RT-N12HP wireless router (Help Net Security) To serve home and office users who need wider wireless coverage, the ASUS RT-N12HP high-power wireless-N300 router employs detachable 9dBi antennas and a unique hardware signal power amplifier
Lock your Mac with QuickLock (Help Net Security) QuickLock is a customizable way to lock your Mac. Unlike OSX's hot corners, QuickLock works with a simple keyboard shortcut or menubar click, and never gets in the way of your workflow
GateWall Mail Security (Help Net Security) Entensys partnered with two popular vendors - Kaspersky Lab and Panda Security - and incorporated their technology into its product
Panda Security Launches Renewal Fee Program (Channelnomics) That's part of the reason that cloud security firm Panda Security SL introduced the Renewal Fee Program, a channel strategy that aims to entice partners by
End Of An Era: Windows Live Messenger To Be Retired, Users Transitioned To Skype (TechCrunch) Confirming earlier reports, Microsoft officially announced today it would be retiring its Windows Live Messenger instant messaging service in favor of Skype. In a post on the Skype blog, Tony Bates, Microsoft President, Skype Division, explained that Windows Live Messenger would be retired for all users in the first quarter of 2013, with the only exception being mainland China
Peak 10's HIPAA-ready Cloud Service Safeguards Electronic Public Health Information (Business Wire) National IT infrastructure and cloud solutions provider Peak 10 Inc. has enhanced its HIPAA-ready Cloud to assist businesses in meeting the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. The Peak 10 HIPAA-ready Cloud provides the technology infrastructure to manage HITECH- and HIPAA-compliant applications and data storage in a secure cloud environment, ensuring maximum data protection that safeguards the transmission of confidential electronic personal health information (ePHI) against cyber assaults and threats
Windows 8 Security Improvements Carry Caveats (InformationWeek) Many new Windows 8 security features were previously available standalone, or require businesses to buy in to Microsoft's server and cloud vision
LinkedIn: How To Take Advantage of Recent Changes (InformationWeek) LinkedIn understands the value of a business conversation. Consider these tips to make sure you're part of it
MobileIron Brings VPN-Like Tunnels To Mobile Security (InformationWeek) AppConnect and AppTunnel aim to help IT secure business apps while keeping them separate from personal content in a BYOD environment
iPad Mini: Hands-On First Impressions (InformationWeek) Apple's newest tablet boasts superior construction and easy portability, but you will find definite trade-offs with the iPad Mini.
A closer look at the Apple Fusion Drive (Fierce CIO: TechWatch) Apple's (NASDAQ: AAPL) new Fusion Drive was unveiled just a couple of weeks back. While it sounds similar to the hybrid hard drive, like the Momentus XT hybrid drive, it really consists of a separate solid-state drive and hard disk drive that are merged into a single volume at the operating system level
Microsoft Surface comes with far less memory than advertised (Fierce CIO: TechWatch) Getting a Microsoft Surface tablet for the holidays? Well, don't be surprised if you see substantially less available storage capacity than you expected. According to a new Surface disk space FAQ from Microsoft (NASDAQ: MSFT), the reason is primarily due to 5GB being reserved for Windows recovery tools, and another 8GB used up by Windows RT, Office and a number of built-in apps
Intel introduces new DC S3700 SSD for data centers (Fierce CIO: TechWatch) Intel (NASDAQ: INTC) has taken the wraps off its latest SSD DC S3700 solid-state drive, which offers improved performance and power efficiency over the Intel SSD 710 series that was unveiled in September last year. Like the SSD 710 series, the DC S3700 uses MLC NAND, and also incorporates Intel high endurance technology that the company says provides 10 full drive rewrites each day over a projected five year period
Technologies, Techniques, and Standards
Build Roadblock For Attacks Through Rule Of Least Privilege (Dark Reading) Attack against Coke shows once again why organizations need to better control their privileged accounts
M3AAWG Recommends New DKIM Best Practices (Threatpost) The Messaging, Malware and Mobile Anti-Abuse Working Group on Tuesday recommended businesses replace 512- and 718-bit verification keys with 1024-bit or higher encryption to counter a current vulnerability that allows the shorter keys to be cracked within 72 hours using cheap cloud-based services
Help eliminate unquoted path vulnerabilities (Internet Storm Center) Metasploit's "Service Trusted Path Privilege Escalation" exploit takes advantage of unquoted service paths vulnerability outline in CVE-2005-1185, CVE=2005-2938 and CVE-2000-1128. The vulnerability takes advantage of the way Windows parses directory paths to execute code
Avoiding Evil: Securing Mobile Devices (GovInfoSecurity.com) Cloud and mobility continue to change the landscape for security professionals concerned with data loss and the growing number of endpoints holding sensitive information, says Dan Hubbard of the Cloud Security Alliance. "A lot of security tenets today
M2M In The Enterprise: Still 'The First Inning' (InformationWeek) Enterprises are interested in machine-to-machine data with CRM/ERP systems, but not yet ready to implement, survey says
OpenStack Fights Cloud Lock-In Worries (InformationWeek) Jonathan Bryce, new OpenStack Foundation executive director, explains how the cloud project takes a democratic approach to win support for its open source work
Design and Innovation
IT skunkworks powers Barclays innovation drive (Computer Weekly) Does banking have the allure of a new Apple product? Barclays Bank thinks it does. Barclays is attempting to redefine banking as it tries to mimic the success of companies like Apple, Amazon and Google
Research and Development
Sandia Labs Sign R and D Agreements with GE and Northrop Grumman (Lab Manager Laboratory News) The new Information Systems CRADA covers a wide range of potential research designed to enhance defense systems technologies through collaborative R&D in engineering sciences, modeling and simulation, intelligence systems and infrastructure and
Academia
Distance Learning University, The Open University, Repackages Course Materials For The App Generation (TechCrunch) U.K.-based distance learning university, the Open University, is developing a series of apps to deliver undergraduate course materials to students' smartphones and tablet devices, starting from next year. The OUAnywhere app will allow undergraduates to access their main course materials through their handheld devices, along with the audio and visual content the OU produces to support studies
Crypto 101: free Stanford course online (Boing Boing) Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of
Legislation, Policy, and Regulation
Obama Wins The Election! Here's His Technology Agenda (TechCrunch) Barack Obama has won the election! What does this mean to the future of innovation and the technology industry? Based on Obama's record and statements released during the campaign, here's what technologists can look forward to
Commentary: Sen. Tom Coburn on Fusion Center Follies (DefenseNews) After a two-year Senate investigation identified problems with nearly every aspect of the Department of Homeland Security's involvement with these centers -- including irrelevant, untimely or useless intelligence reporting to DHS, among other
Final touches to cyber security infrastructure in the works (India Times) The government is giving final touches to an elaborate cyber security infrastructure wherein the proposed overarching body, National Cyber Security Coordinator (NSCS), will act as the main edifice for securing cyber systems, supported by four pillars the National Technical Research Organisation (NTRO) along with constituent National Critical Information and Infrastructure Protection Centre (NCIIPC), the Computer Emergency Response Team (CERT-In) and the ministry of defence (MoD). While the CERT-In, located within the department of information technology, will take charge of assessing cyber threats and protecting systems in public as well as private sector, especially in crucial areas like civil aviation, power and oil refineries, the NTRO, along with NCIIPC, will devise strategies and technical solutions to protect critical infrastructure like atomic and space stations, intelligence/police systems and nuclear facilities. The MoD will be handling cyber security of defence systems at Army, Air Force and Navy installations, possibly through the defence intelligence agency (DIA) and the DRDO
GCHQ launches Cyber Incident Response disaster management service (V3) GCHQ has launched a new Cyber Incident Response initiative ... BAE Systems Detica, Cassidian, Context IS and Mandiant have been
In UK government, secrecy undermines big data plans (Fierce Big Data) The chair of the Public Accounts Committee, Margaret Hodge, has pulled the UK government's transparency agenda into question by criticizing its unwillingness to publish data about struggling IT projects--saying it undermines its plans for taking advantage of big data
Security experts question EC's cyber attack disclosure plans (V3) The European Commission's (EC) proposals that companies be forced to reveal information on security attacks will cause more harm than good and cause ill-advised knee-jerk reactions to attacks, according to leading security vendors. EC vice president for the digital agenda, Neelie Kroes, revealed that the body is considering forcing private sector firms hit by attacks to report the incidents, during a speech on Sunday
Litigation, Investigation, and Law Enforcement
Coca-Cola Disrespects Its Investors By Not Telling Them About Massive 2009 Computer Breach (IEEE Spectrum) I wonder whether there are grounds for a shareholder lawsuit against Coca-Cola, the largest soft-drink maker in the world, for not informing its shareholders about a massive penetration of its IT systems back in early 2009 that may have scuppered its $2.4-billion bid for China Huiyuan Juice Group (1886)
Coke Cyber-Attack Raises Corporate Disclosure Issues (brandchannel.com) Undeterred by Coca-Cola's privacy policy, the company's corporate website was attacked by Chinese hackers in March 2009 -- but nobody
Megaupload Case Has Far-Reaching Implications for Cloud-Data Ownership Rights (Wired Threat Level) There's more at stake in the Megaupload case than the freedom of Kim Dotcom and his file-sharing associates indicted on criminal copyright infringement and other charges. The privacy and property rights of its users are also in jeopardy
Apple ordered to pay $368.2M for patent infringement in FaceTime (Ars Technica) iPhones, iPads, and Macs infringe VPN patents held by VirnetX, jury rules
Man arrested over cyber attack on Theresa May's website (Telegraph) Man arrested over cyber attack on Theresa May's website. A 41-year-old man has been arrested on suspicion of involvement in a cyber attack on the Home Secretary's website.
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
TechExpo Cyber Security Careers (Columbia, Maryland, Nov 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack (New York, New York, Nov 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights (Moscow, Russia, Nov 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense tools. Another purpose is to create a communication venue for skilled professionals in the field of information security.
Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.
CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.